[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 964 Engrossed in House (EH)]
110th CONGRESS
1st Session
H. R. 964
_______________________________________________________________________
AN ACT
To protect users of the Internet from unknowing transmission of their
personally identifiable information through spyware programs, and for
other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Securely Protect Yourself Against
Cyber Trespass Act'' or the ``Spy Act''.
SEC. 2. PROHIBITION OF UNFAIR OR DECEPTIVE ACTS OR PRACTICES RELATING
TO SPYWARE.
(a) Prohibition.--It is unlawful for any person, who is not the
owner or authorized user of a protected computer, to engage in unfair
or deceptive acts or practices that involve any of the following
conduct with respect to the protected computer:
(1) Taking control of the computer by--
(A) utilizing such computer to send unsolicited
information or material from the computer to others;
(B) diverting the Internet browser of the computer,
or similar program of the computer used to access and
navigate the Internet--
(i) without authorization of the owner or
authorized user of the computer; and
(ii) away from the site the user intended
to view, to one or more other Web pages, such
that the user is prevented from viewing the
content at the intended Web page, unless such
diverting is otherwise authorized;
(C) accessing, hijacking, or otherwise using the
modem, or Internet connection or service, for the
computer and thereby causing damage to the computer or
causing the owner or authorized user or a third party
defrauded by such conduct to incur charges or other
costs for a service that is not authorized by such
owner or authorized user;
(D) using the computer as part of an activity
performed by a group of computers that causes damage to
another computer; or
(E) delivering advertisements or a series of
advertisements that a user of the computer cannot close
or terminate without undue effort or knowledge by the
user or without turning off the computer or closing all
sessions of the Internet browser for the computer.
(2) Modifying settings related to use of the computer or to
the computer's access to or use of the Internet by altering--
(A) the Web page that appears when the owner or
authorized user launches an Internet browser or similar
program used to access and navigate the Internet;
(B) the default provider used to access or search
the Internet, or other existing Internet connections
settings;
(C) a list of bookmarks used by the computer to
access Web pages; or
(D) security or other settings of the computer that
protect information about the owner or authorized user
for the purposes of causing damage or harm to the
computer or owner or user.
(3) Collecting personally identifiable information through
the use of a keystroke logging function.
(4) Inducing the owner or authorized user of the computer
to disclose personally identifiable information by means of a
Web page that--
(A) is substantially similar to a Web page
established or provided by another person; and
(B) misleads the owner or authorized user that such
Web page is provided by such other person.
(5) Inducing the owner or authorized user to install a
component of computer software onto the computer, or preventing
reasonable efforts to block the installation or execution of,
or to disable, a component of computer software by--
(A) presenting the owner or authorized user with an
option to decline installation of such a component such
that, when the option is selected by the owner or
authorized user or when the owner or authorized user
reasonably attempts to decline the installation, the
installation nevertheless proceeds; or
(B) causing such a component that the owner or
authorized user has properly removed or disabled to
automatically reinstall or reactivate on the computer.
(6) Misrepresenting that installing a separate component of
computer software or providing log-in and password information
is necessary for security or privacy reasons, or that
installing a separate component of computer software is
necessary to open, view, or play a particular type of content.
(7) Inducing the owner or authorized user to install or
execute computer software by misrepresenting the identity or
authority of the person or entity providing the computer
software to the owner or user.
(8) Inducing the owner or authorized user to provide
personally identifiable, password, or account information to
another person--
(A) by misrepresenting the identity of the person
seeking the information; or
(B) without the authority of the intended recipient
of the information.
(9) Removing, disabling, or rendering inoperative a
security, anti-spyware, or anti-virus technology installed on
the computer.
(10) Installing or executing on the computer one or more
additional components of computer software with the intent of
causing a person to use such components in a way that violates
any other provision of this section.
(b) Guidance.--The Commission shall issue guidance regarding
compliance with and violations of this section. This subsection shall
take effect upon the date of the enactment of this Act.
