Social Security, spyware bills go to House vote

The House Energy and Commerce Committee approved modified versions of a pair of bills aimed at curbing abuse of social security numbers and computer spyware, respectively

The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware.

The two bills, known officially as the Social Security Protection Act of 2007 (HR 948) and the Securely Protect Yourself From Cyber-Trespass, or Spy Act (HR 964), respectively, are now headed to a House-wide vote in the coming weeks.

"Identity theft is a scourge on the American consumer; it exacts a heavy financial toll on individuals and on businesses," Congressman John D. Dingell, a Michigan Democrat and Chairman Committee on Energy and Commerce, said in a statement on the bills, both of which he helped sponsor. "These two bipartisan bills strike a blow against this problem in a fair and balanced manner."

The Social Security Protection Act of 2007 -- first proposed by Rep. Edward Markey, a Massachusetts Democrat -- makes it illegal to purchase or sell social security numbers in a manner that violates Federal Trade Commission (FTC) anti-fraud regulations.

Among the recent amendments made to the bill before its approval were a number of exemptions to the rules to help law enforcement, national security, public health or safety, and credit verification organizations utilize the numbers for purposes of identification. The bill would also preempt similar state laws if passed, and provide for enforcement of the rules by individual state attorneys general.

Dingell said that it was important for legislators to hash out strict laws preventing the abuse of credit card data by criminals, and holding companies such as retailers to higher standards in protecting customer information while ensuring that the identifiers are available for use when appropriate.

"Social Security numbers have many beneficial uses in both the public and private sectors," Dingell said. "By virtue of mission creep, they have become our national identifier; by virtue of the Internet, they have become available for purchase and sale to all manner of thieves and rogues with nefarious purposes."

Of the two acts the Spy Act is undoubtedly the more controversial.

Meant to protect Internet users from unknowing transmission of their personal information via spyware programs, the Spy Act bans the most commonly known techniques used by malware and adware brokers, such as the use of keystroke-logging programs or installation of software without gaining approval via a clearly stated EULA (end user licensing agreement).

The bill further establishes requirements for legitimate distributors of spyware-like programs to gain end user consent and build their applications such that they can be easily identified and removed from computers.

If passed, the FTC will be tasked with enforcing the Spy Act.

Although online advertising and marketing industry groups have opposed elements of the Spy Act, based on claims that it will interfere with a number of legitimate online business models, the House committee refused to weaken the terms of the bill before passing it along for a vote.

Rep. Mary Bono, a California Republican who introduced the Spy Act, said that the legislation will help protect consumers against everything from unwanted adware to drive-by Web site malware infection attacks. She also specifically called out unsavory online marketing schemes.

The bill specifically requires that consumers receive a "clear and conspicuous notice" prior to the installation of any tracking program and includes provisions to bar unfair or deceptive behavior such as computer hijacking, phishing, and the display of any browser ads that can't be closed.

"Once installed on computers, some spyware programs, like viruses, become buried among code for other programs and are difficult to detect and remove," Bono said in a statement. "Today the Internet is used daily by most Americans for practically everything from shopping and banking, to communicating with loved ones; the Spy Act works to restore privacy on the personal computer - which has grown to become a center for our business transactions as well our personal interactions."