Enhanced Consumer Protection Against Spyware Act of 2005 - Expresses the sense of Congress that: (1) combating spyware should be established as a matter of high priority for Federal Trade Commission (FTC) action; and (2) the resources and tools available to the FTC should be enhanced and expanded to increase the breadth and strength of the FTC's spyware enforcement efforts.
Declares that it is a violation of the Federal Trade Commission Act (FTCA) to install through deceptive acts or practices software on protected computers.
Subjects such practices to: (1) enforcement as a proscribed unfair or deceptive act or practice; (2) triple the penalty amounts prescribed in the FTCA; and (3) FTC authority to order disgorgement and seizure of ill-gotten gains.
Preempts state and local law or remedies.
Denies a private right of action in either federal or state court.
Authorizes state Attorneys General to bring enforcement actions in federal court. Prohibits state Attorneys General from bringing an action under this Act if either the U.S. Attorney General or the FTC institutes an enforcement action.
Specifies federal and state law enforcement, investigatory, national security, and regulatory activities exempt from liability under this Act.
Extends the meaning of unfair or deceptive acts or practices subject to FTC enforcement to any such acts or practices involving foreign commerce that cause or are likely to cause reasonably foreseeable injury, or involve material conduct occurring, within the United States.
Amends the federal criminal code to prescribe criminal penalties for illicit indirect use of protected computers.
[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[S. 1004 Introduced in Senate (IS)]
109th CONGRESS
1st Session
S. 1004
To provide the Federal Trade Commission with the resources necessary to
protect users of the Internet from the unfair and deceptive acts and
practices associated with spyware, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
May 11, 2005
Mr. Allen (for himself, Mr. Smith, and Mr. Ensign) introduced the
following bill; which was read twice and referred to the Committee on
Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To provide the Federal Trade Commission with the resources necessary to
protect users of the Internet from the unfair and deceptive acts and
practices associated with spyware, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Enhanced Consumer Protection Against
Spyware Act of 2005''.
SEC. 2. CONGRESSIONAL FINDINGS.
Congress finds the following:
(1) Software commonly known as ``spyware'' can cause
significant harm to consumers by, among other things,
deceptively or unfairly causing a computer to malfunction, slow
down, lose data, cease working properly, or share personal
information without a consumer's knowledge.
(2) The unfair and deceptive practices associated with the
distribution of spyware threaten the confidence of millions of
Americans who use the Internet as a valuable medium for
commerce and communications.
(3) The Federal Trade Commission's legal actions have
clearly established the Commission's authority to combat unfair
or deceptive acts or practices involving the Internet and
consumers' computers.
(4) According to the Commission's statements to Congress,
the vast majority of unfair or deceptive acts or practices
involving spyware, such as deceptively asserting control over a
consumer's computer and capturing keystroke information, are
already unlawful under the Federal Trade Commission Act.
(5) The Commission has already taken legal action against
spyware purveyors. For example, in FTC v. Seismic
Entertainment, the Commission requested that a district court
of the United States shut down a spyware operation that hijacks
personal computers, secretly changes computer settings,
barrages them with pop-up ads, and installs software programs
that ``spy'' on consumers' web surfing.
(6) Because the fraudulent, deceptive, or unfair
installation of spyware is already a violation of Federal law,
Congress must focus on providing adequate resources to combat
spyware. For example, because a large percentage of the
purveyors of spyware are located outside of the United States,
legislation that increases the Commission's authority to combat
deceptive or unfair acts or practices that occur overseas would
promote enforcement actions against spyware purveyors.
(7) Because spyware affects interstate commerce and over 20
States are considering legislation on spyware and 2 States have
already enacted laws on spyware, Congress must establish a
Federal regulatory and enforcement standard to protect against
the growing patchwork of State laws that unnecessarily confuses
and burdens consumers and legitimate software providers.
SEC. 3. SENSE OF CONGRESS.
On the basis of the findings in section 2, it is the sense of the
Congress that--
(1) combating spyware should be established as a matter of
high priority for Federal Trade Commission action; and
(2) the resources and tools available to the Commission
should be enhanced and expanded to increase the breadth and
strength of the Commission's spyware enforcement efforts.