(c) Effective Date.--Except as provided in subsection (b), this
section shall take effect upon the expiration of the 6-month period
that begins on the date of the enactment of this Act.
SEC. 3. PROHIBITION OF COLLECTION OF CERTAIN INFORMATION WITHOUT NOTICE
AND CONSENT.
(a) Opt-in Requirement.--Except as provided in subsection (e), it
is unlawful for any person--
(1) to transmit to a protected computer, which is not owned
by such person and for which such person is not an authorized
user, any information collection program, unless--
(A) such information collection program provides
notice in accordance with subsection (c) before
downloading or installing any of the information
collection program; and
(B) such information collection program includes
the functions required under subsection (d); or
(2) to execute any information collection program installed
on such a protected computer unless--
(A) before execution of any of the information
collection functions of the program, the owner or an
authorized user of the protected computer has consented
to such execution pursuant to notice in accordance with
subsection (c); and
(B) such information collection program includes
the functions required under subsection (d).
(b) Information Collection Program.--
(1) In general.--For purposes of this section, the term
``information collection program'' means computer software that
performs either of the following functions:
(A) Collection of personally identifiable
information.--The computer software--
(i) collects personally identifiable
information; and
(ii)(I) sends such information to a person
other than the owner or authorized user of the
computer, or
(II) uses such information to deliver
advertising to, or display advertising on, the
computer.
(B) Collection of information regarding internet
activity to deliver advertising.--The computer
software--
(i) collects information regarding the
user's Internet activity using the computer;
and
(ii) uses such information to deliver
advertising to, or display advertising on, the
computer.
(2) Exception for software collecting information regarding
internet activity within a particular web site.--Computer
software that otherwise would be considered an information
collection program by reason of paragraph (1)(B) shall not be
considered such a program if--
(A) the only information collected by the software
regarding the user's internet activity, and used to
deliver advertising to, or display advertising on, the
protected computer, is--
(i) information regarding Web pages within
a particular Web site; or
(ii) in the case of any Internet-based
search function, user-supplied search terms
necessary to complete the search and return
results to the user;
(B) such information collected is not sent to a
person other than--
(i) the provider of the Web site accessed
or Internet-based search function; or
(ii) a party authorized to facilitate the
display or functionality of Web pages within
the Web site accessed; and
(C) the only advertising delivered to or displayed
on the computer using such information is advertising
on Web pages within that particular Web site.
(c) Notice and Consent.--
(1) In general.--Notice in accordance with this subsection
with respect to an information collection program is clear and
conspicuous notice in plain language, set forth as the
Commission shall provide, that meets all of the following
requirements:
(A) The notice clearly distinguishes a statement
required under subparagraph (B) from any other
information visually presented contemporaneously on the
computer.
(B) The notice contains one of the following
statements, as applicable, or a substantially similar
statement:
(i) With respect to an information
collection program described in subsection
(b)(1)(A): ``This program will collect and
transmit information about you. Do you
accept?''.
(ii) With respect to an information
collection program described in subsection
(b)(1)(B): ``This program will collect
information about Web pages you access and will
use that information to display advertising on
your computer. Do you accept?''.
(iii) With respect to an information
collection program that performs the actions
described in both subparagraphs (A) and (B) of
subsection (b)(1): ``This program will collect
and transmit information about you and will
collect information about Web pages you access
and use that information to display advertising
on your computer. Do you accept?''.
(C) The notice provides for the user--
(i) to grant or deny consent referred to in
subsection (a) by selecting an option to grant
or deny such consent; and
(ii) to abandon or cancel the transmission
or execution referred to in subsection (a)
without granting or denying such consent.
(D) The notice provides an option for the user to
select to display on the computer, before granting or
denying consent using the option required under
subparagraph (C), a clear description of--
(i) the types of information to be
collected and sent (if any) by the information
collection program;
(ii) the purpose for which such information
is to be collected and sent; and
(iii) in the case of an information
collection program that first executes any of
the information collection functions of the
program together with the first execution of
other computer software, the identity of any
such software that is an information collection
program.
