This is the official report of the Legislative Committee to the board for the year 1997.
Respectfully submitted,
Charles Oriez
Jan 4, 1998
SUMMARY:
The 105th Congress is in recess, but will return shortly to take up issues where they left off. They are facing several issues related to the internet which are discussed in more detail below.
. SPAM - legislation is stalled in committee, but spam seems to be reduced lately without legislative involvement.
. ENCRYPTION - the SAFE bill survived in a form acceptable to us, but is stalled in the House Rules Committee. Meanwhile, several court cases are working their way through the judicial system. One seems headed to the Supreme Court, and I am seeking approval to sign AITP onto an amicus brief supporting the relaxation of export controls.
. DOMAIN NAME REFORM - No apparent legislative action involved, but there are significant strides being made towards expanding the upper level nodes.
. COPYRIGHT - A new law signed late last year by Clinton expands the copyright protection for software and webpage authors and tightens some of the penalties.
. CDA - The Communications Decency Act was declared unconstitutional over the summer. There may be some action this election year on a 'Son of CDA' which was introduced in late 1997.
. PRIVACY - Concern is growing over privacy of records on the internet. There has been some regulatory agency study and legislation proposed in 1997. Look for more activity in 1998. This will probably be a priority for us.
. CANADA - One paper was presented for the information of our Canadian leadership at the end of 1997, detailing known legislation in the Canadian Parliament. Since that time, I have discovered some minimal additional information discussed in the privacy section.
DETAILED DISCUSSION
1) Spam
Two competing bills seeking to deal with e-mail spam were introduced in the House and Senate this past year. The Senate bill by Mr Murkowski of Alaska has stalled. AITP took a stand against this bill as over-regulation of a problem we felt could best be dealt with in the market place. That bill is still in committee but not scheduled for hearings. It is unlikely to advance in its present form. Mr Smith of New Jersey sponsored a more reasonable bill in the House which would extend the fax-related provisions of the TCPA (Telemarketing Consumer Protection Act) to unsolicited e-mail. TCPA makes it illegal to send unsolicited faxes to businesses and individuals with whom you do not have an existing business relationship, with significant fines. There is some debate, and one federal court case in Ohio (Michigan?) attempting to claim that TCPA already covers unsolicited e-mail, but the legal consensus for the moment appears to be that it does not. Mr Smith is gaining an ever-expanding list of sponsors, and may actually get hearings on his bill this year. There also appear to be some differences between the original TCPA and the FCC regulations related to telemarketers. This bill might be a vehicle for fixing those discrepancies, adding to the pressure to bring the bill to hearings. Parenthetically, I have a pending complaint with the FCC against a telemarketer for violating TCPA regulations, so I have a particular personal interest in tracking this bill.
Meanwhile, as predicted when we opposed the Murkowski bill, the marketplace seems to be resolving the spam problem through both technical and social engineering. Zilker Internet Park of Austin, Texas won a landmark legal case against a spammer from San Diego who had fraudulently claimed to be using flowers.com, a Zilker customer, as the origin of his messages. The judgement of $20,000 includes actual and punitive damages, plus attorney fees and court costs. In Colorado, a factually more or less identical suit has been filed in Colorado by an ISP against Greentree Mortgage, again for trespass, commercial fraud, and other complaints, also for misrepresenting its spam as having originated from localhost.com, the Colorado ISP. That case is pending. I have found about a dozen similar cases in other parts of the country in both federal and state courts. I commend to you the John Marshall Law School cyber law page which is tracking all known litigation related to the internet, including the spam cases.
At the same time, ISPs such as agis.net which had business arrangements with Cyberpromo, the leading spam originator, have found that their choice of customers did serious damage to their own reputations, to the extent where some ISPs were blocking ALL traffic from Agis, whether it came from a spammer or not. As a result, Agis terminated its agreement with Cyberpromo in mid-October. It had attempted to terminate it earlier, but Cyberpromo got a restraining order enforcing the 30 day notice terms in its contract. Since that time, Cyberpromo apparently has been unable to find a replacement provider. Also, AOL, Compuserve, Prodigy, and others have aggressively been suing spammers to block the spoofing of their addresses, with some success. As an apparent result, my personal spam receipt count showed a marked decrease in November and December.
Of passing interest, Nevada, New Jersey, and several other states have
passed legislation dealing with spam. Given the trans-national, and
certainly interstate nature of the internet, the state bills are probably
of limited utility and interest, but make the legislators feel good.
2) Encryption
The encryption battle is proceeding on two fronts. The SAFE bill sponsored by Rep Goodlatte of Virginia would lift the ban on the export of encryption products. It survived several attacks within the committee process, and is now in the House Rules committee awaiting schedule for floor action, in a form consist ant with what we endorsed. However, the chair of the Rules Committee, Mr Solomon of New York, is opposed to the version reported to his committee, and has expressed a willingness to tie it up until significant changes are made - changes which would be unacceptable to us. If we have a chapter in Mr Solomon's district (NY 22, Glen Falls-Saratoga Springs area) their assistance might be useful in lobbying. If the bill fails to pass in 1998, we will need to start over with a fresh bill in the 106th Congress. I'd also ask a suitable Virginia Chapter to in some way recognize Mr Goodlatte's leadership on this issue.
