Digital Discourse / Archives for cybersecurity

While Europe Presents Roadblock for Cloud, NIST Presents Roadmap

November 9, 2011 By

Yesterday, EU Justice Commissioner Viviane Reding, Vice-President of the European Commission, and the German Federal Minister for Consumer Protection, Ilse Aigner, released a statement calling for a robust data protection framework. In the statement, the Commissioners stated explicitly that “companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud.’”

As the EC continues working to revise the 1995 Data Protection Directive with a deadline to produce a proposal by the end of Jan. 2012, this is a very strong statement highlighting the potential challenges for U.S. businesses, and the cloud computing industry, working effectively in Europe under these new regulations. However, the statement does still leave some flexibility for demonstrating compliance through codes of conduct, binding corporate rules, contracts or safe harbor arrangements.

Meanwhile, in the U.S. there seems to be increasing recognition that the clock has all but run out on privacy legislation for 2011, and we continue to wait for the release of the DOC report on data privacy reflecting the Administration’s position on the issue broadly. It obviously gets tiring to keep typing that it’s expected to be released “any day now,” but, it’s reportedly finalized and expected to be released… any day now.

On the Hill, indications after the House Energy and Commerce Cmte. Republican member meeting last week are that Chairman Upton (R-MI) and Sbcmte. Chair Bono Mack (R-CA) are still moving forward with intentions of advancing the SAFE Data Act before the end of the year. But again, indications are that time and opportunities have almost all but run out for passage of data security legislation in 2011.

Also last week, the National Institute of Standards and Technology (NIST) released its much anticipated U.S. Government Cloud Computing Technology Roadmap, a series of three volumes that combine to provide guidance for agencies around cloud computing, and to shorten the adoption cycle, enable near-term cost savings and increased ability to quickly create and deploy safe and secure cloud solutions. The Roadmap is part of a very aggressive strategy by the Administration to implement its “cloud-first” policy, and to develop standards and definitions in key areas such as security, interoperability, portability and eventually procurement. The Roadmap is open for public comment until Dec. 2 SIIA has been highly engaged with NIST’s efforts around cloud computing, and we are reviewing the Roadmap and planning to comment.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Cloud Computing, Digital Policy Roundup, International Policy, Policy, Software Tagged With: , , ,

Copyright Office Declares Priorities, Cybersecurity and Cloud Computing Still a Focus for the Hill

October 26, 2011 By

Today, Maria Pallante, the U.S. Register of Copyrights, released a report outlining the Priorities and Special Projects of the U.S. Copyright Office through 2013. The Report articulates 17 priorities in the areas of copyright policy and administrative practice, as well as 10 new projects designed to improve the quality and efficiency of the U.S. Copyright Office’s services in the 21st century. This is the first time in recent history that the Office has published such a document. It provides an excellent roadmap for the most significant legislative, international and administrative copyright issues facing copyright holders and the Office now and into the immediate future.

In other IP news, indications from House leaders are still that the rogue websites legislation is expected to be introduced this week, as early as today. There has been a recent push by opponents of the legislation to stall it’s introduction, including a meeting last week with Cmte. staff where concerns about the potential implications of the bill were discussed.

On the cybersecurity front, the White House held a classified briefing with key Senate leaders last week. The meeting, including representatives from the FBI, DHS, NSA and bipartisan leadership of the Senate committees with jurisdiction over cybersecurity, was part of a continued effort by the White House to advance comprehensive cybersecurity legislation this year. While the meeting participants broadly agreed about the urgent need to address growing cybersecurity threats, there are several key issues that remain unresolved. To state the obvious, the clock is beginning to run out on 2011.

The FTC staff report on privacy is scheduled for release before the end of the year, but it is possible, and even likely, that issuance will go to the beginning of next year. The final report is likely to be very similar to the draft report. It will not be a major overhaul and will not contain any earth-shattering departures from the structure set out earlier. The major issues in play appear to be the definition and role of commonly accepted business, the role of data minimization, the application of privacy framework to both the online and off-line contexts and the distinction between first party and third party providers of online advertising. The report is likely to touch on the multi-stakeholder process that the Commerce Department is looking to establish and be consistent with it, but will focus more on principles and implementation rather than the process of developing self-regulatory codes of conduct. It is not yet clear whether the report will recommend legislation.

