Order Code 98-67 STM
CRS Report for Congress
Received through the CRS Web
Internet: An Overview of
Key Technology Policy Issues
Affecting Its Use and Growth
Updated January 31, 2001
Marcia S. Smith, John D. Moteff, Lennard G. Kruger,
Glenn J. McLoughlin, and Jeffrey W. Seifert
Resources, Science, and Industry Division
Congressional Research Service ˜ The Library of Congress
Internet: An Overview of Key Technology Policy Issues
Affecting Its Use and Growth
Summary
The growth of the Internet may be affected by a number of issues being debated
by the 107th Congress. This report summarizes several key technology policy issues
under consideration.
1. Individuals and businesses considering whether to use the Internet are
increasingly concerned about Internet privacy, particularly the privacy of personally
identifiable information collected by Web site operators. Congress is debating whether
industry self-regulation will solve these problems, or if legislation is needed.
2. Concerns about computer security are prevalent both in the government and
private sectors. Concerns have also been raised about the vulnerability of the nation’s
critical infrastructures (e.g. electrical power supply) to cyber attacks. Issues for the
107th Congress include oversight and improvement of the protection of federal
computer systems and cooperation with and between the private sectors.
3. Broadband Internet access gives users the ability to send and receive data
at speeds far greater than current Internet access over traditional telephone lines.
With deployment of broadband technologies beginning to accelerate, Congress is
seeking to ensure fair competition and timely broadband deployment to all sectors and
geographical locations of American society.
4. Since the mid-1990s, commercial transactions on the Internet—called
electronic commerce (e-commerce)—have grown substantially. Among the many
issues facing congressional policymakers are encryption procedures to protect e-
commerce transactions, whether the 3-year tax moratorium on domestic e-commerce
taxation should expire or be extended, and how the policies of the European Union
(EU) and World Trade Organization (WTO) may affect U.S. e-commerce activities.
5. Unsolicited commercial electronic mail (UCE), or “junk e-mail” or “spam,”
aggravates many computer users because it is a nuisance and the cost may be passed
on to consumers through higher charges from Internet service providers who must
upgrade their systems to handle the traffic. Proponents of UCE insist it is a legitimate
marketing technique and protected by the First Amendment.
6. The administration and governance of the Internet's domain name system
(DNS) is currently under transition from federal to private sector control. The 107th
Congress is likely to examine how the Department of Commerce is managing and
overseeing this transition in order to ensure competition and promote fairness among
all Internet constituencies.
7. The growing role of the Internet in the political economy of the United States
will likely attract attention in the 107th Congress. Three major themes may
characterize legislative activity and interest: Internet infrastructure development,
resource management, and the provision of online services by the government (called
“e-government”).
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Internet Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Collection of Data by Web Site Operators and Fair Information Practices . 2
Commercial Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Federal Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Monitoring of E-Mail and Web Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Consumer Identity Theft and Protecting Social Security Numbers . . . . . . . 4
Computer Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Broadband Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Open Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Easing Restrictions and Requirements on Incumbent Telephone Companies
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Federal Assistance for Broadband Deployment . . . . . . . . . . . . . . . . . 10
Electronic Commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
The E-Commerce Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
The Clinton Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Issues for the Bush Administration and the 107th Congress . . . . . . . . . . . . 13
Protection and Security Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
E-Commerce Taxation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
The EU and WTO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Unsolicited Commercial Electronic Mail (“Junk E-Mail” or “Spam”) . . . . . . . . 15
Internet Domain Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Government Information Technology Management
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Internet Infrastructure and National Policy . . . . . . . . . . . . . . . . . . . . . . . . 20
Information Technology R&D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Information Resource Management—The Role of a Federal CIO . . . . . . . 21
Provision of Online Services (E-government) . . . . . . . . . . . . . . . . . . . . . . 23
Appendix A: Legislation in the 107th Congress . . . . . . . . . . . . . . . . . . . . . . . . . 25
Internet Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Broadband Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Junk E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Appendix B: List of Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Appendix C: Legislation Passed by the 105thand 106th Congresses . . . . . . . . . 28
Appendix D: Related CRS Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Internet: An Overview of Key Technology
Policy Issues Affecting Its Use and Growth
Introduction
The continued growth of the Internet for personal, government, and business
purposes may be affected by a number of issues being debated by Congress. Among
them are Internet privacy, computer security, access to broadband (high-speed)
services, electronic commerce (e-commerce), unsolicited commercial electronic mail
(“junk e-mail” or “spam”), Internet domain names, and government information
technology management. Lists of pending legislation, acronyms, related legislation
passed in the 105th and 106th Congresses, and other CRS reports that provide more
detail on the issues, are included as appendices.
Internet Privacy1
Internet privacy issues encompass a range of concerns that the Internet makes
it easier for governmental and private sector entities to obtain information about
consumers and possibly use that information to the consumers’ detriment. The two
major issues today are the extent to which Web site operators collect personally
identifiable information and share that information with third parties, and whether law
enforcement entities or employers are monitoring electronic mail (e-mail) and Web
surfing activities. Although not an Internet privacy issue per se, consumer identity
theft often arises in the Internet privacy context because of the perception that Social
Security numbers and credit card numbers are more readily accessible because of the
Internet.
More than 30 bills in the 106th Congress addressed such Internet privacy issues
in whole or in part.2 The only legislation that cleared Congress and was signed into
law, however, were amendments to the FY2001 Transportation Appropriations Act
(P.L. 106-346) and the FY2001 Treasury-General Government Appropriations
(including in the Consolidated Appropriations Act, P.L. 106-554) addressing the use
of “cookies”on certain federal agency Web sites. The 107th Congress is expected to
continue to have a strong interest in Internet privacy issues. Medical records privacy
and financial records privacy are not Internet privacy issues. For information on those
topics, see CRS Report RS20500, Medical Records Privacy: Questions and Answers
1 CRS Report RS20035, Internet Privacy—Protecting Personal Information: Overview and Pending
Legislation, by Marcia S. Smith, provides an overview of Internet privacy issues and tracks pending
legislation. It is updated more frequently than this report. CRS Report RL30784, Internet Privacy:
An Analysis of Technology and Policy Issues, by Marcia S. Smith, provides more comprehensive
analysis of the issues involved in this debate.
2 For a list of the 106th Congress Internet privacy bills, see Appendix B of CRS Report RL30784,
Internet Privacy: An Analysis of Technology and Policy Issues.
CRS-2
on the December 2000 Federal Regulation, and CRS Report RS20185, Privacy
Protection for Customer Financial Information, respectively.
Collection of Data by Web Site Operators and Fair Information
Practices
Perhaps the most often discussed Internet privacy issue is whether commercial
Web sites should be required to adhere to four “fair information practices” proposed
by the Federal Trade Commission (FTC): providing notice to users of their
information practices before collecting personal information, allowing users choice
as to whether and how personal information is used, allowing users access to data
collected and the ability to contest its accuracy, and ensuring security of the
information from unauthorized use. In particular, the question is whether industry
can be relied upon to regulate itself, or if legislation is needed to protect consumer
privacy. Questions also have arisen about whether federal government Web sites
should have to adhere to such practices. CRS Report RL30784, Internet Privacy:
An Analysis of Technology and Policy Issues, provides more detailed information on
fair information practices in the Internet context.
Commercial Web Sites. The FTC has been very active on Internet privacy
issues for several years. Based on a series of surveys of commercial Web sites each
year since 1997, the FTC has issued reports and made recommendations about
whether legislation is needed to protect consumer privacy on the Web. Although the
FTC and the Clinton Administration favored self regulation, in 1998, frustrated at
industry’s slow pace, the FTC announced that it would seek legislation protecting
children’s privacy on the Internet by requiring parental permission before a Web site
could request information about a child under 13. The Children’s Online Privacy
Protection Act (COPPA, part of P.L. 105-277) was enacted four months later.
In 1999, the FTC concluded that further legislation was not needed at that time
for children or adults, but reversed its decision in 2000 when another survey indicated
that industry still was not self regulating to the desired extent. The FTC voted 3-2 to
propose legislation that would allow it to establish regulations requiring Web site
operators to follow the four fair information practices. The close vote underscored
the controversial nature of the FTC’s reversal of position, which was further
illuminated at a Senate Commerce Committee hearing on May 25, 2000.
The Internet industry has taken steps to demonstrate that it can self regulate. One
example is the formation of the Online Privacy Alliance (OPA), a group of more than
80 companies and associations in the Internet business. OPA developed a set of
privacy guidelines and its members are required to adopt a privacy policy, post it on
their site(s), and implement the policy. Another is the establishment of “seals” for
Web sites by the Better Business Bureau, TRUSTe, and WebTrust. To display a seal
from one of those organizations, a Web site operator must agree to abide by certain
privacy principles (some of which are based on the OPA guidelines), a complaint
resolution process, and to being monitored for compliance. Advocates of self
regulation argue that these seal programs demonstrate industry’s ability to police
itself. Advocates of further legislation argue that while the seal programs are useful,
they do not carry the weight of law, limiting remedies for consumers whose privacy
has been violated. They also point out that while a site may disclose its privacy
policy, that does not necessarily equate to having a policy that protects privacy.
CRS-3
Federal Web Sites. Until the summer of 2000, attention was focused on
privacy issues associated with commercial Web sites. That changed in June 2000,
however, when controversy erupted over the privacy of visitors to government Web
sites. Dubbed “Cookiegate” in the press, the issue concerned federal agencies’ use
of computer “cookies”(small text files placed on users’ computers when they access
a particular Web site) to track activity at their Web sites. Federal agencies had been
directed by President Clinton and the Office of Management and Budget (OMB) to
ensure that their information collection practices adhere to the Privacy Act of 1974.
In June 2000, however, the Clinton White House announced that it had just learned
that contractors for the Office of National Drug Control Policy (ONDCP) had been
using cookies to collect information about those using ONDCP’s Web site during an
anti-drug campaign wherein users clicking on anti-drug ads on various Web sites were
taken to an ONDCP site. Cookies then were placed on users’ computers to count the
number of users, what ads they clicked on, and what pages they viewed on the
ONDCP site. The White House directed ONDCP to cease using cookies, and OMB
issued a memorandum reminding agencies to post and comply with privacy policies
and detailing the limited circumstances under which agencies should collect personal
information.
