RealTime IT News

A Senate Shot at Anti-Spyware

Anti-spyware legislation found new life in the U.S. Senate Thursday when the Commerce Committee approved a bill outlawing a number of activities associated with unauthorized downloads.

The Senate's SPY BLOCK Act criminalizes the unauthorized installation of computer software and requires clear disclosure to computer users of software features that may pose a threat to privacy.

The bill targets three main consumer harms: taking control of a user's computer; software that triggers advertising out of context with the use of the computer; and undisclosed collection of personal information.

"Congress must act to protect the right of consumers to know when potentially dangerous spyware is being downloaded onto their computers," bill sponsor Conrad Burns (R.-Mont.) said in a statement.

"As the SPYBLOCK Act moves forward to the Senate floor, I hope we can continue making it a stronger bill by making sure the private sector has all the right tools it needs to successfully slow the spread of malicious spyware."

Burns' bill identifies a series of unfair and deceptive practices related to spyware , including computer hijacking, spam zombies, endless-loop pop-up ads and fraudulent and false installation.

The bill also bans modem hijacking, which allows spyware companies to charge overseas phone calls to victims and Denial-of-Service attacks, which coordinate computers to attack Web sites.

The legislation also strengthens Federal Trade Commission (FTC) enforcement and gives both the FTC and state attorneys general the authority to enforce provisions of the bill. Additionally, it creates a new section in the criminal code establishing criminal penalties for the unauthorized copying of software to a protected computer.

An amendment to SPY BLOCK by John Sununu (R.-N.H.) would increase civil penalties for violations involving unfair or deceptive acts or practices that exploit popular reaction to an emergency or major disaster.

The U.S. House of Representatives approved its anti-spyware legislation earlier this year.

Known as the Internet Spyware (I-SPY) Prevention Act of 2005, the bill imposes prison terms for intentionally accessing a computer without authorization for the purpose of planting unwanted software.

Under I-SPY, using unauthorized access to a computer to commit a crime is punishable by a fine or imprisonment for up to five years. If the access is used to transmit personal information for the purposes of fraud or damaging a computer, the prison terms can go up to two years.

The House also passed the Securely Protect Yourself Against Cyber Trespass Act (SPY Act), which toughens penalties on spyware purveyors. But it goes much further than the I-SPY Act by imposing an opt-in, notice and consent regime for legal software that collects personally identifiable information from consumers.

Among the spyware practices prohibited by the bill are phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.