Policy experts split on spyware laws

CAMBRIDGE, Mass. -- Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation.

Even as a trio of spyware bills is moving forward on Capitol Hill, officials from the Center for Democracy and Technology (CDT) and the Federal Trade Commission (FTC) said their two organizations have differing views on the need for passage of the proposed laws.

At a forum sponsored by the Anti-Spyware Coalition and held here at Harvard Law School on June 27, officials from the FTC and CDT -- a Washington-based nonprofit that has become a prominent Internet policy watchdog -- detailed areas where their organizations diverge regarding Congressional anti-spyware bills.

The Anti-Spyware Coalition -- a security consortium backed by industry players including AOL, Dell, Google, McAfee, Microsoft, and Yahoo -- hosted the panel that brought legal experts from the two organizations together to air their differences. The discussion was hosted by John Palfrey, executive director of the Berkman Center for Internet and Society at Harvard Law, a well-known expert in the field of Internet security and privacy issues

The three pieces of legislation being debated were the Internet Spyware Prevention Act of 2007 (I-SPY Act) and Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) -- both of which passed vote in the U.S. House of Representatives in May and remain up for debate in the Senate -- and the Counter Spy Act of 2007, introduced before the Senate in mid-June.

While both the FTC and CDT are actively involved in attempts to bring suspected purveyors of spyware to court and stop them from distributing illegal code to end-users, the agencies appear to be divided over whether the new laws will result in more prosecutions.

The CDT supports passage of all three proposed bills, claiming that any additional laws that increase civil and criminal penalties against spyware brokers and better define illegal practices will prove helpful in bringing new cases -- despite the group's recognition of flaws in all three bills.

For its part, the FTC contends that the new laws may only serve to muddle its ability to go after cyber-criminals when it finds them.

In outlining each of the bills for the assembled audience, CDT Deputy Director Ari Schwartz highlighted the group's hopes for each of the measures.

The I-SPY Act is the least controversial of the three bills in that it merely seeks to extend penalties established in the Computer Fraud and Abuse Act -- originally passed in 1986 -- and make the legal punishments for criminal hacking more severe.

The CDT is fully behind the bill and it passed through House hearings with almost no opposition, proving its overall appeal, Schwartz said.

The SPY ACT -- originally written by California Republican Rep. Mary Bono and passed by the House in previous sessions -- has proven more divisive; some businesses are expressing serious concerns about the proposal's limitations on consumer information gathering and the fact that the bill would supersede existing state anti-spyware laws.