This report proposes a `Consumer Protection Act for Digital Products' to support electronic commerce and to control the increasing abuse and lack of security on the national information highways. Patterned after the `Food and Drug Act of 1906 (21 USC)' and subsequent legislation, a new agency similar to that of the FDA would have the authority `to develop administrative policy with regard to the safety, effectiveness, and labeling of digital products and their communications for human use, and to review and evaluate new applications of such products.' Specifically, it is proposed that standards, originally developed by the defense industry for the labeling, enveloping, and authentication of digital products delivered to the Government, be extended to promote global electronic commerce by protecting the intellectual property rights of producers, establishing their liability for the end-use of digital products, and give consumers means for informed decision making and purchase.
KEYWORDS: Telecommunications, Standards development, Data communications, Computer security, Intellectual property, Control systems, Defense and security, Process control
New federal standards for the protection of sensitive data now make it possible to ensure the authenticity, integrity and confidentiality of digital products, and non-repudiation of digital telecommunications.
Under review and comment since 1991, the new Federal standards were confirmed this year and provide standard means for the protection of voice and data communications from accidental and wilful abuse. The standards are initially tailored to protect only ‘sensitive-but-unclassified’ (SBU) data in compliance with the Computer Security Act of 1987. These data represent the majority of transactions in electronic commerce, including sensitive procurement information, trade secrets, financial data, product definitions, and company-proprietary information classified as ‘intellectual property.’ Harmonization of the new standards with international requirements is in progress.
In the United States, the confirmation of the basic standards marks the beginning of a long-range program to assure discretionary and mandatory access controls to digital resources. Upwards compatibility into the classified domain with multi-level security is a core requirement of the National Information Infrastructure.
In this report we review the powerful capabilities of standard Public-Key-Cryptology, the availability of commercial and Federal products for data protection, and make recommendations for their cost-effective use to assure reliable telecommunications and process controls.
Proceedings Volume Editor (1)
This will count as one of your downloads.
You will have access to both the presentation and article (if available).
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.