Skip to Page Content
 Home  |  Contact Us  |  Press Room  |  Site Overview  |  Help  |  Login  |  Register
Add to MyNCSL

News from the States

This online newsletter is a product of NCSL's Communications, Technology and Interstate Commerce Committee
Spring 2004 edition
In this Issue:
Committee Update
IT Outsourcing Update
Exposing Software Spies
States in the Vanguard with New Privacy Laws
Video Piracy
Cyber Attacks Continue, But Financial Losses Are Down
Identity Theft Update -- Just the FACTs ma'am
New Report on Digital Government
Camera Telephones - A New Invasion of Privacy?
Cell Phone Signals Can Be Deadly
E.T., Phone Home, from Your Computer
click here for past issues.
Committee Update

The Communications, Technology and Interstate Commerce Committee will hold its next meeting in Washington, DC during the NCSL Spring Forum, April 29 - May 1, 2004. The Committee will start its meeting with a tour and briefing at the Federal Communications Commission and the AT&T Innovations Center on Thursday morning, April 29th. The agenda includes programs on taxing and regulating new technologies, universal services, rural telecommunications, Internet privacy, Super Digital Millennium Copyright Acts, and E-pharmacies. See the Spring Forum web site for registration and meeting information. To sign-up for the FCC and AT&T tours, contact Committee staff, Jo Anne Bourquard in Denver. For information about state-federal policy issues addressed by the Committee, contact Committee staff, Neal Osten in Washington, DC.
 

Information Technology & Internet

IT Outsourcing Update

In 2004 sessions, at least 31 states have introduced legislation prohibiting state agencies from using information technology workers based offshore. The fiscal pressure on states has created clashing policy priorities for state legislators -- administrative savings versus in-state job creation. Is it better to save tax dollars by purchasing services more cheaply or to ensure that jobs and tax revenues stay in the United States?

Several states, Colorado, New York and West Virginia, have introduced legislation restricting companies from state contracts and governmental grants and loans if they send any jobs, state or private, overseas. Colorado introduced a bill that would exempt the state from any trade agreements it had signed. And Indiana and Virginia have introduced legislation offering preference to in-state or in-country companies that bid on state contracts. To date, no offshore outsourcing legislation has passed into law. (Submitted by Justin Marks)

Exposing Software Spies

In March 2004, Utah became the first state to enact legislation (H.B. 323) targeting spyware--software that can track or collect Web users' online activities or personal information or change settings or cause advertising messages to popup on users' computer screens. Web users are often unaware that spyware has been downloaded to their computers, and it can be very difficult or almost impossible to remove.

Spyware legislation has been introduced in at least three other states in 2004, including California (A.B. 2787, S.B. 1436, S.B. 1530), Iowa (S.F. 2200) and Virginia (H.B. 1304).

The Center for Democracy and Technology (CDT) has taken an active role in the policy debate about the issues raised by spyware. The group testified about proposed federal legislation (S. 2145--the SPY BLOCK Act), before the U.S. Senate Committee on Commerce, Science and Transportation and has opposed state legislation on spyware. The CDT has expressed concerns about adequately defining the term spyware in legislation and believes that a complete solution will require a combination of better enforcement of existing laws, anti-spyware technologies, self-regulatory policies, and possibly new legislation.

On April 19, 2004, the Federal Trade Commission will host a public workshop, "Monitoring Software on Your PC: Spyware, Adware, and Other Software." The workshop will address, among other things, possible responses to spyware concerns, including a discussion of what consumers, government, and industry have been doing and intend to do, by themselves or together, to address the harms associated with spyware. (Submitted by Pam Greenberg)

States in the Vanguard with New Privacy Laws

Two recently enacted California privacy laws may have widespread impact on companies that do business online. California's Online Privacy Protection Act (2003 A.B. 68, Chap. 829), enacted in October 2003 and effective July 1, 2004, is the first state law to require Web site operators that collect personally identifiable information from California residents to post a privacy policy and to comply with that policy. Personally identifiable information includes first and last name, home and email addresses, telephone number, Social Security number, and other identifiers that would allow a customer to be contacted.

