While existing US legislation deals with the more fraudulent aspects of spyware, such as keystroke-logging, these consumer protection laws do nothing to prevent the simple existence of spyware – software that is used to collect information about an individual or organisation without their knowledge.
Spyware or adware – which generates pop-up ads – can be deposited on a computer as an e-mail attachment or as a web site download. Both types tend to make computers sluggish and less efficient, which is very frustrating for users.
Congress has been keen to take action, and yesterday the House passed the first of three anti-spyware bills currently going through the legislative process with an overwhelming vote of 399 to 1.
The "Securely Protect Yourself Against Cyber Trespass Act", or SPY ACT, proposes to protect individuals from unknowingly downloading spyware by requiring that consumers be given notice of and consent to the software being downloaded.
Sponsored by Republican Mary Bono, the SPY ACT also includes provisions to prohibit unfair or deceptive behaviour such as keystroke logging, computer hijacking and the display of advertisements that cannot be closed.
It seeks to impose heavy financial penalties for violations of the Act, including a maximum fine of $3 million where the perpetrator targets multiple computers in one act involving unfair or deceptive behaviour, and a maximum fine of $1 million where the perpetrator targets multiple computers in one violation of the consent requirement.
The House is expected to vote today on a second bill, known as the Internet Spyware (I-Spy) Prevention Act. Sponsored by Republican Congressmen Bob Goodlatte and Lamar Smith, this bill takes a narrow approach to the issue, aiming to criminalise those who deliberately access a computer without permission in order to:
Further another federal criminal offence – punishable by fine or imprisonment for up to five years.
Intentionally obtain or transmit "personal information" with the intent of injuring or defrauding a person or damaging a computer - punishable by fine or imprisonment for up to two years.
Intentionally impair the security protections of a computer - punishable by fine or imprisonment for up to two years.
According to reports, the two bills have not been combined so far due to lack of time, but are expected to be combined shortly in order that they may be put forward to the Senate, which is discussing its own anti-spyware proposals today.
The Senate bill, known as the SPYBLOCK (Software Principles Yielding Better Levels of Consumer Knowledge) Act, has been introduced by Senators Conrad Burns, Ron Wyden, and Barbara Boxer, and would make it illegal to install invasive software onto users' PCs without their consent. The bill also requires that developers include reasonable uninstall procedures for all downloadable software.
According to Wired News, House Representatives are meeting with Senators today to try to thrash out differences between the three bills.