I-SPY chases SPY-ACT through approval process

Second piece of US anti-spyware legislation given go-ahead.

With the 'Securely Protect Yourself Against Cyber Trespass Act' (aka SPY-ACT act) approved by a House of Representatives subcommittee last month, a second set of rules aimed at controlling computer infiltration and data theft is following it through the lengthy approval process. The 'Internet Spyware Prevention Act' (less successfully trimmed to 'I-SPY act') was approved by a subcommittee on Wednesday.

The SPY-ACT, proposed three years ago by New York Democratic Party representative Edolphus Towns, covers the implementation of any software which could be put to malicious spying use, and has come under fire for its vague terms and the likelihood that legitimate programs, particularly advertisers, may be affected its broad coverage. The bill has twice failed to gain Senate approval and now has a third chance of passing into law, having been approved by an Energy and Commerce subcommittee in April.

I-SPY, on the other hand, approaches the problem from a different angle, aiming to penalise the malicious or deceptive use of software, thus giving a freer rein to software and website design as long as it is not put to use in a fraudulent or duplicitous manner. The bill, put forward in 2004 by Republican Bob Goodlatte of Virginia, is also on its third passage through congress, having similarly been turned down by the senate on earlier attempts, and will now go to the House of Representatives for further analysis.

I-SPY includes a list of items considered sensitive data, including names, addresses, credit card details and social security numbers, attempts to gather which by secretive means would breach the terms of the proposed law. Like the SPY-ACT, heavy fines and jail terms would be likely sentences for those convicted of cyber-spying.

Details of the competing bills can be found here or here, and some analysis of problems found in the early stages of the legislation process is here. The US already has several computer security laws, including at the national level a 2005 anti-phishing law and the famous CAN-SPAM act, which some have suggested may facilitate spamming by allowing mails which carry genuine source data and opt-out information. There are also several laws against spyware, phishing and spam at the state level - a useful summary of current phishing laws can be found here.

04 May 2007

Tags:

del.icio.us

digg this

News


	February issue of VB published The February issue of Virus Bulletin is now available for subscribers to download. 1 February 2012 Hacktivists hijack DNS of popular websites Security at registrars may be weak link. 26 January 2012 New RFC describes best practices for running DNS-based lists DNSBL users advised to avoid those lists that charge for delisting. 24 January 2012 Vulnerability turns McAfee's anti-malware solution into open relay Flaw allows for spam to be sent through customers' PCs. 19 January 2012 AV-Test releases latest results Business and consumer products achieve high pass rate. 18 January 2012 Subscribe \| View All virusbtn: Despite rumours spread by @paperghost you actually have another month to submit a VB2012 paper. Why not do so? http://t.co/4mpWQyGs 13 hours ago virusbtn: UK government advisor on cyber-security says faster progress needs to be made http://t.co/ZbI917RI 1 day ago Follow us

News Archive


	2011 2010 2009 2008 2008 2007 2006 2005 2004 2003 2002 Subscribe \| View All

News


	See also Calendar of Events Polls

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 10 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,204 registered users.

Fighting malware and spam

I-SPY chases SPY-ACT through approval process