February 8, 2007 11:00 PM PST
Spyware, data privacy bills reappear in House
- Related Stories
Data breach bills resurface in CongressFebruary 6, 2007
Senator revives data leak proposalsJanuary 11, 2007
Pretexting hearing turns to wireless execsSeptember 29, 2006
Why they say spyware is good for youNovember 7, 2005
Making the wrong move against spywareMay 2, 2005
House approves spyware legislationOctober 5, 2004
FTC officials blast spyware measuresApril 29, 2004
Spyware cures may cause more harm than goodFebruary 4, 2004
But the Senate ignored it. So the House once again approved spyware regulations in May 2005, which yielded precisely the same lack of a result.
Hoping that the third time proves the charm, House leaders on Thursday introduced a bill that would once again try to impose 31 pages of regulations on the software industry in an effort to define what types of activities are permissible and which ones aren't.
Rep. John Dingell, a Michigan Democrat and the chairman of the House Energy and Commerce Committee, called the announcement "a serious down payment on resolving the scourge of identity theft and related abuse." He promised that legislation would be sent to the House floor "expeditiously."
A legislative fusillade
The House of Representatives saw a flurry of technology-related proposals introduced on Thursday, some almost identical to unsuccessful bills last year. This follows recent announcements on topics including pretexting, data breaches, Net neutrality, image monitoring, and data retention.
Anti-pretexting bill (Sponsors include: Rep. Dingell and Rep. Barton)
Bill to restrict the sale of Social Security numbers (Sponsors include: Rep. Markey and Rep. Barton)
Data breach notification bill (Sponsors include: Rep. Rush and Rep. Stearns)
Spyware regulation bill (Sponsors include: Rep. Towns and Rep. Bono)
Dingell was referring not only to the spyware measure but also to three other proposals announced at the same time: a bill to regulate telephone pretexting, one to curb the sale of Social Security numbers, and one to impose many additional security requirements including data breach notifications on private companies (though not federal agencies).
Taken together, the measures represent a broad and surprisingly bipartisan attempt by House leaders to rewrite many electronic privacy laws. But they still face substantial obstacles in the form of senators who proposed an alternative security breach approach two days earlier, opposition from telephone companies, and fatigue from politicians who recently approved another anti-pretexting bill that President Bush signed into law just last month.
Another political obstacle could be large data brokers that buy and sell personal information on Americans including Social Security numbers, and the police agencies that are their customers and might find some of their data flow drying up. As far back as July 2000, Congress held a hearing on a bill to restrict the sale of Social Security numbers--an idea that died quietly in a Senate committee.
Here's a summary of the four bills introduced on Thursday:
Reps. Edolphus Towns (D-N.Y.) and Mary Bono (R-Calif.) announced the so-called Spy Act, which contains extensive regulations on what types of actions software may perform. Resetting the browser's home page is not allowed, for instance, but "good faith" efforts to remove malicious software are permitted.
The Data Accountability and Trust Act, sponsored by Reps. Bobby Rush (D-Ill.) and Cliff Stearns (R-Fla.), says that any business that houses personal information must implement specific security practices, including methods for dealing with disposal of "obsolete" information. Like many of the data security proposals that have been circulating in Congress during the past few years, it would also mandate notification requirements in the event of a breach of personal data.
In a letter to Congress on Thursday, representatives from the liberal advocacy groups Consumers Union and Consumer Federation of America endorsed the effort, calling it "a reasonable approach to this alarming problem that will provide consumers with significant protections from the harms that can arise from preventable data breaches." A Washington representative of RSA, part of EMC Corp., also expressed support for the bill, saying it would be better to have one national standard for breach notification rather than a patchwork of state rules.
Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) want to make it unlawful to sell or purchase Social Security numbers, an approach also proposed by Sen. Dianne Feinstein (D-Calif.). Exceptions include law enforcement and national security purposes, public health reasons, research for the "purpose of advancing public knowledge," "legitimate" consumer credit verification and emergency situations.
Dingell and Barton also are behind the Prevention of Fraudulent Access to Phone Records Act, which targets pretexting of phone records--that is, fraudulent access to them--and would impose sweeping and expensive regulations on telephone companies. They could, for instance, share customer information with third parties, including business partners, only if a customer gave "express prior authorization."
CTIA-The Wireless Association representative Joseph Farren said a law that criminalizes pretexting and received President Bush's signature last month goes far enough.
"The new law will serve as a significant and meaningful deterrent to individuals who would contemplate this criminal trade and feel additional legislation is unnecessary at this time," he said in an e-mail interview Thursday. An AT&T spokesman also expressed skepticism.
4 commentsJoin the conversation! Add your comment