The U.S. House of Representatives Wednesday endorsed its second anti-spyware bill in less than a month. Both bills target unauthorized downloads but take significantly different approaches.
Approved on a 368-48 vote, the Securely Protect Yourself Against Cyber Trespass Act (SPY Act) requires an opt-in, notice and consent regime for legal software — often known as adware or spyware — that collects personally identifiable information from consumers.
The SPY Act would also prohibit surreptitious keystroke logging, browser hijacking and the unauthorized removal or disabling of security software installed on a computer. Violators would face civil penalties of up to $3 million per violation.
“Because of the Internet’s role in interstate commerce, the need for federal spyware legislation is clear; depending on a patchwork of state laws is simply unworkable,” bill co-sponsor Mary Bono (R-Calif.) said in a statement. “The passage of the SPY Act moves the American people one step closer to reclaiming control of their computers in their home and at their business.”
Passage of the bill follows the May 22 House approval of the Internet Spyware (I-SPY) Prevention Act of 2007. Unlike the SPY Act, the I-SPY Act limits its authority to imposing a maximum five-year prison term for placing unauthorized code on a computer that mines personal information about a user or impairs a computer’s normal security software.
The SPY Act now heads to the Senate, which hasn’t been so approving of anti-spyware legislation. It has failed to act primarily because of opposition from Internet advertisers claiming both bills don’t distinguish between legally installed software — such as cookies — and malware.
In addition, the Federal Trade Commission (FTC) claims anti-fraud laws already cover unauthorized downloads. The FTC has also told Congress private sector solutions and consumer education is a better alternative to legislation.
The U.S. Chamber of Commerce wasted little time lining up against the SPY Act.
“As it is currently drafted, [the bill] goes far beyond regulating spyware and is structured in such a way that it would directly obstruct legitimate information practices,” the department wrote in a letter to lawmakers this week.
The bill would “undercut the operational functionality of Web pages, fulfillment of product and service offerings and important advertising and marketing practices,” the letter continued. “This should be neither the intent nor the result of any acceptable bill that is aimed at stopping spyware.”
The Chamber of Commerce said that, although the SPY Act contains “useful provisions,” the group threw its support behind the I-SPY Act as it “focuses on deceptive acts and practices and imposes strong penalties on the purveyors of spyware, but more importantly does not target legitimate technologies or business practices.”
Last month, Rep. Zoe Lofgren (D-Calif.), a co-sponsor of the I-SPY Act, called the SPY Act overly broad and that the notice-and-consent regime mandated by the SPY Act is flawed, because violators are likely to ignore the law.