A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
CONTENTS:
(1) Consumer Privacy Legislation Promised
(2) Computer Crime And Computer Surveillance
(3) Hollings Bill Would Mandate Digital Copy Protection
(4) House Bill Calls For Special Kids Internet Domain Name
(5) Spam Legislation Awaits Floor Action In House
(6) E-goverment Bill Moves In Senate
(7) FOIA Exemption For Information On Computer and Infrastructure Vulnerability
As Congress returns from its Spring recess on April 8, it faces a wide array of proposed legislation affecting the Internet. The bills run the gamut: some would advance the goal of user empowerment while others pose threats to democratic principles of openness, user-control, and privacy. It is impossible to predict what will be enacted before Congress adjourns in the Fall for mid-term elections, but here is an overview of some of the measures that are receiving serious consideration.
Last Fall, Reps. Cliff Stearns (R-FL), Rick Boucher (D-VA), Bob Goodlatte (R-VA), and Billy Tauzin (R-LA) issued an outline of legislation to protect consumer privacy online and offline. Under their framework, companies would be required to give consumers notice of what information is collected about them and how it is used, and the ability to opt out of having their data shared with unaffiliated third parties. Companies could comply by following industry self-regulatory guidelines approved by the Federal Trade Commission (FTC). Under the proposal, consumers could not sue companies violating the law, but instead the FTC would be given power to enforce the rules. The proposal would preempt, or override, any state legislation that provided more protection for consumers' privacy. Rep. Tauzin, chairman of the House Commerce Committee, had said that legislation based on the outline would be issued early in 2002, but nothing has been introduced yet.
Sen. Fritz Hollings, chairman of the Senate Commerce Committee, has also been drafting a consumer privacy bill. It is generally expected that the Hollings bill would be more far-reaching and in some respects more protective of consumer privacy than what the House Members outlined, but details have not been released.
The privacy outline of Reps. Stearns et al. is available at http://www.house.gov/stearns/News-Views-Legislation/billoutlinedetail61.pdf
The House Judiciary Crime Subcommittee on February 26 reported a bill introduced by Chairman Lamar Smith (R-TX), H.R. 3482, the "Cybersecurity Enhancement Act." Sec. 102 of the bill would substantially expand the authority of ISPs and other companies to disclose private customer communications to the government without a court order anytime the service provider believes in good faith that there is an emergency posing a risk of death or serious bodily injury. Expanding an already broad emergency disclosure provision adopted last year in the PATRIOT Act, Sec. 102 has no checks and balances: no judicial review before or after the disclosure, no notice to the customer, and no statistical report to the Congress and the public on the number of disclosures and number of persons affected. CDT testified about its concerns regarding Sec. 102 and has been discussing them with staff for Chairman Smith and ranking Democrat Bobby Scott (D-VA).
Other provisions of the bill would: increase penalties for certain hacking and cybercrime offenses; require the Attorney General to establish at the FBI a National Infrastructure Protection Center to serve as a focal point for threat assessment, warning, investigation, and response to attacks on critical infrastructures, both physical and cyber; and establish within the Department of Justice an Office of Science and Technology to work on law enforcement technology issues, including investigative and forensic technologies, corrections technologies, and technologies that support the judicial process.
CDT's testimony on H.R. 3482 is at http://www.cdt.org/testimony/020212davidson.shtml
A link to the text of the legislation is at http://www.cdt.org/legislation/107th/wiretaps/
On March 21, Senate Commerce Committee Chairman Hollings (D-SC) introduced legislation that would require the consumer electronics and information technology industries to build standardized digital rights protection technology into all their products. The "Consumer Broadband and Digital Television Promotion Act " (S. 2048) would require the electronics and IT industries, content providers and consumers to develop copyright protection standards and encoding rules within one year to be incorporated in all "digital media devices." TVs, audio players, and PCs would have to be manufactured to recognize and respond to those standards. The rules to be developed would have to preserve fair-use rights for educational and research purposes and legitimate consumer copying. If the private sector failed to come up with standards, S. 2048 would require the Federal Communications Commission to develop them.
