News From the States
This online newsletter is a product of NCSL's Communications
and Information Policy Committee.
Summer 2002
Communications and Information Policy Committee (CIP)
Update & Sign-Off
CIP Committee Program in Denver, Colorado --
NCSL Annual Meeting, July 23- 27, 2002
In Denver, the Committee held a variety of policy sessions on information
technology and telecommunications and sponsored two training sessions.
Handouts from the meeting, links to related resources and speakers' e-mail
are available from the Committee
web site.
In the opening session on Intelligent
Transportation Systems, held jointly with the AFI Transportation
Committee, speakers provided examples of ways to enhance public safety
and improve transportation management through the use of information technology.
Next speakers from health care and industry explored ways of Using
IT to Improve Health Care Quality & Timeliness. In a joint
session with the National Association of Legislative Information Technology
(NALIT) Staff Section, Show
Me the Money, panelists discussed strategies to evaluate technology
spending proposals and measure return on technology investments. The
CyberSchools:
Virtual Education for the 21st Century program highlighted
several states' approaches to the development of cyberschools and provided
discussion about the legal and policy ramifications of this new learning
environment. The9-1-1
program provided an overview of the development of 9-1-1 systems and identified
current issues facing industry, government 9-1-1 managers, and state policymakers.
Concurrent sessions sponsored by the committee included one on Protection
vs. Privacy in which speakers explored the trade-off between
increased surveillance, including deployment of new technologies in the
war against terrorism, and the privacy protections to which Americans are
accustomed. Distinguised panelists debated current law, court cases and
other developments in the session, The
Electronic Trail: Perils of Policymakers and Private Citizens, which
focused on privacy and access issues related to electronic mail and use
of the Internet.
Lastly, the Committee co-sponsored two training sessions, one on how
to use Power Point to make dynamic presentations, Power Presentations
101. The second session session, Web Site Consultations, designed
for state legislators, provided one-on-one expert advice on creating and
managing effective web pages.
- submitted by Jo
Anne Bourquard
New NCSL Committee Created
The CIP Committee held its last meeting during the NCSL Annual Meeting
in Denver, Colorado, July 23 - 27, 2002. At its meeting on May 4, 2002,
the NCSL Executive Committee voted to merge the Assembly on Federal Issues
(AFI) committees and the Assembly on State Issues (ASI) committees into
a single set of 15 committees. These committees will consider both federal
and state issues and develop lobbying positions for NCSL. The new committee
that will address information technology and telecommunications issues
will be called Communications,
Technology and Interstate Commerce.
Legislative staff will participate in the committees as they do currently
on the ASI committees; however, only legislators will vote on the policy
resolutions. The new committee structure will be referred to as the Standing
Committees of the National Conference of State Legislatures. The meetings
will be referred to as the Fall Forum and the Spring Forum of the National
Conference of State Legislatures. The first meeting
of the new committees will be in Washington, DC, December 11-13, 2002.
For questions about the new committe, contact NCSL committee staff, Jo
Anne Bourquard (Denver) or Neal
Osten (Washington, DC)
- submitted by Jo
Anne Bourquard
Crime and Terrorism
States Update Laws on Electronic Surveillance
& Wiretapping
In today's need for heightened security, electronic surveillance is an
invaluable tool in America's arsenal to fight crime and inhibit terrorist
activity. While delicately treading the line between safety concerns and
civil liberties, states have gradually been adding to or amending their
electronic surveillance laws.
Over half the states introduced electronic surveillance legislation
during the 2001-02 sessions. At least nine states updated their
laws directly through their respective homeland security and anti-terrorism
bills. Of these states, seven-- Arizona, Georgia, Louisiana, Maryland,
New Jersey, South Carolina and Virginia-- passed the legislation, with
New Jersey's bill aptly named A.B. 911. Two of the nine bills--Arizona's
(signed into law in May) and Hawaii's--specifically conform to the federal
USA PATRIOT Act.
At least six other states--Connecticut, Florida, Idaho, Ohio, Oklahoma
and Pennsylvania-- passed laws related to electronic surveillance. Acts
in Florida, Connecticut and Ohio expand the definition of crimes
for which surveillance is allowed by law enforcement. Similarly, Idaho
defines "electronic communications" and makes the unlawful interception
of electronic communications a felony. Oklahoma allows for court orders
for pen registers (devices that monitor numbers dialed from a telephone
line) and trace devices (that identify the originating number). Pennsylvania
passed measures that update its retention of intercepted recordings and
expand the crimes for which a wiretap may be granted.
