Senate Commerce Committee members Wednesday stressed the importance of striking the right balance with legislation to help fight secretly installed computer spyware and provide the FTC with the tools the agency needs to prosecute high-tech hackers.
Comment on this article in The Forum.Consumer Affairs Subcommittee Chairman Mark Pryor, D-Ark., who introduced an anti-spyware bill in June 2007 with Sens. Bill Nelson, D-Fla., and Barbara Boxer, D-Calif., said there are "very few if any, that I can determine, legitimate reasons for this practice [and] there are a number of reasons why we should do something to try to stop spyware." Their bill would criminalize the act of implanting of spyware on a person's computer without consent.
Pryor called for "a good, workable definition of spyware" and increased civil penalty authority for the FTC, which would be granted under a reauthorization bill sponsored by Senate Commerce Chairman Daniel Inouye and Sen. Byron Dorgan, D-N.D., this year.
Sen. David Vitter, R-La., said the committee should move swiftly to address the issue "but the tough part is how we do that effectively." The biggest challenge is to formulate a bill that is not outpaced or outdated by technological advances in "a month or a year."
"We should focus on passing legislation against improper activity and not be too technology specific," he said."That'll end up getting us in trouble and having unintended consequences."
Nelson cited a recent Consumer Reports survey that showed one in 11 respondents reported a spyware infection on their computers.
Nelson said the consumer spyware threat "clearly overlays" the cybersecurity vulnerabilities faced by the intelligence community and both must be on lawmakers' front-burner.
Legislation that would let the FTC seek civil penalties in spyware cases could add a potent remedy to those otherwise available currently, FTC Consumer Protection Bureau Deputy Director Eileen Harrington said.
The Direct Marketing Association's top lobbyist, Jerry Cerasale, said the combination of industry guidelines, anti-spyware technologies, and enforcement of existing laws in recent years has limited pernicious software downloads and reduced spyware's threat.
He said sections of Pryor's bill need to be revisited and any legislation should be drafted in a way that does not undermine current efforts or upset consumers' expectations regarding the types of available, legitimate online marketing.
Symantec Corp. Vice President Vincent Weafer said legislation "can and should play an important role." He urged the committee to consider language that focuses on the malicious intent behind the behavior and avoids the trap of defining "good" or "bad" technologies. He added that any bill should protect developers of anti-spyware tools from threats and legal harassment by those who disseminate harmful software.