Digital Discourse / Archives for cybersecurity

Sen. Cyber Bill Introduced, IT and IP implications of FY13 Budget, and Patent Reform Rules Proposed

February 14, 2012 By

Cyber

The long-awaited Senate comprehensive cybersecurity legislation, the Cybersecurity Act of 2012, was officially introduced this afternoon by Sens. Joe Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV) and Dianne Feinstein (D-CA).  And Sen. Lieberman’s Homeland Security Cmte. will hold a legislative hearing on Thursday.

SIIA issued a statement in response to the legislation expressing support for the significant progress in striking a balance between preserving innovation and identifying and regulating critical infrastructure, and urging swift, bipartisan support for legislation that would advance critical cybersecurity priorities to immediately enhance our cybersecurity preparedness.

IT Implications of President’s FY13 Budget

The President’s FY13 budget proposal introduced this week includes a couple key items that reflect the continued support for IP protection.  First, the proposal includes a $5 million increase in funding to combat piracy and counterfeiting, raising the total spent to combat IP crimes by the USG to $40 million. Also, the budget provides support for the PTO’s new fee-setting authority and termination of fee diversion, estimating that the PTO will collect $2.9 billion in 2013, but any amount received in excess of $2.9 billion and deposited in shall remain available to the PTO until expended.

On the Fed. IT funding front, U.S. government spending on information technology would decline 1.2 percent next fiscal year, as part of the efforts to “do more with less,”  increasing efficiency through the use of cloud computing, shared services and mobile technology.

Regardless of the budget politics in an election year, these are both very significant elements, as they serve as markers for where the Obama Administration sees funding priorities that affect software and digital content companies.

Patent Reform

The US Patent & Trademark Office released notices of proposed rulemakings last week regarding a number of key provisions of the Leahy-Smith America Invents Act, including review of the new inter partes and post grant rules.  Comments must be submitted by early April.  Proposed fees for these procedures, as well as higher fees for applications, also were introduced, with the goal of reducing the patent backlog.  The PTO will hold a public hearing on fee proposals on February 15 at the PTO, and February 23 in Sunnyvale, CA, and the deadline for comment on the proposals is February 29th.

ACTA

With the European Parliament is scheduled to consider ACTA in June, the past few weeks have seen several EU member states, including Poland, Latvia and the Czech Republic, withdraw their intent to ratify ACTA or delayed the decision in their national parliaments in response to domestic protests.  On February 10th, in anticipation of these protests the European Commission released a “Factsheet on the Transparency of ACTA Negotiations.”

Ed-Tech Interoperability Standards

On Monday, SIIA released a Primer on K-20 Education Interoperability Standards that provides a framework for understanding interoperability standards that impact educational data, digital content, and software applications. The primer is a component of SIIA’s ongoing efforts to help inform on technical issues that are important to the success of educational technologies.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup Tagged With: , , ,

SIIA Applauds Progress of Senate Cybersecurity Legislation

February 14, 2012 By

With cyber threats more sophisticated and targeted than ever, and growing at an unprecedented rate, now is the time to act on critical cybersecurity legislative priorities. We are pleased to see that Sens. Lieberman, Collins, Rockefeller and Feinstein have made significant progress in striking a balance between preserving innovation and identifying and regulating critical infrastructure.

SIIA continues to believe that cybersecurity legislation could potentially do more harm than good if not done carefully. A regulatory approach would not necessarily make organizations more secure, just more compliant. It is imperative that Congress preserves the ability of technology companies to quickly develop and deploy technology that can detect, prevent and mitigate cybersecurity threats.

We urge swift, bipartisan support for legislation that advances critical cybersecurity priorities and immediately enhances our preparedness. As we identified in a recent letter to Sen. Reid, there are multiple cybersecurity objectives that enjoy strong bipartisan support in the House and Senate, such as enhancing information-sharing between the public and private sectors, reforming FISMA, encouraging increased cybersecurity research and ensuring that law enforcement has the adequate tools and criminal penalties for to protect against cyber crimes.

SIIA is committed to the goal of enacting legislation that will establish a meaningful national framework for data security and for breach notification, and we look forward to continuing to work with Congressional leaders to reach consensus.

Katie CarlsonKen Wasch is President of SIIA.

 

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Software Tagged With: ,

Administration releases latest cloud guidance, Cyber 2012 continues in Senate

February 7, 2012 By

Today, GSA released its latest policy memo, a guidance document for agencies and cloud service providers, describing the general Concept of Operations (CONOPS) for the FedRAMP, the government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. The release of this guidance is timely, with GSA’s Dave McClure joining us at our Cloud/GOV Conference next Thursday.

