Title I: Spyware - Software Principles Yielding Better Levels of Consumer Knowledge Act or the SPY BLOCK Act - (Sec. 102) Prohibits the installation of software on protected computers (a computer used in interstate or foreign commerce or communication) through unfair or deceptive acts or practices.
(Sec. 103) Prohibits a person who is not an authorized user of a protected computer from causing the installation of software that: (1) takes control of such computer through zombies, modem hijacking, denial of service attacks, or endless loop pop-up advertisements; (2) modifies the computer's settings to enable identity theft, to disable security in order to damage that or another computer, or to change, through unfair or deceptive means, the computer's Internet browser or bookmarks; or (3) prevents, without the user's authorization and by unfair or deceptive means, such user's reasonable efforts to block installation of, disable, or uninstall software.
(Sec. 104) Prohibits a person who is not an authorized user from causing the installation on a protected computer of software that collects sensitive personal information without first providing clear and conspicuous disclosure to the authorized user and obtaining the user's consent. Requires disclosure and consent to extract from the protected computer the user's: (1) social security number; (2) tax identification number; (3) driver's license number; (4) passport number; (5) any other government-issued identification number; (6) financial account, credit card, or debit card numbers; (7) account balances or overdraft history; or (8) other sensitive personal information.
Prohibits causing the installation on a computer of software that engages in any of the following practices without prior clear and conspicuous disclosure to, or with the knowledge of, the authorized user and for a purpose unrelated to the software purposes or service described to such user: (1) keystroke logging; (2) collection of personally identifying information that is correlated with the web sites visited, other than those operated by the person providing such software; and (3) extraction of substantive contents of files, data, software, or other information knowingly saved or installed by the authorized user or the substantive contents of communications sent to another computer. Exempts from such requirement a person that installs software that collects information for the provider of an online service or website knowingly used or subscribed to by an authorized user if the information collected is used only to affect the user's experience while using such service or website.
Prohibits, without first providing clear and conspicuous disclosure, causing the installation of such software that can not be uninstalled or disabled by an authorized user through a program removal function that is usual and customary with the computer's operating system. Exempts software that allows one authorized user of a computer to prevent other authorized users from unistalling or disabling the program if at least one authorized user retains the ability to uninstall or disable the software.
(Sec. 105) Prohibits causing the installation of software that causes advertising windows to appear on a protected computer regardless of whether any other non-advertising related functionality of the software is: (1) activated by the authorized user; or (2) conspicuously active on the computer. Exempts software that: (1) displays, each time the software causes an advertisement to appear, a clear and conspicuous label or other reasonable means of identifying the software that caused the advertisement to appear; (2) the authorized user is likely to identify as the main component of an installed software bundle; (3) contains a clear and conspicuous hypertext link that provides instructions concerning how the user may, through usual and customary means, uninstall the software causing the advertisement to appear; and (4) causes advertisements to be displayed without identification if those advertisements are displayed only when a user is gaining access to or using a website or online service owned or operated by the author or publisher of the software, or if the owner or operator authorized the author or publisher of the software to display such advertisements.
(Sec. 106) Exempts from such prohibitions any monitoring of or interaction with a subscriber's network connection or service, or a protected computer, by or at the direction of a telecommunications carrier, cable operator, computer hardware or software provider, financial institution or provider of information services, or interactive computer service for: (1) network or computer security purposes; (2) diagnostics; (3) technical support; (4) repair; (5) network management; (6) authorized updates of software or system firmware; (7) authorized remote system management; (8) authorized provision of protection for users from objectionable content; (9) authorized scanning for computer software used in violation of this Act for removal; or (10) detection or prevention of the unauthorized use of fraudulent software or other illegal activities. Exempts a computer manufacturer or retailer from liability for causing the installation of third-party branded software before the first retail sale and delivery of a computer, unless the manufacturer or retailer: (1) uses the software to collect information about a user or the use of the computer; or (2) knows that the software will cause advertisements for the manufacturer or retailer to be displayed or derives a direct financial benefit from other advertisements displayed.
