[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: Text of draft Security Systems Standards and Certification Act




------- Forwarded message follows -------
Date sent:      	Fri, 07 Sep 2001 21:24:51 -0400
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: Text of draft Security Systems Standards and Certification Act
Send reply to:  	declan@well.com

Wired News article on SSSCA:
http://www.wired.com/news/politics/0,1283,46655,00.html

---

http://www.politechbot.com/docs/hollings.090701.html

    Text of Security Systems Standards and Certification Act

      Sponsors: Sen. Fritz Hollings (D-S.C.), chairman of the Senate
      Commerce committee, and Sen. Ted Stevens (R-Alaska). Draft dated
      August 6, 2001. This bill has not been introduced as of
      September 7, 2001.

      Keystroked by Declan McCullagh, all typos his. Comments in
      [brackets] are his. The bill is 19 pages long; much of the text
      is summarized and placed in brackets.
      ________________________________________________________________
      _

    Title I -- Security System Standards

    Sec. 101: Prohibition of Certain Devices

      (a) In General -- It is unlawful to manufacture, import, offer
      to the public, provide or otherwise traffic in any interactive
      digital device that does not include and utilize certified
      security technologies that adhere to the security system
      standards adopted under section 104.

      (b) Exception -- Subsection (a) does not apply to the offer for
      sale or provision of, or other trafficking in, any
      previously-owned interactive digital device, if such device was
      legally manufactured or imported, and sold, prior to the
      effective date of regulations adopted under section 104 and not
      subsequently modified in violation of subsection (a) or 103(a).

    Sec. 102: Preservation of the Integrity of Security

      An interactive computer service shall store and transmit with
      integrity any security measure associated with certified
      security techologies that is used in connection with copyrighted
      material or other protected content such service transmits or
      stores.

    Sec. 103: Prohibited Acts

      (a) Removal or Alteration of Security -- No person may --

      (1) remove or alter any certified security technology in an
      interactive digital device; or

      (2) transmit or make available to the public any copyrighted
      material or other protected content where the security measure
      associated with a certified security technology has been removed
      or altered.

      [Summary: Personal TV/cable/satellite time-shifting copies
      normally must be allowed by certified security technologies]

    Sec. 104: Adoption of Security System Standards

      [Summary: The private sector has 12 months to agree on a
      standard, or the Secretary of Commerce will step in. Industry
      groups that can participate: "representatives of interactive
      digital device manufacturers and representatives of copyright
      owners." If industry can agree, the secretary will turn their
      standard into a regulation; if not, normal government processes
      apply and NTIA takes the lead. The standard can be later
      modified. The secretary must certify technologies that adhere to
      those standards. Also: "The secretary shall certify only those
      conforming technologies that are available for licensing on
      reasonable and nondiscriminatory terms." FACA, a federal
      sunshine law, does not apply, and an antitrust exemption is
      included.]

    Sec. 108: Enforcement

    The provisions of section 1203 and 1204 of title 17, United States
    Code, shall apply to any violation of this title as if --

      (1) a violation of section 101 or 103(a)(1) of this Act were a
      violation of section 1201 of title 17, United States Code; and

      (2) a violation of section 102 or section 103(a)(2) of this Act
      were a violation of section 1202 of that title.

    Sec. 109. Definitions

      In this title:

      (1) Certified security technology -- The term "certified
      security technology" means a security technology certified by
      the Secretary of Commerce under section 105.

      (2) Interactive computer service -- The term "interactive
      computer service" has the meaning given that term in section
      230(f) of the Communications Act of 1984 (47 U.S.C. 230(f)).

      [Note: According to 47 U.S.C. 230(f), an "interactive computer
      service" means "any information service, system, or access
      software provider that provides or enables computer access by
      multiple users to a computer server, including specifically a
      service or system that provides access to the Internet and such
      systems operated or services offered by libraries or educational
      institutions."]

      (3) Interactive digital device -- The term "interactive digital
      device" means "any machine, device, product, software, or
      technology, whether or not included with or as part of some
      other machine, device, product, software, or technology, that is
      designed, marketed or used for the primary purpose of, and that
      is capable of, storing, retrieving, processing, performing,
      transmitting, receiving, or copying information in digital
      form."

      (4) Secretary -- The term "Secretary" means the Secretary of
      Commerce [Takes effect at the date of enactment, except for
      sections that wait for federal standard.]

    Title II -- Internet Security Initiatives

      [Summary: Creates 25-member federal "Computer Security
      Partnership Council." Funds NIST computer security program at
      $50 million starting in FY2001, increasing by $10 million a year
      through FY2006. Funds computer security training program
      starting at $15 million in FY2001. Creates federal "computer
      security awards." Requires NIST to encourage P3P and similar
      privacy standards]
      ________________________________________________________________
      _

    Penalties summarized (by Declan):

    Criminal penalties apply to violations of sec. 102 or 103(a)(2).
    That includes the "interactive computer service shall store and
    transmit" without removal section, and the distribute "any
    copyrighted material or other protected content where the security
    measure associated with a certified security technology has been
    removed or altered."

    The criminal penalties are: "(1) shall be fined not more than
    $500,000 or imprisoned for not more than 5 years, or both, for the
    first offense; and (2) shall be fined not more than $1,000,000 or
    imprisoned for not more than 10 years, or both, for any subsequent
    offense." Only someone who violates the law "willfully and for
    purposes of commercial advantage or private financial gain" can be
    convicted.

    Civil penalties apply to violations of sec. 101 or 103(a)(1). That
    includes the section talking about how it's unlawful to make
    systems without security measures, and how nobody may "remove or
    alter any certified security technology in an interactive digital
    device."

    The civil penalties include injunctions in federal court, actual
    damages, and statutory damages.




----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
----------------------------------------------------------------------
---

------- End of forwarded message -------