Perp Sued After 10 Million Trespasses

by Uriel Wittenberg (uw@urielw.com)

April 29, 2005

The perpetrator was a publicly traded corporation, so law enforcement had to move gingerly. The free press had also shown exceeding caution, though the duplicitous and anti-social nature of the violations was obvious.

But finally, New York Attorney General Eliot Spitzer stepped into the breach. After a six-month investigation, Spitzer filed a lawsuit on April 28 against Web marketer Intermix Media (formerly eUniverse) charging the company with being a source of adware and spyware programs.

According to Spitzer's office, Intermix or its agents were secretly installing spyware onto consumers' computers from at least 10 Web sites. Spitzer said "tens of millions" of downloads have occurred, including more than 3.7 million in New York.

Intermix owns and operates such Web sites as mycoolscreen.com, cursorzone.com and flowgo.com. Consumers were enticed by offers of free downloadable screensavers, screen cursors and games. These downloads would also secretly install other programs which would:

  • deliver pop-up ads;

  • override attempts by the user to visit certain Web addresses, instead redirecting the user to an Intermix-owned search engine;

  • embed advertising toolbars on the PC desktop.

Some computer repair shops blame spyware for more than half the trouble they're seeing. ''Spyware is creating tremendous problems,'' said Tony Thompson of Blue Coat Systems Inc., an antispyware vendor. Help desk technicians ''are getting inundated about complaints of machines running poorly and taking a long time to boot up.''

Spitzer's suit also charged that Intermix undertook significant measures to protect the programs it secretly installed, hiding the applications in places on computers where they would be hard to find and sometimes making the software impossible for people to remove.

Who is guilty?

Well, that's an embarrassing question.

New York Times technology columnist David Pogue discussed spyware in a March 3, 2005 column, Spyware in the Caribbean, but no culprits were named. I subsequently raised the question in a post to the Times discussion forum for Pogue's columns:

Spyware's Respectable Accomplices: Who?!

Who are they?! Spyware isn't going to affect so many people if it isn't carried by corporate websites purporting to offer useful downloads. Download.com was mentioned in the article. Are they accomplices? What about PC World and other magazines?

That is the #1 spyware issue, but DP's piece steers clear of it.

What's depressing about the mainstream media is its extreme fear of offending important people. Of course the NYT does once in a while screw up its courage and take on some bad guys. But I imagine there's an elaborate approval process involving complex calculations of tradeoffs and signoff by dozens of senior execs.

Obviously, if Download.com and PC World make it their business to offer downloads, they are capable of equipping themselves with the expertise to determine whether their offerings carry hidden spyware that will hobble their customers' computers.

Maybe, if we little people could get the TRUTH once in a while, then capitalism would work a little better, and the con artists wouldn't always be the winners.

We have the First Amendment, right? Is there no website somewhere that NAMES spyware's accomplices? Or have the lawyers shut it down?

Unfortunately, I don't believe anyone answered my questions.

With Spitzer's lawsuit and the resulting news coverage, a bit of light has now been shed. But only a bit.

We now know about Intermedia itself, of course. The news coverage in the wake of Spitzer's lawsuit also mentions that CNET Networks Inc. has decided (presumably because of the lawsuit) to announce that it is removing nearly 600 programs from its popular Download.com service under a new ban on ''adware,'' or software for distributing advertising. CNET already had a ban on spyware. (Scott Arpajian, senior vice president of Download.com, would not identify the programs removed, citing privacy concerns.)

There is also a mysterious, unexplained sentence in one of the news stories ("New York Sues Internet Marketer Over 'Spyware,'" by The Associated Press, New York Times, April 28, 2005):

The advertisers, which include Fortune 500 companies, aren't targeted.

This seems to mean that some Fortune 500 companies not only use spyware to promote themselves, but also make sure the spyware doesn't infect their own computers (as it infects those of their potential customers).

But if you were curious to know who those companies are, too bad.

The law

Government inquiries into such practices have been rare, said Ben Edelman, a Harvard University researcher who studies spyware. Last year the Federal Trade Commission brought suit against two companies that made false claims to induce users to install their programs, he said.

And yet, prosecutors do have tools to fight such crimes, at least in some states. It's not extremely clear why companies have been free to openly flout the law. (There are surely other offenders besides Intermix.)

Intermix is accused of violating New York State's General Business Law, which prohibits false advertising and deceptive business practices, as well as New York's common law, which has prohibitions against trespass, according to state officials.

The suit seeks to prevent the company from installing spyware or adware; an accounting of all revenues made on those products, which investigators said was "in the millions" of dollars; and penalties of $500 for each act of illegally attaching such software onto a computer's hard drive.

Congress is scheduled to vote at any time on a proposed anti-spyware bill, but similar legislation failed to pass through the senate in 2004.

Intermix's response; suit's effect on stock price

In a statement issued in response to the New York lawsuit, Intermix said it does not "promote or condone spyware" and claimed that its reputation for being a broker of such programs dates to an earlier time in its history.

Intermix said that it no longer downloads software onto computers without notifying people that it is doing so. However, it said in its statement that it only ceased distribution of the applications at issue in the lawsuit earlier this month, when the Spitzer investigation was nearly complete.

"While the applications and technology at issue in this case, and related standards of business conduct, are continually evolving, Intermix has always been committed to protecting consumer privacy."

I took a look at the company's website. Seeing nothing suggestive of lawsuits on the homepage, I clicked a link labelled In the News. At time of writing, this produces, bizarrely, an image of a man absconding:

run run run

Otherwise, under an "In the News" heading below the image, there are only the dubious words: "Coming soon."

As for the company's stock price, "[it] has halved since it became public two weeks ago that Spitzer was investigating," said John Tinker, an equity research analyst.

Info above drawn from an overlapping set of 5 articles at New York Times website dated April 28-29, 2005. Portions of the articles incorporated into text above.

NOTE: Those 5 articles are confusing in that they shed no light on the basic point regarding how "spyware" spies on people, or indeed why the term is used. A 1999 Times article is considerably clearer: Cursor Software Monitors Customers.

Home