Most of the other legislation states considered either expanded the
definition of crimes that allow electronic surveillance or changed the
procedure for law enforcement obtaining a permit. A few states--California,
Florida, Georgia, Illinois, Maryland, Minnesota, New York and South Carolina--proposed
legislation to amend the types of communications that can be tapped. Several
states, such as Colorado, Idaho and Pennsylvania, increased the penalties
for unauthorized interception of communication. At least four states--Massachusetts,
South Carolina, Tennessee and Vermont--altered their "consent" statute.
And legislation in Illinois, Massachusetts, Minnesota and Pennsylvania
addressed workplace surveillance.
NCSL maintains a web
site that monitors laws and legislation--check it out for updates and
news on electronic surveillance.
- submitted by Janna
Goodwin
Developments in Identity Theft Law
New identity theft legislation, in many instances, enhances existing laws.
California now requires businesses to stop using Social Security numbers
for employee identification cards, health plans and other types of IDs.
Social Security numbers can no longer be printed on bank statements and
other mailed documents. Colorado prohibits processing of identity theft
credit report entries and expedites judicial determinations. Hawaii
makes identity theft a felony and deceptive use of fictitious identity
a misdemeanor. Illinois and Pennsylvania make a person convicted
of identity theft civilly liable to the victim. Victims can recover
court costs, attorney fees, and actual damages. Montana now has graduated
sentences, depending on the seriousness of an identity theft crime.
The Personal Identity Defense Act in Nebraska amends provisions on deception
and unauthorized use of a financial transaction device and provides penalties,
civil recourse and restitution. A commission in New Jersey recommends
changes in Department of Motor Vehicle customer service technology to improve
security and reduce identity theft. North Carolina automatically
expunges the criminal record of an individual wrongfully charged with identity
fraud. Alabama created the Consumer Identity Protection Act that
provides for civil damages and actions to clear a victim's credit history.
New Mexico created a theft of identity criminal offense and prescribed
penalties. Virginia addressed restitution and attorney general assistance
to obtain data and correct errors in credit reports.
- submitted by Rita
Thaemert
Laws to Address the Threat of Cyber Attacks
In the 21st Century, reliance on information technology has
never been greater, and the use of computers and the Internet has never
been stronger. This demanding dependence on technology, however, does require
necessary safeguards to protect critical infrastructures from malicious--and
sometimes even life-threatening--cyber attacks, commonly known as "cyberterrorism."
Cyber attacks come in two categories: one against data, the other on
control systems. The first type attempts to steal or corrupt data and deny
services. The majority of computer assaults have fallen into this category,
such as credit card theft, Internet vandalism and denial-of-service (DOS)
attack.
Control-system attacks attempt to disable or overpower operations used
to maintain physical infrastructures, such as systems that regulate water
supplies, electrical transmission networks and railroads. While remote
access to control systems previously required an attacker to dial in via
a modem, these operations increasingly use the world wide web to transmit
data or are connected to a company's local network--a firewall-protected
system that sometimes can be penetrated.
During the 2001-02 legislative sessions, at least 16 states introduced
bills that would strengthen IT security. Kansas, for example, enacted a
law that provides background checks on all employees with access to sensitive
data; Minnesota introduced a similar bill. Florida signed into law a bill
that allows law enforcement to investigate attacks on protected computers;
defines "protected computers" as those owned by a financial institution
or government agency. Michigan passed a bill that provides penalties for
the use of the Internet or telecommunication system or device to disrupt
critical infrastructures or government operations. South Carolina's Omnibus
Terrorism Protection and Homeland Defense Act, passed in July criminalizes
unleashing viruses and other irritant programs into computer systems. And
Virginia now defines terrorism to include electronic threats.
Other states introduced measures dealing with cyber security. North
Carolina considered legislation that specifically provides for the adoption
of enterprise-wide security encryption standards for state government information
technology. Montana, New York, South Dakota, Virginia, and Washington introduced
legislation that deals with public records and access limitations. And
several other states such as Oklahoma, Rhode Island and Virginia considered
bills that identify, review and assess security threats to state government
computer systems.
Cyber attacks may be inevitable, but states are realizing that the biggest
defense against cyberterrorism is preparation.
NCSL is tracking state cyber crime and security legislation here.
- submitted by Janna
Goodwin
Telecommunications
The Future of 9-1-1 Services
The first call on 911 was made on February 16, 1968, in Haleyville, Alabama.
Basic 911 service is now offered in virtually every community. Telephone
companies are currently required to maintain a subscriber database listing
every assigned telephone number, name and address and billing information
for every subscriber. In a majority of states, 911 operators are provided
guidelines and offered training in the procedures for responding to these
calls.
However, currently not all areas of the country are served by a universal
911 telephone number system. And, owners of wireless telephones and multi-line
telephone systems do not always receive the same level of service as traditional
residential telephones. This is because the transmission of the caller
location and the telephone number are not always sent to the public safety
answering point. Enhanced 911 (or E 911) is an advanced emergency telephone
system that automatically provides selective routing to the closest public
safety answering point. State legislatures addressed a variety of these
and other E 911 issues in 2002.
At least 28 states, the Virgin Islands and Washington, D.C. provide
E 911 funding programs. For example, Nebraska's law (L.B.
585) imposes a 5-cent monthly fee on wireless service subscribers
and establishes a system where 911 dispatch centers and wireless carriers
can fund the equipment necessary to identify and locate wireless telephone
calls. And, at least eight states passed E911 legislation in 2002.
For handouts and presentations from "The Changing Landscape of 9-1-1"
session presented at the 2002 NCSL Annual Meeting held in Denver, Colorado,
please visit: http://www.ncsl.org/programs/lis/CIP/CIPCOMM/am02.htm.
- submitted by Bob
Boerner
The Wireless Adult
According to a recent study (from Scarborough Research – http://www.scarborough.com/scarb2002/press/pr_cellphone.htm),
almost two-thirds of American adults now own a cellular telephone. This
represents a 29 percent growth of ownership over the past two years. Houston,
Texas leads the nation where 74 percent of adults own a cellular telephone.
Other cities with a high concentration of ownership include Atlanta, Georgia
(73 percent), Honolulu, Hawaii (70 percent), Miami, Florida (69 percent)
and Dallas, Texas (69 percent). Ranking on the low end with the least percentage
of wireless adults are Buffalo, New York (45 percent) and Charleston, West
Virginia (39 percent). The study reveals that most wireless adults are
female (52 percent), age 25-54 (64 percent), married (59 percent) and over
a quarter (27 percent) of cellular households have two or more children.
Seventy-one percent own their own home and are 26 percent more likely than
the average adult to have a household income of $75,000 or more.
Over 250 wireless telephone measures were considered in America’s state
legislatures in 2002. And with the growth in usage of wireless services,
wireless telephone issues will continue to be a growing public policy
area.
For additional information, including laws and Internet links, on this
topic and other telecommunications topics, please visit http://www.ncsl.org/programs/lis/cip/telcomhome.htm.
- submitted by Bob
Boerner
Privacy
Financial Privacy: North Dakota Voters Opt
for 'Opt-In'
The federal enactment Gramm-Leach-Bliley provides an "opt-out" standard
for sharing information regarding consumers. In other words, financial
institutions are allowed to share a consumer's non-personal financial information
unless the consumer makes a request otherwise.
Since 1985, North Dakota had been an "opt-in" state, which required
customers to grant permission to financial institutions to share or sell
their information with other companies. Following the enactment of Gramm-Leach-Bliley,
the North Dakota Legislative Assembly passed S.B. 2191, which changed North
Dakota to an "opt-out" state, more in line with Gramm-Leach-Bliley. The
measure was referred to the voters as a statewide referendum. A "yes" vote
on the referendum was a vote in favor of the "opt-out" standard as set
by S.B. 2191, and a "no" vote favored repeal of S.B. 2191 and a return
to the more restrictive "opt-in" standard. On June 11th, 73
percent of the voters voted "no" on the referendum, thus repealing the
"opt-out" standard. North Dakota voters were the first to make their own
choice regarding financial privacy.
- submitted by Heather
Morton
Privacy Made Easy?
At least 40 states have privacy policies governing state Web sites, and
several states enacted statutes requiring agencies to establish privacy
policies for Web sites. This year, Virginia became the first state to formally
encourage state and local government agencies to adopt a Web site privacy
system called the Platform for Privacy
Preferences (P3P).
P3P is a system that lets Internet users know the privacy practices
of the Web sites they visit. P3P is a kind of labeling system, except that
the labeling is read and interpreted automatically by software on the user's
computer. Internet users often find it difficult to locate and read through
privacy policies for every site they visit. In addition, policies are not
always written clearly so that users know how the site will deal with collected
information.
Several companies have developed P3P software and are making it available
free or are incorporating it into browser software. For example, Microsoft's
Internet Explorer 6 includes P3P features. To use P3P, the user must first
determine how much information they are willing to have collected or shared
by answering a series of multiple choice questions, which they enter on
their computer. Web sites also must adopt P3P and apply the labels to their
sites. The software then checks and compares the information from both
and can issue a warning when Web site policies do not match the user's
preferences.
P3P is a voluntary system, and its usefulness depends on how widely
it is adopted. The World Wide Web Consortium (W3C),
a group that issues Web standards and develops interoperable technologies,
has endorsed P3P as a standard. However, some privacy advocates actively
oppose P3P, including the Electronic
Privacy Information Center. More information about how P3P works is
available from the P3P Toolbox.
