Wednesday, May 25, 2005

Two spyware bills pass U.S. House

infoworld.com
Two spyware bills pass U.S. House
Spy Act and I-Spy Act seek to protect personal information

By Grant Gross, IDG News Service
May 24, 2005

WASHINGTON - Two bills focusing on spyware overwhelmingly passed the U.S. House of Representatives late Monday, including one that requires many software programs collecting personal information to get permission before doing so.

The Securely Protect Yourself Against Cyber Trespass Act, or Spy Act, also would outlaw the act of taking over a computer in order to send unauthorized information or code, and diverting a Web browser without the permission of the computer owner. The bill, which passed the House by a vote of 393-4, prohibits Web advertising that computer users cannot close "without undue effort" or without shutting down the computer, and it prohibits collecting personal information through keystroke logging.

A second bill, the Internet Spyware Prevention Act, or I-Spy Act, sets jail terms of up to five years for a person who uses spyware to access a computer without authorization and uses the computer to commit another federal crime. The I-Spy Act also would allow a jail term of up to two years for a person who uses spyware to obtain someone else's personal information or to defeat security protections on a computer with the intent of defrauding or injuring the computer owner.

The I-Spy Act, sponsored by Virginia Republican Representative Bob Goodlatte, passed the House by a vote of 395-1. Both bills would have to pass the U.S. Senate and be signed by President George Bush to become law. Both bills passed the House in October, but failed to make it through the Senate.

The Spy Act, sponsored by California Republican Representative Mary Bono, would allow fines of up to $3 million for spyware-like activity such as delivering unauthorized software to a computer or hijacking a Web browser. Security software updates are exempted from the Spy Act.

Unlike an older Bono bill, this version of the Spy Act doesn't attempt to define spyware, but outlaws several actions commonly associated with spyware.


An earlier Bono spyware bill, introduced in July 2003, broadly prohibited and defined spyware. Some software vendors, including those that market antivirus update software, objected that the definition was overly broad and could subject their services to fines.

Microsoft issued a statement praising both new bills as providing "important tools in the battle against spyware and other deceptive software." But Microsoft (Profile, Products, Articles) also called for the Senate to include language that would protect vendors of antispyware software from lawsuits by companies distributing spyware. Two antispyware companies have been sued by firms asking that their software not be removed from users' computers, with Claria, a distributor of pop-up advertising formerly known as Gator, filing a lawsuit against PC Pitstop in September 2003. This year, Claria also asked Computer Associates (Profile, Products, Articles) International to stop its PestPatrol software from deleting Claria ad-targeting software, but CA refused.

Microsoft released its own Windows AntiSpyware software in January. "In its current form, these bills leave companies that are responding to consumer demand for strong antispyware tools vulnerable to frivolous lawsuits brought by the very companies responsible for the proliferation of spyware and other deceptive software," Jack Krumholtz, managing director of federal government affairs for Microsoft, said in a statement.

Others, including the libertarian think-tank Cato Institute, have opposed the spyware legislation, saying it's unneeded because the U.S. Federal Trade Commission (FTC) already has the authority to seek fines for deceptive business practices.

The new version of the Bono bill requires that creators of software that collects personal information get permission from computer users before installing the software. The consent requirement, however, has an exemption for Web sites tracking their own pages visited. The bill also gives the FTC authority to allow some software vendors to ask for permission only once, not every time their programs access a computer.

Bono's bill would also preempt any state spyware laws.

"As this nation continues to push towards a global e-commerce marketplace, spyware stands to undermine the security and integrity of e-commerce and data security," Bono said in a statement. "Daily web activities by consumers have become stalking grounds for computer hackers through spyware. Consumers have a right to know and have a right to decide who has access to their highly personal information that spyware can collect."