Legislation urged to protect corporate data, theft of e-mail addresses

Computerworld - WASHINGTON -- A congressional subcommittee exploring the need for new cybercrime legislation was urged today by private-sector officials to back laws protecting the confidentiality of security data shared with the government and to prohibit the "harvesting" of e-mail addresses from Web sites by spammers.

"We are constantly subjected to individuals who come to our site, steal our addresses and then use those e-mail addresses to send illegal spam," said Robert Chesnut, a vice president at online auction site eBay Inc. in San Jose, at a hearing before the House Judiciary Committee's Subcommittee on Crime.

Chesnut said e-mail harvesters are using automated tools to gather e-mail addresses. Calling the activity a "parasitic process" that undermines public confidence in e-commerce, Chesnut urged the committee to outlaw the bulk harvesting of e-mail addresses for the purpose of sending spam. EBay has more than 29 million registered users.

In other testimony, trade group officials said legislation is needed to keep corporate security data that's shared with government agencies from becoming public under the Freedom of Information Act (FOIA).

"Companies worry that if information sharing with the government really becomes a two-way street, FOIA requests for information they have provided to an agency could prove embarrassing or costly," said Harris Miller, president of the Information Technology Association of America, an industry trade group in Arlington, Va.

Sen. Robert Bennett (R-Utah) is expected to introduce legislation before the August recess that would exempt corporate security data from public disclosure. In the House, U.S. Reps. Tom Davis (R-Va.) and James Moran (D-Va.), who co-sponsored similar legislation last year, are also expected to reintroduce the measure before the recess.

Today's hearing was the third and final hearing on cybercrime by the subcommittee, which is looking for legislative ideas on combating this new criminal activity, said U.S. Rep. Lamar Smith (R-Texas), the subcommittee chairman.

"We hope that these hearings will result in some legislation," said Smith. He noted that Congress hasn't updated many of its laws to reflect new technologies and methods of communications since the mid-1980s.

Earlier this week, the committee was urged by Michael Chertoff, a newly confirmed assistant attorney general at the U.S. Justice Department, to toughen penalties for some cybercrimes and to make changes in procedural regulations to clarify the laws used to trace telephone calls so that they can also be applied to e-mail and telephony (see story).

Chertoff, as well as the private-sector officials who testified today, said government must have adequate resources to combat cybercrime.

Underscoring legislative concerns by the private sector