U.S. Congress - Text of H.R.964 as Referred in Senate Securely Protect Yourself Against Cyber Trespass Act
The easiest way to email your members of Congress
Donate NowH.R.964 - Securely Protect Yourself Against Cyber Trespass Act
To protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs, and for other purposes.
| Version | Word Count | Changes From Previous Version | Percent Change |
|---|---|---|---|
| Introduced in House | 5,621 | n/a | n/a |
| Reported in House | 6,221 | 71 | 29% |
| Engrossed in House | 5,927 | 18 | 11% |
| Referred in Senate | 6,101 | 5 Show Changes Hide Changes | 1% |
Key: changed or removed text inserted or modified text
Loading Bill Text
Rollover any line of text to comment and/or link to it.
HR 964 EHRFSCommentsClose CommentsPermalink
June 7, 2007
Received; read twice and referred to the Committee on Commerce, Science, and TransportationCommentsClose CommentsPermalink
To protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs, and for other purposes.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE.
This Act may be cited as the `Securely Protect Yourself Against Cyber Trespass Act' or the `Spy Act'.CommentsClose CommentsPermalink
SEC. 2. PROHIBITION OF UNFAIR OR DECEPTIVE ACTS OR PRACTICES RELATING TO SPYWARE.
(a) Prohibition- It is unlawful for any person, who is not the owner or authorized user of a protected computer, to engage in unfair or deceptive acts or practices that involve any of the following conduct with respect to the protected computer:CommentsClose CommentsPermalink
(1) Taking control of the computer by--CommentsClose CommentsPermalink
(A) utilizing such computer to send unsolicited information or material from the computer to others;CommentsClose CommentsPermalink
(B) diverting the Internet browser of the computer, or similar program of the computer used to access and navigate the Internet--CommentsClose CommentsPermalink
(i) without authorization of the owner or authorized user of the computer; andCommentsClose CommentsPermalink
(ii) away from the site the user intended to view, to one or more other Web pages, such that the user is prevented from viewing the content at the intended Web page, unless such diverting is otherwise authorized;CommentsClose CommentsPermalink
(C) accessing, hijacking, or otherwise using the modem, or Internet connection or service, for the computer and thereby causing damage to the computer or causing the owner or authorized user or a third party defrauded by such conduct to incur charges or other costs for a service that is not authorized by such owner or authorized user;CommentsClose CommentsPermalink
(D) using the computer as part of an activity performed by a group of computers that causes damage to another computer; orCommentsClose CommentsPermalink
(E) delivering advertisements or a series of advertisements that a user of the computer cannot close or terminate without undue effort or knowledge by the user or without turning off the computer or closing all sessions of the Internet browser for the computer.CommentsClose CommentsPermalink
(2) Modifying settings related to use of the computer or to the computer's access to or use of the Internet by altering--CommentsClose CommentsPermalink
(A) the Web page that appears when the owner or authorized user launches an Internet browser or similar program used to access and navigate the Internet;CommentsClose CommentsPermalink
(B) the default provider used to access or search the Internet, or other existing Internet connections settings;CommentsClose CommentsPermalink
(C) a list of bookmarks used by the computer to access Web pages; orCommentsClose CommentsPermalink
(D) security or other settings of the computer that protect information about the owner or authorized user for the purposes of causing damage or harm to the computer or owner or user.CommentsClose CommentsPermalink
(3) Collecting personally identifiable information through the use of a keystroke logging function.CommentsClose CommentsPermalink
(4) Inducing the owner or authorized user of the computer to disclose personally identifiable information by means of a Web page that--CommentsClose CommentsPermalink
(A) is substantially similar to a Web page established or provided by another person; andCommentsClose CommentsPermalink
(B) misleads the owner or authorized user that such Web page is provided by such other person.CommentsClose CommentsPermalink
(5) Inducing the owner or authorized user to install a component of computer software onto the computer, or preventing reasonable efforts to block the installation or execution of, or to disable, a component of computer software by--CommentsClose CommentsPermalink
(A) presenting the owner or authorized user with an option to decline installation of such a component such that, when the option is selected by the owner or authorized user or when the owner or authorized user reasonably attempts to decline the installation, the installation nevertheless proceeds; orCommentsClose CommentsPermalink
