• Mission & Governance
• Services Overview
• How to Get Involved
• Standing Committees
• NCSL Foundation

• Issue Areas: A-Z
• State-Federal Relations
• NCSL Standing Committees
• News from D.C. and the States

• About State Legislatures
• Elections, Campaigns & Redistricting
• NCSL's StateConnect Directory
• Web Sites

• Online Guide to NCSL Services
• Staff Sections and Networks
• Meetings & Professional Development
• Staff Directories

• Meetings Calendar
• Online Registration
• Meetings Home Page
• Legislative Summit

• Bookstore
• State Legislatures Magazine
• NCSL's StateConnect Directory

News From the States

Fall 2001

CONTENTS

COMMITTEE NEWS

Communications and Information Policy Committee Meets December 5-7, 2001 in Washington, DC

The Communications and Information Policy Committee (CIP) will hold its Winter meeting in Washington, DC, December 5-7, 2001. The primary focus at this joint AFI/ASI meeting of NCSL's 18 committees and task forces will be security and public safety. Tom Ridge, Director of the new Homeland Security Office, will provide the plenary address, and various other programs will examine state efforts to step up security.

Building on this theme, the CIP Committee will highlight new technologies used to combat crime and examine state approaches to protecting critical IT infrastructure. In addition, the committee will address the privacy ramifications of increased security measures, digital divide, telecommunications de-regulation, best practices in designing and managing legislator web pages, and e-privacy.

The committee web pages at http://www.ncsl.org/programs/lis/CIP/CIPCOMM/COMMHOME.HTM will provide updated information about the agenda. For registration and housing information, see http://www.ncsl.org/public/afiasi01.htm

If you have questions about the CIP program, contact committee staff, Jo Anne Bourquard, 303-364-7700, extension 151, jo.anne.bourquard@ncsl.org.

New Rules for Wiretapping

The events of September 11, 2001 shook the entire nation and changed forever the concept of "national security." Following the tragedies, a Harris Interactive poll showed that Americans strongly support giving law enforcement agencies new power to tap into private electronic communications. And, just over one-half, 54 percent, supported expanded government monitoring of cellular telephone conversations and electronic mail.

On October 26, 2001, President Bush signed the USA PATRIOT Act. The act updates information gathering and surveillance techniques that dated to the 1960s, coordinates between foreign intelligence and counter-terrorism investigations and criminal justice investigations, and changes criminal law in the area of terrorism.

State legislatures are currently considering anti-terrorism legislation that would expand the authority of investigators to track telephone and Internet activities of suspected terrorists. On September 17, 2001, the New York State Senate passed a bill that authorizes eavesdropping warrants providing for "roving" wiretap or oral intercept orders. The measure also allows law enforcement agencies to react promptly to counter-surveillance measures by eliminating the need to obtain separate warrants for each new location or instrument. The New York Assembly is now considering the bill. Arkansas (SB 855), Maryland (SB 310), and Oklahoma (HB 1393) passed wiretapping legislation prior to September 11. More states are likely to consider the issue in 2002.

For a review of wiretapping and electronic surveillance laws, see NCSL's Electronic Surveillance Laws webpage.

- submitted by Bob Boerner

State governments are planning to create a national information-sharing center to boost network security and protect information technology infrastructures that belong to the states. The initiative is a collaborative effort by the National Association of State Chief Information Officers (NASCIO), the National Governors Association (NGA) and the Partnership for Critical Infrastructure Security.

The Sept. 11 attacks on New York, Pennsylvania and Washington have required all levels of government to rethink their network security and defend their infrastructures. In this atmosphere, state officials responsible for making certain systems operate safely are making security one of their chief priorities.

The information-sharing center would record and report security breaches across state IT enterprises, provide early warnings to other states of network breaches and offer patches to repair violated systems. Communication will be critical to the process by providing feedback on security products. It would also stimulate research and development and potentially generate pilot projects that would expedite development of next-generation security measures.

NASCIO is developing guidelines that would form the basis of its recommendations on a coordinated security strategy. The center would serve as a central site from which state technology offices would interact with technology companies that provide solutions and support to the government.

