b"<html>\n<title> - COMBATING SPYWARE: H.R. 964, THE SPY ACT</title>\n<body><pre>[House Hearing, 110 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n                COMBATING SPYWARE: H.R. 964, THE SPY ACT\n\n=======================================================================\n\n                                HEARING\n\n                               BEFORE THE\n\n                    SUBCOMMITTEE ON COMMERCE, TRADE,\n                        AND CONSUMER PROTECTION\n\n                                 OF THE\n\n                    COMMITTEE ON ENERGY AND COMMERCE\n                        HOUSE OF REPRESENTATIVES\n\n                       ONE HUNDRED TENTH CONGRESS\n\n                             FIRST SESSION\n\n                                   ON\n\n                                H.R. 964\n\n                               __________\n\n                             MARCH 15, 2007\n\n                               __________\n\n                           Serial No. 110-21\n\n\n<GRAPHIC NOT AVAILABLE IN TIFF FORMAT>\n\n\n      Printed for the use of the Committee on Energy and Commerce\n\n                        energycommerce.house.gov\n\n                                -------\n\n                     U.S. GOVERNMENT PRINTING OFFICE\n\n38-810                     WASHINGTON DC:  2008\n---------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing\nOffice  Internet: bookstore.gpo.gov Phone: toll free (866)512-1800\nDC area (202)512-1800  Fax: (202) 512-2250 Mail Stop SSOP, \nWashington, DC 20402-0001\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n                    COMMITTEE ON ENERGY AND COMMERCE\n\n                  JOHN D. DINGELL, Michigan, Chairman\n\nHENRY A. WAXMAN, California          JOE BARTON, Texas\nEDWARD J. MARKEY, Massachusetts          Ranking Member\nRICK BOUCHER, Virginia               RALPH M. HALL, Texas\nEDOLPHUS TOWNS, New York             J. DENNIS HASTERT, Illinois\nFRANK PALLONE, Jr., New Jersey       FRED UPTON, Michigan\nBART GORDON, Tennessee               CLIFF STEARNS, Florida\nBOBBY L. RUSH, Illinois              NATHAN DEAL, Georgia\nANNA G. ESHOO, California            ED WHITFIELD, Kentucky\nBART STUPAK, Michigan                BARBARA CUBIN, Wyoming\nELIOT L. ENGEL, New York             JOHN SHIMKUS, Illinois\nALBERT R. WYNN, Maryland             HEATHER WILSON, New Mexico\nGENE GREEN, Texas                    JOHN B. SHADEGG, Arizona\nDIANA DeGETTE, Colorado              CHARLES W. ``CHIP'' PICKERING, \n    Vice Chairman                    Mississippi\nLOIS CAPPS, California               VITO FOSSELLA, New York\nMIKE DOYLE, Pennsylvania             STEVE BUYER, Indiana\nJANE HARMAN, California              GEORGE RADANOVICH, California\nTOM ALLEN, Maine                     JOSEPH R. PITTS, Pennsylvania\nJAN SCHAKOWSKY, Illinois             MARY BONO, California\nHILDA L. SOLIS, California           GREG WALDEN, Oregon\nCHARLES A. GONZALEZ, Texas           LEE TERRY, Nebraska\nJAY INSLEE, Washington               MIKE FERGUSON, New Jersey\nTAMMY BALDWIN, Wisconsin             MIKE ROGERS, Michigan\nMIKE ROSS, Arkansas                  SUE WILKINS MYRICK, North Carolina\nDARLENE HOOLEY, Oregon               JOHN SULLIVAN, Oklahoma\nANTHONY D. WEINER, New York          TIM MURPHY, Pennsylvania\nJIM MATHESON, Utah                   MICHAEL C. BURGESS, Texas\nG.K. BUTTERFIELD, North Carolina     MARSHA BLACKBURN, Tennessee\nCHARLIE MELANCON, Louisiana\nJOHN BARROW, Georgia\nBARON P. HILL, Indiana\n\n                                 ______\n\n                           Professional Staff\n                 Dennis B. Fitzgibbons, Chief of Staff\n                   Gregg A. Rothschild, Chief Counsel\n                      Sharon E. Davis, Chief Clerk\n                 Bud Albright, Minority Staff Director\n\n                                  (ii)\n\n        Subcommittee on Commerce, Trade, and Consumer Protection\n\n                   BOBBY L. RUSH, Illinois, Chairman\nJAN SCHAKOWSKY, Illinois             CLIFF STEARNS, Florida,\nG.K. BUTTERFIELD, North Carolina          Ranking Member\nJOHN BARROW, Georgia                 J. DENNIS HASTERT, Illinois\nBARON P. HILL, Indiana               ED WHITFIELD, Kentucky\nEDWARD J. MARKEY, Massachusetts      CHARLES W. ``CHIP'' PICKERING, \nRICK BOUCHER, Virginia                   Mississippi\nEDOLPHUS TOWNS, New York             VITO FOSSELLA, New York\nDIANA DeGETTE, Colorado              GEORGE RADANOVICH, California\nCHARLES A. GONZALEZ, Texas           JOSEPH R. PITTS, Pennsylvania\nMIKE ROSS, Arkansas                  MARY BONO, California\nDARLENE HOOLEY, Oregon               LEE TERRY, Nebraska\nANTHONY D. WEINER, New York          SUE WILKINS MYRICK, North Carolina\nJIM MATHESON, Utah                   MICHAEL C. BURGESS, Texas\nCHARLIE MELANCON, Louisiana          MARSHA BLACKBURN, Tennessee\nJOHN D. DINGELL, Michigan            JOE BARTON, Texas\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n                             C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nH.R. 964, to protect users of the Internet from unknowing \n  transmission of their personally identifiable information \n  through spyware programs, and for other purposes...............     3\n\nBarton, Hon. Joe, a Representative in Congress from the State of \n  Texas, opening statement.......................................    36\nBono, Hon. Mary, a Representative in Congress from the State of \n  California, opening statement..................................    39\nHooley, Hon. Darlene, a Representative in Congress from the State \n  of Oregon, opening statement...................................    37\nRush, Hon. Bobby L., a Representative in Congress from the State \n  of Illinois, opening statement.................................     1\nSchakowsky, Hon. Jan, a Representative in Congress from the State \n  of Illinois, opening statement.................................    35\nStearns, Hon. Cliff, a Representative in Congress from the State \n  of Florida, opening statement..................................    34\nTowns, Hon. Edolphus, a Representative in Congress from the State \n  of New York, opening statement.................................    38\n\n                               Witnesses\n\nCerasale, Jerry, senior vice president, government affairs, \n  Direct Marketing Association, Inc..............................    74\n    Prepared statement...........................................    76\nMaier, Fran, executive director, TRUSTe..........................    95\n    Prepared statement...........................................    97\nMorgan, Dave, founder and chairman, Tacoda, Inc..................    87\n    Prepared statement...........................................    89\nSchwartz, Ari, deputy director, Center for Democracy and \n  Technology.....................................................    40\n    Prepared statement...........................................    42\nVarney, Christine A., Hogan & Hartson LLP, on behalf of Zango, \n  Inc............................................................   131\n    Prepared statement...........................................   134\n\n \n                COMBATING SPYWARE: H.R. 964, THE SPY ACT\n\n                              ----------                              \n\n\n                        THURSDAY, MARCH 15, 2007\n\n              House of Representatives,    \n            Subcommittee on Commerce, Trade\n                           and Consumer Protection,\n                          Committee on Energy and Commerce,\n                                                    Washington, DC.\n    The subcommittee met, pursuant to call, at 11:10 a.m., in \nroom 2322 of the Rayburn House Office Building, Hon. Bobby L. \nRush (chairman of the subcommittee) presiding.\n    Members present: Representatives Schakowsky, Barrow, Towns, \nRoss, Hooley, Matheson, Stearns, Bono, Terry and Barton [ex \nofficio].\n\n OPENING STATEMENT OF HON. BOBBY L. RUSH, A REPRESENTATIVE IN \n              CONGRESS FROM THE STATE OF ILLINOIS\n\n    Mr. Rush. The subcommittee will come to order.\n    Today the Subcommittee on Commerce, Trade and Consumer \nProtection tackles the problem of spyware, the insidious \nsoftware that consumers unwittingly download onto their \ncomputers only to have their personal private information \nextracted for commercial or fraudulent purposes.\n    Spyware comes in many forms. Sometimes it takes the form of \nadware that tracks the Web sites an individual visits in order \nto facilitate target marketing and develop pop-up ads tailored \nto sites he or she visits. At other times it is far more \noffensive, redirecting his or her Web searches to gambling or \npornographic sites. And sometimes at its very worst, spyware \nmonitors and steals a consumer's sensitive secret information \nsuch as account passwords and credit card numbers. Spyware \nsurreptitiously makes its way onto one's computer by fooling \nthe computer into downloading the nefarious software. Spyware \nis often secretly bundled with free software from Web sites \nthat a consumer willingly downloads onto his or her computer. \nAt other times spyware is installed as an add-on to a browser's \ntoolbar or it simply pops up as a seemingly innocuous Web site \nor window, innocently asking for permission to install. Perhaps \nthe worst of all, some spyware masquerades as anti-spyware with \npromises of cleaning up a person's computer only to install its \nown version of spyware.\n    Whatever its form and however it is installed, at its worst \nspyware can lead to the unwanted exposure of offensive Web \ncontent to unsuspecting individuals, particularly children. It \ncan also lead to outright fraud resulting in significant \nfinancial damages. At its best, spyware is simply nasty stuff \nthat clogs computers, slows down processing power and is costly \nto remove. According to a survey in Consumer Reports as cited \nin the Washington Post, consumers paid as much as $7.8 billion \nover 2 years to protect or repair their computers with anti-\nspyware and anti-virus software.\n    In the past two Congresses, Mrs. Bono and Mr. Towns \nintroduced the bipartisan Spy Act and both times the bill \nenjoyed overwhelming support. Twice this subcommittee and the \nfull committee unanimously reported the bill. Twice the full \nHouse passed the bill with near unanimity and twice the Spy Act \nmet its demise in the Senate. This year Mr. Towns and Mrs. Bono \nare once again teaming up to introduce the Spy Act as H.R. 964. \nIt is my full intent as chairman of this subcommittee to do \neverything I can to make it three times that this bill passes \nthis subcommittee and the full committee and the House of \nRepresentatives and finally makes its way to the President's \ndesk. Let us all hope that the Senate can get its act together \nthis time around. Three times should be the charm for the \nSenate.