Congress reacted to the overall concern about federal agency information
practices on Web sites by adding language concerning such activities by departments
and agencies funded in the FY2001 Treasury-General Government Appropriations
Ac, commonly called the “Treasury-Postal Act.” The language is contained both in
the FY2001 Treasury-Postal Appropriations Act itself, and in the FY2001
Transportation Appropriations Act. Section 501 of the FY2001 Transportation
Appropriations Act (P.L. 106-346) prohibits funds in the FY2001 Treasury-General
Government Appropriations Act from being used by any federal agency to collect,
review, or create aggregate lists that include personally identifiable information (PII)
about an individual’s access to or use of a federal Web site or enter into agreements
with third parties to do so, with exceptions. Section 646 of the FY2001 Treasury-
General Government Appropriations Act, as included in the FY2001 Consolidated
Appropriations Act (P.L. 106-554), requires Inspectors General of agencies or
departments covered in that appropriations act to report to Congress within 60 days
of enactment (which occurred on December 21, 2000) on activities by those agencies
or departments relating to collection of PII about individuals who access any Internet
site of that department or agency, or entering into agreements with third parties to
obtain PII about use of government or non-government Web sites. Although the
language affects only departments and agencies funded under the FY2001 Treasury-
Postal Appropriations Act, Congress may decide to place such language in other
appropriations acts in the future if its concerns are not alleviated. Some argue that
the 1974 Privacy Act, coupled with OMB directives, is sufficient and additional
legislation is not needed, however.
CRS-4
Monitoring of E-Mail and Web Activity
Another Internet privacy storm broke in the summer of 2000 when it became
known that the FBI, with a court order, installs software on Internet Service
Providers’ equipment to intercept e-mail and monitor an individual’s Web activity.
Called Carnivore, the extent to which that software program can differentiate between
e-mail and Web activity involving a subject of an FBI investigation and other people’s
e-mail and Web activity is of considerable debate, with critics claiming that Carnivore
violates the privacy of innocent users. A House Judiciary subcommittee held a
hearing on Carnivore on July 24, 2000. Legislation that would have, inter alia,
required law enforcement to report on its use of e-mail intercepts was discussed at a
September 6, 2000 Senate Judiciary hearing. No legislation cleared the 106th
Congress, however. The 107th Congress is expected to further examine FBI activities
in monitoring e-mail and Web activities, especially the use of Carnivore or its
successors.
An emerging issue is whether employers should be required to notify their
employees if e-mail or other computer-based activities are monitored. While many
agree that employers should be able to monitor the use of equipment they own by
individuals they employ, the question is whether employees must be notified first.
Consumer Identity Theft and Protecting Social Security
Numbers
The widespread use of computers for storing and transmitting information is
thought by some to be contributing to consumer identity theft, in which one individual
assumes the identity of another using personal information such as credit card and
Social Security numbers. Government agencies report sharply increasing numbers of
consumer identity theft cases, but whether the Internet is responsible is debatable.
Some attribute the rise instead to carelessness by businesses in handling personally
identifiable information, and by credit issuers that grant credit without proper checks.
The FTC has a toll free number (877-ID-THEFT) to help victims of identity theft.
Although not related directly to whether Social Security numbers are more
accessible because of the Internet, it should be noted that the 105th Congress passed
the Identity Theft and Assumption Deterrence Act (P.L. 105-318). That Act sets
penalties for persons who knowingly, and with the intent to commit unlawful
activities, possess, transfer, or use one or more means of identification not legally
issued for use to that person. Also, the 106th Congress passed the Social Security
Number Confidentiality Act (P.L. 106-433, H.R. 3218) which prohibits the display
of SSNs on unopened checks or other Treasury-issued drafts. Furthermore, the 106th
Congress passed the Internet False Identification Act (P.L. 106-578), which updates
existing law against selling or distributing false IDs to include those sold or distributed
through computer files, templates, and disks.
Two bills have been introduced in the 107th Congress: H.R. 91 (Frelinghuysen),
the Social Security Online Privacy Protection Act, and H.R. 220 (Paul), the Identity
Theft Protection Act.
CRS-5
Computer Security
As use of the Internet grows, so has concern about security of and on the
Internet. Widespread media attention to recent security-related incidents (such as the
distributed denial of service attacks against Yahoo, eBay, and other major on-line
sites in February 2000 or the worldwide spread of the Love Bug virus) represent the
tip of the iceberg. Every day, persons do, or try to, gain access to someone else’s
computer without authorization to read, copy, modify, or destroy the information
contained within. These persons range from juveniles, to disgruntled (ex)employees,
to criminals, to competitors, to politically or socially motivated groups, to agents of
foreign governments.
The extent of the problem is unknown. Not every person or company whose
computer system has been compromised reports it either to the media or to
authorities. Sometimes the victim judges the incident not to be worth the trouble.
Sometimes the victim may judge that the adverse publicity would be worse.
Sometimes the affected parties don’t even know their systems have been
compromised.
There is some evidence to suggest, however, that the number of affected people
is increasing. According to the Computer Emergency Response Team (CERT) at
Carnegie-Mellon University, the number of incidents reported to it has grown every
year since its establishment— growing from 132 incidents in 1989 to 9,859 incidents
in 1999. In just the first half of 2000, 8,836 incidents were reported. The Computer
Security Institute (CSI), in cooperation with the Federal Bureau of Investigation
(FBI), has conducted an annual survey since 1996. For those responding to the
question of whether they have experienced unauthorized use of their computer
systems in the last 12 months, the percentage answering yes has risen from 42% in
1996 to 70% in 2000.3
The impact on society from the unauthorized access or use of computers is also
unknown. Again, some victims may choose not to report losses. In many cases, it
is difficult or impossible to quantify the losses. But, social losses are not zero. Trust
in one’s system may be reduced. Proprietary and/or customer information (including
credit card numbers) may be compromised. Any unwanted code must be found and
removed. The veracity of the system’s data must be checked and restored if
necessary. Money may be stolen from accounts or extorted from the victim. If
disruptions occur, sales may be lost. If adverse publicity occurs, future sales may be
lost and stock prices may be affected. Estimates of the overall financial losses due to
unauthorized access vary and their reliability is untested. Estimates typically range in
the billions of dollars per major event like the Love Bug virus or the denial-of-service
attacks in February 2000. Estimates of losses internationally range up to the tens of
billions of dollars. The reliability of these estimates is a matter of some debate. Those
able and willing to estimate financial losses in the 2000 CSI/FBI survey estimated a
total of $266 million in losses in previous 12 months.4
3 The CSI/FBI survey is not a scientific sampling of the nation’s computer systems. Surveys are sent
to computer security practitioners in U.S. corporations and government agencies. In 2000, 643
surveys were sent out. In 2000, 585 respondents answered the question about unauthorized use.
4 74% of the survey respondents acknowledged financial losses; 42% of them could quantify those
losses.
CRS-6
Aside from the losses discussed above, there is also growing concern that
unauthorized access to computer systems could pose an overall national security risk
should they result in the disruption of the nation’s critical infrastructures (e.g.
transportation systems, banking and finance, electric power generation and
distribution). These infrastructures rely increasingly on computer networks to
operate, and are themselves linked by computer and communication networks. To
address this concern, President Clinton issued a Presidential Decision Directive (PDD-
63) in May 1998. PDD-63 set as a national goal the ability to protect critical
infrastructures from intentional attacks (both physical and cyber) by 2003. It set up
organizational and operational structures within the federal government to help
achieve this goal and calls for a coordinated effort to engage the private sector. See
CRS Report RL30153, Critical Infrastructures: Background and Early
Implementation of PDD-63).
As a deterrent, the federal computer fraud and abuse statute, 18 U.S.C. 1030,
makes it a federal crime to gain unauthorized access to federal government
computers, to be exposed to certain information contained on government computers,
to damage or threaten to damage federal computers, bank computers, or computers
used in interstate commerce, to traffic in passwords for these computers, to commit
fraud from these computers, or from accessing a computer to commit espionage.
The statute also provides for penalties. For more information on this statute, see CRS
Report 97-1025, Computer Fraud and Abuse: An Overview of 18 U.S.C. 1030 and
Related Federal Criminal Laws. Most states also have laws against computer fraud
and abuse. Many experts believe these statutes are sufficient to prosecute most if not
all unauthorized access incidents that have occurred to date. Even so, a number of
bills were introduced in the second session of the 106th Congress to increase the
federal penalties associated with these crimes. While many experts agree that the
statutes are sufficient for prosecution, many also suggest that the ability to follow the
electronic trail of a hacker across jurisdictional lines is procedurally difficult. Some
of the same bills introduced last Congress to address penalties also sought to apply
or modify current trap and trace rules to trail perpetrators on-line.
At the international level, the 41-country Council of Europe is negotiating a
treaty to facilitate tracking cyber criminal across national boundaries. The latest draft
of the treaty was released in December 2000. A discussion of the draft can be found
on the Council’s web page [http://conventions.coe.int/treaty/EN/cadreprojets.htm].
There is also some debate within the international community about what to do about
computer intrusions by government agents. For example, whether such acts would
be considered acts of war. For more information regarding this issue see CRS Report
RL30735, Cyberwarfare.
The federal government is required to protect sensitive information on its own
computers. The Computer Security Act of 1987 authorizes the National Institute of
Standards and Technology (NIST) to develop standards to be used by agencies to
protect non-national security oriented computers (the National Security Agency does
the same for classified information and national security systems) and requires
agencies to develop and implement security programs and plan to protect the
information on their computers. The Paperwork Reduction Act of 1995 gives OMB
the responsibility to oversee the development and implementation of computer
security standards, programs, and plans. OMB offers agencies guidance on how to
meet their requirements with OMB Circular A-130, Appendix III.
The General Accounting Office (GAO) has found that federal agencies are not
consistently good at protecting certain computer systems (typically those used in
CRS-7
financial management).5 GAO has concluded that part of the problem is that there is
not a strong government wide oversight. As part of the FY2001 Defense
Authorization Act (P.L. 106-398), Congress passed the Federal Information Security
Reform Act. The Act puts into statute much of OMB Circular A-130 guidance. It
also strengthens oversight by requiring agencies to have independent reviews of their
security programs and plans annually and to report the results of those reviews to
OMB. In turn, OMB is to report to Congress on the results.
The security of private computer systems varies. Some industries have been at
the forefront of security (e.g. banking and finance), while others are just now
appreciating the threat to and vulnerabilities of their systems. The market for
computer and Internet security is large and growing. The CSI/FBI survey cites a
1999 International Data Corporation (IDC) estimate that the security software
industry will grow from $2 billion to $7.4 billion by 2003 and the security hardware
market will grow from $500 million to $1.9 billion by 2003. According to
Redherring.com (Picking the Locks on the Internet Security Market,
[www.Redherring.com], July 24, 2000), the security services market is expected to
grow from $7 billion to $14 billion by 2003. Operating systems and applications
developers are paying greater attention to designing better security into their
products. But still, it is common to have vulnerabilities found in products after they
have been put on the market. There are as yet no set industry standards for how
secure an industry’s systems should be or for assessing how secure they are in fact.
However, there is a push by the major accounting houses and liability firms to make
corporate leaders and boards more accountable for their firms information assets. The
federal government, in cooperation with a number of other countries, has developed
a set of International Common Criteria for Information Technology Security
Evaluation, to allow certified laboratories to test security products and rate their level
of security for government use. These criteria may evolve into industry standards for
certifying security products.
