H.R.2929 - SPY ACT108th Congress (2003-2004)
Summary: H.R.2929 — 108th Congress (2003-2004)
Passed House amended (10/05/2004)
Securely Protect Yourself Against Cyber Trespass Act or SPY ACT - (Sec. 2) Makes it unlawful for any person who is not the owner or authorized user (user) of a protected computer (a computer exclusively for the use of a financial institution or the U.S. Government, or a computer used in interstate or foreign commerce or communication) to engage in deceptive acts or practices in connection with any of the following conduct with respect to the protected computer: (1) taking control of the computer by sending unsolicited material to others, diverting the Internet browser without authorization, using the modem or Internet to cause damage to the computer or to cause the user to incur unauthorized financial charges, using the computer as part of an activity performed by a group of computers that causes damage to another computer, or delivering advertisements that will not close without turning off either the computer or all sessions of the Internet browser; (2) modifying settings related to the use of the computer or to the computer's access to or use of the Internet by altering the Web page of the Internet browser, the default provider used to access the Internet, the bookmarks used to access Web pages, or the security or other settings of the computer that protect information about the user; (3) collecting personally identifiable information; (4) inducing the user to install a computer software component onto the computer or preventing efforts to block installation of a software component; (5) misrepresenting that installing a separate software component or providing log-in or password information is necessary for security or privacy reasons; (6) inducing a user to install computer software through misrepresentation; (7) inducing a user to provide personally identifiable information to another through misrepresentation or without the authority of the intended recipient of the information; (8) removing or disabling a security, anti-spyware, or anti-virus technology installed on the computer; or (9) installing or executing additional software components with the intent of causing a person to use such components in a way that violates any other provision of this section. Directs the Federal Trade Commission (FTC) to issue guidance regarding compliance with and violations of this section.
(Sec. 3) Makes it unlawful for a person to: (1) transmit to a protected computer for which such person is not a user any information collection program (a program that collects personally identifiable information and uses such information to send advertising), unless such program provides the notice required by this Act before execution of any of the collection functions of the program and such information collection program includes specified functions; or (2) execute any information collection program installed on such a protected computer, unless, before execution, the user has consented to such execution under notice requirements of this Act and such information collection program includes specified functions. Requires such notice clearly and conspicuously, and in plain language: (1) state that the program, if accepted, will collect personally identifiable information about the user and their computer use; (2) include an option for the user to grant or deny such consent, or to abandon or cancel the transmission or execution of an information collection program; and (3) include an option for the user to view a clear description of the types of information to be collected and the purposes for its intended use. Requires, if a user has consented, that an additional notice be sent if there is a material change in the way collected information will be used such that the use is outside the purpose set forth in the first notice. Requires the information collection program to contain a disabling function that easily allows the user to remove, or disable the operation of, the program. Requires that each display of a collected advertisement be accompanied by a statement that clearly identifies the information collection program. Limits the liability of a telecommunications carrier, provider of an information service or interactive computer service, cable operator, or provider of transmission capability with respect to violations described under this Act.
(Sec. 4) Provides for enforcement of violations as unfair or deceptive acts or practices under the Federal Trade Commission Act, with specified civil penalties. Requires a violation to have been committed with actual knowledge or knowledge fairly implied on the basis of objective circumstances.
(Sec. 5) Makes the provisions of this Act inapplicable with respect to: (1) acts undertaken by law enforcement authorities in the performance of official duties, including acts relating to national security; (2) monitoring, or other computer interaction, undertaken by a subscriber's Internet provider, cable carrier, or provider of information service for network security purposes; (3) a discrete interaction with a protected computer by a computer software provider to confirm authorized use of software; and (4) Good Samaritan actions (actions taken in good faith, and with the user's consent, by a computer software or service provider to remove or disable a program which violates this Act).
(Sec. 7) Requires the FTC to: (1) report annually to Congress on enforcement actions taken; and (2) issue regulations.
(Sec. 8) Directs the FTC to report to Congress regarding the use of tracking cookies (devices used to transmit personally identifiable information, or information regarding Web pages accessed by the user, to a party other than the intended recipient) in the delivery or display of advertising to owners and users of computers.
(Sec. 10) Terminates this Act after December 31, 2009.