Security

Second Spyware Bill Gets OK in House

For the second time this week, U.S. lawmakers have approved a bill aimed at stamping out the spread of spyware, malicious software that is installed onto the computers of unsuspecting users and can track their online activities.

However, the flurry of activity might actually have a downside for those hoping the legislation would come quickly. With several different bills now circulating, it might prove too much for the two houses of Congress to reconcile before the end of the current legislative session, possibly by this weekend.

‘I-SPY’

Yesterday, lawmakers in the House of Representatives unanimously approved the Internet Spyware Prevention Act of 2004, also known as I-SPY. Its backers say the bill was carefully crafted to target the actions used by illicit spyware operations yet keep intact legitimate programs that users assent to being installed. For instance, the bill makes it illegal to install a program onto another person’s computer without permission.

The bill also establishes prison sentences of up to five years and calls for the Department of Justice to be given US$10 million to establish anti-spyware campaigns.

The passage of the bill — which had bipartisan support since its introduction by Republicans Bob Goodlatte of Virginia and Lamar Smith of Texas and Democrat Zoe Lofgren of California — follows the approval in the House of the Spy Act, which gives courts the ability to levy hefty fines on companies found to be using spyware.

Making Progress

Both bills will likely need to be combined into one and then reconciled with bills that have originated in the Senate before they can begin to make their way through both houses again. Most observers believe that will not happen at least until after the Presidential election in November.

Lawmakers took aim at spyware even as security experts have warned that it is a growing and increasingly insidious problem. A report over the summer by ISP Earthlink found that a half-million users had Trojan horses and other forms of surveillance software on their hard drives but were not aware of it.

Software and technology industry lobbyist groups have backed off their criticism of earlier versions of the anti-spyware bills. The Business Software Alliance and specific companies such as Microsoft had expressed concerns that legitimate programs that update automatically — such as antivirus software or the automatic update feature in Windows XP — could fall into the definition of outlawed activities.

Ari Schwartz, associate director of the Center for Technology and Democracy, said early drafts did not contain a distinction that set apart potentially harmful software from other programs that users might want to have installed.

“The real issue is overall protection of privacy for people going online, whether it’s from companies they think they can trust or those who are acting under the radar,” Schwartz said. “That’s a much bigger problem and one that’s going to be harder to address through legislation, but it can be done.”

FTC Not Waiting Around

Even as the legislation wends its way through the approval process, regulators have begun to take action against alleged spyware companies.

The Federal Trade Commission (FTC) yesterday said it had filed suit against a company accused of secretly infecting computers with spyware and pop-up ads and then trying to sell programs designed to remove the unwanted programs.

The FTC said it would seek an injunction against Seismic Entertainment Productions, Smartbot.Net, and Sanford Wallace, the apparent owner of the two companies, and ask a court to grant customers restitution for their losses.

FTC spokeswoman Claudia Bourne Farrell said that although the case marks the first attempt to shut down a spyware ring, the FTC has been focusing on the problem for some time, with staffers telling Congress earlier this year that it “poses a risk of serious harm to consumers.” The agency also hosted an industry workshop on ways to combat spyware.

“As with a lot of issues we deal with, enforcement is one part of an overall effort that also includes consumer education and new legislation,” she said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Keith Regan
More in Security

E-Commerce Times Channels