FW: House Toughens Spyware Penalties
It all reads ok until the latter part... shudder... Nicole -----FW: <200410081600530249.000E013B@mail.themezz.com>----- Date: Fri, 08 Oct 2004 16:00:53 -0400 Sender: cybercrime-alerts-bounce@freelists.org From: cybercrime-alerts <alerts@theMezz.com> To: cybercrime-alerts@freelists.org Subject: House Toughens Spyware Penalties October 8, 2004 House Toughens Spyware Penalties http://www.internetnews.com/bus-news/article.php/3419211 For the second time in three days, the U.S. House of Representatives has passed an anti-spyware bill, this time adding criminal penalties to tough civil provisions of legislation passed on Tuesday. The Internet Spyware Prevention Act of 2004 (H.R. 4661), which passed on a 415-0 vote Thursday, makes it a crime to intentionally access a computer without authorization or to intentionally exceed authorized access. If the unauthorized intrusion is to further another federal crime such as secretly accessing personal data, the penalty is up to five years in prison. Deliberately injuring or defrauding a person or damaging a computer through the unauthorized installation of spyware carry prison terms of up to two years. The legislation also authorizes $10 million for the Department of Justice to combat spyware and phishing (define) scams, although the bill does not specifically make phishing a crime. "By imposing criminal penalties on these bad actors, this legislation will help deter the use of spyware, and will thus help protect consumers from these aggressive attacks," Rep. Bob Goodlatte (R-VA), the bill's author, said in a statement. "At the same time, the legislation leaves the door open for innovative technology developments to continue to combat spyware programs." Tuesday night, the House passed legislation prohibiting unfair or deceptive practices related to spyware. The bill, known as the Spy Act (H.R. 2929), also requires an opt-in notice and consent form for legal software that collects personally identifiable information from consumers. The penalties in H.R. 2929 are limited to civil fines of up to $3 million. Both bills now go the Senate, which has pending legislation similar to the House bills. House Energy and Commerce Committee Chairman Joe Barton (R-Texas) said earlier this week he thought the two chambers could agree on a spyware bill before lawmakers adjourn on Friday or Saturday. "[We've] seen several egregious examples of spyware being used in ways that most Americans would think clearly ought to be criminal," Ari Schwartz, associate director of the Center for Democracy and Technology, said in another statement. "The bill will help make sure there are strong deterrents to using spyware to defraud or injure consumers." The two House bills are supported by a broad array of trade groups, including the U.S. Chamber of Commerce and the Business Software Alliance (BSA). "This anti-spyware legislation ensures that criminal penalties are imposed upon those persons who aim to harm innocent Internet users via spyware applications," said Robert Holleyman, president and CEO of the BSA. Dell (Quote, Chart), eBay (Quote, Chart)>, Microsoft (Quote, Chart), Time Warner (Quote, Chart), Yahoo (Quote, Chart) and Earthlink (Quote, Chart) endorsed the Tuesday legislation. They did so after exemptions were added to the bill for network monitoring for security purposes, technical support or repair, or the detection or prevention of fraudulent activities. The bill also permits computer software providers to interact with a user's computer without notice and consent in order to determine whether the computer user is authorized to use the software upon initialization of the software or an update of the software. "Every day thousands of unsuspecting Americans have their identities hijacked by a new breed of cyber criminals because of spyware. People whose identities have been stolen can spend months or years -- and much of their hard-earned money -- trying to restore their good name and credit record. This legislation will help prevent bad things from happening to good names," Rep. Lamar Smith (R-Texas) said. -- Articles distributed for the purposes of education, discussion and review. Archives and Subscription Updates: http://cybercrime.theMezz.com Guestbook: http://guestbook.theMezz.com PGP Key: http://pgp.theMezz.com --------------End of forwarded message------------------------- -- |\ __ /| (`\ | o_o |__ ) ) // \\ - nmh@daemontech.com - Powered by FreeBSD - ------------------------------------------------------ "The term "daemons" is a Judeo-Christian pejorative. Such processes will now be known as "spiritual guides" - Politicaly Correct UNIX Page Opportunity is missed by most people because it is dressed in overalls and looks like work. - Thomas Edison "Microsoft isn't evil, they just make really crappy operating systems." - Linus Torvalds If you want to go backwards, you put it in 'R,' and if you want to go forward, you put it in 'D' -- Sen. Tom Harkin (D-IA)
