Work in Progress – Request for Comments

This document is a draft version of the SECURE Act (Safe Electronic Communication and User Rights Enforcement) proposal. It is being actively refined and expanded based on public feedback and expert consultation.

We invite lawmakers, civil liberties advocates, technologists, developers, and concerned citizens to review the proposal and share their suggestions, corrections, or concerns.

💬 Comment 📄 Save as Word Doc ❌ Remove Me

Please share this proposal with others who care about digital rights:

Facebook X LinkedIn Reddit WhatsApp Instagram Threads Email
🤝 Join Our Coalition for Digital Rights

The SECURE Act: Reclaiming Our Digital Communications

We are seeking support for the SECURE Act (Safe Electronic Communication and User Rights Enforcement), a proposal to bring our digital communications infrastructure under appropriate regulatory oversight. Today's tech giants have gained unprecedented control over how we connect, communicate, and share information, creating a digital landscape that prioritizes profit over privacy and corporate interests over public good.

By establishing the U.S. Postmaster as the regulatory authority for digital communications—similar to the historical regulation of postal mail and telephone services—we can restore crucial protections for privacy, security, and freedom of expression while fostering innovation through open standards. The SECURE Act would establish clear rules for email, social media, and other digital platforms, ensuring that these essential services operate in the public interest rather than solely for corporate gain.

We invite lawmakers, technology experts, civil liberties advocates, and concerned citizens to join us in supporting this critical initiative to reclaim our digital future.

Note: While the SECURE Act assigns administrative oversight to the U.S. Postmaster General, it does not place digital communications under the operational control of the U.S. Postal Service (USPS). Instead, the Act proposes the creation of a new, independent watchdog agency—separate from USPS—that reports to the Postmaster General as a symbol of public trust and civic communication stewardship. This structure honors the historic role of the Postmaster in protecting national communications, while establishing a modern regulatory body purpose-built for the digital age.

Why the Postmaster, not the FCC?
The SECURE Act proposes the creation of a new, independent agency reporting to the U.S. Postmaster General—not the FCC—because modern digital communications are more aligned with the historical mission of the postal system than with traditional broadcast regulation.

The term “post” remains central to how we communicate online: we post emails, post messages, and post content to social networks. Like letters and parcels, these messages are addressed, transmitted, received, and often expected to be private or secure. That makes the Postmaster’s legacy—ensuring the trustworthy delivery of protected civic communication—a more natural institutional anchor than the FCC, whose authority centers on spectrum allocation and one-way broadcasting models.

The new digital watchdog agency will operate independently of the USPS, but under the civic-minded umbrella of the Postmaster’s historical mandate: to safeguard the public’s right to communicate freely, privately, and reliably. This structure is intended to draw on constitutional precedent while addressing the unique challenges of the internet age.

Protection from Both Corporate and Government Overreach

The SECURE Act stands as a critical safeguard for citizens against both corporate exploitation and government surveillance. Unlike current systems where private companies collect and mine our data with minimal oversight, the Act establishes stringent privacy protections including mandatory end-to-end encryption and strict data minimization principles. Most importantly, Section XVIII specifically protects against government overreach by requiring warrants for any access to digital communications, prohibiting bulk data collection and mass surveillance programs, banning secret court orders like National Security Letters, and forbidding the creation of backdoors in encryption systems.

The Act mandates transparency reports on all government data requests and establishes an independent oversight board to review surveillance activities. By requiring notification to users whose data has been accessed by authorities and implementing severe penalties for officials who abuse their power, the SECURE Act creates a comprehensive shield that protects citizens' digital communications from both corporate exploitation and unconstitutional government intrusion. This balanced approach ensures national security needs can be met while fully respecting and preserving individual privacy rights and civil liberties.

Safe Electronic Communication and User Rights Enforcement Act

Overview

This proposal endorses the U.S. Postmaster taking responsibility for the delivery of all digital communications through a regulated delivery system. The system would regulate email and other communications, including social media, with safeguards for privacy, security, right to delivery, freedom from censorship, right to removal, and fair practices that incentivize innovation.

