98-67 STM Internet: An Overview of Six Key Policy Issues CONGRESSIONAL RESEARCH SERVICE LIBRARY OF CONGRESSNUMBER: 98-67 STMTITLE: Internet: An Overview of Six Key Policy Issues Affecting Its Use and GrowthAUTHOR: Marcia S. Smith and Jane Bortnick GriffithDIVISION: Science, Technology, and Medicine DivisionDATE: Updated May 8, 1998CONTENTS:Cryptography: Encryption and Digital Signatures Encryption Digital SignaturesComputer SecurityComputer Privacy Computer Fraud, Computer Scams, and Consumer Identity Theft Protecting Children from Unsuitable Material and Sexual Predators Privacy of Personal Information in Government DatabasesIntellectual PropertyUnsolicited Electronic Mail ("Junk E-Mail" or "Spamming")Internet Domain Names105th Congress Legislation Encryption and Digital Signatures Computer Security (General) Computer Privacy (General) Computer Privacy (Protecting Children) Computer Privacy (Medical Records Confidentiality) Intellectual Property Unsolicited E-mailRelated CRS ReportsTEXT:Summary The growth of the Internet may be affected by severalissues now being debated by Congress. This report summarizessix key issues from a technology policy perspective. 1. The use of cryptography to protect the privacy ofcommunications (encryption) and to authenticate and verify the origin and content of messages (digital signatures). To date, Congress has focused on the encryption debate, which concerns balancing the interests of personal privacy, competitiveness of U.S. computer companies, and law enforcement and national security requirements. However, digital signature issues are beginning to receive attention, too, particularly the respective roles of federal versus state laws governing their use. 2. Concerns about computer security, particularly unauthorized access or "hacking," are prevalent both in government and the private sector. Congress already has passed laws imposing penalties for hacking into many types of computers (18 U.S.C. 1030), but hacking continues to be a problem. Issues also have been raised about the vulnerability of the nation's critical infrastructure (e.g., electrical power grids and telecommunications) to cyber attacks. 3. Individuals and businesses considering whether to use the Internet are increasingly concerned about issues such as computer fraud and scams, consumer identity theft (where one person assumes the identify of another by using credit card or Social Security numbers, for example), protecting children from unsuitable material, and the privacy of information stored in computer databases. 4. Protection of intellectual property rights presents significant challenges as exact duplicates of material are created and transmitted by computer. Copyright holders want to protect their rights, while some organizations and institutions (particulary academia and scientific researchers) want to make certain they are not denied access to material traditionally available under the "fair use" principle. 5. An unwelcome aspect of the computer age is unsolicited electronic mail or "junk e-mail" ("spamming"). Not only is it a nuisance, but since some Internet service providers require payment for each e-mail message that is read, the cost of the advertisement may be passed on to the consumer. Another concern is some junk e-mail contains pornographic material or links to pornographic Web sites. 6. Navigating the Internet requires using addresses that identify the location of individual computers. How to allocate and designate these "domain names" has become controversial. Among the issues is what role the government should play in governing the domain name system, approaches to resolving trademark disputes, how to foster competition in registration services, and the disposition of monies collected from registration fees for infrastructure improvements. Internet: An Overview of Six Key Policy Issues Affecting Its Use and Growth The continued growth of the Internet for personal,government, and business purposes may be affected by anumber of issues pending before Congress. Among them areensuring the privacy of information transmitted over theInternet or stored in computer databases, establishing"trustworthiness" by authenticating and verifying theorigin and content of messages, protecting children fromunsuitable material, safeguarding system security,protecting intellectual property, limiting unsolicitedelectronic mail, and ensuring system interoperability.This report provides short overviews of each of theseissues from a technology policy perspective, referencingother CRS reports for more detail. Related legislationis identified for each issue, and a list of the bills bytopic is provided at the end. Cryptography: Encryption and Digital Signatures Cryptography can be used to ensure theconfidentiality of data and messages (encryption), aswell as to authenticate the sender of a computer messageand to verify that nothing in the message has beenchanged (digital signatures). Encryption Encryption and decryption are methods of applying thescience of cryptography to ensure the privacy of data andcommunications. CRS Issue Brief 96039, EncryptionTechnology: Congressional Issues, discusses the topic inmore detail. Cryptography traditionally has been the province ofthose seeking to protect military secrets, and until the1970s relied on "secret key" cryptography where thesender and the recipient both had to have the same key. Thus a trusted courier or some other method was requiredto get the key from the sender to the recipient. Theadvent of "public key cryptography" in 1976 made itpossible for encryption to be used on a much broaderscale. In this form of cryptography, each user has apair of keys: a public key available to anyone with whicha message can be encrypted, and a private key known onlyto that user with which messages are decrypted. The "keypair" is electronically generated by whatever encryptionproduct is used. In a hypothetical example, if Bob wantsto sent a private e-mail message to Carol and ensure thatno one else can read it, he obtains Carol's public keyfrom Carol herself or from a publicly available list. Using Carol's public key, Bob encrypts his message. WhenCarol receives the message, she uses her private key todecrypt it. To reply to Bob, Carol gets Bob's public keyfrom Bob or from a publicly available list and uses it toencrypt her response. When Bob receives the message, heuses his private key to decrypt it. Use of strong (difficult to break) encryption isconsidered vital to the growth in use of the Internet,particularly for electronic commerce, because businessesand consumers want to protect the privacy of informationexchanged via computer networks. When a message isencrypted, it is referred to as "ciphertext." Thatmessage is called "plaintext" before it is encrypted andafter it has been decrypted. The Clinton Administrationwants to ensure that authorized law enforcement officialsand government entities can access the plaintext of amessage if undesirable activity is suspected (terrorism,drug trafficking, and child pornography are often citedas examples). If the message is encrypted, they eitherhave to break the encryption by "brute force" (trying allpossible combinations until they get the right one), orget access to the decryption key. The Clinton Administration supports the wide use ofstrong encryption as long as it has a feature called "keyrecovery" to allow authorized law enforcement agents toaccess the plaintext in a timely manner by getting accessto the decryption key. This has raised privacy issues. Also, although there currently are no limits on what typeof encryption is sold in or imported into the UnitedStates, the Administration has sought to influence whattype of products are available domestically by limitingexports, knowing that companies do not want to make oneproduct for domestic use and another for export. Thishas raised industry concerns about placing U.S. computerhardware and software companies at a competitivedisadvantage because they are subject to restraints onwhat they can export. The congressional debate todayover encryption policy is focused on striking a "balance"among individual rights of privacy; the globalcompetitiveness of U.S. companies making, using, orselling encryption