The US Senate is looking to introduce a new law to tackle the growing problem of spyware.
Several senators have put their name to a bill that would see invasive programs controlled and provide the option for users to remove them.
The acronym-inspired Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK) Act would "give consumers control over the programs that are downloaded onto their computers," says co-sponsor Barbara Boxer of Californa.
The bill, introduced yesterday, tackles three aspects of spyware: it seeks to impose new rules that would make it harder for companies to slip software onto users' systems; require easy directions and options for removal; and prohibit harmful spyware.
Under the proposal, if a company needs a user to install certain software to view website components or advertising, it would have to explain the reason and nature of the download in a pop-up window or another clear notice. This explanation would remain on the computer screen until the user either consents or declines to install the software. Crucially, the act would make it illegal for a company to install software without alerting the user.
If a user decides to install that software, it must be easily removable. The application must appear in the Add/Remove Programs menu; be completely removable using normal, reasonable procedures; and, if it is an advertisement, it must include a link that tells the user how to turn off the ad feature or uninstall the software. The intention is to overcome the problem now where some spyware is virtually impossible to remove from a machine.
The FTC and the state attorney generals would enforce the law.
However, some industry experts think more enforcement is needed. Chris Hoofnagle, associate director of the Electronic Privacy Information Center, says consumers' lack of legal rights on the spyware issue is a serious problem. He criticises the Bill for not including a provision that lets individuals take legal action against spyware companies that stalk computer users. "It's a serious problem, because you want users in the enforcement loop," he said.
Robert Bagnall, director at security company IDefense expressed concern over the international threat of spyware: "The legitimate companies in the United States who currently place spyware (on retail computers) will have a tougher time doing it... but (legislation) will not help with the international factors at all," Bagnall says.
An anti-spyware bill has a good chance of passing Congress this session, Hoofnagle says, adding that the recent interest in cybersecurity will help matters. However, he warns that even legislation that sounds good can be ruined by "tinkering with definitions."
The proposed legislation follows a similar earlier effort in July 2003. That Bill, which required explicit user consent before the installation of software, is still being debated at the committee level.
This latest Bill is still only in its early stages but will most likely be put through the Senate Committee on Commerce, Science, and Transportation, of which all three sponsors are members.