Digital Discourse / Archives for cybersecurity

Digital Policy Roundup: Facebook, Cyber Security and Small Businesses Dominate the Hill

November 30, 2011 By

Headlining the day, the FTC announced that Facebook agreed to settle the Commission’s charges that it deceived consumers. The proposed settlement requires Facebook to take several steps to enhance its privacy practices, including the terms for which it provides notice to consumers and provides for consent for information sharing, and it would require the Company to undergo privacy audits over the next two decades. The settlement underscores the need for broad privacy legislation, this is further confirmation that the FTC’s long-standing authority over unfair or deceptive trade practices is sufficient for providing thorough enforcement in the privacy arena.

Keeping the cybersecurity train moving forward in the House, and keeping consistent with the House Cybersecurity Task Force goal to address cyber on an individual basis within the committees of jurisdiction, there are two cyber developments scheduled for this week. First Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will unveil new bipartisan cybersecurity legislation on Wednesday to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

And on Thursday, the House Small Business Committee will hold a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., will be testifying on behalf of SIIA. The hearing will also include testimony from Task Force leader Rep. Mac Thornberry (R-TX), highlighting the recent recommendations of the House Task Force.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Court Cases, Digital Policy Roundup, Policy, Security, Software Tagged With: , ,

Digital Policy Roundup: Clock Winds Down on 2011, Cyber and Privacy Gear Up for Action in 2012

November 22, 2011 By

With Congress in recess for the Holiday, and the “Super Committee” officially resigned to stalemate, it’s unclear how the last month of 2011 will play out in Washington. However, last week saw significant developments for the advancement of cybersecurity legislation. Notably, in a letter to Minority Leader Mitch McConnell (R-KY), Majority Leader Harry Reid (D-NV) indicated that the Senate will consider the issue in early 2012. At about the same time, the Ranking Members of six key senate committees of jurisdiction on Cybersecurity sent a joint letter to the President expressing their desire to move forward on several key cybersecurity issues, and highlighting those that are not quite ready. The one thing that’s for sure is that early 2012 will see a flurry of cyber discussions.

Similarly, indications last week are that privacy issues will also heat up in early 2012. While a firm date has still not been given for the official release of the Commerce Department report on privacy, it’s expected the Report will be released the week of Nov. 28th. Importantly, while the Report will continue to support a legislative Consumer Privacy Bill of Rights, officials have expressed the goal to begin moving forward with a multi-stakeholder process to craft privacy codes of conduct as early as January.

On Monday, the U.S. Department of Commerce released the results of the 22nd US-China Joint Commission on Commerce and Trade (JCCT) meeting between U.S. and Chinese government officials, where a number of commitments were made by Chinese officials during the meeting to address issues between the two countries. Most significantly to SIIA members, the summary indicates that China will take steps to address the use of unauthorized copies of software by government agencies and state-owned enterprises. China pledged to complete this software legalization process by 2012 for Chinese provincial entities and by 2013 for municipal and county-level governments.

And in other IP news, the House Judiciary Chairman Lamar Smith (R-TX) has announced his plan to mark-up the Stop Online Piracy Act (SOPA), H.R. 3261 on Dec. 15th. However, following the lengthy and sometimes contentious hearing that took place last Wednesday, it is quite possible the date will slip while Committee members deliberate several key provisions of the bill.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Government, Policy, Software Tagged With: , ,

Digital Policy Roundup: While Europe Presents Roadblock for Cloud, NIST Presents Roadmap

November 9, 2011 By

Yesterday, EU Justice Commissioner Viviane Reding, Vice-President of the European Commission, and the German Federal Minister for Consumer Protection, Ilse Aigner, released a statement calling for a robust data protection framework. In the statement, the Commissioners stated explicitly that “companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a ‘cloud.’”

As the EC continues working to revise the 1995 Data Protection Directive with a deadline to produce a proposal by the end of Jan. 2012, this is a very strong statement highlighting the potential challenges for U.S. businesses, and the cloud computing industry, working effectively in Europe under these new regulations. However, the statement does still leave some flexibility for demonstrating compliance through codes of conduct, binding corporate rules, contracts or safe harbor arrangements.

Meanwhile, in the U.S. there seems to be increasing recognition that the clock has all but run out on privacy legislation for 2011, and we continue to wait for the release of the DOC report on data privacy reflecting the Administration’s position on the issue broadly. It obviously gets tiring to keep typing that it’s expected to be released “any day now,” but, it’s reportedly finalized and expected to be released… any day now.

