Legislative Update
Spyware
S. 687 – Software Principles Yielding Better Levels of Consumer Knowledge Act (SPYBLOCK Act) – Senator Conrad Burns (R-MT) and Senator Ron Wyden (D-OR)
Latest Update: S. 687 was introduced by Senator Burns on H.R. 1080 on March 20 and was referred to the Committee on Commerce, Science, and Transportation. CSIA worked closely with Senator Wyden's staff to include the Good Samaritan provision, which protects anti-spyware software firms from frivolous lawsuits.
Summary: S. 687 regulates the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy.
New! H.R. 29 – The SPY ACT – Congresswoman Mary Bono (R-CA)
Latest Update: Also known as the “Securely Protect Yourself Against Cyber Trespass Act.” On January 6, Congresswoman Bono re-introduced her bill from the 108th Congress that aims to protect computer users against internet privacy invasion. On February 4, the bill was marked up, passed the House Energy and Commerce Committee's Subcommittee on Commerce, Trade and Consumer Protection, then forwarded on to the full committee for mark-up. On March 9, the full committee ordered the bill to be reported by a vote of 43-0. On April 12, the bill was reported (Amended) by the Committee on Energy and Commerce (H. Rept. 109-32). It was then placed on the Union Calendar, Calendar No. 15.
In October 2004, the original bill passed overwhelmingly in the House of Representatives, but did not pass the Senate before the 108th Congress came to a close.
Summary: This bill would prevent spyware purveyors from hijacking a home page or tracking users’ keystrokes. It requires that spyware programs be easily identifiable and removable, and allows for collection of personal information only after express consent from the user. Additionally, fines are exponentially increased against abusers. As passed, this bill contains an exemption for legitimate security operations.
H.R. 744 – The I-SPY Prevention Act of 2005 – Congressman Bob Goodlatte (R-VA)
Latest Update: Also known as the “Internet Spyware (I-SPY) Prevention Act of 2005.” On February 10, Representatives Bob Goodlatte, Zoe Lofgren (D-CA-16) and Lamar Smith (R-TX-21) reintroduced the Internet Spyware (I-SPY) Prevention Act of 2005. It was then referred to the House Committee on the Judiciary. This legislation was originally introduced during the 108th Congress and passed the House of Representatives by a vote of 415-0. Currently, there are no plans for hearings or mark-up, however, this bill is expected to move quickly.
Summary: This bill addresses the most egregious activities that are conducted via spyware. It would make the following activities criminal offenses:
- Intentionally accessing a computer without authorization, or intentionally exceeding authorized access, by causing a computer program or code to be copied onto the computer and using that program or code to:
- Further another federal criminal offense (punishable by fine or imprisonment for up to 5 years)
- Intentionally obtain or transmit “personal information” with the intent of injuring or defrauding a person or damaging a computer (punishable by fine or imprisonment for up to 2 years)
- Intentionally impair the security protections of a computer (punishable by fine or imprisonment for up to 2 years)
The legislation includes language to preempt States from creating civil remedies based on violations of this act.
Phishing
S. 472 – Anti-Phishing Act of 2005 – Senator Patrick Leahy (D-VT)
Latest Update: On February 28, Senator Leahy introduced his anti-phishing legislation, which is similar to legislation he introduced during the 108th Congress (S. 2636). S. 472 was referred to the Senate Judiciary Committee, where it is awaiting further action.
Summary: The Anti-Phishing Act of 2005 criminalizes phishing, making it illegal to knowingly send out spoofed email that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher.
H.R. 1099 – Anti-Phishing Act of 2005 – Congresswoman Darlene Hooley (D-OR)
Latest Update: Congresswoman Dooley introduced H.R. 1099 on March 3, when it was then referred to the House Committee on the Judiciary.
Summary: H.R. 1099 criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to S. 472.
Privacy / Identity Theft Protection / Data Warehouses
S. 29 – Social Security Number Misuse Prevention Act – Senator Dianne Feinstein (D-CA)
Latest Update: S. 29 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
Summary: This bill amends the Federal criminal code to prohibit the display, sale, or purchase of social security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. It directs the Attorney General to study and report to Congress on all the uses of social security numbers permitted, required, authorized, or excepted under any Federal law, including the impact of such uses on privacy and data security. S. 29 establishes a public records exception to the prohibition and directs the Comptroller General to study and report to Congress on social security numbers in public records. The Attorney General is granted rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.
S. 116 – Privacy Act of 2005 – Senator Dianne Feinstein (D-CA
Latest Update: S. 116 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
Summary: S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN.
S. 500 – Information Protection and Security Act
– Senator Bill Nelson
(D-FL)
Latest Update: Senator Nelson introduced the Information Protection and Security Act on March 3 and it was then referred to the Committee on Commerce, Science, and Transportation. H.R. 500 is identical to H.R. 1080, sponsored by Congressman Ed Markey (D-MA).
Summary: S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
New! S. 751 – Notification of Risk to Personal Data Act – Senator Dianne Feinstein (D-CA)
Latest Update: S. 751 was introduced on April 11, 2005 and referred to the Committee on the Judiciary. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals.
Summary: S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data.
S. 768 – Comprehensive Identity Theft Prevention Act – Senator Charles Schumer (D-NY) and Senator Bill Nelson (D-FL)
Latest Update: Introduced on April 12, 2005, and referred to the Committee on Commerce, Science, and Transportation.
Summary: S. 768 regulates information brokers, cracks down on the sale of Social Security numbers, and notifies Americans when their personal information is compromised. Creates a new Federal Trade Commission (FTC) office to help victims restore their identities. Creates an Assistant Secretary for Cyber Security in the Department of Homeland Security.
S. 1004 – Title Unknown – Senator George Allen (R-VA)
Latest Update: S. 1004 was introduced on May 11 and was referred to the Senate Committee on Commerce, Science and Transportation.
Summary: This bill provides the Federal Trade Commission (FTC) with the resources necessary to protect users of the Internet from the unfair and deceptive acts and practices associated with spyware.
H.R. 82 – Social Security On-line Privacy Protection Act – Congressman Rodney Frelinghuysen (R-NJ)
Latest Update: Congressman Frelinghuysen introduced H.R. 82 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection of February 4.
Summary: H.R. 82 prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.
H.R. 84 – Online Privacy Protection Act of 2005 – Congressman Rodney Frelinghuysen (R-NJ)
Latest Update: Congressman Frelinghuysen introduced H.R. 84 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection.
Summary: H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action.
H.R. 220 – Identity Theft Prevention Act of 2005 – Congressman Ron Paul (R-TX)
Latest Update: H.R. 220 was introduced on Jan. 4 by Congressman Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform.
Summary: H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit using a Social Security account number except for specified Social Security and tax purposes. The bill also prohibits the Social Security Administration from divulging the Social Security account number of an individual to any Federal, State, or local government agency or instrumentality, or to any other individual. Conversely, no Federal, State, or local government agency or instrumentality may request an individual to disclose his Social Security account number on either a mandatory or a voluntary basis, among other prohibitions.
H.R. 1080 – Information Protection and Security Act – Congressman Ed Markey (D-MA)
Latest Update: H.R. 1080 was introduced on March 3 by Congressman Markey and was referred to the House Committee on Energy and Commerce. H.R. 1080 is identical to S. 500, sponsored by Senator Bill Nelson (D-FL).
Summary: H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
H.R. 1263 – Consumer Privacy Protection Act of 2005 – Congressman Cliff Stearns (R-FL)
Latest Update: Introduced on March 10 and referred to the House Subcommittee on Commerce, Trade and Consumer Protection on March 22.
Summary: Protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.
Internet
H.R. 214 – Advanced Internet Communications Services Act of 2005 – Congressman Cliff Stearns (R-FL)
Latest Update: Congressman Stearns introduced this bill on January 14 and on February 4, it was referred to House Subcommittee on Telecommunications and the Internet.
Summary: The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.
Homeland Security
S. 140 – Domestic Defense Fund Act of 2005 – Senator Hillary Clinton (D-NY)
Latest Update: Senator Hillary Clinton introduced S. 140 on January 24. It was referred to the Senate Committee on Homeland Security and Governmental Affairs.
Summary: S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings.
H.R. 91 – Smarter Funding for All of America's Homeland Security Act of 2005 – Congressman Rodney P. Frelinghuysen (R-NJ)
Latest Update: Rep Rodney Frelinghuysen introduced H.R. 91 on January 4. It was referred to the Committee on Homeland Security (Select), and also referred to the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce for consideration of provisions as they fall within the jurisdiction of the committee concerned. On February 25, it was referred to the Subcommittee on Health, where it currently is waiting for action by the Chairman.
Summary: H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criteria will be "Threats to major communications nodes, including cyber and telephonic nodes."
New! H.R. 285 – Department of Homeland Security Cybersecurity Enhancement Act of 2005 – Congressman Mac Thornberry (R-TX) and Congresswoman Zoe Lofgren (D-CA)
Latest Update: Also known as the Department of Homeland Security Cybersecurity Enhancement Act of 2005. On January 6, Congressman Mac Thornberry and Congresswoman Zoe Lofgren reintroduced bipartisan legislation to create an Assistant Secretary for Cybersecurity position within the Department of Homeland Security's Information Analysis and Infrastructures Protection Directorate. The Assistant Secretary position was originally introduced on the 108th Congress in H.R. 10, the 911 Recommendations Implementation Act, where it was approved by the House of Representatives, but ultimately was not included in the final version of the bill. On May 20, the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity held a Mark-up Session. Subsequently, the bill was forwarded to the Full Homeland Security Committee by Unanimous Consent.
Summary: The legislation would allow for the Assistant Secretary to have primary authority within the Department for all cyber security-related critical infrastructure protection programs of the Department, including policy formulation and program management. The legislation touts strong support from the technology, education, and financial sectors.