Posted by Virus Bulletin on May 4, 2007
Second piece of US anti-spyware legislation given go-ahead.
With the 'Securely Protect Yourself Against Cyber Trespass Act' (aka SPY-ACT act) approved by a House of Representatives subcommittee last month, a second set of rules aimed at controlling computer infiltration and data theft is following it through the lengthy approval process. The 'Internet Spyware Prevention Act' (less successfully trimmed to 'I-SPY act') was approved by a subcommittee on Wednesday.
The SPY-ACT, proposed three years ago by New York Democratic Party representative Edolphus Towns, covers the implementation of any software which could be put to malicious spying use, and has come under fire for its vague terms and the likelihood that legitimate programs, particularly advertisers, may be affected its broad coverage. The bill has twice failed to gain Senate approval and now has a third chance of passing into law, having been approved by an Energy and Commerce subcommittee in April.
I-SPY, on the other hand, approaches the problem from a different angle, aiming to penalise the malicious or deceptive use of software, thus giving a freer rein to software and website design as long as it is not put to use in a fraudulent or duplicitous manner. The bill, put forward in 2004 by Republican Bob Goodlatte of Virginia, is also on its third passage through congress, having similarly been turned down by the senate on earlier attempts, and will now go to the House of Representatives for further analysis.
I-SPY includes a list of items considered sensitive data, including names, addresses, credit card details and social security numbers, attempts to gather which by secretive means would breach the terms of the proposed law. Like the SPY-ACT, heavy fines and jail terms would be likely sentences for those convicted of cyber-spying.
Details of the competing bills can be found here or here, and some analysis of problems found in the early stages of the legislation process is here. The US already has several computer security laws, including at the national level a 2005 anti-phishing law and the famous CAN-SPAM act, which some have suggested may facilitate spamming by allowing mails which carry genuine source data and opt-out information. There are also several laws against spyware, phishing and spam at the state level - a useful summary of current phishing laws can be found here.
Posted on 04 May 2007 by Virus Bulletin