The Post Office was created in 1775 (over 250 years ago), one year before the Declaration of Independence was signed. The Second Continental Congress appointed Benjamin Franklin as the first Postmaster General of the United States Post Office. In 1792, President George Washington signed the Postal Service Act, which formally created the Post Office Department and laid the groundwork for the modern postal system.

The Founding Fathers recognized the critical importance of secure and dependable communications for the fledgling democracy. A robust communication system was essential for fostering national unity, facilitating democratic participation, and ensuring the effective governance of a geographically expansive nation. The confidentiality of correspondence, exemplified by the encrypted letters exchanged among early leaders like James Madison and Thomas Jefferson, played a crucial role in the formation of the U.S. federal government. They realized the enduring need for protected communications in a democracy, as they enable the free exchange of ideas, protect individual privacy, and safeguard against potential threats to the nation's security and stability.

The Bell System was the monopoly that provided telephone services to most of the United States from 1877 to 1984. It began being regulated by the Communications Act of 1934. It operated under the FCC and had universal service requirements. It provided essential services like 411 directory assistance. Operators were available to help connect people and complete calls. Phone books were printed and sent universally so contact info was public info. Privacy could be obtained by unlisting yourself. These responsibilities were mandated by the Communications Act of 1934 and subsequent FCC regulations.

The Bell System's dominance extended beyond telephone services into local commerce. The Yellow Pages directories, born from the Bell/AT&T monopoly, evolved from early city directories into powerful local search tools. This monopoly effectively controlled local advertising—businesses were forced to purchase listings simply to be discoverable by customers. The model persisted for decades until digital search engines and the internet disrupted it, eventually rendering print directories obsolete despite efforts to digitize. The pattern is instructive: essential communication infrastructure, left unregulated in private hands, inevitably becomes a tollbooth on commerce and civic participation.

Today's communications have shifted from regulated public utilities to a tech oligopoly. The current digital gatekeepers face little oversight. Giant corporations like Microsoft (Outlook, LinkedIn), Google, Meta (Facebook/Instagram/WhatsApp), Amazon, AOL/Yahoo, and Apple now control our communications infrastructure, wielding unprecedented power over how we connect. These companies filter our messages, harvest our personal data, and commercialize our relationships with minimal transparency in any way that suits them. They run all our data through machine learning algorithms to find patterns to exploit.

Email is also unreliable for sensitive use. HIPAA does not prohibit email outright, but it requires safeguards—encryption, access controls, and Business Associate Agreements—that ordinary email doesn't provide out of the box, which is why so many healthcare systems had to build costly workarounds.

Despite being a fundamental communication tool, email is plagued by numerous inherent flaws that compromise its effectiveness and security. The system suffers from vulnerability to phishing attacks and malware, lacks reliable encryption, and provides no guaranteed proof of delivery or receipt. Users constantly battle with inbox overload, spam, and storage limitations, while attempting to manage unwieldy email chains and attachment version control. Email can't handle large attachments despite our increasing need to share files. It's a mess.

Imagine:

Junk mail false positives are rising due to recent increased security poorly implemented. It's getting worse. The major email providers changed the way they determine deliverability and it's based on nebulous information that is not at all transparent.

This shift from public infrastructure to private control of essential communications - without the consumer protections or universal service requirements that historically existed - represents a profound risk to privacy, democracy, and social cohesion.

This proposal also endorses regulation of cloud platforms. The Internet was invented as a public, vastly distributed network and now Amazon (via AWS) and Microsoft (via Azure) together command a dominant share of the cloud-infrastructure market that the modern web runs on. That is staggering considering the fact that many Americans think of Amazon as a retailer and don't have much awareness of its dominant cloud computing division, AWS.

Key Features

  1. Regulated Delivery System: Overseen by the U.S. Postmaster
  2. Scope: Covers email, social media, and other electronic communications
  3. Transparent Regulations: Federally enforced guidelines for communication delivery

Payment Structure

Safeguards

Expected Outcomes


The SECURE Act — Safe Electronic Communication and User Rights Enforcement

This proposal aims to address current issues with Big Tech's control over communication channels and personal data, bringing these critical services under more stringent regulation similar to traditional mail services.


