House Renews Anti-Spyware Push

WASHINGTON — The 109th Congress renewed its efforts to pass a federal
anti-spyware bill by targeting the malware menace in the very first meeting
of the House Energy and Commerce Committee.

In October, the House passed
anti-spyware legislation on a 399-1 vote, but the measure never came up in
the Senate.

“By getting a much earlier start, we can get a bill on the president’s desk
[this year],” said Rep. Ed Towns, D-N.Y. He and Rep. Mary Bono, R-Calif.,
are the primary sponsors of H.R. 29, the Securely Protect
Yourself Against Cyber Trespass Act (SPY ACT). The legislation is virtually
the same measure approved by the House in October.

A House and Energy and Commerce Committee staff member told
internetnews.com the legislation is likely to get a full committee
vote sometime in February.

The bill prohibits unfair or deceptive practices related to spyware and
requires an opt-in notice and consent regime for legal software that
collects personally identifiable information from consumers.

The spyware practices prohibited by the legislation include phishing, keystroke
logging, home page hijacking and ads that can’t be closed except by shutting
down a computer. Violators could face civil penalties of up to $3 million.

“This is a problem that must be addressed quickly, and, given the interstate
nature of e-commerce, it must be addressed by federal legislation,” said the Republican Energy
and Commerce Chairman Joe Barton. “I have talked with several
members of the Senate, and they have assured me they’ll be moving legislation
very quickly on this matter.”

Barton has aggressively pushed for
anti-spyware legislation despite objections from the Federal Trade
Commission (FTC) that current deceptive trade practice laws are adequate in
dealing with spyware purveyors.

In October, the FTC
filed its first civil suit
against Sanford Wallace, accusing him of spreading adware, spyware and other unsolicited software programs through
deceptive or illegal downloads. In its complaint, the FTC contends Wallace and his companies
engaged in unfair and deceptive trade practices by installing software on
users’ computers without their consent. Earlier this month, Wallace
agreed
to stop secretly installing the programs on users’ computers
until the FTC’s suit against the company is resolved.

“I am encouraged that the FTC is finally taking action against some of the
worst actors in the spyware realm, but Congress must also act quickly to
give the FTC the additional power it needs to stem the tide of this Internet
monitoring,” Barton said.

While the FTC was not invited to testify at Wednesday’s hearing,
representatives of Microsoft and EarthLink endorsed the legislation. In addition, Howard Schmidt, a former
special advisor to the White House on cyber security issues, and Ari
Schwartz of the Center for Democracy and Technology spoke in favor of the
bill.

“Spyware continues to be a primary frustration for our customers and
industry partners,” Ira Rubinstein, associate general counsel for Microsoft,
said.

Rubinstein testified that Microsoft was initially concerned that early
drafts of the bill contained provisions that “might compromise specific
functionalities rather than target the bad practices at the core of the
spyware problem.”

Rubinstein said the current working version of the bill,
“Captures the bad actors without unnecessarily impeding the good ones.”

The bill permits computer software providers to interact with a user’s
computer without notice and consent to determine whether the user is
authorized to use the software. Network monitoring is also exempted from the
provisions of the notice and consent requirements of the bill to the extent
that the monitoring is for network or security purposes, diagnostics,
technical support or repair, or the detection or prevention of fraudulent
activities.

Cookies are also exempted if they are solely used to allow the user to
access a Web site, although committee members said they were willing to
continue to negotiate on the definition of cookies to allay the concerns of
some in the Internet advertising sector that the bill is overly broad.

“Some cookies exist just to save you time; for example, when you check a box
for a Web site to remember your password on your computer,” David Baker,
EarthLink’s vice president for law and public policy, said.

“Some sites now deposit adware cookies, which store personal
information and share the information with other Web sites,” Baker added. “This sharing of
information allows marketing firms to create a user profile based on your
personal information and sell it to other firms.”

For more information on spyware protection and removal, visit Intranet Journal’s Spyware Guide.