Utah judge freezes anti-spyware law - News - ZDNet
I do think that temporarily enjoining the Utah law and permitting the WhenU case to proceed to trial is a small step in the right direction. Not because I believe that the Utah’s Spyware Control Act has no scope of doing any good, and not because it has anything to do with WhenU but because state level spyware regulation on the whole might not be the best approach.
Each state law might establish their own notice and consent requirements in an effort to regulate spyware. Such an approach in the US would mean that online businesses would have to navigate through a minefield of complicated legislations to determine how one can fine tune privacy policies and online business practices to ensure compliance. Online businesses would therefore be compelled to comply with the most stringent regulations and adopt extensive measures that are not user-friendly and would require users to sift through various policy statements and disclosures while on the Internet. This could ultimately result in reducing the efficiency of the Internet and would have a negative impact on consumers, instead of protecting them.
Further, the internet is a global medium of communication without geographic borders and state-level attempts to regulate activity on the internet will have overbroad enforcement implications. Another good reason for resolving this issue at the Federal level is because the Constitution gives the authority to regulate Internet commerce to Congress. Utah's attempt to regulate the entire Internet seems to exceed its authority under the Constitution. Similar state attempts to regulate the entire Internet have been found unconstitutional in the past (e.g. American Library Association v. Pataki).
However, as I write this, the Federal Spy Act (H.R. 2929) seems to be moving a little too rapidly for comfort. A self-regulatory solution seems out of the question at the moment, but if Federal legislation is the answer, then we definitely need to spend more time to create a legislative proposal that would truly be effective. The issue of spyware raises some fundamental questions that impact the way the US approaches internet privacy regulation. Can a uniform Notice and Consent provision really be the answer to all spyware issues? Would an opt-in or an opt-out regime be more adequate considering the potentially hazardous/annoying as well as beneficial uses of some technology? I think that no legislation can truly combat the spyware threat, unless lawmakers, consumer groups and the industry first think long and hard on how to achieve this delicate balance between what is fundamentally good or bad.
I only hope that an over-zealous effort at the Federal level to find a quick solution does not result in a law that is riddled with drawbacks, which will give people like me even more reason to whine (but who’s listening anyway?).