Modernizing Authentication — What It Takes to Transform Secure Access
The Federal Trade Commission (FTC) again warned Congress today that anti-spyware legislation is unnecessary with the existence of adequate fraud laws to contend with spyware perpetrators.
FTC Commissioner Orson Swindle, speaking to Capitol Hill staffers at a Cato Institute luncheon Friday, questioned the need for new laws.
"Our experience at the Department of Justice and at the FTC is that [current] law is adequate," Swindle said. "Most, if not all, spyware is executed under a deceptive cloud. If people are deceived, it's a deceptive practice."
The FTC has been skirmishing with the House of Representatives all year over the need for anti-spyware legislation. In April, the FTC held a spyware workshop, and concluded that technology solutions, combined with current deceptive practice laws, would be a superior alternative to any new laws.https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
However, regardless of the FTC's stance, the House went ahead with two anti-spyware bills: the Spy Act (H.R. 2929) and the Internet Spyware Prevention Act of 2004 (H.R. 4661). The Spy Act prohibits unfair or deceptive practices related to spyware and requires an opt-in notice and consent form for legal software that collects personally identifiable information from consumers. The Internet Spyware Prevention Act makes it a crime to intentionally access a computer without authorization or to intentionally exceed authorized access.
Both bills are likely to die on the Senate side when Congress reconvenes in a lame duck session on Nov. 16, but anti-spyware advocates in the House have vowed to revive the legislation when the new Congress meets in January.
Swindle said the biggest problem facing the FTC is not the need for new laws, but the ability to locate and prosecute spyware vendors.
"I'm of the opinion that many of the scams in this country are short-lived. They get a lot of money, they take a lot of money and the guys are out of there," Swindle said. "Sometimes they get caught and they don't have any money left. The cost of getting caught amounts to nothing more than another line item on the balance sheet."
Jim Harper, director of information policy studies at the Cato Institute, added that anti-spyware legislation would be no more effective than the CAN-SPAM Act signed by the president in December.
"We didn't need federal spam legislation. The problem there wasn't the need for a new law, but finding the people who send spam," Harper said. "CAN-SPAM hasn't worked because you can't find spammers. You can't reach them because they are operating in an eastern block country or the country where they are operating doesn't cooperate with the [U.S.] federal government."
Swindle pointed to the FTC's first case filed against a spyware operator in October as an example of the current law working.
"We didn't need a new law to get that done," Swindle said. "We're confident we're going to win that case and there's more coming."
Swindle was quick to praise the "good intentions of Congress" in attempting to deal with spyware, but he cautioned the Hill staffers about the unintended consequences of well meaning legislation.
"First you have to get by defining what spyware is," Swindle said. "Poorly written legislation can cause enormous problems. We have to write rules based on laws passed by Congress in order to implement the law. Quite frankly, sometimes we have no earthly idea what the Congress meant to say."