Online Piracy Problem Tops Congressional To-Do ListWhen the new Congress convened earlier this month, lawmakers put protection of digital copyrights on a fast track, all but ensuring that a bill protecting intellectual property on the Internet will be enacted in 2003. That software, as well as online music, video and books, needs protection against piracy isn\u2019t a contentious issue, but CIOs should beware of the enforcement methods the proposed legislation would permit. No proposal illustrates the need for caution better than Rep. Howard Berman\u2019s (D-Calif.) controversial Peer-to-Peer Piracy Act, which the libertarian Cato Institute\u2019s Wayne Crews calls "the bill that would let studios hack into systems."According to Berman\u2019s spokeswoman, Jean Smith, there is a lot of misinformation surrounding the bill, which the Los Angeles representative?whose district includes Hollywood?plans to introduce early this year. The basic premise is clear enough: Berman says that copyright holders should have the right to stop the unauthorized distribution of their material. And he would allow copyright holders to infiltrate a pirate\u2019s network to do it. So if one of your company\u2019s employees is trading MP3s at lunchtime, Berman\u2019s bill would allow the record company to "stop" it without a judge\u2019s permission and without having to cover any damage that the record company may cause your systems. However, the bill doesn\u2019t say how. Smith says the bill is deliberately vague on this point because the technology is "constantly changing."This vagueness worries security experts, who note that the bill specifically allows denial-of-service attacks that could disrupt the whole Internet?not just the alleged pirate\u2019s network. Gigi Sohn, president of Public Knowledge, a Washington D.C.-based public interest group, was the lone opponent of the proposal invited to testify before the House Judiciary Subcommittee on the Courts, the Internet and Intellectual Property last September. She says that the bill would harm legitimate uses of peer-to-peer networks in an effort to curtail illegitimate ones.Fortunately, Berman is open to compromise. Smith says Berman doesn\u2019t want copyright protection to come at the expense of corporate network privacy and security. And he wants feedback from CIOs on how to accomplish both. To make your voice heard, contact Berman at 202 225-4695 or firstname.lastname@example.org.Also on the agenda: Identity theft has become a hot topic following the arrests in November of three people who allegedly sold the credit card information of 30,000 unwitting consumers. Watch for a bill by Rep. George W. Gekas (R-Pa.) proposing that anyone who illegally possesses or uses another person\u2019s means of identification would get two to five years in prison. Expect a hearing before the House of Representative\u2019s Subcommittee on Crime, Terrorism and Homeland Security early this year. The Senate Judiciary Committee approved a similar bill by Sen. Dianne Feinstein (D-Calif.) last fall.\n-Ben Worthen and Julie HansonGuides Advise Companies How to Secure Information SystemsThe National Institute of Standards and Technology (NIST) and the Organization for Economic Cooperation and Development (OECD) have each issued guidelines for information security designed to help a range of computer users, including corporations. NIST\u2019s guidelines for certifying the security of federal IT systems, available at www.nist.gov, describe how to evaluate the security of your computer systems and suggest ways to prioritize security controls for data confidentiality, integrity and availability. While NIST designed these guidelines to be used by the federal government, the agency says they are applicable to other industries as well.Meanwhile, OECD has issued nine security guidelines that it is asking government, industry and PC users to follow. The guidelines, available at www.oecd.org, update decade-old security prescriptions and suggest that all businesses factor security into the design and use of their systems and networks. \n-J.H.