On my way back from EICAR I had the opportunity to stop in to the Computers Freedom & Privacy Conference in Washington DC and participate in a panel discussing the responsibilities of an adware provider. From the few sessions I was able to attend it looked to be a great conference- one that I'll try to attend in full next year. The panel I participated in was moderated by Eric Goldman - a law professor at Marquette University. Joining me on the panel was Ari Schwartz of CDT and the Anti-Spyware Coalition, Vishant Shah of CSIA as well as the general counsel of an adware company. Eric posed some great questions such as "When are advertisers responsible for adware vendors’ acts, and what steps do you think advertisers should take to satisfy this responsibility?" and "When do we know that users actually consented to install software on their computers? Specifically, what steps must a software vendor take to make sure users mean to install the software on their computers?". The audience was very engaged in the discussion and while I won't suggest that the questions were answered definitively I do think that some interesting points were raised.
One main item I took away from the discussion is that the industry would benefit from a set of commonly agreed to best practices for software. It would make categorizing software easier and it would also make it easier for software providers to see what types of things they ought to be doing if they want their customers to have a positive experience. Fortunately, best practices is a topic for the upcoming Anti-Spyware Coalition Workshop and meetings in Ottowa next week.