(B) causing such a component that the owner or authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer.CommentsClose CommentsPermalink
(6) Misrepresenting that installing a separate component of computer software or providing log-in and password information is necessary for security or privacy reasons, or that installing a separate component of computer software is necessary to open, view, or play a particular type of content.CommentsClose CommentsPermalink
(7) Inducing the owner or authorized user to install or execute computer software by misrepresenting the identity or authority of the person or entity providing the computer software to the owner or user.CommentsClose CommentsPermalink
(8) Inducing the owner or authorized user to provide personally identifiable, password, or account information to another person--CommentsClose CommentsPermalink
(A) by misrepresenting the identity of the person seeking the information; orCommentsClose CommentsPermalink
(B) without the authority of the intended recipient of the information.CommentsClose CommentsPermalink
(9) Removing, disabling, or rendering inoperative a security, anti-spyware, or anti-virus technology installed on the computer.CommentsClose CommentsPermalink
(10) Installing or executing on the computer one or more additional components of computer software with the intent of causing a person to use such components in a way that violates any other provision of this section.CommentsClose CommentsPermalink
(b) Guidance- The Commission shall issue guidance regarding compliance with and violations of this section. This subsection shall take effect upon the date of the enactment of this Act.CommentsClose CommentsPermalink
(c) Effective Date- Except as provided in subsection (b), this section shall take effect upon the expiration of the 6-month period that begins on the date of the enactment of this Act.CommentsClose CommentsPermalink
SEC. 3. PROHIBITION OF COLLECTION OF CERTAIN INFORMATION WITHOUT NOTICE AND CONSENT.
(a) Opt-in Requirement- Except as provided in subsection (e), it is unlawful for any person--CommentsClose CommentsPermalink
(1) to transmit to a protected computer, which is not owned by such person and for which such person is not an authorized user, any information collection program, unless--CommentsClose CommentsPermalink
(A) such information collection program provides notice in accordance with subsection (c) before downloading or installing any of the information collection program; andCommentsClose CommentsPermalink
(B) such information collection program includes the functions required under subsection (d); orCommentsClose CommentsPermalink
(2) to execute any information collection program installed on such a protected computer unless--CommentsClose CommentsPermalink
(A) before execution of any of the information collection functions of the program, the owner or an authorized user of the protected computer has consented to such execution pursuant to notice in accordance with subsection (c); andCommentsClose CommentsPermalink
(B) such information collection program includes the functions required under subsection (d).CommentsClose CommentsPermalink
(b) Information Collection Program-CommentsClose CommentsPermalink
(1) IN GENERAL- For purposes of this section, the term `information collection program' means computer software that performs either of the following functions:CommentsClose CommentsPermalink
(A) COLLECTION OF PERSONALLY IDENTIFIABLE INFORMATION- The computer software--CommentsClose CommentsPermalink
(i) collects personally identifiable information; andCommentsClose CommentsPermalink
(ii)(I) sends such information to a person other than the owner or authorized user of the computer, orCommentsClose CommentsPermalink
(II) uses such information to deliver advertising to, or display advertising on, the computer.CommentsClose CommentsPermalink
(B) COLLECTION OF INFORMATION REGARDING INTERNET ACTIVITY TO DELIVER ADVERTISING- The computer software--CommentsClose CommentsPermalink
(i) collects information regarding the user's Internet activity using the computer; andCommentsClose CommentsPermalink
(ii) uses such information to deliver advertising to, or display advertising on, the computer.CommentsClose CommentsPermalink
(2) EXCEPTION FOR SOFTWARE COLLECTING INFORMATION REGARDING INTERNET ACTIVITY WITHIN A PARTICULAR WEB SITE- Computer software that otherwise would be considered an information collection program by reason of paragraph (1)(B) shall not be considered such a program if--CommentsClose CommentsPermalink
(A) the only information collected by the software regarding the user's internet activity, and used to deliver advertising to, or display advertising on, the protected computer, is--CommentsClose CommentsPermalink
(i) information regarding Web pages within a particular Web site; orCommentsClose CommentsPermalink
(ii) in the case of any Internet-based search function, user-supplied search terms necessary to complete the search and return results to the user;CommentsClose CommentsPermalink
