SPYWARE

1. INTRODUCTION

Spyware is a serious and actual issue, affecting every internet user who is mostly unaware of the danger that prevents undertaking legal and practical actions against it because of being invisible. Furthermore, it has recently received judicial and academic attention in some jurisdictions around the world. Extremely profitable

online advertising has encouraged not only craftier spyware, but also creating obstacles that reduces accountability to consumers, making it difficult for law enforcement officers, and public to initiate legal proceedings.

According to the research firm IT-Harvest, spyware profits almost $2 billion a year, accounting for about 11% of the internet ad business (Elgin, 2006; 1). In the USA, spyware has infected nearly 60% of household computers, causing nearly $2.6 billion damages in 2006 (Sun, 2007; 555). The global financial cost of spyware has been estimated about 11 billion Euro in 2005 1 . It is estimated that about 30% of

computers in the UK are infected with spyware (Corbitt, 2007; 2). Although spyware has been largely known by those working in the IT sector, a recent National Cyber Security Alliance survey showed that only 10% of users actually knew what spyware was (Acohido and Swartz, 2004;1 ).

In this essay, having touched on brief explanation, types and harmful affects of spyware and the current legal aspect in the EU and USA, the attention will be given the criminal approach in UK legislation. Limited cases from UK are examined in the essay because; case law has not sufficiently developed in that issue. In the final section I will attempt to provide a summary and reach a conclusion.

Communication From The Commission To The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions; On Fighting Spam, Spyware And Malicious Software COM(2006) 688 Final Brussels, 15.11.2006 p.3

2. DEFINITON

It is difficult to define spyware due to continuously evolving technology and huge web advertising industry. Basically, the term of "spyware" refers to a diversified amount of software that monitors the usage of computer without users consent. There are different kind of definitions in different sectors and legislations and occasionally mixed up with computer viruses and worms (Klang, 2003; 313). It is an undeniable fact that, in order to provide efficient legal provisions, it must be defined very well (Pelland, 2005;1). Federal Trade Commission Staff Report (hereafter FTC REPORT)
2

in USA defines spyware as;

"Software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge".

3. EFFECTS

Spyware is used for the purposes such as; tracking and storing internet users' movements on the web; serving up pop-up ads to internet users; directing users to certain websites by changing internet browsers' toolbars and 'favourites' settings in the computer (Kang, 2004;1). It is asserted by some that governments develop spyware for use in espionage and criminal investigation (Feinstein; 2004;2). Spyware and adware cause serious privacy breaches and create backdoors that not only for the vendors of such software, but also for attackers (Schultz, 2003;1). However, some spyware is also used for malicious purposes, such as abusing collected bank account numbers or passwords, or affecting the internet users computer itself. It is claimed that the advertisement which consumers receive is the price they have to

Federal Trade Commission Staff Report, http://www.ftc.gov/os/2005/03/050307spywarerpt.pdf p.4

3 pay for the free downloading and use of certain software applications (Schrijver and Schraeyen; 2005;17). 4. TYPES

"Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies. 3 System monitors render serious privacy risks because they secretly capture and transmit user's personal information, worse still, passwords used in online transactions. 4 Trojans can be used to obtain sensitive information, install malicious programs, hijack the computer, or compromise additional computers or networks. 5 Adware tracks the users' online activities on the internet to deliver targeted pop-up advertisements. 6 Tracking cookies are the uninformed small text files downloaded to a user's computer that preserves preferences on specific websites. Many known websites use cookies, but third parties like adware

developers use cookies for on line marketing (Kantor, 2005;1).

Keystroke loggers, password sniffers, spam launchers, remote access tools ("RATS") and screen capture utilities are the "mal-spyware". While mal spyware can be used for legitimate aims like preventing crimes, ad wares, seen as innocuous, could lead to security vulnerabilities and lead indirectly to a security compromise (Smith, 2004;2). Generally, spyware can be installed without user knowledge or consent, through exploitation of operating system or browser vulnerabilities; or with user consent induced by deceptive or misleading pop-up messages (Edelman, 2006;1).

