[Congressional Record Volume 151, Number 35 (Sunday, March 20, 2005)]
[Senate]
[Pages S3105-S3109]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
By Mr. BURNS (for himself, Mr. Wyden, Mrs. Boxer, and Mr. Nelson
of Florida):
S. 687. A bill to regulate the unauthorized installation of computer
software, to require clear disclosure to
[[Page S3106]]
computer users of certain computer software features that may pose a
threat to user privacy, and for other purposes; to the Committee on
Commerce, Science, and Transportation.
Mr. BURNS. Mr. President, I rise today to introduce the SPYBLOCK
bill, along with my good friend Senator Wyden of Oregon.
The SPYBLOCK bill will help reduce one of the most damaging practices
in the online world today--spyware, or computer software downloaded
onto a computer without the user's permission or awareness--that then
is often used to illicitly gather personal information, assist in
identity theft, track a user's keystrokes or monitor browsing behavior.
It is hard to overstate the potential damage that Spyware can do in
cyberspace if it is allowed to grow unchecked. It could cripple e-
commerce, because consumers would be afraid to make their financial or
other personal data available on-line. It could damage the activities
of businesses large and small, by making their data or computer systems
vulnerable to attack and abuse. It could fuel the growth of whole new
categories of cybercriminals. The recent data theft incidents at
ChoicePoint, Bank of America, and others only underscore the need for a
much more proactive policing of cyberspace.
The SPYBLOCK bill will give Federal enforcement authorities
additional tools to curb spyware. It also bans adware programs that
conceal their operation or purpose from users, because every consumer
should have a reasonable opportunity to consent to the installation of
software that generates pop-up ads on his or her computer.
We have worked hard on this bill, and consulted extensively with
industry and consumer groups to ensure all perspectives on this growing
problem were heard. The issues are not new to the members of the
Commerce Committee either, as this bill is very similiar to one we
marked up toward the end of the last Congress.
I look forward to working with my colleagues in the Commerce
Committee and the full Senate to ensure prompt passage of this
important measure. I thank my colleague Senator Wyden again for his
work on this bill, and I yield back the balance of my time.
I ask unanimous consent that the text of the bill be printed in the
Record.
There being no objection, the bill was ordered to be printed in the
Record, as follows:
S. 687
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Software
Principles Yielding Better Levels of Consumer Knowledge Act''
or the ``SPY BLOCK Act''.
(b) Table of Contents.--The table of contents for this Act
is as follows:
Sec. 1. Short title.
Sec. 2. Prohibited practices related to software installation in
general.
Sec. 3. Installing surreptitious information collection features on a
user's computer.
Sec. 4. Adware that conceals its operation.
Sec. 5. Other practices that thwart user control of computer.
Sec. 6. Limitations on liability.
Sec. 7. FTC rulemaking authority.
Sec. 8. Administration and enforcement.
Sec. 9. Actions by States.
Sec. 10. Effect on other laws.
Sec. 11. Liability protections for anti-spyware software or services.
Sec. 12. Penalties for certain unauthorized activities relating to
computers.
Sec. 13. Definitions.
Sec. 14. Effective date.
SEC. 2. PROHIBITED PRACTICES RELATED TO SOFTWARE INSTALLATION
IN GENERAL.
(a) Surreptitious Installation.--
(1) In general.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the
installation of software on the computer in a manner that--
(A) conceals from the user of the computer the fact that
the software is being installed; or
(B) prevents the user of the computer from having an
opportunity to knowingly grant or withhold consent to the
installation.
(2) Exception.--This subsection does not apply to--
(A) the installation of software that falls within the
scope of a previous grant of authorization by an authorized
user;
(B) the installation of an upgrade to a software program
that has already been installed on the computer with the
authorization of an authorized user;
(C) the installation of software before the first retail
sale and delivery of the computer; or
(D) the installation of software that ceases to operate
when the user of the computer exits the software or service
through which the user accesses the Internet, if the software
so installed does not begin to operate again when the user
accesses the Internet via that computer in the future.
(b) Misleading Inducements To Install.--It is unlawful for
a person who is not an authorized user of a protected
computer to induce an authorized user of the computer to
consent to the installation of software on the computer by
means of a materially false or misleading representation
concerning--
(1) the identity of an operator of an Internet website or
online service at which the software is made available for
download from the Internet;
(2) the identity of the author, publisher, or authorized
distributor of the software;
(3) the nature or function of the software; or
(4) the consequences of not installing the software.
