PROTECT CONSUMERS & BUSINESS FROM THE SCOURGE OF SPYWARE
Issue:
Consumers and business need a single, national law to deter spyware and punish those who use spyware to commit crimes. CSIA strongly urges Congress to enact preemptive federal legislation to: (1) establish stronger criminal penalties for entities that use spyware to commit crimes; (2) provide "Good Samaritan" protection for anti-spyware technologies; and (3) strengthen Federal Trade Commission (FTC) enforcement & regulation to combat spyware. Congressional action is needed to protect consumers and business from spyware and other forms of malicious software that causes harm to millions of Americans.
Why Congress must act:
- Unauthorized Spyware & Phishing Scams Compromise Sensitive Personal Information: Software and electronic communications are increasingly used by criminals to invade computers without authorization of the user. Consumers resent the surreptitious installation of spyware that secretly controls, slows down or crashes their PCs, triggers a barrage of unwanted pop-up advertisements or establishes mechanisms to steal personally identifying information (sometimes leading to "ID theft"). Unknown to the consumer, spyware and other types of malicious software can disable security software and expose consumers to hackers, viruses and worms. This further facilitates the stealing of personal information from consumers and confidential information from businesses.
- Spyware Inflicts Significant Costs on the U.S. Economy & Damages Consumer Confidence: Consumer Reports estimates that spyware, viruses and phishing schemes cost consumers more than $7 billion over the last two years and that the chance of getting a spyware infection is 1 in 3. A recent AOL/National Cyber Security Alliance study conducted in 354 homes found that 61% of users had spyware installed on their computers. And a 2005 Pew Internet & American Life Project reported that nine out of ten Internet users say that have altered their behavior online due to fear of falling victim to software intrusions. The Pew report found that 43% of internet users, or about 59 million American adults, say they have had spyware or adware on their home computer. Overall, 68% of home internet users, or about 93 million American adults, experienced at least one computer problem that is consistent with problems caused by spyware or viruses. Recent studies estimate that 80 percent of computers are infected with some form of spyware and that 89 percent of consumers are unaware that they have spyware.
- Spyware Purveyors Block efforts to Remove Unwanted Software: According to the Center for Democracy & Technology (CDT), "anti-spyware" software is a consumers' first defense against spyware infections. These technologies create a safer Internet experience for consumers. The continued development and use of innovative technologies in response to consumer demand is crucial in the fight against spyware. Yet spyware and adware companies threaten anti-spyware developers with lawsuits in order to intimidate them into allowing malicious software to remain on the computers of consumers.
What CSIA supports:
- Preemptive Federal Legislation that Responds to a Clear National Problem: Millions of consumers across America are losing money, time and peace of mind to the scourge of spyware. In direct response to consumer discontent, at least 6 states have enacted legislation to combat spyware. Moreover, at least 14 states have introduced spyware legislation during 2007. This patchwork of spyware legislation and regulation has created an uneven legal framework to protect Americans using the Internet. The time has come for Congress to step in and establish a national policy to combat spyware.
- Strong Criminal Penalties for Entities that use Spyware to Commit Crimes: Spyware is a danger to consumers and threatens the security of sensitive personal information. CSIA strongly supports making it a federal crime to intentionally access a protected computer without authorization or to exceed authorized access by causing a computer program or code to be copied on to a protected computer in furtherance of an illegal activity. Strengthening penalties for on-line fraud, theft and abuse will be an important step in protecting consumers from harm.
- Providing "Good Samaritan" Protection for Anti-Spyware Technologies: "Anti-spyware" software is a consumers' first defense against spyware infections. These technologies create a safer Internet experience for consumers, and the continued development of innovative technologies in response to consumer demand is crucial in the fight against spyware. Yet, spyware purveyors have conspired to block the use and development of anti-spyware technologies that remove -- with consumers' consent -- the harmful programs that disrupt the consumers' internet experience. Lawyers representing spyware vendors harass anti-spyware companies by filing lawsuits, and by sending threatening letters in many more cases, alleging that anti-spyware programs remove their programs without authority and thereby harm their spyware and adware businesses. This legal harassment seeks to intimidate anti-spyware providers into allowing the harmful software to remain. Protection is needed for actions taken in good faith to remove unwanted spyware at a customers' request. A Good Samaritan provision is needed to eliminate disincentives for continued development of innovative technologies that empower consumers and maximize their control over their own computers.
- Strengthening Federal Trade Commission (FTC) Enforcement & Regulation: The FTC's enforcement efforts have played a central role in establishing standards for the software industry. To combat the emerging and quickly evolving threats of unwanted spyware, the FTC must have sufficient tools and resources to protect consumers by investigating and aggressively prosecuting purveyors of spyware in the U.S. and globally. CSIA supports empowering the FTC to work with the industry and consumers to develop a list of clearly inappropriate behaviors.
- Punishing Bad Behavior, not Specific Technologies: Legislation should specifically focus on eliminating bad behavior, not technologies that provide consumers with valuable features and services. By focusing on bad actors instead of "bad technologies," legislation should avoid capturing software that facilitates the day to day operation of the internet. Most websites install what would likely qualify as software, but that is innocuous and in fact necessary. Defining "bad" technologies puts at risk legitimate product functions that consumers want. Such legitimate software should not be inadvertently swept into a notice and opt-in regime that would bombard consumers with warnings, leading to an inadequate response to real threats or a decision to recoil in fear from any commerce on the internet.
- Incorporating Self-Regulation & Consumer Education as Part of the Solution: Helping consumers and industry understand the threat spyware poses is an important part of the solution. The software industry is addressing issues relating to spyware including the establishment and use of processes for certifying software, identifying spyware and resolving disputes about its tagging and removal.
What action is needed:
There is bipartisan support in Congress to pass legislation to deter the prevalence of unwanted spyware and to punish those who propagate the severest form of this threat. CSIA strongly urges Congress to pass and for the President to sign into law legislation to curb the growing problem of spyware and to punish those who use spyware to commit crimes.
For more information, contact: Tim Jemal, SVP, Gov. Relations, CSIA [email protected], 703-894-1263
1"State of the Net", Consumer Reports, September 2007. 2AOL/NCSA Online Safety Study, America Online and the National Cyber Security Alliance, Dec. 2005. 3"Spyware: The Threat of Unwanted Software Programs is Changing the Way People Use the Internet, Pew Internet & American Life Project, Susannah Fox, July 2005. 4Patricia Moloney Figliola, Spyware: Background and Policy Issues for Congress, Congressional Research Service Report to Congress, at 4 (July 17, 2006). |