States that it is not a violation of this Act for a multichannel video programming distributor to utilize, interact with, or install or use software on a navigation device in connection with the provision of programming or other services offered over a multichannel video programming system or the collection or disclosure of subscriber information, if the provision of such service or the collection or disclosure of such information is subject to provisions of the Communications Act of 1934 concerning notice to satellite subscribers.
(Sec. 107) Requires violations of this Act to be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act. Provides for penalties for such violations. Allows the Federal Trade Commission (FTC) to increase the penalty to threefold the amount of penalty otherwise applicable. Authorizes the FTC to seek a civil penalty of no more than $3,000,000 for each violation. Authorizes the FTC to: (1) petition the court to order the seizure and forfeiture of assets attributable to the violation; and (2) require that violators disgorge any ill-gotten gains procured through unfair or deceptive acts or practices in violation of this Act. Requires the FTC to seize any such gains it has required to be disgorged.
(Sec. 108) Provides for enforcement of this Act by other agencies through the Federal Deposit Insurance Act, the Federal Credit Union Act, the Securities and Exchange Act of 1934, the Communications Act of 1934, provisions of law concerning transportation of air carriers, and state insurance law.
(Sec. 109) Authorizes states to bring civil actions in U.S. District Court to remedy violations of this Act on behalf of their citizens. Prohibits states from instituting an action against any defendant named in a complaint in an action instituted by or for the FTC for violation of this Act.
(Sec. 110) Authorizes a telecommunications carrier to bring a civil action to recover costs and charges incurred as a result of modem hijacking violations.
Precludes any person from bringing a civil action under state law for an action premised upon the defendant's violation of this Act.
(Sec. 111) Preempts state or local law that relates to, or confers a remedy for: (1) the installation or use of software to deliver advertisements to a protected computer to collect information about a user of a protected computer, or to allow a person other than an authorized user to direct or control a protected computer; or (2) the method or manner of unistalling or disabling software that performs any of these functions.
(Sec. 113) Prescribes penalties for intentionally gaining access to a protected computer without authorization, or exceeding authorized access to a protected computer by causing a computer program or code to be copied onto the computer, and: (1) intentionally using that program or code in furtherance of another federal criminal offense; or (2) intentionally impairing the security protection of the computer. Exempts people who solely provide: (1) a transmission or routing function through which software is delivered to a protected computer for installation; (2) the storage or hosting of software or a website through which software is made available for installation to a protected computer; or (3) an information location tool through which a user locates software available for installation. Exempts a provider of a network or online service that an authorized user uses or subscribes to for any monitoring or, interaction with, or installation of software for the purpose of: (1) protecting the security of the network, service, or computer; (2) facilitating diagnostics, technical support, maintenance, network management, or repair; or (3) preventing or detecting unauthorized, fraudulent, or otherwise unlawful uses of the network or service.
Title II: Increase in Certain Penalties - (Sec. 201) Increases civil penalties for violations involving an unfair or deceptive act or practice in a national emergency period or disaster period, or relating to an international disaster, if the act or practice exploits popular reaction to the emergency or disaster.
[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[S. 687 Introduced in Senate (IS)]
109th CONGRESS
1st Session
S. 687
To regulate the unauthorized installation of computer software, to
require clear disclosure to computer users of certain computer software
features that may pose a threat to user privacy, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
March 20, 2005
Mr. Burns (for himself, Mr. Wyden, Mrs. Boxer, and Mr. Nelson of
Florida) introduced the following bill; which was read twice and
referred to the Committee on Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To regulate the unauthorized installation of computer software, to
require clear disclosure to computer users of certain computer software
features that may pose a threat to user privacy, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Software
Principles Yielding Better Levels of Consumer Knowledge Act'' or the
``SPY BLOCK Act''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title.
