GOODLATTE LEGISLATION TO COMBAT SPYWARE PASSES HOUSE
Today, the U.S. House of Representatives passed the "Internet Spyware (I-SPY) Prevention Act," H.R. 1525, which was introduced by Representatives Zoe Lofgren (D-CA) and Bob Goodlatte (R-VA). This bipartisan legislation, which overwhelmingly passed the House of Representatives in the 108th and 109th Congress, addresses the most egregious activities that are conducted via spyware and makes those activities criminal offenses.
Spyware has been defined as "software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer's consent, or asserts control over a computer without the consumer's knowledge." A recent study done by the National CyberSecurity Alliance revealed that over 90% of consumers had some form of spyware on their computers and most consumers were not aware of it.
"I am encouraged by the House passage of the Internet Spyware Prevention Act and I call on the Senate to act on this important legislation," said Rep. Bob Goodlatte. "By imposing criminal penalties on these bad actors, this legislation will help deter the use of spyware, and will thus help protect consumers from these aggressive attacks. At the same time, the legislation leaves the door open for innovative technology developments to continue to combat spyware programs."
The legislation would make the following criminal offenses:
* Intentionally accessing a computer without authorization, or intentionally exceeding authorized access, by causing a computer program or code to be copied onto the computer and using that program or code to
o Further another federal criminal offense (punishable by fine or imprisonment for up to 5 years)
o Intentionally obtain or transmit "personal information" with the intent of injuring or defrauding a person or damaging a computer (punishable by fine or imprisonment for up to 2 years)
o Intentionally impair the security protections of a computer with the intent of injuring or defrauding a person or damaging a computer (punishable by fine or imprisonment for up to 2 years)
Additionally, the legislation authorizes $10 million to the Department of Justice to combat spyware and phishing and pharming scams. "Phishing" scams typically involve the use of fake e-mail messages and websites to lure consumers into providing bank account information, credit card numbers and other personal information. These fake e-mail messages and websites are often indistinguishable from the real ones and often request account information from consumers.
Pharming scams occur when hackers re-direct Internet traffic to fake sites in order to steal personal information such as credit card numbers, passwords and account information. This form of online fraud is particularly egregious because it is not as easily discernable by consumers. With pharming scams, innocent Internet users simply type the domain name into their web browsers, and the signal is re-routed to the devious website.
Spyware encompasses several potential risks including the promotion of identity theft, by harvesting personal information from consumers' computers. Additionally, it can adversely affect businesses, as they are forced to sustain costs to block and remove spyware from employees' computers, not to mention the potential impact on productivity.
There is also a growing concern that persistent computer security vulnerabilities may expose U.S. critical infrastructure and government computer systems to cyber attacks, which would ultimately jeopardize national security and the economy.
The legislation will now be sent to the U.S. Senate for consideration.