\n     H.R. 964 provides a broad regulatory framework that \nempowers consumers with knowledge and allows them to be in \ncharge of what goes on their personal computers. First, the \nbill outright prohibits deceptive practices and acts related to \nspyware that wreak havoc on a computer's operating system or is \na harmful invasion of one's privacy. Moreover, the bill creates \na regime where an entity cannot execute any program that \ncollects personal information without first giving explicit \nnotice to the consumer and subsequently receiving his or her \nconsent. The bill further requires that once installed, the \ninformation collection program can be easily removed or \ndisabled. Lastly, H.R. 964 provides that the FTC will enforce \nthe Spy Act and that any violation of these provisions will be \ntreated as an unfair and deceptive act or practice violating a \nrule promulgated under section 18 of the FTC Act. Accordingly, \nthe Commission will be able to impose significant penalties, \nand I firmly believe, as do most of today's witnesses, that \nthis bill strikes an appropriate and workable balance that will \nallow honest commerce and innovation to occur.\n    Last year, not only did this bill receive an overwhelming \nsupport from our members but also from many technology \ncompanies and associations including Yahoo, eBay, AOL Time \nWarner, Dell, Microsoft, EarthLink and the U.S. Telecom \nAssociation. We will carefully consider the testimony of our \nwitnesses and the comment letters that we have received from \nthe FTC, consumer groups and industry experts.\n    Again, I want to commend Mr. Towns and Mrs. Bono for the \nterrific work that they have done on the Spy Act and for \nexhibiting yet another example of quality bipartisan \ncooperation that is really rather unique to this subcommittee, \nand I welcome our guests, who have graciously agreed to appear \nbefore us today and I hope that today marks the first step \ntowards making this important bill into law.\n    Thank you.\n    At this time I will submit a copy of H.R. 964 for inclusion \nin the record.\n    [H.R. 964 follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    Mr.  Rush. I recognize the ranking member of the \nsubcommittee, the gentleman from Florida, Mr. Stearns.\n\n OPENING STATEMENT OF HON. CLIFF STEARNS, A REPRESENTATIVE IN \n               CONGRESS FROM THE STATE OF FLORIDA\n\n    Mr. Stearns. Thank you, Mr. Chairman.\n    As you have mentioned, we hope that the third time is the \ncharm here. It has been nearly 3 years since the committee \nfirst held hearings on the subject of spyware. Although the \nInternet may seem like it has been around for a long time to \nmany of us, the reality is that it has only been commercially \navailable for a little more than a decade. As rapidly as usage \nhas spread, so too has industry and user practices evolved. We \nhave learned about some of these practices. Obviously spyware \nis one of those.\n    Where circumstances warranted, we tried to respond with \nlegislation in this committee, which we did. Some of our \nefforts of my colleagues resulted in public laws such as Can \nSpam. Although we like to respond as quickly as possible, we \nusually try to be as careful as possible to avoid unintended \nconsequences. I don't think we did. I would say, Mr. Chairman, \nwe are on this side ready to move to markup. We think we could \nmove to markup after this hearing because we have had so much \nsupport for this bill in the past and we would like to see a \nmarkup out of this subcommittee as soon as possible.\n    Mrs. Bono has showed leadership and Mr. Towns has in the \n108th Congress. We have discovered all the bad things about \nspyware and what it creates. We also learned that most \npernicious forms of spyware have more malicious intentions than \nwe realized. Criminals often in other countries have developed \nprograms that can potentially be used to steal a person's \nidentity. A keystroke logger is one example of a program that \ncan capture a consumer's data, which can then be used to commit \nfraud. Other types of spyware software have been used to hijack \na user's computer or to redirect a user's computer to bogus Web \nsites.\n    After investigating the damage of potential harm caused by \nspyware to consumer computers, we passed the bill out of the \nsubcommittee in the 108th. The House likewise passed it, as you \nhave mentioned. Unfortunately, the Senate did not take up the \nbill and we tried again in the 109th. The committee again \nunanimously passed the legislation. H.R. 964 is the same bill \nwe unanimously passed in the committee and nearly unanimously \nin the House last Congress.\n    There has been, I think, much progress in the industry, I \nwould compliment them, with the adoption of best practices and \nrecognition of the need for consumer consent. We also have seen \nan increase in the number of enforcement actions. This is all \ngood. That being said, the threat of spyware and the havoc it \ncan inflict on a consumer's computer--or worse, on the \nidentity--remains a real threat. Consumers and businesses are \nnow spending billions of dollars to protect themselves and \ntheir computers. To that end, I believe there is still a need \nfor this legislation and so I support H.R. 964. A company that \nis a bad actor is generally the exception rather than the rule. \nWhile criminals may never disappear, legitimate companies are \nnot in business to offend their customers.\n    I would like to welcome the distinguished panel here. I \nlook forward to their views on H.R. 964.\n    Mr. Chairman, in closing I would like to thank Mr. Barton \nfor his leadership on this issue during the last two \nCongresses. I also obviously commend my colleagues, Mrs. Bono \nand Mr. Towns, and finally I would like to recognize my \ncolleague, the chairman, Mr. Dingell, and Ms. Schakowsky, who \nwas the ranking member when I was the chairman, for her hard \nefforts in this area too.\n    With that, Mr. Chairman, I look forward to the hearing.\n    Mr. Rush. Thank you.\n    The committee recognizes the fine gentlewoman from \nIllinois, Ms. Schakowsky.\n\n OPENING STATEMENT OF HON. JAN SCHAKOWSKY, A REPRESENTATIVE IN \n              CONGRESS FROM THE STATE OF ILLINOIS\n\n    Ms. Schakowsky. Thank you, Chairman Rush, for holding \ntoday's hearing on H.R. 964, the Spy Act.\n    The proliferation of spyware, covertly installed software \nthat can snatch personal information, has made it necessary \nthat we pass this legislation. And while I am proud to be an \noriginal cosponsor of the Spy Act, I hope this is the last time \nthat I say that.\n    Our committee wanted to be proactive on this issue; we \nwere. I was very proud to work with Mr. Towns and Mrs. Bono and \nMr. Stearns and the chairman at the time, Mr. Barton, and Mr. \nDingell. We did our work. We got it out of the subcommittee, \nthe committee and the House. And when we first started working \non this issue 4 years ago, spyware was not a household word; it \nis now. People used to be baffled when they found that their \nWeb page settings changed or when their computers became \nsluggish. They would think that the problem was their computer \nor the Internet service provider but now the suspect is \nspyware.\n    Spyware is a nationwide problem that affects millions of \ncomputers from large financial institution servers to home \ncomputers. America Online has put occurrences of spyware as \nhigh as 80 percent among households with broadband. As \nbroadband becomes more popular in American households, we can \nonly assume spyware will continue to affect our home computers \nuntil we give the Federal Trade Commission all the authority it \nneeds to shut down spyware purveyors.\n    Again, spyware is much more than little annoyances such as \nslow computers and unwanted popup ads. Those are just symptoms \nof the real trouble spyware can cause. The spyware is so \nresourceful that it can snatch personal information from \ncomputer hard drives, track every Web site visited and log \nevery keystroke entered. Spyware is a serious threat to \nconsumer privacy and a powerful tool for identity theft, the \nfastest-growing financial crime. With all the current threats \nto our country, our homes and our wallets, our computers should \nnot have another worry.\n    Although we don't want to stop legitimate uses of the \nsoftware, underlying spyware such as allowing easy access to \nonline newspapers, we do want consumers to have control of \ntheir computers and personal information. We have passed this \nbill with overwhelming bipartisan support in the past two \nCongresses and I hope this is the Congress that will get the \nbill signed into law.\n    So I thank you, Mr. Chairman.\n    Mr. Rush. Thank you.\n    Now the committee will recognize the ranking member of the \nfull committee, Mr. Barton of Texas, for 5 minutes.\n\n   OPENING STATEMENT OF HON. JOE BARTON, A REPRESENTATIVE IN \n                CONGRESS FROM THE STATE OF TEXAS\n\n    Mr. Barton. Thank you, Mr. Chairman. I appreciate the \ncourtesy. I was just downstairs in the Energy and Air Quality \nSubcommittee in one of our hearings on climate change and \nrushed up here, so I appreciate the courtesy of being allowed \nto speak as soon as I get here.\n    Thank you for holding the hearing on the Spy Act and making \nit a priority. As everyone knows, this is round 3. The \ncommittee sent the Spy Act to the floor by unanimous vote in \nthe last Congress and a nearly unanimous vote in the Congress \nprior to that. The House likewise passed the legislation by a \nnearly unanimous vote in the last two Congresses. We are here \ntoday because the Senate has twice failed in the last \nCongresses to act on this bill for reasons that are absolutely \na mystery to me.\n    This legislation ought to be an automatic-passage bill. It \nis a key component to solving the problem of Internet spying, \nand protecting our constituents from invasions of their \nprivacy. The bill not only receives broad bipartisan support in \nthis institution but many of the big technology players also \nsupport the Spy Act: Yahoo, eBay, AOL Time Warner, Dell, \nMicrosoft, EarthLink, the U.S. Telecom Association, just to \nname a few. We have differences of opinion on the issue of \nnetwork neutrality, for example, among some of these folks. On \nthis issue, there is 100 percent unanimity.\n    The reason for the support is evident. Internet spying is \nmore than just an annoyance and more than an invasion of \nconsumers' privacy. It also poses the very real danger of \nidentity theft. Furthermore, spyware often proves dangerous to \nthe consumer's physical property, their personal computers. The \nscariest part of spyware is that you can have an unwanted, \nunnoticed program on your computer that captures and reports \nyour keystrokes. What is at stake is a treasure chest of your \nlife's financial secrets, your Social Security number, your \nbank account number, your credit card number and all kinds of \npersonal passwords. Many consumers don't even know that this is \npossible, much less that these applications are alive on their \ncomputers right now, and as easy as it was to acquire a batch \nof spyware, sometimes it is almost impossible to get rid of it \nbecause of deceptive or nonexistent instructions for \nuninstalling these applications. You can pick up a batch of \nspyware by a click of a mouse but you may need the help of a \ncomputer expert and all day to get rid of it.\n    Industry groups have taken strong steps, luckily, towards \ncombating the dangers of spyware. However, it will take a mix \nof technology, consumer awareness, industry best practices, \nconsumer education, strong enforcement of existing law and I \nthink new law to effectively fight spyware.