Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation.

Even as a trio of spyware bills is moving forward on Capitol Hill, officials from the Centre for Democracy and Technology (CDT) and the Federal Trade Commission (FTC) said their two organizations have differing views on the need for passage of the proposed laws.

Sometimes it's hard to craft legislation to address specific types of technologies; it seems like a good argument against new laws if we can get judgments already

Tracy Shapiro - FTC attorney

At a forum sponsored by the Anti-Spyware Coalition and held in the US at Harvard Law School, officials from the FTC and CDT — a US-based non-profit that has become a prominent Internet policy watchdog — detailed areas where their organizations diverge regarding Congressional anti-spyware bills.

The Anti-Spyware Coalition — a security consortium backed by industry players including AOL, Dell, Google, McAfee, Microsoft, and Yahoo — hosted the panel that brought legal experts from the two organizations together to air their differences. The discussion was hosted by John Palfrey, executive director of the US-based Berkman Centre for Internet and Society at Harvard Law, a well-known expert in the field of Internet security and privacy issues

The three pieces of legislation being debated were the Internet Spyware Prevention Act of 2007 (I-SPY Act) and Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) — both of which passed vote in the US House of Representatives and remain up for debate in the Senate — and the Counter Spy Act of 2007.

While both the FTC and CDT are actively involved in attempts to bring suspected purveyors of spyware to court and stop them from distributing illegal code to end users, the agencies appear to be divided over whether the new laws will result in more prosecutions.

The CDT supports passage of all three proposed bills, claiming that any additional laws that increase civil and criminal penalties against spyware brokers and better define illegal practices will prove helpful in bringing new cases — despite the group's recognition of flaws in all three bills.

For its part, the FTC contends that the new laws may only serve to muddle its ability to go after cyber-criminals when it finds them.

In outlining each of the bills for the assembled audience, CDT Deputy Director Ari Schwartz highlighted the group's hopes for each of the measures.

The I-SPY Act is the least controversial of the three bills in that it merely seeks to extend penalties established in the Computer Fraud and Abuse Act — originally passed in 1986 — and make the legal punishments for criminal hacking more severe.

The CDT is fully behind the bill and it passed through House hearings with almost no opposition, proving its overall appeal, Schwartz said.

The SPY ACT — originally written by Californian Republican Mary Bono and passed by the House in previous sessions - has proven more divisive; some businesses are expressing serious concerns about the proposal's limitations on consumer information gathering and the fact that the bill would supersede existing state anti-spyware laws.

Even though the CDT is against the idea of undercutting existing state laws, the group still supports the measure as it raises penalties on some criminal cyber-crimes and directly addresses troublesome spyware affiliate distribution issues, said Schwartz.

The Counter Spy Act was only recently reintroduced. Previous backers of the bill were voted out of Congress last year, making chances slim that the legislation will move forward quickly. However, the CDT favours the bill's effort to more clearly define the parameters of illegal adware programs, said Schwartz.

Issues over the weighting of state and federal anti-spyware measures shouldn't stand in the way of the proposed bills, whose benefits outweigh their loopholes and could help lead to more cases against cyber-criminals, the CDT leader contends.

He cited the relatively light punishment handed out in cases brought against proven spyware brokers such as DirectRevenue and Zango as proof that existing laws are insufficient.

"Raising penalties is useful, DirectRevenue should have been fined more than $US5 million, Zango should have been fined more than $3 million, and they would have been if we had more direct penalties," Schwartz said. "Most people are supportive of these bills, CDT would be happy with raising penalties without pre-empting the states, but most companies looking at these bills are pushing for pre-emption."

On the flip side, the FTC feels that existing laws provide it with sufficient power to go after spyware providers, even though the agency has only filed a dozen such suits in recent years.