The bill requires that the Web site privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service. Policies also must identify third parties with whom the operator may share information.

A new Nebraska law (2003 L.B. 118) does not require Web sites to post privacy policies, but for those that do, it prohibits knowingly making a false or misleading statement regarding the use of personal information in a Web site or published privacy policy.

Another California law (2003 S.B. 27, Chap. 505), while not specifically targeted at online businesses, requires all non-financial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with a third party for direct marketing purposes. As an alternative, businesses may post a privacy statement giving customers the opportunity to opt-out of information sharing at no cost.  (Submitted by Pam Greenberg)

Video Piracy

Searches and patting downs at the airport have become expected, but at the movie theater? In March, Ohio joins California, Pennsylvania, New York, Wisconsin and Washington DC in combating digital piracy by banning cameras and other recording devices such as image-capturing cell phones in theaters and movie houses. Ohio's new law allows movie theaters the right to detain people suspected of videotaping movies, just as department stores can confine suspected shoplifters. In 2004 sessions, at least ten states have introduced legislation to prohibit recordings in movie theatres, and a measure passed by the Washington legislature is currently awaiting the Governor's signature. The Motion Picture Association of America, which supports the legislation, claims it lost $3.5 billion due to digital piracy of motion pictures last year. Opponents of the legislation, however, contend the laws are written too broadly and ignore the traditional "fair use" copying of small portions of a movie for personal or educational use.

NCSL is tracking similar legislation on its Web site. (Submitted by Janna Goodwin)

Cyber Attacks Continue, But Financial Losses Are Down

The Computer Security Institute (CSI) released the results of its 2003 Computer Crime and Security Survey which is conducted with the participation of the Federal Bureau of Investigation (FBI). The survey reported that the number of computer crime incidents remained about the same as in 2002, but the overall economic loss notably decreased, with losses due to financial fraud down by 90 percent. Theft of proprietary information was reported as being responsible for the most financial loss, while denial of service attacks came in second.

Insider attacks and system abuse were the top crimes reported, followed by virus infections. More than half the respondents said that their Web site (as opposed to their network) was not attacked in the past year, but a surprising 22 percent reported that they didn't even know whether they had been attacked. The high incidence of virus attacks reported was significant, as 99 percent of the companies surveyed reported using antivirus software and 98 percent also reported using firewalls. The CSI report can be downloaded at http://gocsi.com/

In 2003, states enacted fewer measures that addressed computer crimes than in 2002. These new laws primarily amended existing statutes with updated definitions or created stiffer penalties. The enactments focused on electronic surveillance, computer systems security, illegal access to networks, child solicitation, Super Digital Millennium Copyright Acts, and electronic harassment and stalking.(Submitted by Janna Goodwin)

Identity Theft Update -- Just the FACTs ma'am

Signed into law on December 4, 2003, the Fair and Accurate Credit Transactions Act (FACT Act), Public Law 108-159, changed the state and federal relationship on protecting consumers from identity theft.

The FACT Act makes permanent the preemption of state laws as described in the Fair Credit Reporting Act. The seven areas were scheduled to sunset January 1, 2004, if Congress had not acted to make them permanent. The areas include determining what information may be included in consumer reports, setting the procedures when consumers dispute the accuracy of information contained in consumer reports, and prescribing the exchange of information between affiliated financial institutions.

The FACT goes further to set national uniform standards for nine specific identity theft prevention and mitigation provisions:

  • Authorizes fraud alerts be placed on consumer files for 90 days if requested by the consumer;
  • Requires credit bureaus to block fraudulent information in a consumer's file when the consumer provides an identity theft report filed with a law enforcement agency;
  • Requires debt collectors, when notified that a debt is fraudulent, to notify the company holding the debt and provide the consumer a notice of consumer rights in debt collection;
  • Prohibits no more than the five digits of a credit card or debit card number from being printed on receipts;
  • Requires the Federal Trade Commission (FTC), National Credit Union Administration (NCUA) and the other banking regulators to create procedures for identifying ID theft patterns and practices, such as "red flag" guidelines;
  • Authorizes consumers to request that their Social Security numbers not be printed in consumer reports mailed to them;
  • Requires the FTC to develop a model for a "summary of rights" to be given to consumers when they contact consumer reporting agencies;
  • Requires the credit bureaus to create and maintain procedures for referring consumer ID theft complaints; and
  • Authorizes victims to request copies of records from companies that provided credit to an ID thief
The FACT Act also allows consumers to request one free consumer report annually. Although states are preempted in the nine specific areas listed above, they are free to act on issues not mentioned in the FACT Act. These include use of Social Security numbers, database hacking alerts, criminal penalties for identity theft crimes, requirements for law enforcement agencies to take police reports and the destruction of customer records. (Submitted by Heather Morton)

