I-SPY chases SPY-ACT through approval process

Posted by   Virus Bulletin on   May 4, 2007

Second piece of US anti-spyware legislation given go-ahead.

With the 'Securely Protect Yourself Against Cyber Trespass Act' (aka SPY-ACT act) approved by a House of Representatives subcommittee last month, a second set of rules aimed at controlling computer infiltration and data theft is following it through the lengthy approval process. The 'Internet Spyware Prevention Act' (less successfully trimmed to 'I-SPY act') was approved by a subcommittee on Wednesday.

The SPY-ACT, proposed three years ago by New York Democratic Party representative Edolphus Towns, covers the implementation of any software which could be put to malicious spying use, and has come under fire for its vague terms and the likelihood that legitimate programs, particularly advertisers, may be affected its broad coverage. The bill has twice failed to gain Senate approval and now has a third chance of passing into law, having been approved by an Energy and Commerce subcommittee in April.

I-SPY, on the other hand, approaches the problem from a different angle, aiming to penalise the malicious or deceptive use of software, thus giving a freer rein to software and website design as long as it is not put to use in a fraudulent or duplicitous manner. The bill, put forward in 2004 by Republican Bob Goodlatte of Virginia, is also on its third passage through congress, having similarly been turned down by the senate on earlier attempts, and will now go to the House of Representatives for further analysis.

I-SPY includes a list of items considered sensitive data, including names, addresses, credit card details and social security numbers, attempts to gather which by secretive means would breach the terms of the proposed law. Like the SPY-ACT, heavy fines and jail terms would be likely sentences for those convicted of cyber-spying.

Details of the competing bills can be found here or here, and some analysis of problems found in the early stages of the legislation process is here. The US already has several computer security laws, including at the national level a 2005 anti-phishing law and the famous CAN-SPAM act, which some have suggested may facilitate spamming by allowing mails which carry genuine source data and opt-out information. There are also several laws against spyware, phishing and spam at the state level - a useful summary of current phishing laws can be found here.

Posted on 04 May 2007 by Virus Bulletin

 Tags

spyware legal
twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.