Sec. 2. Prohibited practices related to software installation in
general.
Sec. 3. Installing surreptitious information collection features on a
user's computer.
Sec. 4. Adware that conceals its operation.
Sec. 5. Other practices that thwart user control of computer.
Sec. 6. Limitations on liability.
Sec. 7. FTC rulemaking authority.
Sec. 8. Administration and enforcement.
Sec. 9. Actions by States.
Sec. 10. Effect on other laws.
Sec. 11. Liability protections for anti-spyware software or services.
Sec. 12. Penalties for certain unauthorized activities relating to
computers.
Sec. 13. Definitions.
Sec. 14. Effective date.
SEC. 2. PROHIBITED PRACTICES RELATED TO SOFTWARE INSTALLATION IN
GENERAL.
(a) Surreptitious Installation.--
(1) In general.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the
installation of software on the computer in a manner that--
(A) conceals from the user of the computer the fact
that the software is being installed; or
(B) prevents the user of the computer from having
an opportunity to knowingly grant or withhold consent
to the installation.
(2) Exception.--This subsection does not apply to--
(A) the installation of software that falls within
the scope of a previous grant of authorization by an
authorized user;
(B) the installation of an upgrade to a software
program that has already been installed on the computer
with the authorization of an authorized user;
(C) the installation of software before the first
retail sale and delivery of the computer; or
(D) the installation of software that ceases to
operate when the user of the computer exits the
software or service through which the user accesses the
Internet, if the software so installed does not begin
to operate again when the user accesses the Internet
via that computer in the future.
(b) Misleading Inducements To Install.--It is unlawful for a person
who is not an authorized user of a protected computer to induce an
authorized user of the computer to consent to the installation of
software on the computer by means of a materially false or misleading
representation concerning--
(1) the identity of an operator of an Internet website or
online service at which the software is made available for
download from the Internet;
(2) the identity of the author, publisher, or authorized
distributor of the software;
(3) the nature or function of the software; or
(4) the consequences of not installing the software.
(c) Preventing Reasonable Efforts To Uninstall.--
(1) In general.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the
installation of software on the computer if the software cannot
subsequently be uninstalled or disabled by an authorized user
through a program removal function that is usual and customary
with the user's operating system, or otherwise as clearly and
conspicuously disclosed to the user.
(2) Limitations.--
(A) Authority to uninstall.--Software that enables
an authorized user of a computer, such as a parent,
employer, or system administrator, to choose to prevent
another user of the same computer from uninstalling or
disabling the software shall not be considered to
prevent reasonable efforts to uninstall or disable the
software within the meaning of this subsection if at
least 1 authorized user retains the ability to
uninstall or disable the software.
(B) Construction.--This subsection shall not be
construed to require individual features or functions
of a software program, upgrades to a previously
installed software program, or software programs that
were installed on a bundled basis with other software
or with hardware to be capable of being uninstalled or
disabled separately from such software or hardware.
SEC. 3. INSTALLING SURREPTITIOUS INFORMATION COLLECTION FEATURES ON A
USER'S COMPUTER.
(a) In General.--It is unlawful for a person who is not an
authorized user of a protected computer to--
(1) cause the installation on that computer of software
that includes a surreptitious information collection feature;
or
(2) use software installed in violation of paragraph (1) to
collect information about a user of the computer or the use of
a protected computer by that user.
(b) Authorization Status.--This section shall not be interpreted to
prohibit a person from causing the installation of software that
collects and transmits only information that is reasonably needed to
determine whether or not the user of a protected computer is licensed
or authorized to use the software.
