Lawmakers Mull Tougher Spyware Bill

Legislators plan to launch early next year a revised version of anti-spyware legislation.

Perhaps rivaled only by spam, privacy-invading software, or spyware, has pushed lawmakers to consider harsher legislation.

Early next year, legislators, including U.S. Reps. Mary Bono, R-Calif., and Edolphus Towns, D-N.Y., plan to launch a revised version of anti-spyware legislation known as the SPI (Safeguard against Privacy Invasions) Act. Lawmakers are working with industry and the privacy rights community to refine the bill to avoid stunting innovation or leaving loopholes, sources with both camps said.

"Were concerned that security updates could be considered advertising under the bill," said Morgan Reed, vice president for public affairs at the Association for Competitive Technology, in Washington. "In a lot of ways, spyware isnt that different from a product that goes out, retrieves information and brings it back to the end user."

The Center for Democracy and Technology is seeking more comprehensive privacy legislation, ideally establishing base-line rules that treat all applications the same, said Ari Schwartz, associate director of the CDT, also in Washington. The CDT plans to duplicate some of the most egregious cases and file a complaint with the Federal Trade Commission.

Not only is spyware a tool for personal identity theft, but its also a growing threat to businesses, according to officials at Websense Inc., in San Diego. Malicious snoopware applications can capture passwords and confidential information through such things as keystroke loggers and remote microphones; less insidious forms of spyware can put corporations in violation of federal privacy laws.

"Users at a company might feel it is in their personal interest to download something thats spyware, but that might be against the corporate policy or IT policy," said Mike Newman, vice president and general counsel at Websense. "Security at the enterprise level is designed to keep things from coming in [rather than going out]."

Of the nearly 16 million desktops at Websenses 20,000 customer organizations, 30 to 40 percent are infected with spyware, said Kian Saneii, vice president of business development at Websense.