Home page logo

isn logo Information Security News mailing list archives

3 comments on SSSCA
From: InfoSec News <isn () c4i org>
Date: Tue, 11 Sep 2001 01:09:14 -0500 (CDT)

Forwarded from: Richard Forno <rforno () infowarrior org>

Not only is SSSCA the latest piece of looney-land legislation, but
it's practically unenforceable, IMO. Besides that, two things stand
out in my mind:

Sec 104(b)(1)(a) doesn't make it clear who can be considered a
"copyright owner" - but given that it is mentioned with "device
manufacturers" it implies only the big guns of copyright ownership
such as software, movie, publishing and music entities that rake in
the billions of dollars a year.

(1) IN GENERAL. -- The Secretary shall make a determination, nor
more than 12 months after the date of enactment of the Act, as to
whether -- (A) representatives of interactive digital device
manufacturers and representatives of copyright owners have reached
agreement on security system standards for use in interactive
digital devices; and

I write articles and have 2 books out, one of which I own the
copyright to and determine how/when it will be released. Does that
mean I am excluded from being a "representative of copyright owners"
in this law?

Incidentially, as a copyright holder and author, we have a September
statement regarding this general issue on our website, particularly
involving DRM and why we've released our E-book the way we have.

Not to mention, Sec. 202 is nothing more than creating yet ANOTHER IT
security related council within the bueaucracy. We have the CIAO,
Bush's new Cybersecurity Council, this proposed one, and the slew of
other traditional INFOSEC organizations at GSA, NIST, DoD, NIPC, DOE,
and more.

Did anyone else notice that Title I is the contoversial part, while
Title II is a rather benign, feel-good government program part? I bet
it will be submitted with the caeat "if you approve Title II you must
approve Title I" to get it passed in the Senate.


(a) ESTABLISHMENT. -- The Secretary of Commerce, in consultation
with the President's Information Technology Advisory Committee
established by Executive Order No. 13035 of February 11, 1997 (62
F.R. 7231), shall establish a 25-member Computer Security
Partnership Council the membership of which shall be drawn from
Federal, State, and local governments, universities, and

(b) PURPOSES. -- The purpose of the Council is to collect and
share information about, and to increase public awareness of,
information security practices and programs, threats to
information security, and responses to those threats.

(c) STUDY. -- Within 12 months after the date of enactment of the
Act, the Council shall publish a report which evaluates and
describes areas of computer security research and development that
are not adequately developed or funded.

Yet another proposal (Title II) that means well but will most likely
be as ineffective as previous ideas.

Folks are much more computer savvy and interested in this stuff than
they were in the 90s....it's going to be much more difficult ( I
hope!) for such a proposal to be passed.

Rick Forno

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

  By Date           By Thread  

Current thread:
  • 3 comments on SSSCA InfoSec News (Sep 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]