Posted by Charles Oriez on July 07, 1998 at 16:23:51:
There are only a few more weeks left in the 105th Congress. So far, their activities have had somewhat minimal impacts on technology and the internet. Whether we can still say that when they adjourn in a few weeks remains a matter of conjecture.
Early in this year's session, there was much attention paid to encryption. Currently, US businesses are barred by law from exporting software which contains strong encryption. As one example, this limits the ability of Netscape to export its newest browser o verseas. However, our position is that the government ban on the export of encryption is ineffective as a tool in fighting terrorism, and only serves to impede US businesses in competing internationally, since strong encryption packages are currently fre ely available around the world. It looked for awhile like the Congress was going to agree with our position, when the House Commerce Committee reported out a bill loosening these restrictions on export. Even House Speaker Newt Gingrich agreed that these restrictions should be lifted. Yet that bill remains locked up in the House Rules Committee, and will not have time to pass both houses before this session concludes. Readers in Virginia should thank Representative Goodlatte for his efforts in this are na.
Meanwhile, two court cases may end up in the Supreme Court, making the legislative efforts moot. US District Courts in California and Ohio have issued contradictory rulings in cases challenging these export restrictions as an infringement on free sp eech. The California case has been heard on appeal, with a ruling expected momentarily, while the Ohio case has only very recently made it through the lower court process. The AITP board has previously agreed to join other organizations in an amicus bri ef if the Supreme Court agrees to hear an appeal of the California case.
Very recently, hearings were held on implementation of the treaty protecting intellectual property rights. Although the general concept is good, part of the bill implementing the treaty is cause for concern. As currently making its way through the House, HR 2281, the World Intellectual Property Organization (WIPO) bill, threatens to make cryptographic research illegal. "The anti-circumvention language of [this bill] is extraordinarily broad and will have all sorts of unintended consequences," Marc Rotenberg, director of the Electronic Privacy Information Center, said in recent testimony before a House subcommittee. For instance, your company's security expert s would be barred from attempting to crack security software purchased by you from vendors, a standard and reasonable test to ensure the integrity of your own systems. Although not yet out of all committees as I write this, it may still see action befor e this session ends.
Spam, or unsolicited commercial email, is receiving the most recent attention. Aol has testified to the FTC that 1/3 of their incoming e-mail, which translates into 1/3 of the cost of their servers, is spam. A one week study of my own incoming e-mail shows that 1/6 is spam. However, my large volume of legitimate mail, and the fact that I aggressively pursue spammers, causing them to lose their accounts and webspace for violating the terms of service of their ISPs, make me belie ve that AOL is closer to the industry average than I am.
Washington state has recently enacted legislation viewed by some as a potential model. The Washington bill permits those who receive spam to recover their costs of processing it through private court action. Other very strong legislation is pending in California.
Some political candidates are trying their hand at spam as a means of soliciting votes and contributions. However, early results have been so universally negative that it appears unlikely that this will be an ongoing problem.
At the federal level, there are two competing concepts on how to deal with spam. AITP has previously endorsed the Smith bill, HR 1748, which takes the minimalist approach of expanding the existing citize n right to sue over unsolicited faxes to also cover spam. At the same time, Senator Murkowski dropped attempts to enact his own bill, which we opposed, and instead tacked an amendment onto a bill related to telephone slamming which some fear would legit imize spam. That bill has passed the Senate and has received committee hearings in the House. According to communications from my own member of Congress, Joel Hefley, the Senate language most likely does not have sufficient support in the House to survi ve. That does not necessarily translate into passage of the Smith language though. My best guess is that the Congress will end up doing nothing this year, and take a fresh stab at it next year.
As previously reported, initial Domain Name Reform propos als from the Department of Commerce's NTIA last winter were widely opposed in the internet community, which tended to favor instead a proposal out of the European Union. NTIA reworked its proposal after the comment period was over, so as to more nearly r eflect the EU concepts. In a nutshell, there is significant support for expanding the number of top level domains, and for broadening competition in the assignment of domain names. The ball is now in the EU's court. They will be meeting in the next few weeks to consider the new NTIA proposals.
The Federal Trade Commission has recently begun studying on-line privacy. They are particularly concerned about web pages which solicit personal information from children, but they appear to be extending their study now into other areas.
In a privacy setback, draft regulations to implement the Immigration Reform Act will require states to collect and verify social security numbers of everyone obtaining or renewing drivers licenses. We will need to closely m onitor implementation at the state level to ensure that a credible level of security exists in this area. Ideally, the state DMV should only retain the SSNs long enough to verify them. Last spring I testified on behalf of my chapter at a Colorado legisl ative hearing related to the dangers of the use of social security numbers as universal identifiers on databases, and used as my example the fraudulant use of an ssn gleaned from a drivers license.
And finally, we've recently learned that the state of Texas has decided it needs to license I.T. professionals. Whether that comes complete with concealed carry permits for flowcharting templates is unknown. However, a number of professional organizations, including IEEE and ACM, are participating in the development of licensing requirements. Our chapters in Texas may want to participate in that effort.
Definitely a busy year legislatively, although it is not clear how much was ultimately accomplished. We'll continue to monitor and report legislative
issues as they come up. Your best ways to track this information, and to participate in the discussions leading up to the development of AITP positions on legislation, are to subscribe to the AITP leaders list server, participate in forum discussions, an
d monitor our legislative web page.