Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2004-2005 The Parliament of the Commonwealth of Australia THE SENATE Presented and read a first time Spyware Bill 2005 No. , 2005 (Senator Greig) A Bill for an Act to regulate the unauthorised installation of computer software, to require the clear disclosure to computer users of certain computer software features that may pose a threat to user privacy, and for related purposesIndex] [Search] [Download] [Bill] [Help]Contents Part 1--Preliminary 2 1 Short title ......................................................................................2 2 Commencement .............................................................................2 3 Objects of the Act ..........................................................................2 4 Definitions.....................................................................................2 Part 2--Prohibited practices in relation to software installation 6 5 Surreptitious installation of software..............................................6 6 Notice, choice and removal of software ..........................................6 7 Deceptive installation of software ..................................................7 8 Notice, consent and removal of software requirements ...................7 9 Misleading inducements to install software....................................9 10 Preventing reasonable efforts to remove software ...........................9 11 Limitation of ability to remove software.......................................10 Part 3--Installing surreptitious information collection features on a user's computer 11 12 Surreptitious information collection unlawful...............................11 13 Intentional transmission of information by user ............................12 14 Adware that conceals its operation ...............................................12 15 Other practices that thwart user control of computer.....................12 Part 4--Limitations on liability 14 16 Passive transmission, hosting or linking.......................................14 17 Network security..........................................................................14 Part 5--Penalties 15 18 Penalties......................................................................................15 19 Exceptions...................................................................................15 Spyware Bill 2005 No. , 2005 1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 A Bill for an Act to regulate the unauthorised 17 installation of computer software, to require the 18 clear disclosure to computer users of certain 19 computer software features that may pose a threat 20 to user privacy, and for related purposes 21 Preamble 22 Acknowledging that computer users increasingly are finding 23 software installed on their computers that they did not know was 24 installed and that they cannot uninstall. 25 Concerned that there is an increasing capacity and tendency for 26 users of the Internet to have unauthorised software surreptitiously 27 installed on their computers without their knowledge. 28 Aware that there is now freely available predatory and 29 eavesdropping software which has the capacity to collect and 30 transfer data from a user's computer to another computer without 31 the knowledge of the user. Spyware Bill 2005 No. , 2005 1
Part 1 Preliminary Section 1 1 The Parliament of Australia enacts: 2 Part 1--Preliminary 3 4 1 Short title 5 This Act may be cited as the Spyware Act 2005. 6 2 Commencement 7 This Act commences on Royal Assent. 8 3 Objects of the Act 9 The objects of this Act are to: 10 (a) regulate the unauthorised or surreptitious installation of 11 computer software; 12 (b) require the clear disclosure to computer users of certain 13 computer software features that may pose a threat to a user's 14 privacy or the speed or operation of their computer; 15 (c) give computer users the rights and capacity to: 16 (i) know what software is being installed on their computer; 17 (ii) refuse to have the software installed; and 18 (iii) be able to uninstall any software. 19 4 Definitions 20 In this Act: 21 ACMA means the Australian Communications and Media 22 Authority. 23 advertisement means a commercial promotion for a product or 24 service, but does not include promotions for products or services 25 that appear on computer software help or support pages that are 26 displayed in response to a request by the user. 2 Spyware Bill 2005 No. , 2005
Preliminary Part 1 Section 4 1 advertising feature means a function of computer software that, 2 when installed on a computer, delivers advertisements to the user of 3 that computer. 4 adware means software which causes advertisements to be 5 displayed on a user's computer. 6 affirmative consent means consent expressed through action by the 7 user of a computer other than default action specified by the 8 installation sequence and independent from any other consent 9 solicited from the user during the installation process. 10 authorised user, when used with respect to a computer, means the 11 owner or lessee of a computer, or someone using or accessing a 12 computer with the actual or apparent authorisation of the owner or 13 lessee. 14 cause the installation, when used with respect to particular 15 software, means to knowingly provide the technical means by which 16 the software is installed, or to knowingly pay or provide other 17 consideration to, or induce, another person to do so. 18 clear description means a description that is clear, conspicuous, 19 concise and in a font size that is at least as large as the largest 20 default font displayed to the user by the software. 