During our Antispyware Workshop, I was intrigued by the notion that existing laws can be used to prosecute adware and spyware makers. So I've been reading the Computer Fraud and Abuse Act, and it seems to me that this act, which details criminal penalties for violations, can come in to play. This act was originally designed to prosecute hackers, but a lot of adware exhibits hacker-like behavior. First, hackers often access computers by installing a rootkit or other software that gives them control. Similarly, adware is often secretly installed on computers, although it tends to transmit information about that computer's use instead of opening up a security hole. The Computer Fraud and Abuse Act makes it illegal to "intentionally, without authorization to access any nonpublic computer of a department or agency of the United States". I think it very likely that many military and government computers have been infected with adware, so that would satisfy part of the requirements for violation under this Act. If the government employee or soldier who uses the computer isn't aware of the adware, then that would be unauthorized access. Under the Act, the FBI and Secret Service have authority to investigate, and I hope they get on the case.
Tech & Work