subject: The Counter Spy Act and What It Means To You [print this page] The internet has changed the way the world works, and the law is being forced to keep up with it. Changing definitions of intellectual property and privacy in the online world are inspiring new laws at all levels of government. Three such bills are making their way though the US Congress; however, it is what one of these bills would make legal that will be our concern in this article.
Three bills
The three bills referenced are the Internet Spyware Prevention Act of 2007 (I-SPY), the Securely Protect Yourself Against Cyber Trespass Act (SPYACT) and the Counter Spy Act of 2007. The first of these attracts little controversy, as it does little but extend the penalties imposed by the Computer Fraud and Abuse Act of 1986. The Counter Spy Act is the most worrisome of the bills because of what it would allow as legal monitoring.
These three bills were discussed at a forum sponsored by the Anti-Spyware Coalition at which representatives of the Federal Trade Commission (FTC) met with those from the Center for Democracy and Technology (CDT). Though the bills are supported by the CDT, the FTC has asserted that they could impede their efforts to prosecute cyber-criminals.
The Counter Spy Act of 2007
The purpose of the Counter Spy Act is to define the boundaries of what is legal and illegal monitoring of your computer. Though the bill outlaws zombifying a system, the hijacking of one's browser, enabling identity theft, and denial of service attacks, these things were already illegal under existing laws.
Unfortunately, the bill also states that its restrictions do not apply to "detection or prevention of the unauthorized use of software fraudulent or other illegal activities." While the law applies itself to proper purposes such as network and computer security, technical support, diagnostics and software updates, the point quoted is of great concern to many. Critics point out that the law is not clear on what constitutes "unauthorized" use, which body has the authority to make such a ruling, and does not require that the user be notified of an investigation in progress. Thus, this loophole could allow broadband internet providers, software and hardware vendors, and other businesses to scan your computer without your consent.
Conclusions
It is an irony that while the Congress has been criticized for defining spyware in very specific terms, in the process making the laws inflexible in the face of adapting forms of cyber attack, it has come under attack for defining legal monitoring too broadly under the Counter Spyware Act of 2007. According to Arthur Butler, an attorney for the advocacy group Americans for Fair Electronic Commerce Transactions, "It would, in effect, allow a software vendor to truly monitor everything that's on a user's computer, essentially setting [vendors] up as an ad hoc police force."
