Last week the Federal Trade Commission announced a consent agreement with Advertising.com, covering the distribution of adware. The consent order directs Advertising.com to stop marketing adware software bundles unless it adequately discloses to consumers that downloading the software will result in their receiving advertising. On its face the consent order seems to be a heavy blow against adware, but closer analysis suggests the order may serve as a blueprint to distributing adware without breaking the law and actually lead to a jump in this form of advertising.
Adware is software that, when installed on a computer, collects information about a user’s surfing in order to deliver advertising targeted at the user’s interests. Because adware distributors apparently do not expect computers users willingly to install software that will track their behavior, the adware is bundled, typically with some other purportedly useful software such as a file-sharing program or Internet security program. When a user downloads the useful software, the adware program is automatically downloaded and installed on the user’s computer.
What’s the problem? It’s that in many cases the distributors have not disclosed that adware is included in the software bundle that users are receiving for free in exchange for viewing advertisements. The FTC has accused Advertising.com, for one, of doing precisely this. According to the FTC’s complaint against Advertsing.com, the company did not disclose that its SpyBlast Internet security program, which ironically was offered as a protection against computer security threats, was bundled with adware.
Although the consent order is specific to the facts of the Advertising.com complaint, the FTC expects other distributors of adware will use it as guidance. Adware has been criticized on a number of grounds, including that it collects sensitive, private information about users’ web surfing, that the pop-up ads are annoying and can slow computer performance, and that it is often installed on users’ computers without their knowledge or consent. Interestingly, however, the FTC in its consent agreement with Advertising.com seems concerned only with the company’s failure to give notice to users of the adware bundling before they downloaded the SpyBlast software. In its accompanying analysis of the order, the FTC clearly states that “the problem here was not the security software . . . disseminated with its adware.” Nor does the FTC criticize the adware itself. The FTC’s sole requirement on the distribution of adware is the disclosure, “clearly and prominently, that consumers who install the program will receive advertisements.” The FTC in this order does not even require disclosure of the adware’s collection of information about users’ web surfing.
Like the CAN-SPAM Act’s effect on spam, the FTC’s enunciation of a policy may in fact open the floodgates to adware. Prior to the passage of CAN-SPAM, unsolicited email languished uncertainly between annoying and illegal. With CAN-SPAM, the rules became clear. Provided that the Act’s requirements were followed, unsolicited email is now clearly legal. Rather that cutting down on spam as many had expected, CAN-SPAM appears to have done just the opposite, encouraging an explosion in email advertising.
Similarly, the FTC’s consent agreement with Advertising.com has now set the standard, and a particularly low standard at that, for how to legally distribute adware. While many may hope that the Advertising.com order will be a fatal blow to adware, the effect may be instead to give new life to adware bundling. Do not be surprised if this order does not mark the end, but rather the beginning, of the adware age.