\n    The bill before us does that. It places strong enforcement \ntools in the FTC's toolbox. It provides stiff penalties to hold \nvarious actors accountable for their action. It still balances \nthe interests that are legitimate business interests of the \nbill.\n    I could go on and on but let me simply say that this has \nbeen a bipartisan effort on our committee. Congresswoman Bono, \nCongressman Towns, Congressman Stearns, Congresswoman Jan \nSchakowsky as well as Chairman Dingell and myself have worked \ndiligently to bring this legislation to the floor. And now with \nyour efforts, Mr. Chairman, I am sure that we will finally get \nit across the finish line and get it through the Senate too. It \njust takes somebody from Chicago to get it done.\n    With that, Mr. Chairman, I yield back the balance of my \ntime.\n    Mr. Rush. What else do you want?\n    The gentle lady from Oregon, Ms. Hooley, is recognized for \n5 minutes.\n\n OPENING STATEMENT OF HON. DARLENE HOOLEY, A REPRESENTATIVE IN \n               CONGRESS FROM THE STATE OF OREGON\n\n    Ms. Hooley. Thank you, Mr. Chairman, and I am thankful to \nall of the witnesses for being here today and your testimony on \nthis issue.\n    Although I am new to the Energy and Commerce Committee and \nthis subcommittee, I have been involved for the last 8 years \nwith fraud prevention efforts. I am pleased to join this \nsubcommittee and have the opportunity to address these \nimportant issues as they relate to commerce. I commend my \ncolleagues for taking up this issue of spyware, not only this \nCongress but for the last two Congresses, and I, like the chair \nand ranking member, hope this legislation can finally get all \nthe way through and become law.\n    Software that is installed without your consent to monitor \nor control your computer, known as spyware, threatens the \nsecurity of our personal information and private transactions. \nIt threatens commerce on the Internet and consumers' confidence \nof Web purchases and pollutes computers to the point they no \nlonger function. Despite the efforts of FTC, which has \ncompleted 11 spyware enforcement cases, and the passage of the \nSafe Web Act, more needs to be done and I think this \nlegislation is the answer. I do, however, have some concerns \nwith regard to the lack of an exemption for fraud detection \nsoftware. As I understand it, fraud detection software that is \nused to make consumers safer and helps protect them from \nfraudulent activity might be curtailed by this legislation. I \nhope we can look at this issue before markup.\n    Again, I applaud this subcommittee for their diligent work \non spyware and look forward to working with all of you and \npassing this piece of legislation.\n    Thank you, and I yield back.\n    Mr. Rush. Thank you.\n    The gentleman from Nebraska, Mr. Terry, is recognized for 5 \nminutes.\n    Mr. Terry. I pass.\n    Mr. Rush. The gentleman from Utah is recognized for 5 \nminutes.\n    Mr. Matheson. I will waive.\n    Mr. Rush. The gentleman from New York, the coauthor of the \nbill, Mr. Towns, is recognized for 5 minutes.\n\n OPENING STATEMENT OF HON. EDOLPHUS TOWNS, A REPRESENTATIVE IN \n              CONGRESS FROM THE STATE OF NEW YORK\n\n    Mr. Towns. Thank you very much, Mr. Chairman. I want you to \nknow that I feel very confident and comfortable that this is \ngoing to make it all the way with you in the chair and of \ncourse seeing Mr. Morgan down from New York and I know that we \nare going to finish this thing off this time, no doubt about \nit.\n    I also want to thank you for holding this important hearing \ntoday on H.R. 964, the Spy Act, and for your strong commitment \nto protecting consumers' privacy on the Internet. As the \nprimary Democratic sponsor, I have been proud to work with \nCongresswoman Mary Bono. Her tireless efforts on this issue \nhave been unmatched, and I want to thank her for her dedication \nand commitment to this issue.\n    We passed this bill out of committee a few times already so \nperhaps the third time will be a charm. That is why it is \nimportant to hold this hearing. We want to make sure to get it \nright.\n    Spyware continues to be a nuisance to many of our \nconstituents, even as new and innovative Internet business \nmodels have sprung up. There is still some debate about the \napproach Congress should take to protect consumers from these \nharmful programs. One computer manufacturer has said that \nproblems related to spyware cause most of their customer \ncomplaints. Another company said that spyware accounts for \nabout 50 percent of all tech support calls. Although hard to \nquantify, this is adding hundreds of millions of dollars in \ncosts for companies.\n    More importantly, spyware programs can invade consumer \nprivacy by recording and transmitting personal information, \nmonitoring the Web sites you visit or even stealing documents \nfrom our computers. Other programs hijack your computer, \nforcing you to click through multiple screens until you \ndownload a program. Finally, all of these programs impair the \nfunctionality of a consumer's computer, often slowing its \noperation to a grinding halt.\n    Although the problem seems clear, the solution is far from \nit. Technology changes at a tremendous rate, often making \nlegislation outdated. Additionally, some computer programs \nwhich serve legitimate functions such as scanning your system \nfor problems or security breaches or customizing our browser or \nadvertising experience could be classified as spyware if we do \nnot legislate carefully. It seems to me that a key issue is \nnotice. Consumers must get meaningful and accurate notice \nbefore they make a decision to download programs that could \nharm their computers. The FTC should be prosecuting companies \nthat do not provide notice or that provide deceptive notice. \nCertainly the egregious violators can be prosecuted under \nexisting statutes and the FTC has taken steps in this regard, \npossibly in reaction to our continued interest in this \nlegislation.\n    Finally, let me conclude by saluting my colleagues, first \nCongresswoman Bono for her legislation and leadership on this \nissue, and of course, let me thank Ranking Member Barton of the \nfull committee and of course former Chairman Stearns and of \ncourse former Ranking Member Schakowsky and also Mr. Dingell, \nwho is the chairman of the full committee. I want to thank all \nof you for your work and I know that at the end of the day we \nare going to get this done, so thank you very much, Mr. \nChairman.\n    Mr. Rush. Thank you. Before we hear the best that we have \nfor today, I want to just bring to the attention of Ms. Hooley, \non page 19, line 3, there are provisions here for the detection \nor prevention of fraudulent activities.\n    Ms. Hooley. OK. What line is it, Mr. Chairman?\n    Mr. Rush. Page 19, line 3.\n    Ms. Hooley. Line 3?\n    Mr. Rush. Right.\n    Now I have to personally apologize to the next speaker, a \nfine member of this subcommittee. Mrs. Bono, I want you to know \nthat we are indeed saving the best for the last, so you are \nrecognized now for 5 minutes.\n\n   OPENING STATEMENT OF HON. MARY BONO, A REPRESENTATIVE IN \n             CONGRESS FROM THE STATE OF CALIFORNIA\n\n    Mrs. Bono. Thank you, Mr. Chairman, and I just want to \nmention to my colleague, Mr. Towns, whom I have known for many \nyears, that you reminded me of one of my favorite stories that \nI ran into Bono in an elevator when I was with my late husband, \nSonny Bono, and the two of them had an argument over how to \npronounce the name, but Sonny won with ``Bono''. That is one of \nmy favorite stories and we love to laugh about that.\n    I want to begin by thanking Chairman Rush and Ranking \nMember Stearns, again, my colleague, Ed Towns, Ms. Schakowsky \nand the long list of staff who have worked so hard, especially \nDavid Cavicke. They have worked so hard for many years in \ncrafting the Spy Act. I would also like to thank full committee \nChairman Dingell and Ranking Member Barton for their leadership \nand support throughout the past three Congresses. Without their \ncommitment to addressing the problem of spyware, this bill \nwould not be the bipartisan lovefest piece of legislation it is \ntoday. In the 108th Congress, I introduced H.R. 2929, the \nSafeguard Against Privacy Invasions Act. That bill passed the \nHouse by a vote of 399 to 1. In the 109th Congress, I \nreintroduced my spyware bill as H.R. 29, the Securely Protect \nYourself Against Spyware Act, or Spy Act, and you don't know \nhow that delights staff to come up with such clever acronyms. \nBut just as it did in the 108th Congress, my bill passed the \nHouse by a large margin of 393 to 4.\n    I remain a strong proponent of spyware legislation because \nof my belief that our constituents deserve adequate protections \nwhen they are online. This means that the computer user should \nbe able to maintain control over his or her computer and the \ninformation they store on it. The Spy Act prohibits perverse \nbehavior such as keystroke logging and drive-by downloads. \nMoreover, it establishes a simple notice regime so that \ncomputer users can make informed decisions regarding the \nprograms they wish to put on their computers. Simply stated, \nthis bill works to restore privacy on the personal computer, \nwhich has become the control center for our business \ntransactions as well as our personal interactions.\n    There was a time when the Internet was an occasional tool. \nHowever, today the Internet is used by most on a daily basis \nfor practically everything. For this reason, it is crucial that \ncomputer users can securely carry out their lives on the \nInternet without fear that an unknown party may gain access to \nsensitive information. It is my firm belief that the Spy Act \ndoes this while at the same time preventing negative impacts to \nlegitimate industry and the overall integrity of the Internet.\n    I look forward to listening to the testimony from our panel \ntoday and I am sure that we all agree that spyware is a problem \nthat could undermine the Internet's integrity and needs to be \naddressed.\n    I would once again like to thank the committee for its \nsupport. I would like to urge my colleagues to support H.R. \n964, the Towns-Bono Spy Act.\n    Again, thank you very much, Mr. Chairman. I yield back my \ntime.\n    Mr. Rush. Now we will hear from our fine array of \nwitnesses. We certainly want to thank you for taking your time \nout from your busy schedule to testify before this subcommittee \non this very important matter. I will introduce you \nindividually and we will ask that you restrict your comments, \nplease, to 5 minutes, and then be available for questioning.\n    Our first witness today is Mr. Ari Schwartz. He is the \ndeputy director of the Center for Democracy and Technology, \nCDT. CDT is a nonprofit public-interest organization devoted to \npromoting privacy, civil liberties and democratic values online \nthrough legislative, regulatory, self-regulatory and public \neducation efforts. In this capacity, they have been a vocal \nsupporter of comprehensive privacy legislation and further \nsupport the goals of H.R. 964, the Spy Act.\n    Mr. Schwartz, you are recognized for 5 minutes.\n\n    STATEMENT OF ARI SCHWARTZ, DEPUTY DIRECTOR, CENTER FOR \n                     DEMOCRACY & TECHNOLOGY\n\n    Mr. Schwartz. Chairman Rush, Ranking Member Stearns, \nmembers of the committee, thank you for holding this public \nhearing today on the Spy Act and for inviting me to \nparticipate.