Nation's first spyware laws to go before Parliament
- 21 June, 2004 11:37
A bill outlawing spyware is likely to go before Parliament as soon as September.
The Australian Democrats is drafting the proposed bill, under which harvesting without consent corporate or personal information via a Web site or with software applications for marketing purposes will be classified as “spyware”.
Democrats IT spokesperson Senator Brian Greig is drafting the bill, which is the first of its kind in Australia, and has been dubbed the "Spyware Control Bill".
“We’re not aware of the government even considering this, which is frustrating. The use of spyware and malware is a sinister operation and is increasing," Greig said.
He stressed that the “underlying and most important factor is that we are not seeking to ban anything under this legislation.” “We are only seeking to ensure openness and honesty.
“It's about user transparency and user control,” Greig told Computerworld. “The Spyware Control Bill would ensure that, at the very least, the user should be offered (the following information) before a cookie is placed.”
Greig wants the user to be able to get answers to questions like: are you collecting information, what information are you collecting, will this information be given or sold to anyone else, how do you protect my privacy, and to whom do you sell my details, so consent can be considered by the user.
“It ought to be opt-in,” he said. “Not all spyware is bad but most is sinister particularly when information is sent to corporate headquarters for marketing purposes.”
Greig said that the problem is so widespread he believes “it’s fair to say that every PC user is subject to spyware”.
The draft bill identifies three main types of spyware including key stroke loggers and screen capture utilities used to capture passwords, adware designed to deliver targeted advertising, and “the annoying” which covers pop-ups, pop-unders, and homepage reset programs.
“No program or cookie or any other form of tracking device is to be installed on any computer without the user of that computer being given clear information as to the purpose of the program or tracking device,” the Democrats said in a statement.
In addition to spyware, the bill will cover malware which includes viruses, trojans, and worms that “all have the ability to cause loss of data or allow someone else to control your machine”.
Programs that install diallers leading to “massive telephone bills” are also on the hit list.
Regarding the enforcement of such laws, Greig said although it’s nearly impossible to locate someone for spam, this proposed law will allow prosecution.
“Once you know the organization you can home in and prosecution is possible. We’re aiming for many hundreds of thousands [in fines] and/or jail terms,” he said. “Virus writers need to be brought to justice. The Australian government doesn’t appreciate the damage done [and should] stop treating [cybercrime] as some naughty child’s activity.”
On the likelihood of international Web site and software developers abiding by such a law, Gerig said: “It’s not certain that international companies can be enforced. That’s the nature of the Internet – we just don’t have the international cooperation.”
Electronic Frontier Foundation (EFF) staff attorney Wendy Seltzer said at least one state in the US (Utah) has passed an anti-spyware law, and the US federal government is considering one.
“We don't like software that takes over computers or gathers personal information without permission from and notification to the computer owner, but we're also concerned that some of the enacted or proposed laws take the wrong approach to stopping spyware and malware,” Seltzer said. “Since most spyware activities are already unfair trade practices, it's not clear that a new law will be more effective. Further, the way many of these bills are drafted, they risk accidentally catching other, non-spyware software.”
Seltzer said the EFF would like to see a more serious effort made to use existing laws against unfair trade practices, misrepresentation, computer fraud and abuse, before new technology-specific laws are passed.