Spyware Bill Would Punish Offenders

Congress is trying to come to grips with the changing face of technology and its impact on privacy and digital-age criminal activity.

On Thursday, despite widespread criticism from a number of technology companies, the House Energy and Commerce Committee moved to recommend by a 45-4 vote the Safeguard Against Privacy Invasions Act and Securely Protect Yourself Against Cyber Trespass Act (commonly known as the Spy Act), opening the possibility for the full House of Representatives to vote on it.

Endorsed by California Republican Representative Mary Bono, and 28 co-sponsors, the 21 page Spy Act (H.R. 2929) would target certain types of software applications that are typically installed on user's computers without their knowledge or consent; secretly monitoring their activities and displaying unsolicited advertising while often reporting user demographics back to the software's creator. This type of malicious software can often bypass anti-virus software, then modify browser settings, log keystrokes, and can take complete control over the user's computer.

After the successful vote, Bono commented that "I feel that we have fashioned a bill that is strong enough to protect consumers from spyware-related privacy invasions without impeding the growth of technology."

Superceding state laws and conferring enforcement power to the Federal Trade Commission (including the ability to sue violators), tech industry lobbyists attempted to derail the vote, arguing that the wording was overly broad, and would negatively impact legitimate applications.

The Information Technology Association of America, opined in a letter to Congress that the "current bill will generate a veritable blizzard of legally mandated pop-up notices that only a lawyer would love," adding that the proposed restrictions would hamper a software makers ability to "update, renew, and monitor programs residing on the computer user's system."

Robert Holleyman, president of the Business Software Alliance which includes Microsoft, Apple, Adobe and Symantec, commented that the Spy Act "calls for one uniform notice and consent screen for virtually all software. This requirement will not help consumers distinguish between legitimate software and software that uses personally identifiable information for reprehensible ends."

Even the FTC, which the bill would make responsible for enforcement, doesn't think the current wording is in consumer's best interest; warning Congress that the Spy Act would hinder certain legitimate software applications, and that existing laws allowed egregious violators to be prosecuted.

In light of these facts, a new proposal, dubbed the Internet Spyware Prevention Act (ISPA), was also introduced Thursday by Virginia Republican Bob Goodlatte, California Democrat Zoe Lofgren and Texas Republican Lamar Smith. Differing from the Spy Act approved by the House Energy and Commerce Committee, the ISPA would not limit what software may or may not do on a user's system, but would make it illegal to install any unauthorized software that reveals personal information or violates computer security systems, and would provide up to two years of jail time for offenders.