next up previous contents
Next: EULAlyzer Up: Some Recent Suggestions for Previous: The Pure Software Labelling   Contents


StopBadware is a database of known ``badware'' (such as Trojan horses4.2, viruses that exploit Web browser vulnerabilities, etc.) and badware-serving Websites. Some large companies and popular software, such as Google and Mozilla's Firefox, use this service to help protect their users against malicious software.

StopBadware is not specifically aimed at improving informed consent, but it provides a service that shows how dissemination of information about the importance of informed consent in information technology situations, and, ultimately, how the quality of software could be achieved to help to improve informed consent. Their mission statement says that they are ``...committed to protecting Internet and computer users from the threats to privacy and security that are caused by bad software'' [StopBadware, 2008b]. They do this by maintaining a database of ``badware'', that is, software that violates their guidelines for good software design. In general, their definition of badware is this:

An application is badware in one of two cases:
  1. If the application acts deceptively or irreversibly.
  2. If the application engages in potentially objectionable behaviour without:
    • First, prominently disclosing to the user that it will engage in such behaviour, in clear and non-technical language, and
    • Then, obtaining the user's affirmative consent to that aspect of the application.''
[StopBadware, 2008b]

There are specific references to informed consent within the guidelines, with StopBadware requiring applications to disclose the installation, origin, function, and any potential ``unexpected or unwelcome'' behaviour of the software, and then seek consent for these. This, indeed, is a very specific example of Faden and Beauchamp's effective consent model, that is, the requirement of disclosure, and then the consent to the terms disclosed (although there are no tests for understanding on the user's behalf). It is with this in mind that I discuss this example, because although it has a large amount of focus on informed consent, it doesn't actually take any steps to improve that flawed consent model, instead, simply requiring an End User License Agreement and privacy policy to be present and ``written in as understandable a manner as possible''.

Thus I use this example as a more general example of how a better model of informed consent could be instituted: the StopBadware database of badware is very highly regarded and successful, and the organisation has some extremely strong industry backing, with the likes of Google, Mozilla, PayPal, AOL, VeriSign, and Trend Micro as partners, to name a few. The reason it is so successful is because of its integration into Google and Mozilla Firefox. With Google the most popular Internet search engine, and Mozilla one of the more popular Web browsers, this means that a great many users encounter the work of StopBadware. How it works is as follows: if a Website is reported to StopBadware as distributing (knowingly, or unknowingly due to being hacked, for example) badware, it goes into a database which is checked by Google before displaying Internet search results. Google then displays a warning to the user before the user clicks through to the reported Website, stating that ``this site may harm your computer'' [Google, Inc., 2008]. Firefox will also display a warning before loading the Website [StopBadware, 2008a]. Because companies rely on Google placement in search results, the detrimental effect of having a warning placed on their Website impacts their business, and thus effects change in their behaviour. StopBadware has a ``clearinghouse'' of many software applications and Websites that have improved as a result of this [StopBadware, 2008b].

This shows that there is certainly a way to encourage software vendors and manufacturers to change their behaviour without legislative requirements or the need for a critical mass. Instead, social pressure can be placed on companies through negative publicity, with companies eager to be determined suitable for exclusion from the badware list. StopBadware, Google, and Firefox thus have a significant ability to effect change, and although they mostly target dangerous software, that is, software that would adversely affect the function of the computer, they also require that software display certain positive behaviours through disclosure of information through an EULA and/or a privacy policy. This could potentially go further by requiring certain ways of displaying agreements and policies, or including a labelling scheme similar to Garfinkel's (see section 4.2.1). However, it should be noted that excessive regulation could be detrimental to the project, or that this could be seen as an abuse of power (to negative effect) or as a ``slippery slope'' to other requirements for warning-free display on Google or Firefox. However, so long as it is simply a warning and not a complete restriction mechanism, the potential good should outweigh the slight inconvenience for non-conforming software Websites. Overall, it is a considerably effective delivery mechanism for protection of users from potentially dangerous software on the Internet, and could be used for further improvement of informed consent procedures beyond immediate jurisdictions.

next up previous contents
Next: EULAlyzer Up: Some Recent Suggestions for Previous: The Pure Software Labelling   Contents
Catherine Flick 2010-02-03