Also, in response to PDD-63 some of the sectors that operate critical
infrastructures have formed Information Sharing and Analysis Centers (ISACs) and
across sectors they have formed the Partnership for Critical Infrastructure Security.
A number of issues will confront the 107th Congress during its first session.
Congress will continue to oversee agencies’ performance in meeting their obligations
under the Computer Security Act, OMB Circular A-130 and now the Federal
Information Security Reform Act. Also, Congress may wish to inquire about the
Bush Administration’s intentions to reaffirm or modify President Clinton’s policies
and structures regarding critical infrastructure protection. Congress may also revisit
procedures and penalties associated with investigating and prosecuting computer
crimes. Finally, Congress may face questions about how to strike a balance between
its efforts to promote Internet privacy and Internet security. While one cannot
protect privacy without security, there are some who fear that without proper checks,
efforts to promote security could come at the expense of privacy.
5 U.S. General Accounting Office, Information Security. Serious Weaknesses Place Critical Federal
Operations and Assets at Risk. GAO/AIMD-98-92. Sept. 1998.
CRS-8
Broadband Internet Access6
Broadband Internet access gives users the ability to send and receive data at
speeds far greater than conventional “dial up” Internet access over existing telephone
lines. New broadband technologies—cable modem, digital subscriber line (DSL),
satellite, and fixed wireless Internet—are currently being deployed nationwide by the
private sector. Concerns in Congress have arisen that while the number of new
broadband subscribers continues to grow, the rate of broadband deployment in urban
and high income areas appears to be outpacing deployment in rural and low-income
areas, thereby creating a potential “digital divide” in broadband access. The
Telecommunications Act of 1996 authorizes the Federal Communications
Commission (FCC) to intervene in the telecommunications market if it determines that
broadband is not being deployed to all Americans in a “reasonable and timely
fashion.”
At issue is what, if anything, should be done at the federal level to ensure that
broadband deployment is timely, that industry competes on a level playing field, and
that service is provided to all sectors of American society. Currently, the debate in
Congress centers on three approaches. Those are: 1) compelling cable companies to
provide “open access” to competing Internet Service Providers (ISPs); 2) easing
certain legal restrictions and requirements (imposed by the Telecommunications Act
of 1996) on incumbent telephone companies that provide high-speed data (broadband)
access; and 3) providing federal financial assistance for broadband deployment in rural
and economically disadvantaged areas. Hearings on broadband access in the 106th
Congress were held by a number of congressional committees, including House
Commerce, House Judiciary, Senate Commerce, and Senate Judiciary. No broadband
legislation was enacted during the 106th Congress.
Open Access. Legislation introduced in the 106th Congress sought to
compel cable companies that provide broadband access to give “open access” to all
ISPs. In effect, the legislation would have enabled cable broadband customers to
subscribe to their ISP of choice without first going through their cable provider's ISP.
At issue is whether cable networks should be required to share their lines with, and
give equal treatment to, rival ISPs who wish to sell their services to consumers.
Supporters argue that open access is necessary to prevent cable companies from
creating “closed networks,” limiting access to content, and stifling competition.
Opponents of open access counter that an open access mandate would inhibit the
cable industry's ongoing nationwide investment in broadband technology, and assert
that healthy competition does and will exist in the form of alternate broadband
technologies such as DSL and satellites.
The arguments for and against open access have been heard on the local level,
as cities, counties, and states have taken up the issue of whether to mandate open
access requirements on local cable franchises. In June 1999, a federal judge ruled that
the city of Portland, OR, had the right to require open access to the Tele-
Communications Incorporated (TCI) broadband network as a condition for
transferring its local cable television franchise to AT&T. AT&T appealed the ruling
to the U.S. Court of Appeals for the Ninth Circuit. On June 22, 2000, the Court ruled
in favor of AT&T, thereby reversing the earlier ruling. The court ruled that high-
6 See also CRS Issue Brief IB10045, Broadband Internet Access: Background and Issues, by Lennard
G. Kruger and Angele A. Gilroy, which is updated more frequently than this report.
CRS-9
speed Internet access via a cable modem is defined as a “telecommunications service,”
and not subject to direct regulation by local franchising authorities.
The debate thus moves to the federal level, where many interpret the Court’s
decision as giving the FCC authority to regulate broadband cable services as a
“telecommunications service.” However, the FCC also has the authority not to
regulate if it determines that such action is unnecessary to prevent discrimination and
protect consumers. To date, the FCC has chosen not to mandate open access, citing
the infancy of cable broadband service and the current and future availability of
competitive technologies such as DSL and satellite broadband services. However, in
light of the June 22 court decision, the FCC announced, on June 30, 2000, that it will
conduct a formal proceeding to determine whether or not cable-Internet service
should be regulated as a telecommunications service, and whether the FCC should
mandate open access nationwide. On September 28, 2000, the FCC formally issued
a Notice of Inquiry (NOI) which will explore whether or not the Commission should
require access to cable and other high- speed systems by ISPs.
Meanwhile, recent developments within the cable industry could have an impact
on the open access debate. On January 10, 2000, AOL announced plans to merge
with Time Warner, Inc. Now approved by the federal government, the merger gives
AOL access to the second largest cable television system in the United States, and a
share in Roadrunner, one of the two major cable modem ISPs. On December 14,
2000, the FTC announced its approval of the AOL Time Warner merger with
conditions. Under the terms of the proposed consent order, AOL Time Warner is
required to open its cable systems to competing ISPs, and prohibited from interfering
with the content passed along the bandwidth contracted for by non-affiliated ISPs.
On January 11, 2001, the FCC announced its approval of the merger with additional
conditions intended to promote open access.
Easing Restrictions and Requirements on Incumbent Telephone
Companies. Legislation introduced into the 106th Congress sought to ease certain
legal restrictions and requirements imposed by the Telecommunications Act of 1996
on ILECs (incumbent local exchange companies such as BellSouth or Verizon).
Included among the proposed legislative remedies were allowing Bell operating
companies (BOCs) to offer data services across local access and transport area
(LATA) boundaries, and easing requirements for ILECs to share (via unbundling and
resale) their high speed networks with competing companies.
Those supporting these provisions, primarily the BOCs, claim they are needed
to promote the deployment of broadband services, particularly in rural and
underserved areas. Present regulations contained in the 1996 Telecommunications
Act, they claim, are overly burdensome and discourage needed investment in
broadband services. ILECs, they state, are the only entities likely to provide such
services in low volume rural and other under served areas. Therefore, proponents
state, until present regulations are removed the development and the pace of
deployment of broadband technology and services, particularly in unserved areas, will
be lacking. Furthermore, supporters state, domination of the Internet backbone
market is emerging as a concern and entrance by ILECs (particularly the BOCs) into
this market will ensure that competition will thrive with no single or small group of
providers dominating. Additional concerns that the lifting of restrictions on data
would remove BOC incentives to open up the local loop to gain interLATA relief for
voice services are also unfounded, they state. The demand by consumers for bundled
services and the large and lucrative nature of the long distance voice market will,
CRS-10
according to proponents, provide the necessary incentives for BOCs to seek relief for
interLATA voice services.
Opponents, including long distance companies and non-incumbent local
exchange companies (those competing with the ILECs to provide local service), claim
that lifting such restrictions and requirements will undermine the incentives needed to
ensure that the ILECs will open up their networks to competition. Present
restrictions, opponents claim, were built into the 1996 Telecommunications Act to
help ensure that competition will develop in the provision of telecommunications
services. Modification of these regulations, critics claim, will remove the incentives
needed to open up the “monopoly” in the provision of local services. Competitive
safeguards such as unbundling and resale are necessary, opponents claim, to ensure
that competitors will have access to the “monopoly bottleneck” last mile to the
customer. Therefore, they state, the enactment of this legislation to modify these
regulations will all but stop the growth of competition in the provision of local
telephone service. A major change in existing regulations, opponents claim, would
not only remove the incentives needed to open up the local loop but would likely
result in the financial ruin of providers attempting to offer competition to the ILECs.
As a result, consumers will be hurt, critics claim, since the hoped for benefits of
competition such as increased consumer choice and lower rates will never emerge.
Concern over the inability of regulators to distinguish between the provision of voice
only and data services if such restrictions are lifted has also been expressed.
Opponents also dismiss arguments that BOC entrance into the marketplace is needed
to ensure competition. The marketplace, opponents claim, is a dynamic and growing
one, and concerns over the lack of competition and market dominance are misplaced.
Federal Assistance for Broadband Deployment. The 106th Congress
considered (but did not enact) legislation that would have provided financial support
for broadband deployment, especially in rural and low-income areas. Bills were
introduced into the 106th Congress which sought to provide assistance for broadband
deployment through mechanisms such as: tax credits for investment in broadband
facilities, support from the FCC’s universal service fund, and loans from the Rural
Utilities Service (RUS) of the Department of Agriculture. Broadband tax credit bills
(S. 88, Rockefeller; S. 150, Kerry) have been introduced into the 107th Congress. For
more information on federal assistance for broadband deployment, see CRS Report
RL30719, Broadband and the Digital Divide: Federal Assistance Programs.
Electronic Commerce7
Background
The convergence of computer and telecommunications technologies has
revolutionized how we get, store, retrieve, and share information. Many contend that
this convergence has created the Information Economy, driven by the Internet, and
fueled a surge in U.S. productivity and economic growth. Commercial transactions
on the Internet, whether retail business-to-customer or business-to-business, are
commonly called electronic commerce, or “e-commerce.”
7 See also CRS Report RS20426, Electronic Commerce: An Introduction, by Glenn J. McLoughlin,
which is updated more frequently than this report.
CRS-11
Since the mid-1990s, commercial transactions on the Internet have grown
substantially.8 By 1996, Internet traffic, including e-commerce, was doubling every
100 days. By mid-1997, the U.S. Department of Commerce reported that just over
4 million people were using e-commerce; by the end of 1997, that figure had grown
to over 10 million users. The rate of e-commerce growth continues so rapidly that
projections often are outdated as fast as they are published. One 1998 industry
estimate projected that U.S. retail transactions would reach $7 billion by 2000 — a
figure now widely accepted as having been reached in the year the report came out.
Still, reliable industry sources report huge jumps in e-commerce transactions,
particularly during fourth quarter holiday shopping. It is also important to note that
in 2000, even with an economic slowdown and with many new “dot-com” businesses
no longer in existence, e-commerce continued to grow. The Jupiter Media Group
released a report in January 2001 that states that in 2000, e-commerce grew to $10
billion, compared to $7 billion in 1999, and that during the 2000 holiday season about
36 million consumers purchased on-line and spent an average of $304, both increases
over 1999 numbers.
Internationally, there are issues regarding Internet use and e-commerce growth.
