Spyware bill reintroduced in Congress
It allow fines of up to $3M for spyware software makers
IDG News Service - Spyware legislation that would allow fines of up to $3 million for makers of software that steals personal information from a user's computer or hijacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004.
Rep. Mary Bono (R-Calif.) reintroduced an antispyware bill yesterday that passed the House of Representatives last year but failed in the Senate. The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, defines most functions performed by so-called spyware as unfair business practices subject to U.S. Federal Trade Commission fines.
Bono said in a statement that she expects the bill to sail through Congress this year. The measure passed the House in October on a 399-1 vote.
"The SPY ACT was introduced because we feel that consumers have the right to know and be protected when they are downloading software that has the ability to collect and transmit personal information," Bono said. "From its original introduction, the SPY ACT has evolved through a tremendously collaborative bipartisan effort to what we feel is strong and sound legislation. We ... are confident that this year we will see a spyware bill in the law books."
The SPY ACT would require a user's permission before software is downloaded onto a computer. It ran into objections from software vendors, who suggested that it could force them to notify users every time software scans their machines for updates. The SPY ACT also would prohibit unauthorized software from changing a browser's default home page, changing the security settings of a computer, logging keystrokes and delivering advertisements that the computer user can't close without turning the machine off or ending all sessions of the browser.
The bill Bono introduced is the same one passed by the House, except for a one-year extension in the bill's sunset clause, from December 2009 to December 2010. An earlier version of a Bono spyware bill, introduced in July 2003, sought to broadly prohibit spyware and defined it as "any computer program or software that can be used to transmit from a computer, or that has the capability of so transmitting, by means of the Internet and without any action on the part of the user of the computer to initiate such transmission, information regarding the user of the computer, regarding the use of the computer, or that is stored on the computer."
Some software vendors, including those that market antivirus update software, objected that the definition was overly broad and could make their services subject to fines. Some technology companies continued to callthe amended version of the bill too broad, but authors of the amended version attempted to address concerns that the original bill outlawed a type of technology instead of outlawing bad activities.
Some consumer and privacy advocates supported the bill, however. The Center for Democracy and Technology, a civil liberties group, supports the bill's penalties, said Ari Schwartz, the center's associate director. "It would be a lot easier to get the message out in terms of deterrence," he said.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts