Crawford on Spyware Regulation

By Eric Goldman

Susan Crawford has posted her paper First do no Harm: The Problem of Spyware to SSRN. This is the paper associated with her talk at the Boalt conference on spyware in April. I read a draft of the paper at that time and I thought it was an intelligent and efficiently-expressed recap of the spyware “problem” with some worthwhile policy proposals (mostly, a call not to overreact).

The abstract:

Over the last few years, there has been enormous U.S. interest in legislating rules governing spyware. This Article provides a comprehensive overview of the bills that have been proposed (and passed) in the states and on the federal level. It argues that because spyware is impossible to define, these legislative efforts may do harm to the extent they either are focused on design mandates or are attempts to require notice for electronic interactions. Only a technical approach-and only a particular kind of technical approach at that-will work in addressing spyware. Technical actors need to take an immune system approach to spyware, dividing their efforts and experimenting in the field the same way immunity networks do. If we think of the legal system as a medical expert operating on this difficult disease, our first priority must be to wait to allow these already-emerging immunity networks to take effect, and to do no harm in the interim. This is a time for patience, not for the knife.