The Democrats introduced legislation into parliament last week that would see anyone convicted of installing spyware or cookies on computers without user permission face imprisonment of up to two years. IT spokesperson Brian Greig said the Spyware Bill 2005 was not designed to ban spyware or other unauthorised installations, but to require companies to obtain permission from the owner of the computer before proceeding.
However, a spokesperson for the Minister told ZDNet Australia that many of the activities described under the legislation were covered by existing Australian laws.
Several items were not properly defined in the Bill, including the term 'spyware' itself, she said.
She said Greig's Bill was based largely on two principles: requiring "the consent of the user and that the software does not conceal what its intentions are from the user". However, she said, "neither the principle of 'consent' nor 'conceal' are defined anywhere in the legislation."
She also said that "although the Australian Communications and Media Authority (ACMA) is included in the definitions it is not referred to anywhere else in the Bill".
The Bill outlines punishments of six months to two years imprisonment for breaches. However, the Minister's spokesperson claimed the document "does not contain any enforcement provisions".
Many of the requirements, she said, "may impose a large burden on the industry and consumers. The Bill also has massive expectations for the level of assumed consumer knowledge".
The Spyware Bill specified that "no program or cookie or any other form of tracking device is to be installed on any computer without the user of that computer being given full and clear information as to the purpose of that computer or tracking device."
It also stated that "any such warning must include details of any effect the program will have on the computer and what, if any, data will be gathered, who will have access to that data and what use will be made of it."
"After the user has been given all necessary information, the user will retain full control with the need for a separate authorisation before installation. Furthermore, once installed, each program or monitoring or tracking device must make it easy for the user to completely remove or uninstall it".
A spokesperson from IT shadow minister Stephen Conroy's office said he could not comment on the bill until he had inspected it in the next sitting of parliament.