Two spyware bills pass U.S. House

WASHINGTON - Two bills focusing on spyware overwhelmingly passed the U.S. House of Representatives late Monday, including one that requires many software programs collecting personal information to get permission before doing so.

The Securely Protect Yourself Against Cyber Trespass Act, or Spy Act, also would outlaw the act of taking over a computer in order to send unauthorized information or code, and diverting a Web browser without the permission of the computer owner. The bill, which passed the House by a vote of 393-4, prohibits Web advertising that computer users cannot close "without undue effort" or without shutting down the computer, and it prohibits collecting personal information through keystroke logging.

A second bill, the Internet Spyware Prevention Act, or I-Spy Act, sets jail terms of up to five years for a person who uses spyware to access a computer without authorization and uses the computer to commit another federal crime. The I-Spy Act also would allow a jail term of up to two years for a person who uses spyware to obtain someone else's personal information or to defeat security protections on a computer with the intent of defrauding or injuring the computer owner.

The I-Spy Act, sponsored by Virginia Republican Representative Bob Goodlatte, passed the House by a vote of 395-1. Both bills would have to pass the U.S. Senate and be signed by President George Bush to become law. Both bills passed the House in October, but failed to make it through the Senate.

The Spy Act, sponsored by California Republican Representative Mary Bono, would allow fines of up to $3 million for spyware-like activity such as delivering unauthorized software to a computer or hijacking a Web browser. Security software updates are exempted from the Spy Act.

Unlike an older Bono bill, this version of the Spy Act doesn't attempt to define spyware, but outlaws several actions commonly associated with spyware.

An earlier Bono spyware bill, introduced in July 2003, broadly prohibited and defined spyware. Some software vendors, including those that market antivirus update software, objected that the definition was overly broad and could subject their services to fines.

Microsoft  issued a statement praising both new bills as providing "important tools in the battle against spyware and other deceptive software." But Microsoft also called for the Senate to include language that would protect vendors of antispyware software from lawsuits by companies distributing spyware. Two antispyware companies have been sued by firms asking that their software not be removed from users' computers, with Claria, a distributor of pop-up advertising formerly known as Gator, filing a lawsuit against PC Pitstop in September 2003. This year, Claria also asked Computer Associates International  to stop its PestPatrol software from deleting Claria ad-targeting software, but CA refused.

Microsoft released its own Windows AntiSpyware software in January. "In its current form, these bills leave companies that are responding to consumer demand for strong antispyware tools vulnerable to frivolous lawsuits brought by the very companies responsible for the proliferation of spyware and other deceptive software," Jack Krumholtz, managing director of federal government affairs for Microsoft, said in a statement.