(c) Preventing Reasonable Efforts To Uninstall.--
(1) In general.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the
installation of software on the computer if the software
cannot subsequently be uninstalled or disabled by an
authorized user through a program removal function that is
usual and customary with the user's operating system, or
otherwise as clearly and conspicuously disclosed to the user.
(2) Limitations.--
(A) Authority to uninstall.--Software that enables an
authorized user of a computer, such as a parent, employer, or
system administrator, to choose to prevent another user of
the same computer from uninstalling or disabling the software
shall not be considered to prevent reasonable efforts to
uninstall or disable the software within the meaning of this
subsection if at least 1 authorized user retains the ability
to uninstall or disable the software.
(B) Construction.--This subsection shall not be construed
to require individual features or functions of a software
program, upgrades to a previously installed software program,
or software programs that were installed on a bundled basis
with other software or with hardware to be capable of being
uninstalled or disabled separately from such software or
hardware.
SEC. 3. INSTALLING SURREPTITIOUS INFORMATION COLLECTION
FEATURES ON A USER'S COMPUTER.
(a) In General.--It is unlawful for a person who is not an
authorized user of a protected computer to--
(1) cause the installation on that computer of software
that includes a surreptitious information collection feature;
or
(2) use software installed in violation of paragraph (1) to
collect information about a user of the computer or the use
of a protected computer by that user.
(b) Authorization Status.--This section shall not be
interpreted to prohibit a person from causing the
installation of software that collects and transmits only
information that is reasonably needed to determine whether or
not the user of a protected computer is licensed or
authorized to use the software.
(c) Surreptitious Information Collection Feature Defined.--
For purposes of this section, the term ``surreptitious
information collection feature'' means a feature of software
that--
(1) collects information about a user of a protected
computer or the use of a protected computer by that user, and
transmits such information to any other person or computer--
(A) on an automatic basis or at the direction of person
other than an authorized user of the computer, such that no
authorized user knowingly triggers or controls the collection
and transmission;
(B) in a manner that is not transparent to an authorized
user at or near the time of the collection and transmission,
such that no authorized user is likely to be aware of it when
information collection and transmission are occurring; and
(C) for purposes other than--
(i) facilitating the proper technical functioning of a
capability, function, or service that an authorized user of
the computer has knowingly used, executed, or enabled; or
(ii) enabling the provider of an online service knowingly
used or subscribed to by an authorized user of the computer
to monitor or record the user's usage of the service, or to
customize or otherwise affect the provision of the service to
the user based on such usage; and
(2) begins to collect and transmit such information without
prior notification that--
(A) clearly and conspicuously discloses to an authorized
user of the computer the type of information the software
will collect and the types of ways the information may be
used and distributed; and
(B) is provided at a time and in a manner such that an
authorized user of the computer has an opportunity, after
reviewing the information contained in the notice, to prevent
either--
(i) the installation of the software; or
(ii) the beginning of the operation of the information
collection and transmission capability described in paragraph
(1).
[[Page S3107]]
SEC. 4. ADWARE THAT CONCEALS ITS OPERATION.
(a) In General.--It is unlawful for a person who is not an
authorized user of a protected computer to cause the
installation on that computer of software that causes
advertisements to be displayed to the user without a label or
other reasonable means of identifying to the user of the
computer, each time such an advertisement is displayed, which
software caused the advertisement's delivery.
(b) Exception.--Software that causes advertisements to be
displayed without a label or other reasonable means of
identification shall not give rise to liability under
subsection (a) if those advertisements are displayed to a
user of the computer--
(1) only when a user is accessing an Internet website or
online service--
(A) operated by the publisher of the software; or
(B) the operator of which has provided express consent to
the display of such advertisements to users of the website or
service; or
(2) only in a manner or at a time such that a reasonable
user would understand which software caused the delivery of
the advertisements.
SEC. 5. OTHER PRACTICES THAT THWART USER CONTROL OF COMPUTER.
