The chairman of the next committee which will judge the bill – the full Energy and Commerce Committee of the House – said that there was unanimity that the bill is a good idea. The bill has just been endorsed by a sub-committee of that body.
Spyware generally refers to any software that is installed on a person's computer without their knowledge and that reports certain information to a third party. The term is sometimes used to include adware, a more benign variant that subjects surfers to advertising; but the more malicious variety can be used by hackers to steal credit card or other personal information, for example by logging keystrokes and sending the information to another computer.
Spyware can be illegal in the UK under the Computer Misuse Act and adware can fall foul of the Privacy and Electronic Communications Regulations if it is installed by stealth. But in the US, previous attempts to control both spyware and adware at the federal level have failed.
In both 2004 and 2005 the House of Represenatives passed legislation specifically geared towards making spyware illegal. In both cases the laws were ignored by the Senate, so did not become law.
Some US laws already cover some spyware activity. The Federal Trade Commission (FTC) can fine any company it finds has engaged in fraudulent or deceptive business practices, and this has been used before in the context of spyware.
The proposed law, though, is more comprehensive in its coverage of activities related to spyware and allows for far greater fines. Perpetrators could be fined up to $3 million per infringement.
The bill, introduced by Democrat Edolphus Towns and Republican Mary Bono, is called the `Securely Protect Yourself Against Cyber Trespass Act' or the SPY ACT. It is written in broad terms that extend beyond what most people understand to be spyware.
Accordingly, resetting a user's browser home page without permission is an offence; so is taking an internet user away from the page they intended to visit without their permission, which puts a legal question mark over some popular advertising techniques. Collecting information about a user through keystroke logging, and inducing the user to reveal information about themselves, are also offences.
In the UK the 17-year-old Computer Misuse Act was drafted so broadly as to prohibit most of the activities undertaken by spyware software. It prohibits accessing a computer without authorisation, and creates a more serious crime of changing the contents of any computer accessed.
The Privacy and Electronic Communications Regulations prohibit the collection and storing of any information at all from a user without clear and comprehensive information about what the storing or collecting software does. Users must be given the chance to refuse access to or storage of that information.