In CDT's view, copyrighted material should be protected against piracy online, but sweeping government technology mandates pose serious threats to innovation and the future of the Internet and digital technology in general as uniquely user-controlled, flexible, and open.
The Hollings bill is online at: http://thomas.loc.gov/cgi-bin/bdquery/z?d107:s.02048:
A House subcommittee on March 6 approved a bill mandating the creation of a new Internet domain aimed at protecting children online, ".kids.us." The bill directs the registrar for the ".us" domain name to create the new space. The bill would require that the operator of ".us" limit content in ".kids.us" to that which is "suitable" for minors under the age of 13. CDT has raised questions about the feasibility, effectiveness and constitutionality of a legislatively-mandated .kids domain. It remains far from clear that national standards of child appropriateness could be established. The process of creating and policing such standards risks running afoul of free speech protections.
Text of H.R. 3883, the "Dot Kids Implementation and Efficiency Act of 2002" http://thomas.loc.gov/cgi-bin/bdquery/z?d107:hr3833:
CDT's letter to the Telecommunications Subcommittee on .kids is available at http://www.cdt.org/dns/011031dotkids.shtml.
Additional information on domain name related issues is available at http://www.cdt.org/dns/
H.R. 718 also directs the Attorney General to prescribe labels to be included in e-mail that contains a sexually oriented advertisement in order to inform the recipient of such fact.
Links to the text and legislative history of spam bills: http://www.cdt.org/legislation/107th/junkemail/
The E-Government Act (S.803), a bill intended to fundamentally change the way the federal government uses information technology to interact with citizens, was unanimously approved on March 21 by the full Senate Governmental Affairs Committee. Introduced by Sens. Joseph Lieberman (D-CT) and Conrad Burns (R-MT), the bill has undergone revisions following extensive negotiations among the sponsors, the Committee and the Bush Administration. While certain controversial provisions, such as the creation of an appointed Federal Chief Information Officer, were dropped or revised, the sections on access to government information and privacy that CDT has supported remained in the bill. The bill would require the government, for the first time ever, to systematically plan its enormous expenditures for computer systems in ways that will make government information and services more accessible to ordinary citizens, while also taking into account and mitigating the privacy implications of government data collection. CDT statement on e-government to the Governmental Affairs Committee, July 11, 2001 http://www.cdt.org/testimony/010711cdt.shtml
CDT press release in support of the E-Government Act, May 1, 2001 http://www.cdt.org/press/010501press.shtml
Links to the text of S. 803: http://www.cdt.org/legislation/107th/e-gov/
H.R. 2435, the Cybersecurity Information Act sponsored by Reps. Tom Davis (R-VA) and Jim Moran (D-VA), would create an exemption to the Freedom of Information Act (FOIA), requiring the government to withhold from the public "cyber security information" that is voluntarily provided to a Federal entity. Similar legislation in the Senate is S. 1456, sponsored by Sens. Bennett (R-UT) and Kyl (R-AZ).
The Davis-Moran bill defines "cyber security information" as information related to the ability of any protected system or critical infrastructure to resist intentional interference or incapacitation through the misuse of or unauthorized access to or use of the Internet, telecommunications systems, or other similar conduct that violates Federal, State, or international law, harms U.S. interstate commerce, or threatens public health or safety.
The Bennett-Kyl bill covers information about "any computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, ... or information or data in transmission or storage."
The bills also provide that cyber security information provided to the government could not be used by any Federal, State or local authority or by any third party in any civil action. The bills would also exempt private sector information sharing arrangements from the antitrust laws.
All pending legislation can be found at the Library of Congress web site http://thomas.loc.gov/
Detailed information about online civil liberties issues may be found at http://www.cdt.org/.
This document may be redistributed freely in full or linked to http://www.cdt.org/publications/pp_8.07.shtml.
Excerpts may be re-posted with prior permission of ari@cdt.org
Policy Post 8.07 Copyright 2002 Center for Democracy and Technology