It is unlawful for a person who is not an authorized user
of a protected computer to engage in an unfair or deceptive
act or practice that involves--
(1) utilizing the computer to send unsolicited information
or material from the user's computer to other computers;
(2) diverting an authorized user's Internet browser away
from the Internet website the user intended to view to 1 or
more other websites, unless such diversion has been
authorized by the website the user intended to view;
(3) displaying an advertisement, series of advertisements,
or other content on the computer through windows in an
Internet browser, in such a manner that the user of the
computer cannot end the display of such advertisements or
content without turning off the computer or terminating all
sessions of the Internet browser (except that this paragraph
shall not apply to the display of content related to the
functionality or identity of the Internet browser);
(4) modifying settings relating to the use of the computer
or to the computer's access to or use of the Internet,
including--
(A) altering the default Web page that initially appears
when a user of the computer launches an Internet browser;
(B) altering the default provider or Web proxy used to
access or search the Internet;
(C) altering bookmarks used to store favorite Internet
website addresses; or
(D) altering settings relating to security measures that
protect the computer and the information stored on the
computer against unauthorized access or use; or
(5) removing, disabling, or rendering inoperative a
security or privacy protection technology installed on the
computer.
SEC. 6. LIMITATIONS ON LIABILITY.
(a) Passive Transmission, Hosting, or Linking.--A person
shall not be deemed to have violated any provision of this
Act solely because the person provided--
(1) the Internet connection, telephone connection, or other
transmission or routing function through which software was
delivered to a protected computer for installation;
(2) the storage or hosting of software or of an Internet
website through which software was made available for
installation to a protected computer; or
(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer located software available for
installation.
(b) Network Security.--It is not a violation of section 2,
3, or 5 for a provider of a network or online service used by
an authorized user of a protected computer, or to which any
authorized user of a protected computer subscribes, to
monitor, interact with, or install software for the purpose
of--
(1) protecting the security of the network, service, or
computer;
(2) facilitating diagnostics, technical support,
maintenance, network management, or repair; or
(3) preventing or detecting unauthorized, fraudulent, or
otherwise unlawful uses of the network or service.
(c) Manufacturer's Liability for Third-Party Software.--A
manufacturer or retailer of a protected computer shall not be
liable under any provision of this Act for causing the
installation on the computer, prior to the first retail sale
and delivery of the computer, of third-party branded
software, unless the manufacturer or retailer--
(1) uses a surreptitious information collection feature
included in the software to collect information about a user
of the computer or the use of a protected computer by that
user; or
(2) knows that the software will cause advertisements for
the manufacturer or retailer to be displayed to a user of the
computer.
(d) Investigational Exception.--Nothing in this Act
prohibits any lawfully authorized investigative, protective,
or intelligence activity of a law enforcement agency of the
United States, a State, or a political subdivision of a
State, or of an intelligence agency of the United States.
(e) Services Provided over MVPD Systems.--It is not a
violation of this Act for a multichannel video programming
distributor (as defined in section 602(13) of the
Communications Act of 1934 (47 U.S.C. 522(13)) to utilize a
navigation device, or interact with such a device, or to
install or use software on such a device, in connection with
the provision of multichannel video programming or other
services offered over a multichannel video programming system
or the collection or disclosure of subscriber information, if
the provision of such service or the collection or disclosure
of such information is subject to section 338(i) or section
631 of the Communications Act of 1934 (47 U.S.C. 338(i) or
551).
SEC. 7. FTC RULEMAKING AUTHORITY.
(a) In General.--Subject to the limitations of subsection
(b), the Commission may issue such rules in accordance with
section 553 of title 5, United States Code, as may be
necessary to implement or clarify the provisions of this Act.
(b) Safe Harbors.--
(1) In general.--The Commission may issue regulations
establishing specific wordings or formats for--
(A) notification that is sufficient under section 3(c)(2)
to prevent a software feature from being a surreptitious
information collection feature (as defined in section 3(c));
or
(B) labels or other means of identification that are
sufficient to avoid violation of section 4(a).
(2) Function of commission's suggested wordings or
formats.--
(A) Usage is voluntary.--The Commission may not require the
use of any specific wording or format prescribed under
paragraph (1) to meet the requirements of section 3 or 4.
(B) Other means of compliance.--The use of a specific
wording or format prescribed under paragraph (1) shall not be
the exclusive means of providing notification, labels, or
other identification that meet the requirements of sections 3
and 4.