Once installed, spyware is difficult to detect and remove (McCartney, 2004;2). Spyware can also disable users' internet security software or continuously mutate to avoid detection by conventional anti-spyware solutions (Vijayan, 2006;1). No security measure is absolutely foolproof and hackers are continually developing new ways of attacking computer systems. It is never possible for an internet user to be completely

3 4 5 6

Webroot Software, Inc., the State Of Spyware: 2005 the Year in Review 30 (2005), p. 5-7, FTC REPORT, p.1 X-Force Threat Insight Quarterly, Trojans, Spyware, and Adware, July 2005 FTC REPORT, p. 3-4;

4 secure (Simmonds, 2007;244). Spam and spyware go hand-in-hand; they both are trying to make money, no matter the method (Feinstein, 2004;5). 5. US LEGISLATION

In the US, victims of spyware mainly based their claims on four existing legal grounds as below (Schrijver and Schraeyen; 19); Electronic Communications Privacy Act (ECPA); It prohibits the interception of communication without the approval of a court or the consent of the person. Computer Fraud and Abuse Act (CFAA); It covers spyware programs that access a users computer in order to obtain secret passwords and transfer certain data from the computer. In Register.com, Inc. v Verio, Inc.,15 case 7 ; New York court concluded that the unauthorised use of search engines to retrieve information from a customer list of an internet domain name registrar and the use of this information for nonauthorised mass marketing purposes infringed s.1030(a)(2)(c) of the CFAA . Title 5 of the Federal Trade Commission Act (FTCA); as the best legal ground for challenging spyware in the USA, it grants the Federal Trade Commission (FTC) the power to take action against unfair and misleading commercial practices. In FTC v D Squared Solutions 8 case, the FTC successfully argued before a Maryland court that a company infringed the FTCA because it abused the Windows Messenger Service by flooding internet users with pop-up advertisements in order to force these users to buy the antipop-up adsoftware sold by the company. Intellectual property rights: Trademark laws and copyright laws have also been used to combat spyware in the USA. In the U-Haul 9 and Wells Fargo 10 cases, the court held that the use of trademarks by software producers in order to generate pop-

7 8 9

Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y.2000) US Dis. Court, District Of Maryland Northern Division 30.Oct.2003 A 10: 18, U-Haul International Inc. V. WhenU.com 279 F. Supp. 2d 723 (E.D.Va.2003) Wells Fargo & Co. v. WhenU.com, Inc., 293 F. Supp. 2d 734 (E.D.Mich.2003)

10

5 up advertising could not be considered as the use of a trademark and do not violate the copyright of internet publisher (Sinclair, 2004;10).

Although the problems related to spyware have become more prominent in the USA there is no Federal Act that deals specifically with software problems. Specific spyware legislation has already been adopted in some states (Utah, California, and in several other states). There are three type of spyware national proposal in the US;

Internet Spyware Prevention Act of 2007 (the "I-SPY Act"); which addressing activities that are conducted via spyware and makes those activities criminal offences punishable by both imprisonment and fines (Kelley, 2007;25).

The Securely Protect Yourself Against Cyber Trespass Act (the "SPY Act"); which requires spyware supplier to inform the internet user that the spyware will download, and its name, address and e-mail in a licence agreement.

Software Principles Yielding Better Levels of Computer Knowledge Act (or "SPY BLOCK Act"); which authorises the FTC to issue rules as necessary to implement or clarify the provisions of the Act

According to a survey done in Midwestern US.; Users dislike spyware because of privacy and performance issues. The respondents say that by not reading the license agreements, they do not take responsibility for protecting themselves from spyware, yet they expect industry and government to regulate spyware activity (Freeman Urbaczewski, 2005;53).

6 6. EUROPEAN UNION

European legislator dealt with the spyware problem with the adoption of Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector. Article 5.3 of Directive 2002/58/EC refers to the application of Directive 95/46/EC. Art 5.3 of Directive 2002/58/EC obliges EU Member States to ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing, and is offered the right to refuse such processing by the data controller. There has been only one civil judgment dealing with spyware in the Europe 11 . In that case, Claria (formerly known as Gator) used software in order to place pop-up advertisements of the products of Hertzs competitors, on the website of Hertz. The court stated that Clarias act amounted to an unjustified interference with Hertzs commercial activities on the internet and ordered Claria to stop placing automatic advertisements on Hertzs website (Schrijver and Schraeyen; 20).

