House Approves Anti-Spyware Bills

The U.S. House plunged ahead today in its anti-spyware campaign, passing two different bills targeting unfair or deceptive practices related to spyware.

Just six months ago, similar legislation failed to capture the Senate’s imagination.

“It is time we not only pass this in the House but also make it the law of
the land,” Rep. Jan Schakowsky (D-Ill.) said. Rep. Cliff Stearns (R-Fla.),

added, “We passed this bill once before. Now, we’ve got to appeal to the

Senate to move it.”

First, though, the Senate will have to divine the intent of the House, which

passed two different approaches to dealing with spyware.

Under the Internet Spyware (I-SPY) Prevention Act of 2005, House members

approved legislation that imposes tougher criminal penalties for

spyware-related activities. The bill imposes prison terms for intentionally

accessing a computer without authorization for the purpose of planting

unwanted software.

Under I-SPY, using unauthorized access to a computer to commit a crime is punishable by a fine or imprisonment for up to

five years. If the access is used to transmit personal information for the

purposes of fraud or damaging a computer, the prison terms can go up to

two years.

“This is targeted legislation instead of an invasive regulatory scheme with

unknown consequences,” Rep. James Sensenbrenner (R-Wis.) said of the I-SPY

Act, which originated in Sensenbrenner’s Judiciary Committee.

The other bill passed Monday, the Securely Protect Yourself Against Cyber

Trespass Act (SPY Act), also toughens penalties on spyware purveyors but

goes much further than the I-SPY Act by imposing an opt-in, notice and

consent regime for legal software that collects personally identifiable

information from consumers.

Among the spyware practices prohibited by the bill are phishing, keystroke

logging, homepage hijacking and ads that can’t be closed except by shutting

down a computer. Violators could face civil penalties of up to $3 million.

Rep. Joe Barton (R-Tex.), whose Energy and Commerce Committee pushed the SPY

Act out to the House floor, said a prominent opt-in notice for consumers

prior to the personal collection of identifiable information is an important

aspect of any anti-spyware legislation.

“I believe that we need to require of ad companies the responsibility to

inform consumers and get their consent before they start installing devices

on consumers’ computers that keep track of everything they do on the

Internet,” Barton said. “This bill does that, the Judiciary bill does not.”

Rep. Bob Goodlatte, co-sponsor of the I-SPY Act along with Rep. Zoe Lofgren

(D-Calif.), said Congress should avoid the “excessive” regulation of the

Internet called for in the SPY Act.

“We must target the behavior, not the technology,” Goodlatte said. “The

I-SPY Act protects consumers by imposing stiff penalties on the truly bad

actors, while protecting the ability of legitimate companies to develop new

and exciting products and services online for consumers.”

Goodlatte said the SPY Act championed by Barton “imposes a broad regulatory

regime on businesses.”

Barton said he was prepared to merge the two House bills if the Senate

passed its own anti-spyware legislation.