products; promotion of secureelectronic commerce; and law enforcement and nationalsecurity needs to monitor undesirable behavior. In 1996, the Clinton Administration developed newexport regulations designed to encourage computerhardware and software manufacturers to develop andimplement key recovery technologies. Although there areother factors that affect the strength of an encryptionproduct, the number of binary digits (bits) in the keyhas been used as the benchmark in this debate. Thelarger the number of bits, the more difficult it is tobreak the encryption. Until December 1996, only 40 bitencryption could be easily exported. Under the newregulations, released on December 30, 1996, for two yearscompanies can easily export 56 bit encryption products ifthey agree to incorporate key recovery features into theproduct within those two years. If they already haveincorporated key recovery into the product, there is nolimit on the bit length that can be exported. (Someexceptions are made for banking.) The Administration isnow reviewing what should happen at the end of 1998 whenthe provisions regarding 56 bit exports are due toexpire. Three bills in the Senate (S. 376, Leahy; S. 377,Burns; and S. 909, McCain) and three in the House (H.R.695, Goodlatte; H.R. 1964, Markey; and H.R. 1903,Sensenbrenner, which passed the House in September)address these issues. CRS Issue Brief 93069 providesfurther information on the content and status of thebills. Five of the six bills (all except H.R. 1964) addressthe export issue. In summary, H.R. 695 (Goodlatte, asintroduced), S. 376 (Leahy) and S. 377 (Burns) seek torelax export controls on encryption, although versions ofH.R. 695 as reported from various committees havesubstantially different provisions. S. 909 (McCain) would permit easy export of 56 bit encryption without keyrecovery, and easy export of any strength encryption ifit is based on a qualified system of key recovery. (S.909 further provides that the 56 bit limit can increaseas recommended by an Encryption Export Advisory Boardestablished by the Act unless the President determines itwould harm national security. The bill also allows thePresident to waive any provision of the bill, includingthe export limits, in the interest of national security,or domestic safety and security.) Modifications to S.909 announced by Senators McCain and Kerrey on March 4,1998 include allowing U.S. companies to export productswith optional recovery features to approved end users. The primary section of H.R. 1903 (Sensenbrenner) thatdealt with export issues (section 7) was deleted beforeit passed the House, but the bill still calls for exportpolicy to be determined in light of the "publicavailability of comparable technology." In the key recovery concept, a "key recovery agent"(or "key holder" in S. 376) has a copy of the decryptionkey. (Or the key could be split among two or more keyrecovery agents for added security.) Having access tosuch a "spare key" through a key recovery agent could bedesirable for a user if a key is lost, stolen, orcorrupted. Most parties to the encryption debate agreethat market forces will drive the development of keyrecovery-based encryption products for stored computerdata because businesses and individuals will want to besure they can get copies of keys in an emergency. Thequestions involve the role of the government in"encouraging" the development of key recovery-basedencryption, whether key recovery agents should berequired to provide keys to duly authorized lawenforcement officials, and the government's role indetermining who can serve as key recovery agents. TheAdministration's December 30, 1996 regulations establishcriteria for key recovery agents that the Department ofCommerce uses to support its decisions on whether or notto approve the export of key recovery encryptionproducts. In addition, the Administration has soughtlegislation to provide liability protection for suchagents, as well as penalties if they make an unauthorizedrelease of such information. S. 376 (Leahy) and S. 909(McCain) both address those issues. Another element needed for the widespread use ofencryption is certificate authorities who issueelectronic certificates verifying that a particularindividual is associated with a particular public key.This is especially important for the conduct ofelectronic commerce, for example, where buyers andsellers want to be assured of each other's identities. The combination of public key encryption and certificateauthorities (some would add key recovery agents) isreferred to as a "public key infrastructure" (PKI). There is debate over whether there should be a single,global PKI, or many different PKIs, but the establishmentof one or more PKIs is expected to add the requisiteelement of "trust" to the Internet needed for its use toexpand. H.R. 1903 (Sensenbrenner) calls for a NationalResearch Council study of PKIs. Originally, S. 909 established mechanisms for thegovernment to register key recovery agents andcertificate authorities. While registration would havebeen voluntary, they would not have been fully covered bythe bill's liability protections if they did notregister. If a certificate authority registered with thegovernment, it could only issue certificates to personswho had stored key recovery information with agovernment-registered key recovery agent or made otherarrangements to assure lawful recovery of plaintext in atimely fashion. The linkage between certificateauthorities and key recovery was controversial becausesome observers felt that the ability to issuecertificates should be independent from the debate overkey recovery. In March 1998, Senators McCain and Kerreyannounced modifications to S. 909 including deletion ofthat linkage. H.R. 1964 (Markey) and H.R. 695 asreported from the House Commerce Committee prohibitconditioning the issuance of certificates on escrowing orsharing of encryption keys. The Clinton Administration repeatedly has indicatedthat it will not seek to change current policy thatallows any type of encryption to be sold in or importedinto the United States. However, on September 3, 1997FBI Director Louis Freeh discussed domestic userestrictions at a hearing before the Senate JudiciaryCommittee's Subcommittee on Technology, Terrorism andGovernment Information. He expressed the point of viewthat only encryption products with key recovery be soldor imported for sale in the United States. Apparently theFBI also had drafted legislation along those lines(reportedly for a House committee) and the issue ofdomestic use restraints has now become an integral partof the encryption debate. Hence, many find theAdministration's position unclear. Publicly, it maintainsthat it is not proposing domestic use restraints, but ithas not prevented the FBI Director from promoting thatcourse of action. Civil liberties groups in particularare opposed to domestic use controls. S. 376 (Leahy) andS. 909 (McCain) both prohibit mandatory key recovery andprovide that persons in any state (and U.S. persons inforeign countries per S. 376) may use any type ofencryption they choose except as otherwise provided bythe Act. S. 377 (Burns), H.R. 695 (Goodlatte, asintroduced), and H.R. 1964 (Markey) say that federal andstate governments may not restrict or regulate the saleof encryption products solely because they haveencryption. The House Intelligence Committee's version ofH.R. 695 includes provisions supportive of the FBI'sposition. A similar amendment was defeated by the HouseCommerce Committee during its markup of the bill. On March 4, 1998, Vice President Gore wrote toSenator Daschle restating the Administration's desire fora "balanced approach" to encryption policy and seeking a"good faith dialogue" to "produce cooperative solutions,rather than seeking to legislate domestic controls." Theletter added that the discussions could also enableadditional steps to relax export controls on encryptionproducts. On April 15, Secretary of Commerce Daley madea speech wherein he said that although theAdministration's policy was the right one, itsimplementation was a failure. He urged both industry andgovernment to strive harder to reach consensus on theissue. At an April 24, 1998 meeting of the CongressionalInternet Caucus, Undersecretary