(B) such information collected is not sent to a person other than--CommentsClose CommentsPermalink
(i) the provider of the Web site accessed or Internet-based search function; orCommentsClose CommentsPermalink
(ii) a party authorized to facilitate the display or functionality of Web pages within the Web site accessed; andCommentsClose CommentsPermalink
(C) the only advertising delivered to or displayed on the computer using such information is advertising on Web pages within that particular Web site.CommentsClose CommentsPermalink
(c) Notice and Consent-CommentsClose CommentsPermalink
(1) IN GENERAL- Notice in accordance with this subsection with respect to an information collection program is clear and conspicuous notice in plain language, set forth as the Commission shall provide, that meets all of the following requirements:CommentsClose CommentsPermalink
(A) The notice clearly distinguishes a statement required under subparagraph (B) from any other information visually presented contemporaneously on the computer.CommentsClose CommentsPermalink
(B) The notice contains one of the following statements, as applicable, or a substantially similar statement:CommentsClose CommentsPermalink
(i) With respect to an information collection program described in subsection (b)(1)(A): `This program will collect and transmit information about you. Do you accept?'.CommentsClose CommentsPermalink
(ii) With respect to an information collection program described in subsection (b)(1)(B): `This program will collect information about Web pages you access and will use that information to display advertising on your computer. Do you accept?'.CommentsClose CommentsPermalink
(iii) With respect to an information collection program that performs the actions described in both subparagraphs (A) and (B) of subsection (b)(1): `This program will collect and transmit information about you and will collect information about Web pages you access and use that information to display advertising on your computer. Do you accept?'.CommentsClose CommentsPermalink
(C) The notice provides for the user--CommentsClose CommentsPermalink
(i) to grant or deny consent referred to in subsection (a) by selecting an option to grant or deny such consent; andCommentsClose CommentsPermalink
(ii) to abandon or cancel the transmission or execution referred to in subsection (a) without granting or denying such consent.CommentsClose CommentsPermalink
(D) The notice provides an option for the user to select to display on the computer, before granting or denying consent using the option required under subparagraph (C), a clear description of--CommentsClose CommentsPermalink
(i) the types of information to be collected and sent (if any) by the information collection program;CommentsClose CommentsPermalink
(ii) the purpose for which such information is to be collected and sent; andCommentsClose CommentsPermalink
(iii) in the case of an information collection program that first executes any of the information collection functions of the program together with the first execution of other computer software, the identity of any such software that is an information collection program.CommentsClose CommentsPermalink
(E) The notice provides for concurrent display of the information required under subparagraphs (B) and (C) and the option required under subparagraph (D) until the user--CommentsClose CommentsPermalink
(i) grants or denies consent using the option required under subparagraph (C)(i);CommentsClose CommentsPermalink
(ii) abandons or cancels the transmission or execution pursuant to subparagraph (C)(ii); orCommentsClose CommentsPermalink
(iii) selects the option required under subparagraph (D).CommentsClose CommentsPermalink
(2) SINGLE NOTICE- The Commission shall provide that, in the case in which multiple information collection programs are provided to the protected computer together, or as part of a suite of functionally related software, the notice requirements of paragraphs (1)(A) and (2)(A) of subsection (a) may be met by providing, before execution of any of the information collection functions of the programs, clear and conspicuous notice in plain language in accordance with paragraph (1) of this subsection by means of a single notice that applies to all such information collection programs, except that such notice shall provide the option under subparagraph (D) of paragraph (1) of this subsection with respect to each such information collection program.CommentsClose CommentsPermalink
(3) CHANGE IN INFORMATION COLLECTION- If an owner or authorized user has granted consent to execution of an information collection program pursuant to a notice in accordance with this subsection:CommentsClose CommentsPermalink
(A) IN GENERAL- No subsequent such notice is required, except as provided in subparagraph (B).CommentsClose CommentsPermalink