While the western industrialized nations dominate Internet development and use, by
the year 2003 more than half of the material posted on the Internet will be in a
language other than English. This has large ramifications for e-commerce and ease
of transactions, security, and privacy issues. Policymakers, industry leaders,
academicians, and others are concerned that this development will not correlate with
equal access to the Internet for many in developing nations—therefore creating a
global “digital divide.” The United States and Canada represent the largest
percentage of Internet users, at 56.6%. Europe follows with 23.4%. At the end of
1999, of approximately 180 million Internet users worldwide, only 3.1% are in Latin
America, 0.5% are in the Middle East, and 0.6% are in Africa. The Asian Pacific
region has 15.8% of all Internet users; but its rate of growth of Internet use is nearly
twice as fast as the United States and Canada.
The E-Commerce Industry
Even with some concern about accuracy and timeliness of e-commerce statistics,
reliable industry sources report huge jumps in e-commerce transactions, particularly
during fourth quarter holiday shopping. But long-term, industry growth has not been
limited to just holiday shopping. According to a study undertaken by the University
of Texas, the Internet portion of the U.S. economy grew at a compounded rate of
174% from 1995-1998 (the U.S. gross domestic product grew at 2.8% during the
same period), and e-commerce accounted for one-third of that growth. Increasingly,
many firms use “vortals”—vertically integrated portals or gateways that advertise or
provide information on a specific industry or special interest. As a portion of e-
commerce business, vortals provide targeted advertising for e-commerce transactions,
and may grow from 35% of all e-commerce advertising to 57% by 2004. However,
not all firms providing these services are profitable; in fact, most have yet to turn a
profit.
8 For statistics and other data on e-commerce, sources include: [http://www.idc.com],
[http://www.abcnews.go.com], [http://www.forrester.com], [http://earmarketer.com], and
[http://www.cs.cmu.edu]. It is important to note that some measurements of e-commerce, particularly
that data reported in the media, have not been verified.
CRS-12
One of the fastest growing sectors of e-commerce is business-to-business
transactions–what is often called “B2B.” The Forrester Group, a private sector
consulting firm, estimates that by 2003, that sector of the U.S. economy will reach
$1.5 trillion, up from nearly $200 billion in 2000. Business-to-business transactions
between small and medium sized businesses and their suppliers is rapidly growing, as
many of these firms begin to use Internet connections for supply chain management,
after-sales support, and payments.
The Clinton Administration
The Clinton Administration advocated a wide range of policy prescriptions to
encourage e-commerce growth. These included calling on the World Trade
Organization (WTO) to declare the Internet to be a tax-free environment for
delivering both goods and services; recommending that no new tax policies be
imposed on Internet commerce; stating that nations develop a “uniform commercial
code” for electronic commerce; requesting that intellectual property protection—
patents, trademarks, and copyrights—be consistent and enforceable; that nations
adhere to international agreements to protect the security and privacy of Internet
commercial transactions; that governments and businesses cooperate to more fully
develop and expand the Internet infrastructure; and that businesses self-regulate e-
commerce content.
The Clinton Administration’s “The Emerging Digital Economy” (April 1998),
“The Emerging Digital Economy II” (June 1999), “Digital Economy 2000” (June
2000), and “Leadership for the New Millennium, Delivering on Digital Progress and
Prosperity” (January 2001) provided overarching views on domestic and global e-
commerce. These reports provide data on the explosive growth of e-commerce, its
role in global trade and national Gross Domestic Product (GDP), and contributions
that computer and telecommunications technology convergence is making to
productivity gains in the United States and worldwide. The Administration also
argued that the effects that information technologies have had on raising national
productivity, lowering inflation, creating high wage jobs, and contributing up to one-
third of all domestic growth in the 1990s.
Issues for the Bush Administration and the 107th Congress
Since the mid-1990s, Congress also has taken an active interest in the e-
commerce issue. Among many issues, Congress may revisit policies that establish
federal encryption procedures and will likely examine extending or letting expire the
3-year tax moratorium on domestic e-commerce taxation. In addition, congressional
policymakers are looking at the European Union (EU) and WTO policies and
regulations in e-commerce.
Protection and Security Issues. There are a variety of protection and
security issues that affect e-commerce growth and development. Encryption is the
encoding of electronic messages to transfer important information and data, in which
“keys” are needed to unlock or decode the message. Encryption is an important
element of e-commerce security, with the issue of who holds the keys at the core of
the debate. Until 1998, the Clinton Administration promoted the use of strong
(greater than 56 bits) encryption domestically and abroad only if encrypted product
had “key recovery” features in which a “key recovery agent” holds a “spare key” to
decrypt the information. Under this policy, the Clinton Administration tried to use
export control policy to influence companies to develop key recovery encryption
CRS-13
products. There was no control over domestic use of encrypted products, but the
Clinton Administration hoped that companies would not want to develop two sets of
encrypted products, one for the United States and another for the rest of the world.
However, businesses and consumer groups opposed this approach. For many U.S.
businesses, the Clinton Administration export policy had the potential to impede their
efforts to become part of the growing e-commerce global phenomena by forcing them
to create two versions of the same product. Consumer groups opposed government
policies determining who would have access to spare keys.
In September 1999, the Clinton Administration announced plans to further relax
its encryption export policy by allowing export of unlimited key length encryption
products, with some exceptions. The Administration also reduced reporting
requirements for those firms that export encrypted products. The rules for
implementing this policy were issued in September 2000 by the Bureau of Export
Administration in the Department of Commerce. While this new policy appears to
have addressed both industry and consumer concerns, many policymakers in the 107th
Congress will likely maintain a key interest in this issue, both in the way it affects e-
commerce and how the government may use its encryption policy as a form of
government surveillance. (See CRS Issue Brief IB96039, Encryption Technology:
Congressional Issues, for more information.)
In a related area, the 106th Congress considered and passed legislation
establishing standards for transmission and verification of electronic transmissions.
Electronic signatures are a means of verifying the identity of a user of a computer
system to control access to, or to authorize, a transaction. The main congressional
interests in electronic signatures focus on enabling electronic signatures to carry legal
weight in place of written signatures, removing the inconsistencies among state
policies that some fear may retard the growth of e-commerce, and establishing federal
government requirements for use of electronic signatures when filing information
electronically. Neither federal law enforcement nor national security agencies oppose
these objectives, and most U.S. businesses would like a national electronic signatures
standard to further enhance e-commerce. When President Clinton signed into law the
Electronic Signatures in Global and National Commerce Act (P.L. 106-229), the
process of developing a national electronic signature standards was begun. Among
its many provisions, this law also establishes principles for U.S. negotiators to follow
for setting global electronic signatures policies. (See CRS Report RS20344,
Electronic Signatures: Technology Development and Legislative Issues, for more
information.)
E-Commerce Taxation. Congress passed the Internet Tax Freedom Act
on October 21, 1998, as Titles XI and XII of the Omnibus Consolidated and
Emergency Supplemental Appropriations Act of 1999 (P.L. 105-277, 112 Stat 2681).
Among its provisions, the Act imposes a 3-year moratorium on the ability of state and
local governments to levy certain taxes on the Internet; it prohibits taxes on Internet
access, unless such a tax was generally imposed and actually enforced prior to
October 1, 1998; it creates an Advisory Commission on Electronic Commerce
(ACEC), which may make recommendations to Congress on e-commerce taxation in
the United States and abroad; and it opposes regulatory, tariff, and tax barriers to
international e-commerce and asks the President to pursue international agreements
to ban them. (See CRS Report RL30667, Internet Tax Legislation: Distinguishing
Issues, for more information.)
CRS-14
The ACEC made its policy recommendations, after much debate and some
divisiveness, to Congress on April 3, 2000. The ACEC called for, among its
recommendations, extending the domestic Internet tax moratorium for five more
years, through 2006; prohibiting the taxation of digitized goods over the Internet,
regardless of national source; and a continued moratorium on any international tariffs
on electronic transmissions over the Internet. On May 18, 2000, the House of
Representatives passed H.R. 3709, the Internet Nondiscrimination Act, which extends
the domestic tax moratorium for five additional years beyond October 1, 2001. This
legislation was not acted upon in the Senate; the issue is expected to be revisited in
the 107th Congress.
The EU and WTO. While much of the debate on the government’s role in e-
commerce has focused on domestic issues in the United States, two important
players—the EU and the WTO—will likely have an important impact on global e-
commerce policy development. The EU is very active in e-commerce issues. In
some areas there is agreement with U.S. policies, and in some areas there are still
tensions. While the EU as an entity represents a sizable portion of global Internet
commerce, across national boundaries, Internet use and e-commerce potential varies
widely. Supporters state that e-commerce policy should not be set by EU bureaucrats
in Brussels. Therefore, the EU has approached e-commerce with what one observer
has called a “light regulatory touch.” Among contentious issues, the EU has
supported the temporary moratorium on global e-commerce taxes, and supports
making the moratorium permanent. But the EU has taken a different approach than
U.S. policy by treating electronic transmissions (including those that deliver electronic
goods such as software) as services. This position would allow EU countries more
flexibility in imposing trade restrictions, and would allow treating electronic
transmissions—including e-commerce — as services, making them subject to EU
value-added duties. The EU also has taken a different approach to data protection and
privacy, key components for strengthening e-commerce security and maintaining
consumer confidence. Recent EU actions prohibit the transfer of data in and out of
the EU, unless the outside country provides sufficient privacy safeguards. The U.S.
position has been to permit industry self-regulation of data protection and privacy
safeguards. (For more information on the European data directive, see CRS Report
RL30784, Internet Privacy: An Analysis of Technology and Policy Issues.)
The WTO has presented another set of challenges to U.S. policymakers. The
first two WTO ministerial meetings addressed issues that have an impact on e-
commerce. The first WTO Ministerial conference was held in Singapore on
December 9-13, 1996. Among the issues considered by the WTO participants was
an agreement to reduce trade barriers for information technology goods and services.
This issue was considered vital to the development of telecommunications
infrastructure–including the Internet–among developing nations. A majority of
participants signed an agreement to reduce these barriers. At the second WTO
Ministerial conference, held in Geneva on May 18 and 20, 1998, an agreement was
reached by the participating trade ministers to direct the WTO General Council to
develop a work program on electronic commerce and to report on the progress of the
work program, with recommendations, at the next conference. The ministers also
agreed that countries continue the practice of not imposing tariffs on electronic
transmissions. Since then, e-commerce taxation and Internet access issues have been
proposed for future discussion at WTO ministerial meetings. (See CRS Report
RS20319, Telecommunications Services Trade and the WTO Agreement and CRS
Report RS20387, The World Trade Organization (WTO) Seattle Ministerial
Conference).