According to Commission, while over the EU, as a whole, there is insufficient action to address this issue, under the Directive 2002/58/EC and Directive 95/46/EC, national authorities have the power to act against the following illegal practices: unlawful access to terminal equipment; either to store information -such as adware and spyware programs- or to access information stored on that equipment 12 . Hence, the Commission intends to reinforce the dialogue and the cooperation with third countries on the fight against these threats and criminal activities that are linked to spyware. Convention on Cybercrime obliges each party to adopt such legislative and other measures at the national level for illegal access and interception 13 .

11

Gesetz gegen den unlauteren Wettbewerb 7.06.1909 (R GBl.S.499) Comm. Law 10(1)18/5/05 P.17

Commission of the EU report On Fighting spam, spyware and malicious software 15.11.2006 COM(2006) 688
13

12

Convention on Cybercrime ETS No. 185, Budapest (23 November 2001) article 2, 3 etc

7 According to recent EU proposal COM(2007) 698 final 2007/0248 Article 5(3): the use of spyware and other malicious software remains prohibited under EC law, regardless of the method used for its delivery and installation on a users equipment (distribution through downloads from the Internet or via external data storage media, such as CD-ROMs, USB sticks, flash drives etc.) 14

7. UK LEGAL POSITION

In the UK, Computer Misuse Offences in Computer Misuse Act 1990 (hereafter CMA) can be applied to the spyware. This act is amended by Police and Justice Act 2006 (hereafter PJA), which is an reform act, as an attempt to enable CMA to keep up with the technological advances and cover new forms of crimes for spyware since the enactment of it. This change was realized as a response to pressure from IT and academic sector but also as a direct requirement of the UK's ratification of the Convention on Cybercrime (Fafinski, 2008;2).

CMA 1990 s. 1 regulates the to computer material. According to article a person is guilty of an offence if he causes a computer to perform any function with intent to secure access to any program or data held in any computer. The mens rea of the offence is the intention of unauthorised access and the knowledge of the function at the time of access. It is not necessary that the unauthorised user should direct their attention at any particular computer, randomly seeking will come within this offence (Lloyd, 2004; 291). The actus reus of this criminal offence to access a user's programs or data without lawful authority. Most spyware will become offences, because of the wide definitions of terms like "access. In that case it must be proved that the access was unauthorised. The unauthorized access to computer material is broadened and tariff is increased by PJA 2006.

14

COM(2007) 698 final 2007/0248 (COD) Proposal for a Directve Of The European Parliament And Of The Council P.12

8 The concept of access raises a number of issues and the scope of the definitions may be extremely broad. It seems clear that most actions whereby a user makes contact with a computer system and causes that system to display or to transmit information will fall within this offence (Lloyd;290). Spyware is generally used to transfer the collected data (by accessing system) to third parties who are mostly marketing companies which use the data to send specific advertising messages (adware) to the computer of the internet users. If this transfer occurs without the internet user consent, it constitutes this offence.

Article 2 of CMA make offence to unauthorised access with intent to commit or facilitate commission of further offences. According to article, a person is guilty of an offence under this section if he commits an unauthorised access offence with intent to commit an offence to which this section applies; or to facilitate the commission of such an offence (whether by himself or by any other person). For example, if it is accessed to someones computer to commit credit card fraud, by collecting bank account numbers or passwords, this offence is obvious.

The article 3 CMA regulates offences, covering the unauthorized modification of computer material. A new provision added by PJA, concerning unauthorised acts with intent to impair the operation of a computer. The mens rea of the offence is the requisite intent and the requisite knowledge when the act is done. According to article 3-(2) requisite intent is intent to do the act in question and by so doing to impair the operation of any computer, to prevent or hinder access to any program or data held in any computer, or to impair the operation of any such program or the reliability of any such data, whether permanently or temporarily. It is deemed as a criminal offence to modify a user's programs or data with intent to impair the operation of a computer without lawful authority. Modification is defined as the alteration or erasure of any program or data or the addition of any program or data to the contents of a computer (Bainbridge, 2004; 395). For example any spyware, causing damages to computer by changing any settings in the computer can fall within this article.

9 A new offence (article 3A) is introduced into the CMA by PJA 2006. Article 3A introduces an offence of making, supplying or offering to supply articles for use in computer misuse offences, or obtaining such tools with the intention to use them to facilitate the commission of such an offence. According to article A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit, or to assist in the commission of, an offence under section 1 or 3. In this section article includes any program or data held in electronic form.