\n    This committee has consistently followed the spyware issue \nover the past 4 years and CDT is pleased to see this much-\nneeded attention continue.\n    I come back to the committee today to offer good news and \nbad news on the spyware issue. First the bad news. As predicted \nby members of this committee in the past, spyware has \nunquestionably become one of the most serious threats to the \nInternet's future. Consumer Reports magazine estimates that \nconsumers lost $2.6 billion to spyware alone last year, and one \nin eight consumers have spyware on their computer and according \nto the magazine, about 1 million consumers had to throw away \ntheir computer because they were so riddled with spyware.\n    On the other side, in terms of good news, there are new \nindications that the combination of law enforcement, anti-\nspyware technology, industry self-regulation, consumer \neducation, legislative efforts and increased responsibility on \nthe part of advertisers are beginning to impact the marketplace \nthat had allowed spyware to flourish.\n    On the law enforcement front, spyware actions at both the \nFederal and State level have increased dramatically over the \npast 2 years. The FTC has now successfully prosecuted 11 cases, \nwhich we detailed in our written testimony. Based on the \nexperiences of these cases, it is now clear that the Commission \ndesperately needs increased civil penalty authority in order to \nbe comprehensively effective. The Spy Act, H.R. 964, provides \nsuch authority.\n    Spyware enforcement has also been developing at the State \nlevel with 10 cases across four States so far. Although H.R. \n964 safeguards State-level enforcement under consumer \nprotection statutes, it does not explicitly preserve the \nability for State attorneys general to bring civil actions \nunder statutory provisions specific to spyware. With so much \nenforcement work now occurring at the State level, we feel it \nis important to safeguard the role of the State attorney \ngeneral by empowering them to help enforce Federal law.\n    On a final note, I would like to stress that the Center for \nDemocracy & Technology still strongly believes that the real \nlong-term solution to spyware and other privacy issues in front \nof this committee will require baseline consumer privacy \nlegislation based on fair information practices. General \nprivacy legislation would provide businesses with guidance as \nthey deploy new technologies and business models that involve \nthe collection of information and it would give consumers some \nmeasure of confidence that their privacy is being protected as \ncompanies roll out these new ventures. If we do not begin to \naddress privacy issues more comprehensively, this committee \nwill need to continue to address new emerging privacy threats \nevery few months with new legislation in order to protect \nconsumers in the networked economy.\n    We have seen a number of issues already begin to increase \nwith the most recent including spam, do-not-call lists, search \ninformation, data breaches, use of Social Security numbers, \npretexting and spyware. While we appreciate the committee's \nhard work on all these important issues, we believe that the \nmembers of this committee should join with the 13 companies and \nmultiple consumer groups that have actively supported \ncomprehensive consumer privacy legislation in an attempt to \naddress these issues at the source rather than continue a \npiecemeal approach each time a new privacy threat arises.\n    Thank you for your attention. I look forward to your \nquestions.\n    [The prepared statement of Mr. Schwartz follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    \n    Mr. Rush. Thank you.\n    Our next witness, and Mr. Cerasale, if I mispronounce your \nname, please correct me, is Mr. Jerry Cerasale, a senior vice \npresident of government affairs for the Direct Marketing \nAssociation Incorporated, DMA. DMA represents 3,600 member \ncompanies that are engaged in direct database and interactive \nmarketing and electronic commerce. Last year the association \ndeveloped and adopted standards for software downloads as part \nof its guidelines for ethical business practice. DMA opposes \nthis bill and a broad regulatory approach in general because it \nbelieves that self-regulation coupled with existing FTC \nauthority is working to crack down on harmful spyware.\n    Mr. Cerasale, you are recognized for 5 minutes.\n\nSTATEMENT OF JERRY CERASALE, SENIOR VICE PRESIDENT, GOVERNMENT \n          AFFAIRS, DIRECT MARKETING ASSOCIATION, INC.\n\n    Mr. Cerasale. Thank you very much, Mr. Chairman. With a \nlast name like mine, I respond to anything that comes close. So \nthat is fine. Cerasale is how it is pronounced but Cerasale is \nall right as well. I am not ashamed of my heritage.\n    I do thank you for inviting us here and I would ask that my \nwritten testimony be placed in the record, and I thank you for \nrecognizing DMA, the leading trade association. We have been \naround since 1917 and our members are part of the economy, very \nmuch part of this new e-commerce as they are providers of \nInternet service. They sell goods on the Internet and so forth. \nThis is very important for us.\n    We agree fully with the subcommittee and the committee that \nwe want to try and rid the Internet of spyware. That is really \na goal that I think we should all be working toward, and I want \nto commend this committee especially because you were the \ninstigator. You were the catalyst for moving forward in trying \nto get industry looking at spyware. You were the catalyst to \nDMA in producing our guidelines for spyware, for downloading of \nsoftware on the computers. You were the catalyst for browsers \ntaking any spyware software and putting it in their browser. \nYou are the catalyst for computer manufacturers adding that \nonto computers. You are the catalyst for software providers \ncreating anti-spyware software. And I believe you are the \ncatalyst for the FTC and the States for moving and trying to go \nagainst those bad actors putting on spyware deceptively onto \nconsumers' computers and stealing information, stealing their \ncomputer, slowing it down and forcing those many people who had \nto throw away their computers.\n    We have made progress since you started this investigation. \nIt is not over, and I don't think it will ever be over. As \ntechnology changes, bad actors adapt. They get new technology \nand we are going to have to be ever vigilant as we go forward \nhere. We don't think at the DMA that there is really a magic \nbullet that is an all-purpose answer to everything here, which \nis why we look at going forward with our guidelines because we \ncan change them fairly rapidly and try and adjust to what is \nhappening in the marketplace and try and keep this Internet \nopen for e-commerce.\n    We are really pleased that e-commerce has grown. One of the \ngreat things is as we look at the growth, we have statistics to \nshow it is growing at 24 percent right now. It had been larger \nbut it is continually growing, and one of the great things was \nthat Cyber Monday was larger than Black Friday this holiday \nseason and the gap is going to get larger and larger as e-\ncommerce becomes more and more part of our American experience \nfor the benefit of consumers and the benefit of businesses.\n    As we look at H.R. 964, we support granting the attorneys \ngeneral the opportunity to and the authority to enforce the \nlaw. We think that is a major part of balancing for preemption. \nWe also support the efforts and what is in section 2 of the \nlaw. We think going after the bad actors is really what is \nimportant and strikes the right balance.\n    We have some concerns with section 3 of the bill. We think \nthat the broad definition of software, and we had a very \ndifficult time trying to define software in our guidelines so \nit is not something that is new. A broad definition of software \nwill take into account and cover things that are part of the \nseamless use of the Internet that Americans are used to, that \nprovides advertising-supported contents, there is so much free \ncontent on the Internet and so we think that section 3 probably \ngoes further than we would want. We believe you need \nconspicuous notice, you need choice for the consumer, you need \nan ability to uninstall or at least totally disengage, disable \nany software that is put on your computer. We think there \nshould be a link to the privacy policy of the person putting on \nthe software and the name of the company should be known. We \nthink that strikes the balance for consumer choice plus \nadvertising marketing-supported Internet content which is \navailable free to most Americans.\n    The DMA has a concern with the Good Samaritan provision. We \nare worried that the Good Samaritan provision in the bill could \nbecome a means, an anti-competitive means and so we want to \nmake sure that we look at that and strike that balance and make \nsure that is there. We also think that the monitoring provision \nin 5(b) is a little bit too narrow. That provision for the \nanti-fraud thing looks at certain companies. There are other \ncompanies that do anti-fraud that aren't covered in that \nexemption and we think that they are there.\n    We want to thank you very much for having me here today.\n    [The prepared statement of Mr. Cerasale follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    \n    Mr. Rush. Our next witness is Mr. Dave Morgan. Mr. Morgan \nis the founder and the chairman of TACODA, Incorporated. Mr. \nMorgan will testify on behalf of his company and on behalf of \nthe Interactive Advertising Bureau, which represents more than \n300 leading companies that are responsible for selling more \nthan 86 percent of online advertising. TACODA, which develops \ninnovative technologies for target marketing, says on page 4 of \nits written statement that it supports H.R. 964, the next three \npages detailing its complaints against everything but section \n2.\n    Now we will recognize Mr. Morgan for 5 minutes.\n\n  STATEMENT OF DAVE MORGAN, FOUNDER AND CHAIRMAN, TACODA, INC.\n\n    Mr. Morgan. Thank you. Chairman Rush, Ranking Member \nStearns and members of the subcommittee, thank you very much \nfor inviting me to testify on H.R. 964.\n    I am Dave Morgan, and as you can tell, I am wearing two \nhats here today. One is the founder and chairman of TACODA, \nInc., a New York-based online advertising company, and also as \nthe chairman of the Public Policy Council of the Interactive \nAdvertising Bureau, which is the trade body of basically the \nlargest majority of the online advertising today.\n    Consideration of this legislation in past Congresses has \nbeen an extraordinarily open and bipartisan effort and we \nwelcome the opportunity to participate with the committee and \nthe staff in developing appropriate language that balances \nconsumer protection with fostering continued growth on the \nInternet. It is clear to me and the IAB that this subcommittee \nintends to address the legislation to combat purveyors of \nmalicious software while at the same time not adversely \naffecting legitimate online practices such as those employed at \nTACODA.