(B) SUBSEQUENT NOTICE- The person who transmitted the program shall provide another notice in accordance with this subsection and obtain consent before such program may be used to collect or send information of a type or for a purpose that is materially different from, and outside the scope of, the type or purpose set forth in the initial or any previous notice.CommentsClose CommentsPermalink
(4) REGULATIONS- The Commission shall issue regulations to carry out this subsection.CommentsClose CommentsPermalink
(d) Required Functions- The functions required under this subsection to be included in an information collection program that executes any information collection functions with respect to a protected computer are as follows:CommentsClose CommentsPermalink
(1) DISABLING FUNCTION- With respect to any information collection program, a function of the program that allows a user of the program to remove the program or disable operation of the program with respect to such protected computer by a function that--CommentsClose CommentsPermalink
(A) is easily identifiable to a user of the computer; andCommentsClose CommentsPermalink
(B) can be performed without undue effort or knowledge by the user of the protected computer.CommentsClose CommentsPermalink
(2) IDENTITY FUNCTION-CommentsClose CommentsPermalink
(A) IN GENERAL- With respect only to an information collection program that uses information collected in the manner described in subparagraph (A)(ii)(II) or (B)(ii) of subsection (b)(1) and subject to subparagraph (B) of this paragraph, a function of the program that provides that each display of an advertisement directed or displayed using such information, when the owner or authorized user is accessing a Web page or online location other than of the provider of the computer software, is accompanied by the name of the information collection program, a logogram or trademark used for the exclusive purpose of identifying the program, or a statement or other information sufficient to clearly identify the program.CommentsClose CommentsPermalink
(B) EXEMPTION FOR EMBEDDED ADVERTISEMENTS- The Commission shall, by regulation, exempt from the applicability of subparagraph (A) the embedded display of any advertisement on a Web page that contemporaneously displays other information.CommentsClose CommentsPermalink
(3) RULEMAKING- The Commission may issue regulations to carry out this subsection.CommentsClose CommentsPermalink
(e) Limitation on Liability- A telecommunications carrier, a provider of information service or interactive computer service, a cable operator, or a provider of transmission capability shall not be liable under this section to the extent that the carrier, operator, or provider--CommentsClose CommentsPermalink
(1) transmits, routes, hosts, stores, or provides connections for an information collection program through a system or network controlled or operated by or for the carrier, operator, or provider; orCommentsClose CommentsPermalink
(2) provides an information location tool, such as a directory, index, reference, pointer, or hypertext link, through which the owner or user of a protected computer locates an information collection program.CommentsClose CommentsPermalink
(f) Study and Additional Exemption-CommentsClose CommentsPermalink
(1) STUDY AND REPORT- The Commission shall conduct a study to determine the applicability of the information collection prohibitions of this section to information that is input directly by users in a field provided on a website. The study shall examine--CommentsClose CommentsPermalink
(A) the nature of such fields for user input;CommentsClose CommentsPermalink
(B) the use of a user's information once input and whether such information is sent to a person other than the provider of the Web site;CommentsClose CommentsPermalink
(C) whether such information is used to deliver advertisements to the user's computer; andCommentsClose CommentsPermalink
(D) the extent of any notice provided to the user prior to such input.CommentsClose CommentsPermalink
(2) REPORT- The Commission shall transmit a report on such study to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate not later than the expiration of the 6-month period that begins on the date on which final regulations are issued under section 9. The requirements of subchapter I of chapter 35 of title 44, United States Code, shall not apply to the report required under this subsection.CommentsClose CommentsPermalink
(3) REGULATION- If the Commission finds that users have adequate notice regarding the uses of any information input directly by the user in a field provided on a website, such that an exemption from the requirements of this section, or a modification of the notice required by this section is appropriate for such information, and that such an exemption or modification is consistent with the public interest, the protection of consumers, and the purposes of this Act, the Commission may prescribe such an exemption or modification by regulation.CommentsClose CommentsPermalink
SEC. 4. ENFORCEMENT.
