[Congressional Record Volume 150, Number 125 (Wednesday, October 6, 2004)]
[House]
[Pages H8250-H8252]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




            INTERNET SPYWARE (I-SPY) PREVENTION ACT OF 2004

  Mr. GOODLATTE. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 4661) to amend title 18, United States Code, to discourage 
spyware, and for other purposes, as amended.
  The Clerk read as follows:

                               H.R. 4661

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Internet Spyware (I-SPY) 
     Prevention Act of 2004''.

     SEC. 2. PENALTIES FOR CERTAIN UNAUTHORIZED ACTIVITIES 
                   RELATING TO COMPUTERS.

       (a) In General.--Chapter 47 of title 18, United States 
     Code, is amended by inserting after section 1030 the 
     following:

     ``Sec. 1030A. Illicit indirect use of protected computers

       ``(a) Whoever intentionally accesses a protected computer 
     without authorization, or exceeds authorized access to a 
     protected computer, by causing a computer program or code to 
     be copied onto the protected computer, and intentionally uses 
     that program or code in furtherance of another Federal 
     criminal offense shall be fined under this title or 
     imprisoned not more than 5 years, or both.
       ``(b) Whoever intentionally accesses a protected computer 
     without authorization, or exceeds authorized access to a 
     protected computer, by causing a computer program or code to 
     be copied onto the protected computer, and by means of that 
     program or code--
       ``(1) intentionally obtains, or transmits to another, 
     personal information with the intent to defraud or injure a 
     person or cause damage to a protected computer; or
       ``(2) intentionally impairs the security protection of the 
     protected computer;
     shall be fined under this title or imprisoned not more than 2 
     years, or both.
       ``(c) No person may bring a civil action under the law of 
     any State if such action is premised in whole or in part upon 
     the defendant's violating this section. For the purposes of 
     this subsection, the term `State' includes the District of 
     Columbia, Puerto Rico, and any other territory or possession 
     of the United States.
       ``(d) As used in this section--
       ``(1) the terms `protected computer' and `exceeds 
     authorized access' have, respectively, the meanings given 
     those terms in section 1030; and
       ``(2) the term `personal information' means--
       ``(A) a first and last name;
       ``(B) a home or other physical address, including street 
     name;
       ``(C) an electronic mail address;
       ``(D) a telephone number;
       ``(E) a Social Security number, tax identification number, 
     drivers licence number, passport number, or any other 
     government-issued identification number; or
       ``(F) a credit card or bank account number or any password 
     or access code associated with a credit card or bank account.
       ``(e) This section does not prohibit any lawfully 
     authorized investigative, protective, or intelligence 
     activity of a law enforcement agency of the United States, a 
     State, or a political subdivision of a State, or of an 
     intelligence agency of the United States.''.
       (b) Conforming Amendment.--The table of sections at the 
     beginning of chapter 47 of title 18, United States Code, is 
     amended by inserting after the item relating to section 1030 
     the following new item:

``1030A. Illicit indirect use of protected computers.''.

     SEC. 3. AUTHORIZATION OF APPROPRIATIONS.

       In addition to any other sums otherwise authorized to be 
     appropriated for this purpose, there are authorized to be 
     appropriated for each of fiscal years 2005 through 2008, the 
     sum of $10,000,000 to the Attorney General for prosecutions 
     needed to discourage the use of spyware and the practice 
     commonly called phishing.

     SEC. 4. FINDINGS AND SENSE OF CONGRESS CONCERNING THE 
                   ENFORCEMENT OF CERTAIN CYBERCRIMES.

       (a) Findings.--Congress makes the following findings:
       (1) Software and electronic communications are increasingly 
     being used by criminals to invade individuals' and 
     businesses' computers without authorization.
       (2) Two particularly egregious types of such schemes are 
     the use of spyware and phishing scams.
       (3) These schemes are often used to obtain personal 
     information, such as bank account and credit card numbers, 
     which can then be used as a means to commit other types of 
     theft.
       (4) In addition to the devastating damage that these 
     heinous activities can inflict on individuals and businesses, 
     they also undermine the confidence that citizens have in 
     using the Internet.
       (b) Sense of Congress.--Because of the serious nature of 
     these offenses, and the Internet's unique importance in the 
     daily lives of citizens and in interstate commerce, it is the 
     sense of Congress that the Department of Justice should use 
     the amendments made by this Act, and all other available 
     tools, vigorously to prosecute those who use spyware to 
     commit crimes and those that conduct phishing scams.
  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Virginia (Mr. Goodlatte) and the gentlewoman from California (Ms. 
Lofgren) each will control 20 minutes.
  The Chair recognizes the gentleman from Virginia (Mr. Goodlatte).


