MSPs Still Wary Of Antispyware Bills

Some industry insiders, however, say these bills have gone too far.

The most strident opposition to these antispyware bills has come from MSPs that claim the proposed legislation would curb the very act of network monitoring that constitutes their livelihood. Although a handful of MSPs recently forced changes to the verbiage of antispyware bills in the California State Legislature, many said they still are wary of litigious companies that could use the legislation to sue them and drive them into bankruptcy.

"One of my concerns with these bills is that the language is vague," said Oli Thordarson, CEO of Alvaka Networks, a Huntington Beach, Calif.-based MSP. "All it would take is an aggressive lawyer and MSPs could get into trouble doing something that the user did not authorize."

If anyone has an opinion on this subject, it's Thordarson, who spearheaded the effort to change the wording of the California bill. The bill, formally named the Consumer Protection Against Computer Spyware Act, originally called for a $1,000 fine for installing spyware on a computer in California without giving the recipient notice. It also provided that consumers could take violators to court and sue for damages under laws governing unfair business practices.

After intense lobbying by Thordarson and some colleagues, bill sponsor Sen. Kevin Murray agreed to include language that further defined "consumer" as "any individual who seeks or acquires, by purchase or lease, any goods, services, money or credit for personal, family or household purposes," thereby exempting MSPs from coming under attack.

In other states, however, challenges to similar legislation have not been as successful. Utah's recently passed antispyware law is currently being challenged by adware maker WhenU, which is alleging that the statute is unconstitutional and limits companies' rights to commercial speech.

Elsewhere in the United States, MSPs and solution providers alike said they are worried that their state legislatures may pick up the antispyware banner and enact laws that could infringe upon them, too. Laurence Van Tuyl, vice president of sales and marketing at Full Service Networking, Cincinnati, said the key differentiator between MSPs and malware companies is consent. "In all cases, we receive the user's consent to monitor and/or manage their networks," he contended in an e-mail exchange with CRN. "In no event do we install any software that would meet the definition of spyware as defined in the legislative bills."

Mike Backers, president and CEO of Altoria Solutions, also in Cincinnati, agreed, noting that the key to all antispyware legislation lies in the definitions. "States should take some more time to consider the monitoring of 'devices' rather than 'end users,' " he said. "It should be made very clear through the definitions of the legislation that the owners of the intellectual property, devices and gateways to Internet access should have the rights to protect their corporate assets."

Writing better definitions for antispyware legislation is also on the minds of those at the MSPAlliance in Chico, Calif. The organization has launched a campaign through its Customer Advisory Council to raise awareness of this issue among lawmakers and end users, said Celia Weaver, vice president of business.

While the short-term goal of this effort is to educate both sides on the kind of verbiage that would make better laws, Weaver said the ultimate goal is to eradicate the legal threat altogether. "If the government is so concerned with offshoring, the last thing [it] should do is inhibit technological advancements here," she quipped. "The answer [to the antispyware debate] is to foster the innovations and technological advancements of private enterprises such as MSPs so that they can provide better solutions to the end user."