The U.S. House of Representatives has passed an antispyware bill that would impose specific penalties for scammers accessing computers without authorization while attempting to commit other federal crimes.
The bill, sponsored by both Democrats and Republicans, would make the fraudulent use of spyware a crime punishable by to up to five years in prison.
However, the new law would not impose any new requirements on software makers.
“It targets the worst forms of spyware without unduly burdening technological innovation,” said Democratic Rep. Zoe Lofgren of California, chief sponsor of the bill.
A Big Scourge
Spyware has emerged as perhaps the biggest problem for computer users in recent years, as the sneaky software plants itself inside their systems, collecting personal information without informed consent.
Spyware is a favorite tool of scam artists to capture passwords and credit card account numbers, for example. In addition pilfering data, spyware can bog down a machine to the point where it will eventually cease to function.
Where’s the Teeth?
Most of the problems related to spyware stem from actions — or inactions — on the part of regular users, noted Ron O’Brien, a senior security analyst with antispyware firm Sophos, and is the precise reason the newly passed bill really has no teeth.
“By purporting to impose penalties, what the bill really says is ‘if we knew who was responsible we would do something,” O’Brien told TechNewsWorld.
The Problem Within
Spyware is effective, according to O’Brien, because so many unsuspecting users leave their systems unprotected.
“The responsibility really is on the people without up-to-date antispyware,” he said.
A Form of Malware
The rapid spread of spyware has led to the burgeoning development of an entire antispyware industry whose products remove or disable the scourge.
Although some companies’ products incorporate forms of spyware — for example, pop-ups that offer protection against other malware — this usage accounts for only a tiny fraction of spyware in the United States.
“That is such a small amount,” said O’Brien. “No one person — or persons — is responsible for the distribution of spyware.”
The problem primarily stems from users visiting Web sites loaded with spyware, he pointed out, because there is nothing illegal about launching it onto a visitor’s machine.
Noticeably missing from the final bill approved by the House was a provision endorsed by the House Energy and Commerce Committee that would require software distributors and advertisers to clearly notify consumers and obtain their consent before loading programs onto a computer.
Rep. Lofgren argued against restrictions that might inhibit legitimate business.
“Focusing on bad actors and criminal conduct is preferable to an approach that criminalizes technology or imposes notice- or consent-type requirements,” he said.
The bill must now clear the Senate.