Attorney's Anti-Spyware Crusade Breaking Boundaries
Sha
wn Collins is on a mission.
Despite not using a computer until last year, the 48-year old attorney from outside Chicago wants to succeed where the software industry has failed. Collins is determined to thwart what he calls Internet pollution, i.e. the annoying pop-up ads and spyware which intrude into millions of personal computers.
"The Internet is being polluted. I look at spyware companies as industrial polluters," Collins said.
Collins, whose background is in environmental issues, is applying the same kinds of laws he used against groundwater polluters to his
online crusade.
In a case settled in February, the attorney successfully fought spyware companies on the charge of trespassing on personal property. This tactic, lifted from environmental law, was successful because spyware companies often bundle spyware with other programs, such as games or a screensaver, when users often don't realize they've agreed to download the software.
Spyware creates numerous problems, ranging from incessant pop-up ads that hinder a computer's efficiency, to dangerous programs which
monitor users' keystrokes, giving thieves a window to steal personal information.
"We attacked it as if someone was coming on your property without your permission. They were staying there without your permission and
doing surveillance on you without your permission," Collins said of his recent case.
Despite widespread consumer complaints and a rise in identity theft crime, the computing industry has not been aggressive in battling
spyware.
"The way we've gone after spyware companies is by complaining to the FTC by saying they are using unfair and deceptive practices.
Basically, that they are committing fraud," said David McGuire, a spokesman with the Center for Democracy and Technology, a Washington,
D.C.-based industry group that coordinates anti-spyware campaigns. "In some cases the FTC has gotten some favorable settlements."
But Collins is not willing to wait around. Instead, he's embarking on a quest to reshape Internet case law. And he's getting kudos for his
effort.
"I like his approach. I think it is novel," said Michael Overing, adjunct professor at the University of Southern California and an
attorney who specializes in Internet issues.
Last month in Chicago, Collins filed his third suit in federal court month using trespassing laws, claiming that Ebates Shopping.com
illicitly loaded software onto a client's computer to track Internet behavior. Ebates, an Internet company that refers people to online
retailers in exchange for a commission, has not commented about the suit.
Collins' status as an Internet pioneer is unlikely. The father of three and 1986 University of Chicago Law School graduate is often the
subject of jokes at his firm -- because of his technological ineptitude. But an associate at the firm, David Fish, urged him to look at spyware and how problematic it had become. A light bulb immediately turned on.
"I did a Google search for some cases and started getting all these pop-ups. I started to see what [Fish] was talking about, how this stuff can slow down computers... I saw the Internet as a common resource, one that everyone had access to, and this common resource was being polluted."
In a case settled in February (Sotelo v. Direct Revenue), Collins made a mark in the legal law history books when he argued spyware providers were trespassers. His trespass-to-personal-property argument is based on a law inherited from the British -- one he says is 1,000 years old.
Collins has used that law in six cases against groundwater polluters since 2000. He's 3-1 with two still pending, and even in his sole defeat, he was able to obtain a $2 million settlement for his clients. In each case, the people had clean water afterwards. Now, he's looking for a clean Internet.
Attorneys for Direct Revenue tried to have the trespass approach thrown out, but a U.S. District Judge allowed it, writing that assertions of the elements of trespass to personal property (interference and damage) by an computer user are legitimate.
Direct Revenue did not admit to wrongdoing in its settlement. However, it called the terms of the settlement "fair and reasonable," agreeing to stop installing software on a computer without consent, not to collect personal information on users, and to help users remove the software.
The impact of Collins' legal precedents on the online advertising business is giving pause to many agencies. Advertisers can now be sued if they know what spyware companies are doing. While litigants would have to prove the advertisers have knowledge, a grey area, and hard for lawyers like Collins to believe they wouldn't know."
Collins' firm is researching new companies to target. "It's the real pressure point of spyware cases. Spyware people live in the shadows. They don't have a reputation they care about. So we'll go after the big ones. Advertisers can't bury their head in the sand. If legitimate advertisers refuse to play with the spyware companies, then the jig is up. We want to go after the biggest companies we can find. The point needs to be made," Collins said.
Companies have multiple options when it comes to advertising online, such as buying ads on websites or paying for placement on search
engine queries to target customers. But many firms also buy ad placements from companies that track users' online activity, sending ads that pop up on a computer when certain URLs are visited.
In this arena, there are legitimate companies and others which are far from it. The latter group will implant spyware on a computer that aggressively generates pop-ups. The reason for this is that greater ad impressions (the number of times an ad is viewed), mean more revenue for the company facilitating the ad.
It's a tough nut to crack, as is figuring out the complex deals between a spyware companies and advertisers. The dumbed-down explanation is that an advertiser makes an arrangement with a marketing company to advertise across the Internet. The marketing company, which may or may not be a provider of spyware, gets paid when a user clicks on an ad.
What sometimes happens is that a marketing company will make additional agreements with software distributors and affiliate companies. These new partners could include firms that place spyware on a computer, and could also receive a percentage of money if an ad is clicked.
While it's conceivable that advertisers don't know about those secondary agreements, according to security experts who believe spyware has gotten out of hand in large part because of the complicated nature of these affiliate programs, legal opponents are skeptical.
Collins is ramping up his fight in a new case, using the trespass argument in trying to determining whether victims of spyware can band together as a class. The action suit against 180solutions, based in Bellevue, Wash., is in the discovery stages.
"With [the theories being approved] you can win a case. But can people sue collectively? If the court says yes, anyone can be part of the class," he said.
Collins alleges in his suit that 180solutions has infected more than 20 million computers, while maintaining complex business relationships with upwards of 6,000 advertisers, dozens of Fortune 1000 companies among them.
Steve Stratz, a spokesman for 180solutions, conceded that his company's software can be found on 20 million computers, but insists it is not a spyware firm. Because customers allow the software to be downloaded, he says it's perfectly legitimate and legal.
"We have gone through rigorous testing to make sure our customers know what they are downloading. We believe the case is completely off base," he said.
-- Wayne Terrance
