House Passes SPY Act Even as Backer Admits Knotty Provision
Internet companies with “11th hour concerns” about notice and consent provisions in the SPY Act (HR-964) can’t expect the House to halt a bill passed before in similar form, Rep. Stearns (R-Fla.) said Wed. in floor debate. The antispyware measure passed Wed. with the 2/3 House majority required under suspension of the rules. That may set up a conflict with the I-SPY Act (HR-1525) passed earlier; I-SPY’s House Judiciary sponsors laud its focus on criminal behavior, deriding the Commerce bill’s “technology” approach (WID May 23 p10). The SPY Act would give the FTC enforcement authority that the I-SPY bill would give to DoJ.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Critics from the marketing and financial sectors expect more annoyances in Web browsing as a result of the SPY Act. Technology CEOs visiting D.C. to lobby on several issues (see separate report in this issue) said they hoped bad provisions would be excised in the Senate or in conference.
The SPY Act, passed twice before by the House with “overwhelming margins,” came through Commerce with full support, Rep. Rush (D-Ill.) said on the floor: “This bill has been thoroughly honed to be effective without being overbearing” on any legitimate company. The bill emerged in the 108th Congress at a time when few people knew of spyware, sponsor Rep. Towns (D-N.Y.) said: “Now we have a lot of people complaining” about spyware. Writing a technology bill without harming technology is a “very difficult tightrope to walk,” but Commerce did so, without scrapping “meaningful” notice and consent mandates that benefit consumers, he said.
State laws on Web-based data collection threaten Internet companies that could breathe more easily under HR- 964 and its federal preemption, said sponsor Rep. Bono (R- Cal.). But ultimately consumers decide what data to give companies, “not a 3rd party with potentially conflicting interests.” The bill accounts for “instances where spyware can be useful,” as in police operations, and protects antispyware companies from “spurious lawsuits” for correcting malicious software on PCs, she said. Bono implied that support for the bill she shepherded through Republican Congresses had lost support -- dropping from 61 cosponsors in the 109th to 41 this year. It also passed by its lowest margin yet -- 368-48, with 44 more votes against since last Congress.
Stearns distanced his Consumer Protection Subcommittee from a controversial manager’s amendment made in the full committee. Internet companies have seized on the amendment, which imposes opt-in rules -- similar to End User License Agreements -- for websites before collecting user information. “I share some of the concerns” -- which Stearns dubbed “11th hour” -- “but to take a bill that has been in process and has had so many hearings for so many years, and decide that it should not go forward is not the right process,” he said: The bill can’t be “perfect.” Critics should make their case in the Senate, which may scrap the controversial provision, he said.
A broad array of companies and trade groups late Tues. asked House leaders to have the SPY Act “clarified to focus on true spyware and not critical Internet functionality” before floor consideration. The Direct Mktg. Assn.-led group said it backs the I-SPY bill for its “strong penalties” on bad actors, but said the SPY Act “cuts to the heart of the information economy and the unprecedented growth of the Internet.” The manager’s amendment to the bill makes clear that definitions of “computer software” and “information collection program” cover all Web pages, not just unwanted downloads. If broad definitions remain, websites would have to provide a “notice of collection through a pop-up” window asking users to consent to information-gathering -- even in consumer purchases or requests for site information, they said. Companies want narrower definitions: “We have not been informed that such a change is forthcoming.”
Privacy policies see wide use when required by federal law and are overseen by the FTC and other regulators, and the bill would represent a “fundamental shift,” companies said. Signers included data brokers Acxiom and Experian, dating site eHarmony, U.S. Chamber of Commerce, Information Technology Assn. of America, Interactive Ad Bureau, National Retail Federation, American Bankers Assn. and NetCoalition.
Before the SPY Act reached the floor, CEOs of Business Software Alliance (BSA) member companies said Wed. at a news briefing they don’t want the bill killed. The Web business of Microsoft, a BSA and DMA member, collects personal data from users and could be affected by the bill -- but McAfee and CA have an interest in policing Internet behavior, regardless of a company’s reputation, that may veer into malice. SPY and I-SPY both have “good elements,” such as “good Samaritan” provisions, BSA Pres. Robert Holleyman said. BSA will reserve judgment on the bills unless they make it to conference, he said. Some adware “has a dark side,” and the law can’t leave it to harm consumers’ computers and steal their information, McAfee CEO Dave DeWalt said. Legislation needs to “modernize” the regulatory structure for such Internet behavior, he said.