21 computer software means any program designed to cause a 22 computer to perform a desired function or functions and does not 23 include any cookie. 24 cookie means a text file: 25 (a) that is placed on a computer by an Internet service provider, 26 interactive computer service or Internet website; and 27 (b) the sole function of which is to record information that can be 28 read or recognised by an Internet service provider, interactive 29 computer service or Internet website when the user of the 30 computer uses or accesses such provider, service or website. 31 distributed computing feature means a function of computer 32 software that, when installed on a computer, transmits information Spyware Bill 2005 No. , 2005 3
Part 1 Preliminary Section 4 1 or messages, other than personal or network information about the 2 user of the computer, to any other computer without the knowledge 3 or direction of the user and for purposes unrelated to the tasks or 4 functions the user intentionally performs using the computer. 5 first retail sale means the first sale of a computer, for a purpose 6 other than resale, after the manufacture, production or importation 7 of the computer. For purposes of this definition, each lease and each 8 subsequent lease of a computer is to be considered as a first retail 9 sale. 10 information collection feature means a function of computer 11 software that, when installed on a computer, collects personal or 12 network information about the user of the computer and transmits 13 such information to any other party on an automatic basis or at the 14 direction of a party other than the user of the computer. 15 install means: 16 (a) to write computer software to a computer's persistent storage 17 medium, such as the computer's hard disk, in such a way that 18 the computer software is retained on the computer after the 19 computer is turned off and subsequently restarted; or 20 (b) to write computer software to a computer's temporary 21 memory, such as random access memory, in such a way that 22 the software is retained and continues to operate after the user 23 of the computer turns off or exits the Internet service, 24 interactive computer service or Internet website from which 25 the computer software was obtained. 26 network information means: 27 (a) an Internet protocol address or domain name of a user's 28 computer; or 29 (b) a Uniform Resource Locator or other information that 30 identifies Internet web sites or other online resources accessed 31 by a user of a computer. 32 personal information means: 33 (a) a first and last name, whether given at birth or adoption, 34 assumed or legally changed; 4 Spyware Bill 2005 No. , 2005
Preliminary Part 1 Section 4 1 (b) a home or other physical address including street name, name 2 of a city or town and postcode; 3 (c) an electronic mail address or online username; 4 (d) a telephone number; 5 (e) any personal identification number; 6 (f) a credit card number, any access code associated with the 7 credit card or both; 8 (g) a birth date, birth certificate number or place of birth; or 9 (h) any password or access code. 10 settings modification feature means a function of computer 11 software that, when installed on a computer: 12 (a) modifies an existing user setting, without direction from the 13 user of the computer, with respect to another computer 14 software application previously installed on that computer; or 15 (b) enables a user setting with respect to another computer 16 software application previously installed on that computer to 17 be modified in the future without advance notification to and 18 consent from the user of the computer. 19 user of a computer means a computer's lawful owner or an 20 individual who operates a computer with the authorisation of the 21 computer's lawful owner. Spyware Bill 2005 No. , 2005 5
Part 2 Prohibited practices in relation to software installation Section 5 1 2 Part 2--Prohibited practices in relation to software 3 installation 4 5 Surreptitious installation of software 5 6 (1) It is unlawful for a person who is not an authorised user of a 7 computer to cause the installation of software on the computer in a 8 manner designed to: 9 (a) conceal from the user of the computer the fact that the 10 software is being installed; or 11 (b) prevent the user of the computer from having an opportunity 12 to knowingly grant or withhold consent to the installation. 13 Exception 14 (2) This section does not apply to: 15 (a) the installation of software that falls within the scope of a 16 previous grant of authorisation by an authorised user; or 17 (b) the installation of an upgrade to a software program that has 18 already been installed on the computer with the authorisation 19 of an authorised user; or 20 (c) the installation of software before the first retail sale of the 21 computer. 22 6 Notice, choice and removal of software 23 It is unlawful for any person who is not the user of a computer to 24 install computer software on that computer, or to authorise, permit 25 or cause the installation of computer software on that computer, 26 unless: 27 (a) the user of the computer has received notice that satisfies the 28 requirements of section 8; and 29 (b) the user of the computer has granted consent that satisfies the 30 requirements of section 8; and 6 Spyware Bill 2005 No. , 2005