I. Purpose and Scope

The SECURE Act aims to establish comprehensive federal guidelines for regulating digital communications, including email, instant messaging, and social media platforms. It creates a regulatory framework under the authority of the Postmaster General to promote efficient, secure, and fair practices in digital communications while prioritizing user privacy, enhancing user protection and experience, and ensuring open access to communication systems.

II. Definitions

This section will define key terms such as digital communication, email, instant messaging, social media, bulk sending, digital communication provider, personal data, privacy breach, data minimization, API, and interoperability.

III. Authority and Administration

The Postmaster General is proposed as the administering authority for overseeing digital communication regulations, subject to enabling legislation. A new, independent Digital Communications Division shall be established under the authority of the Postmaster General—operating separately from USPS mail operations—to administer the SECURE Act, with a dedicated Privacy Office to oversee all privacy-related matters and an API Standards Office to manage open communication systems requirements.

IV. Privacy Protection and Data Security

This section establishes comprehensive privacy protection measures for all digital communication platforms:

V. Regulation of Digital Communication Platforms

A. Email Services

B. Instant Messaging Platforms

C. Social Media Platforms

D. Streaming Services

E. Smart Home Products and IoT Devices

F. TV Operating Systems

G. Cloud Computing Services

H. News Organizations and Media Outlets

  • Archiving

  • Diversity in Reporting

  • Transparency in Funding

  • Data Journalism

  • VI. Passwordless Authentication Standards

    To ensure secure, consistent, and user-friendly authentication across all digital communication platforms, providers must implement standardized passwordless authentication systems. This requirement supports the Act's goals of enhanced security, improved user experience, and reduced vulnerability to common attack vectors such as phishing and credential stuffing.

    The shift toward biometric authentication represents a fundamental advancement in digital security. Biometric identifiers - including fingerprints, facial recognition, iris scans, and voice patterns - offer unique advantages over traditional passwords. These biological markers cannot be forgotten, are extremely difficult to duplicate, and provide a more natural and efficient user experience. However, their implementation requires careful consideration of privacy implications and secure storage practices. Unlike passwords, biometric data cannot be simply changed if compromised, making their protection paramount.

    A. Core Requirements

    B. Privacy Requirements

    VII. User Rights and Protections

    Define comprehensive user rights regarding data privacy, control, and portability. Establish a "Privacy Bill of Rights" for digital communication users, including the right to access, correct, and delete personal data, and the right to know how their data is being used. Implement universal opt-out mechanisms for unwanted communications.

    VIII. Checks on Big Tech Power

    The Act would mandate transparency in algorithmic decision-making, enforce strict data privacy standards, and hold platforms accountable for the spread of misinformation. It would prevent arbitrary censorship of lawful communications, ensure interoperability and data portability between platforms, and prohibit the use of personal data for anti-competitive practices.

    IX. Open Communication Systems and API Access

    This section mandates that large tech companies open their public communication systems through secure and accessible APIs (does not apply to private systems):

    This will foster User-Friendly Interfaces: Open APIs that are certain to remain open will encourage third party developers to implement user-friendly interfaces that allow individuals to easily navigate and understand their data. This includes clear explanations of what each piece of data means and how it relates to their overall privacy rights. Innovative ways of filtering these communications will emerge which are superior to what is currently available and considered industry standard while being substandard.

    X. Economic Controls on Digital Communications

    The U.S. Postal Service has effectively managed physical junk mail through a careful balance of economic incentives. While bulk mail rates make mass mailing possible, the tangible costs of printing, preparation, and postage create natural constraints on volume and encourage senders to target their audiences more carefully. This economic model has proven remarkably effective at preventing the postal system from being overwhelmed by spam while still enabling legitimate marketing communications.