And as of last week, “cloud computing” is officially defined. That is, after a long time of working and reviewing, NIST last week released a FINAL version of their official definition of cloud computing, also known as SP 800-145. SIIA has worked with NIST throughout this process, and concur that this is a very solid definition, one that is widely referenced around the world. Of course, it’s breadth underscores why “cloud computing” is so challenging to define for policymaking purposes.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

 

Share|
Filed Under: Anti-Piracy, Copyright, Digital Policy Roundup, Policy Tagged With: , , ,

DOC/DHS Push for Notice on Botnets and Malware, Supreme Court Hearing Major Copyright Protection Case

October 11, 2011 By

At an event hosted by CSIS last week, Cam Kerry, General Counsel of the Commerce Department and Howard Schmidt, Cybersecurity Coordinator for the Obama Administration, emphasized the importance of their recently launched initiative to develop models to advance voluntary corporate notification to consumers regarding the illicit use of computer equipment by botnets and related malware. DHS and DOC/NIST recently issued a notice on the issue, seeking comment on a range of issues relating to how various actors could participate in a multi-stakeholder process designed to reduce these security threats. SIIA is looking to file comments in this proceeding and is seeking input from members. Comments are due on November 4.

Also on the cybersecurity front on Wednesday, the House Republican Cybersecurity Task Force released their formal recommendations. The Task Force was created by House Republican Leadership on June 24th, and asked to provide recommendations to Leadership. As expected, the Recommendations favor many SIIA priorities, such as a narrow definition of “critical infrastructure,” incentive-based approach, rather than regulations, as international collaboration, heavy engagement with the private sector, and providing public awareness regarding threats and existing solutions and best practices. SIIA put out a statement supporting the recommendations and highlighting some of our key priorities.

Importantly, the Recommendations also reiterated the House Republican’s belief that a large, “comprehensive” bill is practical, rather stressing the need for relevant committees to consider legislation separately through regular order. Consistent with this approach, Rep. Goodlatte indicated this week that he will soon introduce a proposal to enhance enforcement of cybercrime.

Also last week, the Supreme Court heard on Wednesday heard oral arguments in Golan v Holder. Before the court was the issue of whether Congress can restore copyright protection to a work whose copyright protection had previously expired and was therefore in the public domain. The court will decided whether the Copyright Clause and/or the First Amendment of the U.S. Constitution prohibit Congress from taking works out of the public domain. SIIA included a detailed summary of the oral arguments in our IP Policy Update.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Cloud Computing, Copyright, Digital Policy Roundup Tagged With: , ,

Cybersecurity is a major national security issue

October 6, 2011 By

Yesterday, SIIA applauded the House Republican Cybersecurity Task Force’s conclusion that cybersecurity is a major national security issue and a critical component of economic growth. In particular, SIIA strongly supports the Task Force’s support for a global approach to cybersecurity that seeks international consensus to avoid fragmented, unpredictable national requirements.

The recommendations appropriately recognize the need to avoid hobbling U.S. industry with a set of U.S.-only standards. The Task Force instead calls for international colaboration and heavy engagement with the private sector on security standards that are not U.S.-centric.

Public-private cooperation is vital for the success of any security regime. SIIA appreciates that the Task Force has focused on enhancing incentives, not increasing regulations, to encourage private companies to step up cybersecurity. In the fast-changing world of cybersecurity, strict mandates could hinder businesses from adapting to the ever-changing technology landscape.

The fact is, strong cybersecurity initiatives already exist within the marketplace. When there is agreement that the needed level of security goes beyond that for which a business case can be made, the most effective role for government is to provide businesses with support and further incentives.

SIIA further concurs that improving information-sharing is a critical element of cybersecurity. SIIA members are industry leaders in providing a wide range of cybersecurity products and services to help users protect themselves. The government could play a very effective role in promoting public awareness of threats–and best practices to protect against those threats.
 

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Cybersecurity, Software Tagged With: ,

Cloud season continues on Hill, data security headlines Committee focus

September 27, 2011 By

Cloud computing season continues on the Hill. Last week’s hearing on cloud computing in the House Science Sbcmte. on Technology and Innovation didn’t generate any major headlines, which is largely a good thing. Next week the House Homeland Security Sbcmte. on Cybersecurity is planning to hold an informational hearing on cloud computing security. Most importantly, but least officially, rumor has it that Sen. Klobuchar is still seeking to introduce her draft cloud computing legislation.

In other cloud news, NIST has officially scheduled their fourth Cloud Computing Roundtable and Workshop for Nov. 2-4, at which time they plan to unveil their Cloud Computing Roadmap guidance document for federal agencies.

Also of note last week, the Sen. Judiciary Cmte. approved — along party lines — three bills seeking to establish uniform rules for data security and breach notification. As we reported last week, these were held over from the previous week due to a lack of Republican members for a quorum. While attendance was sufficient this time around, Sen. Grassley again voiced serious reservation with all of the bills, stating that they would create an unnecessary burden on businesses of all sizes. And while Sen. Commerce Cmte., Chair Rockefeller still has not provided word on when the Cmte. will proceed with the pending markup of his bill, the House E&C Cmte. staff has indicated that it’s likely to revisit the issue this fall.