(c) Surreptitious Information Collection Feature Defined.--For
purposes of this section, the term ``surreptitious information
collection feature'' means a feature of software that--
(1) collects information about a user of a protected
computer or the use of a protected computer by that user, and
transmits such information to any other person or computer--
(A) on an automatic basis or at the direction of
person other than an authorized user of the computer,
such that no authorized user knowingly triggers or
controls the collection and transmission;
(B) in a manner that is not transparent to an
authorized user at or near the time of the collection
and transmission, such that no authorized user is
likely to be aware of it when information collection
and transmission are occurring; and
(C) for purposes other than--
(i) facilitating the proper technical
functioning of a capability, function, or
service that an authorized user of the computer
has knowingly used, executed, or enabled; or
(ii) enabling the provider of an online
service knowingly used or subscribed to by an
authorized user of the computer to monitor or
record the user's usage of the service, or to
customize or otherwise affect the provision of
the service to the user based on such usage;
and
(2) begins to collect and transmit such information without
prior notification that--
(A) clearly and conspicuously discloses to an
authorized user of the computer the type of information
the software will collect and the types of ways the
information may be used and distributed; and
(B) is provided at a time and in a manner such that
an authorized user of the computer has an opportunity,
after reviewing the information contained in the
notice, to prevent either--
(i) the installation of the software; or
(ii) the beginning of the operation of the
information collection and transmission
capability described in paragraph (1).
SEC. 4. ADWARE THAT CONCEALS ITS OPERATION.
(a) In General.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the installation on
that computer of software that causes advertisements to be displayed to
the user without a label or other reasonable means of identifying to
the user of the computer, each time such an advertisement is displayed,
which software caused the advertisement's delivery.
(b) Exception.--Software that causes advertisements to be displayed
without a label or other reasonable means of identification shall not
give rise to liability under subsection (a) if those advertisements are
displayed to a user of the computer--
(1) only when a user is accessing an Internet website or
online service--
(A) operated by the publisher of the software; or
(B) the operator of which has provided express
consent to the display of such advertisements to users
of the website or service; or
(2) only in a manner or at a time such that a reasonable
user would understand which software caused the delivery of the
advertisements.
SEC. 5. OTHER PRACTICES THAT THWART USER CONTROL OF COMPUTER.
It is unlawful for a person who is not an authorized user of a
protected computer to engage in an unfair or deceptive act or practice
that involves--
(1) utilizing the computer to send unsolicited information
or material from the user's computer to other computers;
(2) diverting an authorized user's Internet browser away
from the Internet website the user intended to view to 1 or
more other websites, unless such diversion has been authorized
by the website the user intended to view;
(3) displaying an advertisement, series of advertisements,
or other content on the computer through windows in an Internet
browser, in such a manner that the user of the computer cannot
end the display of such advertisements or content without
turning off the computer or terminating all sessions of the
Internet browser (except that this paragraph shall not apply to
the display of content related to the functionality or identity
of the Internet browser);
(4) modifying settings relating to the use of the computer
or to the computer's access to or use of the Internet,
including--
(A) altering the default Web page that initially
appears when a user of the computer launches an
Internet browser;
(B) altering the default provider or Web proxy used
to access or search the Internet;
(C) altering bookmarks used to store favorite
Internet website addresses; or
(D) altering settings relating to security measures
that protect the computer and the information stored on
the computer against unauthorized access or use; or
(5) removing, disabling, or rendering inoperative a
security or privacy protection technology installed on the
computer.
SEC. 6. LIMITATIONS ON LIABILITY.
(a) Passive Transmission, Hosting, or Linking.--A person shall not
be deemed to have violated any provision of this Act solely because the
person provided--
(1) the Internet connection, telephone connection, or other
transmission or routing function through which software was
delivered to a protected computer for installation;
(2) the storage or hosting of software or of an Internet
website through which software was made available for
installation to a protected computer; or
(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer located software available for
installation.
(b) Network Security.--It is not a violation of section 2, 3, or 5
for a provider of a network or online service used by an authorized
user of a protected computer, or to which any authorized user of a
protected computer subscribes, to monitor, interact with, or install
software for the purpose of--
(1) protecting the security of the network, service, or
computer;
(2) facilitating diagnostics, technical support,
maintenance, network management, or repair; or
(3) preventing or detecting unauthorized, fraudulent, or
otherwise unlawful uses of the network or service.
