NAI Spyware Forum Recap

A couple hours ago, I spoke on a panel concerning the technological responses to spyware, along with Brooks Dobbs from DoubleClick, Richard Siennon from Webroot and Bill Wise from Did-It. Lots of terrific people were there, including Esther Dyson of C|Net, Lydia Parnes, director of the Bureau of Consumer Protection at the Federal Trade Commission and David Cavicke, general counsel for the Committee for Energy and Commerce (US House of Representatives).

A lot of the conversation centered around the controversy over both spyware and the anti-spyware software that removes rogue applications from consumers' computers. My particular panel talked at length about the problem of anti-spyware software identifying legitimate adserver cookies as threats and removing them from consumers' computers by default.

The one thing I didn't get a satisfactory answer about was why adserver cookies from Atlas, DoubleClick, 24/7 Real Media and others are specifically identified as threats by anti-spyware tools when...

1) These guys are the "good guys" and have gone out of their way to educate, provide opt-out mechanisms, disclose details of how cookies are used, and set up best practices concerning PII and privacy.

2) Most truly malevolent cookies are skipped over and not identified.

It seems the good guys have been caught in the blast of the nuclear bomb set off by the anti-spyware vendors. There are two big problems here:

1) Deleting cookies via anti-spyware software is responsible for a good deal of the cookie-clearing behavior we've been seeing lately, and

2) There is little incentive for the anti-spyware vendors to whitelist "good" cookies. The consumer seems to like this just fine (even though they're likely not fully understanding what they're doing or the impact they're having on the content sites they all know and love).

So what's the incentive for the anti-spyware vendors to whitelist Atlas, DoubleClick and the other "white hat" adserving vendors?

Nick Nyhan from Dynamic Logic suggested I get involved with SafeCount in order to fully explore this. I think I'll do just that.

Thanks to Peter Kosmala and Trevor Hughes from the NAI for letting me come by and speak my mind.