US spyware clampdown won't impress European governments

Moves to jail spyware perpetrators in the US are unlikely to be copied by European authorities, believes a UK legal expert.

A US House of Representatives subcommittee has this week approved a bill that recommends up to five years in prison for convicted distributors of malicious spyware.

Past versions of the Internet Spyware Prevention Act have failed to pass a vote in the US Senate. However, increasing militancy among US computer users fed up with unwanted software intrusion make this latest attempt much more likely to pass into law, believe observers.

At stake, claim the bill's backers, is the credibility of the internet itself, with domestic and business PC users increasingly unsure who to trust in a world where the theft of personal data online is rife.

"There's no similar legislation pending in the UK or anywhere in Europe that I'm aware of," said Kiran Sandford, head of IT at law firm Mishcon de Reya. But she questions whether any such legislation is likely to be effective.

"Spyware is very tricky to make laws against," said Sandford. "What happens if someone does something outside your jurisdiction, in Timbuktu or Russia? It's going to be rather hard to apply the long arm of the law and bring them to book."

There would be some limited value, she believes, in blocking legitimate companies from issuing spyware, perhaps under the impression it was legal.

But there is other legislation already enacted in the UK that makes spyware illegal, she said. "The Computer Misuse Act has just been updated so that you are not allowed to interfere with or change someone else's software program," she explained. "That's wide enough to cover spyware. Then there's the Privacy and Electronic Communications EC directive, which means you must give people the chance to reject cookies, and of course the Data Protection Act."

She sees no momentum for further law on spyware in Europe, such as has been experienced in the US. "We do, though, sometimes follow their lead, and they ours, so you can't totally rule it out," she said.

Sandford says that there are still reasons why UK companies should take note of the US bill, should it become law: "It could serve as an example of good practice, for one thing," she said. "And if you have a US subsidiary or are travelling to the US on business, then you'd be advised to check what the law says. It's a big issue over there. I was at an International Technology Law conference in Chicago last week, and I can tell you that spyware was high on the agenda."

Email to a friend

Print this page