Spyware and closely related phenomena - PTS-ER:2005:15
08/04/2005
In pace with society continuing to develop into an information society, where large sections of both business and government are to varying degrees dependent upon computers and communications networks, an increasing dependence arises on these computers and networks operating and being secure. For many years viruses and other harmful codes have constituted a much noted threat to such functions. However, there are also programs and technical systems that in ways other than by pure destruction may constitute a threat to both the functionality of the communications networks and the trust and confidence which users have in their use. This report is aimed at a group of such programs, that in various ways may constitute a threat in the form of functions that violate privacy, everything from more harmless storage of menu choices in cookie files to actual kidnapping of entire networks of computers. The programs and their functions can in individual cases entail serious violations of privacy for the individual user but may also in a broader perspective constitute a threat to public confidence and preparedness to utilise electronic communications services. A further problem is also that some of these programs facilitate malicious parties, via remotely controlled computers, creating platforms for further attacks of which the user is entirely unaware.
The aim of this report is primarily to describe the occurrence and functions of the programs that under a collective name can be called ‘spyware’. This report contains first simple descriptions of the various kinds of spyware programs that occur, second a review of the ways in which users may be adversely affected by them. There is also a section of an analytic nature regarding particular problems with identifying what really are spyware programs that violate the privacy of the user and programs that can actually have beneficial aims and the areas of use. Besides these descriptions, there is also a legal analysis of the legislation that PTS is obliged to apply and its application to spyware and also a more general description of other legislation that may be of relevance to the field. The aim with the legal review is to express PTS’s opinion regarding the provisions of the Electronic Communications Act (EkomL) that can be used to counteract the potential threats to privacy that exist and also to conduct a reasoned discussion concerning problems with real powers to exercise supervision.
The section regarding spyware is generally addressed to everyone who has an interest in knowing about these phenomena and who, on a less technicallyorientated level, wishes to obtain an overall awareness of their occurrence, potential threats and the possibilities of protecting oneself. The section regarding legal issues is mainly directed at lawyers or others who are interested in the legal issues that, primarily on the basis of EkomL, arise in conjunction with the occurrence of spyware.
Finally, an Appendix has been compiled with some examples of spyware programs and how they are installed in authentic test situations on computers connected to networks and influence their functions.