(E) The notice provides for concurrent display of
the information required under subparagraphs (B) and
(C) and the option required under subparagraph (D)
until the user--
(i) grants or denies consent using the
option required under subparagraph (C)(i);
(ii) abandons or cancels the transmission
or execution pursuant to subparagraph (C)(ii);
or
(iii) selects the option required under
subparagraph (D).
(2) Single notice.--The Commission shall provide that, in
the case in which multiple information collection programs are
provided to the protected computer together, or as part of a
suite of functionally related software, the notice requirements
of paragraphs (1)(A) and (2)(A) of subsection (a) may be met by
providing, before execution of any of the information
collection functions of the programs, clear and conspicuous
notice in plain language in accordance with paragraph (1) of
this subsection by means of a single notice that applies to all
such information collection programs, except that such notice
shall provide the option under subparagraph (D) of paragraph
(1) of this subsection with respect to each such information
collection program.
(3) Change in information collection.--If an owner or
authorized user has granted consent to execution of an
information collection program pursuant to a notice in
accordance with this subsection:
(A) In general.--No subsequent such notice is
required, except as provided in subparagraph (B).
(B) Subsequent notice.--The person who transmitted
the program shall provide another notice in accordance
with this subsection and obtain consent before such
program may be used to collect or send information of a
type or for a purpose that is materially different
from, and outside the scope of, the type or purpose set
forth in the initial or any previous notice.
(4) Regulations.--The Commission shall issue regulations to
carry out this subsection.
(d) Required Functions.--The functions required under this
subsection to be included in an information collection program that
executes any information collection functions with respect to a
protected computer are as follows:
(1) Disabling function.--With respect to any information
collection program, a function of the program that allows a
user of the program to remove the program or disable operation
of the program with respect to such protected computer by a
function that--
(A) is easily identifiable to a user of the
computer; and
(B) can be performed without undue effort or
knowledge by the user of the protected computer.
(2) Identity function.--
(A) In general.--With respect only to an
information collection program that uses information
collected in the manner described in subparagraph
(A)(ii)(II) or (B)(ii) of subsection (b)(1) and subject
to subparagraph (B) of this paragraph, a function of
the program that provides that each display of an
advertisement directed or displayed using such
information, when the owner or authorized user is
accessing a Web page or online location other than of
the provider of the computer software, is accompanied
by the name of the information collection program, a
logogram or trademark used for the exclusive purpose of
identifying the program, or a statement or other
information sufficient to clearly identify the program.
(B) Exemption for embedded advertisements.--The
Commission shall, by regulation, exempt from the
applicability of subparagraph (A) the embedded display
of any advertisement on a Web page that
contemporaneously displays other information.
(3) Rulemaking.--The Commission may issue regulations to
carry out this subsection.
(e) Limitation on Liability.--A telecommunications carrier, a
provider of information service or interactive computer service, a
cable operator, or a provider of transmission capability shall not be
liable under this section to the extent that the carrier, operator, or
provider--
(1) transmits, routes, hosts, stores, or provides
connections for an information collection program through a
system or network controlled or operated by or for the carrier,
operator, or provider; or
(2) provides an information location tool, such as a
directory, index, reference, pointer, or hypertext link,
through which the owner or user of a protected computer locates
an information collection program.
(f) Study and Additional Exemption.--
(1) Study and report.--The Commission shall conduct a study
to determine the applicability of the information collection
prohibitions of this section to information that is input
directly by users in a field provided on a website. The study
shall examine--
(A) the nature of such fields for user input;
(B) the use of a user's information once input and
whether such information is sent to a person other than
the provider of the Web site;
(C) whether such information is used to deliver
advertisements to the user's computer; and
(D) the extent of any notice provided to the user
prior to such input.