The general consensus seems to be that companies that choose to obey the law will simply disclose everything their software does in many, many paragraphs of legal language that few people will actually read. This will allow them to claim they have consent for whatever it is that they do. On the bright side, it will at least be possible for those who are sufficiently curious and diligent to determine what the software is doing by picking through the legal language. I've heard that Gator's license is 20% longer than the constitution. DS
Oh, how festive. Anyone got that "Bill (Gates) Blocker" filter ready? :) Left to their own devices, congressmen should NOT be allowed to write bills about things they don't understand. Well... Ok, that's too restrictive. No bills would ever get written. We'll still see the same problems coming from the same non-US places where it isn't exactly feasible to prosecute. But it made someone someplace feel better, I'm sure! Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Nicole Sent: Friday, October 08, 2004 4:33 PM To: nanog@nanog.org Subject: FW: House Toughens Spyware Penalties It all reads ok until the latter part... shudder... Nicole -----FW: <200410081600530249.000E013B@mail.themezz.com>----- Date: Fri, 08 Oct 2004 16:00:53 -0400 Sender: cybercrime-alerts-bounce@freelists.org From: cybercrime-alerts <alerts@theMezz.com> To: cybercrime-alerts@freelists.org Subject: House Toughens Spyware Penalties October 8, 2004 House Toughens Spyware Penalties http://www.internetnews.com/bus-news/article.php/3419211 For the second time in three days, the U.S. House of Representatives has passed an anti-spyware bill, this time adding criminal penalties to tough civil provisions of legislation passed on Tuesday. The Internet Spyware Prevention Act of 2004 (H.R. 4661), which passed on a 415-0 vote Thursday, makes it a crime to intentionally access a computer without authorization or to intentionally exceed authorized access. If the unauthorized intrusion is to further another federal crime such as secretly accessing personal data, the penalty is up to five years in prison. Deliberately injuring or defrauding a person or damaging a computer through the unauthorized installation of spyware carry prison terms of up to two years. The legislation also authorizes $10 million for the Department of Justice to combat spyware and phishing (define) scams, although the bill does not specifically make phishing a crime. "By imposing criminal penalties on these bad actors, this legislation will help deter the use of spyware, and will thus help protect consumers from these aggressive attacks," Rep. Bob Goodlatte (R-VA), the bill's author, said in a statement. "At the same time, the legislation leaves the door open for innovative technology developments to continue to combat spyware programs." Tuesday night, the House passed legislation prohibiting unfair or deceptive practices related to spyware. The bill, known as the Spy Act (H.R. 2929), also requires an opt-in notice and consent form for legal software that collects personally identifiable information from consumers. The penalties in H.R. 2929 are limited to civil fines of up to $3 million. Both bills now go the Senate, which has pending legislation similar to the House bills. House Energy and Commerce Committee Chairman Joe Barton (R-Texas) said earlier this week he thought the two chambers could agree on a spyware bill before lawmakers adjourn on Friday or Saturday. "[We've] seen several egregious examples of spyware being used in ways that most Americans would think clearly ought to be criminal," Ari Schwartz, associate director of the Center for Democracy and Technology, said in another statement. "The bill will help make sure there are strong deterrents to using spyware to defraud or injure consumers." The two House bills are supported by a broad array of trade groups, including the U.S. Chamber of Commerce and the Business Software Alliance (BSA). "This anti-spyware legislation ensures that criminal penalties are imposed upon those persons who aim to harm