of Commerce WilliamReinsch commented that the Administration is not seekinga legislative solution to encryption issues this year. Representative Goodlatte and Senators McCain and Kerreyhave each expressed optimism that their respective billswill come to the floor for debate this year, however.Digital Signatures Another use of cryptography on the Internet is forauthentication and verification. Digital signatures,which are unique to each individual and to each message,can be used in conjunction with certificate authoritiesto verify that the individuals on each end of acommunication are who they claim to be and toauthenticate that nothing in the message has beenchanged. Through the use of digital signatures, legallyvalid signatures can be produced for use in electroniccommerce. (Digital signatures are one type of electronicsignature. In general, electronic signatures can referto any electronically created identifier meant toauthenticate a writing, but do not necessarily involveencryption.) Of a total of 40 states that have enacted or areconsidering electronic signature laws, 10 have enacteddigital signature or combination electronic/digitalsignature laws (Florida, Indiana, Minnesota, Mississippi,New Hampshire, New Mexico, Oregon, Utah, Virginia, andWashington). Another eight are considering them. Theselaws are summarized in Survey of State Electronic &Digital Signature Legislative Initiatives by AlbertGidari and John Morgan of Perkins Cole. The article isavailable on the Internet Law & Policy Forum's (ILPF's)World Wide Web site: www.ilpf.org/digdig/digrep.htm.Links to the texts of the state laws are provided onanother ILPF Web site, www.ilpf.org/digsig/digsig2.htm. According to Gidari and Morgan, three models havedeveloped at the state level: the "Utah" or"prescriptive" model with a specific public keyinfrastructure scheme including state-licensedcertificate authorities; the "California" or "criteria-based" model that requires digital or electronicsignatures to satisfy certain criteria of reliability andsecurity; and the "Massachusetts" or "signature enabling"model that adopts no specific technological approach orcriteria, but recognizes electronic signatures anddocuments in a manner parallel to traditional signatures. Some of the proposed state laws are general, applying toa wide range of government or private sector activities,while others are more narrowly cast. One controversialaspect of the debate over digital signatures is whetherthere should be a single federal law in place of thevarious state laws. Two bills are pending in the House and one in theSenate regarding digital signatures H.R. 2937 (Baker), H.R. 2991 (Eshoo), and S. 1594 (Bennett). Also, theHouse passed H.R. 1903, the Computer Security EnhancementAct, on September 16 which includes a provisionestablishing a panel to develop policy, guidelines, andtechnical standards for digital signatures. The HouseBanking Committee held a hearing on the federal role inelectronic authentication on July 9, 1997. The HouseScience Committee held a hearing on digital signatures on October 28, 1997. The Senate Banking Committee held ageneral hearing on the topic on October 28, 1997 andspecifically on S. 1594 on March 11, 1998. Computer Security Unauthorized access to computers ("hacking") is agrowing problem both for the government and the privatesector. The extent of the problem is difficult toquantify because many institutions do not want thenegative publicity associated with public acknowledgmentof hacking attempts (whether successful or not). Also,many attempts to hack into a computer system may goundetected. Some of the best data publicly available sofar are contained in a 1996 report by the SenateGovernmental Affairs Permanent Select Subcommittee onInvestigations, together with a related series ofhearings and a General Accounting Office report(GAO/AIMD-96-84). The GAO study referenced an assessmentby the Defense Information Systems Agency that Departmentof Defense computers may have been attacked 250,000times during 1995. The assessment added that the numbermay represent just a small fraction of the attemptsbecause only an estimated 1 in 150 attacks are detectedand reported. In the private sector, the subcommittee'sreport cited an estimate from one private securitycompany that the private sector had lost $800 million in1995 due to computer intrusions. Most losses have notbeen publicly acknowledged, however. A 1998 survey by the Computer Security Institute(CSI) conducted in cooperation with the FBI concludedthat computer crime and computer security breachesincreased 16% over its 1997 survey. Those breachesinclude more than just "hacking" incidents, however, suchas theft of proprietary information, sabotage, insiderabuse of Internet access, financial fraud, spoofing,denial of service, viruses, telecommunications fraud,wiretapping, eavesdropping, and laptop theft. Lossesranged from $50 due to a computer virus to $50 millionfor unauthorized insider access. Unauthorized access canbe attributed either to insiders or outsiders. CSIreported that losses from unauthorized insider accessranged from $1,000 to the $50,000,000 previously noted,with an average of $2,809,000. For unauthorized outsideraccess ("system penetration by outsider"), losses rangedfrom $500 to $500,000, with an average loss of $86,000. Total losses in 1998 from all categories of computercrime and computer security breaches was listed as$136,822,000. Tables from the CSI report and a pressrelease are available athttp://www.gosci.com/prelea11.htm. The Joint EconomicCommittee held a hearing on "Cybercrime, TransnationalCrime and Intellectual Property Theft" on March 24, 1998highlighting the FBI's role in fighting such crime. Of particular concern recently has been the issue ofwhether America's basic infrastructure could be at riskfrom hacking into the computer systems that are usedtoday for operating everything from electric utilities totelecommunications networks. The President's Commissionon Critical Infrastructure Protection (PCCIP) issued areport in November 1997 regarding "cyberthreats" to thenation's infrastructure information andcommunications, banking and finance, energy (includingelectric power, oil, and gas), physical distribution, andvital human services. The report, Critical Foundations:Protecting America's Infrastructures, was reviewedthrough an interagency process and a PresidentialDecision Directive is expected to be issued imminently.The House Science Committee held a hearing on November6, 1998. The Senate Judiciary Committee held hearingson November 5, 1997 and March 17, 1998. Reports of unauthorized access to credit card numbersstored on computers also have attracted much interest. Not only is there the risk of direct financial loss fromsomeone using a credit card without authorization of thecard owner, but increasingly people are concerned aboutconsumer identity theft that involves use of another'spersonally identifiable information such as credit cardnumbers. That issue is addressed below. The federal computer fraud and abuse statute, 18U.S.C. 1030, addresses protection of federal and bankcomputers, and computers used in interstate and foreigncommerce. CRS Report 97-1025, Computer Fraud & Abuse: AnOverview of 18 U.S.C. 1030 And Related Federal CriminalLaws, provides more information on the statute. Ingeneral, it prohibits trespassing, threats, damage,espionage, and using those computers for committingfraud. In December 1997, acknowledging the growing problemof crime on the Internet, the United States, Britain,Canada, France, Germany, Italy, Japan and Russia agreedon steps to fight computer crimes: insure that asufficient number of trained and equipped law enforcementpersonnel are allocated to fighting high-tech crime;establish high-tech crime contacts available on a 24-hourbasis; develop faster ways to trace attacks comingthrough computer networks to allow for identification ofthe responsible hacker or criminal; where extradition ofa criminal is not possible, devote the same commitment oftime and resources to that prosecution that a victimnation would have devoted; preserve information oncomputer networks so computer criminals cannot alter ordestroy electronic evidence; review legal systems toensure