[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[S. 687 Introduced in Senate (IS)]


109th CONGRESS
  1st Session
                                 S. 687

  To regulate the unauthorized installation of computer software, to 
require clear disclosure to computer users of certain computer software 
    features that may pose a threat to user privacy, and for other 
                               purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 20, 2005

   Mr. Burns (for himself, Mr. Wyden, Mrs. Boxer, and Mr. Nelson of 
   Florida) introduced the following bill; which was read twice and 
   referred to the Committee on Commerce, Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
  To regulate the unauthorized installation of computer software, to 
require clear disclosure to computer users of certain computer software 
    features that may pose a threat to user privacy, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Software 
Principles Yielding Better Levels of Consumer Knowledge Act'' or the 
``SPY BLOCK Act''.
    (b) Table of Contents.--The table of contents for this Act is as 
follows:

Sec. 1. Short title.
Sec. 2. Prohibited practices related to software installation in 
                            general.
Sec. 3. Installing surreptitious information collection features on a 
                            user's computer.
Sec. 4. Adware that conceals its operation.
Sec. 5. Other practices that thwart user control of computer.
Sec. 6. Limitations on liability.
Sec. 7. FTC rulemaking authority.
Sec. 8. Administration and enforcement.
Sec. 9. Actions by States.
Sec. 10. Effect on other laws.
Sec. 11. Liability protections for anti-spyware software or services.
Sec. 12. Penalties for certain unauthorized activities relating to 
                            computers. 
Sec. 13. Definitions.
Sec. 14. Effective date.

SEC. 2. PROHIBITED PRACTICES RELATED TO SOFTWARE INSTALLATION IN 
              GENERAL.

    (a) Surreptitious Installation.--
            (1) In general.--It is unlawful for a person who is not an 
        authorized user of a protected computer to cause the 
        installation of software on the computer in a manner that--
                    (A) conceals from the user of the computer the fact 
                that the software is being installed; or
                    (B) prevents the user of the computer from having 
                an opportunity to knowingly grant or withhold consent 
                to the installation.
            (2) Exception.--This subsection does not apply to--
                    (A) the installation of software that falls within 
                the scope of a previous grant of authorization by an 
                authorized user;
                    (B) the installation of an upgrade to a software 
                program that has already been installed on the computer 
                with the authorization of an authorized user;
                    (C) the installation of software before the first 
                retail sale and delivery of the computer; or
                    (D) the installation of software that ceases to 
                operate when the user of the computer exits the 
                software or service through which the user accesses the 
                Internet, if the software so installed does not begin 
                to operate again when the user accesses the Internet 
                via that computer in the future.
    (b) Misleading Inducements To Install.--It is unlawful for a person 
who is not an authorized user of a protected computer to induce an 
authorized user of the computer to consent to the installation of 
software on the computer by means of a materially false or misleading 
representation concerning--
            (1) the identity of an operator of an Internet website or 
        online service at which the software is made available for 
        download from the Internet;
            (2) the identity of the author, publisher, or authorized 
        distributor of the software;
            (3) the nature or function of the software; or
            (4) the consequences of not installing the software.
    (c) Preventing Reasonable Efforts To Uninstall.--
            (1) In general.--It is unlawful for a person who is not an 
        authorized user of a protected computer to cause the 
        installation of software on the computer if the software cannot 
        subsequently be uninstalled or disabled by an authorized user 
        through a program removal function that is usual and customary 
        with the user's operating system, or otherwise as clearly and 
        conspicuously disclosed to the user.
            (2) Limitations.--
                    (A) Authority to uninstall.--Software that enables 
                an authorized user of a computer, such as a parent, 
                employer, or system administrator, to choose to prevent 
                another user of the same computer from uninstalling or 
                disabling the software shall not be considered to 
                prevent reasonable efforts to uninstall or disable the 
                software within the meaning of this subsection if at 
                least 1 authorized user retains the ability to 
                uninstall or disable the software.
                    (B) Construction.--This subsection shall not be 
                construed to require individual features or functions 
                of a software program, upgrades to a previously 
                installed software program, or software programs that 
                were installed on a bundled basis with other software 
                or with hardware to be capable of being uninstalled or 
                disabled separately from such software or hardware.

SEC. 3. INSTALLING SURREPTITIOUS INFORMATION COLLECTION FEATURES ON A 
              USER'S COMPUTER.

