The House of Representatives recently passed the Internet Spyware (I- SPY) Prevention Act of 2007. The bill amends the federal criminal code to prohibit intentionally accessing a protected computer without authorization, or exceeding authorized access, by causing a computer program or code to be copied onto the protected computer, and intentionally using that program or code: (1) in furtherance of another federal criminal offense; (2) to obtain or transmit personal information (including a first or last name, physical address, Social Security number or other government-issued identification number, a bank or credit card number, or an associated password or access code) with intent to defraud or injure a person or cause damage to a protected computer; or (3) to impair the security protection of that computer.
The Bill goes on to express the Sense of Congress that the Department of Justice should vigourously pursue claims against. Unfortunately, the bill also prohibits civil actions under state law.
Bottom Line: Congress is correct to continue addressing cybercrimes and cybertorts via legislation. The decision to prevent civil actions under state law, however, is misguided. Instead of allowing consumers to address their losses in a private fashion victims of spyware must depend on already overburdended law enforcment authorities under this legislation.