Senate Commerce Committee Approves SPY BLOCK Act

November 17, 2005

Washington, D.C. – The U.S. Senate Committee on Commerce, Science, and Transportation today reported S. 687, the Software Principles Yielding Better Levels of Consumer Knowledge Act or the “SPY BLOCK Act,” by unanimous consent. The bill would outlaw a number of activities that are associated with spyware and strengthen the Federal Trade Commission (FTC)’s enforcement authority.

At today’s markup, Senator Conrad Burns (R-Mont.), who introduced the original bill, offered a substitute amendment which was co-sponsored by Senators Barbara Boxer (D-Calif) and Bill Nelson (D-Fla.). The substitute passed 14-8.

The legislation as amended addresses computer hijacking, loss of computer control, adware that conceals its operation, and the collection of personal information. S. 687 strikes a balance between protecting consumers without unduly restraining legitimate e-commerce, which is a growing sector of the economy.

“I am pleased that the Committee today supported Senator Burns’ efforts to address the growing problem of invasive spyware that is infecting millions of computers across the nation,” said Chairman Ted Stevens (R-Alaska). “I look forward to continuing to work with Senator Burns and other Members of the Committee to perfect this legislation before it reaches the Senate floor.”

The SPY BLOCK Act targets three main consumer harms: taking control of a user’s computer, software that triggers advertising out of context with the use of the computer, and undisclosed collection of personal information.

The bill identifies a series of unfair and deceptive practices, which include computer hijacking, spam zombies, endless loop pop-up advertisements, and fraudulent and false installation. In addition, the SPY BLOCK Act outlaws modem hijacking, which allows spyware companies to charge overseas phone calls to victims, and denial of service attacks, which coordinate computers to attack government and other webpages.

The substitute prohibits personal information collection when the collection is not “clearly and conspicuously disclosed” or advertised as part of the software’s purpose. If sensitive personal information, such as social security numbers or account numbers, is being collected, then a notice and consent regime is required. In addition, users must be able to uninstall any software that collects personal information.

The bill also strengthens FTC enforcement and gives both the FTC and state attorneys general the authority to enforce provisions of the SPY BLOCK Act. Additionally, it creates a new section in the criminal code establishing criminal penalties for the unauthorized copying of software to a protected computer.

The Committee also adopted an amendment offered by Senator John Sununu (R-N.H.) which amends the Federal Trade Commission Act to increase civil penalties for violations involving unfair or deceptive acts or practices that exploit popular reaction to an emergency or major disaster.

The bill now moves to the full Senate for its consideration.