SEC. 4. DEFINITIONS.
As used in this Act:
(1) Cable operator.--The term ``cable operator'' has the
meaning given such term in section 602 of the Communications
Act of 1934 (47 U.S.C. 522).
(2) Computer; protected computer.--The terms ``computer''
or ``protected computer'' have the meanings given such terms in
section 1030(e) of the title 18, United States Code.
(3) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(4) Information service.--The term ``information service''
has the meaning given such term in section 3 of the
Communications Act of 1934 (47 U.S.C. 153).
(5) Interactive computer service.--The term ``interactive
computer service'' has the meaning given such term in section
230(f) of the Communications Act of 1934 (47 U.S.C. 230(f)).
(6) Owner or authorized user.--The term ``owner or
authorized user'' means--
(A) a natural person who owns a computer for
commercial, family, household, or educational purposes;
or
(B) an individual who operates a computer with the
authorization of a natural person who owns the computer
for commercial, personal, family, household, or
educational purposes.
(7) Telecommunications carrier.--The term
``telecommunications carrier'' has the meaning given such term
in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
SEC. 5. FEDERAL TRADE COMMISSION AUTHORITY TO COMBAT DECEPTIVE ACTS OR
PRACTICES RELATING TO SPYWARE.
(a) Restatement of Authority.--
(1) Violation.--It is a violation of section 18 of the
Federal Trade Commission Act (15 U.S.C. 57a) to install through
deceptive acts or practices software on protected computers.
(2) Enforcement.--Any violation of this Act or of any rules
implementing this Act, shall be enforced by the Commission as
if it were an unfair or deceptive act or practice proscribed
under section 18(a)(1)(B) of the Federal Trade Commission Act
(15 U.S.C. 57a(a)(1)(B)).
(b) Increased Fines.--For any violation described in subsection
(a), the Commission may, in its discretion, penalize such deceptive
acts or practices by tripling the amounts prescribed in the Federal
Trade Commission Act (15 U.S.C. 41 et seq.).
(c) Penalty for Pattern or Practice Violations.--
(1) In general.--Notwithstanding the Federal Trade
Commission Act (15 U.S.C. 41 et seq.), in the case of a person
who engages in a pattern or practice that violates subsection
(a), the Commission may, in its discretion, seek a civil
penalty for such pattern or practice of violations in an
amount, as determined by the Commission, of not more than
$3,000,000 for each violation of subsection (a).
(2) Treatment of single action or conduct.--For the purpose
of enforcing paragraph (1), any single action or conduct that
violates subsection (a) with respect to multiple protected
computers shall be treated as a single violation.
(d) Ill-Gotten Gains.--For any violation described in subsection
(a), the Commission shall have authority to disgorge and seize any ill-
gotten gains procured through such deceptive acts or practices.
(e) Preemption of State or Local Law.--This section supersedes any
provision of a statute, regulation, or rule, and any other requirement,
prohibition or remedy under State law or the law of a political
subdivision of a State that relates to or affects installation of
software through deceptive acts or practices or the use of computer
software installed by means of the Internet.
(f) Private Right of Action.--
(1) In general.--This Act may not be considered or
construed to provide any private cause of action, including a
class action.
(2) Civil action.--No private civil action relating to any
act or practice governed under this Act may be commenced or
maintained in any State court or under State law, including a
pendent State claim to an action under Federal law.
(g) Enforcement by State Attorney Generals.--
(1) Civil actions.--In any case in which the attorney
general of a State has reason to believe that an interest of
the residents of that State has been or is threatened or
adversely affected by the engagement of any person in a
practice that is prohibited under this section, the State, as
parens patriae, may bring a civil action on behalf of the
residents of that State in a Federal district court of the
United States of appropriate jurisdiction, or any other court
of competent jurisdiction, to--
(A) enjoin that practice;
(B) enforce compliance with this section;
(C) obtain actual damage and restitution on behalf
of residents of the State; or
(D) obtain such other relief as the court may
consider to be appropriate.
