A Senate Shot at Anti-Spyware


Anti-spyware legislation found new life in the U.S. Senate Thursday when the
Commerce Committee approved a bill outlawing a number of activities
associated with unauthorized downloads.


The Senate’s SPY BLOCK Act criminalizes the unauthorized installation of computer software and requires
clear disclosure to computer users of software features that may pose a
threat to privacy.


The bill targets three main consumer harms: taking control of a user’s
computer; software that triggers advertising out of context with the use of
the computer; and undisclosed collection of personal information.


“Congress must act to protect the right of consumers to know when
potentially dangerous spyware is being downloaded onto their computers,”
bill sponsor Conrad Burns (R.-Mont.) said in a statement.

“As the SPYBLOCK
Act moves forward to the Senate floor, I hope we can continue making it a
stronger bill by making sure the private sector has all the right tools it
needs to successfully slow the spread of malicious spyware.”


Burns’ bill identifies a series of unfair and deceptive practices related to
spyware , including computer hijacking, spam zombies, endless-loop pop-up ads
and fraudulent and false installation.


The bill also bans modem hijacking, which allows spyware companies to charge
overseas phone calls to victims and Denial-of-Service attacks, which coordinate computers to attack Web sites.


The legislation also strengthens Federal Trade Commission (FTC) enforcement
and gives both the FTC and state attorneys general the authority to enforce
provisions of the bill. Additionally, it creates a new section in the
criminal code establishing criminal penalties for the unauthorized copying
of software to a protected computer.


An amendment to SPY BLOCK by John Sununu (R.-N.H.) would increase civil penalties for violations involving unfair or deceptive acts or practices that exploit popular reaction to an emergency or major disaster.


The U.S. House of Representatives approved its anti-spyware legislation earlier this year.


Known as the Internet Spyware (I-SPY) Prevention Act of 2005, the bill imposes prison terms for intentionally accessing a computer without authorization for the purpose of planting unwanted software.


Under I-SPY, using unauthorized access to a computer to commit a crime is
punishable by a fine or imprisonment for up to five years. If the access is
used to transmit personal information for the purposes of fraud or damaging
a computer, the prison terms can go up to two years.


The House also passed the Securely Protect Yourself Against Cyber Trespass
Act (SPY Act), which toughens penalties on spyware purveyors. But it goes much
further than the I-SPY Act by imposing an opt-in, notice and consent regime
for legal software that collects personally identifiable information from
consumers.


Among the spyware practices prohibited by the bill are phishing, keystroke
logging, homepage hijacking and ads that can’t be closed except by shutting
down a computer. Violators could face civil penalties of up to $3 million.

News Around the Web