(c) Limitations on Liability.--In addition to the
limitations on liability specified in section 6, the
Commission may by regulation establish additional limitations
or exceptions upon a finding that such limitations or
exceptions are reasonably necessary to promote the public
interest and are consistent with the purposes of this Act. No
such additional limitation of liability may be made
contingent upon the adoption of any specific wording or
format specified in regulations under subsection (b)(1).
SEC. 8. ADMINISTRATION AND ENFORCEMENT.
(a) In General.--Except as provided in subsection (b), this
Act shall be enforced by the Commission as if a violation of
this Act or of any regulation promulgated by the Commission
under this Act were an unfair or deceptive act or practice
proscribed under section 18(a)(1)(B) of the Federal Trade
Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) Enforcement by Certain Other Agencies.--Compliance with
this Act shall be enforced under--
(1) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), in the case of--
(A) national banks, and Federal branches and Federal
agencies of foreign banks, by the Office of the Comptroller
of the Currency;
(B) member banks of the Federal Reserve System (other than
national banks), branches and agencies of foreign banks
(other than Federal branches, Federal agencies, and insured
State branches of foreign banks), commercial lending
companies owned or controlled by foreign banks, and
organizations operating under section 25 or 25A of the
Federal Reserve Act (12 U.S.C. 601 and 611), by the Board;
and
(C) banks insured by the Federal Deposit Insurance
Corporation (other than members of the Federal Reserve
System) and insured State branches of foreign banks, by the
Board of Directors of the Federal Deposit Insurance
Corporation;
(2) section 8 of the Federal Deposit Insurance Act (12
U.S.C. 1818), by the Director of the Office of Thrift
Supervision, in the case of a savings association the
deposits of which are insured by the Federal Deposit
Insurance Corporation;
(3) the Federal Credit Union Act (12 U.S.C. 1751 et seq.)
by the National Credit Union Administration Board with
respect to any Federal credit union;
(4) part A of subtitle VII of title 49, United States Code,
by the Secretary of Transportation with respect to any air
carrier or foreign air carrier subject to that part;
(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et
seq.) (except as provided in section 406 of that Act (7
U.S.C. 226, 227)), by the Secretary of Agriculture with
respect to any activities subject to that Act; and
(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by
the Farm Credit Administration with respect to any Federal
land bank, Federal land bank association, Federal
intermediate credit bank, or production credit association.
(c) Exercise of Certain Powers.--For the purpose of the
exercise by any agency referred to in subsection (b) of its
powers under any Act referred to in that subsection, a
violation of this Act is deemed to be a violation of a
requirement imposed under that Act. In addition to its powers
under any provision of law specifically referred to in
subsection (b), each of the agencies referred to in that
subsection may exercise, for the purpose of enforcing
compliance with any requirement imposed under this Act, any
other authority conferred on it by law.
[[Page S3108]]
(d) Actions by the Commission.--The Commission shall
prevent any person from violating this Act in the same
manner, by the same means, and with the same jurisdiction,
powers, and duties as though all applicable terms and
provisions of the Federal Trade Commission Act (15 U.S.C. 41
et seq.) were incorporated into and made a part of this Act.
Any entity that violates any provision of that section is
subject to the penalties and entitled to the privileges and
immunities provided in the Federal Trade Commission Act in
the same manner, by the same means, and with the same
jurisdiction, power, and duties as though all applicable
terms and provisions of the Federal Trade Commission Act were
incorporated into and made a part of that section.
SEC. 9. ACTIONS BY STATES.
(a) In General.--
(1) Civil actions.--In any case in which the attorney
general of a State has reason to believe that an interest of
the residents of that State has been or is threatened or
adversely affected by the engagement of any person in a
practice that this Act prohibits, the State, as parens
patriae, may bring a civil action on behalf of the residents
of the State in a district court of the United States of
appropriate jurisdiction--
(A) to enjoin that practice;
(B) to enforce compliance with the rule;
(C) to obtain damage, restitution, or other compensation on
behalf of residents of the State; or
(D) to obtain such other relief as the court may consider
to be appropriate.
(2) Notice.--
(A) In general.--Before filing an action under paragraph
(1), the attorney general of the State involved shall provide
to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not apply with
respect to the filing of an action by an attorney general of
a State under this subsection, if the attorney general
determines that it is not feasible to provide the notice
described in that subparagraph before the filing of the
action.