    (a) In General.--It is unlawful for a person who is not an 
authorized user of a protected computer to--
            (1) cause the installation on that computer of software 
        that includes a surreptitious information collection feature; 
        or
            (2) use software installed in violation of paragraph (1) to 
        collect information about a user of the computer or the use of 
        a protected computer by that user.
    (b) Authorization Status.--This section shall not be interpreted to 
prohibit a person from causing the installation of software that 
collects and transmits only information that is reasonably needed to 
determine whether or not the user of a protected computer is licensed 
or authorized to use the software.
    (c) Surreptitious Information Collection Feature Defined.--For 
purposes of this section, the term ``surreptitious information 
collection feature'' means a feature of software that--
            (1) collects information about a user of a protected 
        computer or the use of a protected computer by that user, and 
        transmits such information to any other person or computer--
                    (A) on an automatic basis or at the direction of 
                person other than an authorized user of the computer, 
                such that no authorized user knowingly triggers or 
                controls the collection and transmission;
                    (B) in a manner that is not transparent to an 
                authorized user at or near the time of the collection 
                and transmission, such that no authorized user is 
                likely to be aware of it when information collection 
                and transmission are occurring; and
                    (C) for purposes other than--
                            (i) facilitating the proper technical 
                        functioning of a capability, function, or 
                        service that an authorized user of the computer 
                        has knowingly used, executed, or enabled; or
                            (ii) enabling the provider of an online 
                        service knowingly used or subscribed to by an 
                        authorized user of the computer to monitor or 
                        record the user's usage of the service, or to 
                        customize or otherwise affect the provision of 
                        the service to the user based on such usage; 
                        and
            (2) begins to collect and transmit such information without 
        prior notification that--
                    (A) clearly and conspicuously discloses to an 
                authorized user of the computer the type of information 
                the software will collect and the types of ways the 
                information may be used and distributed; and
                    (B) is provided at a time and in a manner such that 
                an authorized user of the computer has an opportunity, 
                after reviewing the information contained in the 
                notice, to prevent either--
                            (i) the installation of the software; or
                            (ii) the beginning of the operation of the 
                        information collection and transmission 
                        capability described in paragraph (1).

SEC. 4. ADWARE THAT CONCEALS ITS OPERATION.

    (a) In General.--It is unlawful for a person who is not an 
authorized user of a protected computer to cause the installation on 
that computer of software that causes advertisements to be displayed to 
the user without a label or other reasonable means of identifying to 
the user of the computer, each time such an advertisement is displayed, 
which software caused the advertisement's delivery.
    (b) Exception.--Software that causes advertisements to be displayed 
without a label or other reasonable means of identification shall not 
give rise to liability under subsection (a) if those advertisements are 
displayed to a user of the computer--
            (1) only when a user is accessing an Internet website or 
        online service--
                    (A) operated by the publisher of the software; or
                    (B) the operator of which has provided express 
                consent to the display of such advertisements to users 
                of the website or service; or
            (2) only in a manner or at a time such that a reasonable 
        user would understand which software caused the delivery of the 
        advertisements.

SEC. 5. OTHER PRACTICES THAT THWART USER CONTROL OF COMPUTER.

    It is unlawful for a person who is not an authorized user of a 
protected computer to engage in an unfair or deceptive act or practice 
that involves--
            (1) utilizing the computer to send unsolicited information 
        or material from the user's computer to other computers;
            (2) diverting an authorized user's Internet browser away 
        from the Internet website the user intended to view to 1 or 
        more other websites, unless such diversion has been authorized 
        by the website the user intended to view;
            (3) displaying an advertisement, series of advertisements, 
        or other content on the computer through windows in an Internet 
        browser, in such a manner that the user of the computer cannot 
        end the display of such advertisements or content without 
        turning off the computer or terminating all sessions of the 
        Internet browser (except that this paragraph shall not apply to 
        the display of content related to the functionality or identity 
        of the Internet browser);
            (4) modifying settings relating to the use of the computer 
        or to the computer's access to or use of the Internet, 
        including--
                    (A) altering the default Web page that initially 
                appears when a user of the computer launches an 
                Internet browser;
                    (B) altering the default provider or Web proxy used 
                to access or search the Internet;
                    (C) altering bookmarks used to store favorite 
                Internet website addresses; or
                    (D) altering settings relating to security measures 
                that protect the computer and the information stored on 
                the computer against unauthorized access or use; or
            (5) removing, disabling, or rendering inoperative a 
        security or privacy protection technology installed on the 
        computer.

SEC. 6. LIMITATIONS ON LIABILITY.