- submitted by Pam Greenberg
Privacy for Internet Users: Minnesota Opts
In
Minnesota earlier this year enacted legislation requiring Internet Service
Providers to keep information concerning their subscribers private, unless
the subscriber gives permission to disclose the information. While Nevada
had passed similar legislation in 1999, the Minnesota bill had tough opposition
from industry groups who say the measure may hurt e-commerce in the state.
Both the Nevada and Minnesota laws prohibit disclosure of personally identifying
information. Minnesota also prohibits ISPs from disclosing information
about the Internet or online sites that their customers visit.
Minnesota Statutes 325M.01-.09 (2002
S.F. 2908, Chapter 395)
-
Prohibits Internet service providers from disclosing personally identifiable
information, including a consumer's physical or electronic address or telephone
number; Internet or online sites visited; or any of the contents of a consumer's
data storage devices.
-
Provides for certain circumstances under which information must be disclosed,
such as to a grand jury; to a state or federal law enforcement officer
acting as authorized by law; pursuant to a court order or court action.
-
Provides for civil damages of $500 or actual damages and attorney fees
for violation of the law.
Nevada Revised Statutes 205.498
(1999)
-
Internet service providers must keep confidential all information about
subscribers, other than e-mail address, unless the subscriber gives permission
to disclose the information.
-
If requested by subscribers, in writing or by e-mail, Internet service
providers must also keep subscriber e-mail addresses confidential.
-
Internet service providers must give notice of the above requirements to
each of its subscribers, including a "conspicuous statement" that subscribers
may request to have their e-mail addresses kept confidential.
-
Violations of the law are punishable by a fine of $50 to $500 per violation.
- submitted by Pam Greenberg
Education Technology
Cyber Charter Schools
About a dozen states have authorized cyber charter schools for K-12 and
higher education, providing greater opportunities for students to learn
in an environment not limited by time or location. Education experts and
state policymakers discussed the development of cyber charter schools,
identified key policy issues raised by this new approach, and outlined
potential approaches in the program, CyberSchools:
Virtual Education for the 21st Century, during the NCSL Annual Meeting
in Denver, July 2002.
Court challenges to cyber charter schools in Pennsylvania have
received attention around the country. Cyber charter school development
in Pennsylvania began with the passage of the state's charter school law
in 1997, which allowed the creation of regional charter schools and authorized
universities to sponsor charter schools in multiple districts. Ron
Cowell, president, Education Policy &
Leadership Center, explained that cyber charter schools developed,
enrolling students from across the state. But, when charter schools
began sending bills to the school district where students lived, many local
school districts refused to pay costs for cyber students. Nearly a dozen
lawsuits challenging the legality of cyber charter schools were filed.
In 2002, Pennsylvania passed legislation
to specifically define requirements for cyber charter schools. Under
the new law, cyber charter schools must be approved by more than one district.
And, the Department of Education will consider applications and renewals
for cyber charter schools.
Eric Premack, co-director, Charter
Schools Development Center, California State University, California
explained that the narrow definition of cyber education is "students interacting
with instructional materials and instructional staff in an electronic environment."
The charter school law fueled the fire for the 'independent study' systems
where most cyber initiatives traditionally fell. Currently, one-third of
California's charter schools offer some form of independent or cyber education
program. But, according to Premack, this new kind of learning environment
can be frustrating for policymakers to regulate as it does not fit easily
with traditional funding systems. The result in California, he notes, is
a heavy regulatory and paperwork burden for these kinds of programs. To
help cyber education reach its full potential, Premack recommends creating
an oversight entity that is independent of both school districts and the
normal state bureaucracy.
Colorado's cyber charter school, the Colorado
Virtual Academy (COVA), is affiliated with K12, a cyber school organization
founded by William Bennett that has associates with a number of nationally
recognized educators. COVA has 90 public and private school teachers working
on curriculum development. Colorado Representative
Don Lee explained that funding and accountability are the most debated
issues in cyber education, raising numerous difficult questions, such as:
How much per-pupil funding should be provided? Should it be based on the
funding level from the district where the student lives? The average funding
level in the state or some other level? And, some local school districts
may also be worried that cyber education is taking away necessary money
from general education programs. Districts are concerned with ensuring
school system accountability and verification practices. How do educators
know the student is the one actually doing the work or taking the test?
Representative Don Lee recommended revising existing laws and policies,
written with bricks and mortar schools in mind, to reflect the virtual
reality posed by this new approach to education.
- submitted by Steve
Smith & Jo Anne Bourquard
 |