                             General Leave

  Mr. GOODLATTE. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days within which to revise and extend their 
remarks and include extraneous material on H.R. 4661, the bill 
currently under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Virginia?
  There was no objection.
  Mr. GOODLATTE. Mr. Speaker, I yield myself such time as I may 
consume.
  I rise in support of H.R. 4661, the Internet Spyware (I-SPY) 
Prevention Act. This bipartisan legislation which I introduced with the 
gentlewoman from California (Ms. Lofgren) and the gentleman from Texas 
(Mr. Smith) will impose tough criminal penalties on the most egregious 
purveyors of spyware without imposing a broad regulatory regime on 
legitimate software providers. I believe that this targeted approach is 
the best way to combat spyware.
  Spyware is a growing and serious problem. The Federal Trade 
Commission has testified that spyware appears to be a new and rapidly 
growing practice that poses a risk of serious harm to consumers. 
Spyware is software that provides a tool for criminals to crack into 
computers to conduct nefarious activities, such as altering a user's 
security settings, collecting personal information to steal a user's 
identity, or to commit other crimes.
  The I-SPY Prevention Act would impose criminal penalties on the most 
egregious behaviors associated with spyware. Specifically, this 
legislation would impose up to a 5-year prison sentence on anyone who 
uses software to intentionally break into a computer and uses that 
software in furtherance of another Federal crime. In addition, it would 
impose up to a 2-year prison sentence on anyone who uses spyware to 
intentionally break into a computer and either alter the computer's 
security settings or obtain personal information with the intent to 
defraud or injure a person or with the intent to damage a computer. By 
imposing stiff penalties on these bad actors, this legislation will 
help deter the use of spyware and will thus help protect consumers from 
these aggressive attacks.
  Enforcement is crucial in combating spyware. The I-SPY Prevention Act 
authorizes $10 million for fiscal years 2005 through 2008 to be devoted 
to prosecutions and expresses the sense of Congress that the Department 
of Justice vigorously enforce the laws against spyware violations as 
well as against online phishing scams in which criminals send fake e-
mail messages to consumers on behalf of famous companies and request 
account information that is later used to conduct criminal activities.
  In addition, the I-SPY Prevention Act is technology-friendly. It 
would not interfere with the development of technological solutions to 
block spyware. Many technologies are currently available to help 
consumers detect and rid their computers of spyware. As these 
technologies progress, we must be careful not to impose unnecessary 
burdens on these innovators who are helping to fight against spyware. 
Furthermore, by targeting the truly bad actors, this legislation would 
protect the ability of legitimate software companies to innovate and 
develop new and exciting products and services in response to consumer 
demand instead of imposing a one-size-fits-all regulation on the entire 
industry.
  The I-SPY Prevention Act is a targeted approach that protects 
consumers by imposing stiff penalties on the truly bad actors without 
imposing excessive red tape and regulations on legitimate technology 
companies. I

[[Page H8251]]

