DMA Praises House for Passing Spyware Legislation

May 25, 2007 — The Direct Marketing Association (DMA) yesterday said that the Internet Spyware Prevention Act of 2007 (I-SPY), which the US House of Representatives passed on Tuesday, is an important step toward helping make the online environment more secure and protecting Americans from fraud and identity theft.

DMA strongly supported the I-SPY Act (H.R. 1525) and extended its appreciation to sponsors Representatives Zoe Lofgren (D-CA) and Bob Goodlatte (R-VA) for their bipartisan efforts in helping bring about this important legislation.

The I-SPY Act makes it a criminal offense, with a prison term of up to five years, to access a computer without authorization in order to commit a federal criminal offense. The bill also makes obtaining or transmitting personal information for the purpose of injuring or defrauding a person or damaging a computer punishable by up to two years in prison.

Commenting on the May 22 vote, Steven K. Berry, DMA’s executive vice president for government and consumer affairs, said “we are very glad that the I-SPY bill put the appropriate focus on identifying and punishing bad actors, rather than by placing restrictions on the use of technologies that are driving legitimate online commerce.”

Berry said DMA was particularly pleased that the measure also provides for $10 million to be appropriated for each of fiscal years 2008 through 2011, to help the US Department of Justice seek prosecutions for individuals and companies that use spyware or malware, or that employ tactics such as phishing or pharming.

These legislative efforts, Berry said, will complement and strengthen DMA’s own voluntary efforts to combat the spread of programs that install deceptive, fraudulent, or harmful software on people’s computers without their knowledge.

DMA’s self-regulatory Guidelines for Ethical Business Practice, adherence to which is a mandatory component of DMA membership, specify that marketers must not install, have installed, or use, software or other similar technology on a computer or similar device that initiates deceptive practices or interferes with a user’s expectation of the functionality of the computer and its programs.

Such practices could include software that takes control of a computer (e.g., relaying spam and viruses, modem hijacking, denial-of-service attacks, or endless-loop pop-up advertisements). Also prohibited would be programs that deceptively modify or disable security or browser settings or prevent the user’s efforts to disable or uninstall the software.

DMA’s guidelines also lay out what marketers should do when offering software or other similar technology that is installed on a computer for legitimate marketing purposes. Specifically, such programs must give the user clear and conspicuous notice and choice at the point of joining a service or before the software or other similar technology begins operating on the user’s computer, including notice of significant effects of having the software or other similar technology installed.

Also, marketers must also give the user an easy means to uninstall the technology and/or disable all functionality. Finally, marketers should always provide an easily accessible link to privacy policies and contact information, as well as clear identification of the company making the offer.

More information about DMA’s Guidelines for Ethical Business Practices is available online at www.the-dma.org/guidelines.

# # #