they appropriately criminalize computer wrongdoingand facilitate investigation of high-tech crimes; andwork with industry to devise new solutions to make iteasier to detect, prevent and punish computer crimes. Computer PrivacyComputer Fraud, Computer Scams, and Consumer IdentityTheft Computer networks offer a new mechanism for thecommission of fraud and scams against unwittingconsumers. Although the types of fraud and scams thathave been identified on the Internet are not new,perpetrators have easy access to a wide audience via theInternet. Consumer identity theft, in which oneindividual assumes the identity of another using personalinformation such as credit card and Social Securitynumbers, is also seen as increasing due to the widespreaduse of computers for storing and transmittinginformation. Congress directed the Federal Reserve Boardto study the issue of the availability to the public ofsensitive identifying information, whether suchinformation could be used to commit financial fraud, andthe risk to insured depository institutions. Its March1997 report (Report to the Congress Concerning theAvailability of Consumer Identifying Information andFinancial Fraud) concluded that there are insufficientdata to draw conclusions about losses from thisparticular subset of financial fraud. Although anecdotalinformation suggests this type of fraud is increasing,the Board concluded that these losses are a small partof overall fraud losses and do not pose a significantthreat to insured depository institutions. As noted above, 18 U.S.C. 1030 addresses computerfraud, and the United States and seven other countriesagreed in December 1997 to coordinate their efforts atfighting computer crime, including fraud. Many bills have been introduced in the Senate andHouse regarding protection of personally identifiableinformation generally, and specifically Social Securitynumbers. Some of the legislation is targeted towardsall consumers, while other bills focus primarily onpreventing acquisition of a child's personallyidentifiable information without a parent's knowledge, orattempting to obtain information about parents fromchildren. Three bills are pending before the Senate (S.504, Feinstein; S. 512, Kyl; and S. 600, Feinstein) andnine before the House (H.R. 98, Vento; H.R. 1287, Franks;H.R. 1330, Kanjorski; H.R. 1331, Kennelly; H.R. 1367,Barrett; H.R. 1813, Kleczka; H.R. 1964, Markey; H.R.1972, Franks; and H.R. 2368, Tauzin). The majorprovisions of those bills are summarized in CRS Report97-1061, Protecting Privacy on the Internet: A Summaryof Legislative Proposals. The House JudiciaryCommittee's Subcommittee on Crime held a hearing on April30, 1998 on H.R. 1972 and related legislation. CRSReport 97-833, Information Privacy, provides moreinformation on the legal aspects of these issues. Industry self-regulation is the focus of attentiontoday, however. In December 1997, the Federal TradeCommission (FTC) released the report Individual ReferenceServices: A Report to Congress[http://www/ftc/gov/opa/9712/inrefser.htm] that discusseda set of new industry "principles" adopted by companiesthat operate computerized databases (individual referenceservices or look-up services). Among the principles arethat individual reference services will not distribute tothe general public non-public information such as SocialSecurity numbers, birth dates, mother's maiden names,credit histories, financial histories, medical records,or any information about children. Look-up services maynot allow the general public to run searches using aSocial Security number as a search term or make availableinformation gathered from marketing transactions. Also,consumers will be allowed to obtain access to the non-public information maintained about them and to "opt-out"of that non-public information. The FTC noted that theprinciples did not address all areas of concern, however,and made a number of recommendations accordingly. The real question is whether voluntary industryguidelines will assuage consumer fears about potentialviolations of their privacy. The 1998 case of a navalofficer whose identity was improperly disclosed to navalinvestigators by an Internet service provider (AmericanOnline) in violation of its own policies underscoresthose concerns. The House Judiciary Committee'sSubcommittee on Courts and Intellectual Property held ageneral hearing on privacy in electronic communicationson March 26, 1998.Protecting Children from Unsuitable Material and SexualPredators Concern is growing about what children areencountering over the World Wide Web, particularly interms of indecent material or contacts with strangers whointend to do them harm. The private sector has respondedby developing filtering and tracking software to allowparents either to prevent their children from visitingcertain Web sites or to provide a record of what sitestheir children have visited. Congress passed the Communications Decency Act (CDA)as part of the 1996 Telecommunications Act (P.L. 104-104). Among other things, CDA would have made it illegalto send indecent material to children via the Internet(see CRS Report 97-841, Indecency: Restrictions onBroadcast Media, Cable Television, and the Internet). InJune 1997, the Supreme Court overturned the portions ofthe CDA dealing with indecency and the Internet.(Existing law still permits criminal prosecutions fortransmitting obscenity or child pornography over theInternet.) The Clinton Administration, which had sought touphold the CDA, subsequently proposed an "E-chip" forcomputers, equivalent in purpose to the V-chip mandatedfor most television sets in the Telecom Act (see CRSReport 97-43, V-Chip and TV Ratings: Helping ParentsSupervise Their Children's Television Viewing, forinformation on the latter). In theory, an "E-chip" wouldblock access by children to Web sites with ratingsindicating indecent or otherwise objectionable material.Unlike the television V-chip, where a single ratingssystem was developed because of limits on the amount ofinformation that can be transmitted with the broadcastsignal, multiple ratings systems could exist for Websites. Many different organizations could rate aparticular Web site, with or without the knowledge andparticipation of the Web site owner. Parents could setthe "E-chip" to screen out Web sites based on the ratingsystem of whatever organization(s) they choose. Software to block access to Web sites or e-mailaddresses has existed for many years (commercial products include Cyber Patrol, Cyber Sitter, Net Nanny,Net Shepard, and SurfWatch). Other products (such asNet Snitch) do not prohibit access to sites, but maintaina record that a parent can review to know what sites achild has visited. Some filtering products screen sitesbased on keywords, while others use ratings systems basedon ratings either by the software vendor or the Web siteitself. Both types of ratings are still uncommon, but maybecome more available as industry attempts to self-regulate to stave off governmental regulation. Existingfiltering software products have received mixed reviews, however, because they cannot effectively screen out allobjectionable sites on the ever-changing Web, or becausethey inadvertently screen out useful material. ThreeHouse bills have been introduced to require Internetservice providers to offer filtering software to parents: H.R. 774 (Lofgren); H.R. 1180 (McDade); and H.R. 1964(Markey). Some privacy groups object to filtering softwarebecause of the amount of useful information to which itdenies access. A November 1997 report on filteringsoftware was released by the Electronic PrivacyInformation Center (EPIC) entitled Faulty Filters: HowContent Filters Block Access to Kid-Friendly Informationon the Internet (available at http://www2.epic.org/reports/filter-report.html). EPICtested a filtering program called Net Shepard, searchingthe Web for sites it expected to be useful to andsuitable for children. For example, EPIC searched forWeb sites about the "American Red Cross" (entered intothe search engine in quotes to ensure that only itemswith that exact set of words in that order would bereturned) with and without Net Shepard activated. EPICreported that Net Shepard prevented access to 99.8% ofthe sites. From this and other similar