urge my colleagues to support this important legislation. I thank the 
chairman of the Committee on the Judiciary for bringing this 
legislation forward.
  Mr. Speaker, I reserve the balance of my time.
  Ms. LOFGREN. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I am proud to have partnered with my colleague from 
Virginia (Mr. Goodlatte) on this legislation to combat spyware. Spyware 
is quickly becoming one of the biggest threats to consumers on the 
Internet. It is one of the reasons why we have an identity theft 
epidemic. Thieves are using spyware to harvest personal information 
from unsuspecting Americans. Criminals are even using spyware to track 
every keystroke an individual makes, including credit card and Social 
Security numbers.
  Spyware also adversely affects the business community which must 
spend money to block and remove it from their systems. Microsoft has 
stated that spyware is ``at least partially responsible for 
approximately one-half of all application crashes'' reported to them. 
Experts estimate that as many as 80 to 90 percent of all personal 
computers contain some form of spyware. Earthlink recently identified 
more than 29 million spyware programs. In short, spyware is a very real 
problem that is endangering consumers, damaging businesses, and 
creating millions of dollars of additional costs.
  I am proud to support H.R. 4661, this bipartisan measure that 
identifies the truly unscrupulous acts associated with spyware and 
subjects them to criminal punishment. This bill is important because it 
focuses on behavior, not on technology. It targets the worst form of 
spyware without unduly burdening technological innovation.
  H.R. 4661 also authorizes for the Attorney General the money he needs 
to find and prosecute spyware offenders. At the same time, it is 
important to note that this bill does not prevent existing or future 
State laws that prohibit spyware. Report language clearly explains that 
this bill only preempts civil actions that are based on violations of 
this new Federal criminal law. It does not prevent a State from passing 
a similar law, nor does it prevent any lawsuits that are premised on 
existing State laws.
  I am honored that this bill has the strong support of some of the 
biggest names in technology, including Microsoft and Dell. It is also 
supported by the U.S. Chamber of Commerce, the Center For Democracy and 
Technology, and even the Distributed Computing Industry Association, 
which represents peer-to-peer networks. Consumers and businesses cannot 
wait any longer for help.
  I urge my colleagues to support H.R. 4661.
  Mr. Speaker, I reserve the balance of my time.
  Mr. GOODLATTE. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I want to particularly thank the gentlewoman from 
California for her help in making this legislation possible. This is 
truly a bipartisan effort that has been broadly supported in the 
Committee on the Judiciary and by other Members of Congress. I think it 
is a very appropriate approach to a very serious problem. I also want 
to thank the gentleman from North Carolina (Mr. Coble), chairman of the 
Subcommittee on Crime, and the gentleman from Texas (Mr. Smith), 
chairman of the Subcommittee on Courts, the Internet, and Intellectual 
Property, who also were very helpful and very supportive as we moved 
this legislation forward.
  There are a number of organizations. The gentlewoman from California 
mentioned some. I would like to call Members' attention to others that 
have indicated their strong support of this legislation, including the 
Information Technology Association of America; the Information 
Technology Industry Council; the Business Software Alliance; the Center 
For Democracy and Technology; NetChoice, a coalition representing e-
commerce companies and thousands of e-consumers from across the Nation; 
the Internet Commerce Coalition; the Chamber of Commerce of the United 
States of America; the Software Information Industry Association; and a 
host of individual companies and individuals who have been in touch 
with us about the ravages that occur with spyware and the phishing 
scam.
  These are things that are great threats to consumers. We want them to 
feel confident when they use the Internet. The Internet holds great 
promise for people to be able to use the Internet for education, for 
commerce, for communicating with families and friends and people who 
share a common cause with them; but people increasingly know of the 
dangers they face on the Internet, from hackers and spam and 
pornography and people attempting to participate in various types of 
fraudulent schemes.
  Many of those center around the use of spyware and phishing. These 
are threats to people's use of the Internet. We need to crack down on 
the people who perpetrate these actions. This is the legislation to do 
that, to make sure that people feel comfortable, that they themselves 
and their children can go online and have the opportunity to use the 
Internet with confidence that their personal information is not being 
stolen, that they are not becoming the victim of identity theft, that 
they are not confronting what looks like a Web site of a legitimate 
company using all of the technology available.
  Some of these criminals will actually create a duplicate Web site 
that looks exactly like the original, but then attempt to use that Web 
site to extract information from you by suggesting that they need to 
update their account information or need your Social Security number or 
need your driver's license or some other personal information which 
they then intend to use to steal from your bank account, run up credit 
card bills, whatever the case might be. This legislation is designed to 
come down hard on those people.
  Mr. Speaker, I urge my colleagues to support the legislation.
  Mr. Speaker, I reserve the balance of my time.
  Ms. LOFGREN. Mr. Speaker, I yield myself such time as I may consume.
  I would like to thank as well the gentleman from Virginia for such a 
productive collaboration on this bill. I think it is a good product and 
one that we can all be very satisfied with. I also want to take a 
moment to thank two members of my staff. The staff does not generally 
get thanked in public. Andrew Kugler, a lawyer on my staff and a brand 
new father, worked very hard with the gentleman from Virginia's staff 
to make sure that all these issues were dealt with successfully; and 
while he was on paternity leave, Ur Jaddou on my staff filled in for 
him. So thanks to both of those fine lawyers for the effort that they 
made. The staff works behind the scenes, but they help us accomplish a 
lot, and we need to thank them.
  I also wanted to mention and agree with the gentleman from Virginia 
in terms of the phishing issue. I will admit that one of the brightest 
people I know, my daughter, was caught up actually in a phishing 
scheme. Very smart people can get taken by these phishing schemes. As 
soon as her thumb hit the send button, she thought, oh, my goodness, 
what have I done. We had to call and cancel all the credit cards and 
the like.
  This is something that preys upon people. If you think about the 
impact of phishing and also spyware, it is not just an inconvenience to 
consumers; but if we do not successfully abate this, we are going to 
have a very serious impact on the vitality of the Internet itself, 
because if people cannot trust Internet commerce, they will not use 
Internet commerce and so that is going to have an impact on the 
productivity of the American economy.
  What we are doing here today is important for consumers, it is 
important for businesses, but it is also important for the future of 
our high-tech economy because we have got to make sure that the 
Internet is safe for commerce and for individual users and also for 
businesses.
  I urge and I do believe that this House will in large number support 
the bill. When you do, you are striking a blow for the continued 
vitality of the Internet as an instrument of commerce and economic 
growth for America.
  Mr. Speaker, I reserve the balance of my time.

