[Quote:]

Here we go again. Congress has decided it needs to protect us from spyware, but – surprise, surprise – the bill they are most seriously considering actually offers no help in that regard. What’s worse, the bill seems designed to make it harder for you to legally go after those who spy on you, particularly if they are doing so to determine if you’re authorized to use a software product.

Last week a subcommittee of the House Committee on Energy and Commerce approved H.R. 964, the Spy Act, which bans some of the more blatant forms of spyware such as those that hijack computer or log keystrokes. The bill now goes to the full committee for approval, and it’s expected to move quickly as it has strong bipartisan support.

But why? There are already plenty of federal and state laws regarding computer fraud, trespass, and deceptive trade practices that make spyware illegal. The existing laws have been sufficient to allow the FTC and/or state attorneys general to even successfully go after some of the nastier adware companies like Direct Revenue and Zango/180 Solutions. So what is the purpose of this law?

A clue can be found in the Limitations section of the Act, which features this rather broad exception:

Exception Relating to Security- Nothing in this Act shall apply to–

(1) any monitoring of, or interaction with, a subscriber’s Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service, to the extent that such monitoring or interaction is for network or computer security purposes, diagnostics, technical support, or repair, or for the detection or prevention of fraudulent activities; or

(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon — (A) initialization of the software; or (B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software.

In other words, it’s perfectly OK for basically any vendor you do business with, or maybe thinks you do business with them for that matter, to use any of the deceptive practices the bill prohibits to load spyware on your computer. The company doesn’t have to give you notice and it can collect whatever information it thinks necessary to make sure there’s no funny business going on. And by the way, another exception provision specifically protects computer manufacturers from any liability for spyware they load on your computer before they send it to you. Of course, the exception for software companies checking to make sure you’re an authorized user is the strongest evidence of what this bill is all about. After all, in terms of function, there’s not much difference between spyware and DRM. Too bad for Sony this bill wasn’t already the law when its rootkit-infected CDs came to light.