US spyware bill gets another nod

The US House of Representatives approved on Monday a pair of bills supporters say will safeguard internet users from spyware.

After a brief debate, the House overwhelmingly endorsed two substantially different approaches: fining creators of malicious code, and imprisoning anyone who "intentionally impairs" a computer's security.

Monday's vote is effectively a handoff to the Senate, which has been considering spyware legislation for a few months but is not nearly ready to finalise anything. Still, senators have vowed to avoid a repeat of last year's situation, in which the House approved one bill but the Senate never acted.

Spyware typically sneaks onto PCs through security holes in Microsoft Windows or Internet Explorer. It has bedevilled computer makers, vexed internet service providers and driven PC users to distraction. Some alleged spyware makers have been sued by the federal and by state governments.

Rep Mary Bono, a sponsor of HR 29, said: "Consumers regularly and unknowingly are downloading software programs that have the ability to track their every move."

Bono's legislation would create a complex web of regulations - many overseen by the Federal Trade Commission - that software makers must follow. Among the activities that can be punished with fines: browser hijacking, modifying bookmarks, collecting personal information without permission and disabling security mechanisms.

Depending on which rule is violated, proposed fines can reach $3m per incident. There are, however, exceptions for law enforcement surveillance and monitoring of network connections by internet service providers.

Bono's bill was approved by a 393-4 vote. Zoe Lofgren, a Democrat who represents part of the San Francisco Bay Area, and Ron Paul, a libertarian-leaning Republican from Texas, were among the few dissenters.

Lofgren is a sponsor of the second bill, HR 744, approved by a vote of 395-1. Instead of laying out a broad set of FTC regulations, the one-page measure includes a handful of prohibitions with felony penalties.

HR 744 says anyone who installs spyware on a computer, "intentionally obtains, or transmits to another, personal information", and causes harm would be slapped with six-digit fines and imprisoned for two years. Using spyware to further other crimes can be punished with up to five years in prison.

Declan McCullagh writes for CNET News.com