WASHINGTON--Federal consumer protection authorities say they want nothing more than to put the financial hurt on deceptive spyware purveyors. The trouble, they say, is that the law still doesn't let them.
Sure, the Federal Trade Commission has the ability to go after spyware purveyors now, and it has done so a dozen or so times. So can state attorneys general and the U.S. Department of Justice.
But currently, the FTC can only force an offending company to turn over ill-gotten profits or to pay a finite amount to affected consumers--"consumer redress," as it's known in legal speak--to help make things right, said FTC Commissioner Jon Leibowitz.
Especially when we're talking things like nuisance pop-up ads, the latter penalty can be "very hard to get" because "it's difficult to quantify their harm," Leibowitz, a Democrat, said at a luncheon discussion hosted here by the Harvard University Law School, the Stop Badware Project, the Center for Democracy & Technology, and the National Cyber Security Industry Alliance.
In some cases, to be sure, the ill-gotten gains chunk alone has been hefty, as in the case of . But the FTC would like to be able to slap additional fines on top of those existing penalties.
The FTC's wish list isn't news to Congress. After all, in June, the U.S. House of Representatives overwhelmingly approved a bill that would give the FTC the ability to impose fines of up to $3 million each time a long list of offenses is committed, the bulk of which center on "taking control of a computer" in an unauthorized way.
But for whatever reason, the Senate still hasn't yet acted on the proposal, known as the Spy Act, leaving the FTC to continue its longstanding plea for the extra authority. (Some have suggested .)
Because of what Leibowitz called "limited resources," the FTC doesn't always have time to take its cases all the way to court and get potentially higher monetary penalties. Instead, it sometimes ends up taking settlements that may not involve as tough an outcome.
"Arguably we would be doing a better job on behalf of consumers if we have civil penalties," Leibowitz said.
Congress did make one move last year that is helping the feds to police Internet-related scams, Leibowitz said. A law known as the U.S. Safe Web Act, which allows the U.S. government to more readily share information about international consumer protection cases with foreign government partners, is playing a role in a number of ongoing spyware-related investigations, Leibowitz said.
Meanwhile, passage of antispyware legislation this year is far from certain. In the past four years, the House has twice passed spyware legislation that went on to die in the Senate.
Further complicating matters is the fact that the House this year has passed two competing bills that take significantly different approaches. The bill that would give the FTC the additional fining penalties happens to be the more controversial of the two. It's a more regulatory proposal that has been attacked by online advertisers, technology companies like Yahoo and Google, and banks as proposing overly burdensome rules for any Web site that collects personal information and threatening the viability of a vast array of Web sites that rely on cookies to provide free or low-cost services.
Technology companies prefer a less regulatory version that would punish embedding certain types of malicious software on computers without a user's knowledge with criminal fines and up to five years in prison.