mar
16
2006

A Workshop on Spyware

Special Event

The Information Law Institute, NYU and the

Center for Information Technology Policy, Princeton University present

A Workshop on Spyware

March 16-17, 2006

Furman Hall 212

245 Sullivan Street

New York University School of Law

Organizers:

Ed Felten, Princeton University

Helen Nissenbaum, New York University

Join us for this workshop when experts from academia, industry, government, and public interest advocacy organizations examine spyware in the broader context of computer security, governance of the information infrastructure, and the rights of individual computer-users in relation to public and commercial institutions with which they interact online. Panelists will address questions about the nature of spyware, its prevalence, it perpetrators, its harms, and its victims. They will reveal motives and incentive structures behind it as well as the technical and regulatory context that makes it possible, and they will deliberate over solutions strategies, whether individual or social, whether technical, economic, educational, or legal. Our aim is to achieve meaningful progress toward a well-rounded understanding of spyware and related issues at the intersection of computer security and social values. We anticipate and welcome a diversity of viewpoints and voices.

Free and open to all but it would be helpful for our planning if you let us know, Spyware Workshop RSVP, if you are planning to attend. For information regarding hotel accommodations for out-of-town guests, go to http://www.nyu.edu/about/hotels.html.

Program

Thursday March 16: 212 Furman Hall

5:00 – 6:30 – Spyware Tutorial

Speaker: Ed Felten, Princeton University

Friday March 17: 212 Furman Hall

9:00 – 10:45 – State of the Problem

What is spyware? What is its technical, social, ethical, legal nature? Are there different forms? What’s wrong with it? How does it harm us? How widespread is it? Who is creating and who distributing it? Who are its victims? Is there relevant law? Worst and most interesting cases?

Panelists:

Justin Brookman, NY State Office of the Attorney General

Mark Eckenwiler, US-DOJ

Eileen Harrington, FTC

Ari Schwartz, CDT

Helen Nissenbaum, NYU (Moderator)

11:15 – 1:00 Motives, Incentives and Causes

Why spyware? Why now? What’s driving it? What are the motivations, incentives, reasons for its emergence and spread, e.g. technology, commerce, intellectual property (DRM)? What purposes, goals, or functions does spyware serve?

Panelists:

Eric Allred, Microsoft

Markus Jakobsson , Indiana University and RavenWhite

Marc Rotenberg, EPIC

Paul Ohm, University of Colorado School of Law

Lucas Introna, Lancaster University (Moderator)

2:15 – 4:00 Solution Strategies

Do we need specially tailored solutions? Should solutions be left to the individual or adopted socially? By what mechanisms: technical, regulatory, normative, educational, legal? Are there solutions that we should NOT pursue?

Panelists:

Ben Edelman, Harvard University

Orin Kerr, GWU Law School

Ira Rubinstein, Microsoft

Mark Miller, Hewlett-Packard Laboratories

Harry First, NYU School of Law (Moderator)

Participant Bios

Eric Allred is a member of Microsoft’s Security Business Unit. He works specifically on Windows Defender and has been managing the AntiSpyware Analysts and researchers. Eric has also been responsible for working with the Microsoft vendor disputes. Eric is works closely with the AntiSpyware Coalition as well.

Justin Brookman is an Assistant Attorney General in the Internet Bureau of the New York Attorney General’s Office. He was lead attorney for Attorney General Eliot Spitzer’s lawsuit against Intermix Media for deceptive distribution of spyware. In October 2005, Intermix agreed to pay $7.5 million in disgorgement of revenues and penalties, and accepted a ban from future distribution of spyware or adware, in order to settle suit. Intermix’s former Chief Executive Officer agreed to personally pay an additional $750,000 as part of the settlement. Prior to joining the Attorney General’s Office, Brookman was an associate at Fried, Frank, Harris, Shriver & Jacobson in New York and Washington , D.C. He graduated with a J.D. from New York University School of Law in 1998. http://www.oag.state.ny.us/internet/internet.html

Mark Eckenwiler is Associate Director of the Office of Enforcement Operations, Criminal Division, U.S. Department of Justice. He joined the Justice Department’s Computer Crime Section in 1996, where he served as Deputy Chief from 2002 to 2005. His areas of expertise include federal wiretap law and online investigations. An Internet veteran for over two decades, Mark has published articles on the intersection of law and technology in The National Law Journal, Legal Times, American Lawyer, Internet World, and NetGuide.

Ben Edelman is a Ph.D. candidate at the Department of Economics at Harvard University . He writes about spyware programs’ installation methods, privacy effects, and revenue sources, with an emphasis on automated testing and data collection. http://www.benedelman.org

Edward W. Felten is Professor of Computer Science and Public Affairs at Princeton University , and serves as Director of Princeton’s Center for Information Technology Policy. His research interests include computer security and privacy, Internet software, and information technology policy. For more information, see http://www.cs.princeton.edu/~felten .