    (a) Passive Transmission, Hosting, or Linking.--A person shall not 
be deemed to have violated any provision of this Act solely because the 
person provided--
            (1) the Internet connection, telephone connection, or other 
        transmission or routing function through which software was 
        delivered to a protected computer for installation;
            (2) the storage or hosting of software or of an Internet 
        website through which software was made available for 
        installation to a protected computer; or
            (3) an information location tool, such as a directory, 
        index, reference, pointer, or hypertext link, through which a 
        user of a protected computer located software available for 
        installation.
    (b) Network Security.--It is not a violation of section 2, 3, or 5 
for a provider of a network or online service used by an authorized 
user of a protected computer, or to which any authorized user of a 
protected computer subscribes, to monitor, interact with, or install 
software for the purpose of--
            (1) protecting the security of the network, service, or 
        computer;
            (2) facilitating diagnostics, technical support, 
        maintenance, network management, or repair; or
            (3) preventing or detecting unauthorized, fraudulent, or 
        otherwise unlawful uses of the network or service.
    (c) Manufacturer's Liability for Third-Party Software.--A 
manufacturer or retailer of a protected computer shall not be liable 
under any provision of this Act for causing the installation on the 
computer, prior to the first retail sale and delivery of the computer, 
of third-party branded software, unless the manufacturer or retailer--
            (1) uses a surreptitious information collection feature 
        included in the software to collect information about a user of 
        the computer or the use of a protected computer by that user; 
        or
            (2) knows that the software will cause advertisements for 
        the manufacturer or retailer to be displayed to a user of the 
        computer.
    (d) Investigational Exception.--Nothing in this Act prohibits any 
lawfully authorized investigative, protective, or intelligence activity 
of a law enforcement agency of the United States, a State, or a 
political subdivision of a State, or of an intelligence agency of the 
United States.
    (e) Services Provided Over MVPD Systems.--It is not a violation of 
this Act for a multichannel video programming distributor (as defined 
in section 602(13) of the Communications Act of 1934 (47 U.S.C. 
522(13)) to utilize a navigation device, or interact with such a 
device, or to install or use software on such a device, in connection 
with the provision of multichannel video programming or other services 
offered over a multichannel video programming system or the collection 
or disclosure of subscriber information, if the provision of such 
service or the collection or disclosure of such information is subject 
to section 338(i) or section 631 of the Communications Act of 1934 (47 
U.S.C. 338(i) or 551).

SEC. 7. FTC RULEMAKING AUTHORITY.

    (a) In General.--Subject to the limitations of subsection (b), the 
Commission may issue such rules in accordance with section 553 of title 
5, United States Code, as may be necessary to implement or clarify the 
provisions of this Act.
    (b) Safe Harbors.--
            (1) In general.--The Commission may issue regulations 
        establishing specific wordings or formats for--
                    (A) notification that is sufficient under section 
                3(c)(2) to prevent a software feature from being a 
                surreptitious information collection feature (as 
                defined in section 3(c)); or
                    (B) labels or other means of identification that 
                are sufficient to avoid violation of section 4(a).
            (2) Function of commission's suggested wordings or 
        formats.--
                    (A) Usage is voluntary.--The Commission may not 
                require the use of any specific wording or format 
                prescribed under paragraph (1) to meet the requirements 
                of section 3 or 4.
                    (B) Other means of compliance.--The use of a 
                specific wording or format prescribed under paragraph 
                (1) shall not be the exclusive means of providing 
                notification, labels, or other identification that meet 
                the requirements of sections 3 and 4.
    (c) Limitations on Liability.--In addition to the limitations on 
liability specified in section 6, the Commission may by regulation 
establish additional limitations or exceptions upon a finding that such 
limitations or exceptions are reasonably necessary to promote the 
public interest and are consistent with the purposes of this Act. No 
such additional limitation of liability may be made contingent upon the 
adoption of any specific wording or format specified in regulations 
under subsection (b)(1).

SEC. 8. ADMINISTRATION AND ENFORCEMENT.

