The House Energy and Commerce Committee voted 45-4 in favor of the Spy Act, which targets software that hides in personal computers and. The measure is backed by Rep. Mary Bono, a California Republican, and has 28 co-sponsors.
The Spy Act includes 21 pages of dense regulations that specify what software can and can't do and under what circumstances it must seek explicit permission from the user to proceed. It covers activities such as taking control of a computer, modifying browser settings, installing a keystroke logger, and bypassing antivirus software.
The full Commerce committee on Thursday made over two dozen changes to the version of the bill that was by a subcommittee. Among the changes: Network providers may use monitoring software to guard against network security and fraud; software vendors may choose from certain specific notices when asking for permission; and the anti-spyware regulations do not apply to software located on a server.
"I feel that we have fashioned a bill that is strong enough to protect consumers from spyware-related privacy invasions without impeding the growth of technology," Bono said after the vote. The bill also zaps state anti-spyware laws, such as one, and gives the Federal Trade Commission the power to sue violators. A similar measure has been introduced in the U.S. Senate.
As the November elections near, politicians areas taking action against an Internet menace that has angered constituents by deluging them with pop-up advertisements or by raising fears about their online actions being secretly monitored. Dell Computer said in April that spyware problems became the largest single customer service complaint late last year.
High-tech companies had unsuccessfully tried to block or delay the vote, warning that the Spy Act was written so sloppily that it could imperil Internet service providers and restrict legitimate applications embedded in computer operating systems.
In a letter to Congress on Wednesday, the Information Technology Association of America complained that the "current bill will generate a veritable blizzard of legally mandated pop-up notices that only a lawyer would love," and would unreasonably target any utility that might "update, renew, and monitor programs residing on the computer user's system."
Many of the alterations the full Commerce committee made were in response to industry concerns, but tech lobbyists said even the amended bill was unacceptable.
The Spy Act "calls for one uniform notice and consent screen for virtually all software. This requirement will not help consumers distinguish between legitimate software and software that uses personally identifiable information for reprehensible ends," said Robert Holleyman, the president of the Business Software Alliance. The members of the BSA include Microsoft, Apple Computer, Adobe Systems and Symantec.
The FTC, which would be responsible for policing spyware under the Spy Act, has panned the measure. In April, two FTC officialsabout spyware, but warned that the proposed law could harm legitimate software products too. Also, a federal prosecutor that the Justice Department already had sufficient legal authority under existing computer crime laws to put the most noxious spyware makers in prison.
Bono's bill, H.R. 2929, has been called the Safeguard Against Privacy Invasions Act and Securely Protect Yourself Against Cyber Trespass Act. It's abbreviated as the Spy Act.