| Senate Committee Examines
Cyber Terrorism Threats |
9/12. Since the events of September 11, almost all public
hearings and meetings on Capitol Hill have been cancelled or
postponed. The House and Senate both met to pass a joint
resolution on September 12. One of the few previously
scheduled events that did proceed on September 12 was a
hearing of the Senate
Governmental Affairs Committee on cyber terror threats to
America's critical information infrastructure.
The events of September 11 were not an attack on information
systems. However, the members of the Committee examined what
terrorist threats exist to these systems, and what should be
done to minimize the risks. The Committee has jurisdiction
over information infrastructure of government agencies only.
Nevertheless, the Senators addressed both government and
private sector issues. The Senate Judiciary Committee's
Technology, Terrorism, and Government Information Subcommittee
had scheduled a hearing on another matter for September 12.
But, it cancelled its hearing.
Sen. Joe Lieberman
(D-CT), the Chairman of the Committee, presided. Sen. Fred Thompson
(R-TN), the ranking Republican also participated. Sen. Bob Bennett (R-UT)
was present throughout the two hour hearing. Sen. Jim Bunning (R-KY),
Sen. Carl Levin (D-MI),
Sen. Tom Carper
(D-DE), and Sen. Mark
Dayton (D-MN), also participated.
Sen. Lieberman said that the events of September 11 begin a
new era for American national security, and that future
attacks will also target critical information infrastructure.
The primary witness, Joel Willemssen of the General Accounting Office,
testified that "federal computer systems are riddled with
weaknesses that continue to put critical operations and assets
at risk." See, prepared
testimony [PDF] of Willemssen.
Sen. Lieberman questioned Willemssen about the reasons for
lack of preparedness in both the public and private sectors.
Willemssen stated that Presidential
Decision Directive 63 [PDF], dated May 1998, has not been
adequately implemented. He also said that the problem is that
agencies have not made this a priority. Willemssen testified
that another problem is that "the private sector does not
always want to share information."
Sen. Thompson suggested that the way to get the private sector
to share information about cyber security with government is
to give it the same sort of statutory protection that the
Congress gave in The Y2K Act. Sen. Bennett interjected,
"Have I got a bill for you," perhaps referring to HR
2435, the Cyber Security Information Act.) Willemssen
agreed with them. Willemssen also testified later that he
supports a proposal contained in a bill sponsored by Sen.
Lieberman and Sen. Thompson that would create a new federal
office of Chief Information Officer. (See, S
803, the E-Government Act of 2001.)
Sen. Dayton pressed Willemssen on specific types of cyber
threats. He responded that these are "disruption and
stoppages of operation", "inappropriate
disclosure of sensitive information", and that terrorists
might "change or modify or destroy data ..." Sen.
Carper asked Willemssen which sectors of the economy are most
secure from cyberthreats, and which are most vulnerable. He
responded that banking, finance, and electric power are in the
best position, while the public health sector is weak. |
|
|
| Sept 11 Events Seen As an
Attack Upon Infrastructure |
9/12. Sen. Bennett made the point that the attacks of
September 11 were not only attacks upon human life and symbols
of America; they were also successful attacks upon American
infrastructure. Moreover, said Sen. Bennett, they had some of
the same sort of results as a major cyber attack upon
information infrastructure. He noted that the attacks
succeeded in completely shutting down both the air traffic
system and the stock markets. He also noted that a significant
amount of data was destroyed in the World Trade Center in law
offices, brokerages, and other offices.
Sen. Bennett was the Senate's point man on ensuring that
critical information systems of the federal government were
not adversely affected as a result of failure to remedy Y2K
conversion problems. He is now the Senate's leading authority
on terrorist threats to the critical information
infrastructure. |
|
|
| More Statements From Cyber
Terrorism Hearing |
More Money. Sen. Thompson stated that "we have
to get more serious." He said this includes a larger
military budget, more money for intelligence, and more money
for infrastructure protection. Sen. Thompson also stated that
the Governmental Affairs Committee has been active in
promoting government information security. He cited hearings
held by the Committee, reports prepared for it by the GAO, and
bills passed. He also distributed a CYA memo which listed 17
of actions taken by the Committee.
New Leadership. Sen. Bennett said that the U.S. must
reform the way the federal government is organized to protect
against attacks on America's information infrastructure. He
stated that it was a mistake in PDD 63 to put the leadership
of this effort at the FBI's National
Infrastructure Protection Center. He reasoned that the FBI
and Department of Justice are law enforcement agencies focused
on investigating and prosecuting past crimes. He said that
what is needed is leadership that focuses of prospective
threats, and strategically seeks to prevent them from being
realized. However, he did not say who this should be. |
|
|
| GAO Criticizes Lack of
Computer Security at Education Department |
| 9/12. The GAO
released a report
[PDF] titled "Education Information Security:
Improvements Made But Control Weaknesses Remain." The GAO
concluded that the Department of
Education "has made progress in correcting security
weaknesses identified by Education’s IG, and that the
department has taken other actions to improve security.
