Legal Action Affecting Anti-Spyware Innovation

Since 2004, Symantec has been hit with six lawsuits involving its definition of spyware. It may not sound like much in our litigious society, but, as it turns out, this makes up about 20% of the company’s legal workload.

In fact, since the middle of 2005 or so, Symantec has had to devote at least one full-time staffer to handle spyware and adware disputes as well as paying for outside consultants.

And similar activity is going on elsewhere.

At Australia-based PC Tools, one of the most recognizable anti-spyware/adware vendors on the planet, the company’s legal department is being hit weekly with cease and desist orders and “letters of demand” from disgruntled companies that feel their products have been wrongly labeled spyware or adware, said Darren Sommers, PC Tools’ general counsel.

“With malware … you’ve got companies making millions and millions of dollars out of spreading their software. So, as a result, they will sue to protect their business model,” said Sommers.

To date, PC Tools has avoided the courtroom by working closely with complainants to resolve the issues at hand.

Still, as with most industries, the potential for hefty legal action has changed the way PC Tools and others in the industry conduct business. And, according to Mark Egan, Symantec’s CIO, this threat is having a chilling effect on the development of new products — particularly among smaller vendors without the resources to defend themselves in court.

In a recent column for CIO Update, Egan states: ” … spyware and adware vendors are also doing their best to keep Internet security solutions providers tangled up in frivolous lawsuits in an attempt to intimidate them from developing and deploying strong anti-spyware technologies.”

“What happens in these cases is that a lot of time folks don’t agree with our assessment; we didn’t make a mistake,” explained Symantec Senior Director of Legal Affairs Joy Cartun. “So you end up going through a litigation process and spending a bunch of money … only to basically come to a realization that all we said about the product was it was adware and this is what we say adware is.”

“Lawsuits always take up resources or make people be more gun-shy,” agreed Keith Crosley, director of corporate communications at messaging security vendor Proofpoint.

As a provider of network gateway solutions, Proofpoint has yet to feel the wrath of companies that believe they have been wronged. But Proofpoint is open to the consequences of its products if, for example, its gateway solution blocks “spam” from a legitimate direct-marketing company doing business legally.

At that point, marketing companies often cry foul based on their First Amendment rights and Proofpoint’s blocking of these rights, said Andres Kohn, Proofpoint’s director of products.

“Typically the spammers, based on free speech, would say ‘I have the right to do this you don’t have the right to block me,'” said Kohn.

This is not the same group of spammers, however, that is sending you all those offers to enlarge different body parts or invest in some land scheme in Costa Rica. That group, as Kohn said, doesn’t like the exposure. “Those people want to keep a really low profile.”

What it comes down to is, if you have to defend yourself from legal action every time your product does what it is supposed to do, then you may not field a product that is as good as it could be, said PC Tools’ Sommers.

“As an industry, it is going to make innovation a little more difficult because you really have to think about every single thing you do and what the legal implications are.”