CRS-15
Unsolicited Commercial Electronic Mail (“Junk E-
Mail” or “Spam”)9
One aspect of increased use of the Internet for electronic mail (e-mail) has been
the advent of unsolicited commercial e-mail (UCE), also called junk e-mail, spam, or
unsolicited bulk e-mail. The Report to the Federal Trade Commission of the Ad-Hoc
Working Group on Unsolicited Commercial Email [http://www.cdt.org/spam]
reviews the issues in this debate.
In 1991, Congress passed the Telephone Consumer Protection Act (P.L. 102-
243) that prohibits, inter alia, unsolicited advertising via facsimile machines, or “junk
fax” (see CRS Report RL30763, Telemarketing: Dealing with Unwanted
Telemarketing Calls). Many question whether there should be an analogous law for
computers, or at least some method for letting a consumer know before opening an
e-mail message whether or not it is unsolicited advertising and to direct the sender to
cease transmission of such messages. At a November 3, 1999 hearing of the House
Commerce telecommunications subcommittee, a representative of SBC Internet
Services, a subsidiary of SBC Communications, Inc., stated that 35% of all the e-mail
transmitted over SBC’s Internet systems in its Pacific Bell and Southwestern Bell
regions is UCE.
Opponents of junk e-mail such as the Coalition Against Unsolicited Commercial
Email (CAUCE) argue that not only is junk e-mail annoying, but its cost is borne by
consumers, not marketers. Consumers are charged higher fees by ISPs that must
invest resources to upgrade equipment to manage the high volume of e-mail, deal with
customer complaints, and mount legal challenges to junk e-mailers. According to the
M a y 4 , 1 9 9 8 i s s u e o f I n t e r n e t W e e k
[http://www.techweb.com/se/directlink.cgi?INW19980504S0003], $2 of each
customer’s monthly bill is attributable to spam. Some want to prevent bulk e-mailers
from sending messages to anyone with whom they do not have an established business
relationship, treating junk e-mail the same way as junk fax. Proponents of unsolicited
commercial e-mail argue that it is a valid method of advertising. The Direct
Marketing Association (DMA), for example, argues that instead of banning
unsolicited commercial e-mail, individuals should be given the opportunity to notify
the sender of the message that they want to be removed from its mailing list—or
“opt-out.” In January 2000, the DMA launched a new service, the E-mail Preference
Service, where any of its members that send UCE must do so through a special Web
site where consumers who wish to “opt out” of receiving such mail can register
themselves [http://www.e-mps.org]. Each DMA member is required to check its list
of intended recipients and delete those consumers who have opted out. While
acknowledging that the service will not stop all spam, the DMA considers it “part of
the overall solution” [http://www.the-dma.org/aboutdma/release4.shtml]. Critics
argue that most spam does not come from DMA members, so the DMA plan is
insufficient.
To date, the issue of restraining junk e-mail has been fought primarily over the
Internet or in the courts. Some ISPs will return junk e-mail to its origin, and groups
9 See also CRS Report RS20037, “Junk E-Mail”: An Overview of Issues and Legislation Concerning
Unsolicited Commercial Electronic Mail (“Spam”), by Marcia S. Smith, which is updated more
frequently than this report.
CRS-16
opposed to junk e-mail will send blasts of e-mail to a mass e-mail company, disrupting
the company’s computer systems. Filtering software also is available to screen out
e-mail based on keywords or return addresses. Knowing this, mass e-mailers may
avoid certain keywords or continually change addresses to foil the software, however.
In the courts, ISPs with unhappy customers and businesses that believe their
reputations have been tarnished by misrepresentations in junk e-mail have brought suit
against mass e-mailers.
Although several bills were debated in both the 105th and 106th Congresses, no
legislation cleared Congress. Some states are passing their own legislation. According
to the National Conference of State Legislatures, as of March 2000, 15 states had
enacted such laws and 16 introduced spam bills during their 2000 legislative sessions.
The 107th Congress remains interested in the issue at the federal level. H.R. 95
(Green), the Unsolicited Commercial Electronic Mail Act, was introduced the day the
107th Congress convened.
Internet Domain Names10
The 107th Congress continues to monitor issues related to the Internet domain
name system (DNS). Internet domain names were created to provide users with a
simple location name for computers on the Internet, rather than using the more
complex, unique Internet Protocol (IP) number that designates their specific location.
As the Internet has grown, the method for allocating and designating domain names
has become increasingly controversial.
The Internet originated with research funding provided by the Department of
Defense Advanced Research Projects Agency (DARPA) to establish a military
network. As its use expanded, a civilian segment evolved with support from the
National Science Foundation (NSF) and other science agencies. No formal statutory
authorities or international agreements govern the management and operation of the
Internet and the DNS. Prior to 1993, NSF was responsible for registration of
nonmilitary generic Top Level Domains (gTLDs) such as .com, .org, and .net. In
1993, the NSF entered into a 5-year cooperative agreement with Network Solutions,
Inc. (NSI) to operate Internet domain name registration services. With the
cooperative agreement between NSI and NSF due to expire in 1998, the
Administration, through the Department of Commerce (DOC), began exploring ways
to transfer administration of the DNS to the private sector.
In the wake of much discussion among Internet stakeholders, and after extensive
public comment on a previous proposal, the DOC, on June 5, 1998, issued a final
statement of policy, Management of Internet Names and Addresses (also known as
the “White Paper”). The White Paper stated that the U.S. government was prepared
to recognize and enter into agreement with “a new not-for-profit corporation formed
by private sector Internet stakeholders to administer policy for the Internet name and
address system.” On October 2, 1998, the DOC accepted a proposal for an Internet
Corporation for Assigned Names and Numbers (ICANN). On November 25, 1998,
DOC and ICANN signed an official Memorandum of Understanding (MOU), whereby
DOC and ICANN agreed to jointly design, develop, and test the mechanisms,
10 See also CRS Report 97-868, Internet Domain Names: Background and Policy Issues, by Lennard
G. Kruger, which is updated more frequently than this report.
CRS-17
methods, and procedures necessary to transition management responsibility for DNS
functions to a private-sector not-for-profit entity.
The White Paper also signaled DOC’s intention to ramp down the government’s
Cooperative Agreement with NSI, with the objective of introducing competition into
the domain name space while maintaining stability and ensuring an orderly transition.
During this transition period, government obligations will be terminated as DNS
responsibilities are transferred to ICANN. Specifically, NSI committed to a timetable
for development of a Shared Registration System that permits multiple registrars to
provide registration services within the .com, .net., and .org gTLDs. To date, 152
companies have either been accredited as a registrar by ICANN, or have qualified for
accreditation; currently, 70 registrars are operational. NSI will continue to
administer the root server system until receiving further instruction from the
government.
Significant disagreements between NSI on the one hand, and ICANN and DOC
on the other, arose over how a successful and equitable transition would be made
from NSI’s previous status as exclusive registrar of .com, org. and net. domain
names, to a system that allows multiple and competing registrars. On September 28,
1999, after nearly a year of negotiations, DOC, NSI, and ICANN announced a series
of formal agreements. NSI agreed to sign an accreditation agreement with ICANN,
but with certain limits and conditions placed on ICANN decisions that could affect
NSI’s business. While the agreement was hailed by DOC, NSI, and ICANN,
opposition was voiced by competing registrars, who asserted that the agreement gives
NSI too many advantages in the competition for new registrations and renewals of
existing ones. Others objected to the limits placed on ICANN with regard to making
decisions that might affect NSI. At its November 1999 board meeting, ICANN
agreed to modifications of the agreement which addressed some of the concerns
raised. On November 10, 1999, ICANN, NSI, and DOC formally signed the
agreements.
On September 4, 2000, ICANN and the DOC agreed to extend their MOU until
September 30, 2001 or sooner, if both parties agree that the work set under the MOU
has been completed. Remaining tasks, many of which are underway, include:
creating new Internet top-level domains, completing selection of the ICANN Board
of Directors, enhancing the architecture of the root-name server system, formalizing
contractual relationships between ICANN and the regional Internet Protocol address
registries, and establishing stable arrangements between ICANN and the organizations
responsible for the operation of country-code Top-Level Domains (TLDs).
Until the full transition to a private sector-controlled DNS system is completed,
the DOC remains responsible for monitoring the extent to which ICANN satisfies the
principles of the White Paper as it makes critical DNS decisions. Congress remains
keenly interested in how the Administration manages and oversees the transition to
private sector ownership of the DNS. The conference report (H.Rept. 106-479)
accompanying the FY2000 Consolidated Appropriations Act (P.L. 106-113, signed
November 29, 1999) directed GAO to review the legal basis and authority for DOC's
relationship with ICANN (including the possible transfer of the authoritative root
server to private sector control), the possibility of shifting federal oversight
responsibilities from NTIA to the National Institute of Standards and Technology
(NIST), and the adequacy of existing security arrangements safeguarding critical
hardware and software underlying the DNS. The GAO report, released on July 7,
2000, concluded that the DOC does have legal authority to enter into its current
agreements and cooperative activities with ICANN. GAO noted that while it is
CRS-18
unclear whether DOC has the authority to transfer control of the authoritative root
server to ICANN, the Department has no current plans to do so.
Two key issues addressed by ICANN are the addition of new top level domains
and the election of At-Large Board members. At its July 16, 2000 meeting in
Yokohama, the ICANN Board of Directors adopted a policy for the introduction of
new TLDs. Additional TLDs could significantly expand the number of domain names
available for registration by the public. The policy involves a process in which those
interested in operating or sponsoring new TLDs may apply to ICANN. During
September 2000, a total of 47 applications were received. At its November 16, 2000
annual meeting, ICANN selected seven companies or organizations to operate a
registry for one of seven new TLDs, as follows: .biz, .aero, .name, .pro, .museum,
.info, and .coop. ICANN’s selections are subject to approval by the Department of
Commerce. Following contractual discussions between ICANN and selected
applicants, at least some of the new TLDs could become operational during the first
half of 2001. Meanwhile, ICANN’s selection of new TLDs has proven controversial.
The House Energy and Commerce Committee has announced plans to hold hearings
in February 2001 to explore whether the process was open and fair, and whether it
ultimately promotes competition in registration and assignment of Internet domain
names.
Regarding the composition of ICANN’s board of directors, ICANN by law calls
for an international and geographically diverse 19-member board of directors,
composed of a president, nine at-large members, and nine members nominated by
three Supporting Organizations representing Domain Name, Address, and Internet
Protocol constituencies. During October 1999, the three Supporting Organization
each selected three directors for the permanent board. Terms of service range from
one to three years. Of the nine directors, four are from Europe (Britain, France,
Netherlands, and Spain), two from Canada, one from Mexico, one from Hong Kong,
and one from the United States. The nine new directors joined the ten sitting interim
directors, who serve until an additional nine directors are elected to the permanent
board by ICANN's At-Large membership. At ICANN’s March 2000 meeting in
Cairo, the sitting board agreed to a plan whereby five At-Large board members, one
from each of five geographic regions of the world, would be directly elected by
Internet users. Eligible to vote was anyone over 16 years old with an active email
and postal address who registered as an ICANN member. On October 10, 2000
ICANN announced the five new At-Large board members elected by over 34,000
Internet users. At the November 2000 annual meeting, ICANN initiated a study to
determine how to select the remaining At-Large board members. Meanwhile, the
sitting board has extended the terms of four of its interim members until 2002 to serve
with the five newly elected At-Large board members.