\n    The consumer experience with respect to spyware and online \nadvertising has improved in the last few years and I would say \nI think the primary driver of that has been this committee's \nfocus on the issue and the clear intent that the bad practices \nand this kind of action will not be tolerated. Second, we have \ncertainly seen significant prosecutions and actions from the \nFederal Trade Commission and we have also seen a lot of \nindustry self-regulatory effort, and as a member of the \nindustry, I can tell you much of that has also been driven from \na reaction from your attention to this issue, and also the \nself-regulation in areas of downloadable software. Given these \ndevelopments and particularly with respect to the broader \nonline advertising industry, we do think that there are issues \naround section 3 where there could be some unintended \nconsequences.\n    A little bit about TACODA. It was created in 2001 as a \ncompany to target online advertising. We deliver billions of \nadvertisements online every day in the pages of major Web sites \nlike the New York Times or Chicago Tribune or Orbitz, not pop-\nup advertising and the protection of consumer privacy and the \nprinciples of relevancy, transparency and freedom of choice \nhave been hallmarks of TACODA's business practices from the \nbeginning. We are a board member of the Network Advertising \nInitiative, the NAI, the Direct Marketing Association and its \ninteractive marketing advisory board.\n    Interactive and online advertising is the primary means of \nfunding a cost-free rich Internet as well as free access to \nunparalleled products and services. Online advertising is \npaying the bills for what people are spending more than 20 \npercent of all of their media consumption today. TACODA and the \nIAB have worked closely with Web sites to develop guidelines to \naddress topics including e-mail, popup ads, lead generation. \nMost people are probably surprised by the impact of online \nadvertising and the fact that it is supporting this content but \nthat is the reality because the vast majority of the content \nonline is free today because advertising has paid for it.\n    We support H.R. 964's efforts to combat spyware. We \nstrongly agree that spyware is bad for consumers, business and \nthe online advertising industry. The bill does not impinge on \ncertain legitimate practices like those of TACODA which make it \nvery easy at TACODA to be supportive of this legislation. But \nthere is always a risk of legislation that governs technology \nand technology practices and that is where there are the areas \nof concern across the broader industry, that there may be some \nunintended consequences of defining technology, and given the \ndramatic advances in combating spyware and the guidance now \navailable from enforcement and self-regulatory initiatives that \ndid not exist at the outset of the last Congress, we believe \nthat certain provisions of the bill are worth re-examining: the \nbroad definitions of computer software and personally \nidentifiable information as well as requirements in connection \nwith the collection of both personal information and non-\npersonal information. In addition, there are new technologies \nthat really weren't even utilized as recently as 2 years ago in \nareas of some certain uses of cookies and java and java script.\n    Additionally, the IAB hopes to ensure that the anti-spyware \nproviders can continue to remove bad software. We recognize the \ngoal of the Good Samaritan provision. However, we would have \nconcerns that with changes that have broadened this language to \ncreate a more extensive immunity provision, that would afford \ncompanies broad discretion to remove legitimate software which \nis often misidentified as spyware.\n    Thank you for considering the views of TACODA and the IAB \non these issues. The success of the Internet has helped fuel \nthis country's economy. We look forward to working together \nwith you. Thank you, Chairman Rush. Thank you, Ranking Member \nStearns. Thank you, members of the subcommittee. I look forward \nto your questions.\n    [The prepared statement of Mr. Morgan follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    Mr. Rush. Thank you, Mr. Morgan.\n    Our next witness is Ms. Fran Maier. Ms. Maier is the \nexecutive director of TRUSTe. TRUSTe is an independent, \nnonprofit organization that helps consumers and businesses \nidentify trustworthy online organizations through its Web \nprivacy seal. The organization is very supportive of H.R. 964, \nwhich establishes many of the same requirements included in \nTRUSTe's Trusted Download Program.\n    Ms. Maier, you are recognized for 5 minutes.\n\n      STATEMENT OF FRAN MAIER, EXECUTIVE DIRECTOR, TRUSTe\n\n    Ms. Maier. Chairman Rush and Ranking Member Stearns and \nmembers of the subcommittee, I am Fran Maier, executive \ndirector and president of TRUSTe. We are, as you said, an \nindependent, nonprofit organization and our mission is to \nadvance privacy and trust for a networked world. We do this by \nserving as a trust authority, bringing together stakeholders \nand developing programs and best practices. Throughout \nprograms, we aim to recognize and reward, elevate better \nindustry players, responsible industry players.\n    I want to thank you for the opportunity to speak to the \ncommittee about industry self-regulation and our insights on \nH.R. 964.\n    First, I would like to talk a little bit about the Trusted \nDownload Program. We have been working on this almost as long \nas you have been working on this bill for over a couple of \nyears because spyware and unwanted software has really eroded \nconsumer trust in the Internet. We developed the Trusted \nDownload Program with a broad range of stakeholders including \nour founding partners, AOL, CNET Networks, Computer \nAssociations, Microsoft, Verizon, Yahoo, and the Center for \nDemocracy and Technology. Our program certifies that \napplications meet requirements for consent, uninstall and \naffiliate control as well as a number of other rigorous \nrequirements. It is designed to bring accountability and \ntransparency to the downloadable consumer market by creating \nmarket incentives for responsible best practices. Our program \nrequirements are rigorous and have been shared with the \ncommittee. I would like to add that our certification program \nincludes complete evaluation and monitoring and we use an \noutside testing lab to make sure that the benefits of \ncertification only go to responsible players.\n    Interestingly, I think our program requirements are tiered \nto take into account the many variations in software \napplications and distribution, so the greater the potential \nharm to a consumer, the stricter the standards for \ncertification. For example, providers of advertising and \ntracking software in our program must take full responsibility \nfor how their software is promoted and distributed. This \nincludes the methods used by affiliates, distributors and \nbundling partners. The first group of nine certified \napplications were announced on our Whitelist on our Web site \nlast month. We are happy to report that we think that the \nTrusted Download Program has already had a big impact for the \nconsumer's benefit. One hundred percent of the companies' \napplications that were certified last month made changes, \nsignificant changes to their disclosure or to some of their \nactivities. We have seen that publishers are reducing the size \nof their affiliate networks in response to the program and the \npress that they have received. CNET's download.com, which is a \nportal where consumers download software, is indicating when \none of our certified applications is certified so that \nconsumers can make that choice when they decide to download \nsome software, and AOL and Yahoo among others are using the \nprogram to make some decisions about who they will partner with \nand advertise with. We believe to improve consumers' \nexperience, we need both the stick of effective regulation \nagainst the bad actors as well as the carrot of market \nincentives to motivate more responsible players.\n    Now, to H.R. 964, the Spyware Act. TRUSTe applauds the \ncommittee's work on the proposed legislation and you should \nknow that your work has informed the development of the \nprogram. Baseline protections for consumers from spyware \ntogether with private sector self-regulatory initiatives such \nas we have will provide tangible relief to consumers. Section \n2, which outlines egregious software behavior, and section 3, \nrequirements for notice, consent and uninstall, are very \nsimilar to the Trusted Download Program. However, we believe \nH.R. 964's effectiveness would be strengthened and its impact \nmagnified by inclusion of a safe harbor for self-regulatory \ncompliance programs modeled on the safe harbor provision of the \nChildren's Online Privacy Protection Act. As part of the Safe \nHarbor, we would want participation in a self-regulatory \nprogram as a factor for the court to consider when determining \npenalties under section 4. A strong safe harbor would further \nincent companies to implement best practices. We believe that \nself-regulatory can complement legislation by going beyond \nlegal requirements, respond quickly to consumer concerns and \nevolve at the fast pace of industry.\n    I would like to conclude by saying that now that the \nTrusted Download Program has been launched, there are no more \nexcuses. Advertisers can't say they can't control how their \nadvertising is presented to consumers. Publishers should know \nwhether their software is lacking adequate consumer controls \nand consent and companies should be able to maintain now that \nthey can see the good software from the bad.\n    Thank you for this opportunity. We respectfully request \nthat you include a safe harbor to encourage adherence to best \npractices.\n    [The prepared statement of Ms. Maier follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    \n    Mr. Rush. Thank you, Ms. Maier.\n    Our next and final witness for this morning's hearing is \nMs. Christine A. Varney from the law firm of Hogan and Hartson \nLLP. She is speaking on behalf of Zango Incorporated. Zango is \nan online media company that provides consumers with proper \nonline media and programming in exchange for their consent to \ndownload adware onto their computers. Previously, as 180 \nSolutions, the company settled FTC charges that it used unfair \nand deceptive practices to install unwanted adware that was \ndeliberately difficult to remove. The settlement disgorged \nZango of $3 million in ill-gotten gains and presently bars the \ncompany from installing any adware software onto a consumer's \ncomputer without his or her explicit consent and an easy means \nof removing it. Zango was lost in the dark and now they see the \nlight. They support H.R. 964 except for section 5(c), the Good \nSamaritan section, which it believes to be anti-competitive and \nsubject to abuse.\n    Ms. Varney, you are recognized for 5 minutes for your \nopening statement.\n\n   STATEMENT OF CHRISTINE A. VARNEY, HOGAN & HARTSON LLP, ON \n                     BEHALF OF ZANGO, INC.\n\n    Ms. Varney. Thank you, Mr. Chairman. I was getting a little \nworried there until you got to the ``see the light'' part.