Those leading the initiative said states might need to revise access to public information laws. States may also have to review sunshine laws that mandate public access to sensitive information so it does not fall into the wrong hands.

- submitted by Janna Goodwin

The vision for an integrated criminal justice information system is grand, and yet basic. It is a system in which criminal justice personnel have, within minutes, each piece of information needed to make informed decisions. Planning for integration also addresses who can obtain what data, with built-in security and privacy safeguards.

The public, and even some elected officials, may assume that in the information age such a system already exists. But pertinent data like outstanding warrants, protective orders, child support orders, sexual offender registration requirements and the status of probation and drug treatment are often maintained in disparate databases by different agencies, often at different levels of government.

In at least 31 states, integration efforts are under way to pull this information together. Yet to date, none are fully operational. The greatest benefits to integration - an improved justice system and enhanced public safety - are hard to quantify. Other, easier-to-see benefits are things like more accurate information and better efficiency in capturing and sharing data. Once information is placed in an integrated system, it doesn't need to be entered again. This saves redundant labor costs and duplicate entries that often results in errors. Records can then be shared electronically with fewer transmission costs and without the time lags of pushing paper.

Convincing state agencies and local governments to scrap their current infrastructure means they need funds to help them update and integrate. Federal money has contributed substantially to state efforts - covering about two-thirds of the costs to date in some states that have made significant advances in integration.

Congress passed the Crime Identification Technology ACT in 1999, which authorized assistance to states to establish or upgrade criminal justice information systems. For fiscal year 2002, Congress has appropriated $175 million to the effort. Federal funds may also be used to support state and local participation in national databases managed by the Federal Bureau of Investigation, such as the National Instant Check System, Combined DNA Information System, and the Interstate Identification Index system.

The Office of Justice Programs has overseen the federal initiative in recent years to encourage and support integration of state and local criminal justice information. Grant programs ranging from Byrne Formula Grants to the National Criminal History Improvement Program to the technology program under Community Oriented Policing Services have contributed more than $800 million per year to state efforts.

NCSL has a project with the Bureau of Justice Assistance  to provide information and assistance to state legislatures on integration of criminal
justice information systems. For more information, contact Blake Harrison blake.harrison@ncsl.org or Donna Lyons donna.lyons@ncsl.org in NCSL's Denver office, 303-364-7700.

- submitted by Blake Harrison

The FBI teamed up with industry experts to formulate a list of the 20 most important Internet security vulnerabilities.

Acting as a resource to disclose which security holes of common platforms should be prioritized, the list covers general vulnerabilities, as well as bugs specifically affecting Windows and Unix. This is expanded from a previous chart, which covered only 10 vulnerabilities. The latest version expands and updates that list, which is now over a year old.

System administrators have reported they had not corrected many known security flaws because they simply did not know which vulnerabilities were most dangerous.

The list, compiled with the help of the System Administration, Networking, and Security (SANS) Institute, is valuable because the majority of successful hack attacks can be traced back to exploiting problems highlighted by its list.

- submitted by Janna Goodwin

A new California law is designed to help prevent identity theft. S.B. 168, spnsored by Senator Debra Bowen, requires that businesses stop using Social Security numbers for health plan and employer identification cards and other types of IDs. Social Security numbers should no longer be printed on bank statements and other mailed documents. Under the new law, California citizens can freeze access to their credit reports, and credit bureaus must develop a personal identification numbering system so individuals can choose when to release credit report data. Consumer requests can be submitted in writing or by phone, and credit bureau compliance is required within five business days of a request.

Some other state legislatures recently acted on identity theft. Alabama (S.B.144) creates the Consumer Identity Protection Act that provides for civil damages and for action to clear a victim's credit history. New Mexico (H.B.317) creates a new theft of identity criminal offense and prescribes penalties. North Carolina (S.B.262) provides for automatic expungement of a criminal record for an individual wrongfully charged with identity fraud. Virginia (H.B.2824) addresses restitution and Attorney General assistance to obtain data and correct errors in credit reports. Washington (S.B.5449) provides for release of data to identity theft victims and requires law enforcement to comply with victim requests.