(ii) Notification.--In an action described in clause (i),
the attorney general of a State shall provide notice and a
copy of the complaint to the Commission at the same time as
the attorney general files the action.
(b) Intervention.--
(1) In general.--On receiving notice under subsection
(a)(2), the Commission shall have the right to intervene in
the action that is the subject of the notice.
(2) Effect of intervention.--If the Commission intervenes
in an action under subsection (a), it shall have the right--
(A) to be heard with respect to any matter that arises in
that action; and
(B) to file a petition for appeal.
(c) Construction.--For purposes of bringing any civil
action under subsection (a), nothing in this subtitle shall
be construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by
the laws of that State to--
(1) conduct investigations;
(2) administer oaths or affirmations; or
(3) compel the attendance of witnesses or the production of
documentary and other evidence.
(d) Actions by the Commission.--In any case in which an
action is instituted by or on behalf of the Commission for
violation of this Act, no State may, during the pendency of
that action, institute an action under subsection (a) against
any defendant named in the complaint in that action for
violation of that section.
(e) Venue; Service of Process.--
(1) Venue.--Any action brought under subsection (a) may be
brought in the district court of the United States that meets
applicable requirements relating to venue under section 1391
of title 28, United States Code.
(2) Service of process.--In an action brought under
subsection (a), process may be served in any district in
which the defendant--
(A) is an inhabitant; or
(B) may be found.
SEC. 10. EFFECT ON OTHER LAWS.
(a) Federal Law.--Nothing in this Act shall be construed to
limit or affect in any way the Commission's authority to
bring enforcement actions or take any other measures under
the Federal Trade Commission Act or any other provision of
law.
(b) State Law.--
(1) State law concerning information collection software or
adware.--This Act supersedes any statute, regulation, or rule
of a State or political subdivision of a State that expressly
limits or restricts the installation or use of software on a
protected computer to--
(A) collect information about the user of the computer or
the user's Internet browsing behavior or other use of the
computer; or
(B) cause advertisements to be delivered to the user of the
computer,
except to the extent that any such statute, regulation, or
rule prohibits deception in connection with the installation
or use of such software.
(2) State law concerning notice of software installation.--
This Act supersedes any statute, regulation, or rule of a
State or political subdivision of a State that prescribes
specific methods for providing notification before the
installation of software on a computer.
(3) State law not specific to software.--This Act shall not
be construed to preempt the applicability of State criminal,
trespass, contract, tort, or anti-fraud law.
SEC. 11. LIABILITY PROTECTIONS FOR ANTI-SPYWARE SOFTWARE OR
SERVICES.
No provider of computer software or of an interactive
computer service may be held liable under this Act or any
other provision of law for identifying, naming, removing,
disabling, or otherwise affecting the operation or potential
operation on a computer of computer software published by a
third party, if--
(1) the provider's software or interactive computer service
is intended to identify, prevent the installation or
execution of, remove, or disable computer software that is or
was installed in violation of section 2, 3, or 4 of this Act
or used to violate section 5 of this Act;
(2) an authorized user of the computer has consented to the
use of the provider's computer software or interactive
computer service on the computer;
(3) the provider believes in good faith that the
installation or operation of the third-party computer
software involved or involves a violation of section 2, 3, 4,
or 5 of this Act; and
(4) the provider either notifies and obtains the consent of
an authorized user of the computer before taking any action
to remove, disable, or otherwise affect the operation or
potential operation of the third-party software on the
computer, or has obtained prior authorization from an
authorized user to take such action without providing such
notice and consent.
SEC. 12. PENALTIES FOR CERTAIN UNAUTHORIZED ACTIVITIES
RELATING TO COMPUTERS.
(a) In General.--Chapter 47 of title 18, United States
Code, is amended by inserting after section 1030 the
following:
``Sec. 1030A. Illicit indirect use of protected computers
``(a) Whoever intentionally accesses a protected computer
without authorization, or exceeds authorized access to a
protected computer, by causing a computer program or code to
be copied onto the protected computer, and intentionally uses
that program or code in furtherance of another Federal
criminal offense shall be fined under this title or
imprisoned 5 years, or both.
``(b) Whoever intentionally accesses a protected computer
without authorization, or exceeds authorized access to a
protected computer, by causing a computer program or code to
be copied onto the protected computer, and by means of that
program or code intentionally impairs the security protection
of the protected computer shall be fined under this title or
imprisoned not more than 2 years, or both.
