Congresswoman reintroduces spyware bill to U.S. Congress

Spyware legislation that would allow fines of up to US$3 million for makers of software that steals personal information from a user's computer or highjacks its browser will get a second look after the U.S. Congress failed to pass the legislation in 2004.

On Tuesday, Representative Mary Bono reintroduced an antispyware bill that passed the House of Representatives in 2004, but failed pass in the Senate. The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, defines most functions performed by so-called spyware as unfair business practices subject to U.S. Federal Trade Commission fines.

Bono, a California Republican, expects the bill to sail through Congress this year, she said in a statement. The bill passed the House in October on a 399-1 vote.

"The SPY ACT was introduced because we feel that consumers have the right to know and be protected when they are downloading software that has the ability to collect and transmit personal information," Bono said in her statement. "From its original introduction, the SPY ACT has evolved through a tremendously collaborative bipartisan effort to what we feel is strong and sound legislation. We have received a tremendous amount of support for the SPY ACT and are confident that this year we will see a spyware bill in the law books."

The SPY ACT, which would require a user's permission before software is downloaded onto a computer, ran into some objections from software vendors, who suggested the bill could force software vendors to notify users every time the software scans their machines for updates. The SPY ACT also would prohibit unauthorized software from changing a browser's default home page, changing the security settings of a computer, logging keystrokes and delivering advertisements that the computer user cannot close without turning off the computer or closing all sessions of the browser.

The bill Bono introduced is the same as the bill passed by the House, except for a one-year extension in the bill's sunset clause, from December of 2009 to December of 2010. An earlier version of a Bono spyware bill, introduced in July 2003, broadly prohibited spyware and defined it as "any computer program or software that can be used to transmit from a computer, or that has the capability of so transmitting, by means of the Internet and without any action on the part of the user of the computer to initiate such transmission, information regarding the user of the computer, regarding the use of the computer, or that is stored on the computer."

Some software vendors, including those that market antivirus update software, objected that the definition was overly broad and could make their services subject to fines. Some tech companies continued to call the amended version of the bill too broad, but authors of the amended version attempted to address concerns that the original bill outlawed a type of technology instead of outlawing bad activities.

Some consumer and privacy advocates supported the bill, however. The Center for Democracy and Technology, a civil liberties group, supports the bill's penalties, said Ari Schwartz, the center's associate director. "It would be a lot easier to get the message out in terms of deterrence," he said.