from Moore's Lore by Dana Blankenhorn
February 21, 2005
Law of the Horse

As the legislative season swings into high gear, spyware is high on the agenda.

Some 14 states are looking at bills specifically aimed at spyware. Utah is on its second go-round, having had an earlier bill tossed by the courts.

But speakers at the VJOLT Symposium last weekend agreed that spyware bills are wrong. Instead of going after the means by which privacy is stolen, strengthen the privacy laws so they cover what bad spyware does.

In stating this they all referenced a seminal 1996 talk by Frank Easterbrook of the University of Chicago (right), titled "Cyberspace and the Law of the Horse."

In it he argued against any specific laws for cyberspace, saying standards of "meat space" law should be sufficient to deal with problems that look unique.

The techniques of spyware cover a wide range of programs, from harmless ad-supported programs like the free version of Eudora to ActiveX Controls that install additional programs, disable other programs, track data that's non-germane, and resist extraction, said Derek Bambauer, a resident fellow at Harvard's Berkman Center.

"It's easy to move spyware and spam offshore. If we do adopt legislation, we need to do it in a user-centered way, understanding what consent really means," he said. He suggested that ISPs control spyware by default, and that users get smarter, switching away from insecure systems.


Susan Crawford of the Cardozo School of Law emphasized the need to resist legislation. "The law and the rest of us need to support an immune network approach," she said. "We need to block things" rather than passing laws against it.

"Legisliation is going to be ineffective, and may have distasteful consequences. The cure may be worse than the problem," she said. Instead, "Common law may do well alreedy. The FTC has gone after spyware companies for being deceptive and deceiving."


Chris Hoofnagle of the Electronic Privacy Information Center disagreed with Crawford to some extent, saying this is a good time to pass new law -- privacy law.

"Privacy law has stopped some obnoxious behaviors," making illegal some abuses of credit reports, cable companies selling usage data on subscribers, and junk faxes. "Privacy is not just notice and choice. We need to set standards against tracking on the Internet."

While it may have seemed there was great diversity of opinion on this panel, in retrospect I don't think there was.

Legislating against the effects of spyware, or viruses, or other computer nasties on people may prove far more effective than trying to legislate against the software itself.

When you legislate against real world effects, after all, you don't just pass laws against what's being done today, but what might be done tomorrow. The law of the horse, in other words, needs application to the car.