Harry First is the Charles L. Denison Professor of Law at New York University School of Law and the Director of the law school’s Trade Regulation Program. From 1999-2001 he served as Chief of the Antitrust Bureau of the Office of the Attorney General of the State of New York. Professor First’s teaching interests include antitrust, regulated industries, international and comparative antitrust, business crime, and innovation policy. He is the co-author of law school casebooks on antitrust (with John Flynn and Darren Bush) and on regulated industries (with John Flynn), as well as the author of a casebook on business crime, and the author of numerous articles involving antitrust law. Professor First has twice been a Fulbright Research Fellow in Japan and has served as an Adjunct Professor of Law at the University of Tokyo. Professor First earned his B.A. and J.D. from the University of Pennsylvania.

Eileen Harrington, Deputy Director of the FTC’s Bureau of Consumer Protection, plays a lead role in developing policy, law enforcement strategies, regulations, and education campaigns to address consumer protection issues arising from the application of new marketing and advertising technologies. She received a Service to America Medal for her role in creating the National Do Not Call law and registry, led the Commission’s implementation of the CAN-SPAM Act, and developed the FTC’s internet fraud law enforcement program, which recently has brought numerous enforcement actions against spyware purveyors.

Lucas D. Introna is Professor of Technology, Organisation and Ethics at Lancaster University . His research interest is the social study of information technology and its consequences for society. In particular he is concerned with the ethics and politics of technology. He is co-editor of Ethics and Information Technology and a founding member of the International Society for Ethics and Information Technology (INSEIT) . http://www.lums.lancs.ac.uk/owt/profiles/119/

Dr. Markus Jakobsson is Associate Professor in the School of Informatics at Indiana University at Bloomington , Associate Director of the Center for Applied Cybersecurity, and a founder of RavenWhite, an anti-phishing joint venture with RSA Security. He is an editor of the textbook “Phishing and Countermeasures” (Wiley), and his webpage is http://www.markus-jakobsson.com

Orin S. Kerr is an Associate Professor at George Washington University Law School . He teaches and writes in the area of computer crime law, and is the author of a forthcoming casebook in the field. http://www.law.gwu.edu/Faculty/profile.aspx?id=3568

Mark Miller is Chief Architect of the Virus Safe Computing Project at Hewlett Packard Laboratories and Open Source Coordinator for E programming language. Viruses and spyware programs generally abuse authority they should never have been given in the first place. Mark’s work focuses on creating frameworks in which the principle of least authority is practical and convenient. http://www.erights.org

Helen Nissenbaum, Associate Professor in the Departments of Culture and Communication and Computer Science, teaches and conducts research on moral and political aspects of computers, information technology, and new media. She is a Faculty Fellow of the Information Law Institute and runs its Colloquium in Information Technology and Society. http://www.nyu.edu/projects/nissenbaum

Paul Ohm is an Associate Professor at the University of Colorado School of Law. He specializes in computer crime law, as well as criminal procedure, intellectual property, and information privacy. Prior to law school, he worked as a computer programmer and systems administrator for the RAND Corporation. http://lawweb.colorado.edu/profiles/profile.jsp?id=180

Marc Rotenberg is Executive Director of the Electronic Privacy Information Center (EPIC) and Adjunct Professor of Law at Georgetown University Law Center. He also chairs the American Bar Association Committee on Privacy and Information Protection. EPIC web site: http://www.epic.org

Ira Rubinstein, Associate General Counsel, Microsoft Corporation heads Microsoft’s Regulatory Affairs and Public Policy Group in Legal and Corporate Affairs, with responsibility for world wide regulatory and policy matters including privacy, security, online safety (spam, spyware, phishing), export law, telecommunications and related issues. Before joining Microsoft, in 1990, Rubinstein was in private practice in Seattle . He graduated from Yale Law School in 1985.

Ari Schwartz is Deputy Director of the Center for Democracy and Technology (CDT). Ari’s work focuses on increasing individual control over personal and public information. He promotes privacy protections in the digital age and expanding access to government information via the Internet. Ari regularly testifies before Congress and Executive Branch Agencies on these issues. http://www.cdt.org/staff/ari.php

For more information, contact Nicole Arzt by email at arztn@juris.law.nyu.edu or by phone at 212-998-6013.

Sincere thanks to workshop sponsors: NYU Information Law Institute; NYU School of Law Engelberg Center; Princeton University , Woodrow Wilson School of Public and International Affairs; National Science Foundation, PORTIA Grant No. CNS-0331542