[Congressional Record Volume 146, Number 135 (Wednesday, October 25, 2000)]
[Extensions of Remarks]
[Pages E1906-E1907]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




               COMPUTER SECURITY ENHANCEMENT ACT OF 2000

                                 ______
                                 

                               speech of

                          HON. JOHN D. DINGELL

                              of michigan

                    in the house of representatives

                       Tuesday, October 24, 2000

  Mr. DINGELL. Mr. Speaker, H.R. 2413, the Computer Security 
Enhancement Act of 2000, contains modest but important changes to the 
legislation as it was reported by the Committee on Science. These 
changes to section 12 and other provisions of the bill were made at the 
request of the Committee on Commerce, and, as a result of their 
adoption, I have no objection to this bill. I want to thank and commend 
the Chairman and Ranking Member of the Science Committee, 
Representative Bart Gordon, and their staffs, for their courtesy and 
cooperation in this matter.
  The changes made clear that, as in the case of the Electronic 
Signatures Act that recently became law, the Federal Government will 
not establish a one-size-fits-all standard for electronic 
authentication technology that must be used by government agencies and 
those entities that report to them. Federal agencies and their 
committees of proper, legislative jurisdiction must be unconstrained in 
their ability to see that electronic authentication technologies that 
best serve their statutory and regulatory purposes are adopted. As a 
result, this legislation only asks that the National Institute of 
Standards and Technology (NIST) serve as a resource for federal 
agencies on electronic authentication technologies, and any guidelines 
and standards NIST develops are to be both advisory and, very 
importantly, technology-neutral.

[[Page E1907]]

  In fact, a provision of the bill as it was reported by the Science 
Committee would have required NIST to report to Congress within 18 
months after enactment, evaluating the extent to which electronic 
authentication technology being used by federal agencies conforms to 
NIST standards. That provision of the Committee-reported bill as been 
deleted. Instead, NIST is only asked to report to Congress concerning 
progress federal agencies made and problems they encounter in 
implementing electronic authentication technologies. In addition, a new 
provision of the bill provides that a study on electronic 
authentication technologies to be completed by the National Research 
Council of the National Academy of Sciences may not recommend any 
single technology for use by government agencies.
  Mr. Speaker, I think that the Science Committee has focused attention 
on an important issue, and I thank them for their hard work. I have no 
objection to suspending the rules and passing this legislation.

                          ____________________