RealTime IT News

House Cuts Cookies From SPY ACT

With little fuss and no debate, a House subcommittee today amended an anti-spyware bill to clarify that the legislation does not cover third-party cookies.

H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), prohibits unfair or deceptive practices related to spyware and requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers.

The spyware practices prohibited by the legislation include phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.

At a January hearing on the legislation, concerns were raised that the bill would unfairly target third-party cookies, although lawmakers insisted that was not their intent and expressed their desire to reach a compromise on the issue.

Cliff Stearns
Rep. Cliff Stearns
Source: House.gov

"This amendment otherwise clarifies an excellent bill," said Rep. Cliff Stearns (R-Fla.), chairman of the House Subcommittee on Commerce, Trade and Consumer Protection. "The bill should not penalize authentic use of the technology. It [the bill] does not apply to cookies, including third-party cookies."

First-party cookies are placed from the same domain the user clicks on and are solely used to allow the user to access a Web site, most typically by allowing the site to remember a user name and password. Advertisers, publishers and their service providers use third-party cookies to serve, rotate, target, cap, measure and report on online advertising.

"This is an all-out technology arms race [against bad actors]," Stearns said. "This bill will help us win that race."

The bill permits computer software providers to interact with a user's computer without notice and consent to determine whether the user is authorized to use the software. Network monitoring is also exempted from the provisions of the notice and consent requirements of the bill to the extent that the monitoring is for network or security purposes, diagnostics, technical support or repair, or the detection or prevention of fraudulent activities.

The bill next goes to the full House Energy and Commerce Committee. Chairman Joe Barton (R-Tex.) said he "expects this bill on the floor very quickly." The Senate has yet to hold any hearings on spyware.