Spyware on the way out. (From Adlaw)

Spyware Legislation Likely To Pass Congress This Year
Industry insiders predict that legislation targeting so-called spyware—commonly defined as software that is installed on consumers’ computers without their knowledge or consent—will pass Congress this year.

House Representatives Mary Bono of California and Joe Barton of Texas have reintroduced H.R. 29, which passed the House last year by a 399-1 vote, but did not reach a vote in the Senate. The bill requires companies to obtain consumers’ consent before placing software on their computers. It provides exceptions for cookies installed by an Internet service provider, “interactive computer service” or Web site, as long as the information collected is not shared with anyone other than the provider, service or site.

The cookie exception would apply to Internet companies that use cookies to recognize consumers and make recommendations, but would not apply to a company that uses cookies to track consumer behavior across more than one company’s Web site, a staffer from Rep. Bono’s office stated.

Adware companies such as New York-based WhenU and California-based Claria, which deliver targeted ads to users’ computers based on consumer browsing habits, say they already obtain users’ permission before installing their software. They might entice users to install their software by, for example, bundling it with free, desirable software.

However, consumer advocates claim few computer users are aware that their computers harbor adware. Privacy experts in Washington warn that the federal antispyware legislation targets a type of technology without clearly distinguishing between bad behavior and legitimate business practices

California, FTC Take Action

California passed its own antispyware law, which became effective Jan. 1. The Consumer Protection Against Spyware Act bans the installation of software that takes control of another computer, modifies security settings, deceptively collects certain personably identifiable information, interferes with the removal of certain software, or otherwise deceives an authorized user in specified ways.

The law requires companies and Web sites to disclose whether their systems will install spyware. Consumers can seek as much as $1,000 for being subjected to illegal spyware.

Last year, the Federal Trade Commission concluded that the unauthorized installation of software on computers already is prohibited under existing deceptive practices law and that new legislation is not needed.

The FTC filed its first suit targeting the use of spyware last fall, against an already infamous online marketer. In October, the FTC charged Sanford Wallace and his company, Seismic Entertainment Products, with infecting computers with spyware that displayed pop-up advertisements selling antispyware software.

In early January, the agency announced it had reached an agreement with Wallace in which he and his companies, Seismic and SmartBot.net, are prevented from installing alleged spyware programs on users’ computers while the FTC’s lawsuit proceeds. Wallace and the named companies also agreed to limit advertising to their Web sites.

Wallace gained the moniker “Spamford” in the late 1990s for sending millions of unsolicited email message through his company, Cyber Promotions, according to media reports. Earthlink won a $2 million judgment against Wallace, and he reportedly ceased email marketing operations.

A recent survey by Earthlink and Webroot revealed that 90 percent of PCs contain spyware, with an average of 28 programs installed per computer.

Why This Matters: Businesses involved with online marketing should monitor legislative efforts to target so-called spyware carefully, and seek to ensure any law passed does not hinder the growing practice of interactive marketing precisely at a time when consumers are increasingly responding to more personalized advertising.