Washington settles yet another spyware lawsuit ("Popup Padlock").  Previous settlement ("Spyware Slayer") here.  [See also ongoing MSFT anti-spyware efforts here.]

I've been meaning to post about (summarize) Washington's spyware statute – with little success.  Then it occurred to me that rather than summarizing the statute, I could speculate on what the spyware statute should contain.  I came up with the following list of what it should prohibit:

1. any automatic download mechanism (which "phones home") that the end user has not consented to after clear and conspicuous disclosure;
2. any non-transactional collection of personal information that the end user has not consented to after clear and conspicuous disclosure;
3. any software program that alters the home page, or other default settings on the end user's computer without the end user's affirmative request (sorry AOL/MSFT/Real, etc.);
4. any software that does not offer one click uninstall (this is clumsy, I admit);
5. any software program which serves "pop-ups," "pop-unders," or other similar advertisements that do not allow for a clear mechanism to disable with one click.

These are the basic ideas.  You can see Washington's clear and concise spyware statute here (RCW 19.270.020), here (RCW 19.270.030), and here (RCW 19.270.040).  It is unclear to me after an initial read as to whether it can be enforced by private parties or just by "the attorney general, or a provider of computer software or owner of a web site or trademark who is adversely affected" by prohibited practices (RCW 19.270.060).

As to the enforcement actions linked above, they seem to involve standard issue consumer protection (misleading marketing) violations -- i.e., ones which did not need to rely on the spyware statute.  Nevertheless, the AG's PR efforts will probably have the intended effect.