Yesterday the House passed two different spyware bills. They passed HR 29, which targets the technology used by spyware purveyors and provides authority over spyware crimes to the FTC, and they also passed HR 744, which targets the crimes transgressed, not the technology used to commit them and provides the Department of Justice with authority to prosecute and fine criminals. The passage of two bills with very different objectives and levels of regulation reaffirms my contentions that legislating on an issue such as spyware is no easy task.
While the Bono bill (HR 29) is the better known and more publicized of the two, it is not the best option. Bono's bill is too regulatory. The bill makes the technology, not the crime the issue and has the potential to stymie innovation. This is an unacceptable side-effect for any legislation. The Internet and related industries have been thriving in a relatively unregulated space for years and altering the regulatory framework by limiting the types of technology that people can use or develop will limit the Internet's future effectiveness. By granting jurisdictional authority to the FTC, which it already has based on section 5 of the FTC Act, the bill has the potential to make the FTC into a software regulatory agency.
HR 744, introduced by Congressman Goodlatte, is a much simpler, more effective bill than HR 29. Rather than granting broad jurisdictional authority to the FTC, it places authority in the DOJ, further enforcing the Computer Fraud and Abuse Act and appropriating money for the prosecution of criminals. HR 744 makes a point of targeting individual criminals rather than technology.
HR 29 focuses on the technology involved in spyware crimes, rather than the actions that are the crimes perpetrated by individuals. By focusing on the software rather than the crime, this law attempts to define spyware so as to make illegal the installation and dissemination of the software. It is this focus that leads to fears of compliance to the law leading to apprehension in producing new software. HR 744, on the other hand, recognizes the dangers in this approach. According to Congressman Goodlatte, there are four key principles that should guide the development of any spyware legislation: bad actors must be punished while legitimate online companies are protected; we must not over-regulate, but rather encourage innovative new services and the growth of the Internet; the free market must not be stifled; and finally, the behavior, not the technology must be targeted. Goodlatte focuses on enforcement through the DOJ rather than limiting the scope of potential software, making his proposal the most realistic, as the Bono bill would prove to be ineffective, and potentially harmful.
As we saw with CAN-SPAM, legislation to corral online behavior fails to meet expectations. When CAN-SPAM was enacted, the spam market abroad began to flourish outside the reach of the FTC. HR 29 places authority over spyware in the same jurisdictionally limited agency. This will not serve to reduce the amount of spyware, but only alter its point of origin. While HR 744 will see some of the same jurisdictional limitations, the DOJ has the authority to work with foreign law enforcement agencies, providing the potential for international cooperation to combat spyware.
In an upcoming Progress on Point, I examine the potential ways to combat the ongoing spyware problem, focusing on legislation, technological solutions and consumer awareness. The most likely approach to the problem will be a combination of the three. While technological industry solutions will be the most effective means to combat spyware, legislation appears imminent. To this end, the type of legislation passed must be carefully weighed. A bill like HR 744 would be the best legislative option. By keeping the legislation limited and focusing on the crime rather than the technology, Goodlatte's bill takes the right approach. Also, his bill appropriates the necessary funds to bring charges against the most egregious offenders, which legitimizes the bill by funding its mandate. With the dynamic nature of the Internet and the spyware problem, broad legislation has the potential of negative effects on the software industry and the Internet as a whole, while concise, targeted legislation like HR 744, due to its focus on the crime, not the technology, avoids those potential pitfalls.