(a) Unfair or Deceptive Act or Practice- This Act shall be enforced by the Commission under the Federal Trade Commission Act (
(b) Penalty for Pattern or Practice Violations-CommentsClose CommentsPermalink
(1) IN GENERAL- Notwithstanding subsection (a) and the Federal Trade Commission Act, in the case of a person who engages in a pattern or practice that violates section 2 or 3, the Commission may, in its discretion, seek a civil penalty for such pattern or practice of violations in an amount, as determined by the Commission, of not more than--CommentsClose CommentsPermalink
(A) $3,000,000 for each violation of section 2; andCommentsClose CommentsPermalink
(B) $1,000,000 for each violation of section 3.CommentsClose CommentsPermalink
(2) TREATMENT OF SINGLE ACTION OR CONDUCT- In applying paragraph (1)--CommentsClose CommentsPermalink
(A) any single action or conduct that violates section 2 or 3 with respect to multiple protected computers shall be treated as a single violation; andCommentsClose CommentsPermalink
(B) any single action or conduct that violates more than one paragraph of section 2(a) shall be considered multiple violations, based on the number of such paragraphs violated.CommentsClose CommentsPermalink
(c) Required Scienter- Civil penalties sought under this section for any action may not be granted by the Commission or any court unless the Commission or court, respectively, establishes that the action was committed with actual knowledge or knowledge fairly implied on the basis of objective circumstances that such act is unfair or deceptive or violates this Act.CommentsClose CommentsPermalink
(d) Factors in Amount of Penalty- In determining the amount of any penalty pursuant to subsection (a) or (b), the court shall take into account the degree of culpability, any history of prior such conduct, ability to pay, effect on ability to continue to do business, and such other matters as justice may require.CommentsClose CommentsPermalink
(e) Exclusiveness of Remedies- The remedies in this section (and other remedies available to the Commission in an enforcement action against unfair and deceptive acts and practices) are the exclusive remedies for violations of this Act.CommentsClose CommentsPermalink
(f) Effective Date- To the extent only that this section applies to violations of section 2(a), this section shall take effect upon the expiration of the 6-month period that begins on the date of the enactment of this Act.CommentsClose CommentsPermalink
SEC. 5. LIMITATIONS.
(a) Law Enforcement Authority- Sections 2 and 3 shall not apply to--CommentsClose CommentsPermalink
(1) any act taken by a law enforcement agent in the performance of official duties; orCommentsClose CommentsPermalink
(2) the transmission or execution of an information collection program in compliance with a law enforcement, investigatory, national security, or regulatory agency or department of the United States or any State in response to a request or demand made under authority granted to that agency or department, including a warrant issued under the Federal Rules of Criminal Procedure, an equivalent State warrant, a court order, or other lawful process.CommentsClose CommentsPermalink
(b) Exception Relating to Security- Nothing in this Act shall apply to--CommentsClose CommentsPermalink
(1) any monitoring of, or interaction with, a protected computer--CommentsClose CommentsPermalink
(A) in connection with the provision of a network access service or other service or product with respect to which the user of the protected computer is an actual or prospective customer, subscriber, registered user, or account holder;CommentsClose CommentsPermalink
(B) by the provider of that service or product or with such provider's authorization; andCommentsClose CommentsPermalink
(C) that involves or enables the collection of information about the user's activities only with respect to the user's relationship with or use of such service or product,CommentsClose CommentsPermalink
to the extent that such monitoring or interaction is for the purpose of network security, computer security, diagnostics, technical support or repair, network management, authorized updates of software, or for the detection or prevention of fraudulent activities; orCommentsClose CommentsPermalink
(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon--CommentsClose CommentsPermalink
(A) initialization of the software; orCommentsClose CommentsPermalink
(B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software.CommentsClose CommentsPermalink
(c) Good Samaritan Protection-CommentsClose CommentsPermalink
(1) IN GENERAL- No provider of computer software or of interactive computer service may be held liable under this Act on account of any action voluntarily taken, or service provided, in good faith to remove or disable a program used to violate section 2 or 3 that is installed on a computer of a customer of such provider, if such provider notifies the customer and obtains the consent of the customer before undertaking such action or providing such service.CommentsClose CommentsPermalink
(2) CONSTRUCTION- Nothing in this subsection shall be construed to limit the liability of a provider of computer software or of an interactive computer service for any anti-competitive act otherwise prohibited by law.CommentsClose CommentsPermalink
(d) Limitation on Liability- A manufacturer or retailer of computer equipment shall not be liable under this Act to the extent that the manufacturer or retailer is providing third party branded computer software that is installed on the equipment the manufacturer or retailer is manufacturing or selling.CommentsClose CommentsPermalink
(e) Services Provided by Cable Operators and Satellite Carriers- It shall not be a violation of section 3 for a satellite carrier (as such term is defined in section 338(k) of the Communications Act of 1934 (
(1) utilize a navigation device (as such term is defined in the rules of the Federal Communications Commission);CommentsClose CommentsPermalink
(2) interact with such a navigation device; orCommentsClose CommentsPermalink
(3) transmit software to or execute software installed on such a navigation device to provide service or collect or disclose subscriber information,CommentsClose CommentsPermalink
if the provision of such service, the utilization of or the interaction with such device, or the collection of or disclosure of such information, is subject to section 338(i) or section 631 of the Communications Act of 1934.CommentsClose CommentsPermalink
SEC. 6. EFFECT ON OTHER LAWS.
