U.S. House subcommittee approves spyware bill
It would allow $3M fines for illicitly collecting personal data
IDG News Service - A U.S. House subcommittee has approved a spyware bill that would allow fines up to $3 million for collecting personal information, diverting browsers and delivering some pop-up advertisements to computer users without their consent.
The Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), which bears little resemblance to the bill it replaced, would also require software that collects the personal information of computer users to notify the users of its installation, get the users' consent before installation and provide users with easy uninstall options.
SPY ACT was approved by the House Subcommittee on Commerce, Trade and Consumer Protection today as an amendment to a spyware bill introduced last year by Rep. Mary Bono (R-Calif.). Bono praised the amendment, offered by subcommittee chairman Rep. Cliff Stearns (R-Fla.), as making "substantial progress in improving" her bill.
Stearns called his amendment an attempt to outlaw bad actions without outlawing technologies similar to spyware that have legitimate uses, such as parental monitoring software or antivirus software.
An early version of Bono's original bill, called the Safeguard Against Privacy Invasions Act, defined all computer programs that transmit information without action from the user as spyware. But that raised objections from several IT vendors, including antivirus companies. A later draft of Bono's bill, which authorized the Federal Trade Commission to create rules for spyware notice and consent, has several exceptions, including for parental control software, antivirus software and software that scans for license compliance.
"While we have wrestled with numerous and thoughtful definitions of what spyware is or isn't, the simple fact is that everyone has a right to safeguard their personal property and keep unwanted guests out of their homes and private lives," Stearns said. "To me, it all comes down to good manners. When I invite someone into my home, or in this case my computer, I expect them to behave and leave when asked."
The Stearns amendment allows fines of up to $3 million for actions unauthorized by a computer's owner, including hijacking browsers, changing a browser's default home page, changing the security settings of a computer, logging keystrokes and delivering advertisements that the computer user can't close without turning off the computer or closing all sessions of the browser.
The bill requires that computer users be notified and be allowed to give consent before software that collects and transmits personal information is installed on their computers. But the notice provision may not be strong enough, said Ari Schwartz, associate director of the Center for Democracy and Technology in Washington.
Although the bill requires that the spyware notice to be"distinguished" from other notices, the spyware notice could end up buried at the end of a lengthy end-user license agreement, Schwartz said. "Then we end up where we are now," he said. "Can we do a notice provision that won't confuse consumers more?"
SPY ACT is now headed to the full House Energy and Commerce Committee. Bono said she expects the bill to pass through the full committee. "We are one step closer to restoring safety, confidence and control to consumers when using their own computers," she said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts