House Panel Gets Tough on Spyware, P2P Piracy


WASHINGTON — With an eye on peer-to-peer networks, the U.S. House
Judiciary Committee approved legislation Wednesday criminalizing
some acts of copyright infringement. In the same markup session, the panel
created criminal penalties for the surreptitious use of spyware.


The Piracy Deterrence and Education Act of 2004 specifically
targets the electronic distribution of copyrighted material “with reckless
disregard for the risk of further infringement.” The legislation calls for
prison terms of up to three years for electronically distributing 1,000 or more
copyrighted works over a 180-day period.


The bill also provides $15 million to the Department of Justice
(DOJ) to establish an Internet use education program. Under the education
program, the DOJ is authorized over the next 18 months to send
warning letters to Internet service providers (ISPs) whose customers are suspected of
widespread copyright infringement.


On a voluntary basis, ISPs may pass on the warning notices to the
Suspected copyright violators but are not required to disclose to
the DOJ any identifying information about the subscriber.


“We commend the Committee for making voluntary the program under which
Internet service providers would pass on to consumers notices from the
Justice Department alleging copyright infringement,” Gigi B. Sohn,
president of the digital rights group Public Knowledge, said in a
statement. “We are still concerned that taxpayer dollars could be better spent on
priorities other than notifications of possible copyright infringement.”


The Internet Spyware Prevention Act of 2004 makes it a crime to
intentionally access a computer without authorization or to
intentionally exceed authorized access. If the unauthorized intrusion is to further another federal crime such as secretly accessing personal data, the penalty is up
to five years in prison. Deliberately injuring or defrauding a person or damaging a
computer through the unauthorized installation of spyware carry prison terms of up to two years.


The legislation also authorizes $10 million for the DOJ to combat
spyware and phishing scams, although the bill does not specifically make
phishing a crime.


Both bills now await a full floor vote of the House.


“By imposing criminal penalties on these bad actors, this
legislation will help deter the use of spyware and will thus help protect consumers
from these aggressive attacks,” bill sponsor Bob Goodlatte (R-VA)
said. “At the same time, the legislation leaves the door open for innovative
technology developments to continue to combat spyware programs.”


The House Energy and Commerce Committee has already passed its own
version of a spyware bill requiring that consumers be given clear
and conspicuous notice prior to downloading software. The legislation includes
provisions to prohibit unfair or deceptive behavior such as keystroke logging,
computer hijacking and the display of advertisements that can’t be
closed.


The Energy and Commerce version also requires anyone who is not
the owner or
authorized user of a computer to provide an opt-in screen prior to
transmitting or enabling any information collection program. The bill
proposes civil penalties of $3 million for violations.


Goodlatte said the Judiciary spyware version does not try to define
technology as the Energy and Commerce bill does but goes after the
“truly bad actors.” Bill co-sponsor Lamar Smith (R-TX) said the
Judiciary spyware legislation is about “regulation of bad behavior instead of
technology. The bill rightly takes a very narrow approach.”


The two bills will be reconciled between the two committees before
a final version will be presented to the full House. A bill similar to the
Energy and Commerce Committee version is backed in the Senate by Ron
Wyden (D-OR) and Conrad Burns (R-MT), authors of the CAN-SPAM Act.


“Spyware is a very real problem that is afflicting owners of personal
computers and creating millions of dollars of additional business
costs to address the problem,” said Rep. Zoe Lofgren (D-CA), another co-sponsor of
the Judiciary bill. “It is important that we support H.R. 4661, which will clearly discourage spyware and related practices. Consumers and businesses should not have to wait any longer for help in preventing the wrongful use of spyware.”


Spyware is often vaguely defined and often confused with adware, but
generally refers to any software that covertly gathers user
information through the user’s Internet connection without his or
her knowledge, sometimes for advertising purposes. Most forms of adware, by contrast, are installed with the user’s knowledge.


For more than a year, consumer and privacy advocates have urged
congressional action to provide consumers with greater disclosure
about the programs that report back Internet traffic patterns to advertisers and
generate unwanted pop-ups. The software can also slow a computer or
network’s performance.


“Every day, thousands of unsuspecting Americans have their identities
hijacked by a new breed of cyber criminals because of spyware.
People whose
identities have been stolen can spend months or years — and much
of their
hard-earned money — trying to restore their good name and credit
record,” Smith said. “This legislation will help prevent bad things
from happening to
good names.”


The Federal Trade Commission (FTC) has repeatedly said new legislation
regulating spyware is unnecessary, contending the solution to the
invasive programs is more likely to be found in better technology
solutions and
intensive consumer education, rather than in either state or federal
legislation.

News Around the Web