examples, EPICconcluded that in the effort to protect children from asmall amount of unsuitable material, they were beingdenied access to a large amount of suitable information. Many privacy advocates also feel that filtering is a formof censorship. Other critics object to the fact that aparent would not know specifically what sites or words aparticular software product was blocking out. The debate today over filtering systems is focused onschools and libraries. Policies adopted by localcommunities reflect the spectrum of attitudes on thistopic. Some are choosing to allow children to usecomputers at local libraries only with parentalpermission, some are using filtering software, and othersare choosing no restrictions. Senator McCain and Representative Franks haveintroduced bills (S. 1619 and H.R. 3177) that wouldrequire schools and libraries receiving federally-provided "e-rate" subsidies (through the universalservice fund) to use filtering software to block outInternet sites that might contain material inappropriatefor children. Libraries receiving e-rate funds arerequired to have one or more computers that use filteringsoftware. The determination of what is inappropriate isleft to the school, school board, library, or "otherauthority responsible for making the requiredcertification." The Senate Commerce Committee held ahearing on S. 1619 on February 10, 1998, and ordered thebill reported on March 12. Supporters of therequirement for filtering systems argue that childrenmust be protected from inappropriate material,particularly when their parents are not present tosupervise them. Opponents argue that it is censorship,that the filtering software also prevents access toappropriate sites, and that such decisions should be leftto the local community. During markup, Senator Burnsoffered but then withdrew an amendment that would haverequired that schools and libraries adopt Internet usepolicies instead of mandating a technological solution tothe problem. Senator Breaux offered and withdrew anamendment to require a blocking system that could beadjusted to suit the user. Some form of those amendmentsis expected to be offered during floor consideration ofthe bill. Other legislation also has been introduced dealingwith indecency on the Internet. S. 1482 (Coats) wouldprohibit commercial distribution of material that is "harmful material to minors" over the Web. The bill wasintroduced to replace the provisions of theCommunications Decency Act that were overturned by theSupreme Court. By limiting the language to commercialactivities, Senator Coats has stated that he hopes tohave drafted a bill that will survive court challenges. The bill was referred to the Commerce Committee, whichheld a hearing on February 10, 1998 and ordered the billreported on March 12. A companion bill, H.R. 3783, wasintroduced by Representative Oxley on April 30, 1998. Two other House bills, H.R. 2173 (Franks), and H.R.2648 (Bachus), also are related to protection ofchildren. H.R. 2173 would require Internet serviceproviders to report to law enforcement officialsinstances of suspected child abuse they discover or thatare brought to their attention by users. They also wouldhave to turn over any evidence they gathered. The HouseJudiciary Committee's Subcommittee on Crime held ahearing on H.R. 2173 and related legislation on April 30,1998. H.R. 2648 would set penalties for possessing morethan three items of material containing child pornographythat has been transported by various means, including bycomputer. Another Senate bill, S. 900 (Feingold), would amendfederal sentencing guidelines to enhance a sentence "ifthe defendant used a computer with the intent topersuade, induce, entice, or coerce a child ... to engagein any prohibited sexual activity." S. 900 was reportedfrom the Senate Judiciary Committee on October 9, 1997without written report. The Internet community is anxious to avoidlegislation. At a "Kids Online Summit" in December 1997,several major players in the Internet industry pledged todo what they could to make the Internet safer forchildren. America Online (AOL), one of the largestInternet service providers, for example, announced a newpolicy stating that "when child pornography isappropriately brought to our attention and we havecontrol over it, we will remove it. Subject toconstitutional safeguards and statutory privacysafeguards, we will cooperate fully with law enforcementofficials investigating child pornography on theInternet." AOL, AT&T, and Microsoft promised to offerfiltering software to parents and implement an outreachand educational campaign to increase its use. Part of the concern about unsuitable material on theInternet involves unsolicited advertising ("junk e-mail")that contains pornography or links to pornographic Websites (see below). There also are legislative efforts to prevent sexualpredators from obtaining Internet accounts that couldallow them to contact children. Because conversationscan take place anonymously on the Internet, a child maynot know that (s)he is talking with an adult. The adultmay persuade the child to agree to a meeting, with tragicresults. One bill in the Senate and one in the House(S. 1356, Faircloth; H.R. 2791, Roukema) would prohibitsexually violent predators [as defined in section170101(a)(3) of the Violent Crime Control and LawEnforcement Act of 1994] from obtaining Internetaccounts. Another House bill, H.R. 2815 (Weller), wouldmake it a crime to target children for sexually explicitmessages or contacts. H.R. 3494 (McCollum) would, interalia, prohibit contacting a minor over the Internet forthe purposes of engaging in illegal sexual activity, andpunish those who knowingly send obscenity to children. A hearing was held by the House Judiciary Committee'sSubcommittee on Crime on H.R. 3494, S. 2815, and relatedlegislation on April 30, 1998. H.R. 3494 was orderedreported from full committee on May 6. Privacy of Personal Information in Government Databases The growth in the use of the Internet for providinggovernment services raises similar concerns about how toensure the confidentiality of personal information. Useof computer and telecommunications technologies bygovernment agencies for storing, accessing, anddisseminating information offers the advantages ofpotentially reducing costs, while simultaneouslyimproving customer service. For these reasons, agencieshave placed considerable emphasis on developing onlineaccess to information and enhancing the ability ofcitizens to supply information electronically to thegovernment to receive services or comply with rules andregulations. Both the Administration's NationalPerformance Review (NPR) effort and its NationalInformation Infrastructure (NII) initiative emphasizedthe use of information technology for improvingefficiency of government operations, increasing citizenaccess to government information, and providing betterservice to individuals. As these efforts begin to move from the planning tothe operational phases, agencies are faced with the needto provide adequate privacy protections for these systemsand services. While the Internet offers considerableadvantages in terms of the ease with which large numbersof people can interact with agency computer systems, italso lacks security. It is critical for the success ofthese new "electronic government" initiatives that thepublic has confidence that personal privacy is notjeopardized. Thus, agencies must develop adequateprocedures and apply technological safeguards to ensurethat confidentiality of agency records is notcompromised. A recent example of this issue is the development ofan online Personal Earnings and Benefit EstimateStatement (PEBES) by the Social Security Administration(SSA). As summarized in its September 1997 report SocialSecurity: Privacy and Customer Service in the ElectronicAge, the SSA initiated an online PEBES service in March1997, following earlier pilot testing and afterconsiderable study and developmental work. The systemallowed individuals to query the system for their PEBESdata and receive instantaneous response over theInternet. People needed to supply five authenticatingelements (name, social security number, date of birth,state of birth, and mother's maiden name) to gain accessto the data. While these