Anti-spyware bill gets House approval

The House yesterday overwhelmingly passed an anti-spyware bill that would outlaw surreptitious use of online eavesdropping programs.

HR 2929, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), which can be viewed here, would prohibit the deceptive distribution or use of programs that would give an authorized third party control over a computer or gather information without the user's consent. It would mandate clear notice of the installation of such programs and require user consent for their use.

The bill was passed by a vote of 399 to 1. The one negative vote was cast by Rep. Ron Paul (R-Texas).

A spyware program gathers information about the host computer's activity and sends it to a third party, often without the user's knowledge. It also can harvest personal information or deliver pop-up ads. Free software downloaded from the Internet frequently carries spyware.

Although most computer users regard spyware at least as a nuisance and often as an invasion of privacy, the bill drew criticism from the software industry.

The Information Technology Association of America complained it would set up an unnecessary regulatory regime for legitimate online software distribution. The Competitive Enterprise Institute of Washington charged that the bill could interfere with legitimate activity tracking.

As passed by the House, the SPY ACT does not apply to service providers delivering online security, diagnostics or technical support, or to software that is authenticated upon startup or is automatically updated. It also excludes spyware used by law enforcement or security agencies.

The Federal Trade Commission would be charged with enforcement. The bill would supersede all state anti-spyware laws, and no other federal agencies would be allowed to take action under it. Civil penalties range up to $3 million for each violation. There would be no criminal penalties.

Left undecided in the legislation is how the bill would affect tracking cookies, small files placed on computers by Web sites to help identify and deliver data to users. FTC would be required to make recommendations to Congress within six months on how such cookies should be treated.

A Senate bill, the Software Principles Yielding Better Levels of Consumer Knowledge Act S 2145 was voted out of the Senate Commerce, Science and Transportation Committee in September and is awaiting floor action. It would outlaw all surreptitious installation of software except cookies and require uninstall procedures for approved software.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected