Software Principles Yielding Better Levels of Consumer Knowledge Act or SPY BLOCK Act - (Sec. 2) Makes it unlawful for a person who is not an authorized user of a protected computer (any computer used in interstate or foreign commerce or communication) (unauthorized person) to cause the installation on that computer of software designed to: (1) conceal from the authorized user (user) the fact that such software is being installed; or (2) prevent the user from granting or withholding consent to the installation. Provides exceptions. Makes it unlawful to provide to an authorized user materially false or misleading inducements to install such software. Prohibits the installation of software designed to prevent reasonable efforts to uninstall or disable such software after it has been installed, with an exception with respect to software designed for one authorized user, such as a parent or system administrator.
(Sec. 3) Makes it unlawful for an unauthorized person to install on a protected computer software that collects information about the user's Internet browsing or other computer use and then transmits such information to another person if: (1) the information collected is not related to or in support of a normal software capability or function; and (2) there has been no reasonable notification to the authorized user of the such installation.
(Sec. 4) Makes it unlawful for an unauthorized person to install on a protected computer software that causes advertisements to be displayed to the user: (1) at a time when the user is not accessing a website or online service operated by the publisher of that software; and (2) in a manner in which the user would not understand that the software is responsible for delivering the advertisements.
(Sec. 5) Makes it unlawful for an unauthorized person to: (1) utilize the computer to send unsolicited information to other computers; (2) divert a user's Internet browser away from its intended site to one or more other websites; (3) display an advertisement or other content in such a manner that the user cannot end such display without turning off the computer or terminating all Internet sessions; or (4) covertly modify settings relating to the use of the computer or the computer's access to the Internet.
(Sec. 6) Provides exceptions from liability under this Act with respect to providers of: (1) passive transmission, hosting, or linking; and (2) network security.
(Sec. 7) Provides for administration and enforcement through the Federal Communications Commission (FCC).
(Sec. 8) Authorizes civil enforcement actions by States, with authorized FCC intervention.
(Sec. 10) Amends the Federal criminal code to provide criminal penalties for accessing a protected computer to cause a computer program or code to be copied onto such computer, and then using such program or code to impair the security protection of such computer or in furtherance of another criminal offense. Provides exceptions.
[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[S. 2145 Introduced in Senate (IS)]
108th CONGRESS
2d Session
S. 2145
To regulate the unauthorized installation of computer software, to
require clear disclosure to computer users of certain computer software
features that may pose a threat to user privacy, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
February 27, 2004
Mr. Burns (for himself, Mr. Wyden, and Mrs. Boxer) introduced the
following bill; which was read twice and referred to the Committee on
Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To regulate the unauthorized installation of computer software, to
require clear disclosure to computer users of certain computer software
features that may pose a threat to user privacy, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Software Principles Yielding Better
Levels of Consumer Knowledge Act'' or the ``SPY BLOCK Act''.
SEC. 2. UNAUTHORIZED INSTALLATION OF COMPUTER SOFTWARE.
(a) Notice, Choice, and Uninstall Procedures.--It is unlawful for
any person who is not the user of a protected computer to install
computer software on that computer, or to authorize, permit, or cause
the installation of computer software on that computer, unless--
(1) the user of the computer has received notice that
satisfies the requirements of section 3;
(2) the user of the computer has granted consent that
satisfies the requirements of section 3; and
(3) the computer software's uninstall procedures satisfy
the requirements of section 3.
(b) Red Herring Prohibition.--It is unlawful for any person who is
not the user of a protected computer to install computer software on
that computer, or to authorize, permit, or cause the installation of
computer software on that computer, if the design or operation of the
computer software is intended, or may reasonably be expected, to
confuse or mislead the user of the computer concerning the identity of
the person or service responsible for the functions performed or
content displayed by such computer software.
SEC. 3. NOTICE, CONSENT, AND UNINSTALL REQUIREMENTS.
(a) Notice.--For purposes of section 2(a)(1), notice to the user of
a computer shall--
(1) include a clear notification, displayed on the screen
until the user either grants or denies consent to installation,
of the name and general nature of the computer software that
will be installed if the user grants consent; and
(2) include a separate disclosure, with respect to each
information collection, advertising, distributed computing, and
settings modification feature contained in the computer
software, that--
(A) remains displayed on the screen until the user
either grants or denies consent to that feature;
(B) in the case of an information collection
feature, provides a clear description of--
(i) the type of personal or network
information to be collected and transmitted by
the computer software; and
(ii) the purpose for which the personal or
network information is to be collected,
transmitted, and used;
(C) in the case of an advertising feature,
provides--
(i) a representative example of the type of
advertisement that may be delivered by the
computer software;
(ii) a clear description of--
(I) the estimated frequency with
which each type of advertisement may be
delivered; or
(II) the factors on which the
frequency will depend; and
(iii) a clear description of how the user
can distinguish each type of advertisement that
the computer software delivers from
advertisements generated by other software,
Internet website operators, or services;
(D) in the case of a distributed computing feature,
provides a clear description of--
(i) the types of information or messages
the computer software will cause the computer
to transmit;
(ii)(I) the estimated frequency with which
the computer software will cause the computer
to transmit such messages or information; or
(II) the factors on which the frequency
will depend;
(iii) the estimated volume of such
information or messages, and the likely impact,
if any, on the processing or communications
capacity of the user's computer; and
(iv) the nature, volume, and likely impact
on the computer's processing capacity of any
computational or processing tasks the computer
software will cause the computer to perform in
order to generate the information or messages
the computer software will cause the computer
to transmit;
(E) in the case of a settings modification feature,
provides a clear description of the nature of the
modification, its function, and any collateral effects
the modification may produce; and
(F) provides a clear description of procedures the
user may follow to turn off such feature or uninstall
the computer software.
(b) Consent.--For purposes of section 2(a)(2), consent requires--
(1) consent by the user of the computer to the installation
of the computer software; and
(2) separate affirmative consent by the user of the
computer to each information collection feature, advertising
feature, distributed computing feature, and settings
modification feature contained in the computer software.
(c) Uninstall Procedures.--For purposes of section 2(a)(3),
computer software shall--
(1) appear in the ``Add/Remove Programs'' menu or any
similar feature, if any, provided by each operating system with
which the computer software functions;
(2) be capable of being removed completely using the normal
procedures provided by each operating system with which the
computer software functions for removing computer software; and
(3) in the case of computer software with an advertising
feature, include an easily identifiable link clearly associated
with each advertisement that the software causes to be
displayed, such that selection of the link by the user of the
computer generates an on-screen window that informs the user
about how to turn off the advertising feature or uninstall the
computer software.
SEC. 4. UNAUTHORIZED USE OF CERTAIN COMPUTER SOFTWARE.
It is unlawful for any person who is not the user of a protected
computer to use an information collection, advertising, distributed
computing, or settings modification feature of computer software
installed on that computer, if--
(1) the computer software was installed in violation of
section 2;
(2) the use in question falls outside the scope of what was
described to the user of the computer in the notice provided
pursuant to section 3(a); or
(3) in the case of an information collection feature, the
person using the feature fails to establish and maintain
reasonable procedures to protect the security and integrity of
personal information so collected.
SEC. 5. EXCEPTIONS.
(a) Preinstalled Software.--A person who installs, or authorizes,
permits, or causes the installation of, computer software on a
protected computer before the first retail sale of the computer shall
be deemed to be in compliance with this Act if the user of the computer
receives notice that would satisfy section 3(a)(2) and grants consent
that would satisfy section 3(b)(2) prior to--
(1) the initial collection of personal or network
information, in the case of any information collection feature
contained in the computer software;
(2) the initial generation of an advertisement on the
computer, in the case of any advertising feature contained in
the computer software;
(3) the initial transmission of information or messages, in
the case of any distributed computing feature contained in the
computer software; and
(4) the initial modification of user settings, in the case
of any settings modification feature.
(b) Other Exceptions.--Sections 3(a)(2), 3(b)(2), and 4 do not
apply to any feature of computer software that is reasonably needed
to--
(1) provide capability for general purpose online browsing,
electronic mail, or instant messaging, or for any optional
function that is directly related to such capability and that
the user knowingly chooses to use;
(2) determine whether or not the user of the computer is
licensed or authorized to use the computer software; and
(3) provide technical support for the use of the computer
software by the user of the computer.
(c) Passive Transmission, Hosting, or Link.--For purposes of this
Act, a person shall not be deemed to have installed computer software,
or authorized, permitted, or caused the installation of computer
software, on a computer solely because that person provided--
(1) the Internet connection or other transmission
capability through which the software was delivered to the
computer for installation;
(2) the storage or hosting, at the direction of another
person and without selecting the content to be stored or
hosted, of the software or of an Internet website through which
the software was made available for installation; or
(3) a link or reference to an Internet website the content
of which was selected and controlled by another person, and
through which the computer software was made available for
installation.
(d) Software Resident in Temporary Memory.--In the case of an
installation of computer software that falls within the meaning of
section 7(10)(B) but not within the meaning of section 7(10)(A), the
requirements set forth in subsections (a)(1), (b)(1), and (c) of
section 3 shall not apply.
(e) Features Activated by User Options.--In the case of an
information collection, advertising, distributed computing, or settings
modification feature that remains inactive or turned off unless the
user of the computer subsequently selects certain optional settings or
functions provided by the computer software, the requirements of
subsections (a)(2) and (b)(2) of section 3 may be satisfied by
providing the applicable disclosure and obtaining the applicable
consent at the time the user selects the option that activates the
feature, rather than at the time of initial installation.
SEC. 6. ADMINISTRATION AND ENFORCEMENT.
(a) In General.--Except as provided in subsection (b), this Act
shall be enforced by the Commission as if the violation of this Act
were an unfair or deceptive act or practice proscribed under section
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C.
57a(a)(1)(B)).
(b) Enforcement by Certain Other Agencies.--Compliance with this
Act shall be enforced under--
(1) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), in the case of--
(A) national banks, and Federal branches and
Federal agencies of foreign banks, by the Office of the
Comptroller of the Currency;
(B) member banks of the Federal Reserve System
(other than national banks), branches and agencies of
foreign banks (other than Federal branches, Federal agencies, and
insured State branches of foreign banks), commercial lending companies
owned or controlled by foreign banks, and organizations operating under
section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 and 611),
by the Board; and
(C) banks insured by the Federal Deposit Insurance
Corporation (other than members of the Federal Reserve
System) and insured State branches of foreign banks, by
the Board of Directors of the Federal Deposit Insurance
Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), by the Director of the Office of Thrift
Supervision, in the case of a savings association the deposits
of which are insured by the Federal Deposit Insurance
Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.)
by the National Credit Union Administration Board with respect
to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code,
by the Secretary of Transportation with respect to any air
carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et
seq.) (except as provided in section 406 of that Act (7 U.S.C.
226, 227)), by the Secretary of Agriculture with respect to any
activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by
the Farm Credit Administration with respect to any Federal land
bank, Federal land bank association, Federal intermediate
credit bank, or production credit association.
(c) Exercise of Certain Powers.--For the purpose of the exercise by
any agency referred to in subsection (b) of its powers under any Act
referred to in that subsection, a violation of this Act is deemed to be
a violation of a requirement imposed under that Act. In addition to its
powers under any provision of law specifically referred to in
subsection (b), each of the agencies referred to in that subsection may
exercise, for the purpose of enforcing compliance with any requirement
imposed under this Act, any other authority conferred on it by law.
(d) Actions by the Commission.--The Commission shall prevent any
person from violating this Act in the same manner, by the same means,
and with the same jurisdiction, powers, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act (15
U.S.C. 41 et seq.) were incorporated into and made a part of this Act.
Any entity that violates any provision of that section is subject to
the penalties and entitled to the privileges and immunities provided in
the Federal Trade Commission Act in the same manner, by the same means,
and with the same jurisdiction, power, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act
were incorporated into and made a part of that section.
(e) Preservation of Commission Authority.--Nothing contained in
this section shall be construed to limit the authority of the
Commission under any other provision of law.
SEC. 7. ACTIONS BY STATES.
(a) In General.--
(1) Civil actions.--In any case in which the attorney
general of a State has reason to believe that an interest of
the residents of that State has been or is threatened or
adversely affected by the engagement of any person in a
practice that this Act prohibits, the State, as parens patriae,
may bring a civil action on behalf of the residents of the
State in a district court of the United States of appropriate
jurisdiction--
(A) to enjoin that practice;
(B) to enforce compliance with the rule;
(C) to obtain damage, restitution, or other
compensation on behalf of residents of the State; or
(D) to obtain such other relief as the court may
consider to be appropriate.
(2) Notice.--
(A) In general.--Before filing an action under
paragraph (1), the attorney general of the State
involved shall provide to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that
action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not
apply with respect to the filing of an action
by an attorney general of a State under this
subsection, if the attorney general determines
that it is not feasible to provide the notice
described in that subparagraph before the
filing of the action.
(ii) Notification.--In an action described
in clause (i), the attorney general of a State
shall provide notice and a copy of the
complaint to the Commission at the same time as
the attorney general files the action.
(b) Intervention.--
(1) In general.--On receiving notice under subsection
(a)(2), the Commission shall have the right to intervene in the
action that is the subject of the notice.
(2) Effect of intervention.--If the Commission intervenes
in an action under subsection (a), it shall have the right--
(A) to be heard with respect to any matter that
arises in that action; and
(B) to file a petition for appeal.
(c) Construction.--For purposes of bringing any civil action under
subsection (a), nothing in this subtitle shall be construed to prevent
an attorney general of a State from exercising the powers conferred on
the attorney general by the laws of that State to--
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of
documentary and other evidence.
(d) Actions by the Commission.--In any case in which an action is
instituted by or on behalf of the Commission for violation of section 2
of this Act, no State may, during the pendency of that action,
institute an action under subsection (a) against any defendant named in
the complaint in that action for violation of that section.
(e) Venue; Service of Process.--
(1) Venue.--Any action brought under subsection (a) may be
brought in the district court of the United States that meets
applicable requirements relating to venue under section 1391 of
title 28, United States Code.
(2) Service of process.--In an action brought under
subsection (a), process may be served in any district in which
the defendant--
(A) is an inhabitant; or
(B) may be found.
SEC. 8. DEFINITIONS.
In this Act:
(1) Advertisement.--The term ``advertisement'' means a
commercial promotion for a product or service, but does not
include promotions for products or services that appear on
computer software help or support pages that are displayed in
response to a request by the user.
(2) Advertising feature.--The term ``advertising feature''
means a function of computer software that, when installed on a
computer, delivers advertisements to the user of that computer.
(3) Affirmative consent.--The term ``affirmative consent''
means consent expressed through action by the user of a
computer other than default action specified by the
installation sequence and independent from any other consent
solicited from the user during the installation process.
(4) Clear description.--The term ``clear description''
means a description that is clear, conspicuous, concise, and in
a font size that is at least as large as the largest default
font displayed to the user by the software.
(5) Computer software.--The term ``computer software''--
(A) means any program designed to cause a computer
to perform a desired function or functions; and
(B) does not include any cookie.