New Report on Digital Government

The National Association of State Chief Information Officers (NASCIO) released a new 600+ page report which provides information on state IT organizational structures, budgeting, digital government trends and initiatives. Detailed 50-state information is provided. The report indicates that although the demand for online services and round the clock access to information remains strong, IT initiatives must now demonstrate a clear return on investment. States are recognizing the importance of common standards and shared solutions as well as the importance of centralized IT oversight. The 2003-04 NASCIO Compendium of Digital Government in the States is available for purchase through NASCIO. (Submitted by Jo Anne Bourquard)
 

Telecommunications


Camera Telephones - A New Invasion of Privacy?

Cellular telephones with photographic capabilities have prompted state lawmakers to consider regulating their use and banning them from certain places. For example, an Iowa bill considered in January 2004 would make it a misdemeanor punishable by a $100 fine to use a cellular telephone with the camera feature in dressing rooms, locker rooms, or other public places where people disrobe, even if the cellular telephone user does not use the camera. Only a handful of other states - - California, Hawaii, South Carolina, Maryland and Michigan - - have introduced regulatory measures in the state legislatures in 2003 and 2004. However, this topic is certain to receive attention from privacy experts and from representatives of the telecommunications industry in the months ahead. (Submitted by Bob Boerner)

Cell Phone Signals Can Be Deadly

Cellular telephone interference with law enforcement and police officials can be costly. For example, Denver, Colorado police officers were recently unable to send or receive a signal from their colleagues when chasing a suspect. They had entered a "dead spot," a place where public-safety radios cannot get a signal because they are drowned out by interference from consumer cellular telephones. The good news is that there are no known cases where an officer was killed or injured because of the interference. The bad news is that some radio frequencies allotted for public safety use are mixed in with the frequencies designated for commercial use. City officials in Denver have identified twenty-four of these "dead spots." The telecommunications industry is currently debating how to best eliminate this problem. One solution is to adjust the strength of broadcast signals. Another solution is to initiate a large spectrum swap. The Federal Communications Commission is to select from one of these two solutions in the near future. (Submitted by Bob Boerner)

E.T., Phone Home, from Your Computer

Like something out of a science fiction movie - making calls over the Internet is becoming a reality. In 2003, the State of Florida chose not to regulate telecommunications services offered over the Internet - - Voice over Internet Protocol (VoIP). The Florida Legislature (S.B. 654) passed a measure finding unregulated Voice over Internet Protocol is in the public interest. Virginia lawmakers introduced a measure (S.B. 673) in 2004 that excludes VoIP from regulation by the State Corporation Commission. This is in sharp contrast to several other states. In February, 2004, the California Public Utilities Commission determined that VoIP services that enable communications with the traditional telephone network are public utilities and are subject to regulation under the commission's jurisdiction. And, Illinois, Missouri, New York, Ohio, Pennsylvania, Utah and Wisconsin recently considered the possible application of telephone regulations to VoIP providers. The debate over whether these services are best classified as telephone services, and therefore can be regulated by a state public utility commission, or are Internet services, and are not to be regulated, is likely to continue in 2004. (Submitted by Bob Boerner)
Telecommunications & Information Technology

Communications, Technology and Interstate Commerce Committee

Denver Office: Tel: 303-364-7700 | Fax: 303-364-7800 | 7700 East First Place | Denver, CO 80230 | Map
Washington Office: Tel: 202-624-5400 | Fax: 202-737-1069 | 444 North Capitol Street, N.W., Suite 515 | Washington, D.C. 20001