Deconstructing the spyware face-off

Until very recently, technology firms have enjoyed the rare ability to get their way on Capitol Hill.

Thanks to skillful lobbying and bipartisan political schmoozing, America's high-technology industry can point to a handsome number of legislative victories, like the R&D tax credit, more H-1B visas, restrictions on Internet access taxes, free trade with China, and curbs on lawsuits arising from the Year 2000 computer bug.

Now this enviable winning streak may be ending. Even the combined might of Microsoft and some of Silicon Valley's largest corporations wasn't enough to derail a spyware bill that's hurtling through the U.S. House of Representatives at an unusual speed and is now awaiting a floor vote.

The legislation, backed by Rep. Mary Bono, R-Calif., is called the Spy Act. On June 24, members of the House Committee on Energy and Commerce ignored intense lobbying from the software industry and voted 45-4 to forward the Spy Act to the House floor.

Industry lobbyists were left dazed by the unexpectedly lopsided vote.

Industry lobbyists were left dazed by the unexpectedly lopsided vote, which came a day after 16 corporations and trade associations wrote a letter to the committee, raising "substantial concerns" about the Spy Act. Among the letter's signers were Amazon.com, America Online, Dell, Microsoft and Sun Microsystems.

"We didn't get very far at the end of the day," admits Harris Miller, president of the Information Technology Association of America. The ITAA wrote its own letter warning that the "current bill will generate a veritable blizzard of legally mandated pop-up notices that only a lawyer would love," and would unreasonably target any utility that might "update, renew and monitor programs residing on the computer user's system."

These tech firms are no fans of malicious spyware, an amorphous term that refers to software that hides in personal computers and may snoop on what users are doing. (A related category includes "adware" firms such as WhenU and Claria that display frequently unwanted pop-up ads.)

The Spy Act is no prize, either. The latest version has ballooned to 21 pages and hands broad new powers to the Federal Trade Commission to police the U.S. software industry. Legitimate firms would have to comply with an avalanche of regulations of dubious value--yielding notices that Americans will ignore as completely as they do the junk mail the Gramm-Leach-Bliley law requires banks and credit unions to send out.

Scrambling to respond
Politicians don't care. As the November elections near, they're eager to be perceived as taking action against an Internet menace associated with pop-up advertisements and keystroke monitoring--even if the final bill does more harm than good.

Legitimate firms would have to comply with an avalanche of regulations of dubious value.

At a hearing in April, committee members denounced anyone who dared to suggest that the Spy Act was less than perfect. "You like this stuff? You're the only person in this country that wants spyware," Rep. Joe Barton, R-Texas, said to a Federal Trade Commission official who made the mistake of testifying that existing law already bans the worst forms of spyware. (The Department of Justice has said the same thing.)

Ever since last month's embarrassing defeat, tech firms have been scrambling to recover. They've reached out to the influential U.S. Chamber of Commerce, which sent Washington's business lobbyists a private e-mail alert on July 7 warning that the Spy Act "could be moving very quickly" before Congress leaves town in August. The Chamber hosted closed-door strategy sessions on July 9 and July 13. So has the Center for Democracy and Technology, a nonprofit group that received 46 percent of its funding last year from corporations such as Intel, Microsoft and America Online.

Complicating the political debate is technology lobbyists' hope to enact some form of spyware-related legislation. This time, it's not only about generating billable hours: They'd like Congress to zap state laws such as one in Utah that regulate many variants of Internet software--and they're willing to engage in a bit of horse-trading to get it. So an obstructionist approach is out.

The industry strategy that's emerging involves efforts to rally behind a new bill called the Internet Spyware Prevention Act (ISPA), which was introduced the same day as the House committee vote last month.

Instead of trying to define what computer software should or shouldn't do, the ISPA simply says it's illegal to install software "without authorization" if it leaks personal information or "impairs" a computer's security. Because it includes criminal penalties, it's under the control of the House Judiciary committee, a different group of politicians who can be lobbied separately.

ISPA is "a very thoughtful bill," said Marc-Anthony Signorino, technology counsel for the American Electronics Association. "It attacks the behavior, and it deals with the criminal code. It recognizes this issue for what it is: a criminal issue. It has criminal penalties for doing bad things to good people's computers."

ITAA's Miller, who also likes the ISPA, admits that the tech industry failed to move early enough to quell Congress' technophobic fears about an emotional term like spyware. "A lot of people got very excited," Miller says. "The proponents of legitimate advertising and using the Net to provide security updates were not able to engage, because everyone threw the term spyware out there. Who couldn't be against something called spyware?"