[Congressional Record Volume 148, Number 85 (Monday, June 24, 2002)]
[Senate]
[Pages S5948-S5949]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                            E-MAIL SECURITY

  Mr. HATCH. Madam President, I rise today to address the Senate on an 
increasingly important topic: the security of the Internet, and 
specifically, the security of the e-mail we send across the Internet.
  During my service on the Judiciary Committee I have held and attended 
a number of hearings on Internet oversight, and on the development of 
related legislation. Despite a thinning in the ranks of Internet 
focused companies, the Internet of course continues to become a more 
and more important part of our economic and personal lives.
  In the wake of the September 11th and anthrax attacks, much of our 
attention has been focused on national security issues. The 
interruptions in traditional communications systems like the phone and 
traditional mail systems underscore the wisdom of the founders of the 
Internet, which began as a Defense Department project to develop a 
communications system that would be flexible and decentralized enough 
to withstand attacks that might cripple other systems. Internet 
technology is continually changing, and we need to be aware of its 
capabilities as well as any signs of vulnerability that can be 
exploited by those bent on using Internet access to attack the 
integrity of communications or vital data. In particular, since the 
anthrax attacks the nation has come to rely even more heavily on e-
mail. There is no doubt that trust and confidence in e-mail, especially 
between businesses and consumers, is critical to the vital role such 
mail has played during recent months in keeping the channels of 
commerce and communication open despite blows to telephone service and 
traditional mail.
  Yet, the Internet is vulnerable in its own ways. The Internet itself 
can be used by terrorists as well as by those of good intentions. While 
e-mail cannot be used by criminals and terrorists to spread harmful 
biological or chemical agents, there are risks in the way most e-mail 
is generated and transmitted. We have all been familiar with the 
various viruses that have been sent via e-mail and affected many 
computer systems. Among some of the risks are loss of privacy through 
unauthorized access to e-mail in transit and through invasions of e-
mail host databases. Another technique is ``spoofing,'' in which 
messages are sent purporting to be from a trusted sender in order to 
deceive the recipient, especially individual consumers and other 
citizens. We are increasingly threatened by viruses and other malicious 
code that can be carried on e-mails and unwittingly activated by the 
recipient.
  We need to review industry's ongoing efforts to answer these 
challenges, and assess what individual consumers and policy makers can 
do. Some of these threats are familiar, others are just emerging. For 
example, by sending

[[Page S5949]]

messages with spoofed false send identities and misleading subject 
identifiers, hackers and unethical marketers can overcome the 
reluctance of even experienced e-mail recipients to open mail from 
unknown sources. As users are hurt or inconvenienced by falsified 
messages, their trust and confidence in the medium is damaged, and the 
usefulness of e-mail for all legitimate senders declines. We addressed 
some of these concerns in the PATRIOT Act last year, as we included a 
number of reforms to our computer fraud and abuse laws. It will be 
easier to investigate and prosecute unauthorized access to computer 
systems and to prevent cyberattack with these changes.
  America has deep strategic interests in advancing the Internet, and 
especially its most frequently used service: e-mail. I am hopeful that, 
and have read about, new technologies and practices that can help 
improve sender accountability for e-mail, empower recipients to screen 
e-mail by assuring them of its real sender, and deliver on the promise 
of greater privacy for personally identifiable data.
  It is important that we continue our efforts to keep our laws updated 
with new technologies and threats that could be posed using such new 
technologies. We should also take actions to motivate industry and the 
public where more needs to be done. Over the years, the public has come 
to value e-mail's convenience and speed, and to trust it as an 
alternative to the traditional postal envelope.

                          ____________________