Prohibited practices in relation to software installation Part 2 Section 7 1 (c) the computer software's removal procedures satisfy the 2 requirements of section 8. 3 7 Deceptive installation of software 4 It is unlawful for any person who is not the user of a computer to 5 install computer software on that computer, or to authorise, permit, 6 or cause the installation of computer software on that computer, if 7 the design or operation of the computer software is intended, or may 8 reasonably be expected, to confuse or mislead the user of the 9 computer concerning the identity of the person or service 10 responsible for the functions performed or content displayed by such 11 computer software. 12 8 Notice, consent and removal of software requirements 13 Notice 14 (1) For the purposes of section 6, notice to the user of a computer must: 15 (a) include a clear notification, displayed on the screen until the 16 user either grants or denies consent to installation, of the name 17 and general nature of the computer software that will be 18 installed if the user grants consent; and 19 (b) include a separate disclosure, with respect to each information 20 collection, advertising, distributed computing and settings 21 modification feature contained in the computer software, that 22 remains displayed on the screen until the user either grants or 23 denies consent to that feature; and 24 (c) in the case of an information collection feature, provides a 25 clear description of: 26 (i) the type of personal or network information to be 27 collected and transmitted by the computer software; and 28 (ii) the purpose for which the personal or network 29 information is to be collected, transmitted and used; and 30 (d) in the case of an advertising feature, provides: 31 (i) a representative example of the type of advertisement 32 that may be delivered by the computer software; and Spyware Bill 2005 No. , 2005 7
Part 2 Prohibited practices in relation to software installation Section 8 1 (ii) a clear description of the estimated frequency with which 2 each type of advertisement may be delivered or the 3 factors on which the frequency will depend; and 4 (iii) a clear description of how the user can distinguish each 5 type of advertisement that the computer software delivers 6 from advertisements generated by other software, 7 Internet website operators or services; and 8 (e) in the case of a distributed computing feature, provides a clear 9 description of: 10 (i) the types of information or messages the computer 11 software will cause the computer to transmit; and 12 (ii) the estimated frequency with which the computer 13 software will cause the computer to transmit such 14 messages or information or the factors on which the 15 frequency will depend; and 16 (iii) the estimated volume of such information or messages, 17 and the likely impact, if any, on the processing or 18 communications capacity of the user's computer; and 19 (iv) the nature, volume and likely impact on the computer's 20 processing capacity of any computational or processing 21 tasks the computer software will cause the computer to 22 perform in order to generate the information or messages 23 the computer software will cause the computer to 24 transmit; and 25 (f) in the case of a settings modification feature, provides a clear 26 description of the nature of the modification, its function and 27 any collateral effects the modification may produce, and 28 procedures the user may follow to turn off such feature or 29 uninstall the computer software. 30 Consent 31 (2) For purposes of section 6, consent means: 32 (a) consent by the user of the computer to the installation of the 33 computer software; and 34 (b) separate affirmative consent by the user of the computer to 35 each information collection feature, advertising feature, 8 Spyware Bill 2005 No. , 2005
Prohibited practices in relation to software installation Part 2 Section 9 1 distributed computing feature and settings modification 2 feature contained in the computer software. 3 Removal procedures 4 (3) For purposes of section 6, computer software must: 5 (a) appear in the `Add/Remove Programs' menu or any like 6 feature, if any, provided by each operating system with which 7 the computer software functions; and 8 (b) be capable of being removed completely using the normal 9 procedures for removing computer software provided by each 10 operating system with which the computer software functions; 11 and 12 (c) in the case of computer software with an advertising feature, 13 include an easily identifiable link clearly associated with each 14 advertisement that the software causes to be displayed, such 15 that selection of the link by the user of the computer generates 16 an on-screen window that informs the user about how to turn 17 off the advertising feature or uninstall the computer software. 18 9 Misleading inducements to install software 19 It is unlawful for a person who is not an authorised user of a 20 computer to induce an authorised user of the computer to consent to 21 the installation of software on the computer by means of a 22 materially false or misleading representation concerning: 23 (a) the identity of an operator of an Internet website or online 24 service at which the software is made available for download 25 from the Internet; or 26 (b) the identity of the author or publisher of the software; or 27 (c) the nature or function of the software; or 28 (d) the consequences of not installing the software. 29 10 Preventing reasonable efforts to remove software 30 It is unlawful for a person who is not an authorised user of a 31 computer to authorise or cause the installation of software on the 32 computer if the software is designed to prevent reasonable efforts by Spyware Bill 2005 No. , 2005 9
