Impatient with the efforts of Congress to deal with spyware, states are
increasingly taking matters into their own hands. The home turf of Microsoft
and Amazon is the latest to join the battle.
Washington Gov. Christine Gregoire is expected to soon sign the nation’s
third anti-spyware law, following the lead of Utah and California. For good
measure, Olympia, Wash., is throwing in an anti-phishing bill.
While Washington is enmeshed in a sea of competing and conflicting
definitions over what just spyware is, Olympia chose to go the other way.
“It’s what you did, not how you did it,” said spyware bill sponsor Rep. Jeff Morris, a Democrat from Anacortes.
With the full support of the Pacific Northwest’s tech titans, the
legislation amends Washington’s criminal code to create the new crime of
computer trespass. The measure authorizes the state attorney general to seek
damages up to $100,000 per violation.
While consumer class action suits against spyware vendors are prohibited, businesses and corporations are allowed to pursue litigation. The court has the option of increasing
the damages by up to three times the amount of the award. The maximum
criminal fine cannot exceed $2 million.
“It’s really a simple question: Did you have permission to put that on my
property?” Morris said. “If not, it’s a crime.”
Unlike Congress, Washington’s exemptions to the law are short and
simple: Those who have upfront permission to access computers are not
subject to liability.
“We simply did not want to define what spyware is,”
Morris said. “Those things are never going to be static.”
The phishing bill creates penalties for anyone attempting to get personal
information from users through false e-mail or spoofed sites. It authorizes
the attorney general to seek damages of up to $500 per violation or actual
damages if phishers solicit consumers’ information.
Internet service providers who are victims may seek up to $5,000 or actual
damages, and the court can increase the fines by up to three times the
Republican Toby Nixon of Kirkland, who sponsored the anti-phishing bill, said
in a statement, “We need to keep our state code current to address crimes as
they evolve and respond to criminals as they become more sophisticated.”
Morris said he hopes Congress will take note of the state’s approach to the
“If enough states put pressure on Congress, I hope they can at least equal
what we have done,” he said.
California law, which became effective on Jan. 1, requires software
companies and Web sites to inform users what software they are installing on
a computer and disclose what information it will collect. Consumers are
allowed to set damages of $1,000 per violation plus legal fees.
In Utah, spyware hustlers are subject to damages of $500 per violation if
the vendor’s pop-up ads are triggered by a trademarked logo or site
location. Class action suits are not allowed, but the Utah attorney general
or business can sue either the company that created the software or the
company that paid for the pop-ups.