authentication procedures wereconsistent with what is required using SSA's 800-numberand for written requests, there was a strong publicresponse to potential privacy abuses. The concerns centered on the fact that theauthenticating data are readily available from a varietyof sources and thus PEBES information could be obtainedby those other than the individual whose records would beprovided. In response to these concerns, SSA suspendedoperation of the online PEBES system and held six publicforums around the country to solicit comments fromexperts and interested citizens. Based upon the inputreceived from these forums and other sources, such ascongressional hearings, SSA concluded that it wouldprovide a modified version of online PEBES on theInternet with additional security and authenticationsafeguards early in 1998. Since the law requires SSA toprovide, by 1999, PEBES statements each year to allworkers 25 and older, SSA considers it a very highpriority to establish an online PEBES system that willmeet necessary security and privacy standards. It hasannounced plans to implement additional safeguards usinga public key infrastructure in the future. The SSA example is indicative of a major trend towardgreater use of the Internet for these types of governmentfunctions. While there are no pending bills in theSenate, Representative Eshoo introduced H.R. 2991, theElectronic Commerce Enhancement Act of 1997, to requireagencies to create online versions of their forms andmake them accessible to the public. This would enablecitizens to fill out forms online, return them (alongwith payments, such as taxes owed), and verify thetransactions using digital signature technology(discussed earlier). Major legislative changes to the welfare,immigration, and health care payments systems alsonecessitate the creation of large scale databases tomonitor the status of applicants for programs. Forexample, the Personal Responsibility and Work OpportunityReconciliation Act, P.L. 104-193 (welfare reform),establishes new federal databases for all new hiresnationwide, quarterly wage reports of all workingpersons, unemployment insurance data, and lists of peoplewho owe or are owed child support. The first componentof this system, the National Directory of New Hires,recently went into operation and requires every state tosend data on new hires daily to the Department of Healthand Human Services (HHS). The goal of this system is totrack parents who are overdue on their child supportpayments, but some privacy advocates are concerned thatit might be used for purposes beyond those identified inthe statute, such as other government agencies using itto verify eligibility for benefits programs. The IllegalImmigration Reform and Immigrant Responsibility Act (P.L.104-208) required enhancements to the systems used tomonitor immigration into the United States in an effortto thwart illegal immigration. As required by the law,the Immigration and Naturalization Service (INS) hasbegun implementing new digital "green cards", which storedigitized fingerprints, a digital photo, and a digitalsignature. The Health Insurance Portability andAccountability Act (P.L. 104-191) establishedrequirements for the use of standard electronictransactions for activities such as the submissions ofhealth insurance financial claims and transmission ofpayment and remittance advice. (See CRS Issue Brief98002, Medical Records Confidentiality, for a discussionof those issues and related legislation: H.R. 52, H.R.1815, S. 1368, and S. 1921). These developments,combined with efforts to move towards more electronicbenefits delivery systems, reinforce the need foreffective mechanisms to protect confidentiality andensure system security in government computer operations. Intellectual Property The era of global Internet connectivity presentssignificant challenges to effectively protecting therights of copyright holders. Computers can make exactduplicates of originals and networks can provide accessto literally millions of individuals. Some observersmaintain that the growth of international computernetworks will depend, in part, upon the willingness ofindividuals and businesses to make information availableelectronically. Absent adequate intellectual propertyprotection, authors and publishers often are reluctant toprovide Internet access to material of value. Someexperts contend that technological solutions, such asencryption, digital signatures, digital watermarks, andother verification software, will address these concerns. Others suggest that the existing legal regime forintellectual property rights is inadequate for addressingthe electronic distribution of material and must bereplaced with different approaches to fosteringcreativity in the digital environment. Many maintainthat existing legal authorities can and should bemodified to account for the changing technological sceneand recommend expanding the current legal framework toencompass the transmission of digital information. Legislation has been introduced that addresses aspects of intellectual property rights in the digitalera. These include House and Senate (H.R. 2281, Coble; S. 1121, Hatch) bills reflecting the ClintonAdministration's proposal to implement two new WorldIntellectual Property Organization (WIPO) treatiesadopted in Geneva in December 1996. Those are the WIPOPerformances and Phonograms Treaty and the WIPO CopyrightTreaty. The latter covers copyright protection fordigital transmission over the Internet and other computernetworks, in addition to protection for computer programsand databases as intellectual works. H.R. 2281 and S.1121 would amend the Copyright Act to prohibit thecircumvention of anti-copying technology and assure theintegrity of copyright management information systems.Alternative House (H.R. 3048, Boucher) and Senate (S.1146, Ashcroft) bills to implement the WIPO treaties wereintroduced that have somewhat different languageconcerning circumvention of anti-copying technologies andcopyright management information systems, but alsoinclude provisions related to use of copyrighted digitalmaterial by teachers and librarians. (See CRS Report 97-444, World Intellectual Property Organization CopyrightTreaty: An Overview.) H. R. 2281 was ordered reportedfrom the House Judiciary Committee on April 1, 1998. TheSenate Judiciary Committee considered S. 1121 and S. 1146on April 30 and ordered reported a new bill, S. 2037, incorporating provisions from both. S. 2037 and H.R. 2281 also cover copyrightinfringement liability of online service providers (OSPs)(See Endnote 1.). The debate focuses on the legalliability of the OSPs in situations where they actstrictly as conduits for material that infringes oncopyright. While copyright holders generally assert thatexisting copyright law is adequate to deal with the issueof OSP liability, others in the telecommunicationsindustry and the academic and library communitiesadvocate new legislation to specify the OSP exemptionfrom liability. (See CRS Report 97-950, Online ServiceProvider Copyright Liability: Analysis and Discussion ofH.R. 2180 and S. 1146.) The Senate and House JudiciaryCommittees held hearings on these issues on September 4and September 16, 1997, respectively. Legislation covering the issue of database protectionhas not yet been introduced in the Senate, butRepresentative Coble has introduced H.R. 2652, theCollections of Information Antipiracy Act. The bill wasthe subject of hearings by the Subcommittee on Courts andIntellectual Property of House Judiciary on October 23,1997 and February 12, 1998. Unlike legislationintroduced in the 104th Congress that would have createda sui generis protection for databases, H.R. 2652 is morenarrowly constructed to supplement existing copyright andcontract rights with new rights to protect against themisappropriation of commercial collections of data thatwould result in unfair competition. The bill was orderedreported from the House Judiciary Committee on March 24,1998. The issue is very controversial. At the October 23hearing, testimony from scientific groups and the librarycommunity cautioned against establishing new protectionsfor databases that might compromise fair use and accessto data for scientific research. They questioned whethera