Riding a wave of consumer outrage at sneaky programs that hijack
computers, California Gov. Arnold Schwarzenegger signed into law a state
bill prohibiting spyware.
According to Sen. Kevin Murray, author of the Consumer Protection
Against Computer Spyware Act, or SB 1436, the bill makes it illegal to
install spyware on someone’s computer without first
giving notice. It requires software makers and Web site operators to disclose
whether they put spyware on your computer, as well as describe what it does.
The bill also sets forth a private right of action whereby a consumer could
seek damages of $1,000 per incident and applicable attorneys’ fees.
“SB 1436 bans these deceitful practices and will give consumers a sense
of true security when using their own computers,” Murray said in a
statement.
But two advocacy groups, the Privacy Rights Clearinghouse and the World Privacy Forum,
released an open letter to Schwarzenegger after the bill passed Congress urging him to
veto the bill, saying it would be worse than no legislation at all.
The groups said that SB 1436 is well-intentioned. However, they added, it
would establish provisions that are virtually unenforceable, could well
undermine existing law, and, further, would set a bad precedent nationwide
for other spyware bills that are likely to be considered in other states and
in the U.S. Congress.
They stated that because the significant changes occurred so late
in the session, they weren’t able to express their concerns in committee
hearings before the bill was sent to the Assembly floor.
Pam Dixon, executive director of the World Privacy Forum, said that the
bill sets a higher standard for unfair and deceptive business practices than
does the FTC.
“In litigation, it’s almost impossible to prove intent,” she said. “The
computer fraud and abuse act is an easier standard, but only applies to
criminal cases, not cases of annoyance.”
Murray and co-authors Debra Bowen (D-Redondo Beach) and Gloria Romero (D-Los
Angeles) introduced the bill to the California State Senate in February.
It was amended nine times by the Senate and the Assembly before
passing on August 26.
But Bowen asked that her name be removed from the much-amended
legislation, and she spoke out strongly against the law.
“This bill doesn’t protect computer users who don’t want their movements
tracked or their personal information ripped off,” she said. “It protects spyware
companies who’d love nothing more than to have their product installed on
every computer in the country.”
Bowen, who has taken stands against the potential for invasion of
consumers’ privacy via RFID technology
and has authored several
e-mail privacy bills,
noted that the intent-to-deceive standard doesn’t
apply to other legally prohibited practices, such as unsolicited fax ads or
recording telephone conversations without notification.
Meanwhile, another spyware
bill is making its way through Congress.
The SPYBLOCK (Software Principles Yielding Better Levels of Consumer Knowledge) Act
sponsored by Sen. Conrad Burns (R-Mont.) requires that consumers be given
clear and conspicuous notice prior to downloading software. The bill said
the notice must be displayed on the computer screen until the user either
grants or denies consent to installation.
Two committees in the House of
Representatives have already passed similar legislation, and a full floor
vote is expected by as early as next week. The Senate anticipates a full
vote before the end of the month.
But the Federal Trade Commission insists that new legislation regulating
spyware is unnecessary at either the state or federal levels. Instead, it
advocates better technology solutions and consumer education.