- submitted by Rita Thaemert

State Web Site Privacy Policies

State lawmakers concerned about the privacy practices of commercial web sites are making sure that government web sites will lead by example. At least six states have enacted legislation requiring state agency web sites to include a privacy statement and notice as to how information gathered by the site will be collected and used. In 2001, this type of legislation was passed by three states -- Arizona, Montana, and Texas. Arizona's H.B. 2043 requires that privacy policies must indicate the services provided by the web site, information about how transactions are processed, whom will have access to information provided by the web site visitor, and security measures in place on the site. Montana passed H.B. 281, prohibiting government web sites from collecting personal information unless notice is given regarding how the information will be protected and providing contact information for the web site operator. If personal information is to be shared with other entities for other purposes, the law also requires the user's permission before the information is collected. Texas's H.B. 2589 requires state web sites disclose policies indicating how they will protect personal information submitted by visitors to the web site. The law also requires confidentiality of e-mail addresses provided by users communicating with a governmental body.

Other states that passed legislation requiring state agencies to post web site privacy policies include Maryland (2000 S.B. 199), Nevada (1999 S.B. 485) and Virginia (1999 H.B. 2152 and 2000 H.B. 513 ).

Many other states have established web site privacy policies, even without legislation mandating them. A December 2000 report, Privacy Policies -- Are You Prepared? A Guidebook for State and Local Government, by the Electronic Commerce Coordinating Council, lists states with web site privacy policies. And state legislatures also are posting privacy polices on web sites, including those in Connecticut, Delaware, Florida, Indiana, Kansas, Michigan, and the New York Senate.

- submitted by Pam Greenberg

Concluding work begun in June 1999, the Judicial Conference of the United States adopted policies that govern the electronic availability of federal court case file information and the workplace use of the Internet by judges and court employees. The Judicial Conference of the United States is the principal policy-making body for the federal court system.

After soliciting public comments and convening public hearings, the Conference announced the policy adoptions on September 19, 2001. Documents in civil cases (except Social Security cases) and bankruptcy cases will be electronically available to the same extent they are available at courthouses. Personal data identifiers such as Social Security numbers, dates of birth, financial account numbers and names of minor children will be modified or partially redacted.

The Conference recommended that the Bankruptcy Code should be amended to establish privacy and security concerns as a basis for the sealing of a document. Further, they recommended the Bankruptcy Code and Rules should be amended to allow the court to collect a debtor's full Social Security number, but only display the last four digits on court documents. Remote electronic access to the case documents will be available only through the PACERNet system, which requires registration with the PACER service center and the use of a log-in and password. Appellate case files will be treated at the appellate level the same way in which they are treated at the lower court level. Electronic access will not be available to criminal case documents; however, the Conference will reexamine this policy within the next two years.

Regarding Internet use, the Conference required each federal court to adopt a "model use" policy that would prohibit downloading music, pornography, or "any personal use that could cause congestion, delay or disruption of service to any government system or equipment." Each court has the authority to impose or maintain more restrictive policies. Access to file-sharing and Web gaming sites, such as Gnutella, Napster, Glacier and Quake, will be blocked. The ultimate means of policing and enforcing the Internet use policies are left up to the individual courts.

To access the full report on privacy and public access to electronic case files, go to http://www.uscourts.gov/Press_Releases/att81501.pdf. To access the full report on court automation and technology, go to http://www.uscourts.gov/Press_Releases/jccsumreport.pdf.
 

- submitted by Heather Morton

The privacy issue is enormous and often complicated, and a number of states have opted to deal with its many facets through task forces, commissions and study groups. More than ten states over the past three years created offices or committees to study or manage privacy.

