The House Energy and Commerce Committee kept anti-spyware legislation on the
fast track Thursday with a 45-4 vote approving a bill requiring that
consumers be given clear and conspicuous notice prior to downloading the Web
traffic tracking software.
The legislation approved Thursday is an amended version of
H.R. 2929, or the Securely Protect Yourself Against Cyber Trespass Act (SPY
Act), which was passed
last week by a subcommittee.
The SPY Act includes provisions to prohibit unfair or deceptive behavior,
such as key-stroke logging, computer hijacking and the display of
advertisements that cannot be closed. It also requires anyone who is not the owner or authorized user of a
computer to provide an opt-in screen prior to transmitting or enabling any
information collection program, which can collect personally identifiable
information or information about Web sites visited. Penalties for violating
the proposed law range up to $3 million.
This morning’s amendment adds language about the
nature and extent of the notice required, exemptions for legitimate software
patches and liability provisions for Internet service providers.
With final committee passage, the bill now goes to the full House for a
vote. Similar legislation has been introduced in the Senate but has yet to
pass any committee votes.
Following last week’s passage, a number of IT industry groups expressed
concerns that the bill was overly broad. In a letter to Energy and Commerce
Chairman Joe Barton (R-Texas) earlier this week, the Information Technology
Association of America said the subcommittee version “will generate a
veritable blizzard of legally mandated pop-up notices that only a lawyer
would love.”
To address those concerns, Rep. Cliff Stearns (R-Fla.) drafted new language
late Wednesday night. Most committee members did not see the new language
until Thursday morning.
“We wanted to make sure legitimate commerce is not undermined by this
legislation,” Stearns, who sponsored the new language,
said. “This refines and significantly improves the bill.”
Spyware is often vaguely defined and often confused with
adware, but generally refers to any software that covertly gathers user
information through the user’s Internet connection without his or her
knowledge, sometimes for advertising purposes. Most forms of adware,
however, are installed with the user’s knowledge.
Concerned about the growing number of programs that often surreptitiously
piggyback on downloaded files, consumer and privacy advocates have urged
congressional action to provide consumers with greater disclosure about the
programs that report back Internet traffic patterns to advertisers and
generate unwanted popups. The software can also slow a computer or network’s
performance.
The Federal Trade Commission (FTC) has repeatedly said new legislation
regulating spyware is unnecessary, contending the solution to the invasive
programs is more likely to be found in better technology solutions and
intensive consumer education, rather than in either state or federal legislation.
At an April spyware conference, the FTC asked industry Internet provider
leaders such as Microsoft, America Online and EarthLink to produce a set of
best practices for the use of adware, including disclosure statements to
consumers regarding what they are about to download.
Although Rep. Mary Bono (R-Calif.) introduced the original bill more than a year ago,
the legislation had little traction until Barton declared in April that
spyware was a “cancer” on the Internet and promised to pass an anti-spyware
measure this year.
In the disclosure notice required under the proposed law, the SPY Act
requires consumers be informed of the type of information the software
collects or sends, or the purpose for which the information is collected or
sent. The bill also requires that spyware that the consumer consents to
download must be easily uninstalled “without undue effort or knowledge” on
the part of the computer user.