U.S. AntiSpyware Legislation: Oh-oh

A U.S. House of Representatives subcommittee approved a bill known as the Internet Spyware Prevention Act which was given the catchy name “I-Spy”. As a CNet News article points out, this has been tried before and hasn’t passed.

While outlawing spam seems like a good idea in theory I suspect it will fail in practice. Instead of preventing and reducing spyware it will provide a roadmap and protection for some while not really outlawing anything new. The FTC says they already have the ability to go after the worst offenders and in fact have sued some. Criminal charges have been brought against others under current law.

While I’m not sure the FTC always has the consumers best interests in mind, the bill doesn’t seem to have any real teeth. Most of what the bill seems to outlaw (taking personal information – which is defined) seems to be already illegal. The bill also links the act of installing the spyware with the intent of committing another crime, defrauding someone, or damaging the computer.

Software companies are supporting this version of the bill because it’s less onerous than other versions. To me that means this bill could open the floodgates and give cover to a lot of people. Would the Sony rootkit be illegal? While stupid and damaging their was no “intent” to damage. Would this law have given cover to Sony in their civil suits?

On the other hand, a badly written law could hurt legitimate software companies and developers without actually improving anything.

With the Can-Spam act as a role model, I don’t expect this to make a difference one way or another. (Even though I-Spy is as catchy as Can-Spam) The botnet operators are already breaking laws, this won’t make them stop. A bad law could hurt legitimate developers. All that is sure to happen if the law passes is that some Representatives and Senators can use their support of he bill to get votes.