    Digital communications currently lack these economic constraints. The near-zero cost of sending email has created a "tragedy of the commons" where the absence of meaningful costs has led to rampant spam, compromising the utility of email for everyone. This Act establishes a similar economic framework for digital communications that has proven successful in physical mail.

    A. Transparency in Sender Status

    B. Economic Framework

    C. Appeal and Reinstatement Process

    D. Remediation Support

    The system ensures that no sender is permanently banned without due process and clear opportunities for improvement. By combining economic incentives with transparent enforcement and clear remediation paths, this framework promotes responsible digital communication while providing fair treatment and support for all senders working to maintain or restore their good standing.

    XI. Digital Communication Provider Responsibilities

    Define minimum standards for security, privacy, and user controls. Require regular auditing and public reporting. Mandate the implementation of anti-impersonation measures. Require providers to appoint a Chief Privacy Officer and implement Privacy by Design principles in all product development.

    XII. Enforcement and Penalties

    Outline clear enforcement procedures and penalties for non-compliance. Establish a whistleblower protection program for employees of digital communication providers. Implement severe penalties for privacy breaches, unauthorized data sharing, and violations of open API requirements.

    XIII. Implementation and Review

    Set a phased implementation schedule. Establish a framework for regular review and adaptation of regulations to keep pace with technological advancements. Create an advisory board including technology experts, privacy advocates, user representatives, and API specialists. Conduct annual privacy impact assessments and API accessibility reviews of the Act's implementation.

    XIV. International Cooperation

    Establish frameworks for international cooperation in regulating cross-border digital communications. Promote the adoption of similar standards in other countries to create a globally coherent regulatory environment. Work towards international agreements on data privacy standards, cross-border data protection, and global standards for open APIs in digital communication systems.

    XV. Data Transparency

    To further strengthen user rights and transparency regarding personal data, the SECURE Act will include provisions that allow users to view their data in a clear and accessible manner. This will involve:

    XVI. Large Attachments and Playlists

    This section focuses on improving the handling of large files and media content in emails. The main goals appear to be:

    1. Enhancing security through cloud storage and encryption
    2. Improving user experience with easy-to-use interfaces and clear notifications
    3. Optimizing data transfer through compression and streaming protocols
    4. Implementing version control and collaborative features

    These guidelines would significantly improve how large files are shared via email, addressing common pain points like size limits and security concerns. The emphasis on secure cloud storage and streaming protocols is particularly relevant in our increasingly media-rich digital communications.

    XVII. HIPAA Compliance

    This section proposes stringent measures—several of which go beyond HIPAA's current baseline—to secure email communications involving protected health information (PHI). (HIPAA does not categorically bar email; it requires reasonable safeguards such as encryption and Business Associate Agreements.) Key points include:

    1. Mandatory end-to-end encryption for PHI (HIPAA currently treats encryption as an "addressable" safeguard; this Act would make it a firm requirement)
    2. Strict access controls and audit trails
    3. Secure options for healthcare providers, including email-to-fax capabilities
    4. Employee training and regular audits for email service providers
    5. Requirements for Business Associate Agreements (BAAs)

    These guidelines would substantially enhance the security and compliance of email communications in healthcare settings. The focus on end-to-end encryption, access controls, and audit trails addresses critical aspects of protecting sensitive health information.

    XVIII. Prevention of Government Abuse and Surveillance

    This section establishes stringent measures to prevent government overreach and protect citizens from unwarranted surveillance:

    These measures aim to balance national security needs with individual privacy rights, ensuring that government surveillance is conducted only when necessary, under strict oversight, and with full respect for civil liberties.

    XIX. Public Content Moderation Framework

    This Act would establish a unified public moderation system for all digital communications and publications. Rather than repealing Section 230 of the Communications Decency Act of 1996, it preserves the host immunity that good-faith platforms depend on and supplements it with a transparency, reporting, and appeals layer that applies across all digital platforms.

    The system would:

    XX. Mandatory Public Service Materials

    Under this Act, digital communication platforms and services would make available essential public service materials and information. This provision would help ensure that critical public information reaches citizens through all major digital channels.

