Modernizing Authentication — What It Takes to Transform Secure Access
WASHINGTON -- With an eye on peer-to-peer networks, the U.S. House Judiciary Committee approved legislation Wednesday criminalizing some acts of copyright infringement. In the same markup session, the panel created criminal penalties for the surreptitious use of spyware.
The Piracy Deterrence and Education Act of 2004 specifically targets the electronic distribution of copyrighted material "with reckless disregard for the risk of further infringement." The legislation calls for prison terms of up to three years for electronically distributing 1,000 or more copyrighted works over a 180-day period.
The bill also provides $15 million to the Department of Justice (DOJ) to establish an Internet use education program. Under the education program, the DOJ is authorized over the next 18 months to send warning letters to Internet service providers (ISPs) whose customers are suspected of widespread copyright infringement.
On a voluntary basis, ISPs may pass on the warning notices to the Suspected copyright violators but are not required to disclose to the DOJ any identifying information about the subscriber.
"We commend the Committee for making voluntary the program under which Internet service providers would pass on to consumers notices from the Justice Department alleging copyright infringement," Gigi B. Sohn, president of the digital rights group Public Knowledge, said in a statement. "We are still concerned that taxpayer dollars could be better spent on priorities other than notifications of possible copyright infringement."
The Internet Spyware Prevention Act of 2004 makes it a crime to intentionally access a computer without authorization or to intentionally exceed authorized access. If the unauthorized intrusion is to further another federal crime such as secretly accessing personal data, the penalty is up to five years in prison. Deliberately injuring or defrauding a person or damaging a computer through the unauthorized installation of spyware carry prison terms of up to two years.
The legislation also authorizes $10 million for the DOJ to combat spyware and phishing scams, although the bill does not specifically make phishing a crime.
Both bills now await a full floor vote of the House.
"By imposing criminal penalties on these bad actors, this legislation will help deter the use of spyware and will thus help protect consumers from these aggressive attacks," bill sponsor Bob Goodlatte (R-VA) said. "At the same time, the legislation leaves the door open for innovative technology developments to continue to combat spyware programs."
The House Energy and Commerce Committee has already passed its own version of a spyware bill requiring that consumers be given clear and conspicuous notice prior to downloading software. The legislation includes provisions to prohibit unfair or deceptive behavior such as keystroke logging, computer hijacking and the display of advertisements that can't be closed.
The Energy and Commerce version also requires anyone who is not the owner or authorized user of a computer to provide an opt-in screen prior to transmitting or enabling any information collection program. The bill proposes civil penalties of $3 million for violations.
Goodlatte said the Judiciary spyware version does not try to define technology as the Energy and Commerce bill does but goes after the "truly bad actors." Bill co-sponsor Lamar Smith (R-TX) said the Judiciary spyware legislation is about "regulation of bad behavior instead of technology. The bill rightly takes a very narrow approach."
The two bills will be reconciled between the two committees before a final version will be presented to the full House. A bill similar to the Energy and Commerce Committee version is backed in the Senate by Ron Wyden (D-OR) and Conrad Burns (R-MT), authors of the CAN-SPAM Act.
"Spyware is a very real problem that is afflicting owners of personal computers and creating millions of dollars of additional business costs to address the problem," said Rep. Zoe Lofgren (D-CA), another co-sponsor of the Judiciary bill. "It is important that we support H.R. 4661, which will clearly discourage spyware and related practices. Consumers and businesses should not have to wait any longer for help in preventing the wrongful use of spyware."
Spyware is often vaguely defined and often confused with adware, but generally refers to any software that covertly gathers user information through the user's Internet connection without his or her knowledge, sometimes for advertising purposes. Most forms of adware, by contrast, are installed with the user's knowledge.
For more than a year, consumer and privacy advocates have urged congressional action to provide consumers with greater disclosure about the programs that report back Internet traffic patterns to advertisers and generate unwanted pop-ups. The software can also slow a computer or network's performance.
"Every day, thousands of unsuspecting Americans have their identities hijacked by a new breed of cyber criminals because of spyware. People whose identities have been stolen can spend months or years -- and much of their hard-earned money -- trying to restore their good name and credit record," Smith said. "This legislation will help prevent bad things from happening to good names."
The Federal Trade Commission (FTC) has repeatedly said new legislation regulating spyware is unnecessary, contending the solution to the invasive programs is more likely to be found in better technology solutions and intensive consumer education, rather than in either state or federal legislation.