(c) Manufacturer's Liability for Third-Party Software.--A
manufacturer or retailer of a protected computer shall not be liable
under any provision of this Act for causing the installation on the
computer, prior to the first retail sale and delivery of the computer,
of third-party branded software, unless the manufacturer or retailer--
(1) uses a surreptitious information collection feature
included in the software to collect information about a user of
the computer or the use of a protected computer by that user;
or
(2) knows that the software will cause advertisements for
the manufacturer or retailer to be displayed to a user of the
computer.
(d) Investigational Exception.--Nothing in this Act prohibits any
lawfully authorized investigative, protective, or intelligence activity
of a law enforcement agency of the United States, a State, or a
political subdivision of a State, or of an intelligence agency of the
United States.
(e) Services Provided Over MVPD Systems.--It is not a violation of
this Act for a multichannel video programming distributor (as defined
in section 602(13) of the Communications Act of 1934 (47 U.S.C.
522(13)) to utilize a navigation device, or interact with such a
device, or to install or use software on such a device, in connection
with the provision of multichannel video programming or other services
offered over a multichannel video programming system or the collection
or disclosure of subscriber information, if the provision of such
service or the collection or disclosure of such information is subject
to section 338(i) or section 631 of the Communications Act of 1934 (47
U.S.C. 338(i) or 551).
SEC. 7. FTC RULEMAKING AUTHORITY.
(a) In General.--Subject to the limitations of subsection (b), the
Commission may issue such rules in accordance with section 553 of title
5, United States Code, as may be necessary to implement or clarify the
provisions of this Act.
(b) Safe Harbors.--
(1) In general.--The Commission may issue regulations
establishing specific wordings or formats for--
(A) notification that is sufficient under section
3(c)(2) to prevent a software feature from being a
surreptitious information collection feature (as
defined in section 3(c)); or
(B) labels or other means of identification that
are sufficient to avoid violation of section 4(a).
(2) Function of commission's suggested wordings or
formats.--
(A) Usage is voluntary.--The Commission may not
require the use of any specific wording or format
prescribed under paragraph (1) to meet the requirements
of section 3 or 4.
(B) Other means of compliance.--The use of a
specific wording or format prescribed under paragraph
(1) shall not be the exclusive means of providing
notification, labels, or other identification that meet
the requirements of sections 3 and 4.
(c) Limitations on Liability.--In addition to the limitations on
liability specified in section 6, the Commission may by regulation
establish additional limitations or exceptions upon a finding that such
limitations or exceptions are reasonably necessary to promote the
public interest and are consistent with the purposes of this Act. No
such additional limitation of liability may be made contingent upon the
adoption of any specific wording or format specified in regulations
under subsection (b)(1).
SEC. 8. ADMINISTRATION AND ENFORCEMENT.
(a) In General.--Except as provided in subsection (b), this Act
shall be enforced by the Commission as if a violation of this Act or of
any regulation promulgated by the Commission under this Act were an
unfair or deceptive act or practice proscribed under section
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C.
57a(a)(1)(B)).
(b) Enforcement by Certain Other Agencies.--Compliance with this
Act shall be enforced under--
(1) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), in the case of--
(A) national banks, and Federal branches and
Federal agencies of foreign banks, by the Office of the
Comptroller of the Currency;
(B) member banks of the Federal Reserve System
(other than national banks), branches and agencies of
foreign banks (other than Federal branches, Federal
agencies, and insured State branches of foreign banks),
commercial lending companies owned or controlled by
foreign banks, and organizations operating under
section 25 or 25A of the Federal Reserve Act (12 U.S.C.
