Security

Anti-spyware bill sent to Senate, passes House


No Spyware

Ars Technica reports the U. S. House of Representatives today passed legislation by voice vote to criminalize spyware and other scams stealing personal information from users. If the Senate and President concur with the bill (first reported here on May 2), spyware creation and distribution becomes a federal felony, with five years maximum prison time. Obtaining or transmitting personal information with the intent to injure or defraud a person or damaging a computer could lead to two years jail time. The Justice Department also gets $40 million to fight phishing and pharming.

H.R. 1525 "is one of the biggest threats to consumers on the Internet" said Sponsor Zoe Lofgren (D-San Jose, CA). She and other lawmakers cited estimates that up to 90% of U.S. computers are spyware-infected.

There's no similar bill yet in the Senate.

Will this be effective, or just another CAN-SPAM ACT? Join the discussion.

4 comments
deepsand
deepsand

PC World [b]Spyware Bill's Chances Uncertain in Senate[/b] [b]Internet Spyware Prevention Act has passed the House, but will face a tougher test in the Senate.[/b] Grant Gross, IDG News Service Friday, May 25, 2007 12:00 PM PDT An antispyware bill that the U.S. House of Representatives passed this week earned praise from cybersecurity groups, but faces an uncertain future in the Senate. The bill, which would create penalties of up to five years in prison for some spyware-like behavior, is a "needed piece of legislation in order to protect consumers," said Kevin Richards, federal government relations manager for Symantec Corp. Many online identity theft schemes start with spyware on a victim's computer, he said. Though versions of the Internet Spyware Prevention Act (I-SPY) have passed through the House in the last two sessions of Congress, they stalled in the Senate. The House passed I-SPY and a second spyware bill in May 2005. But the Senate failed to act, partly because of concerns that the second proposal, called the Securely Protect Yourself Against Cyber Trespass Act or SPY Act, too broadly defined spyware. The Senate Commerce, Science and Transportation Committee also became hung up on what approach to take for a spyware bill -- a criminal penalties approach similar to I-SPY or a broader approach attempting to define spyware technologies similar to the second House bill. Concerns over the SPY Act remain. Last month, the Electronic Frontier Foundation issued an alert about the SPY Act, saying it opposes the bill because it would preempt tougher state laws against spyware and hacking. "In fact, having been massaged by lobbyists for the software and adware industries, the bill would actually make things worse, insulating adware vendors from more stringent state laws and private lawsuits," wrote EFF lawyer Fred von Lohmann. Any bills that have not passed through the House and Senate during their two-year session must be reintroduced. This year the SPY Act has been approved by the House Energy and Commerce Committee but has not faced a vote on the House floor. On the other hand, there seems to be less opposition to I-SPY. I-SPY has "broad support from the industry," said Geoff Gray, legislative consultant for the Cyber Security Industry Alliance, a trade group. "It concentrates on bad actions as opposed to bad technologies." I-SPY now goes to the Senate for consideration. Two champions of antispyware legislation in the Senate, Republicans George Allen of Virginia and Conrad Burns of Montana, were defeated in last November's elections. Meanwhile, supporters of the I-SPY Act say they will push for passage in the Senate. Symantec is engaging senators about the need for a spyware bill and other cybersecurity measures, Richards said. Several senators seem open to cybersecurity legislation, he said. "I think there's interest there," he said. "But senators are focused on a big plate of issues." Although Burns and Allen are gone, I-SPY has a "decent" chance of passing the Senate, added Gray. The House may have given it a better shot by not passing the more controversial SPY Act at the same time, he said. "A little steam has gone out of it on the Senate side, but maybe some of the conflict as well," Gray said. A spokesman for Representative Zoe Lofgren, one of the primary sponsors of I-SPY, said it's early to gauge the bill's chances in the Senate. The California Democrat will begin pushing for the bill in the Senate soon, the spokesman said. Representatives of tech-focused senators said their bosses are looking at antispyware legislation. "It's one of our priorities," said a spokesman for Senator John Ensign, a Nevada Republican and cosponsor of an antispyware bill in the last session of Congress. Senator Ron Wyden, an Oregon Democrat, is also looking into the issue, a spokeswoman said. Wyden, cosponsor of the broader antispyware bill in the Senate last Congress, is "looking into what he feels the correct course should be legislatively ... based on the way the spyware issue has evolved over the last two years," said spokeswoman Melissa Merz.

K7AAY
K7AAY

Will this legislation, if passed, curb spyware? What will it take? Join the discussion.

deepsand
deepsand

installed by vendors! The bill provides that spyware not be installed "without gaining approval via a clearly stated EULA." Under this bill, Sony's installation of a rootkit would have been perfectly legal.

dellendixon
dellendixon

How are they going to determine "intent to injure or defraud a person"? The "damage a computer" part can be presumed with sending the spy/mal ware, but proving intent might be difficult. Depends on how the bill is worded. And what happens if someone takes over my computer to send out stuff? Are they going to accept the claim of innocent bystander? And just HOW are they going to catch these people?