U.S. Rep. Mary Bono (R.-Calif.) has introduced legislation requiring companies using “spyware” to inform computer users of their intent to install the invasive software and to obtain permission before loading it onto a computer. Spyware allows companies and individuals to monitor Internet activities and sometimes makes it possible to gather personally identifiable information.
Bono said H.R. 2929, the Safeguard Against Privacy Invasions Act (SPI), makes users aware of the technology before they install it on their computers.
“Companies that utilize spyware can sometimes view everything from passwords to credit card numbers of unknowing consumers. This legislation will help prevent such invasions of privacy,” Bono said. “Through this bill, users will knowingly agree to the conditions under which spyware operates before it can be installed on their computers.”
Currently, Internet users often unintentionally download spyware when visiting a site via a “drive-by download,” meaning the spyware is installed on the computer simply by clicking on a website.
More often, consumers unknowingly agree to download spyware systems when they accept software licensing agreements while downloading software from the Internet. Bono said this is common with file-sharing systems, and said she seeks to make it clearer to consumers what kinds of provisions are included in the software license agreements.
Bono’s legislation requires any organization that offers spyware to post an agreement clearly and conspicuously informing the computer user of the presence of spyware and its intended function. The spyware provider would be required to post the mechanism for accepting such an agreement on the same page as the Web agreement, and could not load such spyware without obtaining proper consent.
If a software company is installing spyware that collects personally identifiable information, Bon’s bill requires the company to post a separate notice stating specifically that it is collecting such information. The user is then required to accept these conditions before it can be installed on the computer.
In addition, when an organization requests the consent of an Internet user for the purpose of downloading spyware, it would be required to disclose its name, street address and a valid return e-mail address in the agreement.
The bill grants the Federal Trade Commission regulatory authority over the SPI Act, and imposes civil penalties for those who do not comply with the law, and criminal penalties for those who knowingly violate the SPI Act or who collect personally identifiable information without consent.
The legislation has been referred to the House Energy and Commerce Committee.