Statement of Congressman John D. Dingell, Ranking Member
Committee on Energy and Commerce

COMMITTEE ON ENERGY AND COMMERCE
MARKUP OF H.R. 29, THE “SECURELY
PROTECT YOURSELF AGAINST CYBER
TRESPASS ACT OR THE ‘SPY ACT’”

March 9, 2005

Mr. Chairman, I commend you for making spyware legislation a priority for the Committee and for the open and constructive bipartisan process that produced the legislation that we will take up today. I am a cosponsor of H.R. 29, the SPY ACT, and I commend Subcommittee Chairman Stearns, Ranking Member Schakowsky, and Reps. Bono and Towns, the lead sponsors of the bill, for their continued leadership.

Spyware -- malicious software that can alter Internet settings, cripple computers, track and steal personal information, and launch annoying pop-up ads -- is a serious and spreading scourge. These antics are costing businesses and consumers dearly. This bill takes very significant steps toward reining in bad actors and empowering consumers to protect their personal information without imposing unnecessary and crippling burdens on honest Internet commerce.

While I am generally comfortable with what is in the bill and today’s Manager’s Amendment, I have a few concerns that I trust will be addressed as we work on the Committee report and further refine the bill.

Section 2 of the bill is technology neutral. The prohibitions against hijacking, keystroke logging, and numerous other invasive actions apply no matter what technology is used to perpetrate them.

Section 3 of the bill provides consumers with opt-in notice and consent protection before an “information collection program” is transmitted to a protected computer. These programs are defined as “computer software” designed to collect personally-identifiable information and send such information either to a third person or to deliver advertising, including ads targeted on information the spyware has gathered from the Web pages a consumer accesses.

The problem is that not all spyware and adware is “computer software.” For example, “cookies” are not software and the rule of construction on page 25 of the bill makes clear that cookies are not covered. But concerns have been raised that this language is too broad and may create a loophole for all kinds of text or data files that act as spyware and adware. We have received information from Webroot Software and others that not all cookies are benign: “tracking” or “persistent” cookies are used to collect identifying information about the user. While section 8 of the bill requires the Federal Trade Commission to study this anomoly, at least with respect to cookies, we need to make sure that we are not creating dangerous loopholes that are inconsistent with the purposes of the legislation.

In the same vein, concerns have been raised about the scope of the new language on pages 8 and 9 of the bill. While intended to provide specific narrow exceptions, we need to tighten the language and carefully spell out our intent in the Committee report. We must not allow the bill’s exceptions to defeat the rule. The underlying technology is complex and is constantly evolving. So we must legislate with great care.

Privacy matters will continue on our agenda -- for example, the hearing next week on the recent data breaches at ChoicePoint and other data brokers. It is important for the Committee and for the public that we step up to the plate and address these issues in a responsible and timely manner. I once again commend all of the Members involved, and particularly Chairman Barton, for producing bipartisan legislation that the whole Committee can stand behind.

- 30 -

(Contact: Jodi Seth, 202-225-3641)