The Web    Google
House Renews Anti-Spyware Push

House Renews Anti-Spyware Push
January 26, 2005

WASHINGTON -- The 109th Congress renewed its efforts to pass a federal anti-spyware bill by targeting the malware menace in the very first meeting of the House Energy and Commerce Committee.

In October, the House passed anti-spyware legislation on a 399-1 vote, but the measure never came up in the Senate.

"By getting a much earlier start, we can get a bill on the president's desk [this year]," said Rep. Ed Towns, D-N.Y. He and Rep. Mary Bono, R-Calif., are the primary sponsors of H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT). The legislation is virtually the same measure approved by the House in October.

A House and Energy and Commerce Committee staff member told the legislation is likely to get a full committee vote sometime in February.

The bill prohibits unfair or deceptive practices related to spyware and requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers.

The spyware practices prohibited by the legislation include phishing, keystroke logging, home page hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.

"This is a problem that must be addressed quickly, and, given the interstate nature of e-commerce, it must be addressed by federal legislation," said the Republican Energy and Commerce Chairman Joe Barton. "I have talked with several members of the Senate, and they have assured me they'll be moving legislation very quickly on this matter."

Barton has aggressively pushed for anti-spyware legislation despite objections from the Federal Trade Commission (FTC) that current deceptive trade practice laws are adequate in dealing with spyware purveyors.

In October, the FTC filed its first civil suit against Sanford Wallace, accusing him of spreading adware, spyware and other unsolicited software programs through deceptive or illegal downloads. In its complaint, the FTC contends Wallace and his companies engaged in unfair and deceptive trade practices by installing software on users' computers without their consent. Earlier this month, Wallace agreed to stop secretly installing the programs on users' computers until the FTC's suit against the company is resolved.

"I am encouraged that the FTC is finally taking action against some of the worst actors in the spyware realm, but Congress must also act quickly to give the FTC the additional power it needs to stem the tide of this Internet monitoring," Barton said.

While the FTC was not invited to testify at Wednesday's hearing, representatives of Microsoft (Quote, Chart) and EarthLink endorsed the legislation. In addition, Howard Schmidt, a former special advisor to the White House on cyber security issues, and Ari Schwartz of the Center for Democracy and Technology spoke in favor of the bill.

"Spyware continues to be a primary frustration for our customers and industry partners," Ira Rubinstein, associate general counsel for Microsoft, said.

Rubinstein testified that Microsoft was initially concerned that early drafts of the bill contained provisions that "might compromise specific functionalities rather than target the bad practices at the core of the spyware problem."

Rubinstein said the current working version of the bill, "Captures the bad actors without unnecessarily impeding the good ones."

The bill permits computer software providers to interact with a user's computer without notice and consent to determine whether the user is authorized to use the software. Network monitoring is also exempted from the provisions of the notice and consent requirements of the bill to the extent that the monitoring is for network or security purposes, diagnostics, technical support or repair, or the detection or prevention of fraudulent activities.

Cookies are also exempted if they are solely used to allow the user to access a Web site, although committee members said they were willing to continue to negotiate on the definition of cookies to allay the concerns of some in the Internet advertising sector that the bill is overly broad.

"Some cookies exist just to save you time; for example, when you check a box for a Web site to remember your password on your computer," David Baker, EarthLink's vice president for law and public policy, said.

"Some sites now deposit adware cookies, which store personal information and share the information with other Web sites," Baker added. "This sharing of information allows marketing firms to create a user profile based on your personal information and sell it to other firms."

For more information on spyware protection and removal, visit Intranet Journal's Spyware Guide.

  • 2/21: Derdero-B Worm Uses File Sharing
  • 4/8: Imabut-A Trojan a Floppy Disk Image
  • A New Breed of Phish
  • 4/4: Mytob-C Worm Looks For Flaw
  • 5/13: Sqdrop-A a Dropper Trojan
  • 1/18: Rbot-TS Worm Spreads to Weak Shares
  • 9/8: IRCBot-G Trojan Opens Backdoor
  • Sue a Spoofer Today
  • AOL's AIM Puts Browser Security in Danger
  • U.S. Bows to Europe as New Spam King
  • SAML Just The Start For Web Services Security
  • Security Camera Price