The Federal Trade Commission (FTC) again warned Congress today that
anti-spyware legislation is unnecessary with the existence of adequate fraud laws
to contend with spyware perpetrators.
FTC Commissioner Orson Swindle, speaking to Capitol Hill staffers at a Cato Institute
luncheon Friday, questioned the need for new laws.
“Our experience at the Department of Justice and at the FTC is that [current] law
is adequate,” Swindle said. “Most, if not all, spyware is executed under a deceptive cloud.
If people are deceived, it’s a deceptive practice.”
The FTC has been skirmishing with the House of Representatives all year over
the need for anti-spyware legislation. In April, the FTC held a spyware
workshop, and concluded
that technology solutions, combined with current deceptive practice laws, would be a
superior alternative to any new laws.
However, regardless of the FTC’s stance, the House went ahead with two anti-spyware bills:
the Spy Act (H.R. 2929)
and the
Internet Spyware Prevention Act of 2004
(H.R. 4661). The Spy Act prohibits unfair or
deceptive practices related to spyware and requires an opt-in notice
and consent form for legal software that collects personally identifiable
information from consumers. The Internet Spyware Prevention Act makes it a crime to intentionally access
a computer without authorization or to intentionally exceed authorized
access.
Both bills are likely to die on the Senate side when Congress reconvenes in
a lame duck session on Nov. 16, but anti-spyware advocates in the House have
vowed to revive the legislation when the new Congress meets in January.
Swindle said the biggest problem facing the FTC is not the need for new
laws, but the ability to locate and prosecute spyware vendors.
“I’m of the opinion that many of the scams in this country are
short-lived. They get a lot of money, they take a lot of money and the guys
are out of there,” Swindle said. “Sometimes they get caught and they don’t
have any money left. The cost of getting caught amounts to nothing more than
another line item on the balance sheet.”
Jim Harper, director of information policy studies at the Cato Institute,
added that anti-spyware legislation would be no more effective than the CAN-SPAM Act signed by
the president in December.
“We didn’t need federal spam legislation. The problem there wasn’t the need
for a new law, but finding the people who send spam,” Harper said. “CAN-SPAM
hasn’t worked because you can’t find spammers. You can’t reach them because
they are operating in an eastern block country or the country where they are
operating doesn’t cooperate with the [U.S.] federal government.”
Swindle pointed to the FTC’s first case filed
against a spyware operator in October as an example of the current law
working.
“We didn’t need a new law to get that done,” Swindle said. “We’re confident
we’re going to win that case and there’s more coming.”
Swindle was quick to praise the “good intentions of Congress” in attempting
to deal with spyware, but he cautioned the Hill staffers about the
unintended consequences of well meaning legislation.
“First you have to get by defining what spyware is,” Swindle said. “Poorly
written legislation can cause enormous problems. We have to write rules
based on laws passed by Congress in order to implement the law. Quite
frankly, sometimes we have no earthly idea what the Congress meant to say.”