601 and 611), by the Board; and
(C) banks insured by the Federal Deposit Insurance
Corporation (other than members of the Federal Reserve
System) and insured State branches of foreign banks, by
the Board of Directors of the Federal Deposit Insurance
Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), by the Director of the Office of Thrift
Supervision, in the case of a savings association the deposits of which
are insured by the Federal Deposit Insurance Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.)
by the National Credit Union Administration Board with respect
to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code,
by the Secretary of Transportation with respect to any air
carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et
seq.) (except as provided in section 406 of that Act (7 U.S.C.
226, 227)), by the Secretary of Agriculture with respect to any
activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by
the Farm Credit Administration with respect to any Federal land
bank, Federal land bank association, Federal intermediate
credit bank, or production credit association.
(c) Exercise of Certain Powers.--For the purpose of the exercise by
any agency referred to in subsection (b) of its powers under any Act
referred to in that subsection, a violation of this Act is deemed to be
a violation of a requirement imposed under that Act. In addition to its
powers under any provision of law specifically referred to in
subsection (b), each of the agencies referred to in that subsection may
exercise, for the purpose of enforcing compliance with any requirement
imposed under this Act, any other authority conferred on it by law.
(d) Actions by the Commission.--The Commission shall prevent any
person from violating this Act in the same manner, by the same means,
and with the same jurisdiction, powers, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act (15
U.S.C. 41 et seq.) were incorporated into and made a part of this Act.
Any entity that violates any provision of that section is subject to
the penalties and entitled to the privileges and immunities provided in
the Federal Trade Commission Act in the same manner, by the same means,
and with the same jurisdiction, power, and duties as though all
applicable terms and provisions of the Federal Trade Commission Act
were incorporated into and made a part of that section.
SEC. 9. ACTIONS BY STATES.
(a) In General.--
(1) Civil actions.--In any case in which the attorney
general of a State has reason to believe that an interest of
the residents of that State has been or is threatened or
adversely affected by the engagement of any person in a
practice that this Act prohibits, the State, as parens patriae,
may bring a civil action on behalf of the residents of the
State in a district court of the United States of appropriate
jurisdiction--
(A) to enjoin that practice;
(B) to enforce compliance with the rule;
(C) to obtain damage, restitution, or other
compensation on behalf of residents of the State; or
(D) to obtain such other relief as the court may
consider to be appropriate.
(2) Notice.--
(A) In general.--Before filing an action under
paragraph (1), the attorney general of the State
involved shall provide to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that
action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not
apply with respect to the filing of an action
by an attorney general of a State under this
subsection, if the attorney general determines
that it is not feasible to provide the notice
described in that subparagraph before the
filing of the action.
(ii) Notification.--In an action described
in clause (i), the attorney general of a State
shall provide notice and a copy of the
complaint to the Commission at the same time as
the attorney general files the action.
(b) Intervention.--
(1) In general.--On receiving notice under subsection
(a)(2), the Commission shall have the right to intervene in the
action that is the subject of the notice.
(2) Effect of intervention.--If the Commission intervenes
in an action under subsection (a), it shall have the right--
(A) to be heard with respect to any matter that
arises in that action; and
(B) to file a petition for appeal.
(c) Construction.--For purposes of bringing any civil action under
subsection (a), nothing in this subtitle shall be construed to prevent
an attorney general of a State from exercising the powers conferred on
the attorney general by the laws of that State to--
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of
documentary and other evidence.
(d) Actions by the Commission.--In any case in which an action is
instituted by or on behalf of the Commission for violation of this Act,
no State may, during the pendency of that action, institute an action
under subsection (a) against any defendant named in the complaint in
that action for violation of that section.
(e) Venue; Service of Process.--
(1) Venue.--Any action brought under subsection (a) may be
brought in the district court of the United States that meets
applicable requirements relating to venue under section 1391 of
title 28, United States Code.
(2) Service of process.--In an action brought under
subsection (a), process may be served in any district in which
the defendant--
(A) is an inhabitant; or
(B) may be found.
