Feeds

Anti-spyware bill could mean tougher fines

Third time lucky?

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

On Thursday, the anti-spyware bill - which has twice passed the U.S. House of Representatives only to be rejected by the Senate - got its third hearing in the House Subcommittee on Commerce, Trade and Consumer Protection.

The bill, whose full title is the "Securely Protect Yourself Against Cyber Trespass Act," would prohibit any software that takes control of a computer, modifies registry settings, logs keystrokes, or collects other data through misrepresentation. The legislation would also require that any program that collects information first get consent from the computer's user. The bill would levy stiff civil penalties against those responsible for programs that hijack a user's computer or collects data without adequate authorization.

Congress needs to give consumer's better protections against unsavory practices of spyware vendors, Rep. Bobby L. Rush (D-Ill.), chairman of the House Subcommittee on Commerce, Trade and Consumer Protection, said in a statement.

"At worst, spyware can lead to the unwanted exposure of offensive Web content to unsuspecting individuals, particularly children," Rush said. "It can also lead to outright fraud resulting in significant financial damages. At best, spyware is simply nasty stuff that clogs computers, slows down processing power, and is costly to remove."

Spyware is likely the most prevalent online threat, infecting more than half of all consumers' PCs, according to a study published by AOL and National Cyber Security Alliance in December 2005. Moreover, a single spyware program frequently acts as a beachhead, installing other spyware or adware programs on a victim's PC.

The unwanted programs, in addition to stealing a victim's data, could also make an innocent PC user appear guilty of a crime. In Connecticut, a substitute teacher has been found guilty of four counts of risk of injury to a minor after her classroom PC started displaying pornographic pop-up ads. A forensic investigator working for the defense found that the computer had been significantly compromised by spyware programs, and security researchers have criticized the prosecution for not adequately investigating the digital evidence. The teacher is scheduled to be sentenced at the end of March.

The legislation would give the U.S. Federal Trade Commission even greater latitude in pursuing the companies and individuals responsible for spyware. Currently, the FTC has brought cases based on its power to investigate deceptive trade practices. The Spy Act would broaden the definition of spyware and would allow the commission to levy greater fines of up to $3 million per activity committed by a spyware program that is prohibited by the act and $1 million for each violation of the prohibition against data collection without consent.

Such hefty fines are needed, said Ari Schwartz, deputy director of the Center for Democracy and Technology. Zango, a company whose settled with the FTC for deceptive trade practices in 2004, paid a fine of only $3 million, even though it took in more than $50 million in revenues, according to the CDT.

"If a company did a cost-benefit analysis right now, they could legitimately conclude that they could continue to do this (use spyware) until they got caught and then change their practices," Schwartz said. "There would be a much stronger incentive to do the right thing under this bill."

Schwartz, who testified on Thursday at the subcommittee hearing, said that the CDT supports the Spy Act but would rather see a commitment to legislation that establishes a foundation for privacy rights than a piecemeal approach that addresses specific threats, such as spyware or data breaches.

"If we do not begin to address privacy issues more comprehensively, the same players will be back in front of this Committee in a few months to address the next emerging threat to online privacy," Schwartz said in a prepared statement to the subcommittee.

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?