(2) Notice.--
(A) In general.--Before filing an action under
paragraph (1), the attorney general of a State shall
provide to the Commission and the Attorney General--
(i) written notice of the action; and
(ii) a copy of the complaint for the
action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not
apply with respect to the filing of an action
by an attorney general of a State under this
subsection, if the attorney general of a State
determines that it is not feasible to provide
the notice described in such subparagraph
before the filing of the action.
(ii) Notification.--In an action described
in clause (i), the attorney general of a State
shall provide notice and a copy of the
complaint to the Commission and the Attorney
General at the time the attorney general of a
State files the action.
(C) Attorney general's right to intervene.--After
having been notified, as provided in subparagraph (A),
the United States Attorney General shall have the
right--
(i) to file an action;
(ii) to intervene in the action;
(iii) upon so intervening, to be heard on
all matters arising in that action;
(iv) to remove the action to the
appropriate district court of the United
States; and
(v) to file petitions for appeal.
(D) Prohibition on state attorney generals if
attorney general acts.--If the Attorney General
institutes an action under this Act, no attorney
general of a State or official or agency of a State may
bring an action under this subsection for any violation
of subsection (a) alleged in the complaint.
(E) Prohibition on state attorney generals if
commission acts.--If the Commission institutes an
action under this subsection, no attorney general of a
State or official or agency of a State may bring an
action under this subsection for any violation of this
section alleged in the complaint.
(h) Rule of Construction.--For purposes of bringing any civil
action under this section, nothing in this Act shall be construed to
prevent an attorney general of a State from exercising the powers
conferred on such attorney general by the laws of that State to--
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of
documentary and other evidence.
(i) Venue; Service of Process.--
(1) Venue.--Any action brought under subsection (g) may be
brought in the district court of the United States that meets
applicable requirements relating to venue under section 1391 of
title 28, United States Code.
(2) Service of process.--In an action brought under
subsection (g), process may be served in any district in which
the defendant--
(A) is an inhabitant; or
(B) may be found.
SEC. 6. LIMITATIONS ON LIABILITY.
(a) Law Enforcement Authority.--Section 5 shall not apply to the
transmission, installation, or execution of a computer program in
compliance with a law enforcement, investigatory, national security, or
regulatory agency or department of the United States, or any State in
response to a request or demand made under authority granted to that
agency or department, including--
(1) a warrant issued under the Federal Rules of Criminal
Procedure;
(2) an equivalent State warrant; or
(3) a court order or other lawful process.
(b) Passive Transmission, Hosting, or Linking.--A person shall not
be deemed to have violated any provision of this Act solely because the
person provided--
(1) the Internet connection, telephone connection, or other
transmission or routing function through which software was
delivered to a protected computer for installation;
(2) the storage or hosting of software or of an Internet
website through which software was made available for
installation to a protected computer; or
(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer located software available for
installation.
(c) Exception Relating to Security.--Nothing in this Act shall
apply to--
(1) any monitoring of, or interaction with, a consumer's
Internet or other network connection or service, or a protected
computer, by a telecommunications carrier, cable operator,
computer hardware or software provider, or provider of
information service or interactive computer service, to the
extent that such monitoring or interaction is for network or
computer security purposes, network management, maintenance,
diagnostics, technical support or repair, or for the detection
or prevention of fraudulent activities; or
(2) a discrete interaction with a protected computer by a
provider of computer software solely to determine whether the
user of the computer is authorized to use such software, that
occurs upon--
(A) initialization of the software; or
(B) an affirmative request by the owner or
authorized user for an update of, addition to, or
technical service for, the software.
(d) Limitation on Liability.--A manufacturer or retailer of
computer equipment shall not be liable under this Act to the extent
that the manufacturer or retailer is providing third party branded
software that is installed on the equipment the manufacturer or
retailer is manufacturing or selling.
(e) Compliance With Law.--No person shall be liable under this Act
for engaging in any activity that is expressly permissible under any
other provision of Federal law.