SEC. 10. EFFECT ON OTHER LAWS.
(a) Federal Law.--Nothing in this Act shall be construed to limit
or affect in any way the Commission's authority to bring enforcement
actions or take any other measures under the Federal Trade Commission
Act or any other provision of law.
(b) State Law.--
(1) State law concerning information collection software or
adware.--This Act supersedes any statute, regulation, or rule
of a State or political subdivision of a State that expressly
limits or restricts the installation or use of software on a
protected computer to--
(A) collect information about the user of the
computer or the user's Internet browsing behavior or
other use of the computer; or
(B) cause advertisements to be delivered to the
user of the computer,
except to the extent that any such statute, regulation, or rule
prohibits deception in connection with the installation or use
of such software.
(2) State law concerning notice of software installation.--
This Act supersedes any statute, regulation, or rule of a State
or political subdivision of a State that prescribes specific
methods for providing notification before the installation of
software on a computer.
(3) State law not specific to software.--This Act shall not
be construed to preempt the applicability of State criminal,
trespass, contract, tort, or anti-fraud law.
SEC. 11. LIABILITY PROTECTIONS FOR ANTI-SPYWARE SOFTWARE OR SERVICES.
No provider of computer software or of an interactive computer
service may be held liable under this Act or any other provision of law
for identifying, naming, removing, disabling, or otherwise affecting
the operation or potential operation on a computer of computer software
published by a third party, if--
(1) the provider's software or interactive computer service
is intended to identify, prevent the installation or execution
of, remove, or disable computer software that is or was
installed in violation of section 2, 3, or 4 of this Act or
used to violate section 5 of this Act;
(2) an authorized user of the computer has consented to the
use of the provider's computer software or interactive computer
service on the computer;
(3) the provider believes in good faith that the
installation or operation of the third-party computer software
involved or involves a violation of section 2, 3, 4, or 5 of
this Act; and
(4) the provider either notifies and obtains the consent of
an authorized user of the computer before taking any action to
remove, disable, or otherwise affect the operation or potential
operation of the third-party software on the computer, or has
obtained prior authorization from an authorized user to take
such action without providing such notice and consent.
SEC. 12. PENALTIES FOR CERTAIN UNAUTHORIZED ACTIVITIES RELATING TO
COMPUTERS.
(a) In General.--Chapter 47 of title 18, United States Code, is
amended by inserting after section 1030 the following:
``Sec. 1030A. Illicit indirect use of protected computers
``(a) Whoever intentionally accesses a protected computer without
authorization, or exceeds authorized access to a protected computer, by
causing a computer program or code to be copied onto the protected
computer, and intentionally uses that program or code in furtherance of
another Federal criminal offense shall be fined under this title or
imprisoned 5 years, or both.
``(b) Whoever intentionally accesses a protected computer without
authorization, or exceeds authorized access to a protected computer, by
causing a computer program or code to be copied onto the protected
computer, and by means of that program or code intentionally impairs
the security protection of the protected computer shall be fined under
this title or imprisoned not more than 2 years, or both.
``(c) A person shall not violate this section who solely provides--
``(1) an Internet connection, telephone connection, or
other transmission or routing function through which software
is delivered to a protected computer for installation;
``(2) the storage or hosting of software, or of an Internet
website, through which software is made available for
installation to a protected computer; or
``(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer locates software available for
installation.
``(d) A provider of a network or online service that an authorized
user of a protected computer uses or subscribes to shall not violate
this section by any monitoring of, interaction with, or installation of
software for the purpose of--
``(1) protecting the security of the network, service, or
computer;
``(2) facilitating diagnostics, technical support,
maintenance, network management, or repair; or
``(3) preventing or detecting unauthorized, fraudulent, or
otherwise unlawful uses of the network or service.
