CXO

Redundant rules, rushed votes, and bad policy

Let's discuss the SAFE Act of 2007, just in case you didn't have enough reasons to feel disgust with your representatives in Congress.

In December 2007, two members of the House of Representatives — Georgia Republican Paul Broun and Texas Republican Ron Paul — voted against the Securing Adolescents From Exploitation-online Act, or SAFE Act. Meanwhile, 409 other Representatives voted for it.

The meat of the SAFE Act would require anyone maintaining an open wireless access point to report "illegal" images, including "obscene" cartoons. Failure to do so is punishable by a $300,000 fine, while reporting someone would immunize the service provider against lawsuits and prosecution. Airports, coffee shops, hotels, individuals, libraries, and even some government agencies would be subject to that rule.

The bill was rushed through the House using tactics reminiscent of the Republican Presidential administration at the time. It went to a vote without a single committee vote or hearing, and was not available for public review.

Consider the implications of this for a moment. This means that a significant percentage of anime must be reported to a crime tip line if a service provider happens to notice that a user is looking at it — and, if the service provider doesn't report it, a $300,000 fine may be assessed. Line art drawings of minors, fully clothed but in "lascivious" poses, are covered. Consider also that, according to the text of the bill, this covers email providers as well, and that service providers are required to retain all account and traffic data for anyone reported for viewing such images.

Data retention is a big concern for commercial service providers, including coffee shops. This kind of reporting of dubious "evidence" of child pornography is a big concern for free speech and privacy advocates, and the carrot-and-stick approach to ensuring compliance seems likely to motivate service providers to go to greater lengths to spy on users — particularly service providers that might perform deep packet inspection, and thus already inclined to pry into their users' online activities.

Since US Code Title 42, Section 13032 already provides for "Reporting of child pornography by electronic communication service providers", it's puzzling that House Democrats were so insistent on rushing a redundant bill through a vote, and that all but two Republicans went along with it.

As I mentioned in 5 IT security pet peeves, I find it disturbing that people who know nothing about IT security have godlike power over matters of IT security policy. The passage of this bill in the House of Representatives, in 2007, doesn't relieve that concern one bit, and the language of the bill is clearly fraught with peril.

This isn't exactly news, of course. Not only is it more than a year and a half old, but it should come as no surprise that Congress is full of people who don't think about what they're doing when they make decisions that affect the lives of hundreds of millions of US citizens on a daily basis. In fact, it never became law. It is, however, a cautionary tale, and I hope it encourages some information technology decision makers (and maybe even a politician or two) to think things through a bit in the future.

About Chad Perrin

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks

Free Newsletters, In your Inbox