IP: Read it and if you don't like it act now !!! Text of draft Security Systems Standards and Certification Act

[David Farber <dave () farber net>]

> From: Declan McCullagh <declan () well com>
> =
> Wired News article on SSSCA:
> http://www.wired.com/news/politics/0,1283,46655,00.html
>
> ---
>
> http://www.politechbot.com/docs/hollings.090701.html
>
>    Text of Security Systems Standards and Certification Act
>
>      Sponsors: Sen. Fritz Hollings (D-S.C.), chairman of the Senate
>      Commerce committee, and Sen. Ted Stevens (R-Alaska). Draft dated
>      August 6, 2001. This bill has not been introduced as of September
>      7, 2001.
>
>      Keystroked by Declan McCullagh, all typos his. Comments in
>      [brackets] are his. The bill is 19 pages long; much of the text is
>      summarized and placed in brackets.
>      _________________________________________________________________
>
>    Title I -- Security System Standards
>
>    Sec. 101: Prohibition of Certain Devices
>
>      (a) In General -- It is unlawful to manufacture, import, offer to
>      the public, provide or otherwise traffic in any interactive digital
>      device that does not include and utilize certified security
>      technologies that adhere to the security system standards adopted
>      under section 104.
>
>      (b) Exception -- Subsection (a) does not apply to the offer for
>      sale or provision of, or other trafficking in, any previously-owned
>      interactive digital device, if such device was legally manufactured
>      or imported, and sold, prior to the effective date of regulations
>      adopted under section 104 and not subsequently modified in
>      violation of subsection (a) or 103(a).
>
>    Sec. 102: Preservation of the Integrity of Security
>
>      An interactive computer service shall store and transmit with
>      integrity any security measure associated with certified security
>      techologies that is used in connection with copyrighted material or
>      other protected content such service transmits or stores.
>
>    Sec. 103: Prohibited Acts
>
>      (a) Removal or Alteration of Security -- No person may --
>
>      (1) remove or alter any certified security technology in an
>      interactive digital device; or
>
>      (2) transmit or make available to the public any copyrighted
>      material or other protected content where the security measure
>      associated with a certified security technology has been removed or
>      altered.
>
>      [Summary: Personal TV/cable/satellite time-shifting copies normally
>      must be allowed by certified security technologies]
>
>    Sec. 104: Adoption of Security System Standards
>
>      [Summary: The private sector has 12 months to agree on a standard,
>      or the Secretary of Commerce will step in. Industry groups that can
>      participate: "representatives of interactive digital device
>      manufacturers and representatives of copyright owners." If industry
>      can agree, the secretary will turn their standard into a
>      regulation; if not, normal government processes apply and NTIA
>      takes the lead. The standard can be later modified. The secretary
>      must certify technologies that adhere to those standards. Also:
>      "The secretary shall certify only those conforming technologies
>      that are available for licensing on reasonable and
>      nondiscriminatory terms." FACA, a federal sunshine law, does not
>      apply, and an antitrust exemption is included.]
>
>    Sec. 108: Enforcement
>
>    The provisions of section 1203 and 1204 of title 17, United States
>    Code, shall apply to any violation of this title as if --
>
>      (1) a violation of section 101 or 103(a)(1) of this Act were a
>      violation of section 1201 of title 17, United States Code; and
>
>      (2) a violation of section 102 or section 103(a)(2) of this Act
>      were a violation of section 1202 of that title.
>
>    Sec. 109. Definitions
>
>      In this title:
>
>      (1) Certified security technology -- The term "certified security
>      technology" means a security technology certified by the Secretary
>      of Commerce under section 105.
>
>      (2) Interactive computer service -- The term "interactive computer
>      service" has the meaning given that term in section 230(f) of the
>      Communications Act of 1984 (47 U.S.C. 230(f)).
>
>      [Note: According to 47 U.S.C. 230(f), an "interactive computer
>      service" means "any information service, system, or access software
>      provider that provides or enables computer access by multiple users
>      to a computer server, including specifically a service or system
>      that provides access to the Internet and such systems operated or
>      services offered by libraries or educational institutions."]
>
>      (3) Interactive digital device -- The term "interactive digital
>      device" means "any machine, device, product, software, or
>      technology, whether or not included with or as part of some other
>      machine, device, product, software, or technology, that is
>      designed, marketed or used for the primary purpose of, and that is
>      capable of, storing, retrieving, processing, performing,
>      transmitting, receiving, or copying information in digital form."
>
>      (4) Secretary -- The term "Secretary" means the Secretary of
>      Commerce [Takes effect at the date of enactment, except for
>      sections that wait for federal standard.]
>
>    Title II -- Internet Security Initiatives
>
>      [Summary: Creates 25-member federal "Computer Security Partnership
>      Council." Funds NIST computer security program at $50 million
>      starting in FY2001, increasing by $10 million a year through
>      FY2006. Funds computer security training program starting at $15
>      million in FY2001. Creates federal "computer security awards."
>      Requires NIST to encourage P3P and similar privacy standards]
>      _________________________________________________________________
>
>    Penalties summarized (by Declan):
>
>    Criminal penalties apply to violations of sec. 102 or 103(a)(2). That
>    includes the "interactive computer service shall store and transmit"
>    without removal section, and the distribute "any copyrighted material
>    or other protected content where the security measure associated with
>    a certified security technology has been removed or altered."
>
>    The criminal penalties are: "(1) shall be fined not more than $500,000
>    or imprisoned for not more than 5 years, or both, for the first
>    offense; and (2) shall be fined not more than $1,000,000 or imprisoned
>    for not more than 10 years, or both, for any subsequent offense." Only
>    someone who violates the law "willfully and for purposes of commercial
>    advantage or private financial gain" can be convicted.
>
>    Civil penalties apply to violations of sec. 101 or 103(a)(1). That
>    includes the section talking about how it's unlawful to make systems
>    without security measures, and how nobody may "remove or alter any
>    certified security technology in an interactive digital device."
>
>    The civil penalties include injunctions in federal court, actual
>    damages, and statutory damages.



For archives see: http://www.interesting-people.org/