[ISN] 3 comments on SSSCA

From: InfoSec News (isnat_private)
Date: Mon Sep 10 2001 - 23:09:14 PDT

  • Next message: InfoSec News: "[ISN] Stealth encoding bypasses IDS protection"

    Forwarded from: Richard Forno <rfornoat_private>
    Not only is SSSCA the latest piece of looney-land legislation, but
    it's practically unenforceable, IMO. Besides that, two things stand
    out in my mind:
    Sec 104(b)(1)(a) doesn't make it clear who can be considered a
    "copyright owner" - but given that it is mentioned with "device
    manufacturers" it implies only the big guns of copyright ownership
    such as software, movie, publishing and music entities that rake in
    the billions of dollars a year.
    > (1) IN GENERAL. -- The Secretary shall make a determination, nor
    > more than 12 months after the date of enactment of the Act, as to
    > whether -- (A) representatives of interactive digital device
    > manufacturers and representatives of copyright owners have reached
    > agreement on security system standards for use in interactive
    > digital devices; and
    I write articles and have 2 books out, one of which I own the
    copyright to and determine how/when it will be released. Does that
    mean I am excluded from being a "representative of copyright owners"
    in this law?
    Incidentially, as a copyright holder and author, we have a September
    statement regarding this general issue on our website, particularly
    involving DRM and why we've released our E-book the way we have.
    Not to mention, Sec. 202 is nothing more than creating yet ANOTHER IT
    security related council within the bueaucracy. We have the CIAO,
    Bush's new Cybersecurity Council, this proposed one, and the slew of
    other traditional INFOSEC organizations at GSA, NIST, DoD, NIPC, DOE,
    and more.
    Did anyone else notice that Title I is the contoversial part, while
    Title II is a rather benign, feel-good government program part? I bet
    it will be submitted with the caeat "if you approve Title II you must
    approve Title I" to get it passed in the Senate.
    > (a) ESTABLISHMENT. -- The Secretary of Commerce, in consultation
    > with the President's Information Technology Advisory Committee
    > established by Executive Order No. 13035 of February 11, 1997 (62
    > F.R. 7231), shall establish a 25-member Computer Security
    > Partnership Council the membership of which shall be drawn from
    > Federal, State, and local governments, universities, and
    > businesses.
    > (b) PURPOSES. -- The purpose of the Council is to collect and
    > share information about, and to increase public awareness of,
    > information security practices and programs, threats to
    > information security, and responses to those threats.
    > (c) STUDY. -- Within 12 months after the date of enactment of the
    > Act, the Council shall publish a report which evaluates and
    > describes areas of computer security research and development that
    > are not adequately developed or funded.
    Yet another proposal (Title II) that means well but will most likely
    be as ineffective as previous ideas.
    Folks are much more computer savvy and interested in this stuff than
    they were in the 90s....it's going to be much more difficult ( I
    hope!) for such a proposal to be passed.
    Rick Forno
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 01:58:08 PDT