However, we identified weaknesses that place critical
financial and sensitive grant information at risk of
unauthorized access and disclosure, and key operations at risk
of disruption. Specifically, Education did not sufficiently
protect its network from unauthorized users, effectively
manage user IDs and passwords, appropriately limit access to
authorized users, effectively maintain system software
controls, or routinely monitor user access activity. Further,
Education was not providing adequate physical security for its
computer resources ..." The report was prepared for Rep. Peter Hoekstra
(R-MI) and Rep.
Charlie Norwood (R-GA). |
|
|
|
| Cancellations and
Postponements |
9/13. The House
Judiciary Committee cancelled its meeting to mark up HR
1552, the "Internet Tax Nondiscrimination Act",
and other bills. The meeting had been scheduled for Thursday
morning, September 13. HR 1552 extends the existing Internet
tax moratorium.
9/12. The House
Commerce Committee's Subcommittee on Telecommunications
and the Internet postponed its hearing titled "Transition
to Digital Television: Progress on Broadcaster Buildout
and Proposals to Expedite Return to Spectrum", which had
been scheduled for September 12.
9/12. The Senate
Judiciary Committee's Technology, Terrorism, and
Government Information Subcommittee postponed its hearing on S
1055, which had been scheduled for Wednesday afternoon,
September 12. The bill is sponsored by Sen. Dianne Feinstein
(D-CA). It would require the consent of an individual prior to
the sale and marketing of such individual's personally
identifiable information. No new date for the hearing has
yet been set.
9/11. The Computer
System Security and Privacy Advisory Board (CSSPAB) had
been scheduled to hold three days of meetings on September
11-13. The CSSPAB advises the Secretary of Commerce and the
Director of NIST on security and privacy issues pertaining to
federal computer systems. The meeting was cancelled just after
it began early on the morning of September 11. The CSSPAB
meets quarterly. This meeting will not be rescheduled. The
next quarterly meeting will be in early December. See,
original notice
in Federal Register, August 27, 2001, Vol. 66, No. 166, at
Pages 45009 - 45010. |
|
|
| 5th Circuit Rules on
Jurisdiction in Patent Related Appeals |
| 9/12. The U.S.
Court of Appeals (5thCir) issued its opinion
in James
Logan v. Burgers Ozark Country Cured Hams, a
case involving several issues, including when the U.S. Court of Appeals for the
Federal Circuit has jurisdiction over appeals from
judgments of U.S. District Courts in disputes which implicate
patents. The Fifth Circuit held that it had jurisdiction, and
affirmed the District Court on substantive issues. |
|
|
| New USPTO Rules |
| 9/12. The USPTO published
a notice
[PDF] in the Federal Register regarding its new rules relating
to civil actions and claims involving the USPTO. These rules
provide procedures for service of process, obtaining USPTO
documents and employee testimony, indemnifying employees, and
making a claim against the USPTO under the Federal Tort Claims
Act. See, notice in Federal Register, Vol. 66, No. 177,
September 12, 2001, at pages 47387 - 47392. |
|
|
| FCC News |
9/12. The FCC announced
that the meeting of the Commission set for September 13 at
9:30 AM will proceed as scheduled. The agenda remains
unchanged.
9/12. The FCC announced that the meetings its Public Safety
National Coordination Committee scheduled for September 13 and
14 have been postponed. The FCC has not yet rescheduled these
meetings. See, FCC
release [PDF].
9/12. The FCC issued a statement
regarding the effect of its closure on September 11 on filing
and fee payment deadlines. It stated: "Due to the
national emergency that occurred yesterday, September 11, the
Federal Communications Commission closed its offices early in
the morning. According to section 1.4(e)(1) of the
Commission's rules, 47 C.F.R. Section 1.4(e)(1), all filings,
paper and electronic, that were due on September 11, 2001, are
due today, September 12, 2001, the Commission's next official
work day after early closing. In addition, September 11th does
not count in computing filing periods that are less than seven
days. See 47 C.F.R. Section 1.4(g)."
9/12. FCC Chairman Michael Powell
praised the "tireless and heroic efforts of those in the
telecommunications industry who are working hard to keep our
most fundamental communications systems – such as telephone
service, wireless phone service and television service –
operating efficiently under the circumstances." See, FCC
release. |
|
|
| Verizon Assesses Damage to
its New York City Facilities |
| 9/12. Verizon stated
that it "began work to restore phone service to a major
switching center that was damaged as a result of yesterday's
attacks on the World Trade Center." See, Verizon
release. On September 11, Verizon stated "Two
facilities at the World Trade Center that handled calls to and
from the complex were destroyed in the building
collapse." It also stated that "Verizon has as many
as 10 wireless cell cites in New York City that are not
operating." See, Verizon
release. |
|
|
| California Upholds
Conviction for Removing Battery from Cordless Phone |
| 9/12. The Court
of Appeal of California (4/2) issued its opinion
[PDF] in People
v. Tafoya, affirming a criminal conviction of a
California man for removing a battery from a cordless
telephone. This is a domestic abuse case. However, in addition
to abuse related charges, the defendant was charged with
violation of California Penal Code, Section 591, which makes
it a crime unlawfully and maliciously to injure or obstruct a
telephone line "or appurtenances or apparatus connected
therewith". The Court of Appeal held that "the jury
could properly find defendant Michael Martin Tafoya guilty
under section 591 based on the evidence that, during an
argument with his estranged wife, he removed the battery from
her cordless phone. This is true even though she was still
able to call the police from another phone." However, the
Court of Appeal reasoned that "it does not make it a
crime to leave a phone off the hook either negligently or
accidentally." |
|
|
| 9th Circuit Affirms in FTC
v. Gill |
9/12. The U.S.
