Language Selection

English French German Italian Portuguese Spanish

Senate moves toward new data security rules

Filed under
Security

In a flurry of activity before Congress prepares to skip town for an August recess, three different congressional committees considered similar legislation at the same time on Thursday morning.

The Senate's Commerce Committee voted unanimously to accept a bill introduced earlier this month by Sen. Gordon Smith, R-Ore. It would give the Federal Trade Commission the power to create an information security program that provides "administrative, technical and physical safeguards," and set guidelines for notifying people threatened by a data security breach.

The committee adopted a package of about a dozen amendments, including a compromise suggested by Sen. Barbara Boxer, D-Calif., that would cut, from 90 days to 45 days, the maximum number of days a company has to notify individuals of a breach. But even those guidelines are just broad suggestions, Smith said. "As soon as they know, they need to notify."

Senators also voted to accept an amendment proposed by Sen. Bill Nelson, D-Fla.--which would prohibit the sale and display of Social Security numbers except in special circumstances--but indicated it might be tweaked before it is final. Also, the bill will not go to a floor vote until some of its provisions are negotiated with members of the Senate Banking Committee, said Sen. Ted Stevens, R-Alaska, who chairs the Commerce Committee.

Meanwhile, the Senate Judiciary Committee pushed back its plans Thursday to vote on a trio of personal data security bills.

The committee had been scheduled to vote on the lengthiest and most far-reaching proposal, titled the Personal Data Privacy and Security Act. Sen. Arlen Specter, R-Penn., and Sen. Patrick Leahy, D-Vt., introduced the measure in late June, shortly after MasterCard announced that an intruder may have pilfered information from 40 million credit card accounts.

At the same time on Thursday, a U.S. House of Representatives Energy and Commerce subcommittee convened a hearing about its own draft of data protection legislation.

Full Story.

More in Tux Machines

Mesa 10.3 release candidate 2

Mesa 10.3 release candidate 2 is now available for testing. The current plan of record is to have an additional release candidate each Friday until the 10.3 release on Friday, September 12th. The tag in the GIT repository for Mesa 10.3-rc2 is 'mesa-10.3-rc2'. I have verified that the tag is in the correct place in the tree. Mesa 10.3 release candidate 2 is available for download at ftp://freedesktop.org/pub/mesa/10.3/ Read more

Linux 3.17-rc3

I'm back to the usual Sunday release schedule, and -rc3 is out there now. As expected, it is larger than rc2, since people are clearly getting back from their Kernel Summit travels etc. But happily, it's not *much* larger than rc2 was, and there's nothing particularly odd going on, so I'm going to just ignore the whole "it's summer" argument, and hope that things are just going that well. Please don't prove me wrong, Linus Read more

Revisiting How We Put Together Linux Systems

Traditional Linux distributions are built around packaging systems like RPM or dpkg, and an organization model where upstream developers and downstream packagers are relatively clearly separated: an upstream developer writes code, and puts it somewhere online, in a tarball. A packager than grabs it and turns it into RPMs/DEBs. The user then grabs these RPMs/DEBs and installs them locally on the system. For a variety of uses this is a fantastic scheme: users have a large selection of readily packaged software available, in mostly uniform packaging, from a single source they can trust. In this scheme the distribution vets all software it packages, and as long as the user trusts the distribution all should be good. The distribution takes the responsibility of ensuring the software is not malicious, of timely fixing security problems and helping the user if something is wrong. Read more

See How Your Linux System Performs Against The Latest Intel/AMD CPUs

This holiday weekend (in the US) can be a great time to test your Linux system to see how it's performing against the latest AMD and Intel processors to see if it's time for a good upgrade. This weekend I'm working on many Linux CPU benchmarks for the upcoming Linux review of the Intel Core i7 5960X Haswell-E system (still waiting for Intel's review sample to arrive though...) and also have some other hardware in preparation for an unrelated launch that's happening next week from another vendor. I'm testing several different Intel/AMD CPUs from the latest desktop CPUs to the Extreme Edition models to some slightly older parts. Beyond the raw performance results are also the power consumption data and much more. Read more