CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

The Spy Act that loved me?

Policy analyst Bartlett Cleland warns that a patchwork of state spyware laws will end up having the opposite effect desired by proponents.

By now we're all aware of the dangers of being connected to the Internet: viruses, worms and spyware.

Fortunately, innovators have addressed these problems through a class of software designed to protect computers and servers against invasion. The use and maintenance of these programs has become a virtual necessity for computer users.

The development of such software is yet another example of the superiority of solving problems through innovation in the private sector rather than through government action. But governments cannot resist the urge to pass more laws, despite the fact that legislative efforts designed to protect consumers often have unintended negative consequences.

There are times, however, when a new law is needed, particularly to address previously unforeseen problems, but especially when one new federal law will preclude 50 different and contradictory state laws.

Such a new federal legislative effort is under way--the "Spy Act"--to protect consumers by prohibiting anyone from deceptively installing programs on computers. The legislation requires notice and consent from the computer user before software is installed, and that the software must be easily removable. It would also preempt state spyware legislation.

Imagine the nightmare of having 50 different states each writing a different set of regulations for Internet cookies.

That sounds pretty good. But because law is a blunt instrument, it is especially important to make sure laws are free of provisions with potentially unintended consequences. And there is a provision in the Spy Act that is rife with such potential.

The so-called Good Samaritan provision would create special protections for a broadly defined class of software that would be able to operate outside of the current legal structure, which currently holds antispyware companies responsible if they remove legitimate, intended software.

Moreover, this provision could give such software programs inappropriate influence in determining which software and business models are "legitimate" without any balancing responsibility. The antispyware companies are making subjective decisions about which programs are legitimate and which are not. They should have every incentive to get it right and should not have a safe harbor that insulates them from the results of their decisions.

The Digital Millennium Copyright Act provides a safe harbor for Internet service providers against accusations of copyright infringement, but only because ISPs do not make decisions about the content passing through their pipes. But the Good Samaritan provision would provide similar protections for companies that are expressly making subjective decisions about software content.

Safe harbor protection for software that labels other software as undesirable would create incredible potential for carelessness, or even abuse, if it is intentionally done because of competition.

The difficulty of writing good legislation in this area is also illustrated by the bill's omission of cookie technology, which is also frequently installed on users' computers without notice, and which can also be used to collect personal data and track Internet activity. We're not advocating the regulation of cookies--it's probably a good idea to leave that Pandora's box closed. But if it's complicated to legislate the use of cookies at the federal level, imagine the nightmare of having 50 different states each writing a different set of regulations for Internet cookies.

Several states are indeed considering passing some sort of spyware legislation, just as Utah did last month. The result will be a patchwork of conflicting and contradictory rules for software companies that would add enormous compliance headaches and expenses to software innovation.

For that reason, federal legislation that creates one national set of rules for the U.S. software market is probably justified. But at the very least, policy makers should make sure that such federal legislation does not contain items like the Good Samaritan provision, which could create all sorts of unintended problems in an industry that almost all observers agree is working reasonably well without much government interference.