House Toughens Spyware Penalties

For the second time in three days, the U.S. House of Representatives
has passed an anti-spyware bill, this time adding criminal penalties to
tough civil provisions of legislation passed on Tuesday.

The Internet Spyware Prevention Act of 2004 (H.R. 4661), which passed on a
415-0 vote Thursday, makes it a crime to intentionally access a computer without
authorization or to intentionally exceed authorized access. If the
unauthorized intrusion is to further another federal crime such as secretly
accessing personal data, the penalty is up to five years in prison.

Deliberately injuring or defrauding a person or damaging a computer through
the unauthorized installation of spyware carry prison terms of up to two
years. The legislation also authorizes $10 million for the Department of
Justice to combat spyware and phishing scams, although the bill does not
specifically make phishing a crime.

“By imposing criminal penalties on these bad actors, this legislation will
help deter the use of spyware, and will thus help protect consumers from
these aggressive attacks,” Rep. Bob Goodlatte (R-VA), the bill’s author,
said in a statement. “At the same time, the legislation leaves the door
open for innovative technology developments to continue to combat spyware

Tuesday night, the House passed legislation prohibiting unfair or deceptive
practices related to spyware. The bill, known as the Spy Act (H.R. 2929),
also requires an opt-in notice and consent form for legal software that
collects personally identifiable information from consumers. The penalties
in H.R. 2929 are limited to civil fines of up to $3 million.

Both bills now go the Senate, which has pending legislation similar to the
House bills. House Energy and Commerce Committee Chairman Joe Barton (R-Texas)
said earlier this week he thought the two chambers could agree on a spyware
bill before lawmakers adjourn on Friday or Saturday.

“[We’ve] seen several egregious examples of spyware being used in ways that
most Americans would think clearly ought to be criminal,” Ari Schwartz,
associate director of the Center for Democracy and Technology, said in
another statement. “The bill will help make sure there are strong deterrents
to using spyware to defraud or injure consumers.”

The two House bills are supported by a broad array of trade groups, including
the U.S. Chamber of Commerce and the Business Software Alliance (BSA). “This
anti-spyware legislation ensures that criminal penalties are imposed upon
those persons who aim to harm innocent Internet users via spyware
applications,” said Robert Holleyman, president and CEO of the BSA.

Dell , eBay >, Microsoft , Time
Warner , Yahoo and Earthlink endorsed the Tuesday legislation. They did so after exemptions were added to the bill for
network monitoring for security purposes, technical support or repair, or
the detection or prevention of fraudulent activities.

The bill also permits computer software providers to interact with a user’s
computer without notice and consent in order to determine whether the
computer user is authorized to use the software upon initialization of the
software or an update of the software.

“Every day thousands of unsuspecting Americans have their identities
hijacked by a new breed of cyber criminals because of spyware. People whose
identities have been stolen can spend months or years — and much of their
hard-earned money — trying to restore their good name and credit record.
This legislation will help prevent bad things from happening to good names,”
Rep. Lamar Smith (R-Texas) said.

News Around the Web