(2) Report.--The Commission shall transmit a report on such
study to the Committee on Energy and Commerce of the House of
Representatives and the Committee on Commerce, Science, and
Transportation of the Senate not later than the expiration of
the 6-month period that begins on the date on which final
regulations are issued under section 9. The requirements of
subchapter I of chapter 35 of title 44, United States Code,
shall not apply to the report required under this subsection.
(3) Regulation.--If the Commission finds that users have
adequate notice regarding the uses of any information input
directly by the user in a field provided on a website, such
that an exemption from the requirements of this section, or a
modification of the notice required by this section is
appropriate for such information, and that such an exemption or
modification is consistent with the public interest, the
protection of consumers, and the purposes of this Act, the
Commission may prescribe such an exemption or modification by
regulation.
SEC. 4. ENFORCEMENT.
(a) Unfair or Deceptive Act or Practice.--This Act shall be
enforced by the Commission under the Federal Trade Commission Act (15
U.S.C. 41 et seq.). A violation of any provision of this Act or of a
regulation issued under this Act shall be treated as an unfair or
deceptive act or practice violating a rule promulgated under section 18
of the Federal Trade Commission Act (15 U.S.C. 57a).
(b) Penalty for Pattern or Practice Violations.--
(1) In general.--Notwithstanding subsection (a) and the
Federal Trade Commission Act, in the case of a person who
engages in a pattern or practice that violates section 2 or 3,
the Commission may, in its discretion, seek a civil penalty for
such pattern or practice of violations in an amount, as
determined by the Commission, of not more than--
(A) $3,000,000 for each violation of section 2; and
(B) $1,000,000 for each violation of section 3.
(2) Treatment of single action or conduct.--In applying
paragraph (1)--
(A) any single action or conduct that violates
section 2 or 3 with respect to multiple protected
computers shall be treated as a single violation; and
(B) any single action or conduct that violates more
than one paragraph of section 2(a) shall be considered
multiple violations, based on the number of such
paragraphs violated.
(c) Required Scienter.--Civil penalties sought under this section
for any action may not be granted by the Commission or any court unless
the Commission or court, respectively, establishes that the action was
committed with actual knowledge or knowledge fairly implied on the
basis of objective circumstances that such act is unfair or deceptive
or violates this Act.
(d) Factors in Amount of Penalty.--In determining the amount of any
penalty pursuant to subsection (a) or (b), the court shall take into
account the degree of culpability, any history of prior such conduct,
ability to pay, effect on ability to continue to do business, and such
other matters as justice may require.
(e) Exclusiveness of Remedies.--The remedies in this section (and
other remedies available to the Commission in an enforcement action
against unfair and deceptive acts and practices) are the exclusive
remedies for violations of this Act.
(f) Effective Date.--To the extent only that this section applies
to violations of section 2(a), this section shall take effect upon the
expiration of the 6-month period that begins on the date of the
enactment of this Act.
SEC. 5. LIMITATIONS.
(a) Law Enforcement Authority.--Sections 2 and 3 shall not apply
to--
(1) any act taken by a law enforcement agent in the
performance of official duties; or
(2) the transmission or execution of an information
collection program in compliance with a law enforcement,
investigatory, national security, or regulatory agency or
department of the United States or any State in response to a
request or demand made under authority granted to that agency
or department, including a warrant issued under the Federal
Rules of Criminal Procedure, an equivalent State warrant, a
court order, or other lawful process.
