After failing to cut into the deluge of spam sent to Internet users with the Can-Spam Act, the U.S. government might now be aiming legislation at spyware — silent software programs that identify and often track users and their online behaviors — with bills in the House and Senate.
A bill from Mary Bono (R-California) and Ed Towns (D-New York) that passed through a House subcommittee this week would require that consumers receive a clear and conspicuous notice prior to installing applications that contain spyware, which currently creeps onto PCs largely without users’ knowledge.
While that bill now heads for the full House Energy and Commerce Committee before heading to the floor, a companion bill in the U.S. Senate is currently being considered by the Senate Commerce Committee.
Electronic Privacy Information Center (EPIC) associate director Chris Hoofnagle said Congress is likely to pass spyware legislation this year, especially considering that the threat, unlike spam or viruses, often goes undetected on people’s computers.
“I think this bill has some momentum because the extent to which computers are infected by spyware is very high,” Hoofnagle told TechNewsWorld. Referring to more than 20 sponsors of the House legislation, and the fact that many are Republicans, Hoofnagle said there were many indications that “this legislation will move.”
Stopping Spy Ops
House bill sponsor Mary Bono said that the subcommittee passage of the bill helped it move forward, saying that the piece of legislation is now strengthened to fight “spyware-related privacy invasions.”
The bill is aimed at protecting individuals from unknowingly downloading spyware with revisions that prohibit unfair or deceptive behavior, such as keystroke logging, computer hijacking and the display of advertisements that cannot be closed — all possible with spyware applications.
“We are one step closer to restoring safety, confidence and control to consumers when using their own computers,” Bono said in a statement.
Basex chief analyst Jonathan Spira, whose research and consulting firm blames spam for some US$20 billion in lost productivity every year, said that most users are completely unaware of the spyware issue even though they might be aware of spam.
“Spyware is interesting because most users are simply not aware they have a problem,” Spira told TechNewsWorld.
Spira contrasted spam and spyware by referring to spyware’s involvement in direct theft and pointing out that spam is more of an indirect crime at best.
“Spyware, which could be logging keystrokes or stealing identity, is actually fallacious,” Spira said. “Spyware can be damaging, it can zap your computer, it can overwhelm you with ads. There’s a big difference between the crimes being committed.”
This Or Nothing
Hoofnagle, who added that even sophisticated users find that they are infected with spyware, said that although spyware legislation is likely to win approval, it falls short of stipulating privacy norms.
“They sort of punt the issues to a regulatory body,” he said. “This bill, like Can-Spam and a lot of privacy legislation, says, ‘We think spyware is bad and the Federal Trade Commission should do something about it.'”
Arguing the need for a “private right of action,” where individuals could respond legally to spyware senders, Hoofnagle said the current Congress is unlikely to deliver.
“So it’s this or nothing,” he said.
Spira criticized legislation for trying to regulate or minimize the amount of data a company can collect rather than regulating what can be done with that information, which is being gathered from an increasing number of both online and offline sources.
Hoofnagle said that a more effective means of fighting spyware would include possible penalties for the companies that use spyware, knowingly or not, through advertisers or other partners.
“The FTC should go after companies hiring spyware companies to advertise their goods,” Hoofnagle said. “You have to follow the money.”
Spira, who argued that the FTC is not looking for more legislation to combat spyware, said there might be a large number of unwitting accomplices sending spyware to PCs.
“The question is, do people who create spyware realize the extent to which they are possibly infringing on people’s privacy,” Spira said. “Do companies with pop-up ads and spyware realize they’re contributing to this?”