Part 2 Prohibited practices in relation to software installation Section 11 1 an authorised user of the computer to remove or disable the 2 software once it has been installed. 3 11 Limitation of ability to remove software 4 Software that enables an authorised user of a computer, such as a 5 parent or system administrator, to choose to prevent another user of 6 the same computer from uninstalling or disabling the software is not 7 to be considered to prevent reasonable efforts to uninstall or disable 8 the software within the meaning of this section, provided that at 9 least one authorised user retains the ability to uninstall or disable 10 the software. 10 Spyware Bill 2005 No. , 2005
Installing surreptitious information collection features on a user's computer Part 3 Section 12 1 2 Part 3--Installing surreptitious information 3 collection features on a user's computer 4 5 12 Surreptitious information collection unlawful 6 (1) It is unlawful for a person who is not an authorised user of a 7 computer to authorise or cause the installation on that computer of 8 software that collects information about the user of the computer or 9 about the user's Internet browsing behaviour or other use of the 10 computer and transmits such information to any other person on an 11 automatic basis or at the direction of a person other than an 12 authorised user of the computer, if the software's collection and 13 transmission of such information is not functionally related to or in 14 support of a software capability or function that an authorised user 15 of the computer has chosen or consented to execute or enable, and 16 either: 17 (a) there has been no notification, prior to the software beginning 18 to collect and transmit such information, to an authorised user 19 of the computer explaining the type of information the 20 software will collect and transmit and the types of ways the 21 information may be used and distributed; or 22 (b) notification pursuant to paragraph (a) was not provided in a 23 manner reasonably calculated to provide actual notice to an 24 authorised user of the computer; or 25 (c) notification pursuant to paragraph (a) occurred at a time or in 26 a manner that did not enable an authorised user of the 27 computer to consider the information contained in the 28 notification before choosing whether to permit the collection 29 or transmission of information. 30 Exception--compliance with licence 31 (2) This section must not be interpreted as prohibiting a person from 32 authorising or causing the installation of software that collects and 33 transmits information that is reasonably needed to determine Spyware Bill 2005 No. , 2005 11
Part 3 Installing surreptitious information collection features on a user's computer Section 13 1 whether or not the user of a computer is licensed or authorised to 2 use the software. 3 13 Intentional transmission of information by user 4 Information must not be construed as having been collected and 5 transmitted on an automatic basis or at the direction of a person 6 other than a user of the computer, within the meaning of this Act, if 7 the collection or transmission of the information is intentionally 8 initiated by an authorised user for the purpose of allowing the direct 9 or indirect access to the information by an intended recipient. 10 14 Adware that conceals its operation 11 It is unlawful for a person who is not an authorised user of a 12 computer to authorise or cause the installation on that computer of 13 software if: 14 (a) the software causes advertisements to be displayed to the user: 15 (i) at a time when the user is not accessing an Internet 16 website or online service operated by the publisher of the 17 software; and 18 (ii) in a manner or at a time such that a reasonable user 19 would not understand that the software is responsible for 20 delivering the advertisements; and 21 (b) the advertisements referred to in paragraph (a) do not contain 22 a label or other reasonable means of identifying to the user of 23 the computer, each time such an advertisement is displayed, 24 which software is responsible for the advertisement's delivery. 25 15 Other practices that thwart user control of computer 26 (1) It is unlawful for a person who is not an authorised user of a 27 computer, knowingly and without the authorisation of an authorised 28 user of the computer: 29 (a) to utilise the computer to send unsolicited information or 30 material from the user's computer to other computers; or 31 (b) to divert an authorised user's Internet browser away from the 32 Internet website the user intended to view to one or more other 12 Spyware Bill 2005 No. , 2005
