Congress eager to ban spyware

The tech industry wants to let the market squash spyware, but the U.S. Congress is getting impatient — and overrun with constituent complaints.

Spyware is technological trespassing, say several members of a House subcommittee eager to pass legislation banning downloads without a user’s clear permission. Members of the Commerce, Trade, and Consumer Protection subcommittee drilled witnesses last week about what they consider current ineffective attempts at protection.

“If someone walks into my house without my permission, I think we’d all agree that’s trespassing,” said Representative Joe Barton (R-Texas). “So why is it OK to come into my computer in my house without my permission?”

Restraint urged

Witnesses from Microsoft Corp., the Center for Democracy and Technology, Earthwatch, and the U.S. Federal Trade Commission argued that passing a law now would be too hasty. They contend that such a law would be too broad and deter distribution of software that consumers want, such as security updates.

Some popups and automatic downloads serve a useful function, said Jeffrey Friedberg, Microsoft’s director of Windows privacy. Legislation would infringe on the development of new technologies, he added.

“There is a small area to provide notices. If we codify into law (an anti-popup measure), we’ve tied our hands in innovation,” Friedberg said.

FTC Commissioner Mozelle Thompson and Howard Beales, director of the FTC’s bureau of consumer protection, testified that current laws are sufficient to prosecute spyware perpetrators.

“I don’t believe new legislation is the answer,” Thompson said, saying the FTC can prosecute under current law.

Ari Swartz, associate director of the Center for Democracy and Technology, listed steps the government should take to protect consumers.

“Number one: Enforce existing laws. Number two: The industry needs to do a better job self-regulating. Number three: Privacy legislation that protects these concerns,” he told the subcommittee. He added that the FTC needs more resources to go after violators.

Eager for new laws

Representative Mary Bono (R-California), who introduced anti-spyware legislation last year, derided the FTC for its lack of enforcement.

“We keep talking about prosecution, prosecution, prosecution,” she said. “But what the FTC has failed at is stopping the continued proliferation of spyware.”

Bono said her bill won’t restrict technology, but will inform consumers of what their computers are doing.

“If I bought a new car and put it in my garage, does that give the auto industry the right to come and work on it because they sent out a recall notice? What is wrong with people knowing what they are downloading?” she asked.

Representative Cliff Sterns (R-Florida) said spyware is more than a nuisance, it’s a security concern. The Commerce Committee recently found 200 spyware applications on its own computer, demonstrating the problem’s severity, he noted.

“I am a little concerned that you’re not concerned, that you don’t think people’s privacy is violated,” said Sterns, who chairs the subcommittee.

But the FTC’s Thompson responded that “there is a danger in trying to define this and ending up being too broad.”

Current tactics

The FTC representatives didn’t answer questions about people successfully convicted of spyware violations, but they did say they can charge people only under civil law, not in criminal court.

“Fifteen to 20 defendants have all been prosecuted in one way or another,” Beales said. The penalties are “a full redress of money they made. We have no criminal authority.”

Representative Charles Bass (R-New Hampshire) responded that such limitations are part of the problem.

“What’s the disincentive?” he asked. “If the only penalty for a bank robber is to return the money to the bank, there is no reason not to rob the bank.”

The subcommittee discussed the growing momentum of state legislatures to regulate spyware. They noted the recent passage of a Utah law, as well as measures pending in California, Texas, and New York. Members favour a single piece of legislation, hoping to prevent the emergence of 50 different laws the United States.

The subcommittee has not set a date to vote on the legislation, although members say they are eager to have the bill become law within a year.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now