    (a) In General.--Except as provided in subsection (b), this Act 
shall be enforced by the Commission as if a violation of this Act or of 
any regulation promulgated by the Commission under this Act were an 
unfair or deceptive act or practice proscribed under section 
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 
57a(a)(1)(B)).
    (b) Enforcement by Certain Other Agencies.--Compliance with this 
Act shall be enforced under--
            (1) section 8 of the Federal Deposit Insurance Act (12 
        U.S.C. 1818), in the case of--
                    (A) national banks, and Federal branches and 
                Federal agencies of foreign banks, by the Office of the 
                Comptroller of the Currency;
                    (B) member banks of the Federal Reserve System 
                (other than national banks), branches and agencies of 
                foreign banks (other than Federal branches, Federal 
                agencies, and insured State branches of foreign banks), 
                commercial lending companies owned or controlled by 
                foreign banks, and organizations operating under 
                section 25 or 25A of the Federal Reserve Act (12 U.S.C. 
                601 and 611), by the Board; and
                    (C) banks insured by the Federal Deposit Insurance 
                Corporation (other than members of the Federal Reserve 
                System) and insured State branches of foreign banks, by 
                the Board of Directors of the Federal Deposit Insurance 
                Corporation;
            (2) section 8 of the Federal Deposit Insurance Act (12 
        U.S.C. 1818), by the Director of the Office of Thrift 
Supervision, in the case of a savings association the deposits of which 
are insured by the Federal Deposit Insurance Corporation;
            (3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.) 
        by the National Credit Union Administration Board with respect 
        to any Federal credit union;
            (4) part A of subtitle VII of title 49, United States Code, 
        by the Secretary of Transportation with respect to any air 
        carrier or foreign air carrier subject to that part;
            (5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et 
        seq.) (except as provided in section 406 of that Act (7 U.S.C. 
        226, 227)), by the Secretary of Agriculture with respect to any 
        activities subject to that Act; and
            (6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by 
        the Farm Credit Administration with respect to any Federal land 
        bank, Federal land bank association, Federal intermediate 
        credit bank, or production credit association.
    (c) Exercise of Certain Powers.--For the purpose of the exercise by 
any agency referred to in subsection (b) of its powers under any Act 
referred to in that subsection, a violation of this Act is deemed to be 
a violation of a requirement imposed under that Act. In addition to its 
powers under any provision of law specifically referred to in 
subsection (b), each of the agencies referred to in that subsection may 
exercise, for the purpose of enforcing compliance with any requirement 
imposed under this Act, any other authority conferred on it by law.
    (d) Actions by the Commission.--The Commission shall prevent any 
person from violating this Act in the same manner, by the same means, 
and with the same jurisdiction, powers, and duties as though all 
applicable terms and provisions of the Federal Trade Commission Act (15 
U.S.C. 41 et seq.) were incorporated into and made a part of this Act. 
Any entity that violates any provision of that section is subject to 
the penalties and entitled to the privileges and immunities provided in 
the Federal Trade Commission Act in the same manner, by the same means, 
and with the same jurisdiction, power, and duties as though all 
applicable terms and provisions of the Federal Trade Commission Act 
were incorporated into and made a part of that section.

SEC. 9. ACTIONS BY STATES.

    (a) In General.--
            (1) Civil actions.--In any case in which the attorney 
        general of a State has reason to believe that an interest of 
        the residents of that State has been or is threatened or 
        adversely affected by the engagement of any person in a 
        practice that this Act prohibits, the State, as parens patriae, 
        may bring a civil action on behalf of the residents of the 
        State in a district court of the United States of appropriate 
        jurisdiction--
                    (A) to enjoin that practice;
                    (B) to enforce compliance with the rule;
                    (C) to obtain damage, restitution, or other 
                compensation on behalf of residents of the State; or
                    (D) to obtain such other relief as the court may 
                consider to be appropriate.
            (2) Notice.--
                    (A) In general.--Before filing an action under 
                paragraph (1), the attorney general of the State 
                involved shall provide to the Commission--
                            (i) written notice of that action; and
                            (ii) a copy of the complaint for that 
                        action.
                    (B) Exemption.--
                            (i) In general.--Subparagraph (A) shall not 
                        apply with respect to the filing of an action 
                        by an attorney general of a State under this 
                        subsection, if the attorney general determines 
                        that it is not feasible to provide the notice 
                        described in that subparagraph before the 
                        filing of the action.
                            (ii) Notification.--In an action described 
                        in clause (i), the attorney general of a State 
                        shall provide notice and a copy of the 
                        complaint to the Commission at the same time as 
                        the attorney general files the action.
    (b) Intervention.--
            (1) In general.--On receiving notice under subsection 
        (a)(2), the Commission shall have the right to intervene in the 
        action that is the subject of the notice.
            (2) Effect of intervention.--If the Commission intervenes 
        in an action under subsection (a), it shall have the right--
                    (A) to be heard with respect to any matter that 
                arises in that action; and
                    (B) to file a petition for appeal.
    (c) Construction.--For purposes of bringing any civil action under 
subsection (a), nothing in this subtitle shall be construed to prevent 
an attorney general of a State from exercising the powers conferred on 
the attorney general by the laws of that State to--
            (1) conduct investigations;
            (2) administer oaths or affirmations; or
            (3) compel the attendance of witnesses or the production of 
        documentary and other evidence.
    (d) Actions by the Commission.--In any case in which an action is 
instituted by or on behalf of the Commission for violation of this Act, 
no State may, during the pendency of that action, institute an action 
under subsection (a) against any defendant named in the complaint in 
that action for violation of that section.
    (e) Venue; Service of Process.--
            (1) Venue.--Any action brought under subsection (a) may be 
        brought in the district court of the United States that meets 
        applicable requirements relating to venue under section 1391 of 
        title 28, United States Code.
            (2) Service of process.--In an action brought under 
        subsection (a), process may be served in any district in which 
        the defendant--
                    (A) is an inhabitant; or
                    (B) may be found.

