Politicians press for antispyware law yet again

Both parties say they hope the third time's the charm for a bill that overwhelmingly passed the House twice already.
Written by Anne Broache, Contributor
WASHINGTON--Members of the U.S. House of Representatives vowed Thursday not to let a bill aimed at curbing spyware die for a third time.

Leaders of a House Energy and Commerce subcommittee focused on consumer protection issues said they were mystified that earlier versions of the so-called Spy Act overwhelmingly passed the House in 2004 and in 2005 but were ignored by the Senate. Politicians from both parties said they hoped the third time would be the charm.

"Spyware is simply nasty stuff that clogs computers, slows down processing power and is costly to remove," Rep. Bobby Rush (D-Ill.), the panel's chairman, said at a morning hearing here about the proposed legislation.

Rep. Joe Barton (R-Texas), the co-chairman of the full Energy and Commerce Committee, said that unlike some issues, such as Net neutrality, "there's 100 percent unanimity" that antispyware legislation is necessary. "This legislation ought to be an automatic-passage bill," he said.

The latest effort, chiefly sponsored by Reps. Edolphus Towns (D-N.Y.) and Mary Bono (R-Calif.) but backed by many others, would impose extensive regulations on what types of actions software may perform.

Among other things, the proposal would make it unlawful to engage in various means of "taking control" of a user's computer, to collect personally identifiable information through keystroke loggers, and to modify a user's Internet settings, such as the browser's home page.

The bill would also broadly prohibit collection of information about users or their behavior without notice and consent, and it prescribes specific notice requirements. Exemptions from the regulations would go to Web cookies, law enforcement and national security activities, and software intended to prevent fraud.

Previous versions of the bill drew support from a number of high-tech companies, including Yahoo, eBay, AOL Time Warner, Dell, Microsoft and EarthLink, according to Rush and Barton.

But some companies have questioned the necessity of such legislation. Under current federal and state laws, the Federal Trade Commission has already brought 11 spyware enforcement cases, and four states have brought a total of 10 spyware lawsuits, according to research compiled by the Center for Democracy and Technology, which generally supports the bill.

The FTC has also lamented not having the ability to levy large monetary penalties on spyware purveyors. The Spy Act would put in place such an increase, allowing the FTC to seek fines as hefty as $3 million for the most egregious violations.

Online advertisers said they generally support the bill, but they argued that some parts of it go too far beyond combating insidious software. At Thursday's hearing, industry representatives said they remained concerned that its proposed notice and consent requirements, which ask consumers to opt in to have their information collected, could unintentionally threaten Web sites that rely on cookies and other tactics to target ads and to provide free content to their users.

"As all media advertising increasingly migrates to interactive platforms, we are concerned that this bill may unnecessarily limit business interaction with consumers," said Dave Morgan, founder and chairman of New York-based Tacoda, an online advertising company. Morgan was also representing the Interactive Advertising Bureau, of which News.com parent company CNET Networks is a member.

Bono, one of the Spy Act's primary authors, said she "didn't really have a problem with cookies...because anyone with a slight degree of sophistication on the Internet knows how to delete the cookies. That's not hard to do."

Also on Thursday, the Anti-Spyware Coalition released final versions of "best practices" documents for makers of antispyware. The guidelines are designed to help companies identify malicious software and overcome conflicts with each other.

Later on Thursday, Reps. Zoe Lofgren (D-Calif.) and Bob Goodlatte (R-Virginia) reintroduced an identical version of their own spyware bill, known as the Internet Spyware Prevention Act. That bill also passed the House in two previous sessions of Congress but died in the Senate.

It differs from the Spy Act in several ways, including its shorter length. Rather than attempting to define what illicit software is, it would make it a crime to copy computer code on a machine without authorization if doing so divulges personal information about a user or "impairs" a computer's security. It also proposes criminal penalties of up to five years in prison for violators.

Sponsors said the bill is designed to combat spyware without stifling software development or issuing heavy-handed regulations. Goodlatte said in a statement that it would "punish the bad actors while protecting legitimate online companies."

Editorial standards