This section also can be applicable for so-called illegal spyware. If some kind of spyware can be used to commit surveillance activity on a computer system, it is likely to harvest information that could be used to hack into or impair the performance of system. Then it will be sufficient to apply 3A offence. It has been suggested that even web browsers, such as Internet Explorer, could clash of this section, if they can be used to gain unauthorised access to insecure systems (Fafinski, 2008;13).

Spyware is generally set up with the other freeware programs that the user has downloaded from the internet. Before downloading the user is asked to click on a box as an evidence of they had agree with a license agreement. Organisations using the spyware claim that accepting this licence constitutes user's consent. Most of the users neglect to read terms and unwittingly give consent for the installation of various other programs, including spyware. This issue is important in terms of deciding whether legal consent is given to installation of spyware or not in the context of CMA. Some says that; although the user has not given clear consent, or the agreement consists of unreasonable terms and the additional unnecessary programs such as spyware, an opportunity has been given to the user to read the agreement, hence, it is unlikely to initiate a criminal process against the spyware suppliers (SingletonBratin, 2005; 2). Barnes says that in order to protect the dignity and privacy concerns of consumers, Courts should decline to countenances such consent under contract doctrine or at least insist on additional procedural safeguards than are currently present (Barnes, 2006; 1621)

10 There are some civil provisions regarding to tackle with spyware. According to Data Protection Act 1988, data subject (the user) must be informed about the details of the collection of 'personal data'. In that case if any information about identified or identifiable individuals is collected by spyware, it would fall within the act (Smith; 4). Furthermore according to Privacy and Electronic Communications Regulations 2003 (SI 2003 No 2426), 'cookies' and also other forms of code can not be stored or accessed on a user's equipment unless the user is: given clear and comprehensive information about the purpose of the storage or access to that information; and given the opportunity to refuse storage or access to that information.

All Parliamentary Internet Group disclosed a recent report that CMA s. 3 is sufficient to tackle with mal-spyware. They did not believe that the CMA should be extended to cover adware. And the harm should be addressed by the provision of Data protection Act. The group believes that OFCOM should address this topic by educating users and the importance should be given on alerting the public to the potential pitfalls and working with software developers to create a code of practice 15 . There seems little doubt that the spyware issue is taken seriously by the group due to excluding adware from the scope of CMA. The reasons of this underestimation may be the effect of adware lobby groups or difficulties to tackle with so common adware or the fact that being not malicious. It appears to me that if it is accessed to any computer to collect some data (included taking IP addresses) without legal consent, whether malicious or not, it should clearly constitute an offence in the context of CMA.

R v Waters case 16 ; is the only criminal case that came to the Court of Appeal about spywares. In that case, the 67 years old defendant, who was divorcing from his wife, wrongly suspected that she had concealed some assets during the divorce proceedings. So he decided to install spyware enabling surveillance on his wife's computer by his sons and a detective agencys aid. The computer that she used at the company's business premises was sent away on a pretext and the software
15 16

All Parliamentary Internet Group report, June 2004 p.9 R v Waters [2007] EWCA Crim 222, [2007] All ER (D) 298(Jan)

11 necessary for this spying activity was installed. Defendant claim that the computer in question was belong to company and there was nothing illegal about tracking its usage. However, he confessed that members of staff had not been informed about the surveillance and no other member of staff had been tracked. The software enable defendant to access his ex-wifes emails, Internet banking and other personal or financial activities and her divorce strategy for a period of around 11 months.

The offender, Anthony Waters, and his son had pleaded guilty to an allegation of conspiracy to cause unauthorised modification of computer material and were sentenced of four months' imprisonment and ordered to pay prosecution costs. The judge stated in the verdict that the sentences had to reflect an element of deterrence.

The defendant appealed the decision on the ground that an immediate custodial sentence was wrong in principle, or that the period imposed was excessive, particularly in the light of his good character, age and poor health. The decision upheld by the Court of Appeal, Criminal Division by stating:

Computers were an established part of modern life, and an increasing amount of information relating to individuals was held on them. Individuals privacy had to be protected from intrusion and it followed that deterrence was an appropriate element in sentencing in cases involving offences such as that committed in the instant case. It was true that offending of the kind committed by the defendant was far from the top of the range, but rather, it fell somewhere near the middle between personal e-mail communications and commercial espionage.

