In the normal course of computer use, data is exchanged with remote servers. Usually bundled with free programs, applications known as "spyware" gather and report information about a computer user without the user's consent or knowledge. Similar programs, while not technically spyware, deliver pop-up advertisements ("adware") or change computer settings and harm computers ("malware"). Cookies, which are small, benign text strings downloaded from Web sites into temporary folders, track users anonymously and may save provided information (e.g. login information) for a user's benefit. Some consider cookies a form of spyware, believing them to be an intrusion of privacy.

AAF Position
Consumers should be informed when any software is installed on their computer. When installing software, consumers should be informed what, if any, data might be collected, and what it will be used for. Software companies should provide an easy mechanism for the removal of unwanted software. Legislation designed to combat spyware should focus on punishing illegal behavior, rather than trying to stifle technology. Enforcing the law will solve the spyware problem better than targeting technological advancement. Cookies should not be seen as spyware; they provide no user-identifying information nor harm computers in any way. Surreptitious software writers, who already operate outside of the law, will not change their behavior.

Some electronic privacy groups argue that the easiest and most effective way to combat spyware is to set limits on the kinds of software that may be written or to simply target all kinds of Internet marketing. These efforts are harmful to legitimate advertisers and limit beneficial consumer services.

H.R. 744: Internet Spyware (I-SPY) Prevention Act of 2005. Passed House May 24, 2005. Introduced by Rep. Robert Goodlatte, R-Va., February 10, 2005. This bill would prohibit unauthorized installation of computer programs that collect personally identifiable information. The bill passed the House on May 10, 2005, but has not been considered by the Senate.

H.R. 29: Securely Protect Yourself Against Cyber Trespass Act. (SPY-ACT). Introduced by Rep. Mary Bono, D-Calif., January 4, 2005. This bill would prohibit transmitting software that takes control over a user's computer or collects personally identifiable information. H.R. 29 passed the House on May 24, 2005, but has not been considered by the Senate.

S. 1608: U.S. SAFE WEB Act of 2005. Introduced by Sen. Gordon Smith, R-Ore., July 29, 2005. Strengthens the FTC's enforcement authority against illegal spam, spyware and other forms of fraud and deception. This bill has been approved by the Senate Commerce Committee, but has not been scheduled for a full Senate vote.

S. 1004: Enhanced Consumer Protection Against Spyware Act of 2005. Introduced by Sen. George Allen, R-Va., May 11, 2005. Increases penalties for spyware purveyors and would turn over their seized profits to law enforcement, as is done under federal drug laws. This bill has five co-sponsors. No hearings have been held or scheduled.

S. 687: Software Principles Yielding Better Levels of Consumer Knowledge Act (SPY-BLOCK Act). Introduced by Sen. Conrad Burns, R-Mont., March 20, 2005. Prohibits anyone except a computer's user from installing software on that computer without notice, consent and an easy uninstall method. Reported favorably out of Senate Commerce Committee but has not been scheduled for a vote.

S. 116: Privacy Act of 2005. Introduced by Sen. Diane Feinstein, D-Calif., January 24, 2005. This bill would require the consent of an individual prior to a third party's use of the individual's personally identifiable information. The bill has no co-sponsors. No hearings have been held or scheduled.

Last updated: March 2006

Return to the Position Statements main page.