In the Senate, indications this week are that the Homeland Security and Governmental Affairs Committee will hold a hearing next week on cybersecurity legislation. The legislation is still expected to be introduced later this week or early next, and drafts continue to circulate. While Majority Leader Reid signaled in late 2011 his intention for the Senate to consider legislation in this first legislative work period, it’s now clear that this will be pushed back slightly, at least until after the President’s day recess.

And the pressure will begin mounting on House and Senate negotiators to reach a deal to extend the payroll tax cut currently set to expire at the end of the month. Again, extension of the key technology industry R&D tax credit, as well as broader corporate tax reform, will be linked to these discussions, along with other critical “extenders.” The R&D tax cut has been expired since late 2011, on of 14 times it has been allowed to expire in its 30-year history.

Last week, SIIA submitted comments to the FTC in response to their request for input on facial recognition technology. In offering to work with the Commission as they map out an approach for making sure that the public is able to benefit from the further development and deployment of these innovative techniques while still preserving privacy, SIIA urged the to recognize that it has at hand a workable general framework for evaluating and considering the privacy implications of facial recognition technology.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: ,

Now is the Time to Act Swiftly, Enact Key Cybersecurity Objectives

January 18, 2012 By

SIIA offered its views to the Senate on cybersecurity on Tuesday, in a letter to Sen. Majority Leader Harry Reid (D-NV) in advance of the imminent Senate consideration of cybersecurity legislation.

Our members are dedicated to strengthening the nation’s IT infrastructure and protecting against growing cyber threats. These threats are more sophisticated and targeted than ever and are growing at an unprecedented rate. We know that as a nation, we can’t afford to delay advanced protection and instantaneous remediation.

That’s why SIIA believes that the most effective course of action is to focus in the short term on several critical priorities that enjoy broad bipartisan consensus. These key priorities are:

o Enhance information sharing between the public and private sectors,
o Reform of the Federal Information Security Management Act of 2002 (FISMA),
o Enhance and improve law enforcement tools and criminal penalties for cybercrimes, and
o Encourage increased cybersecurity research.

At the same time, SIIA believes that some complex issues of cybersecurity are not nearly as close to broad consensus. Including them in a comprehensive bill would give them short shrift and potentially slow down the bill’s adoption; most importantly and worryingly, the proposals advanced to date on some of these issues would seriously hinder the very innovation that is our best tool against cyber threats. Securing the Nation’s public and private IT networks will require the attention of Congress, the Administration and industry for the weeks, months and years ahead. It’s not something that can or should be achieved with one piece of legislation. Some of these complex issues include:

o Provide a national framework for data security and data breach notification,
o Designate and protect “covered critical infrastructure” (CCI),
o Clarify the role and authorities of the Department of Homeland Security (DHS),
o Ensure the security of the U.S. IT supply chain, and
o Create incentives for individuals and businesses to enhance their cybersecurity preparedness.

In particular, SIIA would welcome forward movement on a good data security and breach notification legislation. However, House and Senate consideration of this legislation in 2011 revealed many significant differences still needing to be resolved.

While SIIA does not support a heavy regulatory approach to cybersecurity, we do believe that positive incentives have a higher probability of success in two ways: a higher chance of better actual cybersecurity outcomes, and a higher probability of actually becoming law. The private sector responds to incentives, and aligning the interests of the private sector with the outcomes that are in the national interest makes sense. Furthermore, positive incentives (rather than negative ones) are clearly the most effective way to drive higher levels of trust and actual cooperation between the private sector and government – vital things needed to produce real success. SIIA strongly supports exploring positive incentives for individuals and businesses of all sizes as a long-term ongoing approach to securing the Nation’s IT infrastructure.

We are hopeful that the Senate can pass cybersecurity legislation that will quickly address some of the most critical threats to our nation’s IT infrastructure. SIIA members – whose companies work tirelessly to develop and deploy cutting edge cybersecurity solutions – will continue to actively engage policymakers to rapidly enact legislation that promotes technological innovation as the key to better cybersecurity.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With:

2012 Starts with a Flurry of Tech Policy

January 11, 2012 By

Happy New Year. 2012 is starting out much like 2011 ended, with a flurry of tech policy activity, particularly in the U.S. Senate. Majority Leader Harry Reid (D-NV) has scheduled a key procedural vote on the PROTECT IP Act for Jan. 24, the second day the body will be in session for the new year.

Following that, Reid has also indicated that consideration of comprehensive cybersecurity legislation is also one of his top priorities for the first work period, even though draft legislative language was just made available in mid-December. And with the House scheduled to return a week before the Senate, it’s possible, if not likely that Judiciary Chairman Lamar Smith (R-TX) will proceed with the Committee markup of SOPA. Needless to say, the next couple weeks are going to be busy!