\n    Chairman Rush, Ranking Member Stearns and members of the \nsubcommittee, as the chairman said, I am Christine Varney. I am \nhead of the Internet practice at Hogan and Hartson, and in the \nspirit of full disclosure, I am a founder and past chair and \ncurrent board member of TRUSTe. I am also a former Federal \nTrade commissioner.\n    As the chairman said, I am appearing here today on behalf \nof my client Zango and Zango appreciates the opportunity to \nshare its support for 964 and join the chorus of support that \nyou are hearing for the bill. Just a moment about Zango and \nthen we will talk just for a few moments about the specific \nprovisions of the bill.\n    Zango provides consumers with access to a large and \nexpanding catalog of more than 100,000 pieces of Web content \nincluding online video, games, music tools and utilities. Much \nlike television, this content is funded by advertising and \navailable to consumers without charge. Twenty million consumers \nhave chosen to enjoy this content and tens of thousands of \nconsumers elect to download Zango software every day. At the \nsame time, this business model offers smaller content providers \nand Web publishers the opportunity to monetize their creations \nand their online traffic by delivering to advertisers a \nreceptive consumer when that consumer is most likely to be \nmaking an online purchasing decision. The company has more than \n3,000 advertising partners. Zango's desktop advertising model \ndiffers from other marketing applications in several respects. \nFirst and foremost, Zango's pre-download notice and consent \nprocess will meet the requirements of H.R. 964 as does its \nuninstall and labeling features. Second, Zango does not track \nor collect any user's personally identifiable information. In \nshort, Zango is not spying on anyone. Third, instead of merely \nproviding links in response to a search query or distracting \nthe user with multiple click-throughs, Zango delivers an \nadvertiser's specific Web page in response to the consumer's \nsearch for a related product or service. This gives the \nconsumer the benefit of comparative offers on the Web at the \ntime the consumer is looking to acquire something.\n    Although, as I have emphasized, Zango is not spyware, the \ncompany long ago recognized that its success and ultimately the \nsuccess of its business model was dependent upon Internet users \nunderstanding and trusting its value proposition and upon a \nlevel regulatory playing field for all online advertisers. \nThus, Zango has supported congressional action in this area \nsince the 108th Congress when it endorsed the bill reported by \nthis committee. As with that bill, H.R. 964's greatest strength \nis its recognition that conduct and intentions underlying \ndifferent forms of downloadable software require different \napproaches.\n    Zango supports section 2 and 3 of the bill which \nappropriately and carefully distinguish between software \nfunctions that are per se unacceptable versus those for which \nconsumer choice and consumer benefits are preserved with \nappropriate consumer protection. Zango also commends the \nauthors of the bill for continuing to include the preemption \nprovisions of section 6 and the tracking cookie study in \nsection 8.\n    We are concerned, however, about subsection 5(c), which has \nbeen described as a liability exception for the so-called Good \nSamaritans. This provision unnecessarily restricts the FTC's \nability to pursue enforcement action against those parties the \nFTC believes warrant it. Equally important, the presence of \nsuch an immunity provision in the bill opens the door wide to \njudicial application and expansion of the concept in private \nlitigation between commercial parties. Some companies selling \nscanning applications to consumers compete by issuing \ninflammatory warnings designed to frighten consumers about \nsoftware lurking on their computers. It will not be long before \npurported congressional policy protecting Good Samaritans is \ncited as a legal basis for defending against or dismissing a \ncivil claim brought by a software provider against one of these \napplications or even a claim brought by one of these \napplications against another. There is no compelling reason in \nthis instance to alter the standard that commercial disputes \nbetween commercial parties should be settled commercially or \nshort of that, in the courts in private litigation. The conduct \nof commercial parties should not be exempted from the FTC \nenforcement authority merely due to the alleged nature of the \nparticular product or service being sold. Zango respectfully \nurges the committee to delete subsection 5(c).\n    All participants in the online advertising industry should \nembrace and implement the standards set forth in section 3 of \nH.R. 964, as Zango has, but unfortunately, not all will. Too \nmany in fact will not until they are compelled to do so. As the \ndesktop advertising industry evolves, Zango will continue to \nstrengthen its business practices and enhance its technology to \nmake the online economy increasingly valuable by enabling \nconsumers, advertisers, publishers and content providers to \nseamlessly work together. With the one modification suggested, \nH.R. 964 is fully supported by Zango and we urge its enactment.\n    I have submitted longer written remarks for the record, and \nI look forward to your questions.\n    [The prepared statement of Ms. Varney follows:]\n\n<GRAPHICS NOT AVAILABLE IN TIFF FORMAT>\n\n    \n    Mr. Rush. Thank you very much.\n    The chair recognizes himself for 5 minutes of questioning. \nI am going to ask a series of questions of this entire panel \nand I ask you in the interest of time, I only have 5 minutes, \nthat you do not filibuster, just answer the question with a yes \nor no answer. I will give you ample opportunity if I have time \nremaining to expand on your answers after we have gone through \nthis entire series.\n    So I want to start with Mr. Schwartz. Mr. Schwartz, do you \nsupport H.R. 964?\n    Mr. Cerasale. Not as written.\n    Mr. Rush. Mr. Morgan?\n    Mr. Morgan. On behalf of TACODA, we support the bill.\n    Mr. Rush. Ms. Maier?\n    Ms. Maier. Yes.\n    Mr. Rush. Ms. Varney?\n    Ms. Varney. Yes.\n    Mr. Rush. Next question. Do you believe that consumers \nshould be protected from the dangers of significant economic \nlosses inherent in spyware programs, and if your answer is yes, \ndo you support section 2 of the bill?\n    Mr. Schwartz?\n    Mr. Schwartz. Yes, and yes.\n    Mr. Rush. Mr. Cerasale?\n    Mr. Cerasale. Yes to both.\n    Mr. Rush. Mr. Morgan?\n    Mr. Morgan. Yes to both.\n    Ms. Maier. Absolutely.\n    Ms. Varney. Yes to both.\n    Mr. Rush. Do you believe that consumers should receive \nclear and conspicuous notice of advertising and tracking \nsoftware, especially programs that collect personal information \non consumers, Mr. Schwartz?\n    Mr. Schwartz. Yes.\n    Mr. Cerasale. Yes, Mr. Chairman.\n    Mr. Morgan. Yes, Mr. Chairman.\n    Ms. Maier. Yes.\n    Ms. Varney. Yes.\n    Mr. Rush. I am tempted to start from this end but I am \nwinning starting from that end so I think I am going to keep on \ngoing. I am not going to change.\n    Do you believe that consumers should be provided the right \nto consent to such intrusive applications on their computers?\n    Mr. Schwartz. Yes.\n    Mr. Cerasale. No, we believe in consumer choice, not \nnecessarily one size fits all.\n    Mr. Morgan. On behalf of the IAB, we believe that one size \ndoes not fit all.\n    Mr. Rush. So what is your answer?\n    Mr. Morgan. My answer would be no, not broadly.\n    Ms. Maier. Yes.\n    Ms. Varney. Yes.\n    Mr. Rush. I am going to start at this end now.\n    Ms. Varney, do you believe that such programs should \nprovide consumers with a simple installation procedure?\n    Ms. Varney. And simple uninstallation, yes.\n    Ms. Maier. Agree with that, yes.\n    Mr. Morgan. Yes.\n    Mr. Cerasale. Yes, it should be if they can't fully \nuninstall, it should be at least totally disabled.\n    Mr. Schwartz. Yes.\n    Mr. Rush. Ms. Varney, do you support section 3 of the bill?\n    Ms. Varney. Yes.\n    Ms. Maier. Yes.\n    Mr. Morgan. And as I said before, yes, TACODA is supportive \nof the entire bill. On behalf of the online advertising \nindustry, we would like a few parts of section 3 re-examined.\n    Mr. Rush. Mr. Cerasale?\n    Mr. Cerasale. Section 3, not totally as written.\n    Mr. Schwartz. We support the goals of section 3. We have \nsome comments in our written testimony regarding some of the \ndetails.\n    Mr. Rush. Ms. Varney, do you believe that the Congress \nshould provide a single, coherent, pro-competitive regime for \nconsumer protection in this area rather than a patchwork quilt \nof different State laws?\n    Ms. Varney. Yes, I do, Chairman.\n    Ms. Maier. Yes, I do.\n    Mr. Morgan. Yes, I do.\n    Mr. Cerasale. Yes, we support preemption.\n    Mr. Schwartz. In general, yes.\n    Mr. Rush. Mr. Schwartz, I have a few moments.\n    Mr. Schwartz. I would say that we would like the States to \nbe able to act under the Federal bill though. I understand that \nthat raises some jurisdictional questions but we hope that that \ncan be addressed on the floor that attorneys general will be \nable to act under this bill as a Federal bill.\n    Mr. Rush. We have had some earlier commentary on the Good \nSamaritan provision. Is there anybody else that would like to \nadd some other commentary on the Good Samaritan provision?\n    Mr. Schwartz. I will make a statement about the Good \nSamaritan provision. I think that the goals of the Good \nSamaritan provision are good ones. The goals seem to be to \npromote anti-spyware software. Really, the first line of \ndefense for a consumer today is anti-spyware software and we \nhave seen that it has had a major effect, positive effect on \nthe issue. I have worked with the anti-spyware coalition, with \nanti-spyware groups and with privacy groups and public interest \ngroups, working together to build best practices and standards \nfor how anti-spyware companies work. We think that we have come \nup with a good set of best practices, putting out more actually \njust today that have gone through an extensive public comment \nperiod.\n    I question the concern over the provision, more because I \ndon't think it is going to be effective in doing what the goals \nintend it to do. The goal is, as I said, to promote anti-\nspyware software but it really only protects anti-spyware \nsoftware from the provisions, from the penalties in the bill \nand not from things that an anti-spyware company is most likely \nto be sued over, defamation, for example, or raising concerns \nabout software. There are no penalties in this bill that go \nafter anti-spyware software in that way so I question how \neffective it is going to be, but the concerns that have been \nraised here I don't see as really getting at the main problem \nwith the provision.\n    Mr. Rush. My time has expired.\n    Now I will recognize the ranking member, Mr. Stearns.\n    Mr. Stearns. Thank you, Mr. Chairman.\n    Mr. Schwartz, you mentioned in your opening statement that \nsometimes it is so difficult to get rid of the spyware that you \nhave to throw away your computer and there is not really a \nprogram out there that can just sweep through and get rid of \nthe spyware?