need for a new intellectual property right has beenadequately demonstrated. In addition, witnesses fromthese communities raised concerns about definitions ofkey terms, such as "database," that might encompass abroader array of information than what would be necessaryto protect competition in the information industry. Finally, they highlighted the importance of ensuring thatinformation produced by government employees remainpublicly available, free from copyright restrictions. On the other side of the issue, database producerstestified that the compilation of factual databasesrequired some form of protection beyond current law ifcompanies could be expected to make substantialinvestments in creating them. The ability to downloadand retransmit data over the Internet facilitates copyingof information, making producers of factual,noncopyrightable, databases more vulnerable. They arguedthat the absence of some form of database-specificproperty rights has a chilling effect on the databaseindustry that would result in fewer factual databasesbeing compiled and thus could potentially reduce theavailability of information to the public. Unsolicited Electronic Mail ("Junk E-Mail" or "Spamming") Another aspect of increased use of the Internet forelectronic mail (e-mail) has been the advent ofunsolicited advertising, or "junk e-mail" (also called"spamming.") In 1991, Congress passed a law (theTelephone Consumer Protection Act, P.L. 102-243) prohibiting, inter alia, unsolicited advertising viafacsimile machines, or "junk fax" (see CRS Report 96-196, Telemarketing Fraud: New Rules to ProtectConsumers). Many question whether there should be ananalogous law for computers, or at least some method forletting a consumer know before opening an e-mail messagewhether or not it is unsolicited advertising. SomeInternet service providers charge customers each timethey open an e-mail message, hence passing the costs ofthe advertising on to the consumer. Junk e-mailrepresents 5 to 30% of the 17 million e-mails handled byAmerica Online (AOL) each day according to an October 2,1997 Associated Press report. To date, the issue of restraining junk e-mail hasbeen fought over the Internet or in the courts. SomeInternet service providers will return junk e-mail to itsorigin, and groups opposed to junk e-mail will sendblasts of e-mail to a mass e-mail company, disrupting thecompany's computer systems. Filtering software also isavailable to screen out e-mail based on keywords orreturn addresses. Knowing this, mass e-mailers may avoidcertain keywords or continually change addresses to foilthe software, however. In the courts, Internet serviceproviders with unhappy customers and businesses thatbelieve their reputations have been tarnished bymisrepresentations in junk e-mail have brought suitagainst mass e-mailers. In the Senate, two bills are pending concerning junke-mail: S. 771 (Murkowski) and S. 875 (Torricelli). S.771 would require those who send unsolicited e-mail toclearly identify in the subject line of the message thatit is an advertisement and require Internet serviceproviders to make software available to their subscribersto block such e-mail. S. 875 would prohibit sending e-mail to anyone who has asked not to receive such mail. In the House, H.R. 1748 (Smith) would amend the 1991Telephone Consumer Protection Act to stop junk e-mail,and H.R. 2368 (Tauzin) would encourage industry toestablish voluntary guidelines for transmission of junke-mail. As noted above, some unsolicited e-mail eithercontains indecent material or provides links to othersites where indecent material is available. Thus,controls over junk e-mail have also arisen in the contextof protecting children from unsuitable material. InOctober 1997, AOL filed suit to prevent a company thatsends unsolicited e-mails offering "cyberstrippers" fromsending e-mail to AOL subscribers. The company, Over theAir Equipment, agreed on December 18, 1997 to drop itschallenge to a preliminary injunction barring it fromsending such advertisements to AOL subscribers (Reuters,Dec. 18, 1997, 11:57 AET).
Internet Domain Names Another Internet issue addressed in the 105th Congressis Internet domain names. Internet domain names werecreated to provide users with a simple location name forcomputers on the Internet, rather than using the morecomplex, unique Internet Protocol (IP) number thatdesignates their specific location. As the Internet hasgrown, the method for allocating and designating domainnames has become controversial. The House ScienceCommittee held hearings on Internet domain name issues onSeptember 25 and 30, 1997, and March 31, 1998. Among theissues are governance of the domain name system, how tofoster competition in domain name registration services,and approaches to resolving trademark disputes thatarise in designating domain names. The latter topic wasthe subject of hearings before the House JudiciaryCommittee's Subcommittee on Courts and IntellectualProperty on November 5, 1997 and February 12, 1998. The domain name issue is discussed in more detail inCRS Report 97-868, Internet Domain Names: Background andPolicy Issues. Briefly, in 1993, the National ScienceFoundation (NSF) entered into a 5-year cooperativeagreement with Network Solutions, Inc (NSI) to operateInternet domain name registration services. In 1995, theagreement was modified to allow NSI to charge registrantsa $50 fee per year for the first two years, of which 70%goes to NSI to cover its costs and 30% is deposited inthe "Intellectual Infrastructure Fund" to be reinvestedin the Internet. The cooperative agreement between NSF and NSI expiredon March 31, 1998, but was automatically extended for sixmonths while decisions are made on how to handle domainname registration in the future. There has beencriticism of NSI's exclusive control over registration ofdomain names and an increase in trademark disputes overname registrations in the ".com" domain that identifiesbusinesses. On February 4, 1998, the Department of Commercereleased a "discussion draft" entitled Proposal toImprove Technical Management of Internet Names andAddresses (often called the "green paper") setting forththe Administration's proposal to privatize administrationof the domain name system. A new private, not-for-profit corporation would be created to which the U.S.government would transition authority for domain nameregistration, with operational responsibility transferredby September 1998. The new corporation would serve apolicy-setting role and administer certain technicalaspects of Internet operation (direct allocation ofInternet Protocol number blocks, oversee operations ofthe Internet root server system, for example). The U.S.government would participate in policy oversight of thenew corporation during a transition period ending nolater than September 2000. Also, five new "generic toplevel domains" (such as .com) would be created and fiveregistries to oversee them (one for each). Thus therewould be six domain name registries NSI and the fivenew entities. There would be no limit on the number of"registrars" who would act as the interface between anInternet user and the registries. At a House Science Committee hearing on March 31,1998, strong opposition to the green paper was voiced bythe Internet Council of Registrars (CORE). Anassociation of 87 companies, CORE was established in 1996to manage the master database of domain names and themain computer servers that route address informationaround the world. CORE has proposed a 10-point plan thatwould, among other things, create seven new categories ofgeneric top level domains, instead of five as recommendedin the green paper. A single non-profit registry wouldcontrol all the generic top level domains instead of thesix registries proposed in the green paper. Otherwitnesses also expressed reservations about theDepartment's proposal. Additional comments were receivedduring the public comment period that ended March 23. The Department expects to release a final version of theplan (a "white"paper) in the near future. NSF's authority to require the collection of monies that have been set aside in the IntellectualInfrastructure Fund and the disposition of that money arealso controversial. As of March 31, 1998, $56 millionhad been collected. In the FY1998 appropriation billthat includes NSF (P.L. 105-65), Congress allocated $23million of the monies in the fund to NSF's Research andRelated Activities account to support development of theNext Generation Internet. However, the legality of NSF'screation of the infrastructure fund is being debated inthe U.S. District Court for the District of Columbia. A preliminary injunction prevents NSF from spending themoney. The suit claims that NSF lacks the authority toauthorize NSI to collect fees for domain nameregistration services and the money should be refunded tousers. On April 6, 1998, U.S. District Judge ThomasHogan dismissed the charge that NSF lacked authority topermit NSI to collect fees, but let stand another chargechallenging the portion of the fee collected for theinfrastructure fund. Meanwhile, NSF and NSI havediscontinued collecting fees for the infrastructure fundin accordance with the February 4 green paper'srecommendation that allocating part of the registrationfee to the infrastructure fund end on April 1, 1998.