SEC. 10. EFFECT ON OTHER LAWS.

    (a) Federal Law.--Nothing in this Act shall be construed to limit 
or affect in any way the Commission's authority to bring enforcement 
actions or take any other measures under the Federal Trade Commission 
Act or any other provision of law.
    (b) State Law.--
            (1) State law concerning information collection software or 
        adware.--This Act supersedes any statute, regulation, or rule 
        of a State or political subdivision of a State that expressly 
        limits or restricts the installation or use of software on a 
        protected computer to--
                    (A) collect information about the user of the 
                computer or the user's Internet browsing behavior or 
                other use of the computer; or
                    (B) cause advertisements to be delivered to the 
                user of the computer,
        except to the extent that any such statute, regulation, or rule 
        prohibits deception in connection with the installation or use 
        of such software.
            (2) State law concerning notice of software installation.--
        This Act supersedes any statute, regulation, or rule of a State 
        or political subdivision of a State that prescribes specific 
        methods for providing notification before the installation of 
        software on a computer.
            (3) State law not specific to software.--This Act shall not 
        be construed to preempt the applicability of State criminal, 
        trespass, contract, tort, or anti-fraud law.

SEC. 11. LIABILITY PROTECTIONS FOR ANTI-SPYWARE SOFTWARE OR SERVICES.

    No provider of computer software or of an interactive computer 
service may be held liable under this Act or any other provision of law 
for identifying, naming, removing, disabling, or otherwise affecting 
the operation or potential operation on a computer of computer software 
published by a third party, if--
            (1) the provider's software or interactive computer service 
        is intended to identify, prevent the installation or execution 
        of, remove, or disable computer software that is or was 
        installed in violation of section 2, 3, or 4 of this Act or 
        used to violate section 5 of this Act;
            (2) an authorized user of the computer has consented to the 
        use of the provider's computer software or interactive computer 
        service on the computer;
            (3) the provider believes in good faith that the 
        installation or operation of the third-party computer software 
        involved or involves a violation of section 2, 3, 4, or 5 of 
        this Act; and
            (4) the provider either notifies and obtains the consent of 
        an authorized user of the computer before taking any action to 
        remove, disable, or otherwise affect the operation or potential 
        operation of the third-party software on the computer, or has 
        obtained prior authorization from an authorized user to take 
        such action without providing such notice and consent.

SEC. 12. PENALTIES FOR CERTAIN UNAUTHORIZED ACTIVITIES RELATING TO 
              COMPUTERS.