The Court of Appeal correctly identified deterrence as an element of sentencing in this case and said that considering the period of surveillance and other circumstances, the sentence imposed was not either excessive or wrong in principle even though offenders wife had forgiven him. This decision seems turning point to me in terms of outweighing the protection of individuals private life against spyware users and stressing the importance of deterrence of the punishment to prevent this intrusion.

12 In another civil case (Ashton case); there was a legal dispute between claimants (Ashton) and defendants (Moscow based Rusal) in a series of international barter arrangements. In January 2006, Ashton discovered spyware called 'Perfect Keylogger' on its computer system which enabled remote access. Investigations revealed that unauthorised access to the system was realized from an internet address registered to defendant. The installed spyware can log of everything typed on the computer and also carry out 'visual surveillance' by taking a snapshot of the computer screen and any information saved on file.

The claimants said defendants have been looking for confidential and privileged information in connection with the disputes and initiated legal proceedings for breach of confidence by using unlawful means, unlawful interference with their business with intent to injure. The defendants alleged that the English court had no jurisdiction and there was no evidence to show the unauthorised log-ons with Rusal and also alleged that tort had taken place in Russia, that no real damage had been caused. The defendants presented evidence that the IP address which had attempted to gain unauthorised access to Ashton's server had been allocated exclusively to a wireless connection and had probably been used by unauthorised third parties.

The court held that England was the appropriate forum, because access occurred to a server physically in London; The personal criminal liability of executives of the defendant firms were set aside because of lack of evidence. This case shows the some impossibility to prove mal-spyware because of difficulties with crime detection and identification of the perpetrator in particular it happens internationally.

13 CONCLUSON

Spyware is an important issue that has recently taken attention by various legislations. In UK, even though there seems to be enough legal provisions to tackle with spyware problem there are also other challenges like the technical complexities in the proving process beyond reasonable doubt in criminal cases and awareness of the users. In EU, as a whole there is lack of sufficient action to address this issue, whereas, under the Directive 2002/58/EC and Directive 95/46/EC, national authorities have the power to act against spyware. Case law in UK and EU has not developed yet unlike USA. In USA, there are some proposals directly addressing this issue and it is unknown whether any of these bills will become law, reflecting the inertia associated with acceptance of the consent-based spyware/adware bargain (Barnes, 2006;1571).

It is widely believed that along with technical developments the law should undoubtedly continue to develop to keep up with changes and play a part in the spyware. Furthermore it is claimed by many that the awareness of the users should be increased by education since the cost of the spyware can be too high that comes with the free software. Moreover It must be placed pressure the creators of spyware to ensure they maintain a sense of fairness in informing potential computer users what they really have by the sneakily coming spyware and their abilities (Schmidt and Arnett, 2005; 68)

Last but not least; being a worldwide global problem, an international uniform broader approach, and a persisting co-operation and a guaranteed enforcement of penalties across the board are needed (Howard and Lim, 2006;3). Cyber Crime Convention which provides a strengthened and more efficient international co-operation, mutual assistance, cross-border access to stored computer data, and the organisation of national contact points in order to facilitate the co-operation is a very important step to tackle with the issue.

14

BIBLIOGRAPHY Textbooks

1. Ian J. Lloyd, (2004), Information Technology Law, Oxford University Press, 4th Ed., 2. D. Bainbridge, (2004), Introduction to Computer Law, 5.ed., Harlow, Pearson Longman

Articles, Periodicals,

1. A. Kantor, (2005), When Cookies Aren 't Monsters and Spyware Isn 't Spyware, USAT0DAY.COM, Jan. 28, 2005, http://www.usatoday.com/tech/ columnist/Andrewkantor/2005-0l-28-kantor_x.htm accessed date: 29.02.2008
2. B. Acohido & J. Swartz, (2004), Market to Protect Consumer PCs Seems Poised for Takeoff; As Spyware, Viruses Spread, Threat to E-commerce Grows, USA Today, Dec. 27, 2004, at B1