(6) Cookie.--The term ``cookie'' means a text file--
(A) that is placed on a computer by an Internet
service provider, interactive computer service, or
Internet website; and
(B) the sole function of which is to record
information that can be read or recognized by an
Internet service provider, interactive computer
service, or Internet website when the user of the
computer uses or accesses such provider, service, or
website.
(7) Distributed computing feature.--The term ``distributed
computing feature'' means a function of computer software that,
when installed on a computer, transmits information or
messages, other than personal or network information about the
user of the computer, to any other computer without the
knowledge or direction of the user and for purposes unrelated
to the tasks or functions the user intentionally performs using
the computer.
(8) First retail sale.--The term ``first retail sale''
means the first sale of a computer, for a purpose other than
resale, after the manufacture, production, or importation of
the computer. For purposes of this paragraph, the lease of a
computer shall be considered a sale of the computer at retail.
(9) Information collection feature.--The term ``information
collection feature'' means a function of computer software
that, when installed on a computer, collects personal or
network information about the user of the computer and
transmits such information to any other party on an automatic
basis or at the direction of a party other than the user of the
computer.
(10) Install.--The term ``install'' means--
(A) to write computer software to a computer's
persistent storage medium, such as the computer's hard
disk, in such a way that the computer software is
retained on the computer after the computer is turned
off and subsequently restarted; or
(B) to write computer software to a computer's
temporary memory, such as random access memory, in such
a way that the software is retained and continues to
operate after the user of the computer turns off or
exits the Internet service, interactive computer
service, or Internet website from which the computer
software was obtained.
(11) Network Information.--The term ``network information''
means--
(A) an Internet protocol address or domain name of
a user's computer; or
(B) a Uniform Resource Locator or other information
that identifies Internet web sites or other online
resources accessed by a user of a computer.
(12) Personal information.--The term ``personal
information'' means--
(A) a first and last name, whether given at birth
or adoption, assumed, or legally changed;
(B) a home or other physical address including
street name, name of a city or town, and zip code;
(C) an electronic mail address or online username;
(D) a telephone number;
(E) a social security number;
(F) any personal identification number;
(G) a credit card number, any access code
associated with the credit card, or both;
(H) a birth date, birth certificate number, or
place of birth; or
(I) any password or access code.
(13) Person.--The term ``person'' has the meaning given
that term in section 3(32) of the Communications Act of 1934
(47 U.S.C. 153(32)).
(14) Protected computer.--The term ``protected computer''
has the meaning given that term in section 1030(e)(2)(B) of
title 18, United States Code.
(15) Settings modification feature.--The term ``settings
modification feature'' means a function of computer software
that, when installed on a computer--
(A) modifies an existing user setting, without
direction from the user of the computer, with respect
to another computer software application previously
installed on that computer; or
(B) enables a user setting with respect to another
computer software application previously installed on
that computer to be modified in the future without
advance notification to and consent from the user of
the computer.
(16) User of a computer.--The term ``user of a computer''
means a computer's lawful owner or an individual who operates a
computer with the authorization of the computer's lawful owner.
SEC. 9. EFFECTIVE DATE.
This Act shall take effect 180 days after the date of enactment of
this Act.
<all>
Introduced in Senate
Read twice and referred to the Committee on Commerce, Science, and Transportation. (text of measure as introduced: CR S1893-1895)
Committee on Commerce, Science, and Transportation Subcommittee on Communications. Hearings held. With printed Hearing: S.Hrg. 108-1002.
Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
Committee on Commerce, Science, and Transportation. Reported by Senator McCain with an amendment in the nature of a substitute. Without written report.
Committee on Commerce, Science, and Transportation. Reported by Senator McCain with an amendment in the nature of a substitute. Without written report.
Placed on Senate Legislative Calendar under General Orders. Calendar No. 811.
By Senator McCain from Committee on Commerce, Science, and Transportation filed written report. Report No. 108-424.
By Senator McCain from Committee on Commerce, Science, and Transportation filed written report. Report No. 108-424.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line