Another issue surrounding the DNS is the resolution of trademark disputes that
arise in designating domain names. In the early years of the Internet, when the
primary users were academic institutions and government agencies, little concern
existed over trademarks and domain names. As the Internet grew, however, the
fastest growing number of requests for domain names were in the .com domain
because of the explosion of businesses offering products and services on the Internet.
Since domain names have been available from NSI on a first-come, first-serve basis,
some companies discovered that their name had already been registered. The
situation was aggravated by some people (dubbed “cybersquatters”) registering
domain names in the hope that they might be able to sell them to companies that place
a high value on them.
CRS-19
The increase in conflicts over property rights to certain trademarked names has
resulted in a number of lawsuits. Under previous policy, NSI did not determine the
legality of registrations, but when trademark ownership was demonstrated, placed the
use of a name on hold until the parties involved could resolve the domain name
dispute. The White Paper called upon the World Intellectual Property Organization
(WIPO) to develop a set of recommendations for trademark/domain name dispute
resolutions, and to submit those recommendations to ICANN. At ICANN's August
1999 meeting in Santiago, the board of directors adopted a dispute resolution policy
to be applied uniformly by all ICANN-accredited registrars. Under this policy,
registrars receiving complaints will take no action until receiving instructions from the
domain-name holder or an order of a court or arbitrator. An exception is made for
“abusive registrations” (i.e. cybersquatting and cyberpiracy), whereby a special
administrative procedure (conducted largely online by a neutral panel, lasting 45 days
or less, and costing about $1000) will resolve the dispute. Implementation of
ICANN’s Domain Name Dispute Resolution Policy commenced on December 9,
1999. Meanwhile, the 106th Congress took action, passing the Anticybersquatting
Consumer Protection Act (incorporated into P.L. 106-113, the FY2000 Consolidated
Appropriations Act). The Act gives courts the authority to order the forfeiture,
cancellation, and/or transfer of domain names registered in “bad faith” that are
identical or similar to trademarks. The bill also provides for statutory civil damages
of at least $1,000, but not more than $100,000, per domain name identifier.
Government Information Technology Management11
The growing role of the Internet in the political economy of the United States
has attracted increased congressional attention to government information technology
management issues. Interest has been further heightened by national information
infrastructure development efforts and e-government initiatives. Although wide-
ranging, government information technology management issues can be characterized
by three major themes: infrastructure development, resource management, and the
provision of online services (e-government). Each of these is likely to be addressed
by the 107th Congress.
Internet Infrastructure and National Policy
Since 1995, when the Internet first came into prominence, the question of who
should maintain and expand the U.S. information infrastructure has been raised by
many policymakers. The Clinton Administration articulated its support of federal
technology policy in the 1992 campaign, including the rapid expansion of
telecommunications-based “information superhighways.” Again, during the 1996
presidential campaign, President Clinton and Vice President Gore contended that
investment in advanced technology would strengthen the U.S. economy by creating
jobs and address pressing social problems. Early in the Clinton Administration,
several policy proposals were presented to Congress that articulated a vision of how
telecommunication technologies, services, and applications could be combined in a
national information network. This concept was to interconnect businesses,
11 See also CRS Report RL30661, Government Information Technology Management: Past and
Future Issues (the Clinger-Cohen Act),by Jeffrey W. Seifert.
CRS-20
governments, researchers, educators, and the general public with advanced
telecommunications networks and a diverse multitude of information resources.
Until the 106th Congress, most policymakers tended to respond to the Clinton
Administration’s policies, rather than provide a specific policy or program alternative.
However, in the 106th Congress, several Members of Congress presented their
approaches to support a national information infrastructure that would enable all
Americans to access information and communicate with each other using voice, data,
image or video at anytime, anywhere. Among these legislative initiatives was the
Networking and Information Technology Research Development Act (H.R. 2086,
Sensenbrenner), which would have doubled existing federal computing research
programs, including developing new Internet-related technologies, over a five year
period. While this bill was not passed by Congress, this and other legislative
initiatives reflected greater congressional interest in addressing those areas of Internet
research and development not currently undertaken by U.S. industry, but might be
vital to the Internet’s future growth.
Information Technology R&D. For FY2001, most federal Internet research
and development is part of a large government effort to support a wide range of
related scientific research and technology development. This is called the Information
Technology (IT) Research and Development initiative, and includes a wide range of
programs, from software upgrades at federal agencies to high performance computing
developments. The total funding for federal IT Research & Development in FY2001
is $2.1 billion. The National Science Foundation received a significant increase in its
IT research and development budget, going from $90 million in FY2000 to $215
million in FY2001. The Department of Energy has the largest federal IT research and
development budget, at $657 million, which includes both civilian and defense IT
efforts. Finally, an important component of the federal IT Research and Development
initiative is the Next Generation Internet (NGI) program. The NGI is a multi-agency
effort to develop new Internet research and applications that will assist federal
agencies which have research and development as one of their missions. For FY2001,
the six federal agencies in the NGI program will receive a total of $89 million.
Information Resource Management—The Role of a Federal
CIO
Debate over the creation of a federal Chief Information Officer (CIO) position
has ebbed and flowed in Congress over the past five years. In private sector
organizations with a CIO, this person serves as the senior decisionmaker providing
leadership and direction for information resource development, procurement, and
management with a focus on improving efficiency and the quality of services
delivered. Creating a federal CIO position was originally considered in an early draft
of what became the Clinger-Cohen Act in 1995 (P.L. 104-106), but the idea was
dropped in favor of creating CIO positions within individual executive brand agencies.
The CIO Council was later established in 1996 by Executive Order 13011 as a forum
for agency CIOs and Deputy CIOs to share information and improve government
information resource management practices. The mixed results of agency-level CIOs,
combined with a growing interest in better managing government technology
resources, brought renewed attention to creating a single federal CIO position, or a
“national CIO,” during the 106th Congress. In addition, the recent piecemeal efforts
CRS-21
to move governmental functions and services online has led some observers to call for
an “e-government czar” or a national CIO to coordinate these efforts.
Although there appears to be a growing bipartisan consensus regarding the need
for a federal CIO, issues such as the organizational location and the scope of
responsibility are still the subject of debate. The placement of the federal CIO is
perhaps the most hotly contested issue. Specifically, there is disagreement over
whether the federal CIO should be placed in the Office of Management and Budget
(OMB) or if a new office should be established within the White House to focus solely
on information technology issues. In September 2000, the House Government
Reform Committee’s Subcommittee on Government Management, Information, and
Technology held a hearing regarding two bills proposed by Representatives Turner
and Davis earlier that summer (discussed below). Much of the testimony focused on
the relationship between the proposed federal CIO and the OMB. Then-Deputy
Director of Management at OMB, Sally Katzen, argued that situating oversight of
information technology management within OMB’s management and budgeting
authority was essential for the successful budgeting and execution of information
technology programs. In response, critics of this approach argued that IT programs
are crucial enough to warrant autonomous management and budget authority by
specialists who can devote their full energy to the success of government IT projects.
Some observers suggest there are lessons to be learned from the lackluster results of
the agency-level CIO provisions in the Clinger-Cohen Act. In reviews of this
provision, the GAO has cited the divided attention of agency-level CIOs with multiple
spheres of responsibility as an obstacle for implementing information technology
management reforms. The GAO has further stated that the role of the CIO is a full-
time leadership position requiring complete attention to information resource
management issues.12
Another issue that has received less attention is the scope of responsibility of the
proposed federal CIO. Specifically, questions have been raised about oversight of
government information security. Some proponents suggest that the federal CIO
should be empowered to develop and implement a comprehensive response to
information security threats. Critics of this approach argue that individual agencies
may believe they have a reduced obligation or will devote fewer resources to
information security at a time when threats to information resources are climbing.
During the 106th Congress, legislation was introduced in the House calling for
the establishment of a federal CIO position. One bill (H.R. 4670, Turner) would have
created a federal CIO in an office outside of OMB, establish a CIO Council by law
rather than by executive order, and make the CIO head of the Council. A second bill
(H.R. 5024, Davis) would have created a White House Office of Information Policy
to be headed by a federal CIO, with a broad mandate to create federal IT policy, a
staff, an authorized budget to carry out the duties of a federal CIO, and the power to
coordinate and execute government-wide information security efforts. Neither bill
was passed in the last Congress; however, it is likely these issues will be revisited in
the 107th Congress.
12 General Accounting Office, Chief Information Officers: Ensuring Strong Leadership and an
Effective Council, GAO-T-AIMD-98-22, 27 October 1997. General Accounting Office, VA
Information Technology: Improvements Needed to Implement Legislative Reforms, GAO/AIMD-98-
154, 7 July 1998.
CRS-22
In addition to this congressional activity, during the 2000 Presidential campaign
both major-party candidates proposed creating a federal CIO. It has since been
reported in Government Executive magazine that Senator Lieberman is expected to
introduce such a bill sometime this year while President Bush may issue an executive
order designating the Deputy Director of the OMB as the federal CIO to coordinate
government-wide e-government initiatives.
Provision of Online Services (E-government)
Electronic government (e-government) is an evolving concept, meaning different
things to different people. However, it has significant relevance to four important
areas of governance: (1) delivery of services (government-to-citizen, or G2C); (2)
providing information (also G2C); (3) facilitating the procurement of goods and
services (government-to-business, or G2B, and business-to-government, or B2G); and
(4) facilitating efficient exchanges within and between agencies (government-to-
government, or G2G). For policymakers concerned about e-government, a central
issue is developing a comprehensive but flexible strategy to coordinate the disparate
e-government initiatives across the federal government. Just as the private sector is
undergoing significant change due, in part, to the convergence of technology, these
same forces are transforming the public sector as well. E-government initiatives vary
significantly in their breadth and depth from state to state and agency to agency.
So far, states such as California, Minnesota, and Utah have taken the lead in
developing e-government initiatives. However, there is rapidly increasing interest and
activity at the federal level as well. Perhaps the most well-known federal example is
the September 2000 launch of the FirstGov web site [http://www.firstgov.gov].
FirstGov is a web portal designed to serve as a single locus point for finding federal
government information on the Internet. The FirstGov site also provides access to
a variety of state and local government resources. Another example is the Social
Security Administration (SSA), which has also launched a number of e-government
initiatives including the option to apply for retirement insurance benefits online,
request a Social Security Statement, and the ability to request a replacement Medicare
card. At the Department of the Treasury, the U.S. Mint is using interactive Internet
sales to expand its marketing efforts and attract younger people into coin collecting.
