Congress faces a relatively brief session this year, with the autumn election portending a timely adjournment, but several IT issues will demand lawmakers attention. The top contenders will be cyber-security, Internet taxes and spyware.
To the relief of many in the IT industry, the private sector appears to be sidestepping an attempt to legislate network security audit reports. Last year, Rep. Adam Putnam, R-Fla., floated the idea of requiring publicly traded companies to file security audit reports, much like they filed reports on Y2K efforts. Putnams primary concern was that senior managers and corporate boards were not sufficiently accountable for information security.
In November, Putnam asked representatives from several industry sectors, including IT, manufacturing, financial services and telecommunications, to present alternative plans for addressing the vulnerabilities in corporate networks. One plan under development would approach the problem from the perspective of a “security stack,” according to Steve DelBianco, vice president at the Association for Competitive Technology, in Washington.
“Forcing reporting [requirements] upon a company at one layer we do not believe would be constructive,” DelBianco said. “We have only begun to formulate the stack concept.”
Next month, ACT, working with VeriSign Inc. and other companies, will launch a security stack concept on Capitol Hill, DelBianco said, adding that he was not aware of any other alternatives that have gained lawmakers interest.
Much of the industry is also concerned about unintended consequences of legislation drafted to curb spyware. The SPI (Safeguard Against Privacy Invasions) Act, authored last year by Rep. Mary Bono, R-Calif., is undergoing revisions, and sources said a hearing is likely within the next month. Many in the IT industry worry that the legislation could implicate automatic software updates, such as anti-virus updates and operating system updates.
Having missed its deadline by many months, the Senate is preparing to address the Internet access tax moratorium, which expired in October. Stymied last year by state efforts to ensure that the moratorium wouldnt become a permanent ban or grow to include such services as DSL (which is taxed in some states), the issue is expected to come up for a vote in the Senate next month, sources said.
Meanwhile, industry representatives are preparing a recommendation on improving private network security to deliver to Putnam March 3, said Bob Dix, majority staff director for the House subcommittee on technology and information policy. Putnam wants to review options for market and government incentives to promote voluntary best practices, Dix said. Such incentives might include tax credits or liability limits for those who adopt best practices.
“Were trying to move the ball up the field with a set of action steps that can … address some of the vulnerabilities,” Dix said in Washington.