    A. Required Content Categories

    1. Emergency Information

    2. Civic Education

    3. Public Health Resources

    4. Consumer Protection

    5. Environmental Information

    B. Implementation Requirements

    1. Accessibility

    2. Presentation

    3. Prominence

    C. Quality and Accuracy Standards

    1. Content Requirements

    2. Update Procedures

    D. Platform Responsibilities

    1. Distribution Requirements

    2. Reporting and Metrics

    E. Oversight and Compliance

    1. Monitoring

    2. Enforcement

    F. Innovation and Improvement

    1. Technology Integration

    2. Feedback Implementation

    G. Public Service Materials API

    1. API Requirements

    2. Core Endpoints

    GET /api/v1/public-service/ GET /api/v1/public-service/emergency GET /api/v1/public-service/civic GET /api/v1/public-service/health GET /api/v1/public-service/consumer GET /api/v1/public-service/environmental POST /api/v1/public-service/emergency (authorized entities only) PUT /api/v1/public-service/{id} (authorized entities only) DELETE /api/v1/public-service/{id} (authorized entities only)

    3. Data Structure Standards

    Example Response Structure:
    {
        "id": "psa-2024-001",
        "type": "emergency",
        "priority": "high",
        "title": {
            "en": "Emergency Weather Alert",
            "es": "Alerta de Clima de Emergencia"
        },
        "content": {
            "en": "Severe weather warning for...",
            "es": "Advertencia de clima severo para..."
        },
        "metadata": {
            "published": "2024-10-27T10:00:00Z",
            "expires": "2024-10-28T10:00:00Z",
            "version": "1.0",
            "source": "National Weather Service",
            "geographic_scope": {
                "type": "polygon",
                "coordinates": [...]
            }
        },
        "links": {
            "more_info": "https://weather.gov/alert/123",
            "related": [...]
        }
    }
                

    4. Authentication and Security

    5. Integration Requirements

    6. Performance Standards

    7. Developer Support

    8. Compliance and Monitoring

    Open Items & Refinements

    1. Phased implementation & small-business relief — Specific phase-in periods (18–24 months for large providers, 36 months for small), grace periods, reduced requirements for startups, and technical assistance programs.
    2. Identity & emergency-services integration — Privacy-preserving identity verification standards; requirements for emergency services access, location data sharing, and response-time SLAs.
    3. Funding & cost recovery — Detailed fee tiers scaling with message volume, exemptions for non-profits and educational institutions, cost-sharing provisions, and specification of how collected fees may be used.
    4. Multi-stakeholder technical standards board — An advisory body of industry, civil-society, and government representatives to govern: required API endpoints and schemas, rate limits, encryption and key-management minimums, audit logging standards, and certification processes. Regular review and update cadences.
    5. Innovation sandbox — A regulatory safe harbor for testing new technologies and experimental features, with clear boundaries and sunset provisions.
    6. Enforcement clarity — Specific penalty structures, appeals processes, complaint-resolution timeframes, escalation procedures, and documentation requirements.
    7. Core tenets to preserve — Comprehensive platform scope, strong user-protection focus (privacy, rights, complaint mechanisms), and detailed technical standards (APIs, security, data protection) with future-proofing provisions.

    Technical Standards

    Universal Digital Communications Protocol (UDCP)

    (a) Standard Development:

    (b) Implementation Requirements:

    API Standards

    (a) Mandatory APIs:

    (b) API Requirements:

    APPENDICES

    Appendix A: Technical Specifications

    [Detailed technical requirements and standards]

    Appendix B: Implementation Guidelines

    [Detailed implementation guidance for providers]

    Appendix C: Compliance Checklist

    [Comprehensive compliance requirements]

    Appendix D: Fee Schedule

    [Detailed fee structures and calculations]

    Areas for Improvement

    Policy Framework Refinements

    1. Regulatory Authority Clarification: The proposal places authority with the U.S. Postmaster, but should more clearly define how this would interface with existing agencies like the FCC and FTC that currently regulate aspects of digital communications.
    2. Small Business Accommodations: While the document mentions extended compliance periods for smaller providers, it would benefit from more comprehensive accommodations to prevent creating barriers to entry for startups and small tech companies.
    3. First Amendment Considerations: Any government regulation of communication platforms raises important constitutional questions. The proposal should include a thorough legal analysis addressing potential First Amendment concerns and how the regulatory framework preserves free speech.

