Crime and Punishment – A Legislation Follow-Up
Anti-spyware bills that would provide a national standard to regulate the spyware industry in the United States are still working their way through the legislative process, while pressure is mounting for uniform anti-spyware and consumer privacy regulations.
At the end of April, a House subcommittee made another step forward by approving the Spy Act (Securely Protect Yourself Against Cyber Trespass), which will next move to the full committee for consideration. The legislation would impose strict regulations on the types of actions software is allowed to perform, and allow the U.S. Federal Trade Commission to seek fines up to $3 million U.S from spyware creators.
The U.S. Congress has attempted for years to pass spyware and adware legislation that would override the web of existing state legislation. While some critics maintain that a sweeping bill could interfere with unintended consequences within the security industry, others are asking for greater authority to penalize spyware vendors.
FTC Commissioner William Kovacic called for increased punishment for spyware purveyors in the form of imprisonment, in answer to a question on whether or not the FTC is sufficiently equipped to combat the spyware threats PC users face, posed at a Senate Commerce Committee hearing.
"Many of most serious wrongdoers we observed in this area, I believe, are only going to be deterred if their freedom is withdrawn," Kovacic said at the hearing in mid April to discuss the Federal Trade Commission's 2008 budget request.
Part of the FTC's requested budget increase of $17 million U.S. would, according to testimony, provide new employees for the consumer protection mission's Privacy and Identity Protection Program, with $100,000 U.S. being used specifically to increase enforcement efforts to combat spyware.
Security breaches and data leaks have brought up another area of contention with members of the security industry, including major technology companies, vocalizing the need for uniform data security legislation to be passed in the U.S.
Microsoft Chairman Bill Gates called on Congress to pass an "all-inclusive" consumer privacy and security law by the end of the year in a recent speech to an audience of FTC officials, state attorney generals, and congressional representatives.
Gates addressed the need for federal laws to require transparency on data collection, grant users access to their own data and provide clear procedures for companies to follow when data breaches occur.
Senator Patrick Leahy followed up on Gates' speech with his own plan to move forward this year with his Personal Data Privacy Act, a broad bill that would impose fines and prison time on those who intentionally conceal information related to security breaches that cause economic damage.
"Americans live in a world where their most sensitive personal information can be accessed and sold to the highest bidder, with just a few keystrokes on a computer, yet our privacy laws haven't kept pace," Leahy said in a statement.
Privacy advocates are also on the forefront of bringing about change for consumers' online privacy. American Betty Ostergren is taking matters into her own hands to enact change in personal data protection measures at the state and local level. Ostergrens's mission is to stop county and state government officials around the U.S. from posting personal public data on public records online, a practice which she says fuels identity theft and cyber crime.
Some states have responded to concerns by setting deadlines for removing certain private information from public records, while others have passed laws allowing citizens to send in written requests to remove their private data from online records. The state of California announced earlier this spring that, due to identity theft worries, it shut down online access to public records with sensitive data.
Identity theft concerns are also on the mind of a federally convened task force, which on April 23rd urged Congress to pass a new national strategy for punishing identity fraud.
Although identity fraud is already illegal in the U.S., the new plan calls for rewriting existing laws to punish the use of malicious spyware, increasing prison sentences for particular electronic data theft, and allowing victims of ID theft to receive monetary compensation for both direct financial losses and lost time when recovering from the crime. The panel also recommended creating a National Identity Theft Law Enforcement Center, enabling regulatory agencies, law enforcement, and the private sector to pool their information resources.