(b) Exception Relating to Security.--Nothing in this Act shall
apply to--
(1) any monitoring of, or interaction with, a protected
computer--
(A) in connection with the provision of a network
access service or other service or product with respect
to which the user of the protected computer is an
actual or prospective customer, subscriber, registered
user, or account holder;
(B) by the provider of that service or product or
with such provider's authorization; and
(C) that involves or enables the collection of
information about the user's activities only with
respect to the user's relationship with or use of such
service or product,
to the extent that such monitoring or interaction is for the
purpose of network security, computer security, diagnostics,
technical support or repair, network management, authorized
updates of software, or for the detection or prevention of
fraudulent activities; or
(2) a discrete interaction with a protected computer by a
provider of computer software solely to determine whether the
user of the computer is authorized to use such software, that
occurs upon--
(A) initialization of the software; or
(B) an affirmative request by the owner or
authorized user for an update of, addition to, or
technical service for, the software.
(c) Good Samaritan Protection.--
(1) In general.--No provider of computer software or of
interactive computer service may be held liable under this Act
on account of any action voluntarily taken, or service
provided, in good faith to remove or disable a program used to
violate section 2 or 3 that is installed on a computer of a
customer of such provider, if such provider notifies the
customer and obtains the consent of the customer before
undertaking such action or providing such service.
(2) Construction.--Nothing in this subsection shall be
construed to limit the liability of a provider of computer
software or of an interactive computer service for any anti-
competitive act otherwise prohibited by law.
(d) Limitation on Liability.--A manufacturer or retailer of
computer equipment shall not be liable under this Act to the extent
that the manufacturer or retailer is providing third party branded
computer software that is installed on the equipment the manufacturer
or retailer is manufacturing or selling.
(e) Services Provided by Cable Operators and Satellite Carriers.--
It shall not be a violation of section 3 for a satellite carrier (as
such term is defined in section 338(k) of the Communications Act of
1934 (47 U.S.C. 338(k)) or cable operator (as such term is defined in
section 631(a)(2) of such Act (47 U.S.C. 551(a)(2))) to--
(1) utilize a navigation device (as such term is defined in
the rules of the Federal Communications Commission);
(2) interact with such a navigation device; or
(3) transmit software to or execute software installed on
such a navigation device to provide service or collect or
disclose subscriber information,
if the provision of such service, the utilization of or the interaction
with such device, or the collection of or disclosure of such
information, is subject to section 338(i) or section 631 of the
Communications Act of 1934.
SEC. 6. EFFECT ON OTHER LAWS.
(a) Preemption of State Law.--
(1) Preemption of spyware laws.--This Act supersedes any
provision of a statute, regulation, or rule of a State or
political subdivision of a State that expressly regulates--
(A) unfair or deceptive conduct with respect to
computers similar to that described in section 2(a);
(B) the transmission or execution of a computer
program similar to that described in section 3; or
(C) the use of computer software that displays
advertising content based on the Web pages accessed
using a computer.
(2) Additional preemption.--
(A) In general.--No person other than the Attorney
General of a State may bring a civil action under the
law of any State if such action is premised in whole or
in part upon the defendant violating any provision of
this Act.
(B) Protection of consumer protection laws.--This
paragraph shall not be construed to limit the
enforcement of any State consumer protection law by an
Attorney General of a State.
(3) Protection of certain state laws.--This Act shall not
be construed to preempt the applicability of--
(A) State trespass, contract, or tort law; or
(B) other State laws to the extent that those laws
relate to acts of fraud.
(4) Effective date.--The preemption provided for under this
subsection shall take effect, with respect to specific
provisions of this Act, on the effective date for such
provisions.
(b) Preservation of FTC Authority.--Nothing in this Act may be
construed in any way to limit or affect the Commission's authority
under any other provision of law, including the authority to issue
advisory opinions (under part 1 of volume 16 of the Code of Federal
Regulations), policy statements, or guidance regarding this Act.
SEC. 7. FTC REPORT ON COOKIES.
(a) In General.--Not later than the expiration of the 6-month
period that begins on the date on which final regulations are issued
under section 9, the Commission shall submit a report to the Congress
regarding the use of cookies in the delivery or display of advertising
to the owners and users of computers. The report shall examine the
extent to which cookies are or may be used to transmit to a third party
personally identifiable information of a computer owner or user,
information regarding Web pages accessed by the owner or user, or
information regarding advertisements previously delivered to a
computer, for the purpose of--
(1) delivering or displaying advertising to the owner or
user; or
(2) assisting the intended recipient to deliver or display
advertising to the owner, user, or others.
