May 22, 2007 12:10 PM PDT

House passes more tech-friendly antispyware bill

In their third effort to enact a federal law targeting spyware, members of the U.S. House of Representatives on Tuesday overwhelmingly approved criminal penalties aimed at anyone implanting certain types of malicious software on computers.

The bill, called the Internet Spyware Prevention Act, or I-Spy for short, punishes anyone who intentionally causes software "to be copied onto" a computer--and damages it or steals personal information--with fines and up to five years in prison.

Tuesday's voice vote is a political win for the technology industry and its allies, Reps. Zoe Lofgren, a California Democrat, and Bob Goodlatte, a Virginia Republican, who had supported the I-Spy Act over a competing proposal that would have imposed a complex new set of regulations on software makers.

Lofgren, who represents the portion of Silicon Valley around San Jose, said during the floor debate that she was delighted that the bill the House approved "both protects consumers on the Internet and fosters technological innovation."

"Regulation of technology is almost always a bad idea because technology changes faster than Congress can regulate and what we attempt to regulate will morph into something else," said Lofgren, who added that companies in her congressional district supported this approach. Microsoft, Dell, Symantec and online advertisers have previously expressed support for it.

The bill, which was approved by the House Judiciary Committee on May 1, would punish anyone who sneaks code onto computers without authorization in an attempt to "impair" the security protections on a machine, transmit personal information about the machine's user or commit other federal crimes.

But political hurdles remain for the I-Spy legislation.

Even though the House approved some kind of antispyware legislation in 2004 and 2005, the Senate never acted. It's not an uncommon fate for legislation passed by the lower chamber, and it could happen again.

Also, if the House leadership eventually permits a vote on the more regulatory alternative, called the Spy Act, the software industry would face a renewed threat. The Spy Act was approved by the House Energy and Commerce Committee on May 10.

The Spy Act, among other things, attempts to make it unlawful to engage in various means of "taking control" of a user's computer, to collect personally identifiable information through keystroke loggers, and to modify a user's Internet settings, such as the browser's home page. It also includes a broad prohibition on collecting information about users or their behavior without notice and explicit consent.

Industry representatives have said those regulations could threaten Web sites that rely on cookies and other commonly used techniques to target ads and to provide free content to their users.

The most worrisome forms of spyware, however, already are illegal. The Federal Trade Commission has told politicians for years that it already possesses broad authority to punish any fraudulent and deceptive adware or spyware practices with fines, and has sued spyware purveyors in the past. Department of Justice prosecutors have said the same thing about filing criminal charges and have already engaged in prosecutions.

CNET News.com's Anne Broache contributed to this report.

See more CNET content tagged:
regulation, bill, anti-spyware, spyware

1 comment

Join the conversation!
Add your comment
No disclosure = No point
There are already laws imposing penalties for installing software to steal data. This bill provides zero increase in accountability to the software industry while giving all the appearance of doing something productive. Think of I-Spy as the CAN-SPAM of W's second term.

I-Spy will do just as much good and be just as effective against spyware as CAN-SPAM was in stemming the ever-increasing flood of garbage email from reaching your in box. For those of you that have forgotten, CAN-SPAM was much-ballyhooed by Congress and the President when it was passed and signed into law. It also did nothing to slow the amount of spam being sent on a daily basis. In fact, there has been a marked increase in spam since it was passed!

Only by forcing software makers to include a full, plain English disclosure of what is being installed and why will people have any hope of lessening their vulnerability to identity theft.
Posted by ldonyo (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.