Oklahoma State House bill would legalize spyware

By Dave Moore
Apr 16, 2006

Titled the "Computer Spyware Protection Act," Oklahoma House Bill 2083 is literally a Trojan horse waiting to invade your computer. The bill, introduced by Rep. Guy Liebmann, R-OKC, touts itself as a way of protecting "owners and operators of computers in this state from the use of spyware and malware that is deceptively or surreptitiously installed on the computer of an owner or operator." Deeper reading of the bill reveals that perhaps it should be renamed the "Microsoft Legalized Computer Spying Act."

In fact, the bill was practically written by Microsoft, along with other Internet giants such as Symantec and Hewlett-Packard. These are some of the leading technology groups whose legions of attorneys craft, promote and funnel "model" legislation through "think tank" organizations such as the American Legislative Exchange Council, which is the source of HB 2083. Such tactics are now common practice in the political arena, and bills with exactly the same language as HB 2083 have already become law in a handful of states, including California.

The first seven pages of HB 2083 read like an anti-spyware dream. Programs that install themselves without your knowledge are forbidden, with fines up to $1 million levied against violators. It was not until I read page eight of the bill that the red flags started going up. The bill exempts anyone who is a "telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service," while, at the same time, imposing harsh restrictions on the makers of legitimate anti-spyware programs, such as Adaware and Spybot S&D. In addition, those exempt entities would be specifically authorized to scan your computer for the purpose of "detection or prevention of the unauthorized use of or fraudulent or other illegal activities in connection with a network, service, or computer software."

What this means is that your computer would be an open book to telephone and cable companies, Internet service providers such as AOL, and computer software and hardware manufacturers. This is made possible by combining the bad sections of HB 2083 with the sneaky sections of the End-Users Licensing Agreement (EULA) that you agree to when you install a new program. Those long, boring mumbo-jumbo agreements that nobody reads when they click "I agree" are getting ready to take on a whole new meaning. If you have installed programs (such as Microsoft Windows, or most anti-virus programs) that "update" themselves, HB 2083, combined with the EULA, will give companies such as Microsoft carte blanche to scan, read, copy and/or delete and report to the police any file on your computer that it deems to be unauthorized, fraudulent or illegal. Suddenly, hardware and software "providers" have law enforcement powers.

One tragic irony in all of this comes from the "what-were-they-thinking?" department, in that "software providers," such as Microsoft would be exempt from HB 2083. But, guess who writes and distributes spyware? Software providers! Duh!

HB 2083 seems to be on the fast track, so, unless it is seriously amended, Oklahomans may need to appeal to Gov. Henry to stop this monstrosity before it gets out of control.

For a more lengthy look at the subject, check out Oklahoma Gazette.