3 comments on SSSCA

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Forno <rforno () infowarrior org>

Not only is SSSCA the latest piece of looney-land legislation, but
it's practically unenforceable, IMO. Besides that, two things stand
out in my mind:

Sec 104(b)(1)(a) doesn't make it clear who can be considered a
"copyright owner" - but given that it is mentioned with "device
manufacturers" it implies only the big guns of copyright ownership
such as software, movie, publishing and music entities that rake in
the billions of dollars a year.

> (1) IN GENERAL. -- The Secretary shall make a determination, nor
> more than 12 months after the date of enactment of the Act, as to
> whether -- (A) representatives of interactive digital device
> manufacturers and representatives of copyright owners have reached
> agreement on security system standards for use in interactive
> digital devices; and

I write articles and have 2 books out, one of which I own the
copyright to and determine how/when it will be released. Does that
mean I am excluded from being a "representative of copyright owners"
in this law?

Incidentially, as a copyright holder and author, we have a September
statement regarding this general issue on our website, particularly
involving DRM and why we've released our E-book the way we have.
(http://www.infowarrior.org/dmca.html)

Not to mention, Sec. 202 is nothing more than creating yet ANOTHER IT
security related council within the bueaucracy. We have the CIAO,
Bush's new Cybersecurity Council, this proposed one, and the slew of
other traditional INFOSEC organizations at GSA, NIST, DoD, NIPC, DOE,
and more.

Did anyone else notice that Title I is the contoversial part, while
Title II is a rather benign, feel-good government program part? I bet
it will be submitted with the caeat "if you approve Title II you must
approve Title I" to get it passed in the Senate.

> SEC. 202. COMPUTER SECURITY PARTNERSHIP COUNCIL.
>
> (a) ESTABLISHMENT. -- The Secretary of Commerce, in consultation
> with the President's Information Technology Advisory Committee
> established by Executive Order No. 13035 of February 11, 1997 (62
> F.R. 7231), shall establish a 25-member Computer Security
> Partnership Council the membership of which shall be drawn from
> Federal, State, and local governments, universities, and
> businesses.
>
> (b) PURPOSES. -- The purpose of the Council is to collect and
> share information about, and to increase public awareness of,
> information security practices and programs, threats to
> information security, and responses to those threats.
>
> (c) STUDY. -- Within 12 months after the date of enactment of the
> Act, the Council shall publish a report which evaluates and
> describes areas of computer security research and development that
> are not adequately developed or funded.

Yet another proposal (Title II) that means well but will most likely
be as ineffective as previous ideas.

Folks are much more computer savvy and interested in this stuff than
they were in the 90s....it's going to be much more difficult ( I
hope!) for such a proposal to be passed.

Rick Forno
infowarrior.org



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.