Also on the horizon, ICANN will begin accepting applications for new gLTDs on Thursday (January 12) despite continued objections from some members of Congress and some industry groups. The Coalition for Online Accountability, including SIIA, has recently met with NTIA leadership and the IP Enforcement Coordinator, to discuss the role of the U.S. government in curbing potential abuses of new gTLDs.

Following up on the launch of FedRAMP in December, the Administration last Friday released baseline security controls for cloud providers. Consistent with previous indication from GSA officials, these are significantly reduced from the draft controls made available about a year ago, to which SIIA and many cloud providers expressed significant concerns. GSA has reiterated that this will be an evolving list, but there is no further formal opportunity for comment.

And right before the Holidays, SIIA submitted comments to the FTC regarding their proposed revisions to the Children’s Online Privacy Protection Act (COPPA) Rule. While we expressed our support for several of the FTC’s conclusions, such as preservation of the current definition of a “child” and the “actual knowledge” standard, SIIA raised concerns regarding several of the proposals, including the proposed significant expansion of the definition of “personal information,” elimination of the “e-mail plus” method for notice and consent and various other changes.

SIIA also recommends some new approaches to accommodate new methods of notice and consent and encourages the Commission to take steps to ensure that it is applied as efficiently as possible with respect to school-based educational partners and other providers of educational materials and services.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: ,

Facebook, Cyber Security and Small Businesses Dominate the Hill

November 30, 2011 By

Headlining the day, the FTC announced that Facebook agreed to settle the Commission’s charges that it deceived consumers. The proposed settlement requires Facebook to take several steps to enhance its privacy practices, including the terms for which it provides notice to consumers and provides for consent for information sharing, and it would require the Company to undergo privacy audits over the next two decades. The settlement underscores the need for broad privacy legislation, this is further confirmation that the FTC’s long-standing authority over unfair or deceptive trade practices is sufficient for providing thorough enforcement in the privacy arena.

Keeping the cybersecurity train moving forward in the House, and keeping consistent with the House Cybersecurity Task Force goal to address cyber on an individual basis within the committees of jurisdiction, there are two cyber developments scheduled for this week. First Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will unveil new bipartisan cybersecurity legislation on Wednesday to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

And on Thursday, the House Small Business Committee will hold a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., will be testifying on behalf of SIIA. The hearing will also include testimony from Task Force leader Rep. Mac Thornberry (R-TX), highlighting the recent recommendations of the House Task Force.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Court Cases, Digital Policy Roundup, Policy, Security, Software Tagged With: , ,

Clock Winds Down on 2011, Cyber and Privacy Gear Up for Action in 2012

November 22, 2011 By

With Congress in recess for the Holiday, and the “Super Committee” officially resigned to stalemate, it’s unclear how the last month of 2011 will play out in Washington. However, last week saw significant developments for the advancement of cybersecurity legislation. Notably, in a letter to Minority Leader Mitch McConnell (R-KY), Majority Leader Harry Reid (D-NV) indicated that the Senate will consider the issue in early 2012. At about the same time, the Ranking Members of six key senate committees of jurisdiction on Cybersecurity sent a joint letter to the President expressing their desire to move forward on several key cybersecurity issues, and highlighting those that are not quite ready. The one thing that’s for sure is that early 2012 will see a flurry of cyber discussions.

Similarly, indications last week are that privacy issues will also heat up in early 2012. While a firm date has still not been given for the official release of the Commerce Department report on privacy, it’s expected the Report will be released the week of Nov. 28th. Importantly, while the Report will continue to support a legislative Consumer Privacy Bill of Rights, officials have expressed the goal to begin moving forward with a multi-stakeholder process to craft privacy codes of conduct as early as January.

On Monday, the U.S. Department of Commerce released the results of the 22nd US-China Joint Commission on Commerce and Trade (JCCT) meeting between U.S. and Chinese government officials, where a number of commitments were made by Chinese officials during the meeting to address issues between the two countries. Most significantly to SIIA members, the summary indicates that China will take steps to address the use of unauthorized copies of software by government agencies and state-owned enterprises. China pledged to complete this software legalization process by 2012 for Chinese provincial entities and by 2013 for municipal and county-level governments.

And in other IP news, the House Judiciary Chairman Lamar Smith (R-TX) has announced his plan to mark-up the Stop Online Piracy Act (SOPA), H.R. 3261 on Dec. 15th. However, following the lengthy and sometimes contentious hearing that took place last Wednesday, it is quite possible the date will slip while Committee members deliberate several key provisions of the bill.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Government, Policy, Software Tagged With: , ,
« Older Posts
Newer Posts »