Antispyware bill OK'd by House, OK with businesses

By Shamus McGillicuddy, News Writer 23 May 2007 | SearchSMB.com

Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

Anything with 21 pages of dense regulations that specify what software can and can't do, written by a lot of lawyers without computer security training … is going to have problems. Dan Blum vice president and director, Burton Group Inc.

The antispyware bill was sponsored by Rep. Zoe Lofgren, D-Calif.. It establishes a sentence of five years in prison for individuals who commit fraud with spyware. The bill is much less complex than a similar piece of legislation recently approved by the House Committee on Energy and Commerce. That legislation included a 21-page set of regulations that dictated how software and advertising companies should inform and obtain consent from computer users before installing spyware for legitimate business purposes.

Spyware is a growing problem, experts say. Gartner Inc. in Stamford, Conn., has said financially motivated spyware attacks will comprise 70% of all security incidents by 2010.

Experts said the House passed the right bill. No similar bill is being considered in the Senate.

"Anything with 21 pages of dense regulations that specify what software can and can't do, written by a lot of lawyers without computer security training or even if written by computer security people, is going to have problems," said Dan Blum, vice president and director at Burton Group Inc. in Midvale, Utah.

Blum said Congress was better off staying at a high level with general legal guidelines. He said the courts could fill in the details.

"Hopefully they've created a deterrent that makes it possible to prosecute the bad guys, or makes it easier to prosecute the bad guys."

Avivah Litan, vice president and research director at Gartner, said, "You don't want government getting too involved in technology implementations. It's too much of a dynamic environment. Things change very quickly. The last thing you want the government to do is to tell the private sector how to implement technology."

Besides, Litan said, 21 pages of regulations wouldn't protect consumers from fraud.

"Criminals aren't going to be stopped by any regulations that say you must notify people before installing software," Litan said. "It would only inhibit people from doing legitimate jobs."

As unlikely as it sounds, there is legitimate spyware, Litan said. Regulations would inhibit some important work.

More on spyware Spyware may be a losing battle, experts say Next-generation spyware

"If Bank of America had to call a customer whenever it wanted to download fraud protection technology onto a user's computer, they'd never get anything accomplished," Litan said.

The bill makes it a crime to use spyware to intentionally obtain or transmit personal information with the intent to defraud or injure a person or cause damage to a protected computer. It also makes it a crime to use spyware to intentionally impair the security protection of a computer for such purposes.

Blum said this legislation is particularly important because it makes the attempt to use spyware for fraud a crime.

"Say someone was attempting fraud and you know they're attempting fraud, but they didn't actually succeed in committing the fraud. But it is clear that they were headed in that direction," Blum said. "Now you can still get them for trying that, whereas before you had to wait until fraud could be proven."

The bill also allocates $10 million to the attorney general for use in prosecutions of such cases of spyware crime and the practices of phishing and pharming.

Tags: Information security management for the midmarket,  Risk management for the midmarket,  Compliance management for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information security management for the midmarket Test your knowledge: IT quizzes for midmarket CIOs Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program Risk management for the midmarket CIO resources: Top five technology topics of 2009 Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge Adopting a beta tool: Risks vs. rewards for a midsized enterprise The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility How to decide if changing technology vendors is worth the time, risk A guide to managing the risk assessment process Free risk management tools and resources for the enterprise CIOs taking risk of cutting vendor maintenance contracts to save money Compliance management for the midmarket Test your knowledge: IT quizzes for midmarket CIOs What will net neutrality mean for SMBs? At your peril, disaster recovery testing gets short shrift From software prices to EHR security: The latest advice for CIOs Security and risk management in the midmarket A CIO's advice for implementing single sign-on solutions Compliance management: From virtualization to licensing agreements 2008 top 10 technology articles: Social media, Vista, IT salaries Healthcare compliance gets boost from national HHS privacy framework Taking electronic records retention management to the next level

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary