Safe Net: Encryption and personal data
Law enforcement wants access to encrypted communication and Netizens want safe, private e-commerce--in the middle is Congress, with a slew of bills in the works.
Everyone on Capitol Hill is talking about the potential of e-commerce. Consumers need more
than a browser and a buyer's impulse to spend cash
online, however, they need to feel secure. Netizens also want to keep their digital conversations private. Encrypting (or scrambling) electronic data so that only the rightful recipient can read a message is the industry's
Legislation to watch |
Signed into law |
Encryption
Security and
Freedom Through Encryption (SAFE) Act
Introduced by Rep. Bob Goodlatte (R- Virginia)
As introduced, SAFE relaxes federal export restrictions on strong encryption, which scrambles digital messages so that only the sender and recipient can decipher the communication using a "key." The bill also prevents the government from creating a mandatory "key recovery system." Under the current regulations, within two years, producers of exported crypto must build a back door to their software that gives law enforcement access to the keys that decode encrypted messages. There are five versions of the bill now; at least one gives law enforcement quick access to unlock secure messages within the United States during criminal investigations.
| Status The House Commerce, Intelligence, Judiciary, National Security, and International Relations committees have each passed their own versions of the bill. The House Rules Committee now will reconcile all five bills. Observers say the chairman of the committee opposes any encryption bill unless it contains domestic controls. If cleared, the next step would be a House vote. Previous coverage |
Secure Public
Networks Act
Introduced by Sen. John McCain (R-Arizona) and Sen.
Robert Kerrey (D-Nebraska)
This bill began as a Clinton administration proposal, and makes key recovery mandatory for all U.S. online networks and computing equipment funded wholly or partially with federal money. This condition could make key recovery a component of a majority of the networks in the country, as the government and public academic institutions provided most of the initial seed money for building the Net. With the advent of the McCain-Kerrey bill, the Senate Commerce Committee has discontinued consideration of Sen. Conrad Burns's (R-Montana) so-called Pro-Code legislation, which, like SAFE, would have relaxed crypto export controls.
| Previous coverage • Lott lambasts FBI crypto policy, October 24, 1997 • Cooks in Clinton crypto kitchen, September 11, 1997 • White House shuns FBI crypto plan, September 5, 1997 • McCain-Kerrey crypto talks continue, July 29, 1997 • FBI wants domestic crypto keys, July 10, 1997 • New crypto bill clears committee, June 19, 1997 • Pro-Code bill all but dead, June 19, 1997 • Crypto bill seeks domestic rules, June 17, 1997 • Pro-Code bill adds security board, February 27, 1997 |
Encrypted
Communications Privacy Act
Introduced by Sen. Patrick Leahy (D-Vermont)
Allows all U.S. citizens to use any strength encryption. Prohibits federal or state lawmakers from requiring that encryption users store the key to unlock their digital communications with a third party, which is known as domestic "key escrow."
| Status Senate Judiciary Committee held. |
Consumer Privacy
Social Security
On-line Privacy Protection Act
Introduced by Rep. Bob Franks (R-New Jersey)
Federal Internet Privacy Protection Act Introduced by Rep. Tom Barrett (D-Wisconsin)
Personal
Information Privacy Act
Introduced by Sen.
Dianne Feinstein
(D-California), Sen. Charles
Grassley (R-Iowa), and Rep. Gerald Kleczka (D-Wisconsin)
American Family
Privacy Act
Introduced by Rep. Paul Kanjorski (D-Pennsylvania)
Social Security
Information Safeguards Act
Introduced by Rep. Barbara Kennelly (D-Connecticut)
These bills have one thing in common: they all keep Social Security numbers (SSNs) off the Net. Franks's bill prohibits Net access or online service providers from selling or disclosing customers' SSNs or other personally identifiable information without prior informed written consent. The Feinstein-Grassley bill goes one step further, stating that no one can sell or share another person's private data without permission. The proposals by Barrett and Kanjorski are similar, but include federal agencies among those who can't post online any information about a person's education, financial or tax transactions, and medical or employment history, if the records contain the individual's name, SSN, or other personal identification numbers.
The Commissioner of Social Security would only have to study the issue of putting SSNs and other private data on the Net under Kennelly's bill.
| Status All bills referred to various House and Senate committees for consideration. Previous coverage |
Consumer Internet Privacy Protection Act Introduced by Rep. Bruce Vento (D-Minnesota)
Mandates that ISPs and online services get customers' permission prior to releasing their personally identifiable information to third parties.
| Status Under consideration by the House Subcommittee on Telecommunications, Trade, and Consumer Protection. Previous coverage |
Communications Privacy and Consumer Empowerment Act Introduced by Rep. Ed Markey (D-Massachusetts)
Data Privacy
Act
Introduced by Rep. Billy
Tauzin (R-Louisiana)
Requires that the Federal Trade Commission hold another set of hearings to explore companies' online practices for collecting and using consumers' and children's personal information. The legislation directs the Federal Communications Commission to examine ISPs' and common carriers' data protection practices and to propose regulations to protect consumer online privacy if current laws or industry self-regulatory efforts are ineffective. In addition, Markey's bill would require that Net access providers offer all customers blocking software at no charge.
Tauzin's bill encourages self-regulation of online privacy. The bill mandates the creation of an industry working group to draft voluntary guidelines for the collection of surfers' data and to address unsolicited commercial email.
| Status Referred to House Subcommittee on Telecommunications, Trade, and Consumer Protection. Previous coverage |
Digital Signatures
Electronic
Commerce Enhancement Act
Introduced by Rep. Zoe Lofgren
(D-California) and Rep. Billy
Tauzin (R-Louisiana)
Increases consumer confidence in electronic transactions. This bill would require federal agencies to accept digital signatures as valid signatures on online forms. In addition, the Office of Management and Budget and the National Telecommunications and Information Administration would have to develop a plan to put all federal forms online within 12 months. The private sector is being placed in the hot seat to come up with the software and certificates needed to verify that someone who files a government form electronically is who they say they are.
| Status Referred to House Commerce and Oversight committees. Previous coverage |
Go to: Taxes, gambling, and piracy 