On the Hill, indications after the House Energy and Commerce Cmte. Republican member meeting last week are that Chairman Upton (R-MI) and Sbcmte. Chair Bono Mack (R-CA) are still moving forward with intentions of advancing the SAFE Data Act before the end of the year. But again, indications are that time and opportunities have almost all but run out for passage of data security legislation in 2011.

Also last week, the National Institute of Standards and Technology (NIST) released its much anticipated U.S. Government Cloud Computing Technology Roadmap, a series of three volumes that combine to provide guidance for agencies around cloud computing, and to shorten the adoption cycle, enable near-term cost savings and increased ability to quickly create and deploy safe and secure cloud solutions. The Roadmap is part of a very aggressive strategy by the Administration to implement its “cloud-first” policy, and to develop standards and definitions in key areas such as security, interoperability, portability and eventually procurement. The Roadmap is open for public comment until Dec. 2 SIIA has been highly engaged with NIST’s efforts around cloud computing, and we are reviewing the Roadmap and planning to comment.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Cloud Computing, Digital Policy Roundup, International Policy, Policy, Software Tagged With: , , ,

Digital Policy Roundup: Copyright Office Declares Priorities, Cybersecurity and Cloud Computing Still a Focus for the Hill

October 26, 2011 By

Today, Maria Pallante, the U.S. Register of Copyrights, released a report outlining the Priorities and Special Projects of the U.S. Copyright Office through 2013. The Report articulates 17 priorities in the areas of copyright policy and administrative practice, as well as 10 new projects designed to improve the quality and efficiency of the U.S. Copyright Office’s services in the 21st century. This is the first time in recent history that the Office has published such a document. It provides an excellent roadmap for the most significant legislative, international and administrative copyright issues facing copyright holders and the Office now and into the immediate future.

In other IP news, indications from House leaders are still that the rogue websites legislation is expected to be introduced this week, as early as today. There has been a recent push by opponents of the legislation to stall it’s introduction, including a meeting last week with Cmte. staff where concerns about the potential implications of the bill were discussed.

On the cybersecurity front, the White House held a classified briefing with key Senate leaders last week. The meeting, including representatives from the FBI, DHS, NSA and bipartisan leadership of the Senate committees with jurisdiction over cybersecurity, was part of a continued effort by the White House to advance comprehensive cybersecurity legislation this year. While the meeting participants broadly agreed about the urgent need to address growing cybersecurity threats, there are several key issues that remain unresolved. To state the obvious, the clock is beginning to run out on 2011.

The FTC staff report on privacy is scheduled for release before the end of the year, but it is possible, and even likely, that issuance will go to the beginning of next year. The final report is likely to be very similar to the draft report. It will not be a major overhaul and will not contain any earth-shattering departures from the structure set out earlier. The major issues in play appear to be the definition and role of commonly accepted business, the role of data minimization, the application of privacy framework to both the online and off-line contexts and the distinction between first party and third party providers of online advertising. The report is likely to touch on the multi-stakeholder process that the Commerce Department is looking to establish and be consistent with it, but will focus more on principles and implementation rather than the process of developing self-regulatory codes of conduct. It is not yet clear whether the report will recommend legislation.

And as of last week, “cloud computing” is officially defined. That is, after a long time of working and reviewing, NIST last week released a FINAL version of their official definition of cloud computing, also known as SP 800-145. SIIA has worked with NIST throughout this process, and concur that this is a very solid definition, one that is widely referenced around the world. Of course, it’s breadth underscores why “cloud computing” is so challenging to define for policymaking purposes.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

 

Share|
Filed Under: Anti-Piracy, Copyright, Digital Policy Roundup, Policy Tagged With: , , ,

DOC/DHS Push for Notice on Botnets and Malware, Supreme Court Hearing Major Copyright Protection Case

October 11, 2011 By

At an event hosted by CSIS last week, Cam Kerry, General Counsel of the Commerce Department and Howard Schmidt, Cybersecurity Coordinator for the Obama Administration, emphasized the importance of their recently launched initiative to develop models to advance voluntary corporate notification to consumers regarding the illicit use of computer equipment by botnets and related malware. DHS and DOC/NIST recently issued a notice on the issue, seeking comment on a range of issues relating to how various actors could participate in a multi-stakeholder process designed to reduce these security threats. SIIA is looking to file comments in this proceeding and is seeking input from members. Comments are due on November 4.

