Oral Testimony Before the United States House of Representatives Committee on Energy and Commerce
Combating Spyware: H.R. 29, the ‘SPY ACT’
January 26, 2005
Chairman Barton, Ranking Member Dingell, and Members of the Committee: My name is Ira Rubinstein and I am an Associate General Counsel at Microsoft. Thank you for the opportunity to share our views on spyware — an issue on which you have been at the forefront. In particular, I want to acknowledge the leadership of Chairman Barton and Ranking Member Dingell, Chairman Stearns and Ranking Member Schakowsky of the Consumer Protection Subcommittee, and Representatives Bono and Towns, the lead sponsors of H.R. 29, the
This Committee has worked tirelessly to draft legislation that targets the bad behavior at the root of the problem — without unnecessarily impacting legitimate software functionality. We support the SPY ACT and we look forward to working with Congress as the bill moves forward.
Nine months ago, Microsoft testified on spyware before the Consumer Protection Subcommittee. We described a multi-faceted approach that included technological development, consumer education, aggressive enforcement, and industry best practices. We also discussed the role of legislation in complementing this strategy. Since then, we have made significant headway in each of these areas. Today I want to update the Committee on that progress, and describe how industry and Congress can continue working together to give consumers choice and control.
Spyware is a problem of bad practices — practices that mislead, deceive, or even bully users into downloading unwanted applications. However, new anti-spyware technology is enabling users to fight back. For example, Microsoft recently released a beta (or test) version of Windows AntiSpyware. This is our first dedicated anti-spyware solution, and it is available for free on www.microsoft.com/spyware . This tool scans a users computer, locates spyware, and enables the user to remove it and undo any damage. It also provides ongoing protection to computers through security checkpoints that guard against more than 50 separate ways that spyware can be downloaded. If known spyware is detected at these checkpoints, it is blocked. If an unknown program is detected, Windows AntiSpyware informs the user and asks whether the download should proceed. We invite the Committee to download the program and would welcome your feedback.
In addition to technological developments, there has been substantial progress in other areas. This progress is a tribute to the successful collaboration between government and industry. Consumer education is a shining example. Over the past nine months, through hearings like these, consumers have become more aware of the spyware problem and how they can protect themselves from these threats. Industry has also played an important role. Microsofts anti-spyware Web site contains updated information that is designed to help consumers understand, identify, prevent, and remove spyware. The site also includes step-by-step instructions on what consumers can do about spyware and an informative 3-minute video covering the same materials. Many others in the industry are engaged in similar efforts.
Cooperation between the public and private sectors has also led to a successful FTC enforcement action against a spyware publisher. Microsoft actively supported this investigation and we will continue to work with government and industry partners to go after spyware distributors. Industry best practices are another part of our anti-spyware strategy. They can serve as a foundation for programs that help identify the good actors. This in turn allows users to make informed decisions about the software they download. Over the past year, representatives from a broad range of companies have been working to develop and implement a set of best practices, but more needs to be done. Microsoft is dedicated to working with industry in this effort that will help optimize user control.
Federal legislation can be an effective complement to this combination of technology, education, enforcement, and industry best practices. But, as we have stressed throughout the legislative process, Congress must proceed cautiously to ensure that such legislation targets the deceptive behavior of spyware publishers — and not features or functionalities that have legitimate uses.
Our success in working together to achieve this goal is apparent and our written testimony sets forth some of the scenarios that could have had unintended consequences and that the Committee has now addressed. As we move forward, we need to make sure that the law does not create disincentives for consumers to use these anti-spyware tools, or leave anti-spyware vendors open to legal action for developing and distributing them.
* * *
We want to thank the Committee once again for your attention to the spyware problem and for extending Microsoft an invitation to share our ideas and experiences with you — both today and as this process moves forward. We appreciate that the Committee solicited further comment from industry on ways to clarify the bill and we encourage the Committee to continue this collaborative process. Microsoft remains committed to supporting legislation that will prevent bad actors from deceiving consumers and destroying their computing experience.