Spyware bill reintroduced in Congress

IDG News Service - Spyware legislation that would allow fines of up to $3 million for makers of software that steals personal information from a user's computer or hijacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004.
Rep. Mary Bono (R-Calif.) reintroduced an antispyware bill yesterday that passed the House of Representatives last year but failed in the Senate. The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, defines most functions performed by so-called spyware as unfair business practices subject to U.S. Federal Trade Commission fines.
Bono said in a statement that she expects the bill to sail through Congress this year. The measure passed the House in October on a 399-1 vote.
"The SPY ACT was introduced because we feel that consumers have the right to know and be protected when they are downloading software that has the ability to collect and transmit personal information," Bono said. "From its original introduction, the SPY ACT has evolved through a tremendously collaborative bipartisan effort to what we feel is strong and sound legislation. We ... are confident that this year we will see a spyware bill in the law books."
The SPY ACT would require a user's permission before software is downloaded onto a computer. It ran into objections from software vendors, who suggested that it could force them to notify users every time software scans their machines for updates. The SPY ACT also would prohibit unauthorized software from changing a browser's default home page, changing the security settings of a computer, logging keystrokes and delivering advertisements that the computer user can't close without turning the machine off or ending all sessions of the browser.
The bill Bono introduced is the same one passed by the House, except for a one-year extension in the bill's sunset clause, from December 2009 to December 2010. An earlier version of a Bono spyware bill, introduced in July 2003, sought to broadly prohibit spyware and defined it as "any computer program or software that can be used to transmit from a computer, or that has the capability of so transmitting, by means of the Internet and without any action on the part of the user of the computer to initiate such transmission, information regarding the user of the computer, regarding the use of the computer, or that is stored on the computer."
Some software vendors, including those that market antivirus update software, objected that the definition was overly broad and could make their services subject to fines.Some technology companies continued to call the amended version of the bill too broad, but authors of the amended version attempted to address concerns that the original bill outlawed a type of technology instead of outlawing bad activities.
Some consumer and privacy advocates supported the bill, however. The Center for Democracy and Technology, a civil liberties group, supports the bill's penalties, said Ari Schwartz, the center's associate director. "It would be a lot easier to get the message out in terms of deterrence," he said.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.