A US House subcommittee has approved a spyware bill that
would allow fines up to $3m (£1.6m) for collecting personal
information, diverting browsers and delivering some pop-up
advertisements to computer users without their
consent.
The Securely Protect Yourself Against Cyber Trespass (Spy Act)
bill also requires software that collects the personal information
of computer users to notify the users of its installation, to get
the users' consent before installation, and to provide users with
easy uninstall options.
Spy Act was approved by the House Subcommittee on Commerce,
Trade and Consumer Protection as an amendment to a spyware bill
introduced last year.
The amendment is an attempt to outlaw bad actions without
outlawing technologies similar to spyware that have legitimate
uses, such as parental monitoring software or anti-virus
software.
The early version of the bill called the Safeguard Against
Privacy Invasions Act, defined all computer programs that transmit
information without action from the user as spyware. But that
raised objections from several IT suppliers, including anti-virus
companies.
A later draft of the bill, which authorised the US Federal Trade
Commission to create rules for spyware notice and consent, included
several exceptions, including parental control software, anti-virus
software and software that scans for licence compliance.
The amendment now allows fines of up to $3m for actions
unauthorised by a computer's owner, including hijacking browsers,
changing a browser's default home page, changing the security
settings of a computer, logging keystrokes, and delivering
advertisements that the computer user cannot close without turning
off the computer or closing all sessions of the browser.
The bill requires computer users be notified and be allowed to
give consent before software that collects and transmits personal
information is installed on their computers. But the notice
provision in the bill may not be strong enough, said Ari Schwartz,
associate director of the Center for Democracy and Technology.
Although the bill requires the spyware notice be "distinguished"
from other notices, the spyware notice could end up buried at the
end of a lengthy end-user licence agreement, Schwartz said.
"Then we end up where we are now," he said. "Can we do a notice
provision that won't confuse consumers more?"
The bill is expected to pass through the full House Energy and
Commerce Committee.
"We are one step closer to restoring safety, confidence and
control to consumers when using their own computers," she said.
Grant Gross writes for IDG News Service