innocent Internet users via spyware applications," said Robert Holleyman, president and CEO of the BSA. Dell (Quote, Chart), eBay (Quote, Chart)>, Microsoft (Quote, Chart), Time Warner (Quote, Chart), Yahoo (Quote, Chart) and Earthlink (Quote, Chart) endorsed the Tuesday legislation. They did so after exemptions were added to the bill for network monitoring for security purposes, technical support or repair, or the detection or prevention of fraudulent activities. The bill also permits computer software providers to interact with a user's computer without notice and consent in order to determine whether the computer user is authorized to use the software upon initialization of the software or an update of the software. "Every day thousands of unsuspecting Americans have their identities hijacked by a new breed of cyber criminals because of spyware. People whose identities have been stolen can spend months or years -- and much of their hard-earned money -- trying to restore their good name and credit record. This legislation will help prevent bad things from happening to good names," Rep. Lamar Smith (R-Texas) said. -- Articles distributed for the purposes of education, discussion and review. Archives and Subscription Updates: http://cybercrime.theMezz.com Guestbook: http://guestbook.theMezz.com PGP Key: http://pgp.theMezz.com --------------End of forwarded message------------------------- -- |\ __ /| (`\ | o_o |__ ) ) // \\ - nmh@daemontech.com - Powered by FreeBSD - ------------------------------------------------------ "The term "daemons" is a Judeo-Christian pejorative. Such processes will now be known as "spiritual guides" - Politicaly Correct UNIX Page Opportunity is missed by most people because it is dressed in overalls and looks like work. - Thomas Edison "Microsoft isn't evil, they just make really crappy operating systems." - Linus Torvalds If you want to go backwards, you put it in 'R,' and if you want to go forward, you put it in 'D' -- Sen. Tom Harkin (D-IA)
Scott Morris wrote:
Oh, how festive. Anyone got that "Bill (Gates) Blocker" filter ready? :)
Left to their own devices, congressmen should NOT be allowed to write bills about things they don't understand. Well... Ok, that's too restrictive. No bills would ever get written.
We'll still see the same problems coming from the same non-US places where it isn't exactly feasible to prosecute. But it made someone someplace feel better, I'm sure!
Sure, but as long as most spyware and spam is originated and operated by US citizens on US soil, it makes sense to make them responsible for their junk? Pete
"The bill also permits computer software providers to interact with a user's computer without notice and consent in order to determine whether the computer user is authorized to use the software upon initialization of the software or an update of the software." I find this aspect of the Bill objectionable, since it contradicts other laws, which make it illegal to break into a computer. There is also no guarantee that the person doing the snooping is above criminal intent and would create an operational nightmare for most prudent ISP/NSP organizations. -Henry --- Nicole <nmh@daemontech.com> wrote:
It all reads ok until the latter part... shudder...
Nicole
-----FW: <200410081600530249.000E013B@mail.themezz.com>-----
Date: Fri, 08 Oct 2004 16:00:53 -0400 Sender: cybercrime-alerts-bounce@freelists.org From: cybercrime-alerts <alerts@theMezz.com> To: cybercrime-alerts@freelists.org Subject: House Toughens Spyware Penalties
October 8, 2004 House Toughens Spyware Penalties
http://www.internetnews.com/bus-news/article.php/3419211
For the second time in three days, the U.S. House of Representatives has passed an anti-spyware bill, this time adding criminal penalties to tough civil provisions of legislation passed on Tuesday.
The Internet Spyware Prevention Act of 2004 (H.R. 4661), which passed on a 415-0 vote Thursday, makes it a crime to intentionally access a computer without authorization or to intentionally exceed authorized access. If the unauthorized intrusion is to further another federal crime such as secretly accessing personal data, the penalty is up to five years in prison.
Deliberately injuring or defrauding a person or damaging a computer through the unauthorized installation of spyware carry prison terms of up to two years. The legislation also authorizes $10 million for the Department of Justice to combat spyware and phishing (define) scams, although the bill does not specifically make phishing a crime.
