Legislation urged to protect corporate data
By Patrick Thibodeau
(IDG) -- A congressional subcommittee exploring the need for new cybercrime legislation was urged by private-sector officials to back laws protecting the confidentiality of security data shared with the government and to prohibit the "harvesting" of e-mail addresses from Web sites by spammers.
"We are constantly subjected to individuals who come to our site, steal our addresses, and then use those e-mail addresses to send illegal spam," said Robert Chesnut, a vice president at online auction site eBay in San Jose, Calif., at a hearing before the House Judiciary Committee's Subcommittee on Crime.
Chesnut said e-mail harvesters are using automated tools to gather e-mail addresses. Calling the activity a "parasitic process" that undermines public confidence in e-commerce, Chesnut urged the committee to outlaw the bulk harvesting of e-mail addresses for the purpose of sending spam. eBay has more than 29 million registered users.
In other testimony, trade group officials said legislation is needed to keep corporate security data that's shared with government agencies from becoming public under the Freedom of Information Act (FOIA).
"Companies worry that if information sharing with the government really becomes a two-way street, FOIA requests for information they have provided to an agency could prove embarrassing or costly," said Harris Miller, president of the Information Technology Association of America, an industry trade group in Arlington, Va.
Sen. Robert Bennett (R-Utah) is expected to introduce legislation before the August recess that would exempt corporate security data from public disclosure. In the House, Reps. Tom Davis (R-Va.) and James Moran (D-Va.), who cosponsored similar legislation last year, are also expected to reintroduce the measure before the recess.
Thursday's hearing was the third and final hearing on cybercrime by the subcommittee, which is looking for legislative ideas on combatting this new criminal activity, said Rep. Lamar Smith (R-Texas), the subcommittee chairman.
"We hope that these hearings will result in some legislation," Smith said. He noted that Congress hasn't updated many of its laws to reflect new technologies and methods of communications since the mid-1980s.
Earlier this week, the committee was urged by Michael Chertoff, a newly confirmed assistant attorney general at the U.S. Justice Department, to toughen penalties for some cybercrimes and to make changes in procedural regulations to clarify the laws used to trace telephone calls so that they can also be applied to e-mail and telephony.
Chertoff, as well as the private-sector officials who testified Thursday, said government must have adequate resources to combat cybercrime.
Underscoring legislative concerns by the private sector was the view that federal law enforcers must move aggressively, particularly to protect intellectual property.
"Criminal prosecution and penalties provide deterrence in a way that civil judgments cannot," said Bob Kruger, a vice president at the Business Software Alliance, an industry trade group whose membership includes some of the world's largest software companies, including Microsoft and Adobe. Kruger said software piracy is costing businesses approximately $11.75 billion annually.
While Kruger said there has been progress in stepping up the pace of prosecutions, he said sustained effort is needed. "Pirates need to know that they stand to lose not just money but also their liberty," he said.
|Back to the top|