Yesterday, the House of Representatives voted to approve the Internet Spyware (I-SPY) Prevention Act of 2007. As a quick summary, the bill does not actually prevent, or even target, most spyware. The proposed legislation has two main substantive portions. The first of those substantive provisions, section 1030A(a) adds an additional five year prison term for anyone who makes unauthorized access to a protected computer in furtherance of another Federal criminal offense. In other words, it does not have any effect whatsoever on behavior which is not otherwise a crime. The second of the substantive provisions, section 1030A(b), makes it a crime to make unauthorized access to a protected computer and install software on that computer "with the intent to defraud or injure a person or cause damage to a protected computer." There is no indication in the bill that installing software on a computer which simply monitors the user's behavior and reports to a third party for purposes other than to defraud, injure, or damage a protected computer would come within the reach of the act. Thus, a significant portion of spyware which reports Internet user's browsing habits for commercial gain would arguably be outside of the scope of the so-called Spyware Prevention Act.
Of course, it should be kept in mind that I-SPY has only passed the House, and so it is impossible to know what provisions will be included in the bill if it goes through the Senate and becomes law. However, to the extent that the act is passed in its current form, it will likely have little real effect on the prevalence of spyware on the internet.