[Haiko de Poel, Jr.]

Quote:

IN A DEVELOPMENT THAT SHOULD hearten the online ad industry, lawmakers are currently rewriting the anti-spyware bill H.R. 29, known as the Spy Act, to clarify that its provisions do not apply to any cookies--including those that track consumers as they move from site to site throughout the Web--OnlineMediaDaily has learned.

As originally proposed, the bill--now in the Committee on Energy and Commerce, U.S. House of Representatives--apparently requires companies that install certain types of cookies to first obtain consumers' consent. But the committee currently is rewriting the bill to exempt all cookies from that mandate, said Kimberly Pencille, press secretary for Rep. Mary Bono (R-Calif.), who introduced the bill early last month.

Online advertisers maintain that asking consumers for their permission to install certain cookies-- including those that monitor users across a variety of sites--could potentially hurt their business by making it harder to determine information such as how many times a consumer has seen a particular ad.

Last year, a bill virtually identical to H.R. 29 passed 399-1 in the House of Representatives, but died when the Senate didn't act on it. When considered by the House last year, there was little organized opposition to the portion of the bill that dealt with cookies. The original measure contained an exception for cookies installed by individual sites, such as Amazon.com, that simply store passwords or remember information about consumers. But, arguably, the proposal also required consumers to affirmatively opt-in to receive cookies that track behavior across more than one site.

....

An early indication that efforts were paying off came last week when Rep. Cliff Stearns (R-Fla.)--chair of a House subcommittee on commerce, trade, and consumer protection--testified at a Congressional hearing that it might be a mistake to mandate consumer permission for third-party cookies. "Another challenge that we face as legislators is ensuring that our responses to the growing spyware problem don't penalize legitimate uses of similar information technology designed to monitor and prevent unauthorized activity," said Stearns. "Among some of the concerns expressed regarding H.R. 29 that will be examined as we continue to work on the bill are: Examining the need for an exception for cookies and the issues raised by third-party cookies, since the bill is intended to apply only to software," he stated.

Full Article

[bedelman]

I never thought the bill covered cookies in the first place. The bill speaks to "programs." Cookies are data, not programs. Isn't that the end of the story? Cookies aren't programs, so cookies are not subject to the bill's requirements.

[MichaelColey]

I think it was a bit ambiguous, although I don't recall the exact wording.

[bedelman]

The bill: http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.29:

The provisions:

"It is unlawful for any person--

(1) to transmit to a protected computer, which is not owned by such person and for which such person is not an authorized user, any information collection program [unless meeting certain requirements set out subsequently]

(2) to execute any information collection program installed on such a protected computer [unless meeting certain requirements set out subsequently]"

Cookies aren't "information collection programs" because they're not programs.