E-Commerce Law Week, Issue 362

Congress Moves to Extend Expiring Patriot Act Provisions
The big showdown over renewing the USA PATRIOT Act (Patriot Act) is looking less climactic all the time.  With four committees having weighed in, at least to some degree, 14 of the 16 sunsetting provisions look safe.  Only two sections are in play -- section 206, allowing "roving" wiretaps, and section 215, expanding law enforcement access to business records (the so-called "libraries provision").  And even as to these provisions, the principal changes that Congress is considering are so modest that the Justice Department is likely to embrace them.  So the whole Sturm und Drang over the Patriot Act could mostly boil down to how much new reporting will be required when law enforcement uses its authority under the Patriot Act, whether a few sections will be made permanent or simply extended for another 4 to 10 years, and a significant expansion of the FBI's administrative subpoena authority proposed by the Senate Intelligence Committee's version of the bill.

Europe Plans the Internet, With Frontiers
There is a curious earnestness to many of the bureaucrats at the European Commission (EC) -- they really believe in regulation (in a way that is seldom equaled among even the most zealous bureaucrats in Washington, DC).  Just a month ago the EC announced "i2010: European Information Society" -- "a comprehensive strategy for modernising and deploying all EU policy instruments to encourage the development of the digital economy".  Some observers might have assumed that this strategy would mean giving flexibility to Internet business.  But in Brussels, regulation is the biggest business, and the EC proved last week that they mean business when it comes to Internet regulations, with a sweeping proposal to regulate Internet content. 

On July 13, the EC released five “issue papers” as part of a broader plan to revise the EU’s 1989 “Television without Frontiers” (TVWF) Directive (89/552), which established the regulatory framework for television.  The five papers set out the EC’s preliminary conclusions on new rules for audiovisual content.  If brought to fruition, the plans could lead to regulation of video-on-demand and web-based video services with regard to, among other things, the protection of minors, the “right of reply," and the identification of commercial communications.  The EC’s final conclusions on updating the TVWF Directive are set to be released by the end of 2005.

NIST Proposes Minimum Security Requirements For Federal Agencies and Contractors
As legislators, regulators, and plaintiffs seek to determine responsibility for the very public recent spate of data security breaches and network vulnerabilities, the million-dollar question becomes:  What is the standard for reasonable security?  On July 15, the National Institute of Standards and Technology (NIST) sought to answer that question for the public sector by proposing minimum security standards for the information systems that federal agencies use.  Many of these standards include security requirements that would flow-through to private-sector government contractors, since one of NIST's requirements is that federal agencies "ensure that third-party providers employ adequate security measures."  Such providers may find that the best way to demonstrate their "adequate security measures" is to adopt the NIST standards themselves.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.