(f) Commission Authority.--In addition to the limitation of
liability specified in this section, the Commission may by regulation
establish additional limitations or exceptions upon the finding that
such limitations or exceptions are reasonably necessary to promote the
public interest.
SEC. 7. INTERNATIONAL CONSUMER PROTECTION AUTHORITY.
(a) Availability of Remedies.--Section 5(a) of the Federal Trade
Commission Act (15 U.S.C. 45(a)) is amended by adding at the end the
following:
``(4)(A) For purposes of this subsection, the term `unfair or
deceptive acts or practices' includes unfair or deceptive acts or
practices involving foreign commerce that--
``(i) cause or are likely to cause reasonable foreseeable
injury within the United States; or
``(ii) involve material conduct occurring within the United
States.
``(B) All remedies available to the Commission with respect to
unfair and deceptive acts or practices shall be available for acts and
practices described in this paragraph, including restitution to
domestic or foreign victims.''.
SEC. 8. PENALTIES FOR CERTAIN UNAUTHORIZED ACTIVITIES RELATING TO
COMPUTERS.
(a) In General.--Chapter 47 of title 18, United States Code, is
amended by inserting after section 1030 the following:
``Sec. 1030A. Illicit indirect use of protected computers
``(a) Furtherance of Criminal Offense.--Whoever intentionally
accesses a protected computer without authorization, or exceeds
authorized access to a protected computer, by causing a computer
program or code to be copied onto the protected computer, and
intentionally uses that program or code in furtherance of another
Federal criminal offense shall be fined under this title or imprisoned
not more than 5 years, or both.
``(b) Security Protection.--Whoever intentionally accesses a
protected computer without authorization, or exceeds authorized access
to a protected computer, by causing a computer program or code to be
copied onto the protected computer, and by means of that program or
code intentionally impairs the security protection of the protected
computer shall be fined under this title or imprisoned not more than 2
years, or both.
``(c) Individual Exemption.--A person shall not violate this
section who solely provides--
``(1) an Internet connection, telephone connection, or
other transmission or routing function through which software
is delivered to a protected computer for installation;
``(2) the storage or hosting of software, or of an Internet
website, through which software is made available for
installation to a protected computer; or
``(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer locates software available for
installation.
``(d) Network Exemption.--A provider of a network or online service
that an authorized user of a protected computer uses or subscribes to
shall not violate this section by any monitoring or, interaction with,
or installation of software for the purpose of--
``(1) protecting the security of the network, service, or
computer;
``(2) facilitating diagnostics, technical support,
maintenance, network management, or repair; or
``(3) preventing or detecting unauthorized, fraudulent, or
otherwise unlawful uses of the network or service.
``(e) Exclusive Jurisdiction.--No person may bring a civil action
under the law of any State if such action is premised in whole or in
part upon the defendant's violation of this section.
``(f) Definitions.--As used in this section:
``(1) Computer; protected computer.--The terms `computer'
or `protected computer' have the meanings given such terms in
section 1030(e) of this title.
``(2) State.--The term `State' includes each of the several
States, the District of Columbia, Puerto Rico, and any other
territory or possession of the United States.''.
(b) Conforming Amendment.--The table of sections at the beginning
of chapter 47 of title 18, United States Code, is amended by inserting
after the item relating to section 1030 the following new item:
``1030A. Illicit indirect use of protected computers.''.
SEC. 9. PRESERVATION OF FEDERAL TRADE COMMISSION AUTHORITY.
Nothing in this Act may be construed in any way to limit or affect
the Commission's authority under any other provision of law, including
the authority to issue advisory opinions, policy statements, or
guidance regarding this Act.
SEC. 10. AUTHORIZATION OF APPROPRIATIONS.
There is authorized to be appropriated, to the Commission for the
purposes of enforcing violations relating to the unfair and deceptive
practices associated with computer and Internet related crimes, not
more than $10,000,000 for each fiscal year beginning with fiscal year
2006.
<all>
Introduced in Senate
Read twice and referred to the Committee on Commerce, Science, and Transportation.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line