The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT Act, was approved by a House subcommittee last Thursday. The law, HR 2929 would allow the Federal Trade Commission to sue spyware writers for up to $3m.
The bill, originally sponsored by Representatives Mary Bono and Ed Towns but completely rewritten by Representative Cliff Stearns, has been substantially expanded from the old proposed Safeguard Against Privacy Invasion Act (SPI Act).
The bill protects individuals from unknowingly downloading spyware by requiring that consumers receive a clear and conspicuous notice prior to downloading spyware, Bono said in a statement after the bill passed through the committee.
The new bill would outlaw deceptive practices when they are used to get people to install software that does things including turning PCs into spam relays, redirecting to web sites, and changing their browser home page.
The bill also covers adware that creates endless loops of pop-ups, installing dialers, altering bookmarks, keystroke logging, installing software after the user has declined, and disabling spam and virus filters.
The original SPI Act was more vague. Software vendors fought against legislation that regulates what software can do. Robert Holleyman, CEO of the Business Software Alliance, told the FTC in March that Congress should ban behavior, not software.
The same underlying technology that can enable spyware also may power many legitimate applications that benefit millions of computer users everyday, he wrote. We don’t ban crowbars because some people use them to break into houses.
The bill would also regulate information collection, requiring software to display prominently, before installation, the text: This program will collect and transmit information about you and your computer use. Do you accept?”
This disclaimer would have to tell the user what types of personal information it collects and what it will be used for. The bill includes a carve-out for cookies, which would be exempt from the disclosure provisions.
The SPY ACT Act would not give victims the right to sue, but it would allow the FTC, which already has its work cut out enforcing the CAN SPAM Act among its other duties, seek fines of up to $33,000 per violation. This legislation will next be considered by the House Energy and Commerce Committee before going for a full vote. A companion bill has been introduced in the Senate by Senators Burns, Wyden, and Boxer and is under consideration in the Senate Commerce Committee.
