Modernizing Authentication — What It Takes to Transform Secure Access
Just six months ago, similar legislation failed to capture the Senate's imagination.
''It is time we not only pass this in the House but also make it the law of the land,'' Rep. Jan Schakowsky (D-Ill.) said. Rep. Cliff Stearns (R-Fla.), added, ''We passed this bill once before. Now, we've got to appeal to the Senate to move it.''
First, though, the Senate will have to divine the intent of the House, which passed two different approaches to dealing with spyware.https://l1.cdn.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Under the Internet Spyware (I-SPY) Prevention Act of 2005, House members approved legislation that imposes tougher criminal penalties for spyware-related activities. The bill imposes prison terms for intentionally accessing a computer without authorization for the purpose of planting unwanted software.
Under I-SPY, using unauthorized access to a computer to commit a crime is punishable by a fine or imprisonment for up to five years. If the access is used to transmit personal information for the purposes of fraud or damaging a computer, the prison terms can go up to two years.
''This is targeted legislation instead of an invasive regulatory scheme with unknown consequences,'' Rep. James Sensenbrenner (R-Wis.) said of the I-SPY Act, which originated in Sensenbrenner's Judiciary Committee.
The other bill passed Monday, the Securely Protect Yourself Against Cyber Trespass Act (SPY Act), also toughens penalties on spyware purveyors but goes much further than the I-SPY Act by imposing an opt-in, notice and consent regime for legal software that collects personally identifiable information from consumers.
Among the spyware practices prohibited by the bill are phishing, keystroke logging, homepage hijacking and ads that can't be closed except by shutting down a computer. Violators could face civil penalties of up to $3 million.