"By imposing criminal penalties on these bad actors, this legislation will help deter the use of spyware, and will thus help protect consumers from these aggressive attacks," Rep. Bob Goodlatte (R-VA), the bill's author, said in a statement. "At the same time, the legislation leaves the door open for innovative technology developments to continue to combat spyware programs."
Tuesday night, the House passed legislation prohibiting unfair or deceptive practices related to spyware. The bill, known as the Spy Act (H.R. 2929), also requires an opt-in notice and consent form for legal software that collects personally identifiable information from consumers. The penalties in H.R. 2929 are limited to civil fines of up to $3 million.
Both bills now go the Senate, which has pending legislation similar to the House bills. House Energy and Commerce Committee Chairman Joe Barton (R-Texas) said earlier this week he thought the two chambers could agree on a spyware bill before lawmakers adjourn on Friday or Saturday.
"[We've] seen several egregious examples of spyware being used in ways that most Americans would think clearly ought to be criminal," Ari Schwartz, associate director of the Center for Democracy and Technology, said in another statement. "The bill will help make sure there are strong deterrents to using spyware to defraud or injure consumers."
The two House bills are supported by a broad array of trade groups, including the U.S. Chamber of Commerce and the Business Software Alliance (BSA). "This anti-spyware legislation ensures that criminal penalties are imposed upon those persons who aim to harm innocent Internet users via spyware applications," said Robert Holleyman, president and CEO of the BSA.
Dell (Quote, Chart), eBay (Quote, Chart)>, Microsoft (Quote, Chart), Time Warner (Quote, Chart), Yahoo (Quote, Chart) and Earthlink (Quote, Chart) endorsed the Tuesday legislation. They did so after exemptions were added to the bill for network monitoring for security purposes, technical support or repair, or the detection or prevention of fraudulent activities.
The bill also permits computer software providers to interact with a user's computer without notice and consent in order to determine whether the computer user is authorized to use the software upon initialization of the software or an update of the software.
"Every day thousands of unsuspecting Americans have their identities hijacked by a new breed of cyber criminals because of spyware. People whose identities have been stolen can spend months or years -- and much of their hard-earned money -- trying to restore their good name and credit record. This legislation will help prevent bad things from happening to good names," Rep. Lamar Smith (R-Texas) said.
-- Articles distributed for the purposes of education, discussion and review.
Archives and Subscription Updates: http://cybercrime.theMezz.com Guestbook: http://guestbook.theMezz.com PGP Key: http://pgp.theMezz.com
--------------End of forwarded message-------------------------
-- |\ __ /| (`\ | o_o |__ ) ) // \\ - nmh@daemontech.com - Powered by FreeBSD -
------------------------------------------------------
"The term "daemons" is a Judeo-Christian pejorative. Such processes will now be known as "spiritual guides" - Politicaly Correct UNIX Page
Opportunity is missed by most people because it is dressed in overalls and looks like work. - Thomas Edison
"Microsoft isn't evil, they just make really crappy operating systems." - Linus Torvalds
If you want to go backwards, you put it in 'R,' and if you want to go forward, you put it in 'D' -- Sen. Tom Harkin (D-IA)
"The bill also permits computer software providers to interact with a user's computer without notice and consent in order to determine whether the computer user is authorized to use the software upon initialization of the software or an update of the software."
I find this aspect of the Bill objectionable, since it contradicts other laws, which make it illegal to break into a computer. There is also no guarantee that the person doing the snooping is above criminal intent and would create an operational nightmare for most prudent ISP/NSP organizations.
It's really a trivial issue, because even without this provision, the license could just say (and most do), that the software will validate your authorization to use it. Without this provision, one could argue that using a hidden (location undisclosed) key in the registry to keep track of a trial start date violates the letter of the law. After all, you are storing something on someone else's computer and you don't tell them what it is or where it is. DS
participants (5)
-
David Schwartz -
Henry Linneweh -
Nicole -
Petri Helenius -
Scott Morris