Indiana University, Maurer School of Law
The Legal Status of Spyware
By Daniel B. Garrie, Alan Blakley, & Matthew Armstrong
Identity theft is lucrative; stealing one’s good name is lucrative. What liability deters the people who steal digital information, even if it might be considered worthless? The Federal Trade Commission logged up to 250,000 identity theft complaints in 2004-100,000 more than in 2002. By and large, the law has been silent; and companies, some legitimate and some not, continue to collect, store, and process consumer information.
The law provides those whose private information is being misused little recourse and provides little protection for those legitimately mining information. Even though large-scale breaches grab the headlines, many victims of identity theft frequently cause the offending disclosure by unwittingly downloading software from the World Wide Web (“Web”) or responding to email “phishing” and other online and offline scams. Although courts find a right to privacy in the United States Constitution, that right generally only protects citizens from invasions by the government, not by corporate America. Today, federal law enables spyware, adware, and phishing businesses to mine consumer data with impunity. This Article demonstrates that although some laws are ineffective, others provide consumers with some minimal relief. In addition, the Article proposes an innovative solution. It also discusses the implications of the “evil-ution” of software developers in the context of the law, analyzing the evolution of the software developer, the impact of the rapidly increasing skill of the developers, and the disastrous outcomes that may occur if governments fail to act.
To read the full article, go to Indiana University.