• Alabama (Year S.J.R.80) to examine the impact on privacy of recent technology advances
• Arizona (H.B.2639) creates an Internet study committee that looks at privacy and other issues
• California (S.B.129) establishes the Office of Privacy within the Department of Consumer Affairs
• Colorado (H.B.1395) to study privacy and information policy issues and to recommend legislation and administrative policies
• Florida (S.B.1334) creates a Task Force on Privacy and Technology
• Illinois (H.B.2696) establishes the Advisory Commission on Internet Privacy
• Maine (L.D.1681) creates a commission to probe public concern about government collection of personal information
• Maryland (S.B.371) originates an Advisory Council on Medical Privacy and Confidentiality
• Maryland (H.B.14) creates an Electronic Transaction Education, Advocacy, and Mediation Unit in the Office of the Attorney General
• New Hampshire (H.B.1589) to protect personal information privacy and protect the public from unlawful electronic transactions
• New Hampshire also established two separate committees (H.B.1589), one to study insurance policy access to genetic and health information test results and the other to study the need for privacy protections of customer information in the financial services industry
• Oregon (S.B.104) establishes an Advisory Committee on Privacy of Medical Information and Records
• South Carolina (H.B.3509) creates a joint legislative study committee on personal information privacy
• Tennessee (H.B.1328) requests a study of e-mail use and government information (and privacy)
• Virginia (H.J.R.789) to study protection of records, documents and cases filed in the Commonwealth's courts
• Wisconsin Executive Order 14 creates a Governor's Task Force on Privacy.

• California -- Senate Committee on Privacy
• Minnesota -- Senate Judiciary Subcommittee on Data Privacy
• New York -- Senate Majority Task Force on Privacy Invasion

• Colorado --Secretary of State's Information Policy Task Force
• Massachusetts -- task force under the Lt. Governor's office
• Washington -- Attorney General's Consumer Privacy Task Force
• Wisconsin -- Governor's Task Force on Privacy.

- submitted by Rita Thaemert

Alabama Creates a "Digital Divide" Study Committee

The Alabama House of Representatives recently passed HJR 217 that creates the Alabama Digital Divide Coalition Study Committee. The committee is responsible for studying effective means of closing the gap between the "haves" and "have-nots" in Alabama's public schools. According to the Progressive Policy Institute's State New Economy Index, Alabama currently ranks 48^th in the nation for technology in the schools, with a score of 0.75, while the U.S. average score is 2.00. And, a recent Alabama Department of Education report states that in 1999-2000 there was an average ratio of seven students per instructional computer in Alabama classrooms. The report recommends an average of five students to one computer. The committee is to report to the Governor and the Legislature by the 10^th day of the 2002 Regular Session.

Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Illinois, Iowa, Kansas, Maine, Massachusetts, Minnesota, New Jersey, North Carolina, Pennsylvania, Texas, and Virginia also considered "digital divide" legislation during the 2001 legislative sessions. Florida considered four related measures and Illinois considered three related measures.

- submitted by Bob Boerner and Pam Greenberg

This term the US Supreme Court will hear several telecommunications cases that have the potential to significantly impact telecommunications policy in the states. The ten lawsuits have been broadly consolidated into three sets of cases. One set challenges the accounting methods used by the federal government in setting rates for rival local telephone companies that rely on the equipment and networks of the Regional Bell Operating Companies (RBOCs). A second set deals with the differences in regulation between telephone and cable services. And, the third set should resolve the question of whether federal courts have the authority to review the decisions of state utility regulators.

See, for example, Verizon Communications vs. FCC, et al., FCC, et al. vs. Iowa Utilities Bd., et al., AT&T Corp. vs. Iowa Utilities Bd., et al., and Gen. Communications, Inc. vs. Iowa Utilities Bd. (available at: http://www4.law.cornell.edu/php/zoral_arg_calendar.php3?begin=20011001&end=2002063010/16/2001)

- submitted by Bob Boerner

The MyNewJersey portal lets state and local government officials share documents, communicate ideas and keep up with statewide news. Now employees from the Information Technology Office and Local Government Services Division have created a subportal to keep the state government in touch with 566 municipalities.

The GovConnect project will allow state agencies to deliver services electronically to local government, as opposed to paper-based. Government officials can also see what similar employees in other municipalities are doing.

Started in 1997, GovConnect received $1.8 million in funding over the past two years and is one of four planned subsections of the state portal. Government-to-employee, government-to-citizen and government-to-business sections will be added or expanded.

GovConnect will have three sections:

• A news repository with new laws and local finance notices

 
• A document library to post questions or comments to a general audience

 
• A document library and message board for officials with jobs across the state.

- submitted by Janna Goodwin