Hidden away in the flood of bills recently introduced in the Oklahoma legislature are some remarkably good looking measures pertaining to technology, computers and the Internet. As is my habit, I have read every word of these bills and hereby offer the following assessments.
Senate Bill 712: introduced by Sen. James Williamson (R-Tulsa) as the “Anti-Caller ID Spoofing Act,” this bill seeks to stop shady telemarketers and con artists from continuing to use the technique known as “caller ID spoofing.” There are many websites that offer this “service,” whereby you can masquerade as someone else, and make a fake name and number appear on someone’s caller ID unit as a way of tricking them into answering their phone, or worse. This scam has also been used to exploit stolen credit card numbers, make bogus 911 calls, break into cell phone voicemail boxes, steal personal information and anonymously harass targeted individuals. However, law enforcement agencies are exempt, so the FBI can continue calling you while posing as your grandma. Still, I can’t find any real problems in the bill, and I think that it deserves support.
House Bill 1633: remember the massive “data breaches” of 2006? It seemed that every week another government agency or big corporation was in hot water for exposing the private information of millions of Americans to the world, contributing to identity theft, financial fraud and the theft of billions of dollars. Computers were almost always involved.
Many of these sloppy record keepers desperately sought to avoid public scrutiny and criticism by suppressing any evidence that there might be a problem, causing even further harm to their customers. Submitted by Rep. Charlie Joyner (R-Dist. 95), HB1633 intends to make the holders of private information more accountable by requiring them to make timely disclosure and notification to anyone whose private information has been compromised. This is a very good idea.
The bill has some problems, though. For instance, it exempts groups who leak private information, as long as that information is “encrypted,” or converted into a secret code that requires a password-like “key” to read. While data encryption is a wonderful thing, there are many widely used encryption schemes that can easily be cracked in minutes, as any high-school hacker can tell you. The bill needs to establish, at the very least, minimum encryption standards.
HB1633 also says that it’s OK if credit card and bank account numbers are leaked, as long as they are not accompanied by any security codes or passwords. This boneheaded clause should be eliminated. Strangely, the bill also exempts sloppy record keepers from providing customer notification if they, the sloppy record keepers, decide for themselves “that there is not a reasonable likelihood of harm to consumers.” Sounds a bit like the fox guarding the hen house. If Rep. Joyner can fix the problems with this bill, it will be worth supporting.
Finally, from Rep. Jason Murphey (R-Dist. 31) comes House Bill 1039, requiring that live “gavel-to-gavel” coverage of all House/Senate sessions and committee meetings be broadcast over the Internet, as well as public Supreme Court proceedings. I can’t find anything wrong with this bill. Way to go, Jason!