House committee endorses SSN limits, antispyware effort

WASHINGTON--A U.S. House of Representatives committee on Thursday unanimously approved a pair of bills that would impose a slew of new regulations in the name of spyware crackdowns and new limits on the use of Social Security numbers.

In a meeting that lasted scarcely 10 minutes and was void of debate, the House Energy and Commerce Committee paved the way for amended versions of the controversial Spy Act and the Social Security Number Protection Act to go to the full House for a vote.

Rep. John Dingell (D-Mich.), the committee's chairman, said both bills "strike a blow" in a fair and balanced way against what he called the "scourge" of identity theft.

The Social Security number bill, chiefly sponsored by Rep. Ed Markey (D-Mass.), prescribes new rules, to be issued by the Federal Trade Commission, that would generally bar the sale or purchase of Social Security numbers and allow state attorneys general to sue for civil penalties of up to $11,000 per violation.

The ban on trafficking in the identifiers would not be absolute, though: The bill asks that exceptions be considered for a number of purposes, including law enforcement, national security, public health, emergency situations and research "for the purpose of advancing public knowledge."

The bill would also prohibit display of Social Security numbers on any Web site that is generally accessible to the public or on any membership or identity cards, and it would make it unlawful to require that the numbers be used to log into accounts.

Those restrictions are a good move, albeit one that many corporations and universities are already adopting, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. But he said he believed the bill leaves "too many exceptions" on the numbers' sale and purchase. He also voiced disappointment that the measure would pre-empt all state laws, which, by his estimation, have been "taking the lead" on protecting privacy regarding Social Security numbers.

The newly approved antispyware bill also continued to draw reservations from online advertisers concerned it could unwittingly threaten their business models.

The Spy Act, among other things, attempts to make it unlawful to engage in various means of "taking control" of a user's computer, to collect personally identifiable information through keystroke loggers, and to modify a user's Internet settings, such as the browser's home page. It also includes a broad prohibition on collecting information about users or their behavior without notice and explicit consent.

Online advertisers and marketing groups have sharply opposed that requirement, arguing it would unintentionally threaten the viability of Web sites that rely on cookies and other tactics to target ads and to provide free content to their users. Although the bill says it exempts cookies from that notice requirement, the industry has argued that new, non-cookie technologies down the pipe could be threatened by the bill.

The politicians refused to strip that provision in an amendment approved Thursday, opting instead to direct the FTC to study the issues it raises. (Law enforcement and national security activities, and software intended to prevent fraud would also be exempt from the notice requirements.)

Mike Zaneis, vice president of public policy with the Interactive Advertising Bureau, said in a telephone interview that the changes to the bill didn't satisfy the industry's concerns. The fundamental problem with the approach the bill takes, he suggested, is "we're not going to be able to predict and carve out all these new technologies that don't make sense to regulate."

The Spy Act is the second antispyware bill that House committees have passed in recent weeks. A dueling measure, approved last week by the House Judiciary Committee, proposes up to five years in prison for malicious spyware-related activities. It has been applauded by high-tech companies because it does so in a way that does not attempt to regulate the technology involved, but focuses instead on punishing shady actions.

Although they have won overwhelming approval from politicians in previous congressional sessions, it's not clear that either of the antispyware measures is necessary. The most worrisome forms of spyware already are illegal, as demonstrated by civil cases brought by the FTC and criminal prosecutions brought by the U.S. Department of Justice.

[suyts]

A step

in the right direction, however, I take acception to some of the exemptions. I'm forced to have a SS#. In many ways it defines me. In this country, we should not have to respond to the command, "Your papers, please."