Adware and spyware have quickly become targets of federal regulators and state and federal lawmakers. The terms adware and spyware refer to software programs that track and/or transmit computer users’ keystrokes and personal information (including email passwords and credit card information), modify a user’s computer settings, and/or prevent the disabling of certain programs.

Although  some legislators use "spyware" and "adware" interchangeably, the terms refer to two different kinds of software programs. Spyware usually refers to programs that can be used to commit crimes or fraud, for example, copying and transmitting passwords and account numbers to allow someone to hack into an online bank account.  Spyware is usually downloaded onto a user’s computer without his or her knowledge and harvests user-information surreptitiously.

Adware refers to programs that may track a user’s keystrokes and use that information to trigger a pop-up ad related to the word that the user typed.  Some marketers clearly tell users that an adware program will be downloaded onto their computer, but surveys show that many users are not aware when an adware program is installed on their computer.  Many advertisers and marketers use adware programs because they offer the ability to target advertisements or offers very specifically and almost instantaneously to computer users who have expressed some kind of interest in a particular product or service.

Because adware and spyware programs both harvest information from people's computers, consumers and regulators have become increasingly concerned about the proliferation of these kinds of programs and practices. The Federal Trade Commission (FTC) and an Internet education group have recently publicized resources for computer users regarding adware and spyware, providing advice for preventing such programs from being installed on computers and how to identify and remove the programs. 

The FTC also announced that is has filed a complaint against a company that used aggressive spyware programs and tactics -- to sell spyware-detecting products. The FTC alleged that the company’s tactics hijacked computers, secretly changed users’ computer settings, barraged users with pop-up ads, and secretly installed spyware programs on users’ computers. Many users complained that as a result of these practices, their computers malfunctioned, slowed down or crashed. The FTC charged the company with engaging in unfair acts and practices, and is seeking an injunction barring these practices and reimbursement for the cost of its investigation. Stating, “This is our first spyware case, but it won’t be our last,” the FTC has made clear its intent to “put purveyors of spyware on notice.”

Legislators are also heeding voters’ calls to reign in adware and spyware. Last month, California enacted a law, the California Protection Against Computer Spyware Act, that prohibits installing software on a California user’s computer that modifies certain settings, collects information through deceptive means, prevents efforts to disable such software, takes control of a computer, and disables security or anti-spyware software. The law allows individuals and the Attorney General to enforce it and provides civil penalties. (Utah also enacted a bill limiting spyware and adware, but a Utah court declared the law unconstitutional.)

Federal legislators are considering an anti-spyware bill as well. H.R. 2929 prohibits using subterfuge or misrepresentation to take control of or modify a computer without authorization. The bill also prohibits transmitting a user’s personal information to another location unless specific notice is given. The bill would authorize the FTC to enforce the law and provides for penalties that could exceed $1 million.

The California law and the federal bill target individuals and companies who use deceptive means to install software programs on users’ computers, and each provides certain exceptions.

Marketers who want to use adware should consider providing clear and conspicuous notice to users before installing programs on users’ computers. In addition, marketers might  offer users a chance to opt-out of having such programs installed on their computers. If the federal bill is enacted, marketers would need to comply with the specific directions for what kind of notice must be given if the marketer is using the type of adware program that are described in the bill.

Terri Seligman is a partner in the Advertising and Promotions Law Group at Loeb & Loeb LLP. Read full bio. Jill Westmoreland, an attorney at the firm, contributed to this article.