Spy Act Only Protects Vendors and Their DRM

Here we go again. Congress has decided it needs to protect us from spyware, but - surprise, surprise - the bill they are most seriously considering actually offers no help in that regard. What's worse, the bill seems designed to make it harder for you to legally go after those who spy on you, particularly if they are doing so to determine if you're authorized to use a software product. Last week a subcommittee o

Here we go again. Congress has decided it needs to protect us from spyware, but - surprise, surprise - the bill they are most seriously considering actually offers no help in that regard. What's worse, the bill seems designed to make it harder for you to legally go after those who spy on you, particularly if they are doing so to determine if you're authorized to use a software product.

Last week a subcommittee of the House Committee on Energy and Commerce approved H.R. 964, the Spy Act, which bans some of the more blatant forms of spyware such as those that hijack computer or log keystrokes. The bill now goes to the full committee for approval, and it's expected to move quickly as it has strong bipartisan support.

But why? There are already plenty of federal and state laws regarding computer fraud, trespass, and deceptive trade practices that make spyware illegal. The existing laws have been sufficient to allow the FTC and/or state attorneys general to even successfully go after some of the nastier adware companies like Direct Revenue and Zango/180 Solutions. So what is the purpose of this law?

A clue can be found in the Limitations section of the Act, which features this rather broad exception:

Exception Relating to Security- Nothing in this Act shall apply to--

(1) any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service, to the extent that such monitoring or interaction is for network or computer security purposes, diagnostics, technical support, or repair, or for the detection or prevention of fraudulent activities; or

(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon -- (A) initialization of the software; or (B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software.