Just like corporations have come to assume rights like people under law, The Guardian reports Ecuadorians are facing a vote on whether to assign similar rights to natural-entities:

The South American republic of Ecuador will next week consider what many countries in the world would say is unthinkable. People will be asked to vote on Sunday on a new constitution that would give Ecuador’s tropical forests, islands, rivers and air similar legal rights to those normally granted to humans. If they vote yes – and polls show that 56% are for and only 23% are against – then an already approved bill of rights for nature will be introduced, and new laws will change the legal status of nature from being simply property to being a right-bearing entity.

Note, legal rights are granted to corporations as well and not just granted to humans. This appears to me the foundation for this action. Apparently the impact of pollution by multi-national corporations is such that Ecuador is looking for a way to offset and recoup the national security budget.

Just in case anyone is curious, here’s some background on the current battle in America over regulating privacy and identity information:

Schwarzenegger just vetoed AB 1656, the Consumer Data Protection Act. The bill passed by 34-3 in the Senate, and 74-1 in the Assembly. Here are his main arguments from the veto statement:

1. notification requirement too broad, which will cost business
2. too static, best practices change
3. distraction/confusing with more comprehensive industry standards
4. penalty laws already exist and should be modified if necessary, instead of replaced

Basically he said (again) the Payment Card Industry is ok self-regulating:

In a statement explaining his reasons for refusing to sign the bill last fall, Schwarzenegger in fact appeared to agree with such arguments. The bill – which was known as AB 779 in its previous incarnation – “attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers,” Schwarzenegger said.

The point of the bill was to give the public more pressure to coax payment card entities into compliance, especially retailers and merchants, but merchants argued it was too much in the favor of financial entities (true, and the reason consumer advocates liked it).

Incidentally, Avivah Litan at Gartner is completely 100% wrong on this and her quotes in the above article are awful.

It’s also a bad idea for states to legislate data security issues in the first place, according to Litan. “Governments should stay out of the security business,” she said.

No, no, no. I cringe when I read her analysis, and am happy to explain how/why, but I’ll leave it alone for now.

The Governor also vetoed SB 364, “Personal information: privacy” because “this bill could lead consumers to believe that all data breaches result in identity theft. Further, this would place an additional unnecessary cost on businesses without a corresponding consumer benefit”

On the other hand, following disclosure that Schwarzenegger and his wife had their personal health records exposed in a UCLA breach, the Governor signed new legislation issuing fines:

“Repeated violations of patient confidentiality are potentially harmful to Californians, which is why financial penalties are needed to ensure employees and facilities do not breach confidential medical information,” Schwarzenegger said in a statement.Assemblyman Dave Jones (D-Sacramento), the author of one of the bills, AB 211, emphasized that they protect all patients, not just famous ones. “Your private medical information shouldn’t be flapping in the breeze like an open hospital gown,” he said. The other measure, SB 541, was written by Sen. Elaine Alquist (D-Santa Clara).

Similarly, President Bush just signed the Identity Theft Enforcement and Restitution Act of 2008 into law, which allows courts to prosecute across state lines, lowers the bar for damages that can be used to bring charges (used to be $5K minimum), and aims restitution money more toward victims.

So in conclusion, the California Governor and American President have agreed to stronger penalties and fines in some cases but not others and they remain weak on detection and prevention guidance for public safety.

GovTrack.us provides some interesting details on H.R. 876: SAFE Act of 2007:

To modernize and expand the reporting requirements relating to child pornography, to expand cooperation in combating child pornography, and for other purposes.

Here are my thoughts, after reading the full text of the bill:

1. I have to give the usual disclaimer: I am not a lawyer and can not give legal advice so these are just my opinions.
2. This bill has only just been introduced. It has not even been to committee let alone a house vote yet, so it’s far from becoming law and subject to change.
3. The bill uses language like “as soon as reasonably possible, make a report of such facts or circumstances to the CyberTipline”. In other words, this bill affects “electronic communication service provider or a remote computing service provider” who become aware of child pornography, which seems hardly different than existing laws that already deal with aiding and abetting. Here are the two primary differences I see from current laws:

— Increased financial penalties for failure to report

— Detailed data retention language — “An electronic communication service provider or a remote computing service provider shall store any image and other information relating to the facts or circumstances of any incident reported under subsection (a)(1) for not less than 180 days after the date that the report is transmitted to the National Center for Missing and Exploited Children through the CyberTipline, or for such longer period of time as may be requested by a law enforcement agency.”

I think it would be better to set the retention requirement to “not less than 180 days after the date that the incident is discovered” rather than start after a report is transmitted.

4. The terms “electronic communication service provider or a remote computing service provider” are not defined. Would a home with free wifi count? Is a business like a hotel or hospital responsible, or would it fall on the shoulders of their upstream “provider”? What if there is a disclaimer on the wifi launch page? Not clear.