\n    Mr. Schwartz. We have seen a real increase in the ability \nof these programs to embed themselves in computers.\n    Mr. Stearns. So it is almost impossible to get rid of them?\n    Mr. Schwartz. In many cases, if they have something that is \ncalled a root kit, it can be imbedded into the operating \nsystem, so when you are looking for the program, you ask the \noperating system, the operating system basically tells you this \nprogram isn't there because the question goes to the operating \nsystem and the root kit basically tells the operating system--\nand this is a very simplistic version of what happens but----\n    Mr. Stearns. With that in mind, I ask the staff, there are \nonly four States in the United States that have actually passed \nspyware: New York, Texas, California and Washington. Utah tried \nto do it and the courts threw it out. What was the reason why \nthe courts threw it out? Does anyone in the panel know?\n    Mr. Schwartz. It was a different kind of a spyware bill. It \nreally tried to focus on copyright provisions, intellectual \nproperty of ads showing up over the other ads, the place where \nthe consumer was trying to go instead of at the deceptive \npractices that this bill and that most of the other bills have \ngone after.\n    Mr. Stearns. Ms. Maier, some critics have suggested that \nthe online environment has changed with new software, new \nprogramming so that this legislation really perhaps is not \nneeded, and maybe, Mr. Schwartz, you can help me too. Do you \nthink that it is possible that it would be accurate that--there \nare some software companies that are not in favor of this bill. \nSome of them are concerned because we have a study on cookies \nand others are concerned, say well, just let the software \nhandle it. What is your opinion in terms of software being able \nto prevent software from coming in and that would take of the \nproblem, we don't need legislation?\n    Ms. Maier. Sir, there is always the good players and the \nbad players and I think the good players can look to self-\nregulatory efforts, to look to best practices and----\n    Mr. Stearns. So there is no software out there that would \nprevent the bad players from getting into the computer?\n    Ms. Maier. I don't think there is a perfect solution. I \nthink it really is a partnership between legislation, \ntechnology, self-regulatory and other efforts, and so I see \nlegislation as necessary.\n    Mr. Stearns. Does the rest of the panel agree with that, \nthat there is no software out there that at least would cover \n90 percent of the spyware?\n    Mr. Schwartz. That is correct.\n    Mr. Cerasale. That is correct. As a matter of fact, if \nthere were one tomorrow, it might not be effective as \ntechnology is constantly changing.\n    Mr. Stearns. So as much as technology is moving forward for \nsoftware, bad guys can find another way?\n    Mr. Cerasale. Absolutely. They may be more technologically \nadvanced the more people are trying to stop them.\n    Mr. Morgan. Yes, I would agree with that. I mean, it is \nabsolutely impossible for technology to be a silver bullet \nhere.\n    Mr. Stearns. Ms. Varney?\n    Ms. Varney. I agree with that.\n    Mr. Stearns. OK. The next question is, it appears that \nsection 3 of this bill is the area that a lot of people are \nconcerned about. I guess for the panel, are cookies used for \nthe purpose of serving advertisements? Should cookies be \ntreated differently than spyware that does not use personally \nidentifiable information to serve advertisements?\n    Mr. Schwartz, would you start?\n    Mr. Schwartz. Cookies are a somewhat complex issue but I do \nthink that they should be treated differently than software.\n    Mr. Cerasale. Cookies are so much embedded in how the \nInternet works. It clearly is a different animal. Cookies and \nsimilar-type technologies are different from a software \ndownload.\n    Mr. Stearns. OK. Mr. Morgan?\n    Mr. Morgan. Yes, cookies and what I would call relatively \npassive technologies are very different than the kind of \ninvasive software that has been used with the computer \nprograms. I think the issues that people have around section 3 \nare, it is really hard to figure out the wording of how you can \nget between that passive and active from a practical \nstandpoint.\n    Mr. Stearns. Mr. Morgan, when this got out of our \ncommittee, they put in this study on cookies, and I cautioned \nthem, I said that was going to create a lot of concern and \nangst in the industry because once you have a study on cookies, \nthe study might come out, you never know where it is going to \ngo and everybody has these cookies. Do you think cookies by \nthemselves are innocuous and----\n    Mr. Morgan. I think they are largely innocuous but I \nactually think that the study is a fine idea. I think that this \nis one of those examples, as they say, that sunshine is the \nbest antiseptic. If there are problems, I don't think anything \nis hurt by having attention brought.\n    Mr. Stearns. Ms. Maier, and you might also point out, \nanswer the first question, but the second intuitively is this \nstudy on cookies, is that necessary?\n    Ms. Maier. First of all, I think that cookies are outside \nthe scope of what we call software or downloadable applications \nin our program. A study on cookies I think is a great idea. I \nthink there are a lot of things going on. Our Web cell program \nrequires consumers to know about other cookies and other \ntracking software so if there is a study on cookies, I hope it \nwould be including other----\n    Mr. Stearns. Is it possible cookies could replicate the \nsoftware once they are in the computer?\n    Ms. Maier. What it is technically possible continues to \namaze me but I don't think that is----\n    Mr. Stearns. Do cookies track and do the same thing that \nspyware does in another way that could be considered harmful?\n    Ms. Maier. Not generally.\n    Mr. Stearns. Mr. Schwartz, do you want to answer that?\n    Mr. Schwartz. Cookies basically give an ID number from a \nparticular Web site and they can be used--the uses of them have \nchanged over time and--but there are more harmful pieces of ID \ntracking that have come up over time so it is kind of--there \nhas been a change in that. I do think that a study would be \nhelpful at getting at how they are being used.\n    Mr. Stearns. Ms. Varney, let me just close. My time is \nrunning out. If you don't mind just answering the question.\n    Ms. Varney. Sure. I think the study is a terrific idea. I \nthink the tension around section 3 is on two levels. Cookies, \njava script, HTML, all devices used in the seamless delivery of \ncontent that consumers want today on the Internet can be \nabused, and the question is, where does this bill land on those \ntype of seamless technologies.\n    I think there is another tension maybe unspoken in public. \nYahoo, Google, AOL all have toolbars and those toolbars \nabsolutely collect information and deliver advertising. \nCurrently, those companies give you great notice and get great \nconsent inside their master agreement. They don't pull it out \nseparately. I think there is a question about whether or not \nthey should and whether or not that bill requires them too.\n    Mr. Stearns. Thank you, Mr. Chairman.\n    Mr. Rush. Ms. Schakowsky is recognized for 5 minutes.\n    Ms. Schakowsky. Mr. Schwartz, you frequently talk about \nbaseline privacy legislation and I wondered if you could \ndescribe for us what you would envision for such a bill and \nalso because you mentioned--I can't remember if you said it but \nin your written testimony there are some downsides to not \nhaving a more comprehensive piece of legislation in dealing, \nfor example, with spyware alone. So I wonder if----\n    Mr. Schwartz. Let me start with the problems and then move \nto what we would like to see. Some of the problems that we see, \nyou have different--we start coming up with these different \nprivacy bills in all of these areas, I mentioned seven in my \ntestimony, but for those of you who have been on this \nsubcommittee know, there are dozens, literally dozens of \nprivacy issues that have come before this subcommittee over the \npast 10 years or so, as we start coming up with different \nstandards for different types of information, it becomes harder \nfor consumers to know what the particular standard is for that \ntype of information. If we don't have a safety net there, and \nthere are some areas that still fall outside of that so a new \ntechnology arises and you have to create a new standard for \nthat new technology. You have to compare it to all these other \ndiffering standards, go through this whole process again. We \nthink that it makes more sense to come up with really a \nbaseline safety net kind of standard where we know that if \nsomething falls out of it, at least it is covered by this new \nstandard of where personal information is being directly \ncollected, and we would like to see something that covers the \nfair information practices. I think that the Federal Trade \nCommission, actually started by the work of Commissioner Varney \nat the end of the table over there, has at one point back in \nthe 1990's endorsed privacy legislation. We thought that that \nwas an excellent starting point: notice, choice and consent, \ndepending on the situation, access and security and enforcement \nas a great starting point to look at to getting at these \nissues. We feel there have been a number of bills over the \nyears that have started us down that path. We now have 13 \ncompanies that testified in front of the, I think it was the \nfull committee, last year in support of looking at general \nprivacy legislation. We think consumer groups are behind it. \nThere is momentum now we think to get at this issue so that we \ndon't have these kind of different standards across different \nkinds of industry, across different kinds of technology.\n    Ms. Schakowsky. I would really like to hear from other \npanelists on their view of having a comprehensive baseline \nbill.\n    Mr. Cerasale?\n    Mr. Cerasale. Yes. Well, DMA does not have a set position \non an overall comprehensive privacy bill. We want to be open \nand talk and discuss it. There are an awful lot of privacy laws \nin the United States and how they do come together and so forth \nand what information is covered and not covered. An overall \nprivacy bill could in fact really create the different \nstandards that financial information is treated one way whereas \nas marketing information another that may be more restrictive \nand so it is a very complicated issue and we have an awful lot \nof guidelines. It is not just DMA but OPA and others have \nguidelines that companies like Yahoo, AOL and Google follow \nwith notice and choice and I think that right at the moment you \nhave in the United States a series of laws and guidelines as \nindustry works together that seems to work. One of the problems \nwith an overall bill is that technology is changing so quickly, \nit makes it very difficult as we see, for example, the \ncomputer----\n    Ms. Schakowsky. I am going to have to stop you because I \nwant others to speak. But it is also a problem with technology \nchanging with very specific bills that deal with a specific \nproblem.\n    Yes?