    (a) In General.--Chapter 47 of title 18, United States Code, is 
amended by inserting after section 1030 the following:
``Sec. 1030A. Illicit indirect use of protected computers
    ``(a) Whoever intentionally accesses a protected computer without 
authorization, or exceeds authorized access to a protected computer, by 
causing a computer program or code to be copied onto the protected 
computer, and intentionally uses that program or code in furtherance of 
another Federal criminal offense shall be fined under this title or 
imprisoned 5 years, or both.
    ``(b) Whoever intentionally accesses a protected computer without 
authorization, or exceeds authorized access to a protected computer, by 
causing a computer program or code to be copied onto the protected 
computer, and by means of that program or code intentionally impairs 
the security protection of the protected computer shall be fined under 
this title or imprisoned not more than 2 years, or both.
    ``(c) A person shall not violate this section who solely provides--
            ``(1) an Internet connection, telephone connection, or 
        other transmission or routing function through which software 
        is delivered to a protected computer for installation;
            ``(2) the storage or hosting of software, or of an Internet 
        website, through which software is made available for 
        installation to a protected computer; or
            ``(3) an information location tool, such as a directory, 
        index, reference, pointer, or hypertext link, through which a 
        user of a protected computer locates software available for 
        installation.
    ``(d) A provider of a network or online service that an authorized 
user of a protected computer uses or subscribes to shall not violate 
this section by any monitoring of, interaction with, or installation of 
software for the purpose of--
            ``(1) protecting the security of the network, service, or 
        computer;
            ``(2) facilitating diagnostics, technical support, 
        maintenance, network management, or repair; or
            ``(3) preventing or detecting unauthorized, fraudulent, or 
        otherwise unlawful uses of the network or service.
    ``(e) No person may bring a civil action under the law of any State 
if such action is premised in whole or in part upon the defendant's 
violating this section. For the purposes of this subsection, the term 
`State' includes the District of Columbia, Puerto Rico, and any other 
territory or possession of the United States.''.
    (b) Conforming Amendment.--The table of sections at the beginning 
of chapter 47 of title 18, United States Code, is amended by inserting 
after the item relating to section 1030 the following new item:

``1030A. Illicit indirect use of protected computers.''.

SEC. 13. DEFINITIONS.

    In this Act:
            (1) Authorized user.--The term ``authorized user'', when 
        used with respect to a computer, means the owner or lessee of a 
        computer, or someone using or accessing a computer with the 
actual or apparent authorization of the owner or lessee.
            (2) Cause the installation.--The term ``cause the 
        installation'' when used with respect to particular software, 
        means to knowingly provide the technical means by which the 
        software is installed, or to knowingly pay or provide other 
        consideration to, or to knowingly induce or authorize, another 
        person to do so.
            (3) Commission.--The term ``Commission'' means the Federal 
        Trade Commission.
            (4) Cookie.--The term ``cookie'' means a text file--
                    (A) that is placed on a computer by, or on behalf 
                of, an Internet service provider, interactive computer 
                service, or Internet website; and
                    (B) the sole function of which is to record 
                information that can be read or recognized when the 
                user of the computer subsequently accesses particular 
                websites or online locations or services.
            (5) First retail sale and delivery.--The term ``first 
        retail sale and delivery'' means the first sale, for a purpose 
        other than resale, of a protected computer and the delivery of 
        that computer to the purchaser or a recipient designated by the 
        purchaser at the time of such first sale. For purposes of this 
        paragraph, the lease of a computer shall be considered a sale 
        of the computer for a purpose other than resale.
            (6) Install.--
                    (A) In general.--The term ``install'' means--
                            (i) to write computer software to a 
                        computer's persistent storage medium, such as 
                        the computer's hard disk, in such a way that 
                        the computer software is retained on the 
                        computer after the computer is turned off and 
                        subsequently restarted; or
                            (ii) to write computer software to a 
                        computer's temporary memory, such as random 
                        access memory, in such a way that the software 
                        is retained and continues to operate after the 
                        user of the computer turns off or exits the 
                        Internet service, interactive computer service, 
                        or Internet website from which the computer 
                        software was obtained.
                    (B) Exception for temporary cache.--The term 
                ``install'' does not include the writing of software to 
                an area of the persistent storage medium that is 
                expressly reserved for the temporary retention of 
                recently accessed or input data or information if the 
                software retained in that area remains inoperative 
                unless a user of the computer chooses to access that 
                temporary retention area.
            (7) Person.--The term ``person'' has the meaning given that 
        term in section 3(32) of the Communications Act of 1934 (47 
        U.S.C. 153(32)).
            (8) Protected computer.--The term ``protected computer'' 
        has the meaning given that term in section 1030(e)(2)(B) of 
        title 18, United States Code.
            (9) Software.--The term ``software'' means any program 
        designed to cause a computer to perform a desired function or 
        functions. Such term does not include any cookie.
            (10) Unfair or deceptive act or practice.--The term 
        ``unfair or deceptive act or practice'' has the same meaning as 
        when used in section 5 of the Federal Trade Commission Act (15 
        U.S.C. 45).
            (11) Upgrade.--The term ``upgrade'', when used with respect 
        to a previously installed software program, means additional 
        software that is issued by, or with the authorization of, the 
        publisher or any successor to the publisher of the software 
        program to improve, correct, repair, enhance, supplement, or 
        otherwise modify the software program.

SEC. 14. EFFECTIVE DATE.

    This Act shall take effect 180 days after the date of enactment of 
this Act.
                                 <all>