House passes more tech-friendly antispyware bill

In win for tech industry, bill that would not regulate the software industry clears the House of Representatives.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

See full bio

Declan McCullagh

May 23, 2007 6:41 a.m. PT

3 min read

In their third effort to enact a federal law targeting spyware, members of the U.S. House of Representatives on Tuesday overwhelmingly approved criminal penalties aimed at anyone implanting certain types of malicious software on computers.

The bill, called the Internet Spyware Prevention Act, or I-Spy for short, punishes anyone who intentionally causes software "to be copied onto" a computer--and damages it or steals personal information--with fines and up to five years in prison.

Tuesday's voice vote is a political win for the technology industry and its allies, Reps. Zoe Lofgren, a California Democrat, and Bob Goodlatte, a Virginia Republican, who had supported the I-Spy Act over a competing proposal that would have imposed a complex new set of regulations on software makers.

Lofgren, who represents the portion of Silicon Valley around San Jose, said during the floor debate that she was delighted that the bill the House approved "both protects consumers on the Internet and fosters technological innovation."

"Regulation of technology is almost always a bad idea because technology changes faster than Congress can regulate and what we attempt to regulate will morph into something else," said Lofgren, who added that companies in her congressional district supported this approach. Microsoft, Dell, Symantec and online advertisers have previously expressed support for it.

The bill, which was approved by the House Judiciary Committee on May 1, would punish anyone who sneaks code onto computers without authorization in an attempt to "impair" the security protections on a machine, transmit personal information about the machine's user or commit other federal crimes.

But political hurdles remain for the I-Spy legislation.

Even though the House approved some kind of antispyware legislation in 2004 and 2005, the Senate never acted. It's not an uncommon fate for legislation passed by the lower chamber, and it could happen again.

Also, if the House leadership eventually permits a vote on the more regulatory alternative, called the Spy Act, the software industry would face a renewed threat. The Spy Act was approved by the House Energy and Commerce Committee on May 10.

The Spy Act, among other things, attempts to make it unlawful to engage in various means of "taking control" of a user's computer, to collect personally identifiable information through keystroke loggers, and to modify a user's Internet settings, such as the browser's home page. It also includes a broad prohibition on collecting information about users or their behavior without notice and explicit consent.

Industry representatives have said those regulations could threaten Web sites that rely on cookies and other commonly used techniques to target ads and to provide free content to their users.

The most worrisome forms of spyware, however, already are illegal. The Federal Trade Commission has told politicians for years that it already possesses broad authority to punish any fraudulent and deceptive adware or spyware practices with fines, and has sued spyware purveyors in the past. Department of Justice prosecutors have said the same thing about filing criminal charges and have already engaged in prosecutions.

CNET News.com's Anne Broache contributed to this report.