Split personalities have long been a staple of stories that hope to thrill or frighten us. From Dr. Jekyll and Mr. Hyde to the dual-personality character in the television show "Heroes," the fact that one is never quite sure what one of these people is going to do keeps the suspense building.
Of course, contradictory split personalities arent limited to the pages of books or to television shows—you can easily find them in the real world. In fact, one particularly intriguing form of schizophrenic behavior is taking place in the halls of the U.S. Congress right now.
One side of the Congress—lets call it the Jekyll side—has decided that the U.S. government must respond to all of the recent examples of careless corporate behavior that have led to loss of customer privacy, exposure to credit card fraud and even identity theft.
A recently introduced bill called the Personal Data Privacy And Security Act Of 2007, co-sponsored by Sens. Patrick Leahy (D-Vt.) and Bernie Sanders (I-Vt.), is designed to provide prompt notification to victims when data breaches occur and to stop the lack of security and accountability that makes privacy and data losses so common.
The bill could be a lot stronger, but it could also go a long way toward making it a little less attractive to haphazardly store and share customer data. The bill also would make it illegal to try and hide the fact that a data breach has occurred.
So, all right! The U.S. Congress cares about our privacy and wants to do something to protect it!
Uh, wait a second. Something strange is going on here. Suddenly, the Congress looks a whole lot more menacing. I dont think it cares about privacy one bit.
Yep, here comes the Mr. Hyde side of the U.S. Congress: Another bill reintroduces Rep. Lamar Smiths (R-Texas) SAFETY Act. (SAFETY is a kind of winding acronym that stands for The Internet Stopping Adults Facilitating the Exploitation of Todays Youth.)
So what does this act do? It essentially demands that ISPs and possibly every Web site (it isnt completely clear) store all of the data of Internet users just in case the government wants the data to look for evil-doers.
A lot of the details would be left up to the U.S. Attorney General and law enforcement, but, basically, the bill could make it possible for the records of every Internet users to be held indefinitely.
Also, it looks like it would be possible to request this data even for civil legal actions, which opens up a lot of interesting cans of worms. (How would you like to have your enemies sifting through all of your Internet activity?) In short, this is just about the most privacy-unfriendly bill that anyone could possibly conceive of.
Now I know what youre thinking: The Personal Data Privacy And Security Act Of 2007 is a Democratic-backed bill, while the SAFETY Act is part of the Republicans new law-and-order agenda. But both of these bills have bipartisan backing. And, given most legislators poor understanding of technology issues, I could easily see members of Congress voting for both bills without seeing a hint of hypocrisy.
Dont believe me? Just a month before introducing his latest bill, Rep. Smith saw another bill he had sponsored signed into law—the Telephone Records and Privacy Protection Act of 2006, which protects phone records and makes pretexting illegal. Guess that was a Jekyll day for Rep. Smith.
So who will win out in this upcoming privacy thriller: Jekyll or Hyde? Well, last year, the SAFETY Act, which faces strong opposition from the major Internet and broadband companies, never made it to the floor for a vote.
Hopefully, history will repeat itself with the newest version of the bill. The privacy bill also is a repeat of past failed legislation, but, hopefully, the ongoing flood of data breach news will finally lead Congress to act.
And then, maybe Jekyll and Hyde can stay where they belong—in the pages of a Robert Louis Stevenson book.
Labs Director Jim Rapoza can be reached at firstname.lastname@example.org.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.