(a) Preemption of State Law-CommentsClose CommentsPermalink
(1) PREEMPTION OF SPYWARE LAWS- This Act supersedes any provision of a statute, regulation, or rule of a State or political subdivision of a State that expressly regulates--CommentsClose CommentsPermalink
(A) unfair or deceptive conduct with respect to computers similar to that described in section 2(a);CommentsClose CommentsPermalink
(B) the transmission or execution of a computer program similar to that described in section 3; orCommentsClose CommentsPermalink
(C) the use of computer software that displays advertising content based on the Web pages accessed using a computer.CommentsClose CommentsPermalink
(2) ADDITIONAL PREEMPTION-CommentsClose CommentsPermalink
(A) IN GENERAL- No person other than the Attorney General of a State may bring a civil action under the law of any State if such action is premised in whole or in part upon the defendant violating any provision of this Act.CommentsClose CommentsPermalink
(B) PROTECTION OF CONSUMER PROTECTION LAWS- This paragraph shall not be construed to limit the enforcement of any State consumer protection law by an Attorney General of a State.CommentsClose CommentsPermalink
(3) PROTECTION OF CERTAIN STATE LAWS- This Act shall not be construed to preempt the applicability of--CommentsClose CommentsPermalink
(A) State trespass, contract, or tort law; orCommentsClose CommentsPermalink
(B) other State laws to the extent that those laws relate to acts of fraud.CommentsClose CommentsPermalink
(4) EFFECTIVE DATE- The preemption provided for under this subsection shall take effect, with respect to specific provisions of this Act, on the effective date for such provisions.CommentsClose CommentsPermalink
(b) Preservation of FTC Authority- Nothing in this Act may be construed in any way to limit or affect the Commission's authority under any other provision of law, including the authority to issue advisory opinions (under part 1 of volume 16 of the Code of Federal Regulations), policy statements, or guidance regarding this Act.CommentsClose CommentsPermalink
SEC. 7. FTC REPORT ON COOKIES.
(a) In General- Not later than the expiration of the 6-month period that begins on the date on which final regulations are issued under section 9, the Commission shall submit a report to the Congress regarding the use of cookies in the delivery or display of advertising to the owners and users of computers. The report shall examine the extent to which cookies are or may be used to transmit to a third party personally identifiable information of a computer owner or user, information regarding Web pages accessed by the owner or user, or information regarding advertisements previously delivered to a computer, for the purpose of--CommentsClose CommentsPermalink
(1) delivering or displaying advertising to the owner or user; orCommentsClose CommentsPermalink
(2) assisting the intended recipient to deliver or display advertising to the owner, user, or others.CommentsClose CommentsPermalink
The report shall examine and describe the methods by which cookies and the Web sites that place them on computers function separately and together, and shall compare the use of cookies with the use of information collection programs (as such term is defined in section 3) to determine the extent to which such uses are similar or different. The report may include such recommendations as the Commission considers necessary and appropriate, including treatment of cookies under this Act or other laws.CommentsClose CommentsPermalink
(b) Effective Date- This section shall take effect on the date of the enactment of this Act.CommentsClose CommentsPermalink
(c) Paperwork Reduction Requirements- The requirements of subchapter I of chapter 35 of title 44, United States Code, shall not apply to the report required under this section.CommentsClose CommentsPermalink
SEC. 8. FTC REPORT ON INFORMATION COLLECTION PROGRAMS INSTALLED BEFORE EFFECTIVE DATE.
