March 15, 2007 3:27 PM PDT

Politicians press for antispyware law yet again

WASHINGTON--Members of the U.S. House of Representatives vowed Thursday not to let a bill aimed at curbing spyware die for a third time.

Leaders of a House Energy and Commerce subcommittee focused on consumer protection issues said they were mystified that earlier versions of the so-called Spy Act overwhelmingly passed the House in 2004 and in 2005 but were ignored by the Senate. Politicians from both parties said they hoped the third time would be the charm.

"Spyware is simply nasty stuff that clogs computers, slows down processing power and is costly to remove," Rep. Bobby Rush (D-Ill.), the panel's chairman, said at a morning hearing here about the proposed legislation.

Rep. Joe Barton (R-Texas), the co-chairman of the full Energy and Commerce Committee, said that unlike some issues, such as Net neutrality, "there's 100 percent unanimity" that antispyware legislation is necessary. "This legislation ought to be an automatic-passage bill," he said.

The latest effort, chiefly sponsored by Reps. Edolphus Towns (D-N.Y.) and Mary Bono (R-Calif.) but backed by many others, would impose extensive regulations on what types of actions software may perform.

Among other things, the proposal would make it unlawful to engage in various means of "taking control" of a user's computer, to collect personally identifiable information through keystroke loggers, and to modify a user's Internet settings, such as the browser's home page.

The bill would also broadly prohibit collection of information about users or their behavior without notice and consent, and it prescribes specific notice requirements. Exemptions from the regulations would go to Web cookies, law enforcement and national security activities, and software intended to prevent fraud.

Previous versions of the bill drew support from a number of high-tech companies, including Yahoo, eBay, AOL Time Warner, Dell, Microsoft and EarthLink, according to Rush and Barton.

But some companies have questioned the necessity of such legislation. Under current federal and state laws, the Federal Trade Commission has already brought 11 spyware enforcement cases, and four states have brought a total of 10 spyware lawsuits, according to research compiled by the Center for Democracy and Technology, which generally supports the bill.

The FTC has also lamented not having the ability to levy large monetary penalties on spyware purveyors. The Spy Act would put in place such an increase, allowing the FTC to seek fines as hefty as $3 million for the most egregious violations.

Online advertisers said they generally support the bill, but they argued that some parts of it go too far beyond combating insidious software. At Thursday's hearing, industry representatives said they remained concerned that its proposed notice and consent requirements, which ask consumers to opt in to have their information collected, could unintentionally threaten Web sites that rely on cookies and other tactics to target ads and to provide free content to their users.

"As all media advertising increasingly migrates to interactive platforms, we are concerned that this bill may unnecessarily limit business interaction with consumers," said Dave Morgan, founder and chairman of New York-based Tacoda, an online advertising company. Morgan was also representing the Interactive Advertising Bureau, of which News.com parent company CNET Networks is a member.

Bono, one of the Spy Act's primary authors, said she "didn't really have a problem with cookies...because anyone with a slight degree of sophistication on the Internet knows how to delete the cookies. That's not hard to do."

Also on Thursday, the Anti-Spyware Coalition released final versions of "best practices" documents for makers of antispyware. The guidelines are designed to help companies identify malicious software and overcome conflicts with each other.

Later on Thursday, Reps. Zoe Lofgren (D-Calif.) and Bob Goodlatte (R-Virginia) reintroduced an identical version of their own spyware bill, known as the Internet Spyware Prevention Act. That bill also passed the House in two previous sessions of Congress but died in the Senate.

It differs from the Spy Act in several ways, including its shorter length. Rather than attempting to define what illicit software is, it would make it a crime to copy computer code on a machine without authorization if doing so divulges personal information about a user or "impairs" a computer's security. It also proposes criminal penalties of up to five years in prison for violators.

Sponsors said the bill is designed to combat spyware without stifling software development or issuing heavy-handed regulations. Goodlatte said in a statement that it would "punish the bad actors while protecting legitimate online companies."

See more CNET content tagged:
bill, legislation, anti-spyware, politician, Rep.

4 comments

Join the conversation!
Add your comment
Re Antispyware Law
Well Gosh, I hope it works as well as the "Can Spam" law from a couple years ago works! Gee, I can feel myself breathing easier already!
Posted by TripleSea (2 comments )
Reply Link Flag
Yeah, you said it
If it's as effective as Can Spam, spyware creators will be suing users for <i>removing</i> spyware from their computers.
Posted by extinctone (214 comments )
Link Flag
Does it actually do what we think/want?
This scares me. I have not read, with the twisty eyed, tounge dripping perspective of a young anxious lawyer, what this bill actually does. The devil's in the wording, as interpereted by lawyers, judges and (gasp!) juries of our peers. I'd really like to see how 'Spyware' is defined, and how it will be explained, and how it will parsed and truncated, sliced/diced/mutated once it is processed and packaged in the fast-food-drive-through lane of our legal system... what the reality will be.
Posted by densbtly (15 comments )
Reply Link Flag
About time - but will it work?
I have no pity on AdWare companies. I just spent two days trying to remove a so-called anti-spyware program called "Pest-Capture" from my daughter's computer. The guys that made this little ditty are already convicted and owing the feds $4 million, but they just change their name and continue. I say make the whole thing illegal not to tell the consumer that they are doing this. However, just like the "do not call list", it won't work because their will be too many exceptions and no teeth.
Posted by jhillendahl (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.