A heavily modified version of Rep. Bono's spyware bill has made it through the House Subcommittee on Commerce, Trade, and Consumer Protection. Its next step is the House Committee on Energy and Commerce.
The subcommittee has cleaned up this bill quite a bit. As predicted here at LawMeme, the awful acronym of SAPIA has been changed to include SPY. The new version is SPY ACT (Securely Protect Yourself Against Cyber Trespass Act). Previous gaping definition problems have been replaced with more clear terms, and consent is defined explicitly ("This program will
collect and transmit information about you and your computer use. Do you accept?’") and must be consented to with 'Yes' or 'No.' The program must also disclose what is being collected and for what purpose.
Bug or Feature? SPY ACT Act (maybe SAPIA was better) preempts state law related to misleading programs or installation, but not about fraud (hazy distinction here). It also exempts cookies explicitly, though the rest of the statute is careful not to be so wedded to current technology.