3. B. Edelman, (2008), Spyware Research, Legislation, and Suits, Spyware Installation Methods http://www.benedelman.org/spyware/ accessed date: 26.02.2008 4. B. Elgin, (2006), The Plot to Hijack Your Computer, Businessweekonline, July 2006 http://www.businessweek.com/magazine/content/06_29/b3993001.htm accessed date.28.02.2008 5. B. Kelley, (2007), Spyware and Data Security Bills Advance, Journal of Internet Law, Aug2007, Vol. 11 Issue 2, p25-28, 4p. (AN 26225670).pdf 6. E. Schultz, (2003), Pandora's Box: spyware, adware, autoexecution, and NGSCB , Computers and Security, Volume 22, Number 5, July 2003 , pp. 366367(2) 7. J. Kang, (2004), Spyware, ITLT 12 10 (10) INFORMA UK LTD

15 8. J. Vijayan, (2006), Mutating Malware Evades Detection, PC ADVISER, Nov. 11, 2006, http://www.pcadvisor.co.uk/news/index.cfm?newsid=7571. , accessed date.25.02.2008 9. K. Howard and Y.F. Lim, (2005), I Spy With My Little Eye -Taking a Closer Look at Spyware, 2005 (2) The Journal of Information, Law and Technology (JILT). http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2005_2/howard-lim/> Accessed date.28.02.2008 10. K. Feinstein, (2004), How to Do Everything to Fight Spam, Viruses, Pop-Ups, and Spyware.Emeryville, CA, USA: McGraw-Hill Osborne, 2004. p 129. http://site.ebrary.com/lib/universityofessex/Doc?id=10130538&ppg=155 accessed date.28.02.2008 11. L. Sun, (2007), Who Can Fx the Spyware Problem? Berkeley Technology Law Journal, Annual Review 2007, Vol. 22 Issue 1, p555-575, 21p; (AN 25420013).pdf accessed date.28.02.2008 12. L.A. Freeman and A. Urbaczewski, (2005), Why Do People Hate Spyware? Communications of the ACM, Aug2005, Vol. 48 Issue 8, p.50-53, 3p; (AN 17830524).pdf 13. Mark B. Schmidt and Kirk P. Arnett, (2005), SPYWARE: A Little Knowledge is a Wonderful Thing Communications of the ACM, Aug2005, Vol. 48 Issue 8, p67-70, 4p. (AN 17830534.pdf) 14. M.C. McCartney, (2004), IT Round-Up, IT Law Today, ITLT 12 7 (7) 15. M. Klang, (2003), Spyware: Paying For Software With Our Privacy, Internatonal Revew Of Law Computers & Technology, Volume 17, No. 3, Pages 313322, November 2003 16. M. Smith, (2004), Spyware and the law, W.O.G.L.R. 2004, 3(10), 14-16 [World Online Gambling Law Report] Publication Date: 2004 17. R. Singleton, R. Bratin, (2005), Is spyware bugging you?, The Legal Issues Of Electronic Commerce And Communications, Electronic Business Law 7 EBL 1, 12

16 18. S. De Schrijver. J. Schraeyen, (2005) "Spyware": innocent espionage in cyberspace? Comms. L. 2005, 10(1), 17-24 [Communications Law] Publication Date: 2005 19. S. Fafinski, (2008), Computer Misuse: the Implications of the Police and Justice Act 2006 JoCL Journal of Criminal Law 72 (53) Vathek Publishing, 1 February 2008 20. T. Corbitt, (2007), Beware Spyware , Tolley's Practical Audit & Accounting, Reed Elsevier (UK) Ltd 21. T. Pelland, (2005), What is Spyware? Journal of the Quality Assurance Institute, Apr 2005, Vol. 19 Issue 2, p4-4, 1p. (AN 17682373).pdf 22. W. R. Barnes, (2006), Rethinking Spyware: Questioning the Propriety of Contractual Consent to Online Surveillance httplawreview.law.ucdavis.eduissuesVol39Issue4DavisVol39No4_Barnes.PDF DavisVol39No4_Barnes.pdf accessed date: 06.03.2008

Case-Law

1. R v Waters case [2007] EWCA Crim 222, [2007] All ER (D) 298 (Jan) R v Waters Court: CA Judgment Date: 31/01/2007 Lexisnexis Butterworths

2.