105th Congress Legislation(Note: Many bills would fit under several different categories. Theyare categorized here based on each bill's major thrust in the contextof the topics discussed in this report. Committees to which the billshave been referred are noted in parentheses.)Encryption and Digital SignaturesH.R. 695, Goodlatte, Safety and Freedom Through Encryption (Judiciary, International Relations, National Security, Intelligence, Commerce)H.R. 2937, Baker, Electronic Financial Services Efficiency Act (Commerce, Government Reform and Oversight, Judiciary, Science, Banking and Financial Services)H.R. 2991, Eshoo, Electronic Commerce Enhancement Act (Government Reform and Oversight, Commerce)S. 376, Leahy, Encrypted Communications Privacy Act(Judiciary)S. 377, Burns, Promotion of Commerce On-Line in the Digital Era (Commerce, Science, and Transportation)S. 909, McCain, Secure Public Networks Act (Commerce, Science, and Transportation)S. 1594, Bennett, Digital Signature and ElectronicAuthentication Law (Banking)Computer Security (General)H.R. 1903, Sensenbrenner, Computer Security EnhancementAct (Science)Computer Privacy (General)H.R. 98, Vento, Consumer Internet Privacy Protection(Commerce)H.R. 1287, Bob Franks, Social Security On-line PrivacyProtection (Commerce)H.R. 1330, Kanjorski, American Family Privacy (Government Reform and Oversight)H.R. 1331, Kennelly, Social Security InformationSafeguards (Ways and Means)H.R. 1367, Barrett, Federal Internet Privacy Protection (Government Reform and Oversight)H.R. 1813, Kleczka, Personal Information Privacy (Ways and Means, Banking and Financial Services, Judiciary)H.R. 1964, Markey, Communications Privacy and Consumer Empowerment (Commerce) H.R. 1972, Bob Franks, Children's Privacy Protection and Parental Empowerment (Judiciary)H.R. 2368, Tauzin, Data Privacy Act (Commerce)S. 504, Feinstein, Children's Privacy Protection and Parental Empowerment (Judiciary)S. 512, Kyl, Identify Theft and Assumption Deterrence Act(Judiciary)S. 600, Feinstein, Personal Information Privacy (Finance)Computer Privacy (Protecting Children) Filtering HR 774, Lofgren, Internet Freedom and Child Protection(Commerce)HR 1180, McDade, Family-Friendly Internet Access(Commerce)H.R. 3177, Franks, Safe Schools Internet Act (Commerce)S. 1619, McCain, Internet School Filtering Act (Commerce) OtherH.R. 2173, Franks, Child Abuse Notification Act(Judiciary)H.R. 2648, Bachus, Abolishing Child Pornography Act(Judiciary)H.R. 2791, Roukema, Prohibition on Provision of Internet Service Accounts to Sexually Violent Predators (Commerce)H.R. 2815, Weller, Protecting Children from InternetPredators (Judiciary)H.R. 3494, McCollum, Child Protection and Sexual Predator Punishment Act (Judiciary)H.R. 3783, Oxley, Child Online Protection Act (Commerce)S. 900, Feingold, Child Exploitation SentencingEnhancement Act (Judiciary)S. 1356, Faircloth, Prohibition on Provision of Internet Service Accounts to Sexually Violent Predators (Commerce, Science and Transportation)S. 1482, Coats, Prohibition of Commercial Distribution on the World Wide Web of Material That is Harmful to Minors (Commerce)Computer Privacy (Medical Records Confidentiality)H.R. 52, Condit, Fair Health Information Practices Act (Commerce, Government Reform and Oversight, Judiciary)H.R. 1815, McDermott, Medical Privacy in the Age of Technologies Act (Commerce, Government Reform and Oversight)S. 1368, Leahy, Medical Information Privacy and Security Act (Labor and Human Resources)S. 1921, Jeffords, Health Care Personal Information Nondisclosure Act (Labor and Human Resources)Intellectual Property*H.R. 2180, Coble, On-Line Copyright Liability LimitationAct (Judiciary)*H.R. 2281, Coble, WIPO Copyright Treaties ImplementationAct (Judiciary)H.R. 2652, Coble, Collections of Information AntipiracyAct (Judiciary)H.R. 3048, Boucher, Digital Era Copyright Enhancement Act(Judiciary)*H.R. 3209, Coble, On-Line Copyright Infringement Liability Limitation Act (Judiciary)[* H.R. 2180 and H.R. 3209 were merged into H.R. 2281during markup.]*S. 1121, Hatch, WIPO Copyright and Performances and Phonograms Treaty Implementation Act of 1997 (Judiciary)*S. 1146, Ashcroft, Digital Copyright Clarification and Technology Education Act of 1997 (Judiciary)*S. 2037, Hatch, Digital Millenium Copyright Act(Judiciary)[*S. 2037 replaces S. 1121 and S. 1146.]Unsolicited E-mailH.R. 1748, Christopher Smith, Netizens Protection Act(Commerce)S. 771, Murkowski, Unsolicited Commercial Electronic Mail Choice Act (Commerce, Science, and Transportation)S. 875, Torricelli, Electronic Mailbox Protection Act (Commerce, Science, and Transportation)
Related CRS ReportsComputer Fraud & Abuse: A Sketch of 18 U.S.C. 1030 And Related Federal Criminal Laws, by Charles Doyle. CRS Report 97-1024 A. 5 p. December 3, 1997.Computer Fraud & Abuse: An Overview of 18 U.S.C. 1030 And Related Federal Criminal Laws, by Charles Doyle. CRS Report 97-1025 A. 85 p. November 28, 1997.Encryption and Banking, by M. Maureen Murphy. 12 p. CRS Report 97-835 A. September 15, 1997.Encryption Export Controls, by Jeanne J. Grimmett. 6 p. CRS Report 97-837 A. September 12, 1997.Encryption, Key Recovery & Law Enforcement: Selected Legal Issues and Legislative Proposals, by Charles Doyle. 41 p. CRS Report 97-845 A. September 12, 1997.Encryption Technology and U.S. National Security, by Michael Vaden and Edward Bruner. 9 p. CRS Report 96-670 F. August 8, 1996.Encryption Technology: Congressional Issues, by MarciaSmith. CRS Issue Brief 96039. 15 p. (Updated Regularly)Indecency: Restrictions on Broadcast Media, Cable Television, and the Internet, by Henry Cohen. CRS Report 97-841 A. 14 p. September 12, 1997.Information Privacy, by Gina Marie Stevens. CRS Report 97-833 A. 13 p. September 15, 1997.Internet Domain Names: Background and Policy Issues, byJane Bortnick Griffith. CRS Report 97-868 SPR. 6 p. March 30, 1998.Internet Technology, by Ivan Kaminow and Jane Bortnick Griffith. CRS Report 97-392 SPR. 6 p. December 24, 1997.Medical Records Confidentiality, coordinated by Irene Stith-Coleman. CRS Issue Brief 98002. 15 p. (Updated Regularly)Next Generation Internet, by Glenn J. McLoughlin. CRS Report 97-521 STM. 6 p. April 22, 1998.Online Service Provider Copyright Liability: Analysis and Discussion of H.R. 2180 and S. 1146, by Dorothy Schrader. CRS Report 97-950 A. 15 p. April 14, 1998.Protecting Privacy on the Internet: A Summary of Legislative Proposals, by Angela Choy, Marcia Smith, and Jane Bortnick Griffith. CRS Report 97-1061 STM. 6 p. December 19, 1997.Restrictions on Minor's Access to Material on theInternet, by Henry Cohen. CRS Report 98-328 A. 6 p. April 3, 1998.Telemarketing Fraud: New Rules to Protect Consumers, by Bruce Mulock. CRS Report 96-196 E. 6 p. March 4, 1996.Welcome to Cyberia: An Internet Overview, by Rita Tehan. CRS Report 97-544 C. 18 p. May 12, 1997.World Intellectual Property Organization Copyright Treaty: An Overview, by Dorothy Schrader. CRS Report 97-444 A. 24 p. April 14, 1998.
ENDNOTES1. The OSP provisions of H.R. 2281 originated in H.R.2180, that itself was superseded by H.R. 3209. They weremerged into H.R. 2281 during markup by the HouseJudiciary Committee on April 1, 1998. END OF FILE