Similarly, the General Services Administration (GSA) recently created a new website,
FedBizOpps [http://www.fedbizopps.gov] to facilitate federal business opportunities
online.
The movement to put government online raises as many issues as it provides new
opportunities. Some of these issues include, but are not limited to: security, privacy,
management of governmental technology resources, accessibility of government
services (including “digital divide” concerns as a result of a lack of skills or access to
computers, discussed earlier), and preservation of public information (maintaining
comparable freedom of information procedures for digital documents as exist for
paper documents). Although these issues are neither new nor unique to e-
government, they do present the challenge of performing governance functions online
without sacrificing the accountability of or public access to government that citizens
have grown to expect. Some industry groups have also raised concerns about the
U.S. government becoming a publicly funded market competitor through the
provision of fee-for-services such as the U.S. Postal Service’s eBillPay, which allows
CRS-23
consumers to schedule and make payments to creditors online
[http://www.usps.com/ebpp/welcome.htm].
CRS-24
Appendix A: Legislation in the 107th Congress
Following is a topical list of legislation pending before the 107th Congress on the
issues covered in this report. The status of the legislation is not provided. For
information on legislative status, congressional readers should consult LIS or Thomas,
or contact CRS.
Format: Bill Number, Sponsor, Title, Date Introduced, Committee(s) to Which Bill
Was Referred
Internet Privacy
H.R. 89, Frelinghuysen, Online Privacy Protection Act, 1/3/01 (Energy&Commerce)
H.R. 91, Frelinghuysen, Social Security Online Privacy Protection Act, 1/3/01
(Energy & Commerce)
H.R. 112, Holt, Electronic Privacy Protection Act, 1/3/01 (Energy & Commerce)
H.R. 220, Paul, Identity Theft Prevention Act, 1/3/01 (Ways & Means, Government
Reform)
H.R. 237, Eshoo, Consumer Internet Privacy Enhancement Act, 1/20/01 (Energy &
Commerce)
S. 197, Edwards, Spyware Control and Privacy Protection Act, 1/29/01 (Commerce)
Broadband Internet Access
S. 88, Rockefeller, Broadband Internet Access Act of 2001, 1/22/01 (Finance)
S. 150, Kerry, Broadband Deployment Act of 2001, 1/23/01 (Finance)
Junk E-Mail
H.R. 95, Green, Unsolicited Commercial Electronic Mail Act, 1/3/01 (E&C,
Judiciary)
CRS-25
Appendix B: List of Acronyms
Alphabetically
ACEC
Advisory Commission on Electronic Commerce
B2B
Business-to-Business
B2G
Business-to-Government
BOC
Bell Operating Company
CIO
Chief Information Officer
DMA
Direct Marketing Association
DNS
Domain Name System
DOC
Department of Commerce
EU
European Union
FBI
Federal Bureau of Investigation
FCC
Federal Communications Commission
FTC
Federal Trade Commission
G2B
Government-to-Business
G2C
Government-to-Citizen
G2G
Government-to-Government
GAO
General Accounting Office
GSA
General Services Administration
gTLD
global Top Level Domain
ICANN Internet Corporation for Assigned Names and Numbers
ILEC
Incumbent Local Exchange Carrier
IP
Internet Protocol
ISP
Internet Service Provider
IT
Information Technology
LATA
Local Access and Transport Area
LEC
Local Exchange Carrier
MOU
Memorandum of Understanding
NGI
Next Generation Internet
NIST
National Institute for Standards and Technology
NSI
Network Solutions, Inc,
NSF
National Science Foundation
NTIA
National Telecommunications and Information Administration
ONDCP Office of National Drug Control Policy
OPA
Online Privacy Alliance
SSA
Social Security Administration
SSN
Social Security Number
TLD
Top Level Domain
UCE
Unsolicited Commercial E-mail
WIPO
World Intellectual Property Organization
WTO
World Trade Organization
Categorically
U.S. Government Entities
DOC
Department of Commerce
FBI
Federal Bureau of Investigation
FCC
Federal Communications Commission
CRS-26
FTC
Federal Trade Commission
GAO
General Accounting Office
GSA
Government Services Administration
NIST
National Institute of Standards and Technology (part of Department of Commerce)
NSF
National Science Foundation
NTIA
National Telecommunications and Information Administration (part of Department
of Commerce)
ONDCP
Office of National Drug Control Policy
SSA
Social Security Administration
Private Sector Entities
BOC
Bell Operating Company
DMA
Direct Marketing Association
ICANN
Internet Corporation for Assigned Names and Numbers
ILEC
Incumbent Local Exchange Carrier
ISP
Internet Service Provider
LEC
Local Exchange Carrier
NSI
Network Solutions, Inc.
OPA
Online Privacy Alliance
General Types of Internet Services
B2B
Business-to-Business
B2G
Business-to-Government
G2B
Government-to-Business
G2C
Government-to-Citizen
G2G
Government-to-Government
Internet and Telecommunications Terminology
CIO
Chief Information Officer
DNS
Domain Name System
gTLD
global Top Level Domain
IP
Internet Protocol
IT
Information Technology
LATA
Local Access and Transport Area
NGI
Next Generation Internet
TLD
Top Level Domain
UCE
Unsolicited Commercial E-mail
Other
ACEC
Advisory Commission on Electronic Commerce
EU
European Union
MOU
Memorandum of Understanding
SSN
Social Security Number
WIPO
World Intellectual Property Organization
WTO
World Trade Organization
CRS-27
Appendix C: Legislation Passed by the 105thand
106th Congresses
Editions of this report prepared in the105th Congress and the 106th Congress also
addressed key technology policy issues affecting the use of growth of the Internet.
Some of those issues continue to be of interest to Congress and are discussed in this
edition of the report. Others, however, appear to be resolved from a congressional
point of view, at least the moment, specifically encryption, electronic signatures, and
protecting children from unsuitable material on the Internet. Those topics are not
discussed in this version of the report. Nevertheless, it appears useful to retain
information about legislation that passed on the subjects of most interest to the two
previous Congresses. Following is such a summary, based on the topics that were
previously in the report.
Legislation Enacted in the 105th Congress
Protecting Children: Child Online Protection Act, Children’s Online Privacy
Protection Act, and Child Protection and Sexual Predator Protection Act
In the FY1999 Omnibus Consolidated and Emergency Supplemental
Appropriations Act (P.L. 105-277), Congress included several provisions related to
protecting children on the Internet. Included is legislation making it a crime to send
material that is “harmful to minors” to children and protecting the privacy of
information provided by children under 13 over interactive computer services.
Separately, Congress passed a law (P.L. 105-314) that, inter alia, strengthens
penalties against sexual predators using the Internet.
The “harmful to minors” language is in the Child Online Protection Act, Title
XIV of Division C of the Omnibus Appropriations Act. Similar language was also
included in the Internet Tax Freedom Act (Title XI of Division C of the Omnibus
Appropriations Act). Called “CDA II” by some in reference to the Communications
Decency Act that passed Congress in 1996 but was overturned by the Supreme Court,
the bill restricts access to commercial material that is “harmful to minors” distributed
on the World Wide Web to those 17 and older. The American Civil Liberties Union
(ACLU) and others filed suit against enforcement of the portion of the Act dealing
with the “harmful to minors” language. In February, 1999, a federal judge in
Philadelphia issued a preliminary injunction against enforcement of that section of the
Act. The Justice Department has filed an appeal (see CRS Report 98-670, Obscenity,
Child Pornography, and Indecency: Recent Developments and Pending Issues for
further information).
The Children’s Online Privacy Protection Act, also part of the Omnibus
Appropriations Act (Title XIII of Division C), requires verifiable parental consent for
the collection, use, or dissemination of personally identifiable information from
children under 13.
The Omnibus Appropriation Act also includes a provision intended to make it
easier for the FBI to gain access to Internet service provider records of suspected
sexual predators (Section 102, General Provisions, Justice Department). It also sets
aside $2.4 million for the Customs Service to double the staffing and resources for the
CRS-28
child pornography cyber-smuggling initiative and provides $1 million in the Violent
Crime Reduction Trust Fund for technology support for that initiative.
The Protection of Children from Sexual Predators Act (P.L. 105-314) is a
broad law addressing concerns about sexual predators. Among its provisions are
increased penalties for anyone who uses a computer to persuade, entice, coerce, or
facilitate the transport of a child to engage in prohibited sexual activity, a requirement
that Internet service providers report to law enforcement if they become aware of
child pornography activities, a requirement that federal prisoners using the Internet
be supervised, and a requirement for a study by the National Academy of Sciences on
how to reduce the availability to children of pornography on the Internet.
Identity Theft and Assumption Deterrence Act
The Identity Theft and Assumption Deterrence Act (P.L. 105-318) sets penalties
for persons who knowingly, and with the intent to commit unlawful activities, possess,
transfer, or use one or more means of identification not legally issued for use to that
person.
Intellectual Property: Digital Millennium Copyright Act
Congress passed legislation (P.L. 105-304) implementing the World Intellectual
Property Organization (WIPO) treaties regarding protection of copyright on the
Internet. The law also limits copyright infringement liability for online service
providers that serve only as conduits of information. Provisions relating to database
protection that were included by the House were not included in the enacted version
and are being debated anew in the 106th Congress. Since database protection per se
is not an Internet issue, it is not included in this report (see CRS Report 98-902,
Intellectual Property Protection for Noncreative Databases).
Digital Signatures: Government Paperwork Elimination Act
Congress passed the Government Paperwork Elimination Act (Title XVII of
Division C of the Omnibus Appropriations Act, P.L. 105-277) that directs the Office
of Management and Budget to develop procedures for the use and acceptance of
“electronic” signatures (of which digital signatures are one type) by executive branch
agencies.
Internet Domain Names: Next Generation Internet Research Act
The Next Generation Internet Research Act (P.L. 105-305) directs the National
Academy of Sciences to conduct a study of the short and long-term effects on
trademark rights of adding new generation top-level domains and related dispute
resolution procedures.
CRS-29
Summary of Legislation Passed by the 105th Congress
Title
Public Law Number
FY1999 Omnibus Consolidated and Emergency
P.L. 105-277
Supplemental Appropriations Act
Internet Tax Freedom Act
Division C, Title XI
Children’s Online Privacy Protection Act
Division C, Title XIII
Child Online Protection Act
Division C, Title XIV
Government Paperwork Elimination Act
Division C, Title XVII
Protection of Children from Sexual Predators Act
P.L. 105-314
Identity Theft and Assumption Deterrence Act
P.L. 105-318
Digital Millennium Copyright Act
P.L. 105-304
Next Generation Internet Research Act
P.L. 105-305
Legislation Enacted in the 106th Congress
Electronic Signatures
The Millennium Digital Commerce Act (P.L. 106-229) regulates Internet
electronic commerce by permitting and encouraging its continued expansion through
the operation of free market forces, including the legal recognition of electronic
signatures and electronic records.