    Technical Implementation

    1. Technical Standards Development: The proposal would benefit from a more explicit process for developing and updating technical standards, perhaps through a multi-stakeholder approach including industry, civil society, and technical experts.
    2. Security Measures: While end-to-end encryption is mentioned repeatedly, more detailed requirements around implementation, key management, and security auditing would strengthen the proposal.
    3. API Standardization: The Open API requirements are promising but would benefit from more detailed specifications and governance mechanisms to ensure they remain truly open and accessible.

    Economic Framework

    1. Fee Structure Details: The economic framework could be more clearly detailed, including specific fee tiers, how they scale with message volume, and exemptions for non-profits or educational institutions.
    2. Implementation Costs: A more detailed analysis of implementation costs for both government and private sector would help build support and identify potential challenges.
    3. Competition Impact: Additional analysis on how these regulations would impact competition in the tech sector would strengthen the case for the proposal.

    The SECURE Act represents an ambitious attempt to bring comprehensive regulation to digital communications, drawing on historical precedents while addressing modern challenges. With refinements to its implementation framework, technical specifications, and economic model, it could offer a compelling vision for a more secure, private, and user-centric digital communications infrastructure.

    The SECURE Act proposes the missing piece: an independent watchdog for digital communications built around privacy, interoperability, and user rights. And by requiring bulk emailers to pay a small fee, we can reduce the flood of unsolicited and unchecked messages clogging our inboxes. It’s a framework that can be adopted now, not a bill waiting on Congress.

    Veamcast is already building a working proof-of-concept. See how we’re implementing these principles →

    For policymakers and staff: See how the SECURE Act relates to current federal AI and digital-rights bills — a brief comparison with the CREATOR Act, NO FAKES Act, and TRAIN Act.

    Recommended Experts to Contact

    Regulatory and Legal Experts:
    The FCC Chair / Office of General Counsel
    Federal Communications Commission
    Expertise in how this would interface with existing FCC regulatory frameworks
    The FTC Chair / Bureau of Competition
    Federal Trade Commission
    Insights on competition impacts and consumer protection considerations
    A First Amendment scholar (e.g., the Knight First Amendment Institute)
    Constitutional law and civil liberties
    Critical perspective on First Amendment implications and safeguards
    The Office of the Postmaster General
    United States Postal Service
    Insight into USPS capabilities and requirements for taking on this role
    Technical Standards Experts:
    Internet-protocol and architecture experts (e.g., IETF / W3C contributors)
    Internet standards bodies
    Deep expertise in internet architecture and protocol development
    Independent security and cryptography researchers
    Applied cryptography and information security
    Expertise in encryption standards and security architecture
    Secure-messaging implementers (e.g., the Signal Foundation)
    Encrypted communication systems
    Experience with implementing secure, encrypted communication systems
    Small Business and Economic Impact:
    Digital-rights and consumer-advocacy organizations
    Consumer protection and digital policy
    Expertise in balancing regulations with consumer and business needs; perspective on how regulations impact digital innovation
    The Small Business Administration
    Federal agency supporting small businesses
    Input on accommodations needed for small businesses and startups
    💬 Comment 📄 Save as Word Doc ❌ Remove Me
    🤝 Join Our Coalition for Digital Rights

    Joe Dean, founder of Veamcast

    Contact: joe.dean@veamcast.com | 310-593-4485

    Public Comments

    Loading comments...

    Last edited: June 22, 2026

    Unsubscribe

    If you no longer wish to receive communications about the SECURE Act, click below to unsubscribe.

    Unsubscribe