An Imperfect Spy Act
Consumers hate spyware programs that slow their PCs and endanger personal data. So why are Congressional efforts to block the malicious software so unpopular?
When a Congressional committee enthusiastically approved the Spy Act in June, it became a procedural victory in search of an appreciative audience. Beyond the Beltway, the anti-spyware bill has found more critics than supporters. Industry and consumer groups, technology vendors, and even the U.S. Federal Trade Commission have come out against the bill. If it were a movie, critics would say the billwhose name is hard-won acronym for Securely Protect Yourself Against Cyber Trespasshas no legs.
Members of the House Subcommittee on Commerce, Trade, and Consumer Protection had plenty of spring in their steps on June 17 when they enthusiastically passed the Spy Act by the surprisingly lopsided vote of 45-4. Legislators hope the bill will end the digital heyday of spyware, that broad category of software that often resides on its victims’ computers without their knowledge and is capable of everything from annoyances such as slowing system performance to genuine dangers such as collecting credit-card numbers.
In its most recent form, the proposed bill would require software that collects computer users’ personal information to notify users of its installation, obtain their consent before installation, and provide easy uninstall options. Violators could be fined up to $3 million.
It’s not that the bill’s critics like spyware. But they say the protection afforded by the proposed legislation is skimpy at best. They dislike the bill’s call for one uniform notice and consent screen for any software that collects information about the user. They argue that the provision could confuse consumers trying to distinguish between legitimate software and those programs that want to digitally pickpocket their personal information. Opponents also fear that consumers failure to read the notices could lead them to inadvertently agree to accept a piece of spyware. (One media wag has pegged the bill the Yes, You Can Spy Act.) There’s a world of difference, they point out, between a media player that collects information for authentication purposes, for example, and a keystroke-logging program that follows users around the Internet. And the Federal Trade Commission, which the Spy Act designates for enforcement of the civil violations, has stated that existing laws adequately address the deceptive business practices underlying spyware.
Spyware has become one of those rare issues that find corporations and consumers on the same side. The Center for Democracy and Technology, a Washington, D.C.-based group that has taken the lead among consumer advocates on the spyware issue, says one big issue is the type of notice that consumers will receive from software under the proposed law, and when they will receive it. However, the Center hasnt been able to review the bill’s finer points because the subcommittee staff adjourned without incorporating many proposed changes into a new draft. “We’re hoping we’ll have time to review it before it goes to the floor,” says Ari Schwartz, an associate director for the center.
Also coming out against the Spy Act have been groups such as the Business Software Alliance, a professional association, and the Internet Commerce Coalition, whose roster includes industry heavyweights such as America Online, Microsoft, BellSouth, Comcast, eBay, Verizon, the U.S. Telecom Association, and the Information Technology Association of America. Both organizations feel that valuable commercial software is being tarred in the process of addressing the issue of spyware.
Spyware still falls shy of the flashpoint that spam has become. “It’s a growing problem, but it’s technically complicated, says James Halpert, general counsel for the Internet Commerce Coalition and a partner with Washington, D.C., law firm Piper Rudnick. It’s hard for policymakers to come up with solutions that work, and it hasn’t caught fire with consumer groups yet.” So why such legislative vigor on the issue? Spyware, it seems, popped up on computer screens a little too close to Capitol Hill. The office of California congresswoman Mary Bono says that her drive to sponsor the Spy Act came after she discovered spyware on her own computer.
The bill is due to be sent for a full vote on the House floor later this year, but Halpert predicts it may be next year before Congress passes spyware legislation. “It’s late in the [Congressional] game for action this year, but this is a compelling issue so one never knows for sure,” he says. When they do, everyone hopes Congress will get it right.