                              {time}  1600

  Mr. GOODLATTE. Mr. Speaker, I thank the gentlewoman for her comments.
  Mr. Speaker, I yield such time as he may consume to the gentleman 
from

[[Page H8252]]

Texas (Mr. Smith), chairman of the Courts, the Internet, and 
Intellectual Property Subcommittee of the House Committee on the 
Judiciary and a real leader on technology issues in the Congress.
  Mr. SMITH of Texas. Mr. Speaker, I thank the gentleman from Virginia 
(Chairman Goodlatte) for his nice comments, and I am happy to join him 
in cosponsoring this legislation, but I especially want to express my 
appreciation to him for being the author and introducing this 
legislation.
  Computer spyware is a growing problem that threatens the future of 
commerce over the Internet. A recent report found that more than 3 
million scans for spyware have been performed just this year alone. 
These scans revealed approximately 83 million instances of spyware. 
That is certainly disturbing.
  Spyware can be a confusing problem for consumers. Many do not know 
they have it, or if they do, they do not know how to get rid of it. A 
Yahoo! Internet search of the term ``spyware'' yields over 8 million 
results. It is no wonder that the problem is only getting worse.
  Mr. Speaker, H.R. 4661 addresses spyware through the regulation of 
bad behavior rather than the regulation of technology. It provides 
strong penalties for those who engage in the illicit activities of 
spyware and phishing.
  Rather than add to an already confusing regulatory structure, the 
bill takes a very narrow approach. H.R. 4661 sets strong penalties for 
anyone who intentionally uses software to break into a computer in 
order to alter security settings or obtain personal information. It 
further authorizes money for the Department of Justice to prosecute 
spyware and phishing crimes.
  Mr. Speaker, I again urge my colleagues to put an end to spyware and 
support this bill, and again I want to thank the gentleman from 
Virginia (Chairman Goodlatte) for introducing this piece of 
legislation.
  Mr. SENSENBRENNER. Mr. Speaker, I rise today in support of H.R. 4661, 
the ``Internet Spyware Prevention Act of 2004.'' This narrow criminal 
legislation will deter and allow the prosecution of the worst forms of 
behavior involving spyware by providing additional tools and resources 
to criminal prosecutors. I would like to thank the Gentleman from 
Virginia, Mr. Goodlatte, for introducing the legislation before us 
today.
  Technologies designed to enhance the speed and efficiency of data 
transfer have fueled the explosive growth of the Internet. 
Unfortunately, the sad reality is that the same software and technology 
innovations that have enhanced and personalized usage of the Internet 
can also provide opportunities for abuse and illegal behavior.
  Like many other ills on the Internet these latest malicious behaviors 
cannot be stopped by federal legislation alone. In fact, there is no 
one silver bullet--legal, regulatory, or technological--to end the 
misuse of spyware or the related practice of ``phishing.'' But greater 
consumer awareness and use of available technological countermeasures 
clearly hold the greatest promise for curbing these abusive practices. 
Congressional efforts will only help if they focus on behavior--not 
rapidly changing technology.
  H.R. 4661 is a good start because it focuses on behavior that is 
criminal, not on technologies. Unlike some other proposals, this bill 
does not set up new requirements that dictate how things appear on a 
computer screen or that bombard a user with unwanted notices. Nor does 
this bill pose the same dangers of strict liability for legitimate 
companies who make a mistake. In short, it represents a measured 
solution to the problem it seeks to correct.
  I believe that this narrow legislation updating necessary criminal 
law provisions and emphasizing increased enforcement, rather than broad 
regulation, is the correct legislative response at this time. I urge 
may colleagues to support H.R. 4661 and reserve the balance of my time.
  Ms. LOFGREN. Mr. Speaker, I have no further requests for time, and I 
yield back the balance of my time.
  Mr. GOODLATTE. Mr. Speaker, I urge my colleagues to support this 
legislation, and I yield back the balance of my time.
  The SPEAKER pro tempore (Mr. Culberson). The question is on the 
motion offered by the gentleman from Virginia (Mr. Goodlatte) that the 
House suspend the rules and pass the bill, H.R. 4661, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds of 
those present have voted in the affirmative.
  Mr. GOODLATTE. Mr. Speaker, on that I demand the yeas and nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX and the 
Chair's prior announcement, further proceedings on this motion will be 
postponed.

                          ____________________