\n    Mr. Morgan. Both TACODA and IAB, we don't have a formal \nposition but we are certainly open to dialog on that kind of \nlegislation.\n    Ms. Schakowsky. Ms. Maier.\n    Ms. Maier. We have been working with a number of companies \nin trying to encourage better privacy protections for consumers \nand in general we think baseline privacy legislation could be \ngood. That said, I think we still need spyware legislation \nbecause a lot of this doesn't even have to do with personal \ninformation but computers installing things and tracking and \nthat could be outside the scope of privacy legislation.\n    Ms. Varney. Congresswoman, I am here on behalf of Zango and \nthey really have not examined whether or not it would be for or \nagainst any baseline privacy legislation. They strongly support \nthis bill and they don't collect personally identifiable \ninformation. So I think there is a need--even if there a \nbaseline privacy bill that we get out of the Congress and \nsigned by this President, there probably still is a need for \nthis type of legislation.\n    Ms. Schakowsky. I am not suggesting that we don't do this \nlegislation. Thank you.\n    Mr. Rush. Mrs. Bono is recognized for 5 minutes.\n    Mrs. Bono. Thank you, Mr. Chairman.\n    First, I just want to comment on the discussion about \ncookies. I think the study or the report on cookies in the bill \nis a good thing and I didn't really have a problem with cookies \nin the beginning because anybody with a slightly elevated \ndegree of sophistication on the Internet knows how to go ahead \nand delete your cookies. It is not that hard to do. So I think \nthe report obviously is a good thing. That is why we didn't \nreally give it more weight than that because there is a removal \ntool.\n    And I just want to comment, the question that Ranking \nMember Stearns asked was about software and how effective it is \nat removing spyware/adware and I just want to applaud Microsoft \nbecause I think Windows Vista--I am a user of Vista on one of \nmy computers--and I think they have come a long way and with \nWindows Defender I think they have certainly tried to tackle \nthe issue. As soon as Windows Vista works with iTunes, it might \nbe a perfect world, but until then, I do want to applaud them \nfor their efforts to address the issue.\n    But I would like to ask a question of Mr. Morgan, and that \nis, can you tell us about the current state of the online \nadvertising industry and how popup ads are currently being \nused? There has been obviously a lot of restraint, best \npractice put into place but they are still out there. Can you \ngo over what they are doing now?\n    Mr. Morgan. Certainly, Congresswoman. Well, first I would \nlike to say I have been in the online advertising industry for \nabout 15 years and we have probably had some forms of spyware \nfor the better part of the last 10, and I applaud you, \nCongresswoman Bono, because until you made it an issue and \nbrought it to the forefront, it wasn't being talked about, and \nI won't say it wasn't being talked about in Congress. It wasn't \nbeing talked about inside the online advertising industry. I am \none of the first to say self-regulation and self-regulatory \npractices help solve problems but we weren't solving it, and \nthat is one of the reasons you probably hear sometimes a little \nbalance of my position in TACODA in talking about other things. \nBut I will say that since you got involved and you and \nCongressman Towns introduced the bill, there has been a lot of \nattention in the industry and I have not seen any issue that \nhas had more attention in the industry over the last several \nyears, and what we have seen is, we have seen a significant, I \nwould say a dramatic reduction in the use of popup advertising. \nWe have certainly seen companies like Microsoft make \nextraordinary leaps forward in software and technology. We have \nseen a lot of practices go forward and I think that has been a \ngreat thing.\n    Mrs. Bono. Can you describe then how interactive \nadvertising helps provide consumers with free online content?\n    Mr. Morgan. I think that--and this is a tiny anecdote but \none of the things I have found in talking to people about this \nis that a lot of people think the Internet works like cable \ntelevision and that you pay a bill to an Internet service \nprovider and you get access to a bunch of channels and content, \nand what most people haven't realized is the money that is paid \nby a consumer never actually makes it to the people that make \nthe content. Not a penny of that goes to the New York Times or \nto Orbitz or to iVillage. They are 100 percent supporting what \nthey give for free to consumers with advertising and one of the \nreasons it has been such a robust industry that we have really \nsupported the actions against spyware because it had the \ncapability and still has some capability that really had the \ncapability to really harm or destroy what was really emerging \nin strong industry.\n    Mrs. Bono. I think on your point there, I just picked up--\nthe committee did a great job providing a ton of information up \nhere including a Business Week article from July 17. I hadn't \neven seen this before, but for those of you who have seen it, \nthe opening quote says consumers have strong opinions about \ndirect revenue software, and this is a quote: ``If I ever''--I \ndon't even know if I should say this for the record but it \nsays, ``If I ever meet anyone from your company, I will kill \nyou,'' a person who identified himself as X said in an e-mail \nto Direct Revenue last summer, ``I will * * * * kill you and \nyour families.'' That is what it says. Such sentiments aren't \nunusual. ``You people are evil personified,'' and this \ngentleman goes on to say, ``I would like the 4 hours of my life \nback I have wasted trying to get your stupid uninvited software \noff of my now-crippled system,'' and I think that last sentence \nreally identifies people's frustration with adware and spyware \nand it is not a matter of direct advertising and good \npractices. It is a matter of really interfering with people's \nlives and the fact is I believe we own our own computers, not \nan outside source, and that is where this whole thing came \nfrom.\n    I see Mr. Chairman, that I am just about out of time and I \njust want to thank all of you on the panel who have worked with \nus in the past on this bill and I know Ed Towns and I will \ncontinue to work with you and hear your concerns as we go \nthrough the process. So thank you very much.\n    Mr. Rush. Does the gentlelady request unanimous consent \nthat this be included into the record, the article?\n    Mrs. Bono. Yes, Mr. Chairman, thank you, and also to notice \nthat I was quoting because I don't know if I violated rules by \nquoting the F-word but I did not say that word so I don't want \nto get in trouble.\n    Mr. Rush. No, since you complimented the committee, we will \naccept that. Thank you.\n    Mr. Rush. Ms. Hooley, you are recognized for 5 minutes.\n    Ms. Hooley. Thank you, Mr. Chairman, and I thank all of my \ncolleagues who have worked so hard on this bill and Mrs. Bono, \nfor all of your hard work.\n    I am a cosponsor of the bill. I strongly support this bill \nand I want to make sure there are not any unintended \nconsequences and I am concerned that there may be unintended \nconsequences if there is detection software, then that they \ncan't be used to keep consumers safe them from fraudulent \nactivity. I know, Mr. Chairman, you pointed out the exemption \nclause but I don't know if that clause actually does what it \nneeds to do to make sure that there is an exemption here for \nthe software that helps keep fraudulent activity out of your \nlife, software that determines the legitimacy of a transaction \nor to verify information supplied by that consumer, and I guess \nI would like to hear from you if you think again that we don't \nhave some unintended consequence in this piece of legislation.\n    Ms. Varney. May I comment on that?\n    Ms. Hooley. Yes, please.\n    Ms. Varney. Zango has commented on that provision, \nCongresswoman, and the way that we read the language, and if I \nmay, I will just quote it. It says that ``No provider of \ncomputer software may be held liable under this Act on account \nof any action voluntarily taken or service provided in good \nfaith to disable a program used to violate section 2 or 3.'' \nThere is a couple of concerns we have. Remember, this Act is \nenforceable by the FTC.\n    Ms. Hooley. Right.\n    Ms. Varney. It doesn't create a private right of action. So \nwhat this in effect is saying to the FTC is that anybody can \nhide behind the defense of hey, we are just a scanning ap \ntrying to take bad stuff off people's computers. We think that \nis an unwise standard to put in this Act. The FTC is very \njudicious about its enforcement and I cannot foresee a \ncircumstance under which they would go after a legitimate \nprovider of a scanning application. However, the providers of \nscanning applications ought to be under the same requirements \nwhen it comes to notice and consent and uninstall. So we think \nthat the better course here, since this is an act empowering \nthe FTC to prosecute bad actors, is to leave that exemption \nout, let the FTC prosecute those who do have the requisite bad \nintention or who fail to provide the adequate notice, consent \nand uninstall.\n    Ms. Hooley. Yes, Mr. Cerasale?\n    Mr. Cerasale. I want to look at the exemption provision in \nsection 5(b) where the monitoring or interaction of your anti-\nfraud software you are exempted from the Act totally so in the \nnotice and all of that but it is limited to telecommunications \ncarrier, cable operator, computer hardware or software provider \nor provider of information, service or interactive computer \nservice to the extent that it is more for anti-fraud. Those are \nnot the only people--they are not really software providers. \nThey are not the only people running the anti-fraud programs, \ncreating the software and sending it in. So we need to expand \nto financial institutions to use this, credit card companies, \nso forth, retailers even use because they collect credit cards \nor direct marketers so we need to look at expanding 5(b), not \nthat the exemption is bad but to expand it to help us in the \nprevention of financial fraud.\n    Ms. Hooley. OK. I am assuming that you would have a list of \nwhat else needs to be added to those exemptions?\n    Mr. Cerasale. Yes. I will provide that list and try and \nwork out--we probably need to talk with committee staff to make \nsure that we are as inclusive or not too inclusive in the \nexemption.\n    Ms. Hooley. Did this fix this in the Senate, by the way? \nDid they do something different in the Senate, anybody know?\n    Mr. Cerasale. They did make a change in the Senate so we \ncan use--we will provide the Senate language.\n    Ms. Hooley. OK. Thank you.\n    Mr. Rush. Thank you so very much. I certainly want to \nextend our thanks to the witnesses who have come and helped us \nand informed us so much and participated in this hearing. \nAgain, thank you for taking the time out from your busy day.\n    With that said, we will call the committee adjourned. The \ncommittee is now adjourned.\n    [Whereupon, at 12:30 p.m., the subcommittee was adjourned.]\n\n                                 <all>\n\x1a\n</pre></body></html>\n"