UK: Getting Back To Symantecs: The Battle For Internet Security

Symantec, the internet security firm that develops tools for detecting and removing malicious software such as viruses, adware and spyware, has launched a legal battle against Hotbar.com over Symantec’s right to classify certain Hotbar programs as ‘adware’. Symantec filed its lawsuit in the U.S. District Court for the Northern District of California, San Jose Division, on 6 June 2005.

Hotbar.com produces free toolbars which allow users to personalise their emails and web browsers (for example, by adding animated smiley faces). The toolbars come bundled with software that delivers pop-up ads. This, coupled with Hotbar’s distribution practices, has put it at odds with some internet security firms, who treat the programs as adware.

Symantec’s website describes ‘adware’ as programs that facilitate the delivery of advertising content to the user, and notes that some adware may also operate as ‘spyware’ by gathering information from the user’s computer (such as information about the user’s web surfing habits) and relaying it back to the company, often without the user’s knowledge. The information could then be used to build up customer profiles for targeted advertising. Software developers often object to their products being labelled as adware or spyware, because of the associated bad press, especially as there is no commonly accepted definition of adware or spyware, and many people use the terms interchangeably.

Earlier this year, Hotbar wrote to a number of internet security firms, including Symantec and Sunbelt Software, demanding that they stop classifying Hotbar’s products as adware, spyware or any other type of undesirable programs. However, Symantec and Sunbelt Software insist that the programs are properly classified as adware.

After reportedly being threatened with legal proceedings by Hotbar no fewer than five times, Symantec has seized the initiative and, while it is not seeking damages, it is petitioning for a declaratory judgment affirming that Symantec’s classification of the programs as adware is accurate, and does not violate Hotbar’s legal rights.

This lawsuit shows that the battle between adware/spyware distributors and internet security firms has only just begun, and is extremely important for two reasons. First, it highlights the legal problems security firms are facing in their attempts to define adware and spyware. Some firms avoid these labels for fear that they will be exposed to threats of libel actions from the software producer.

Secondly, if Symantec were to lose its application it may open the floodgates to software developers challenging the right of internet security firms to design products that will screen out programs that have at least some of the attributes of adware or spyware. A nightmare for the internet security firms.

Symantec’s lawsuit will be closely watched by the industry. While legislation in this area is developing, until there is some certainty around what constitutes ‘adware’ and ‘spyware’ security companies will need to be careful about using the terminology for fear of the software developers threatening legal action. In the face of such uncertainty it is no surprise that the "Anti-Spyware Coalition", an alliance of technology companies and public interest groups, is presently undertaking public consultation to define spyware and adware.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.