ACM WASHINGTON UPDATE
U.S. Office of Public Policy of the Association for Computing
Machinery

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

October 31, 2000 Volume 4.7

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
CONTENTS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

INTRODUCTION

POLICY BRIEFS:
DMCA Goes Into Effect
Council of Europe Cybercrime Bill
ICANN Election Results
New Encryption Standard Chosen
Anti-"Spyware" Bill Before Congress
Microsoft Cracked; Source Code Exposed

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
INTRODUCTION
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

The Association for Computing Machinery is an international
professional society whose 80,000 members (60,000 in the U.S.)
represent a critical mass of computer scientists in education,
industry, and government. The USACM provides a means for promoting
dialogue on technology policy issues with United States policy makers
and the general public. The WASHINGTON UPDATE reports on activities
in Washington, which may be of interest to those in the computing and
information policy communities and will highlight USACM's involvement
in many of these issues.

To subscribe to the ACM WASHINGTON UPDATE send an e-mail to
listserv@acm.org with "subscribe WASHINGTON-UPDATE" (no quotes) in
the body of the message. Back issues are available at:
http://www.acm.org/usacm

For information about joining the Association for Computing
Machinery, see:
http://www.acm.org/membership/join.html

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
POLICY BRIEFS
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
DMCA GOES INTO EFFECT

The anti-circumvention provisions of the Digital Millenium Copyright
went into effect on October 28, 2000. These rules prohibit the
circumvention of effective technical measures preventing the
unauthorized copying, transmission or access of copyrighted works.
Criminal and civil sanctions apply to violators. The distribution of
circumventing technologies has been prohibited by the law when it was
codified, but the anti-circumvention applies to end-users of those
circumventing technologies. The recent DeCSS case (Universal City
Studios v. Reimerdes, 82 F.Supp.2d 211(S.D.N.Y. 2000), 111 F. Supp.2d
294 (S.D.N.Y. 2000)) concerned the distribution of a circumventing
technology that permitted users to access DVDs from Linux and other
operating systems.

As required, the Copyright Office issued final interpretative rules
on the DMCA. In these rules, the Copyright Office:
 1) expressly declined to exempt DVD decryption technology
 2) exempted decryption of filtering software's blacklists
 3) exempted circumvention of access control mechanisms that
 fail to permit access because of malfunction, damage or
 obsolescence.
The Copyright Office found that the availability of operating systems
that could run DVDs meant that there was no need to provide an
exemption to decrypt DVDs so they could be accessed by Linux and
other operating systems. The Copyright Office also found the harm
imposed by the regional coding system to be "de minimis," or
insignificant.
On the other hand, the Copyright Office found that the First
Amendment
required the ability to review blacklists used by filtering software.
The Copyright Office also found that damaged or malfunctioning
dongles should not be a barrier to using lawfully purchased software.
 
The Copyright Office's rules are available at:
http://www.loc.gov/copyright/fedreg/65fr64555.html

ACM comments on the /DMCA implementation are available at:
http://www.acm.org/usacm/IP/dmca.exemption.htm

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
COUNCIL OF EUROPE CYBERCRIME BILL

The USACM has added its name to a letter to the Council of Europe on
its recent Cybercrime Treaty. The letter has been signed by at least
thirty eight organizations.

The treaty includes provisions that would require ISPs to keep
records of the activities of of their customers (Articles 17, 18, 24,
25), make ISPs liable for the content they carry (Articles 9 and 11),
extend copyright crimes (Article 10), and outlaw computer security
tools (Article 6). The U.S. is represented in the drafting process by
the Department of Justice's Computer Crime and Intellectual Property
division. There have been no open meetings regarding this treaty and
the COE plans to have a final version by December.

A copy of the Cybercrime Treaty is available at:
http://conventions.coe.int/treaty/EN/projets/cybercrime22.htm

A copy of the letter is available at:
http://www.gilc.org/privacy/coe-letter-1000.html

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
ICANN ELECTION RESULTS

ICANN concluded the elections for the At-Large Board Members on
October 10. The regional representatives are: Nii Quaynor, the CEO of
Network Computer Systems and an ISP President of ISOC Ghana
(Africa), Masanobu Katoh, a Fujistu executive with a Japanese law
degree (Asia/Australia), Andy Mueller-Maguhn, a member of the Chaos
Computer Club (Europe), Ivan Moura Campos, CEO of Akwan Information
Technologies and chair of Internet Steering Committee of Brazil
(Latin America/Carribean) and Karl Auerbach, Cisco engineer, IETF
member and nonpracticing attorney (North America). At-large members
are invited to meet with newly-elected board members on November 12,
the day prior to ICANN's annual meeting in Marina Del Rey, California.

USACM co-chair Barbara Simons came in second place for the North
American region.

In related news, ICANN announced on October 27 that four Board
members,  Frank Fitzsimmons, Hans Kraaijenbrink, Jun Murai, and Linda
Wilson, would extend their term to November 2002. This has generated
criticism from long-time ICANN observer, Professor A. Michael
Froomkin, who termed the hold-over members Board squattors.

More information on the At-Large board members is available at:
http://members.icann.org/nominees.html

More information about meeting ICANN At-Large Board Members available
at:
http://www.cpsr.org/internetdemocracy/At-Large_Meeting.html

Detailed election results are available at:
http://www.election.com/us/icann/icannresult.html

Professor Froomkin's comments are available at:
http://personal.law.miami.edu/~froomkin/boardsquat.htm

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
NEW ENCRYPTION STANDARD CHOSEN

The National Institute for Standards and Technology announced that
the Rijndael encryption algorithm would be chosen as the proposed the
Advanced Encryption Standard, the replacement of the now outdated
DES. Previously, DES was used by U.S. Government organizations to
protect sensitive (unclassified) information. Rijndael will be
formally proposed for incorporation in a new Draft Federal
Information Processing Standard (FIPS) for public review and comment.
Thereafter, the standard - revised, if appropriate - will be proposed to the
Secretary  of Commerce for adoption as an official Government standard.

More information is available at:
http://csrc.nist.gov/encryption/aes/

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
ANTI-"SPYWARE" BILL BEFORE CONGRESS

Senator John Edwards has introduced S. 3180, a bill that would
prohibit the Spyware Control and Privacy Protection Act of 2000. The
bill would require software that collects and transmits information
about its users to third parties to provide notice of the fact, a
description of the data collected and instructions on how to disable
the transmission of data without affecting the function of the
software. The bill would require the user give affirmative consent
before such data was transmitted. A private right of action for
damages of $2500 per incident or the actual damages would be
provided. This bill would exempt software that lawfully transmits
data within the scope of employment

The bill has been referred to the Committee on Commerce, Science,
and Transportation.

More information on S. 3180 is available at:
http://thomas.loc.gov/cgi-bin/bdquery/z?d106:s.03180:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
MICROSOFT CRACKED; SOURCE CODE EXPOSED

Evidence that Microsoft's servers were exposed to a self-replicating
trojan called QAZ was discovered on October 25. The evidence suggests
that the QAZ worm, which collects and forwards passwords it finds,
operated unchecked on Microsoft servers for three months. As a
consequence, the source code for some of Microsoft's upcoming
products was potentially exposed to downloading or tampering.
Microsoft officials claim that a close review of the exposed code
found no signs of tampering.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Washington Update is a biweekly publication of the U.S. Public Policy
Office of the Association for Computing. http://www.acm.org/usacm.