Modernizing Authentication — What It Takes to Transform Secure Access
U.S. Senators Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) introduced their long-awaited anti-spyware legislation today, calling for prohibitions and penalties on a variety of practices that result in unwanted software being placed on consumers' computers.
Burns and Wyden, the principal authors of the 2003 CAN SPAM Act, said their bill, known as the Spy Block Act, starts with the premise that computer owners should have knowledge and control over the software installed on their machines, according to a statement released by the senators.
"When I purchase a computer and install it in my home, I expect to be the only one who has access to it," Burns said in a statement. "This legislation gives control back to those who should have it. It protects computer users from those potentially devastating spies and the programs they want to install."
According to the statement, the bill specifically bans the surreptitious installation of software where the user never intended to trigger the installation and prohibits misleading inducements to install software. It also targets software that once installed, prevents efforts by the user to uninstall or disable it.
The legislation also bans the collection and transmission of information about the user of a computer without the user's consent and prohibits the installation of that software that causes ads to appear without identifying itself as the source of the ads.
"Millions of Americans use computers daily to pay their bills, research medical conditions and to shop online, and no one should have to worry that, with each click of a mouse, their every move in cyberspace is being watched," Wyden said ion the joint statmentt with Burns. "Consumers should have control over the programs on their machines and should not have their privacy jeopardized by invasive programs lurking on their computers."
The bill also includes criminal penalties for certain "particularly egregious and intentional acts," as well as protection for providers of anti-spyware technology acting in good faith from being sued for blocking or removing software programs from a user's computer.
The Federal Trade Commission would be charged with enforcing the legislation, with violations treated as unfair or deceptive trade practices. In addition, state attorneys general would be authorized to bring actions, as well. The bill would preempt state spyware statutes, except to the extent such statutes prohibit deception.
While Burns and Wyden waited several months after the start of the 109th Congress to introduce their legislation, the House of Representatives has been aggressively pushing its own version of an anti-spyware bill since January.
Earlier this month, the House Energy and Commerce Committee unanimously approved its fast-track anti-spyware legislation, pushing the bill out for a full House vote.
H.R. 29, the Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), prohibits unfair or deceptive practices related to spyware, and it requires an opt-in notice and consent regime for legal software that collects personally identifiable information from consumers.
The spyware practices specifically targeted by the House legislation include phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.