FC: Text of draft Security Systems Standards and Certification Act

From: Declan McCullagh (declanat_private)
Date: Fri Sep 07 2001 - 18:24:51 PDT

  • Next message: Declan McCullagh: "FC: Judicial bureaucrats retreat, say judges won't be spied on"

    Wired News article on SSSCA:
    http://www.wired.com/news/politics/0,1283,46655,00.html
    
    ---
    
    http://www.politechbot.com/docs/hollings.090701.html
    
        Text of Security Systems Standards and Certification Act
    
          Sponsors: Sen. Fritz Hollings (D-S.C.), chairman of the Senate
          Commerce committee, and Sen. Ted Stevens (R-Alaska). Draft dated
          August 6, 2001. This bill has not been introduced as of September
          7, 2001.
    
          Keystroked by Declan McCullagh, all typos his. Comments in
          [brackets] are his. The bill is 19 pages long; much of the text is
          summarized and placed in brackets.
          _________________________________________________________________
    
        Title I -- Security System Standards
    
        Sec. 101: Prohibition of Certain Devices
    
          (a) In General -- It is unlawful to manufacture, import, offer to
          the public, provide or otherwise traffic in any interactive digital
          device that does not include and utilize certified security
          technologies that adhere to the security system standards adopted
          under section 104.
    
          (b) Exception -- Subsection (a) does not apply to the offer for
          sale or provision of, or other trafficking in, any previously-owned
          interactive digital device, if such device was legally manufactured
          or imported, and sold, prior to the effective date of regulations
          adopted under section 104 and not subsequently modified in
          violation of subsection (a) or 103(a).
    
        Sec. 102: Preservation of the Integrity of Security
    
          An interactive computer service shall store and transmit with
          integrity any security measure associated with certified security
          techologies that is used in connection with copyrighted material or
          other protected content such service transmits or stores.
    
        Sec. 103: Prohibited Acts
    
          (a) Removal or Alteration of Security -- No person may --
    
          (1) remove or alter any certified security technology in an
          interactive digital device; or
    
          (2) transmit or make available to the public any copyrighted
          material or other protected content where the security measure
          associated with a certified security technology has been removed or
          altered.
    
          [Summary: Personal TV/cable/satellite time-shifting copies normally
          must be allowed by certified security technologies]
    
        Sec. 104: Adoption of Security System Standards
    
          [Summary: The private sector has 12 months to agree on a standard,
          or the Secretary of Commerce will step in. Industry groups that can
          participate: "representatives of interactive digital device
          manufacturers and representatives of copyright owners." If industry
          can agree, the secretary will turn their standard into a
          regulation; if not, normal government processes apply and NTIA
          takes the lead. The standard can be later modified. The secretary
          must certify technologies that adhere to those standards. Also:
          "The secretary shall certify only those conforming technologies
          that are available for licensing on reasonable and
          nondiscriminatory terms." FACA, a federal sunshine law, does not
          apply, and an antitrust exemption is included.]
    
        Sec. 108: Enforcement
    
        The provisions of section 1203 and 1204 of title 17, United States
        Code, shall apply to any violation of this title as if --
    
          (1) a violation of section 101 or 103(a)(1) of this Act were a
          violation of section 1201 of title 17, United States Code; and
    
          (2) a violation of section 102 or section 103(a)(2) of this Act
          were a violation of section 1202 of that title.
    
        Sec. 109. Definitions
    
          In this title:
    
          (1) Certified security technology -- The term "certified security
          technology" means a security technology certified by the Secretary
          of Commerce under section 105.
    
          (2) Interactive computer service -- The term "interactive computer
          service" has the meaning given that term in section 230(f) of the
          Communications Act of 1984 (47 U.S.C. 230(f)).
    
          [Note: According to 47 U.S.C. 230(f), an "interactive computer
          service" means "any information service, system, or access software
          provider that provides or enables computer access by multiple users
          to a computer server, including specifically a service or system
          that provides access to the Internet and such systems operated or
          services offered by libraries or educational institutions."]
    
          (3) Interactive digital device -- The term "interactive digital
          device" means "any machine, device, product, software, or
          technology, whether or not included with or as part of some other
          machine, device, product, software, or technology, that is
          designed, marketed or used for the primary purpose of, and that is
          capable of, storing, retrieving, processing, performing,
          transmitting, receiving, or copying information in digital form."
    
          (4) Secretary -- The term "Secretary" means the Secretary of
          Commerce [Takes effect at the date of enactment, except for
          sections that wait for federal standard.]
    
        Title II -- Internet Security Initiatives
    
          [Summary: Creates 25-member federal "Computer Security Partnership
          Council." Funds NIST computer security program at $50 million
          starting in FY2001, increasing by $10 million a year through
          FY2006. Funds computer security training program starting at $15
          million in FY2001. Creates federal "computer security awards."
          Requires NIST to encourage P3P and similar privacy standards]
          _________________________________________________________________
    
        Penalties summarized (by Declan):
    
        Criminal penalties apply to violations of sec. 102 or 103(a)(2). That
        includes the "interactive computer service shall store and transmit"
        without removal section, and the distribute "any copyrighted material
        or other protected content where the security measure associated with
        a certified security technology has been removed or altered."
    
        The criminal penalties are: "(1) shall be fined not more than $500,000
        or imprisoned for not more than 5 years, or both, for the first
        offense; and (2) shall be fined not more than $1,000,000 or imprisoned
        for not more than 10 years, or both, for any subsequent offense." Only
        someone who violates the law "willfully and for purposes of commercial
        advantage or private financial gain" can be convicted.
    
        Civil penalties apply to violations of sec. 101 or 103(a)(1). That
        includes the section talking about how it's unlawful to make systems
        without security measures, and how nobody may "remove or alter any
        certified security technology in an interactive digital device."
    
        The civil penalties include injunctions in federal court, actual
        damages, and statutory damages.
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 18:54:43 PDT