Not later than the expiration of the 6-month period that begins on the date on which final regulations are issued under section 9, the Commission shall submit a report to the Congress on the extent to which there are installed on protected computers information collection programs that, but for installation prior to the effective date under section 11(a), would be subject to the requirements of section 3. The report shall include recommendations regarding the means of affording computer users affected by such information collection programs the protections of section 3, including recommendations regarding requiring a one-time notice and consent by the owner or authorized user of a computer to the continued collection of information by such a program so installed on the computer. The requirements of subchapter I of chapter 35 of title 44, United States Code, shall not apply to the report required under this section.CommentsClose CommentsPermalink
SEC. 9. REGULATIONS.
(a) In General- The Commission shall issue the regulations required by this Act not later than the expiration of the 9-month period beginning on the date of the enactment of this Act. In exercising its authority to issue any regulation under this Act, the Commission shall determine that the regulation is consistent with the public interest and the purposes of this Act. Any regulations issued pursuant to this Act shall be issued in accordance with
(b) Effective Date- This section shall take effect on the date of the enactment of this Act.CommentsClose CommentsPermalink
SEC. 10. DEFINITIONS.
For purposes of this Act:CommentsClose CommentsPermalink
(1) CABLE OPERATOR- The term `cable operator' has the meaning given such term in section 602 of the Communications Act of 1934 (
(2) COLLECT- The term `collect', when used with respect to information and for purposes only of section 3(b)(1)(A), does not include obtaining of the information by a party who is intended by the owner or authorized user of a protected computer to receive the information or by a third party authorized by such intended recipient to receive the information, pursuant to the owner or authorized user--CommentsClose CommentsPermalink
(A) transferring the information to such intended recipient using the protected computer; orCommentsClose CommentsPermalink
(B) storing the information on the protected computer in a manner so that it is accessible by such intended recipient.CommentsClose CommentsPermalink
(3) COMPUTER; PROTECTED COMPUTER- The terms `computer' and `protected computer' have the meanings given such terms in
(4) COMPUTER SOFTWARE-CommentsClose CommentsPermalink
(A) IN GENERAL- Except as provided in subparagraph (B), the term `computer software' means a set of statements or instructions that can be installed and executed on a computer for the purpose of bringing about a certain result.CommentsClose CommentsPermalink
(B) EXCEPTIONS- Such term does not include--CommentsClose CommentsPermalink
(i) computer software that is placed on the computer system of a user by an Internet service provider, interactive computer service, or Internet Web site solely to enable the user subsequently to use such provider or service or to access such Web site;CommentsClose CommentsPermalink
(ii) a cookie; orCommentsClose CommentsPermalink
(iii) any other type of text or data file that solely may be read or transferred by a computer.CommentsClose CommentsPermalink
(5) COMMISSION- The term `Commission' means the Federal Trade Commission.CommentsClose CommentsPermalink
(6) DAMAGE- The term `damage' has the meaning given such term in
(7) UNFAIR OR DECEPTIVE ACTS OR PRACTICES- The term `unfair or deceptive acts or practices' has the meaning applicable to such term for purposes of section 5 of the Federal Trade Commission Act (
(8) DISABLE- The term `disable' means, with respect to an information collection program, to permanently prevent such program from executing any of the functions described in section 3(b)(1) that such program is otherwise capable of executing (including by removing, deleting, or disabling the program), unless the owner or operator of a protected computer takes a subsequent affirmative action to enable the execution of such functions.CommentsClose CommentsPermalink
(9) INFORMATION COLLECTION FUNCTIONS- The term `information collection functions' means, with respect to an information collection program, the functions of the program described in subsection (b)(1) of section 3.CommentsClose CommentsPermalink
(10) INFORMATION SERVICE- The term `information service' has the meaning given such term in section 3 of the Communications Act of 1934 (
(11) INTERACTIVE COMPUTER SERVICE- The term `interactive computer service' has the meaning given such term in section 230(f) of the Communications Act of 1934 (
(12) INTERNET- The term `Internet' means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.CommentsClose CommentsPermalink