Computer Security
The Computer Crime Enforcement Act (P.L. 106-572) establishes
Department of Justice grants to state and local authorities to help them investigate and
prosecute computer crimes. The law authorizes the expenditure of $25 million for the
grant program through FY2004. The FY2001 Department of Defense
Authorization Act (P.L. 106-398) includes language that originated in S. 1993 to
modify the Paperwork Reduction Act and other relevant statutes concerning
computer security of government systems, codifying agency responsibilities regarding
computer security.
CRS-30
Internet Privacy
Language in the FY2001 Transportation Appropriations Act (P. L. 106-246)
and the FY2001 Treasury-General Government Appropriations Act (included as
part of the Consolidated Appropriations Act, P.L. 106-554) addresses Web site
information collection practices by departments and agencies in the Treasury-General
Government Appropriations Act. Section 501 of the FY2001 Transportation
Appropriations Act prohibits funds in the FY2001 Treasury-General Government
Appropriations Act from being used by any federal agency to collect, review, or
create aggregate lists that include personally identifiable information (PII) about an
individual’s access to or use of a federal Web site, or enter into agreements with third
parties to do so, with exceptions. Section 646 of the FY2001 Treasury-General
Government Appropriations Act requires Inspectors General of agencies or
departments covered in that act to report to Congress within 60 days of enactment on
activities by those agencies or departments relating to the collection of PII about
individuals who access any Internet site of that department or agency, or entering into
agreements with third parties to obtain PII about use of government or non-
government Web sites.
The Social Security Number Confidentiality Act (P.L. 106-433) prohibits the
display of Social Security numbers on unopened checks or other Treasury-issued
drafts. (Although this is not an Internet issue, it is related to concerns about
consumer identity theft, a topic addressed in this report.)
The Internet False Identification Prevention Act (P.L. 106-578) updates
existing law against selling or distributing false identification documents to include
those sold or distributed through computer files, templates, and disks. It also requires
the Attorney General and Secretary of the Treasury to create a coordinating
committee to ensure that the creation and distribution of false IDs is vigorously
investigated and prosecuted.
Protecting Children from Unsuitable Material
The Children’s Internet Protection Act (Title XVII of the FY2001 Labor-
HHS Appropriations Act, included in the FY2001 Consolidated Appropriations
Act, P.L. 106-554) requires most schools and libraries that receive federal funding
through Title III of the Elementary and Secondary Education Act, the Museum and
Library Services Act, or “E-rate” subsidies from the universal service fund, to use
technology protection measures (filtering software or other technologies) to block
certain Web sites when computers are being used by minors, and in some cases, by
adults. When minors are using the computers, the technology protection measure
must block access to visual depictions that are obscene, child pornography, or harmful
to minors. When others are using the computers, the technology must block visual
depictions that are obscene or are child pornography. The technology protection
measure may be disabled by authorized persons to enable access for bona fide
research or other lawful purposes.
CRS-31
Internet Domain Names
The Anticybersquatting Consumer Protection Act (part of the FY2000
Consolidated Appropriations Act, P.L. 106-113) gives courts the authority to order
the forfeiture, cancellation, and/or transfer of domain names registered in “bad faith”
that are identical or similar to trademarks. The Act provides for statutory civil
damages of at least $1,000, but not more than $100,000 per domain name identifier.
Summary of Legislation Enacted in the 106th Congress
Title
Public Law Number
Millennium Digital Commerce Act
P.L. 106-229
Computer Crime Enforcement Act
P.L. 106-572
FY2001 Transportation Appropriations Act, section 501
P. L. 106-246
FY2001 Treasury-General Government Appropriations
P.L. 106-554
Act, section 646 (enacted by reference in the FY2001
Consolidated Appropriations Act)
Social Security Number Confidentiality Act
P.L. 106-433
Internet False Identification Prevention Act
P.L. 106-578
Children’s Internet Protection Act (Title XVII of the
P.L. 106-554
FY2001 Labor-HHS Appropriations Act, enacted by
reference in the FY2001 Consolidated Appropriations Act)
Anticybersquatting Consumer Protection Act (enacted by
P.L. 106-113
reference in the FY2000 Consolidated Appropriations Act)
CRS-32
Appendix D: Related CRS Reports
Broadband Internet Access: Background and Issues, by Lennard G. Kruger and
Angele A. Gilroy. CRS Issue Brief IB10045. (Updated regularly.)
Broadband Internet Access and the Digital Divide: Federal Assistance Programs,
by Lennard G. Kruger. CRS Report RL30719. 18 p. January 10. 2001.
Computer Fraud & Abuse: A Sketch of 18 U.S.C. 1030 And Related Federal
Criminal Laws, by Charles Doyle. CRS Report 97-1024 A. 5 p. December 3,
1997.
Computer Fraud & Abuse: An Overview of 18 U.S.C. 1030 And Related Federal
Criminal Laws, by Charles Doyle. CRS Report 97-1025 A. 85 p. November
28, 1997.
Copyright Cases in the Courts: Napster, MP3 Digital Music, and DVD Motion
Picture Encryption Technology, by Robin Jeweler. CRS Report RL30683.
13 p. September 18, 2000.
Critical Infrastructures: Background and Early Implementation of PDD-63, by
John D. Moteff. CRS Report RL30153, 21 p. January 12, 2001.
Cyberwarfare, by Stephen A. Hildreth. CRS Report RL30735. 17 p. January 16,
2001.
Digital Surveillance: the Communications Assistance for Law Enforcement Act and
FBI Internet Monitoring, by Richard M. Nunno. CRS Report RL30677. 17
p. October 12, 2000.
Electronic Commerce: An Introduction, by Glenn J. McLoughlin. CRS Report
RS20426. 6 p. January 25, 2001.
Electronic Commerce, Info Pack. by Rita Tehan. IP539P (Updated as needed)
Electronic Communications Privacy Act of 2000 (H.R. 5018): Summary in Brief, by
Gina Marie Stevens. CRS Report RS20693. 6 p. October 3, 2000.
Electronic Stock Market, by Mark Jickling. CRS Report RL30602. 15 p. July 8,
2000.
Electronic Signatures: Technology Developments and Legislative Issues, by Richard
Nunno. CRS Report RS20344. 6 p. January 19, 2001.
Encryption Technology: Congressional Issues, by Richard Nunno. CRS Issue Brief
IB96039. (Updated Regularly)
Government Information Technology Management: Past and Future Issues (the
CRS-33
Clinger-Cohen Act), by Jeffrey W. Seifert. CRS Report RL30661. 14 p.
August 30, 2000.
Health information security and privacy: HIPAA and proposed implementing
regulations, by C. Stephen Redhead. CRS Report RL30620. 23 p. July
28, 2000.
Intellectual Property Protection for Noncreative Databases, by Dorothy Schrader
and Robin Jeweler. CRS Report 98-902 A. 17 p. September 15, 1999.
Internet and E-Commerce Statistics: What They Mean and Where to Find Them
on the Web, by Rita Tehan. CRS Report RL30435. 15 p. October 24,
2000.
Internet Domain Names: Background and Policy Issues, by Lennard G. Kruger.
CRS Report 97-868 STM. 6 p. December 12, 2000.
Internet Gambling: A Sketch of Legislative Proposals, by Charles Doyle. CRS
Report RS20485. 6 p. January 11, 2001.
Internet Gambling: Overview of Federal Criminal Law, by Charles Doyle. CRS
Report 97-619 A. 43 p. March 7, 2000.
Internet Privacy: An Analysis of Technology and Policy Issues, by Marcia S.
Smith. CRS Report RL30784. 38 p. December 21, 2000.
Internet Privacy—Protecting Personal Information: Overview and Pending
Legislation, by Marcia S. Smith. CRS Report RS20035. 6 p. January 16,
2001.
Internet—Protecting Children from Unsuitable Material and Sexual Predators:
Overview and Pending Legislation, by Marcia S. Smith. CRS Report
RS20036. 6 p. January 16. 2001.
Internet Service and Access Charges, by Angele Gilroy. CRS Report RS20579. 3
p. May 12, 2000.
Internet Taxation: Bills in the 106th Congress, by Nonna Noto. CRS Report
RL30412. 23 p. November 22, 2000.
Internet Tax Legislation: Distinguishing Issues, by Nonna Noto. CRS Report
RL30667. 20 p. January 11. 2001
Internet Transactions and the Sales Tax, by Stephen Maguire. CRS Report
RL30431. 10 p. December 11, 2000.
Internet Voting: Issues and Legislation, by Kevin Coleman and Richard Nunno.
CRS Report RS20639. 6 p. January 16, 2001.
“Junk E-mail”: An Overview of Issues and Legislation Concerning Unsolicited
Commercial Electronic Mail (“Spam”), by Marcia S. Smith. CRS Report
CRS-34
RS20037. 6 p .January 16, 2001.
Legislation to Prevent Cybersquatting/Cyberpiracy, by Henry Cohen. CRS
Report RS20367. 5 p. May 1, 2000.
Long Distance Telephony: Bell Operating Company Entry Into the Long Distance
Market, by James R. Riehl. CRS Report RL30018. December 22, 2000.
10p.
Medical Records Privacy: Questions and Answers on the December 2000 Federal
Regulation, by C. Stephen Redhead. CRS Report RS20500. 6 p. January
16, 2001.
National Information Infrastructure: The Federal Role, by Glenn J. McLoughlin.
CRS Issue Brief 95051. (Updated Regularly)
Noncreative Database Bills in the House, by Robin Jeweler. CRS Report
RS20361. 6 p. October 19, 1999.
Obscenity, Child Pornography, and Indecency: Recent Developments and
Pending Issues, by Henry Cohen. CRS Report 98-670 A. 6 p. January 2,
2001.
Online Privacy Protection: Issues and Developments, by Gina Marie Stevens.
CRS Report RL30322. 16 p. January 11, 2001.
Personal Privacy Protection: The Legislative Response, by Harold C. Relyea.
CRS Report RL30671. 38 p. January 8, 2001.
Prescription Drug Sales Over the Internet, by Christopher Sroka. CRS Report
RL30456. 8 p. March 10, 2000.
Spinning the Web: the History and Infrastructure of the Internet, by Rita Tehan.
CRS Report 98-649 C. 16 p. August 12, 1999.
State Sales Taxation of Internet Transactions, by John Luckey. CRS Report
RS20577. 4 p. January 10, 2001/
Telecommunications Discounts for Schools and Libraries: the “E-Rate” Program
and Controversies, by Angele Gilroy. CRS Issue Brief IB98040. (Updated
regularly).
Telemarketing: Dealing with Unwanted Telemarketing Calls, by James R. Riehl.
CRS Report RL30763. December 11, 2000. 10 p.