Our esteemed "leaders" in the U.S. Congress are vowing to enact new laws targeting data thieves, backup-tape burglars and other information-age miscreants. We should be worried, according to Declan McCullagh, Chief political correspondent at CNET.com.
A bill announced last week by Senators Arlen Specter, R-Penn., and Patrick Leahy, D-Vt., goes far beyond reasonable data security precautions. It amounts to a crackdown on individuals, bloggers and legitimate e-mail list moderators.
Anyone who runs a Web site with registered users should be concerned. The Specter-Leahy bill says that if a site's list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone. Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years.
That's remarkable but not as extreme as the second requirement: The Web master or mailing list operator might have to "cover the cost" of 12 monthly credit reports of each person whose e-mail addresses was lost or purloined. For a popular site with 10,000 registered users, that would be a princely sum. If monthly credit reports cost $15 a person, that's $1.8 million over a year.
You can read the full story here.
James Maule, who maintains the Maule family genealogy site, worries he might be at risk of hefty fines. Maule, a law professor at Villanova University, says he hasn't found an exception in the bill to let his genealogy database off the hook: "I have more than 10,000 names, of whom many are dead." A quick check with a calculator shows his exposure to be more than $150,000, a bit high for a family genealogy site. Many other genealogy sites will incur far higher risks.
For the mailing lists on RootsWeb.com, such a penalty could run to billions of dollars as well as possible jail time. It is not clear if this would be charged to the owners of RootsWeb or to the individual mailing list moderators.
There is something wrong with the logic of punishing those who own or warehouse the data. Let's compare this proposed law to a case of burglary of a small store. According to the logic used by Senators Specter and Leahy, in the case of breaking and entering in a store, the store owner should be fined for allowing the burglary to happen.
What ever happened to the idea of punishing the guilty, those who STEAL the data?
Perhaps it is time to let the helium out of these elected officials.