The U.S. Federal Trade Commission has upgraded the content on its public information (about online safety) website, OnGuardOnline.gov:

Since its launch in September 2005, more than 8.5 million visitors have learned about computer security at OnGuardOnline.gov and AlertaEnLinea.gov, its Spanish-language counterpart.  Now, a Web 2.0 redesign allows users to grab and embed games and videos, search for topics on the site, and have a more interactive experience while getting useful tips and information.

There are articles and engaging games on sixteen topics – including social networking, phishing, spam scams and laptop security; plenty of buttons and banners to help you link from your site; free publications you can order; and links to the OnGuard Online partners, who are an important part of the site’s success.

A U.S. Senate hearing was scheduled today to hear testimony on the issue of spyware, with the conversation focused primarily around the Counter Spy Act of 2007, proposed last year by Arkansas Senator Mark Pryor.

The bill provides some very specific definitions of prohibited behavior and grants explicit power to the Federal Trade Commission (FTC) to enforce compliance. It also increases the penalties available to the FTC.

Last year, there was some discussion of this legislation and similar laws that passed the House. StopBadware.org even weighed in with some thoughts of its own.

Taking a current look at the Counter Spy Act raises a few questions in my mind:

1. Does the FTC need explicit legislation granting it additional authority? As of last year, the FTC said no:

Tracy Shapiro, an attorney for the FTC’s Advertising Practices Division, said the federal watchdog would like to see legislation that increases civil penalties against cyber-criminals, but it feels that the new bills could eventually get in its way in bringing accused spyware companies to trial. Section V of the Federal Trade Commission Act remains broad enough to provide for continued prosecution of the most significant offenders, including spyware providers, she said.

2. StopBadware.org has changed its badware guidelines multiple times in just two and a half years, due to ongoing changes in technology and badware practices, as well as an ongoing desire to make sure that we’re “getting it right.” If legislation defines spyware specifically, what happens when a new piece of spyware falls outside that definition?

3. The Counter Spy Act appears to explicitly allow (or at least protect from FTC action under this law) unauthorized installation of software on a user’s computer, so long as that software doesn’t engage specifically in spying or certain advertising behavior. If the government is going to have enforcement authority, shouldn’t it have more discretion?

4. Is stealing social security or account numbers as they’re typed and sending them to a third party covered by this legislation? If so, I can’t figure out how. One provision protects against wholesale keylogging (i.e., capturing every keystroke) and another protects against stealing private information “from the hard drive or other storage medium.” Unless I’m missing it, I don’t see anything about selective capturing of information via keylogging. This helps illustrated point #2.

In general, my opinion is that legislation that grants authority and resources to the government to fight spyware is helpful, but doing it right is really difficult. The FTC has already established some expertise and made use of existing legislation to go after spyware distributors. Maybe a simpler solution, then, would be to provide more funding and perhaps greater penalties without seeking to define a constantly-moving target.

Note: This post has been edited to correct a factual error in the name of the legislation to which Tracy Shapiro of the FTC referred.

The FTC this week reached a settlement with the owners of AdultFriendFinder.com over misuse of pornographic pop-up ads. The ads covered users’ full screens and showed pornographic content to users of search engines, including many who had never requested an explicit site. According to the FTC’s statement, some of the ads were distributed through badware.

As part of the settlement, the company behind AdultFriendFinder.com has committed to require consent before showing ads or sexual content. The company must also weed out any of its affiliates who don’t do the same, making it harder for them to pass the buck if there is future abuse.

The FTC’s statement says the practice of displaying explicit ads without consent is a violation of the FTC Act, but does not specify whether the core violation is of consent to being shown ads, consent to being shown sexually explicit imagery, or both.

Yesterday, StopBadware hosted a Spyware Roundtable conversation in Washington, DC, gathering leaders in spyware research and policy to discuss emerging trends and potential remedies to badware threats.

With Federal Trade Commissioner Jon Leibowitz in attendance, much of the conversation centered on ways policy and legislation could better help the FTC keep spyware purveyors at bay. The FTC favors legislative solutions that would enable it to fine spyware purveyors.

The Roundtable was chaired by StopBadware co-director John Palfrey, Center for Democracy & Technology deputy director Ari Schwartz, and Ron Teixeira of the National Cyber Security Alliance in celebration of October as National Cyber Security Awareness Month.

You can read more about the Roundtable discussion at PC World and at CNet News.