February 8, 2007 11:00 PM PST

Spyware, data privacy bills reappear in House

In October 2004, all but one member of the U.S. House of Representatives voted for a bill that was supposed to curtail the threat of malicious PC-disrupting spyware.

But the Senate ignored it. So the House once again approved spyware regulations in May 2005, which yielded precisely the same lack of a result.

Hoping that the third time proves the charm, House leaders on Thursday introduced a bill that would once again try to impose 31 pages of regulations on the software industry in an effort to define what types of activities are permissible and which ones aren't.

Rep. John Dingell, a Michigan Democrat and the chairman of the House Energy and Commerce Committee, called the announcement "a serious down payment on resolving the scourge of identity theft and related abuse." He promised that legislation would be sent to the House floor "expeditiously."

A legislative fusillade

The House of Representatives saw a flurry of technology-related proposals introduced on Thursday, some almost identical to unsuccessful bills last year. This follows recent announcements on topics including pretexting, data breaches, Net neutrality, image monitoring, and data retention.

Anti-pretexting bill (Sponsors include: Rep. Dingell and Rep. Barton)

Bill to restrict the sale of Social Security numbers (Sponsors include: Rep. Markey and Rep. Barton)

Data breach notification bill (Sponsors include: Rep. Rush and Rep. Stearns)

Spyware regulation bill (Sponsors include: Rep. Towns and Rep. Bono)

Dingell was referring not only to the spyware measure but also to three other proposals announced at the same time: a bill to regulate telephone pretexting, one to curb the sale of Social Security numbers, and one to impose many additional security requirements including data breach notifications on private companies (though not federal agencies).

Taken together, the measures represent a broad and surprisingly bipartisan attempt by House leaders to rewrite many electronic privacy laws. But they still face substantial obstacles in the form of senators who proposed an alternative security breach approach two days earlier, opposition from telephone companies, and fatigue from politicians who recently approved another anti-pretexting bill that President Bush signed into law just last month.

Another political obstacle could be large data brokers that buy and sell personal information on Americans including Social Security numbers, and the police agencies that are their customers and might find some of their data flow drying up. As far back as July 2000, Congress held a hearing on a bill to restrict the sale of Social Security numbers--an idea that died quietly in a Senate committee.

Here's a summary of the four bills introduced on Thursday:

•  Reps. Edolphus Towns (D-N.Y.) and Mary Bono (R-Calif.) announced the so-called Spy Act, which contains extensive regulations on what types of actions software may perform. Resetting the browser's home page is not allowed, for instance, but "good faith" efforts to remove malicious software are permitted.

•  The Data Accountability and Trust Act, sponsored by Reps. Bobby Rush (D-Ill.) and Cliff Stearns (R-Fla.), says that any business that houses personal information must implement specific security practices, including methods for dealing with disposal of "obsolete" information. Like many of the data security proposals that have been circulating in Congress during the past few years, it would also mandate notification requirements in the event of a breach of personal data.

In a letter to Congress on Thursday, representatives from the liberal advocacy groups Consumers Union and Consumer Federation of America endorsed the effort, calling it "a reasonable approach to this alarming problem that will provide consumers with significant protections from the harms that can arise from preventable data breaches." A Washington representative of RSA, part of EMC Corp., also expressed support for the bill, saying it would be better to have one national standard for breach notification rather than a patchwork of state rules.

•  Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) want to make it unlawful to sell or purchase Social Security numbers, an approach also proposed by Sen. Dianne Feinstein (D-Calif.). Exceptions include law enforcement and national security purposes, public health reasons, research for the "purpose of advancing public knowledge," "legitimate" consumer credit verification and emergency situations.

•  Dingell and Barton also are behind the Prevention of Fraudulent Access to Phone Records Act, which targets pretexting of phone records--that is, fraudulent access to them--and would impose sweeping and expensive regulations on telephone companies. They could, for instance, share customer information with third parties, including business partners, only if a customer gave "express prior authorization."

CTIA-The Wireless Association representative Joseph Farren said a law that criminalizes pretexting and received President Bush's signature last month goes far enough.

"The new law will serve as a significant and meaningful deterrent to individuals who would contemplate this criminal trade and feel additional legislation is unnecessary at this time," he said in an e-mail interview Thursday. An AT&T spokesman also expressed skepticism.

See more CNET content tagged:
Rep., social security number, Social Security, bill, regulation


Join the conversation!
Add your comment
noone is protected

<a class="jive-link-external" href="http://privacy.emigrantas.com" target="_newWindow">http://privacy.emigrantas.com</a> - all about web privacy
Posted by darmik2005 (18 comments )
Reply Link Flag
Couldnt Read your website
Why not try white text - your site is totally illegible with that
grey on black. Cheers.
Posted by flashfast (38 comments )
Link Flag
3 strikes and you're out!!!
It wasn't approved in 2004 for a reason... and apparently that same reason caused it to not be approved in 2005.

Thus this time around... without really changing anything to improve it's approval rate... they add other bills which may be of more use and tag them on with the twice turned down bill to try and get it through.

Liberals don't learn do they?

You need a bill with teeth for it to get approved. Trying to add false teeth to it 3 years later doesn't really do the job.

Posted by wbenton (522 comments )
Reply Link Flag
Government Accountability
It is horrible to even have the thought of people selling our social security numbers. The problem is how many groups are accidentally giving it away for free.

The story seems promising until I reached a specific line, "one to impose many additional security requirements including data breach notifications on private companies (though not federal agencies)"

How it is possible that they would make the restrictions for companies yet not include government agencies. Does this mean that state schools will not be included also, because there is a state school with data loss every week almost.

Government is a frequent perpetrator of data loss and should be held just as accountable as companies. Here is a list of government related security breaches in the past month

<a class="jive-link-external" href="http://www.nbc4.com/news/10983140/detail.html" target="_newWindow">http://www.nbc4.com/news/10983140/detail.html</a>
<a class="jive-link-external" href="http://www.fortwayne.com/mld/journalgazette/16667910.htm" target="_newWindow">http://www.fortwayne.com/mld/journalgazette/16667910.htm</a>
<a class="jive-link-external" href="http://www.iwantmyess.com/?p=163" target="_newWindow">http://www.iwantmyess.com/?p=163</a>
<a class="jive-link-external" href="http://www.iwantmyess.com/?p=161" target="_newWindow">http://www.iwantmyess.com/?p=161</a>
<a class="jive-link-external" href="http://www.iwantmyess.com/?p=153" target="_newWindow">http://www.iwantmyess.com/?p=153</a>
Posted by MD525 (22 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.