Originally created 05/03/04

House probes spyware - computer software to collect personal data



WASHINGTON -- It's the newest computer security problem to attract the attention of Congress: spyware, or software designed to collect computer users' personal data without their knowledge.

Secretly piggybacking on downloaded Internet software, spyware transmits information about computer usage and generates pop-up advertisements and other annoyances. It often is difficult to uninstall.

Little known a few years ago, spyware is now so common that many consider it the biggest problem for Internet users since spam.

Microsoft estimates spyware is responsible for half of all PC crashes and warns that it has become a multimillion-dollar support issue for computer makers, Internet service providers and technicians.

In some cases, it makes a computer unusable.

A research lab in Washington state found one of its computers "hijacked" by pop-up ads, to the point where "we couldn't do anything," said Patrick Clapshaw, the lab's director.

After a week of frustration and several visits by technicians, the problem was eventually solved, but not before causing at least $500 worth of lost data and downtime.

Clapshaw, of Kirkland, Wash., calls spyware worse than spam.

"To me, this is an aggressive computer takeover," he said. "It's the difference between someone dropping fliers on your front porch, or walking around your house following you and annoying you."

Members of Congress are taking the threat seriously. At least three bills have been introduced to address the problem, with more likely to follow.

"There is no more pernicious, intrusive activity going on in the Internet today" than spyware, said Rep. Joe Barton, R-Texas, chairman of the House Energy and Commerce Committee.

At a hearing Thursday before the panel's subcommittee on commerce, trade and consumer protection, computer makers and user groups urged Congress to address deceptive behavior, rather than ban categories of software. Citing a new Utah law, the groups said broad legislation could end up prohibiting legitimate practices and stifle innovation.

Members of the Federal Trade Commission also urged caution as officials learn more about the problem and the best way to combat it.

"I do not believe legislation is the answer at this time," said commission member Mozelle Thompson. "Instead, we should give industry the time to respond. Self-regulation combined with enforcement of existing laws might be the best way to go."

The go-slow approach infuriated Barton, who said he intends to push a spyware bill through his committee - and the full House - this year.

"You like this stuff? You're the only person in this country that wants spyware on their computer," he told Howard Beales, the FTC's consumer protection chief.

Barton urged FTC officials to work with the committee to draft a new law "instead of trying to defend something that's indefensible."

Beales said the FTC considers spyware a problem, but wants to make sure that legislation targets deceptive behavior while allowing legitimate uses. Some proposed solutions, such as requiring permission every time a user downloads a new program, "would make the process of installing new software extremely tedious," Beales said.

Rep. Jay Inslee, D-Wash., whose district includes Kirkland, called it "absolutely astounding" that the FTC does not see a need for a new law "when we have hundreds of thousands of violations every day." Inslee introduced a bill Thursday that would outlaw spyware programs designed to record Web browsing habits and collect personal data without notice and consent of the user.

Rep. Mary Bono, R-Calif., has introduced a similar bill requiring that consumers receive a clear and conspicuous notice before downloading software. The bill would also require that third parties disclose their identity to the consumer, along with a valid e-mail address.

Sens. Conrad Burns, R-Mont., Ron Wyden, D-Ore., and Barbara Boxer, D-Calif., have introduced a bill prohibiting installation of software on someone else's computer without notice and consent. The bill also would require reasonable "uninstall" procedures for new software.

On the Net:

Federal Trade Commission: http://www.ftc.gov

Microsoft: http://www.microsoft.com