The House measure, which now goes to the Senate, would make it a criminal offense punishable by a prison term of up to five years, to access a computer without authorization in order to commit a federal offense.
Legislators took an initial pass at a federal law against spyware and online identity theft with the passage by the U.S. House of Representatives this week of the Internet Spyware Prevention Act of 2007, H.R. 1535, which has been tagged the “I-SPY Act.” Spyware is software that can capture personal information from a consumer’s computer, after being downloaded to the computer – usually without the consumer’s awareness -- as an attachment to something the consumer does want. The measure would make it a criminal offense, with a prison term of up to five years, to access a computer without authorization in order to commit a federal offense.
The bill further makes obtaining or transmitting personal information for the purpose of injuring or defrauding a person or damaging a computer punishable by up to two years in prison. It also provides for $10 million to be appropriated for each of fiscal years 2008 through 2011 to help the U.S. Department of Justice seek prosecution for individuals and companies that use spyware or that employ tactics such as phishing. Phishing involves efforts to gain access to consumers` personal information online via communication such as bogus e-mailed bank notices.
The Direct Marketing Association praised the measure as complementary to its own voluntary efforts to combat the spread of programs that install deceptive, fraudulent, or harmful software on consumers’ computers without their knowledge. “We are very glad that the I-SPY bill put the appropriate focus on identifying and punishing the bad actors, rather than by placing restrictions on the use of technologies that are driving legitimate online commerce,” says Steven K. Berry, DMA executive vice president for government and consumer affairs.
I-SPY comes out of the Justice Committee. The DMA has come out against another anti-spyware measure still in the House Energy and Commerce Committee, H.R. 964, as too broadly written.
Others say the I-SPY Act represents a needed first step in tackling the growing problems of spyware and online identity theft, but it doesn’t go far enough. George Waller, executive vice president of Strikeforce Technologies, which manufactures software to combat identity theft, called the measure “ambiguous” as to enforcement. What constitutes a federal offense in the rapidly changing arena of spyware represents “a very open gray area. They’ll have to further define that,” he says.
Waller cites another issue with the Act in the adequacy of the funding level, noting that much of the spyware activity causing trouble in the U.S. now originates from outside this country. “Are they going to set up task forces to go after these people? There is not enough money there to address what needs to be done,” he says. “Identity theft is the world’s fastest-growing crime.”
I-SPY will be reported out of the House to the U.S. Senate, where it will be assigned to the jurisdiction of a committee.