Organizations and law enforcement agencies fighting spyware are making progress, but new tools in an antispyware bill stalled in the U.S. Congress could improve the efforts, a member of the U.S. Federal Trade Commission said Monday.

One of the spyware bills passed by the House of Representatives earlier this year, the Spy Act, would give the FTC authority to impose civil fines on companies that distribute spyware to consumers' computers. The bill, along with the Internet Spyware Prevention (or I-SPY) Act have stalled in the Senate since passing the House in May and June.

The FTC has the authority to collect profits from spyware operations and collect money for consumer redress, but it lacks the authority to impose other fines, as it does when going after spammers, said Commissioner Jon Leibowitz, speaking at a spyware forum in Washington, D.C.

Assigning a dollar figure to consumer harm is tricky in many spyware cases, especially when the spyware delivers pop-up advertisements to computers, Leibowitz said. It's sometimes difficult to get courts to assign large consumer damages to pop-up cases, he said.

In some cases, spyware damages are assessed by judges "who don't even use computers," said Dave Koehler, with the FTC's Bureau of Consumer Protection.

The Spy Act would allow the FTC to fine spyware vendors up to US$3 million for hijacking computers, delivering unwanted adware and other violations and $1 million for collecting personal data without permission, in addition to going after the vendor's profits and seeking consumer redress.

Additional authority to impose civil fines would give the FTC "an enormous deterrent," Leibowitz said.

"Right now, companies know that the worst they can do is lose their profits," he added. "They're not going to get fined on top of that."

The FTC has brought several spyware actions against companies. In February, the agency settled a case against adware distributor DirectRevenue. In that case, DirectRevenue settled for $1.5 million, based on its profits, but the founders of the company had received more than $20 million in venture-capital funding, Leibowitz said.

While participants in the spyware forum said there continue to be many challenges, including a growing trend of foreign spyware vendors, the cost of spyware to U.S. consumers seems to be falling. Consumer Reports estimated that spyware cost U.S. consumers $2.6 billion in 2006, but only $1.7 billion in 2007, noted Ari Schwartz, deputy director of the Center for Democracy and Technology, a supporter of StopBadware.org, a consumer-protection effort aimed at spyware and other malicious code.

The IDG News Service is a Network World affiliate.