Annual Report of the AITP Legislative Committee DMCA The Digital Millennium Copyright Act was intended to protect the rights of

Annual Report of the AITP Legislative Committee

DMCA

The Digital Millennium Copyright Act was intended to protect the
rights of copyrght owners in our digital age. That goal is laudable.
However, Section 1201 of DMCA stands in the way of legitimate
scientific research in our field, because it makes it a criminal
offense to publish the results of much security research. Princeton
professor Ed Felten pulled a paper from a conference last spring
which would have discussed defects in the SDMI encryption tool after
being threatened with litigation by the music recording industry's
association (RIAA). He sued to protect his right to publish, and
later presented his paper at this August's Usenix conference.
Russian programmer Dmitry Skylarov presented a paper at a conference
in Las Vegas dealing with vulnerabilities of the encryption scheme
for Adobe's E-book software, and was arrested by the FBI. Now out on
bail, he faces up to 25 years in jail for revealing that their
encryption software is little better than ROT-13. The Russian
Foreign Ministry has now issued an advisory to programmers in that
country to refrain from travelling to the US if they are engaged in
security or encryption research. Dutch researcher Neils Ferguson
pulled his paper on HDCP vulnerabilities for fear that he would be
unable to travel here. Fred Cohen stopped selling Forensix, and Dug
Song pulled down his network security site.
AITP supports publication of technology research as necessary to the
advancement of this field. As I write this, the AITP ABOD is
considering a resolution passed by our legislative committee calling
for the substantial amendment or repeal of DMCA in order to protect
this research. Unfortunately, the US Congress appears headed in the
opposite direction. We have just been made aware of the Security
Systems Standards and Certification Act (SSSCA), by Senator Fritz
Hollings. This act seems to toughen DMCA's prohibitions on
scientific research, as well as have other problems.

E-signatures

The Canadian Parliament has enacted legislation dealing with
electronic signatures on Canadian contracts. Meanwhile E-sign became
the controlling law on electronic signatures in the US. However,
there is a push afoot here to enact UETA at the state level to
supplement or replace E-Sign, due to perceived problems, particularly
in the area of choice of law. Consumer organizations have expressed
concerns about the lack of safeguards in UETA. However, well over
half of our states have enacted UETA. AITP has not taken a stand on
the preferred legislative solution. At the request of EDSIG, we
compiled a list of informational links on electronic signatures.

Privacy

Safe Harbor went into effect on July 1. This agreement sets
standards for US companies doing business in the European Union who
have to comply with their much more stringent data privacy
regulations.
Watchdog organizations continue to monitor the privacy issue and
report on problems, which attract intense mainstream media interest.
The Privacy Foundation, based in Denver, Colorado, recently released
a report criticizing monster.com for selling user email addresses to
third parties (monster.com denies the charge). I posted commentary
supporting the accuracy of the report, and was immediately swamped
with requests for media interviews. As I write this, I am waiting
for a call back from the Washington Post. A white paper for
Information Executive covering the issue in detail would seem to be
indicated.

UCITA

UCITA appears to be stalled, with no new enactments at the state
level. The American Bar Association law review committee is
currently studying the legislation, with the likelihood that it will
agree with AITP's current position opposing the law. More
information on the legislation and its problems can be found on the
AITP legislative web page.

ICANN

ICANN is the governing body for the Internet. Originally managed by
an appointed board, it was somewhat democratized by elections last
fall. However, there continue to be concerns that the ICANN board is
not representing the interests of common users of the Internet. The
European representative on the ICANN board, Andy Mueller-Maguhn, has
been particularly vocal in raising those concerns. The legislative
committee may recommend an AITP position on this issue at some time
in the near future.

Spam

State legislation continues to be enacted, and federal legislation
is currently under consideration in the Congress. Meanwhile, the
European Parliament rejected a committee report dealing with the
issue, but in an important preliminary vote supported the opt-in
standard by a narrow margin. This is AITP's historical position on
the issue. Expect EU legislation in the near future which will be
consistent with our position. This may drive US legislative thinking
on the issue.