Meanwhile, two legal cases may resolve the issue of export of encryption
without additional action in the Congress. In California, the Bernstein
case asking for the right to export the source and object code for the
Snuffles encryption package was won at the district level, when the federal
district court held that ITAR's ban on the export of encryption was an
unconstitutional infringement of Professor Bernstein's free speech rights.
The government appealed the case to the 9th circuit Court of Appeals, where
it is now pending. A number of industry groups filed an amicus (friend of
the court) brief supporting Mr Bernstein's position. At the last minute,
we were invited to sign onto the brief, but the time was too short to
obtain the necessary approvals. However, I did review the brief, and
concluded that the brief and the underlying issues in the case were
entirely consistent with our policy on encryption. I anticipate that the
losing side in the Appeals case will seek Supreme Court review. If the
Supreme Court grants cert, I also anticipate that the more or less same set
of industry groups will file more or less the same amicus brief there, and
again invite us to join them. I have prepared a more detailed discussion
of this issue for the Charleston board meeting with the intent that I have
prior authorization from the board to add our name to the case at that time
if they ask us again. There would be no costs or risks involved. A
separate case (the Karn case) arguing many of the same facts, but related
to the CD-Rom that accompanies the Schneier text "Applied Cryptography", is
about to reenter the judicial process in the District of Columbia Federal
Court. If Bernstein reaches the Supreme Court and wins, the Karn case
would become moot. The circuit in which Karn is seeking review has a
reputation for speedier trials, which means Karn may reach the Supreme
Court at the same time Bernstein does, increasing the likelihood of review
if the two circuits result in differing opinions. In his first attempt at
the judicial system, Karn lost in District Court, but went back to
administrative appeals when the ITAR licensing rules were changed, after
the Appeals Court had remanded the case to district court for further
hearings.
3) Domain Name reform
One issue involves the question of whether a domain name is a protectable trademark. A number of cases appears to say that it is. These are all discussed at the Marshall site.
Proposals are moving forward to expand the number of available upper level domains. There are six currently (gov, com, org, net, mil, edu) within the US. There is also some discussion over the issue of decentralizing the assignment of domain names, removing the existing monopoly.
No significant legislation appears to be currently proposed. Glen McNally
is tracking this, and will recommend action when and if it becomes necessary.
4) Copyright
The president signed into law a new copyright provision which may have
some impacts on the internet. The two most significant parts of it
appeared to be in the area of unintentional infringement, and infringement
that was not intended to profit the infringer. The law also gave some
increased protection to web authors, according to ZDNet's evaluation of the
bill. Failure to profit from the infringement is no longer a defense when
damages from infringement are being set. This was a reaction to hackers
who would release proprietary software without profit, who nevertheless
caused significant lost revenue to the owners of the copyrights. We'll
continue to monitor, but not take any action unless significant evidence
shows the need to 'tinker'.
5) CDA
In June the U.S. Supreme Court overturned the Communications Decency Act as unconstitutional. The court ruled decisively against attempts to limit certain kinds of speech saying any such statute violated the First Amendment.
There appears to be another attempt to bring a 'son of CDA' bill to the floor during the 1997 session of the 105th Congress. However, there appears to be no serious attempt in the new bill to cure the constitutional defects in the previous version, making it likely that this is election year posturing rather than a serious attempt at legislation.
AITP took no stand on the original CDA, but may wish to comment on the new
legislation once it is reviewed.
6) Privacy
Much discussion in 1997, including FTC hearings and comments filed by various organizations with the FCC. There was also legislation enacted as part of the IRS reforms criminalizing the practice of some agents of browsing through the tax records of friends and celebrities. Over 4,500 IRS employees have been investigated over the last four years for this browsing activity.
We need to develop a draft policy to guide our efforts in this area, but the issues are fairly complex with lots of gray areas, without the crisp dividing line between right and wrong which is present in the debate in other areas. As more private information is becoming available on databases accessible over the internet, public awareness and concern is growing. I look for this to heat up very quickly at some unpredictable point in the future, probably at the point in time that some event outrages public sensibilities. We'll need to be ready for that when it happens. An excellent on-line resource for the discussion of privacy issues, including the status of various hearings and legislative proposals, is located on the web at EPIC's home page.
In addition to activity in the United States, the European Union has just
issued a data protection standard. Canada is also studying action in this
area, probably in cooperation with the United States in some fashion. No
detailed study has been done by us of either the EU proposal or the
Canadian processes, but given the nature of the Global Information
Infrastructure, it is highly likely that each of those efforts will
influence what we do domestically.