Congress Moving to Tackle Spyware Problem

It's those definitions that have some in the high-tech industry nervous. They fear that a bill designed to stamp out spyware could inadvertently put legitimate software -- such as the kind used to automatically update anti-virus and other software programs -- on shaky legal ground.

"One of the profound difficulties that we keep facing as we're talking about this is that there is a massive disconnect between what spyware really is and what is considered to be spyware," said Robert Cresanti, the vice president for public policy at the Business Software Alliance, which represents companies like Microsoft, Symantec and Cisco Systems.

"A likely scenario could put legitimate companies at high risk for what might be a technical violation of the bill without any ill intent," Cresanti said. The BSA agrees that anti-spyware legislation is needed, but the group wants to make sure that the final bill doesn't hurt legitimate businesses, he said.

Bono's Spy Act, which cleared the Energy and Commerce Committee by a unanimous vote March 9, would require companies to obtain permission before they install any program that collects information on a person's computer.

"We're much more concerned about that section of the bill. We don't think it's responding to an immediate need in the market, and we think it has the potential for some pretty serious collateral damage against an industry that is really burgeoning right now," said Trevor Hughes, executive director of the Network Advertising Initiative, which represents online advertising companies like DoubleClick and 24/7 Real Media.

Hughes said there are dozens of advertising-supported Web site features-- like stock tickers and personalized weather reports -- that could be affected under those definitions.

Although Bono's bill does not restrict the use of "cookies" -- the small tracking programs used by Web sites to maintain things like virtual shopping carts and other visitor-specific content -- Hughes said it could drag in many common programs used by Web operators to personalize the online experience.

"Web sites are very sophisticated commercial operations nowadays, and there may be 15 commercial entities operating on the same site," Hughes said. "If the consumer has to click through 15 different boxes saying yes I want this, no I don't want this, that's really going to impede the online experience."

Bono said the current version of her bill, which has gone through several drafts, addresses the concerns raised by the high-tech industry, but still provides protection to consumers. "We've tried to accommodate industry along the way. It's come a long way but [we've] been trying to walk that fine line between keeping the industry people happy and the privacy people happy. "

In the Senate, Conrad Burns's (R-Mont.) Spy Block Act also targets a class of computer programs that collect information without computer users' knowledge. It was this aspect of the bill that concerned Sen. George Allen (R-Va.) last year when it appeared that Burns's bill was headed for passage.

"If you define a specific illegal spyware activity it is very difficult to do so without causing legitimate software companies unintended consequences and unneeded burdens," Allen said.

Allen said he was also concerned that the law could inadvertently create a "safe harbor" for some malicious spyware distributors -- allowing them to hide behind consent language that users may agree to without fully reading.

Both Hughes and Cresanti said their organizations would prefer that an anti-spyware bill target the behavior of spyware distributors, rather than a whole class of technology that has legitimate uses.

Allen said he plans to introduce legislation as early as next week in the Senate that would stiffen existing anti-fraud penalties for anyone convicted of committing fraud via spyware. Allen's bill would also authorize about $10 million for law enforcers to go after spyware distributors. "Much, if not everything, they are trying to create a new definition of a crime for is already against the law," Allen said.

That's also been the primary argument of the Federal Trade Commission. "Most of the acts and practices and harm consumers that are covered under these bills are things that would be either unfair or deceptive under the FTC Act," said Tom Pahl, an assistant director in the FTC's Division of Advertising Practices. Under each of the congressional proposals, the commission would be saddled with coordinating federal enforcement efforts.

According to Bono, the regulators aren't doing enough. "I believe the FTC has been asleep at the wheel so far and hasn't enforced it and that's why it's grown so exponentially," she said, adding that her bill would give Congress the ability to "hold the enforcers' feet to the fire."

The FTC has brought a handful of spyware cases, Pahl said, but the agency has been hindered by the fact that many spyware distributors are located overseas. The commission has asked Congress to pass legislation that would make it easier for them to coordinate with foreign law enforcers.

Pahl added that Congress already pressures the commission to bolster its enforcement efforts. "Congress can and does hold our feet to the fire for how we enforce the FTC Act. Chairman Barton is very adept at holding our feet to the fire and he doesn't need a new law for that," he said.

Staff writer Emily Woodward contributed to this article.