Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2001 >  August 2001 >  Code Red warning could soon be a legal obligation in US

Code Red warning could soon be a legal obligation in US

OUT-LAW News, 01/08/2001

The feared disruption to internet services following the reawakening of the Code Red worm has so far failed to materialise, but the FBI warns it is still possible that the full effect of the worm may not be felt for a few days and the US Federal Trade Commission is calling for laws that force system administrators to protect against such known dangers.

The worm is a form of virus that self-replicates, without actually altering files and is designed to flood computer networks with data. It was timed to begin replicating itself overnight. Security experts had warned that it threatened to considerably slow down the operation of the internet. However, Ronald Dick, director of the FBI’s National Infrastructure Protection Center (NIPC) said:

“Currently all government and private sector watch centres are not reporting any unusual activity associated with the Code Red worm. While there is no activity now, it does not mean that the storm has passed.”

The low impact of the worm has been attributed to the actions of systems and network operators who have patched their systems to protect them. According to Microsoft, the patch it offered has been downloaded more than one million times.

Although there has been a positive public response to high profile warnings of the dangers posed by the worm, the FTC wants greater powers to force businesses to take heed of future warnings.

The FTC is seeking public comment on a proposed regulation that is in part intended to force businesses to protect against “any anticipated threats or hazards to the security or integrity” of customer information. These measures are aimed at financial institutions and are included in standards required under the country’s Gramm-Leach-Bliley Act. As of 1st July, 2001, this Act requires US financial institutions to notify customers about their privacy practices and allow consumers to "opt out" of having their non-public personal information disclosed to non-affiliated third parties.

The Act's security provisions require certain other federal agencies to establish standards for financial institutions relating to administrative, technical and physical safeguards for customer information. The objectives of these standards are to ensure the security and confidentiality of customer records and information, to protect against any anticipated threats or hazards to the security or integrity of such records and to protect against unauthorised access to, or use of, such records or information that could result in substantial harm or inconvenience to any customer. The standards could allow action to be taken against financial institutions that fail to take heed of security warnings such as that issued by the FBI for the Code Red worm.

See:

See also:

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.