Why Specter-Leahy "data security" bill should alarm bloggers, list operators
Declan McCullagh writes over on his PoliTech Blog:
Here's more background on the Specter-Leahy data security bill. The last two messages in this thread are a mini-debate I had with Lauren Weinstein.
I neglected to add that in the event of a Politech email address breach, I'd be required to "offer" to "cover the cost of" monthly access to a credit report for each U.S. subscriber one year and also pick up the tab for "credit-monitoring services" for one year.
That seems to be around $15 a month per person, or $300,000 a month if I had 20,000 subscribers (or a blogger had 20,000 registered users). Extend that to the one year requirement and it would cost me $3.6 million.
Does anyone think that Politech would continue to operate given that kind of liability? I mean, I think the list is reasonably secure from someone snagging the email addresses of subscribers, but I'm not willing to be completely bankrupted if I'm wrong.
EPIC today posted a message on its web site applauding the Specter-Leahy bill -- but I wonder if the person who wrote that notice read the bill carefully enough to realize it applies to non-profit groups.
If we assume EPIC has 50,000 subscribers to its EPIC Alert mailing list, and my $15-a-month figure is correct, an email security breach could cost them $9 million. EPIC is engaged in interstate commerce (its Alert serves in large part to sell books for $20-$40 each) and it "stores" e-mail addresses of its users, so the definitions would seem to fit. (If growing marijuana for your own use is interstate commerce, selling books across state lines would be.)
I'd like to invite my friends from EPIC to reply. As fans of the bill, it seems that they have two obvious choices:
1. Argue that there's no way any state prosecutor could ever apply the bill to them under any circumstances.
2. Say that even though it does, such Draconian provisions still are necessary: Privacy must be protected at all costs! Even if it means censoring discussion groups and blogs devoted to privacy, that is.
-Declan
0 Comments:
Post a Comment
<< Home