Some say spyware bill too broad, others say too weak

An antispyware bill that passed the U.S. House of Representatives this week faces opposition from several groups with one side saying it's too strong and the other saying it's too weak.

The Securely Protect Yourself Against Cyber Trespass Act (SPY ACT), which passed the House Wednesday by a vote of 368 to 48, would prohibit taking control of computers to send unsolicited material to others, diverting the Web browser, modifying a computer's settings and keystroke logging. The bill would make it illegal to collect personal information without permission and it allows fines of up to $3 million for some violations.

But several business groups, led by the DMA (Direct Marketing Association), sent a letter to House leaders this week raising objections that the bill too broadly defines "computer software" and "information collection programs," and it could make it illegal for e-commerce sites to recommend products based on browsing or buying history, engage in targeted advertising, or to place cookies on a Web site user's computer

"The scope and impact of [the bill] on legitimate businesses goes far beyond regulating spyware and cuts to the heart of the information economy," said the letter, signed by 31 trade groups and companies. The bill could "limit the seamless Internet experience that is responsible for the widespread adoption of the Internet by consumers," the letter said.

Representatives of the SPY ACT's two main sponsors, Representative Ed Towns, a New York Democrat, and Representative Mary Bono, a California Republican, weren't immediately available for comment.

The SPY ACT is the second piece of antispyware legislation passed by the House this year. The Internet Spyware Prevention Act (I-SPY), which passed the House in May, hasn't prompted major objections. I-SPY would create penalties of up to five years in prison for some spyware-like behavior. Versions of both bills passed the House in May 2005, but failed to make it through the Senate.

By requiring Web sites to get permission every time they track a users' history, the SPY ACT could make Web surfing an unwieldy series of pop-ups asking for permission, said Steve Berry, the DMA's executive vice president for government affairs. By trying to define bad uses of technology, the bill becomes overly broad, he said.

"Our thought is maybe you should look at the intent rather than trying to regulate the technology," Berry said.

Among the groups signing the letter in opposition to the SPY ACT were the U.S. Chamber of Commerce, the Information Technology Association of America, NetCoalition, Charles Schwab & Co, and the Internet Alliance.

Meanwhile, the Electronic Frontier Foundation has raised different objections to the SPY ACT. The bill would preempt about 10 state laws that have been passed, many of them stronger than the SPY ACT, said Fred von Lohmann, senior intellectual property lawyer for the EFF.

In addition, the bill would take away the ability of private citizens to sue spyware creators, von Lohmann said.

The bill "would actually make things worse, insulating adware vendors from more stringent state laws and private lawsuits," von Lohmann wrote on the EFF blog in April.

The bill concentrates spyware enforcement in the hands of the U.S. Federal Trade Commission and state attorney generals, instead of allowing private lawsuits as well, he said. "This is a terrible move," von Lohmann wrote. "If Congress is serious about enacting tough anti-spyware laws, it should create incentives that would encourage private citizens to pursue the bad guys."

Bono, one of the bill's sponsors, said in a statement this week that the preemption of state laws is the right approach. "Because of the Internet's role in interstate commerce, the need for federal spyware legislation is clear, depending on a patchwork of state laws is simply unworkable," she said. "The passage of the SPY ACT moves the American people one step closer to reclaiming control of their computers in their home and at their business."