``(c) A person shall not violate this section who solely
provides--
``(1) an Internet connection, telephone connection, or
other transmission or routing function through which software
is delivered to a protected computer for installation;
``(2) the storage or hosting of software, or of an Internet
website, through which software is made available for
installation to a protected computer; or
``(3) an information location tool, such as a directory,
index, reference, pointer, or hypertext link, through which a
user of a protected computer locates software available for
installation.
``(d) A provider of a network or online service that an
authorized user of a protected computer uses or subscribes to
shall not violate this section by any monitoring of,
interaction with, or installation of software for the purpose
of--
``(1) protecting the security of the network, service, or
computer;
``(2) facilitating diagnostics, technical support,
maintenance, network management, or repair; or
``(3) preventing or detecting unauthorized, fraudulent, or
otherwise unlawful uses of the network or service.
``(e) No person may bring a civil action under the law of
any State if such action is premised in whole or in part upon
the defendant's violating this section. For the purposes of
this subsection, the term `State' includes the District of
Columbia, Puerto Rico, and any other territory or possession
of the United States.''.
(b) Conforming Amendment.--The table of sections at the
beginning of chapter 47 of title 18, United States Code, is
amended by inserting after the item relating to section 1030
the following new item:
``1030A. Illicit indirect use of protected computers''
SEC. 13. DEFINITIONS.
In this Act:
(1) Authorized user.--The term ``authorized user'', when
used with respect to a computer, means the owner or lessee of
a computer, or someone using or accessing a computer with the
actual or apparent authorization of the owner or lessee.
(2) Cause the installation.--The term ``cause the
installation'' when used with respect to particular software,
means to knowingly provide the technical means by which the
software is installed, or to knowingly pay or provide other
consideration to, or to knowingly induce or authorize,
another person to do so.
(3) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(4) Cookie.--The term ``cookie'' means a text file--
[[Page S3109]]
(A) that is placed on a computer by, or on behalf of, an
Internet service provider, interactive computer service, or
Internet website; and
(B) the sole function of which is to record information
that can be read or recognized when the user of the computer
subsequently accesses particular websites or online locations
or services.
(5) First retail sale and delivery.--The term ``first
retail sale and delivery'' means the first sale, for a
purpose other than resale, of a protected computer and the
delivery of that computer to the purchaser or a recipient
designated by the purchaser at the time of such first sale.
For purposes of this paragraph, the lease of a computer shall
be considered a sale of the computer for a purpose other than
resale.
(6) Install.--
(A) In general.--The term ``install'' means--
(i) to write computer software to a computer's persistent
storage medium, such as the computer's hard disk, in such a
way that the computer software is retained on the computer
after the computer is turned off and subsequently restarted;
or
(ii) to write computer software to a computer's temporary
memory, such as random access memory, in such a way that the
software is retained and continues to operate after the user
of the computer turns off or exits the Internet service,
interactive computer service, or Internet website from which
the computer software was obtained.
(B) Exception for temporary cache.--The term ``install''
does not include the writing of software to an area of the
persistent storage medium that is expressly reserved for the
temporary retention of recently accessed or input data or
information if the software retained in that area remains
inoperative unless a user of the computer chooses to access
that temporary retention area.
(7) Person.--The term ``person'' has the meaning given that
term in section 3(32) of the Communications Act of 1934 (47
U.S.C. 153(32)).
(8) Protected computer.--The term ``protected computer''
has the meaning given that term in section 1030(e)(2)(B) of
title 18, United States Code.
(9) Software.--The term ``software'' means any program
designed to cause a computer to perform a desired function or
functions. Such term does not include any cookie.
(10) Unfair or deceptive act or practice.--The term
``unfair or deceptive act or practice'' has the same meaning
as when used in section 5 of the Federal Trade Commission Act
(15 U.S.C. 45).
(11) Upgrade.--The term ``upgrade'', when used with respect
to a previously installed software program, means additional
software that is issued by, or with the authorization of, the
publisher or any successor to the publisher of the software
program to improve, correct, repair, enhance, supplement, or
otherwise modify the software program.
SEC. 14. EFFECTIVE DATE.
This Act shall take effect 180 days after the date of
enactment of this Act.
____________________