Establishing Digital Trust: Don't Sacrifice Security for Convenience
Two champions of last year's Can Spam Act have introduced legislation in Congress to outlaw invasive software such as spyware and adware from being secretly installed on computers.
Currently, these type of programs often piggyback on downloaded files without the user's consent, transmitting information about Internet traffic patterns and generating pop-up advertisements.
Known as Spyblock (Software Principles Yielding Better Levels of Consumer Knowledge), S. 2131 is sponsored by Senators Conrad Burns (R-MT), Ron Wyden (D-OR) and Barbara Boxer (D-CA). Burns and Wyden successfully steered the country's first federal anti-spam bill through Congress in 2003.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iThe National Cyber Security Alliance last year said more than 90 percent of all broadband users have spyware programs on their computers. Most of the programs found their way into users' computers through music and file-sharing programs. The same study showed 94 percent of broadband users did not know that spyware is often bundled with P2P programs.
Last year, Rep. Mary Bono (R-CA) introduced an anti-spyware bill in the House of Representatives. No hearings have been held on the bill and spokespersons from the Senate anti-spyware sponsors told internetnews.com they are unable to predict when their legislation might get a hearing.
The bill would be enforced by the Federal Trade Commission (FTC) and state attorneys general. The FTC could impose penalties just as it does for unfair and deceptive practices, including cease-and-desist orders and civil fines. State attorneys general could bring suits seeking injunctions, plus damages or other relief.
"The Internet is a window on the world, but spyware allows virtual Peeping Toms to watch where you go and what you do on the Internet," Wyden said in a statement. "Computer users should have the security of knowing their privacy isn't being violated by software parasites that have secretly burrowed into their hard drive."
According to the bill sponsors, general notice and consent requirements of the legislation could be satisfied by screen dialog boxes informing users that a download will trigger the installation of a particular program.
More specific disclosure requirements kick in if the software has specific types of features, such as spyware, which collects information about the user and transmits it to a third party, and adware that triggers pop-ups.
The bill also prohibits programs designed to trick users about who is responsible for content a user sees, such as causing a counterfeit replica of a company's Web site to appear whenever the consumer attempts to navigate toward a legitimate company's site.
These types of programs have been used to fraudulently obtain personal financial information from users confused by dummy Web sites.
"Computer users should have the same amount of privacy online as they do when they close the blinds in the windows of their house," said Burns. "But this is not the case, as computers across the country are being hijacked everyday as users unknowingly download unwanted and deceitful programs that spy into their online world."
Congressional efforts to halt spyware date back to 2000, when Sen. John Edwards introduced a measure to curb the practice. It failed to make it out of hearings. Similar legislation in the 2001-2002 107th Congress also failed to make it to a floor vote in either chamber.