(13) PERSONALLY IDENTIFIABLE INFORMATION-CommentsClose CommentsPermalink
(A) IN GENERAL- The term `personally identifiable information' means the following information, to the extent only that such information allows a living individual to be identified from that information:CommentsClose CommentsPermalink
(i) First and last name of an individual.CommentsClose CommentsPermalink
(ii) A home or other physical address of an individual, including street name, name of a city or town, and zip code.CommentsClose CommentsPermalink
(iii) An electronic mail address.CommentsClose CommentsPermalink
(iv) A telephone number.CommentsClose CommentsPermalink
(v) A social security number, tax identification number, passport number, driver's license number, or any other government-issued identification number.CommentsClose CommentsPermalink
(vi) A credit card number.CommentsClose CommentsPermalink
(vii) Any access code, password, or account number, other than an access code or password transmitted by an owner or authorized user of a protected computer to the intended recipient to register for, or log onto, a Web page or other Internet service or a network connection or service of a subscriber that is protected by an access code or password.CommentsClose CommentsPermalink
(viii) Date of birth, birth certificate number, or place of birth of an individual, except in the case of a date of birth transmitted or collected for the purpose of compliance with the law.CommentsClose CommentsPermalink
(B) RULEMAKING- The Commission may, by regulation, add to the types of information described in subparagraph (A) that shall be considered personally identifiable information for purposes of this Act, except that such additional types of information shall be considered personally identifiable information only to the extent that such information allows living individuals, particular computers, particular users of computers, or particular email addresses or other locations of computers to be identified from that information.CommentsClose CommentsPermalink
(14) SUITE OF FUNCTIONALLY RELATED SOFTWARE- The term suite of `functionally related software' means a group of computer software programs distributed to an end user by a single provider, which programs enable features or functionalities of an integrated service offered by the provider.CommentsClose CommentsPermalink
(15) TELECOMMUNICATIONS CARRIER- The term `telecommunications carrier' has the meaning given such term in section 3 of the Communications Act of 1934 (
(16) TRANSMIT- The term `transmit' means, with respect to an information collection program, transmission by any means.CommentsClose CommentsPermalink
(17) WEB PAGE- The term `Web page' means a location, with respect to the World Wide Web, that has a single Uniform Resource Locator or another single location with respect to the Internet, as the Federal Trade Commission may prescribe.CommentsClose CommentsPermalink
(18) WEB SITE- The term `web site' means a collection of Web pages that are presented and made available by means of the World Wide Web as a single Web site (or a single Web page so presented and made available), which Web pages have any of the following characteristics:CommentsClose CommentsPermalink
(A) A common domain name.CommentsClose CommentsPermalink
(B) Common ownership, management, or registration.CommentsClose CommentsPermalink
SEC. 11. APPLICABILITY AND SUNSET.
(a) Effective Date- Except as specifically provided otherwise in this Act, this Act shall take effect upon the expiration of the 12-month period that begins on the date of the enactment of this Act.CommentsClose CommentsPermalink
(b) Applicability- Section 3 shall not apply to an information collection program installed on a protected computer before the effective date under subsection (a) of this section.CommentsClose CommentsPermalink
(c) Sunset- This Act shall not apply after December 31, 2013.CommentsClose CommentsPermalink
Passed the House of Representatives June 6, 2007.CommentsClose CommentsPermalink
Attest:CommentsClose CommentsPermalink
Clerk.
Deputy Clerk.CommentsClose CommentsPermalink
Vote on This Bill
-
Share This Bill
More Share via Email
OC Blog Articles Related To This Bill
- Yes, let's stride towards an open VCS for legislation (or, GitHub for laws on OC) May 23, 2012
- CISPA: SOPA's Meaner, Uglier Cousin, Will Kill Your Privacy May 15, 2012
- CISPA Rushed to Passage Apr 27, 2012
- With SOPA Shelved, Congress Readies its Next Attack on the Internet Feb 13, 2012
- Anti-Web Censorship Bill Protest from Our Perspective at OC Feb 08, 2012
Recent OC Blog Articles
- Yes, let's stride towards an open VCS for legislation (or, GitHub for laws on OC) May 23, 2012
- Contact Congress Today to #FreeTHOMAS May 17, 2012
- Yochai Benkler: Blueprint for Democratic Participation May 10, 2012
- New NDAA Would Give the Military Clandestine Cyberwar Powers May 08, 2012
- The Week Ahead in Congress May 07, 2012