Spyware is a growing problem, experts say. Gartner Inc. in Stamford, Conn., has said financially motivated spyware attacks will comprise 70% of all security incidents by 2010.
Experts said the House passed the right bill. No similar bill is being considered in the Senate.
"Anything with 21 pages of dense regulations that specify what software can and can't do, written by a lot of lawyers without computer security training or even if written by computer security people, is going to have problems," said Dan Blum, vice president and director at Burton Group Inc. in Midvale, Utah.
Blum said Congress was better off staying at a high level with general legal guidelines. He said the courts could fill in the details.
"Hopefully they've created a deterrent that makes it possible to prosecute the bad guys, or makes it easier to prosecute the bad guys."
Avivah Litan, vice president and research director at Gartner, said, "You don't want government getting too involved in technology implementations. It's too much of a dynamic environment. Things change very quickly. The last thing you want the government to do is to tell the private sector how to implement technology."
Besides, Litan said, 21 pages of regulations wouldn't protect consumers from fraud.
"Criminals aren't going to be stopped by any regulations that say you must notify people before installing software," Litan said. "It would only inhibit people from doing legitimate jobs."
As unlikely as it sounds, there is legitimate spyware, Litan said. Regulations would inhibit some important work.
The bill makes it a crime to use spyware to intentionally obtain or transmit personal information with the intent to defraud or injure a person or cause damage to a protected computer. It also makes it a crime to use spyware to intentionally impair the security protection of a computer for such purposes.
Blum said this legislation is particularly important because it makes the attempt to use spyware for fraud a crime.
"Say someone was attempting fraud and you know they're attempting fraud, but they didn't actually succeed in committing the fraud. But it is clear that they were headed in that direction," Blum said. "Now you can still get them for trying that, whereas before you had to wait until fraud could be proven."
The bill also allocates $10 million to the attorney general for use in prosecutions of such cases of spyware crime and the practices of phishing and pharming.
Let us know what you think about the story; email: Shamus McGillicuddy, News Writer