The report shall examine and describe the methods by which cookies and
the Web sites that place them on computers function separately and
together, and shall compare the use of cookies with the use of
information collection programs (as such term is defined in section 3)
to determine the extent to which such uses are similar or different.
The report may include such recommendations as the Commission considers
necessary and appropriate, including treatment of cookies under this
Act or other laws.
(b) Effective Date.--This section shall take effect on the date of
the enactment of this Act.
(c) Paperwork Reduction Requirements.--The requirements of
subchapter I of chapter 35 of title 44, United States Code, shall not
apply to the report required under this section.
SEC. 8. FTC REPORT ON INFORMATION COLLECTION PROGRAMS INSTALLED BEFORE
EFFECTIVE DATE.
Not later than the expiration of the 6-month period that begins on
the date on which final regulations are issued under section 9, the
Commission shall submit a report to the Congress on the extent to which
there are installed on protected computers information collection
programs that, but for installation prior to the effective date under
section 11(a), would be subject to the requirements of section 3. The
report shall include recommendations regarding the means of affording
computer users affected by such information collection programs the
protections of section 3, including recommendations regarding requiring
a one-time notice and consent by the owner or authorized user of a
computer to the continued collection of information by such a program
so installed on the computer. The requirements of subchapter I of
chapter 35 of title 44, United States Code, shall not apply to the
report required under this section.
SEC. 9. REGULATIONS.
(a) In General.--The Commission shall issue the regulations
required by this Act not later than the expiration of the 9-month
period beginning on the date of the enactment of this Act. In
exercising its authority to issue any regulation under this Act, the
Commission shall determine that the regulation is consistent with the
public interest and the purposes of this Act. Any regulations issued
pursuant to this Act shall be issued in accordance with section 553 of
title 5, United States Code.
(b) Effective Date.--This section shall take effect on the date of
the enactment of this Act.
SEC. 10. DEFINITIONS.
For purposes of this Act:
(1) Cable operator.--The term ``cable operator'' has the
meaning given such term in section 602 of the Communications
Act of 1934 (47 U.S.C. 522).
(2) Collect.--The term ``collect'', when used with respect
to information and for purposes only of section 3(b)(1)(A),
does not include obtaining of the information by a party who is
intended by the owner or authorized user of a protected
computer to receive the information or by a third party
authorized by such intended recipient to receive the
information, pursuant to the owner or authorized user--
(A) transferring the information to such intended
recipient using the protected computer; or
(B) storing the information on the protected
computer in a manner so that it is accessible by such
intended recipient.
(3) Computer; protected computer.--The terms ``computer''
and ``protected computer'' have the meanings given such terms
in section 1030(e) of title 18, United States Code.
(4) Computer software.--
(A) In general.--Except as provided in subparagraph
(B), the term ``computer software'' means a set of
statements or instructions that can be installed and
executed on a computer for the purpose of bringing
about a certain result.
(B) Exceptions.--Such term does not include--
(i) computer software that is placed on the
computer system of a user by an Internet
service provider, interactive computer service,
or Internet Web site solely to enable the user
subsequently to use such provider or service or
to access such Web site;
(ii) a cookie; or
(iii) any other type of text or data file
that solely may be read or transferred by a
computer.
(5) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(6) Damage.--The term ``damage'' has the meaning given such
term in section 1030(e) of title 18, United States Code.
(7) Unfair or deceptive acts or practices.--The term
``unfair or deceptive acts or practices'' has the meaning
applicable to such term for purposes of section 5 of the
Federal Trade Commission Act (15 U.S.C. 45).
