By Rachel Chalmers
Legislators and bureaucrats in the US capitol are moving to regulate children’s internet privacy and commercial email, and to clarify recent changes to encryption export laws. After publishing a draft of its guidelines in April, the US Federal Trade Commission has finalized the rules that implement the Children’s Online Privacy Protection Act of 1998 (COPPA). The main goal of the Act is to protect the privacy of children using the internet. In the past, such children have been the targets of unscrupulous marketers – and others – who extract personally identifying information from them without their parents’ knowledge or consent. As of April 21, 2000, it will be illegal for commercial web sites to do so. These sites will be required to provide notice on their web sites and to parents about their policies on the collection, use and disclosure of information about children, and will have to demonstrate verifiable parental approval before going ahead with such collection. Sites can demonstrate parental consent through postal mail or fax, use of a credit card or toll-free telephone number, digital signature or email with PIN or password. Only a few sites are exempt from the new rule; they include operators who respond to one-time requests for homework help. The FTC voted 4-0 to adopt the final regulations.
While last year’s laws are still in the process of being implemented, new legislation may protect home computer users from having to receive unwanted junk email. Proposed by US representatives Heather Wilson and Gene Green, the Unsolicited Electronic Mail Act of 1999 would require commercial email to have valid return addresses and to honor requests for removal from distribution lists. Subsequent email from the same sender would entitle the recipient to sue the offender in a local court or to call down the wrath of the Federal Communications Commission (FCC) upon their head. Internet service providers (ISPs) would be entitled to prohibit the transmission of spam to their subscribers without compensation. ISPs would also have recourse to the local courts and the FCC for enforcement. Finally, the Wilson bill would create a national email opt-out list, corresponding to the Post Office’s direct mail opt-out list. The US House of Representatives will now consider the bill.
Finally, the US government has asked the Ninth Circuit court to delay the oral argument date in its case against University of Illinois professor Daniel Bernstein. The date has been set for December 16 1999, but the Clinton administration intends to issue revised regulations governing the export of encryption software on December 15. While it admits that the revised regulations won’t materially change the treatment of software source code, the government told the court that the revisions could possibly have implications for the Bernstein case. Bernstein has been trying to publish his encryption software, Snuffle, on his web site since 1992. In May 1999, a panel of three judges from the Ninth Circuit found that his source code is constitutionally protected speech. The Department of Justice asked the full panel of eleven judges to reconsider. The court consented and set the December date. Bernstein has declared his intention to oppose to this latest in a long series of delays on the grounds that the possible implications of the revisions are a pretty thin excuse.
