An antispyware bill that the U.S. House of Representatives passed this week earned praise from cybersecurity groups, but faces an uncertain future in the Senate. The bill, which would create penalties of up to five years in prison for some spyware-like behavior, is a "needed piece of legislation in order to protect consumers," said Kevin Richards, federal government relations manager for Symantec Corp. Many online identity theft schemes start with spyware on a victim's computer, he said.
Though versions of the Internet Spyware Prevention Act (I-SPY) have passed through the House in the last two sessions of Congress, they stalled in the Senate. The House passed I-SPY and a second spyware bill in May 2005. But the Senate failed to act, partly because of concerns that the second proposal, called the Securely Protect Yourself Against Cyber Trespass Act or SPY Act, too broadly defined spyware. The Senate Commerce, Science and Transportation Committee also became hung up on what approach to take for a spyware bill -- a criminal penalties approach similar to I-SPY or a broader approach attempting to define spyware technologies similar to the second House bill.