Finally, President Obama last Friday announced a sweeping set of federal NCLB education waivers states and school districts can apply for in the areas of testing/accountability, school improvement, use of funds and teacher quality/effectiveness. Most significantly, the waivers will provide some flexibility in how student, teacher and school performance is measured, as well as to the nature of school improvement remedies (e.g., Title I Supplemental Educational Services tutoring will likely see a large reduction) and the targeting of limited improvement resources. SIIA will provide members with further information and analysis on this in the near future, particularly considering how this is likely to affect education technology.

Share|
Filed Under: Digital Policy Roundup, Education Policy, Policy Tagged With: , , ,

After landmark Patent Reform, Hill agenda still full with IP, Privacy and Cybersecurity

September 14, 2011 By

Last week Congress overwhelmingly passed milestone patent reform legislation when the Senate approved the Smith-Leahy America Invents Act (H.R. 1249) by a vote of 89-9. SIIA and many of our members have worked diligently toward this goal for more than 6 years, and passage of the bill represents a significant victory for our industries. We believe that this legislation will improve patent quality and reduce (though certainly not eliminate) wasteful litigation over bad patents. In passing the House version of the bill, the Senate rejected amendments that could have essentially derailed the bill by sending it back to the House.

Next on the IP front, rogue website legislation remains a priority in both the Senate and the House. In the Senate, proponents have been pushing for a floor vote on the PROTECT IP Act, which looks likely to occur later in the Fall. We anticipate that the long-awaited House bill, which is expected to be significantly broader in scope than the Senate bill, could be introduced by the end of the month and perhaps as early as next week. SIIA will continue to strongly support legislation to combat rogue websites.

On the privacy front, you’re surely in good company if you can’t keep up with all of the proposed legislation. In addition to Sen. Feinstein (D-CA) reintroducing her Data Breach Notification Act (S. 1408) before the August break, Sen. Blumenthal (D-CT) also introduced legislation last week, the Personal Data Protection and Breach Accountability Act (S. 1535). Chairman Leahy (D-VT) has put these two bills on the calendar for markup this Thursday, along with his legislation, Data Privacy and Security Act (S. 1151).

And those are just the bills being considered in the Judiciary Cmte! The Sen. Commerce Cmte. is also expected to focus on various privacy proposals in the coming weeks–more on this to come soon. While on the House side, Data Security/Breach legislation has temporarily been shelved, while the Committee is planning to take a closer look at privacy issues more broadly, with several upcoming hearings in the weeks ahead. The first hearing, in Chairman Bono-Mack’s subcommittee on Thursday, will focus on “the Impact and Burden of EU Regulation.”

And finally, indications are still that Senate Majority Leader Reid (D-NV) is hoping to advance cybersecurity legislation this fall. Of course, this is contingent on the success of the ongoing bipartisan discussions on the issue. By any account, it’s looking like a very busy four months on Capitol Hill to close out 2011.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: , ,

Patent Reform makes tracks, Cybersecurity and Privacy

June 28, 2011 By

The patent reform train continued moving down the tracks last week, as the House passed the America Invents Act (H.R. 1249) by a vote of 304-117. As passed, the bill differs in several respects from the Senate version that passed several months ago, including how it deals with fee diversion, tax strategy patents, prior user rights, prior art, and some other issues. Despite the differences and a heavy debate about the fee diversion issue, discussions are ongoing about a strategy to reconcile the two versions or perhaps seek Senate passage of the House bill. Regardless, the strong bipartisan support for the legislation in both chambers make for good odds on enactment of patent reform.

On the cybersecurity front, last week House Speaker John Boehner appointed a 12-member Republican task force to assess the state of cybersecurity, including the Administration’s proposal, and provide recommendations by October. Rep. Mac Thornberry (R-TX), who was appointed to lead on this issue earlier this year, will lead the task force, joined by Reps. Aderholt (R-AL), Chaffetz (R-UT), Coffman (R-CO), Goodlatte (R-VA), Hurt (R-VA), Latta (R-OH), Lungren (R-CA), McCaul (R-TX), Murphy (R-PA), Stivers (R-OH) and Terry (R-NE).

Also last week, the Supreme Court decided a case that looks to be a major victory for data publishers. In the case Sorrell vs. IMS Health the Court confirmed an appeals court decision that a Vermont law prohibiting the use of physician prescribing data for marketing purposes. While Justice Kennedy’s majority opinion expressed concerns about the “serious and unresolved” issues with respect to personal privacy, the ruling confirmed that the law unfairly imposed a first Amendment burden “based on the content of speech and the identity” of pharmaceutical manufacturing companies. In short, the ruling holds that such commercial speech is equally entitled to the protections of the First Amendment.

For SIIA policy updates including upcoming events, news and analysis, subscribe to SIIA’s weekly policy email newsletter, Digital Policy Roundup.

Share|
Filed Under: Copyright, Court Cases, Digital Policy Roundup, Government, Patent, Policy Tagged With: , , , , , ,
« Older Posts
Newer Posts »