Despite my near-certainty that no Attorneys General nor other political movers and shakers read my missives, I thought I would present the outline of a manifesto regarding adware that might possibly be useful for some realistic form of legislation down the road. Realistically of course, any such legislation would immediately cause a relocation of any corporate presence of adware "providers" away from the jurisdictions in question (presumably offshore), however, a bit of teeth in the legalisms around it might actually force some form of equitable resolution. To be brutally honest about it, some form of legitimate pervasive adware is likely, perhaps not inevitable, but advertisers will do anything to get their message across (been to a movie or a stadium lately?) and while there's still time, the situation should be addressed through strong legislation (sure to be opposed by every marketing constituency) that would make things a bit less onerous on the end user. The science fiction story (was it Heinlein or Asimov?) where advertising robots followed people around ubiquitously and cannot be turned off is a depressing possiblilty if sufficient controls aren't put in place soon.

First and foremost is identity. Any adware producer should clearly identify themselves, not only in any installation attempt, but there should be updated contact information in any adware control panel that will enable anyone to contact the adware provider, either in the business or technical domain. This must be complimented by strong controls on code-signing (are you listening Verisign and other CAs?) that verify the company is who they say they are, that any digital certificates issued to the company are short-lived and that there is an ongoing recertification process by the CA to continue to verify that the holder of any certificate is indeed reachable. This could of course be a win-win proposition, in that it would allow for increased fees to the CA or such other agency that would vouch for the adware provider's identity (perhaps Choicepoint?) , and that any truly legitimate provider of adware would be glad to pay for to establish that it's being constantly vetted. As to the overall economics of the situation, somebody will end up paying those fees (the advertisers of course) and as to whether it would remain economically viable is a matter of conjecture. The stick of course is that whoever issues any identity documents to an adware provider is on the hook for the adware provider's actions, and if they go rogue, the affiant will get hung for any damages incurred.

The matter of identity can't be overstated enough, as any adware component must be clearly indicated with a positive indication to the customer that they are installing adware from XYZ Company, and that they are going to receive adware as part of the bargain in getting whatever else they've been promised. There's been some legal talk here and there that clicking an OK button is indeed an electronic signature indicating affirmative consent, but of course given the penchant for the installers to put phrases such as "Required Update" and the like in bold on the installers, the average PEBKAC will merely click and not think about the consequences. I would think that something requiring an affirmative response would be much more appropriate, for example the technique used by some web sites of presenting a distorted set of letters and numbers that must be keyed in by the user in order to proceed or access content, or for that matter requiring the user to respond to an e-mail, where they would need to click an URL and again affirm their desire to install the adware. Again, win-win situation. The adware guys are protected as they have a record of affirmative actions taken by someone to actually get the thing installed on their PC, the end users have multiple chances to stop any installation, and even just doing nothing will abort it.