Administration Seeks Input on Data Privacy
As a follow-up to the release of the White House Privacy Report, the DOC National Telecommunications and Information Administration (NTIA) has formally requested comment on what issues should be addressed through the privacy multi-stakeholder process, as well as procedures to foster the development of these codes. Comments are due by March 26th.
Consistent with indications from Administration officials, the Federal Register Notice explains that while the NTIA plans to facilitate the development of enforceable codes of conduct that implement the full Consumer Privacy bill of Rights proposed in the Report, as a start to the process “NTIA seeks to conduct a privacy multi-stakeholder process focused on a definable area where consumers and businesses will receive the greatest benefit in a reasonable timeframe.”
Among the list of potential topics, the list of potential topics supplied by NTIA includes: mobile apps and associated issues, cloud computing services, accountability mechanisms, online services directed towards children and teens, trusted identity systems, such as NSTIC, and data collection from various technologies.
Cyber Legislative Proposals Proliferate
Following the release last week of a new cybersecurity legislative proposal, the Secure IT Act, offered by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-TX) and several other Republicans, Reps. Mary Bono Mack (R-CA) and Marsha Blackburn (R-TN) announced Monday their intention to introduce companion legislation. Sponsors have offered the legislation as an alternative to the Cybersecurity Act (S. 2105), introduced last month by Sens. Joe Lieberman (I-CT) and Susan Collins (R-ME), that would not give the Homeland Security Department the power to require critical computer systems to meet certain security standards, and both bills propose to enhance cybersecurity information sharing, reform FISMA, increase cybersecurity R&D and enhance cybercrime enforcement.
And at a time when cybersecurity is becoming an increasingly partisan issue, House E&C Subcommittee Chair Greg Walden (R-OR), in conjunction with the upcoming hearing on Wednesday, announced the formation of a bipartisan Communications and Technology Cybersecurity Working Group, which will include Reps. Lee Terry (R-NE), Anna Eshoo (D-CA), Doris Matsui (D-CA), Bob Latta (R-OH), Michael Doyle (D-PA) and Adam Kinzinger (R-IL).
NIST Security Guidance with Implications on Cloud and Mobile
Last Wednesday, NIST released a draft revision to Federal Guidelines on Security and Privacy Controls for Federal Information Systems and Organizations. Known as SP 800-53, the recent revision results from a year-long initiative to update the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations, seeking to handle “insider threats, supply chain risk, mobile and cloud computing technologies, and other cyber security issues.” In announcing the document, NIST highlighted that “in most instances, with the exception of the new privacy appendix, the new controls and enhancements are not labeled specifically as “cloud” or “mobile computing” controls or placed in one section of the catalog. Rather, the controls and enhancements are distributed throughout the control catalog in various families and provide specific security capabilities that are needed to support those new computing technologies and computing approaches.
Indian Gov. Adopts New Localization Procurement Rule
India has recently approved a new procurement rule that imposes a preference for domestically manufactured electronic products. Specifically, the rule creates a 30% domestic content requirement on an ill-defined range of electronic products and services. Not only does the rule explicitly target laptops and computers, but it could also extend to any software, application or electronic content that the Indian government might deem to be covered. SIIA is working with other leading trade associations to urge the U.S. government to engage strongly with the government of India to rollback this protectionist policy.
Learn more about key policy developments affecting the software and digital content communities with Digital Policy Roundup.
David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.