- Spyware - Spam - Online Privacy - Age Verification

- Security Breach - Phishing - E-Signs/Postmarks

Spyware:

Spyware is a catch-all term for computer programs that can track computer users' movements online. Spyware is a serious problem that can create substantial privacy risks, increase the risk of identity theft, and cause serious degradation to personal and business computers that can cost millions of dollars in lost productivity.  AeA has created a checklist that legislators can follow to create good Spyware legislation; specifically it should contain:

• State Attorney Generals should have the sole enforcement ability. No private rights of action

• Intentionally deceptive standard

• Regulate bad actors and practices while not impeding e-commerce and technology
• Caps on damages
• Define Personally Identifiable Information as a combination of:

a.       The first name or first initial in combination with the last name

b.      A home or other physical address including street name,

c.       Personal identification code in conjunction with a password required to access an identified account,  

d.      Social security number, tax identification number, driver's license number, passport number, or any other government-issued identification number, or

e.       Account balance, overdraft history, or payment history that personally identifies an owner or operator of a computer.

Spam

We believe that both states and the federal government can work to protect consumers, and make the Internet a safe place to work and play.  Further, legislation should contemplate online service providers, whose email servers are constantly bombarded with Spam, to the detriment of its customers.  AeA has created a checklist that legislators can follow to create good Spam legislation; specifically, it should:

• Ban false or misleading headers;
• Identify the email message as an advertisement in the subject line;
• Allow consumers to opt-out of receiving subsequent commercial email;
• Protect pre-existing business relationships;
• Prevent the harvesting of consumer email addresses;

Online Privacy
AeA believes that in order to promote consumer confidence – and thus encourage e-commerce – a three-pronged plan needs to be put into action.

• Strong non-discriminatory, federal preemption legislation needs to be adopted, so as to set a uniform national standard to ensure consumer privacy;
• States should be discouraged from passing laws or regulations that unnecessarily obstructs interstate commerce; and
• Online businesses, vendors, and government alike all need to respect individuals' privacy.

Age Verification

We believe that there is no single solution for best protecting children online. Rather online safety requires a multi-faceted approach involving ever evolving technology, public education and partnerships with law enforcement and other groups to keep the Internet safe for children.  As a result, AeA opposes age verification for the following reasons:

• To date there is no proven mechanism for age verification for users under the age of 18.
• Providing credit card, social security, or driver licenses information raises significant privacy and security issues, including legal issues that have not yet been addressed. 
• State Age Verification Laws create potential constitutional Supremacy and Commerce Clause conflicts with the establishment of Communication Decency Act of 1996. 
• There are already technical solutions in place that help parents and children make sure their experiences on the Internet are fun and safe (parental controls)
• AeA supports providing new and more effective tools for law enforcement
• AeA supports increasing penalties for child predators
• AeA supports creating new innovative ways to increase the awareness of parents and children to the dangers that currently exist online. 

Data Security/ ID Theft (Security Breach):

Protecting consumers against identity theft is a top priority on a number of legislative agendas, especially that of the high-tech industry. Doing it correctly means instilling confidence in E-commerce, thus helping our national economy. AeA has created a checklist to help guide policy-makers when crafting legislation that requires notifying consumers of a security breach that could lead to a significant risk of identity theft or harm to a consumer.

• Notification should occur when there is a significant risk of identity theft or harm
• Businesses should send notice within the ordinary course of business
• Disclosure should be made in the most expedient time possible allowing for measures necessary to determine the scope of the breach, to restore the integrity of the system, and is consistent with the legitimate needs of law enforcement 
• Personal Information should be defined similarly to the Spyware definition
• State’s Attorneys General should have the sole enforcement ability. No private rights of action.
• Safe Harbor Exceptions

Phishing

Phishing is an act or acts that defraud someone by using a false web site or pretending to be a legitimate business on the Web and fraudulently obtaining identifying information.  AeA has created a checklist that legislators can follow to create good Phishing legislation; specifically, it should:

·        The Definition of Personally Identifiable Information should comport with the definition in the spyware section   

·        The individuals who must provide notice under the bill should be limited to entities that “Own or License” the personal information

·        The bill should permit entities to notify consumers of security breaches through E-Mail

·        The bill should provide flexibility to entities in the methodologies employed to protect personal information

·        There must be a focus on criminal intent within this legislation

·        Legislation must assert that the State Attorney General has sole enforcement authority

Alan Vazquez
Manager & Counsel, Domestic Policy
601 Pennsylvania Ave, NW
Suite 600, North Building
Washington, DC 20004
P: 202.682.4439
F: 202.682.9111
alan_vazquez@aeanet.org

This page was last updated on 05/18/07.  
Copyright © 2006 American Electronics Association.  All rights reserved.