Consumer Protection Against Spyware Act, Cal. Bus. & Prof. Code §§ 22947 et seq.
The Act prohibits software that secretly steals personal information, sends viruses, or takes control of a computer system as part of a denial-of-service attack. What is interesting about the law is that the term “spyware” is never defined. Instead, the law sets forth a list of prohibited acts, including:
|“||(a) Modify, through intentionally deceptive means, any of the following settings related to the computer’s access to, or use of, the Internet:
(c) Prevent, without the authorization of an authorized user, through intentionally deceptive means, an authorized user’s reasonable efforts to block the installation of, or to disable, software, by causing software that the authorized user has properly removed or disabled to automatically reinstall or reactivate on the computer without the authorization of an authorized user.
While the enumerated acts include what would generally be classed as activities performed by spyware, the law is actually much broader than spyware and includes other conduct that would not generally be classed as spyware.
A debatable issue is whether this law actually brings anything new to the fight against spyware. As noted by one commentator:
|“||These are surely bad actions. But they’re all prohibited under existing law – fraud, unfair trade practice, computer fraud and abuse act, etc. * * * In contrast, [the Act] fails to speak to the truly controversial activities – many of them arguably “borderline: -- that have actually been used by major players in the spyware space, whose installed user counts now reach into the tens of millions.||”|