Also on the cybersecurity front on Wednesday, the House Republican Cybersecurity Task Force released their formal recommendations. The Task Force was created by House Republican Leadership on June 24th, and asked to provide recommendations to Leadership. As expected, the Recommendations favor many SIIA priorities, such as a narrow definition of “critical infrastructure,” incentive-based approach, rather than regulations, as international collaboration, heavy engagement with the private sector, and providing public awareness regarding threats and existing solutions and best practices. SIIA put out a statement supporting the recommendations and highlighting some of our key priorities.

Importantly, the Recommendations also reiterated the House Republican’s belief that a large, “comprehensive” bill is practical, rather stressing the need for relevant committees to consider legislation separately through regular order. Consistent with this approach, Rep. Goodlatte indicated this week that he will soon introduce a proposal to enhance enforcement of cybercrime.

Also last week, the Supreme Court heard on Wednesday heard oral arguments in Golan v Holder. Before the court was the issue of whether Congress can restore copyright protection to a work whose copyright protection had previously expired and was therefore in the public domain. The court will decided whether the Copyright Clause and/or the First Amendment of the U.S. Constitution prohibit Congress from taking works out of the public domain. SIIA included a detailed summary of the oral arguments in our IP Policy Update.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Cloud Computing, Copyright, Digital Policy Roundup Tagged With: , ,

Cybersecurity is a major national security issue

October 6, 2011 By

Yesterday, SIIA applauded the House Republican Cybersecurity Task Force’s conclusion that cybersecurity is a major national security issue and a critical component of economic growth. In particular, SIIA strongly supports the Task Force’s support for a global approach to cybersecurity that seeks international consensus to avoid fragmented, unpredictable national requirements.

The recommendations appropriately recognize the need to avoid hobbling U.S. industry with a set of U.S.-only standards. The Task Force instead calls for international colaboration and heavy engagement with the private sector on security standards that are not U.S.-centric.

Public-private cooperation is vital for the success of any security regime. SIIA appreciates that the Task Force has focused on enhancing incentives, not increasing regulations, to encourage private companies to step up cybersecurity. In the fast-changing world of cybersecurity, strict mandates could hinder businesses from adapting to the ever-changing technology landscape.

The fact is, strong cybersecurity initiatives already exist within the marketplace. When there is agreement that the needed level of security goes beyond that for which a business case can be made, the most effective role for government is to provide businesses with support and further incentives.

SIIA further concurs that improving information-sharing is a critical element of cybersecurity. SIIA members are industry leaders in providing a wide range of cybersecurity products and services to help users protect themselves. The government could play a very effective role in promoting public awareness of threats–and best practices to protect against those threats.
 

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Cybersecurity, Software Tagged With: ,

Cloud season continues on Hill, data security headlines Committee focus

September 27, 2011 By

Cloud computing season continues on the Hill. Last week’s hearing on cloud computing in the House Science Sbcmte. on Technology and Innovation didn’t generate any major headlines, which is largely a good thing. Next week the House Homeland Security Sbcmte. on Cybersecurity is planning to hold an informational hearing on cloud computing security. Most importantly, but least officially, rumor has it that Sen. Klobuchar is still seeking to introduce her draft cloud computing legislation.

In other cloud news, NIST has officially scheduled their fourth Cloud Computing Roundtable and Workshop for Nov. 2-4, at which time they plan to unveil their Cloud Computing Roadmap guidance document for federal agencies.

Also of note last week, the Sen. Judiciary Cmte. approved — along party lines — three bills seeking to establish uniform rules for data security and breach notification. As we reported last week, these were held over from the previous week due to a lack of Republican members for a quorum. While attendance was sufficient this time around, Sen. Grassley again voiced serious reservation with all of the bills, stating that they would create an unnecessary burden on businesses of all sizes. And while Sen. Commerce Cmte., Chair Rockefeller still has not provided word on when the Cmte. will proceed with the pending markup of his bill, the House E&C Cmte. staff has indicated that it’s likely to revisit the issue this fall.

Finally, President Obama last Friday announced a sweeping set of federal NCLB education waivers states and school districts can apply for in the areas of testing/accountability, school improvement, use of funds and teacher quality/effectiveness. Most significantly, the waivers will provide some flexibility in how student, teacher and school performance is measured, as well as to the nature of school improvement remedies (e.g., Title I Supplemental Educational Services tutoring will likely see a large reduction) and the targeting of limited improvement resources. SIIA will provide members with further information and analysis on this in the near future, particularly considering how this is likely to affect education technology.

Share|
Filed Under: Digital Policy Roundup, Education Policy, Policy Tagged With: , , ,
« Older Posts
Newer Posts »