Installing surreptitious information collection features on a user's computer Part 3 Section 15 1 websites, unless such diversion has been authorised by the 2 website the user intended to view; or 3 (c) to display an advertisement, series of advertisements or other 4 content on the computer through windows in an Internet 5 browser, in such a manner that the user of the computer 6 cannot end the display of such advertisements or content 7 without turning off the computer or terminating all sessions of 8 the Internet browser, provided that this paragraph does not 9 apply to the display of content related to the functionality or 10 identity of the Internet browser; or 11 (d) to covertly modify settings relating to the use of the computer 12 or to the computer's access to or use of the Internet, including: 13 (i) altering the default Web page that initially appears when 14 a user of the computer launches an Internet browser; or 15 (ii) altering the default provider or Web proxy used to access 16 or search the Internet; or 17 (iii) altering bookmarks used to store Internet website 18 addresses; or 19 (iv) altering settings relating to security measures that protect 20 the computer and the information stored on the computer 21 against unauthorised access or use; 22 provided that this paragraph does not apply to any 23 modification that restores settings previously changed without 24 user consent; or 25 (e) to use software installed in violation of section 3 to collect 26 information about the user or the user's Internet browsing 27 behaviour; or 28 (f) to remove, disable, or render inoperative security or privacy 29 protection technology installed on the computer. Spyware Bill 2005 No. , 2005 13
Part 4 Limitations on liability Section 16 1 2 Part 4--Limitations on liability 3 4 16 Passive transmission, hosting or linking 5 A person does not commit an offence against any provision of this 6 Act solely because the person provided: 7 (a) the Internet connection, telephone connection or other 8 transmission or routing function through which software was 9 delivered to a computer for installation; or 10 (b) the storage or hosting of software or of an Internet website 11 through which software was made available for installation to 12 a computer; or 13 (c) an information location tool, such as a directory, index, 14 reference, pointer or hypertext link, through which an 15 authorised user of a computer located software available for 16 installation. 17 17 Network security 18 A provider of a network or online service that an authorised user of 19 a computer uses or subscribes to has not committed an offence 20 against this Act where the purpose of the provider's action is to: 21 (a) protect the security of the network, service or computer; or 22 (b) facilitate diagnostics, technical support, maintenance, network 23 management or repair; or 24 (c) prevent or detect unauthorised, fraudulent or otherwise 25 unlawful uses of the network or service. 14 Spyware Bill 2005 No. , 2005
Penalties Part 5 Section 18 1 2 Part 5--Penalties 3 18 Penalties 4 (1) A person who contravenes subsection 5(1), section 6, 7, 9, 10, 5 subsection 12(1), section 14 or subsection 15(1) is guilty of an 6 offence against that subsection or section, as the case may be. 7 (2) An offence against subsection 5(1), section 6, 7, 9, 10, subsection 8 12(1), section 14 or subsection 15(1) is an indictable offence and, 9 subject to this section, is punishable on conviction by imprisonment 10 for a period of not exceeding 2 years. 11 (3) Notwithstanding that an offence against subsection 5(1), section 6, 12 7, 9, 10, subsection 12(1), section 14 or subsection 15(1) is an 13 indictable offence, a court of summary jurisdiction may hear and 14 determine proceedings in respect of such an offence if, and only if: 15 (a) the proceedings are brought in the name of the 16 Attorney-General or the Director of Public Prosecutions; and 17 (b) the defendant and the prosecutor consent; and 18 (c) the court is satisfied that it is proper for the court to hear and 19 determine proceedings in respect of the offence. 20 (4) Where, in accordance with subsection (3), a court of summary 21 jurisdiction convicts a person of an offence against subsection 5(1), 22 section 6, 7, 9, 10, subsection 12(1), section 14 or subsection 15(1), 23 the penalty that the court may impose is imprisonment for a period 24 not exceeding 6 months. 25 19 Exceptions 26 Preinstalled software 27 (1) A person who installs, or authorises, permits or causes the 28 installation of computer software on a computer before the first 29 retail sale of the computer is deemed to be in compliance with this 30 Act if the authorised user of the computer receives notice that would Spyware Bill 2005 No. , 2005 15
Part 5 Penalties Section 19 1 satisfy the requirements of section 8 and grants consent that would 2 satisfy the requirements of section 8 prior to: 3 (a) the initial collection of personal or network information, in the 4 case of any information collection feature contained in the 5 computer software; and 6 (b) the initial generation of an advertisement on the computer, in 7 the case of any advertising feature contained in the computer 8 software; and 9 (c) the initial transmission of information or messages, in the case 10 of any distributed computing feature contained in the 11 computer software; and 12 (d) the initial modification of user settings, in the case of any 13 settings modification feature. 14 Other exceptions 15 (2) Sections 6 and 7 do not apply to any feature of computer software 16 that is reasonably needed: 17 (a) to provide capability for general purpose online browsing, 18 electronic mail or instant messaging, or for any optional 19 function that is directly related to such capability and that the 20 user knowingly chooses to use; and 21 (b) to determine whether or not the user of the computer is 22 licensed or authorised to use the computer software; and 23 (c) to provide technical support for the use of the computer 24 software by the user of the computer. 16 Spyware Bill 2005 No. , 2005