Ashton Investments Ltd and another v OJSC Russian Aluminium (RUSAL) and others [2006] EWHC 2545 (Comm) Lexisnexis Butterworths

3. J. Sinclair, (2003), U-Haul International , Inc. V. WhenU.com 279 F. Supp. 2d 723 (E.D. Va. 2003). http://www.bu.edu/law/central/jd/organizations/journals/ scitech/volume101/sinclair.pdf accessed date: 07.03.2008

4. Wells Fargo & Co. v. WhenU.com, Inc., 293 F. Supp. 2d 734 (E.D. Mich. 2003). http://www.lawtechjournal.com/articles/2005/04_050719_givan.php, accessed date: 07.03.2008

5. Claria v. Hertz case Gesetz gegen den unlauteren Wettbewerb, 7 June 1909 (R GBl. S. 499). Comm. Law 10(1) 18/5/05 8:34 AM Page 17

17

6. CASE: Register.com, Inc. v Verio, Inc.,15 case Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000) UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK http://www.spamseminar.com/materials/register-verio.html

7. FTC v D Squared Solutions case UNITED STATES DISTRICT COURT , DISTRICT OF MARYLAND NORTHERN DIVISION. 30.OCT.2003 A 10: 18 , http://www.ftc.gov/os/2003/11/0323223comp.pdf

Official Documents, Working Group Reports

1. All Parliamentary Internet Group Revision of the Computer Misuse Act:Report of an Inquiry by the All Party Internet Group , June 2004, Accesed date 28.02.2008,http://www.apcomms.org.uk/apig/archive/ activities-2004/ computer-misuse-inquiry/CMAReportFinalVersion1.pdf

2. Federal Trade Commission Staff Report, Spyware Workshop: Monitoring Software on Your Pc: Spyware, Adware, and Other Software 1 (2005), http://www.ftc.gov/os/2005/03/050307spywarerpt.pdf Accesed date 28.02.2008

3. Webroot Software, Inc., the State Of Spyware: 2005 the Year in Review 30 (2005), p. 5-7, www.antyspyware.pl/state-of-spyware/2005-q4-sos.pdf 4. X-Force Threat Insight Quarterly, Trojans, Spyware, and Adware, July 2005 http://documents.iss.net/ThreatIQ/ISS_XFTIQ_Q205.pdf

5. COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 15.11.2006 COM(2006) 688 Finalcommuncaton FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS On Fighting Spam, Spyware And Malicious Software

18 EC Directives, legal Provisions

1. Computer Misuse Act 1990, http://www.opsi.gov.uk/Acts/acts1990/ Ukpga_19900018_en_1.htm

2. Police and Justice Act 2006, http://www.opsi.gov.uk/Acts/acts2006/ ukpga_20060048_en_1

3. Data Protection Act 1998, http://www.opsi.gov.uk/acts/acts1998/ ukpga_19980029_en_1

4. 2003 No 2426 ELECTRONIC COMMUNICATIONS Privacy And Electronic Communications (EC Directive) Regulations 2003 Http://0Www.Lexisnexis.Com.Serlib0.Essex.Ac.Uk/Uk/Legal/Auth/Bridge.Do?Rand=3. 3705302979636365E-5

5. Convention On Cybercrime , ETS No. 185, Budapest (23 November 2001). http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm

6. DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Of 12 July 2002, Http://EurLex.Europa.Eu/Lexuriserv/Lexuriserv.Do?Uri=OJ:L:2002:201:0037:0047:EN:P DF

7. Directive 95/46/EC Of The European Parliament And Of The Council Of 24 October 1995 On The Protection Of Individuals With Regard To The Processing Of Personal Data And On The Free Movement Of Such Data Http://Eur-Lex.Europa.Eu/Lexuriserv/Lexuriserv.Do?Uri=CELEX:31995L0046: EN:HTML

8. COM(2007) 698 final 2007/0248 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive 2002/22/EC on universal service and users rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation (presented by the Commission) {SEC(2007) 1472} {SEC(2007) 1473} Brussels, 13.11.2007

19

9. COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS; On Fighting spam, spyware and malicious software COM(2006) 688 final Brussels, 15.11.2006 http://ec.europa.eu/information_society/policy/ecomm/doc/info_centre/commu nic_reports/spam/com_2006_0688_f_en_acte.pdf