(8) Disable.--The term ``disable'' means, with respect to
an information collection program, to permanently prevent such
program from executing any of the functions described in
section 3(b)(1) that such program is otherwise capable of
executing (including by removing, deleting, or disabling the
program), unless the owner or operator of a protected computer
takes a subsequent affirmative action to enable the execution
of such functions.
(9) Information collection functions.--The term
``information collection functions'' means, with respect to an
information collection program, the functions of the program
described in subsection (b)(1) of section 3.
(10) Information service.--The term ``information service''
has the meaning given such term in section 3 of the
Communications Act of 1934 (47 U.S.C. 153).
(11) Interactive computer service.--The term ``interactive
computer service'' has the meaning given such term in section
230(f) of the Communications Act of 1934 (47 U.S.C. 230(f)).
(12) Internet.--The term ``Internet'' means collectively
the myriad of computer and telecommunications facilities,
including equipment and operating software, which comprise the
interconnected world-wide network of networks that employ the
Transmission Control Protocol/Internet Protocol, or any
predecessor or successor protocols to such protocol, to
communicate information of all kinds by wire or radio.
(13) Personally identifiable information.--
(A) In general.--The term ``personally identifiable
information'' means the following information, to the
extent only that such information allows a living
individual to be identified from that information:
(i) First and last name of an individual.
(ii) A home or other physical address of an
individual, including street name, name of a
city or town, and zip code.
(iii) An electronic mail address.
(iv) A telephone number.
(v) A social security number, tax
identification number, passport number,
driver's license number, or any other
government-issued identification number.
(vi) A credit card number.
(vii) Any access code, password, or account
number, other than an access code or password
transmitted by an owner or authorized user of a
protected computer to the intended recipient to
register for, or log onto, a Web page or other
Internet service or a network connection or
service of a subscriber that is protected by an
access code or password.
(viii) Date of birth, birth certificate
number, or place of birth of an individual,
except in the case of a date of birth
transmitted or collected for the purpose of
compliance with the law.
(B) Rulemaking.--The Commission may, by regulation,
add to the types of information described in
subparagraph (A) that shall be considered personally
identifiable information for purposes of this Act,
except that such additional types of information shall
be considered personally identifiable information only
to the extent that such information allows living
individuals, particular computers, particular users of
computers, or particular email addresses or other
locations of computers to be identified from that
information.
(14) Suite of functionally related software.--The term
suite of ``functionally related software'' means a group of
computer software programs distributed to an end user by a
single provider, which programs enable features or
functionalities of an integrated service offered by the
provider.
(15) Telecommunications carrier.--The term
``telecommunications carrier'' has the meaning given such term
in section 3 of the Communications Act of 1934 (47 U.S.C. 153).
(16) Transmit.--The term ``transmit'' means, with respect
to an information collection program, transmission by any
means.
(17) Web page.--The term ``Web page'' means a location,
with respect to the World Wide Web, that has a single Uniform
Resource Locator or another single location with respect to the
Internet, as the Federal Trade Commission may prescribe.
(18) Web site.--The term ``web site'' means a collection of
Web pages that are presented and made available by means of the
World Wide Web as a single Web site (or a single Web page so
presented and made available), which Web pages have any of the
following characteristics:
(A) A common domain name.
(B) Common ownership, management, or registration.
SEC. 11. APPLICABILITY AND SUNSET.
(a) Effective Date.--Except as specifically provided otherwise in
this Act, this Act shall take effect upon the expiration of the 12-
month period that begins on the date of the enactment of this Act.
(b) Applicability.--Section 3 shall not apply to an information
collection program installed on a protected computer before the
effective date under subsection (a) of this section.
(c) Sunset.--This Act shall not apply after December 31, 2013.
Passed the House of Representatives June 6, 2007.
Attest:
Clerk.
110th CONGRESS
1st Session
H. R. 964
_______________________________________________________________________
AN ACT
To protect users of the Internet from unknowing transmission of their
personally identifiable information through spyware programs, and for
other purposes.