``(e) No person may bring a civil action under the law of any State
if such action is premised in whole or in part upon the defendant's
violating this section. For the purposes of this subsection, the term
`State' includes the District of Columbia, Puerto Rico, and any other
territory or possession of the United States.''.
(b) Conforming Amendment.--The table of sections at the beginning
of chapter 47 of title 18, United States Code, is amended by inserting
after the item relating to section 1030 the following new item:
``1030A. Illicit indirect use of protected computers.''.
SEC. 13. DEFINITIONS.
In this Act:
(1) Authorized user.--The term ``authorized user'', when
used with respect to a computer, means the owner or lessee of a
computer, or someone using or accessing a computer with the
actual or apparent authorization of the owner or lessee.
(2) Cause the installation.--The term ``cause the
installation'' when used with respect to particular software,
means to knowingly provide the technical means by which the
software is installed, or to knowingly pay or provide other
consideration to, or to knowingly induce or authorize, another
person to do so.
(3) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(4) Cookie.--The term ``cookie'' means a text file--
(A) that is placed on a computer by, or on behalf
of, an Internet service provider, interactive computer
service, or Internet website; and
(B) the sole function of which is to record
information that can be read or recognized when the
user of the computer subsequently accesses particular
websites or online locations or services.
(5) First retail sale and delivery.--The term ``first
retail sale and delivery'' means the first sale, for a purpose
other than resale, of a protected computer and the delivery of
that computer to the purchaser or a recipient designated by the
purchaser at the time of such first sale. For purposes of this
paragraph, the lease of a computer shall be considered a sale
of the computer for a purpose other than resale.
(6) Install.--
(A) In general.--The term ``install'' means--
(i) to write computer software to a
computer's persistent storage medium, such as
the computer's hard disk, in such a way that
the computer software is retained on the
computer after the computer is turned off and
subsequently restarted; or
(ii) to write computer software to a
computer's temporary memory, such as random
access memory, in such a way that the software
is retained and continues to operate after the
user of the computer turns off or exits the
Internet service, interactive computer service,
or Internet website from which the computer
software was obtained.
(B) Exception for temporary cache.--The term
``install'' does not include the writing of software to
an area of the persistent storage medium that is
expressly reserved for the temporary retention of
recently accessed or input data or information if the
software retained in that area remains inoperative
unless a user of the computer chooses to access that
temporary retention area.
(7) Person.--The term ``person'' has the meaning given that
term in section 3(32) of the Communications Act of 1934 (47
U.S.C. 153(32)).
(8) Protected computer.--The term ``protected computer''
has the meaning given that term in section 1030(e)(2)(B) of
title 18, United States Code.
(9) Software.--The term ``software'' means any program
designed to cause a computer to perform a desired function or
functions. Such term does not include any cookie.
(10) Unfair or deceptive act or practice.--The term
``unfair or deceptive act or practice'' has the same meaning as
when used in section 5 of the Federal Trade Commission Act (15
U.S.C. 45).
(11) Upgrade.--The term ``upgrade'', when used with respect
to a previously installed software program, means additional
software that is issued by, or with the authorization of, the
publisher or any successor to the publisher of the software
program to improve, correct, repair, enhance, supplement, or
otherwise modify the software program.
SEC. 14. EFFECTIVE DATE.
This Act shall take effect 180 days after the date of enactment of
this Act.
<all>
Introduced in Senate
Sponsor introductory remarks on measure. (CR S3105-3106)
Read twice and referred to the Committee on Commerce, Science, and Transportation. (text of measure as introduced: CR S3106-3109)
Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
Committee on Commerce, Science, and Transportation. Reported by Senator Stevens with an amendment in the nature of a substitute. With written report No. 109-262.
Committee on Commerce, Science, and Transportation. Reported by Senator Stevens with an amendment in the nature of a substitute. With written report No. 109-262.
Placed on Senate Legislative Calendar under General Orders. Calendar No. 467.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line