US lawmakers introduce I-Spy bill

Internet Spyware Prevention Act would set prison terms of up to 5 years

Two U.S. lawmakers have reintroduced a bill that would impose penalties of up to five years of prison time and fines for spyware activities.

The Internet Spyware (I-Spy) Prevention Act, introduced this week by Representatives Zoe Lofgren, a California Democrat, and Bob Goodlatte, a Virginia Republican, was one of two bills that passed the U.S. House of Representatives in May 2005. The Senate failed to act on both bills, partly because of concerns raised about the bills.

I-Spy, which passed the House on a 395-1 vote in 2005, would set prison terms of up to five years for people convicted of using spyware to access a computer without authorization or using the computer to commit another federal crime. The bill also would allow a jail term of up to two years for a person who uses spyware to obtain someone else's personal information or to defeat security protections on a computer with the intent of defrauding or injuring the computer owner.

The bill would protect "Americans from Internet crime while not impinging on software development," Lofgren said in a statement. "Spyware has become a plague for computer users, and Congress must address the mounting negative impact that it is having on our economy. Americans should not be afraid to use the Internet."

The legislation will punish "bad actors" while protecting legitimate online companies by not over-regulating, Goodlatte added in a statement.

House members introduced a second spyware bill, called the Spy Act, in February. That bill would prohibit keystroke logging, taking control of a computer without the user's consent, diverting Web browsers, using computers to create botnets and modifying a computer users' browser and security settings without permission.

But the Interactive Advertising Bureau (IAB), a trade group representing online advertisers, raised objections to the Spy Act this week. While the IAB supports large portions of the bill that prohibit spyware-like behavior, a part of the bill broadly prohibits information collection without prior permission from the computer user.

That portion carves out an exception for cookies, but that exception may be too narrow, said Mike Zaneis, the IAB's vice president for public policy. The bill could prohibit certain types of advertising technologies, including cookies or Java scripts of the future, he said. The IAB testified against the Spy Act in a congressional hearing Thursday.

"The problem is, it's not technology neutral," Zaneis said in an interview. "The bill is just a blanket (prohibition) on technology, and then they try to carve out exceptions. We ought to regulate based on bad behavior."

The bill also gives exceptions to antispyware programs but those programs often delete legitimate software such as cookies, Zaneis said. Consumers should have the choice of what programs to remove, he said, instead of broad removals by antispyware vendors.

"There's a real push for them to block all in-line advertising," Zaneis said.

Sponsors of the bill have said the legislation is necessary to protect consumers against spyware. "It is critical that Congress swiftly pass legislation that will empower consumers to take back control of their computers and safeguard their personal information," Representative Mary Bono, a co-sponsor and California Republican, said in February.