In its effort to protect consumers from spyware, Congress may yet again add another clamp on business.
Last week, the U.S. House of Representatives’ Subcommittee on Commerce, Trade and Consumer Protection of the House Committee on Energy and Commerce held a daylong legislation hearing on H.R. 964, also known as the “Securely Protect Yourself Against Cyber Trespass Act” (SPY ACT).
This bill, if passed, would prohibit individuals and companies from deceptively installing programs on computers. It would require notice and consent from users before software is downloaded and that such programs be easily removable. The Federal Trade Commission would also gain more authority to penalize non-compliers for violations. Legislation on these lines passed the House in the two previous Congresses.
On the surface, there’s nothing wrong with this bill. Lobbies such as the Direct Marketing Association and the Interactive Advertising Bureau, like their members, understand the need for an Internet that’s safe for consumers and businesses. The growth of deceptively installed spyware threatens consumer confidence in online interactions and commerce. At issue is the growing consumer frustration with surreptitious software and the resulting loss in trust for the online channel.
Congress is right in its need to protect the U.S. consumer’s privacy and choice. And the representatives from the DMA and IAB testified as such last week before the House. But they also raised some troubling issues.
First, legislation that governs complicated technology could stifle innovation. Second, it could slow e-commerce transactions. Finally, it would restrict the free flow of information if legitimate online marketers and consumers have to jump through more cumbersome hoops. Balance is needed. Any bill passed into law must allow free content to flourish online without “unduly burdening the advertising engine that makes these Web sites run,” per the IAB’s testimony.
As the DMA rightly pointed out to the House panel, H.R. 964’s language goes beyond regulating surreptitious surveillance practices. In fact, the notice and consent provisions are applicable to all information collection software, including non-identifiable data used only for advertising reasons. As a result, consumer personalization and customization of Web sites would become nearly impossible. Consumers most likely will deny requests to send information before even understanding that they stand to lose a personalized Web experience. Their exposure to non-targeted content and advertising simply will increase.
Another troubling issue is the “Good Samaritan” provisions of the SPY ACT. This is meant to protect firms that offer downloads of anti-spyware software. But it may also end up becoming anti-competitive. The provisions may let such software providers delete legitimate software from a consumer’s computer. That’s dangerous. There are laws on the books that hold anti-spyware firms liable for removing legitimate software from consumers’ computers. It makes no sense to water that down in the bill.
Congress should consider the ramifications of a bill that overreaches. The Internet is a complicated channel and laws to protect consumers must be formed without criminalizing legitimate business. The CAN-SPAM Act rightly reassured consumers that regulators were protecting them from unsolicited e-mail. Although it doesn’t seem to have curbed unsolicited e-mail – and legitimate e-mail marketers have had to adjust – but at least the penalties are there for the abusers. Congress must take a similar approach to the SPY ACT, with room to separate the wheat from the chaff.