Court of Appeals (9thCir) issued its opinion
in FTC
v. Gill, affirming a District Court judgment in
an FTC civil enforcement action brought under the Credit
Repair Organizations Act (15 U.S.C. §§ 1679-1679j). The FTC
is a federal agency with authority to bring enforcement
actions to stop a wide range of deceptive business practices
that harm consumers. In recent years, it has been involved in
shutting down Internet fraud.
This is not an Internet fraud case. Rather, the defendants
operated a credit repair scam. The FTC filed a complaint in
the U.S. District
Court (CDCal) seeking a permanent injunction from
participating in the credit repair business, and monetary
relief in the form of consumer redress, restitution and
disgorgement. Defendant Keith Gill is an attorney in
California. The defendants fought the action. The FTC won in
the District Court (including a $1,335,912.14 money judgment).
The Appeals Court affirmed. |
|
|
|
| Thursday, Sept 13 |
POSTPONED. Meetings
of the FCC's Public
Safety National Coordination Committee scheduled for September
13 and 14. See, FCC
notice of postponement.
CANCELLED. 7:30
AM. The Northern Virginia
Technology Council's Finance Committee will hold an event
titled "Meet the Capital Players". The program will
run from 8:00 - 9:30 AM. The event is sponsored by Ernst &
Young and the law firm of Wilmer
Cutler & Pickering. See, brochure.
Location: Ernst & Young Solutions Center, 8381 Old
Courthouse Road, Vienna, Virginia.
CANCELLED. 9:00 AM
- 2:00 PM. The Computer
System Security and Privacy Advisory Board (CSSPAB) will
hold the third session of a three day meeting. The CSSPAB
advises the Secretary of Commerce and the Director of NIST on
security and privacy issues pertaining to federal computer
systems. See, notice
in Federal Register, August 27, 2001, Vol. 66, No. 166, at
Pages 45009 - 45010. Location: National Security Agency's
National Cryptologic Museum, Colony 7 Road, Annapolis
Junction, Maryland.
9:30 AM. The U.S.
Court of Appeals for the District of Columbia Circuit is
scheduled to hear oral argument in Grid Radio v. FCC,
No. 99-1463. This is a petition for review of a final order of
the FCC against an unlicensed radio broadcaster. Judges
Williams, Tatel and Garland are assigned. Location: 333
Constitution Ave., NW, Washington DC.
9:30 AM. The FCC will hold its previously scheduled
meeting, with its full original agenda.
Location: FCC, 445 12th Street, SW, Washington DC.
POSTPONED. 10:00
AM. The House
Judiciary Committee will hold a meeting to mark up several
bills, including HR
1552, the "Internet Tax Nondiscrimination Act."
Location: Room 2141, Rayburn Building.
10:30 AM. The Senate
Judiciary Committee may hold an executive business meeting
to consider several bills. The Committee may mark, S1319 / HR
2215, a bill to authorize FY 2002 appropriations for the
Department of Justice, and several non tech related bills: S
754, S1140, and S 1315. The times and agendas of this
Committee are unpredictable even under normal circumstances.
Room 226, Dirksen Building.
2:00 PM. The Senate
Commerce Committee's Science, Technology, and Space
Subcommittee is scheduled to hold a hearing on digital
divide issues. Location: Room 253, Russell Building.
2:00 PM. The Senate
Judiciary Committee will likely hold a hearing on the
pending nominations of Barrington Parker (to be U.S. Circuit
Judge for the Second Circuit), Laurie Camp (to be a U.S.
District Court Judge for the District of Nebraska), Michael
Mills (to be a U.S. District Court Judge for the Northern
District of Mississippi), and John Gillis (to be Director of
the Office of Victims of Crime). The times and agendas of this
Committee are unpredictable even under normal circumstances.
Room 226, Dirksen Building.
2:30 PM. The Senate Armed Services Committee is scheduled to
hold hearings on the nomination of General Richard Myers to be
Chairman of the Joint Chiefs of Staff. Location: Room 216,
Hart Building. |
|
|
| FCC Meeting Agenda, Sept 13 |
A Notice Proposed Rule Making (NPRM) to reexamine the FCC's
rule that establishes safeguards for the provision of
in-region, interexchange services by incumbent independent
local exchange carriers. CC Docket No. 00-175.
A NPRM to modify its rule and/or waiver policies relating to
common ownership of broadcast stations and newspaper in the
same geographic area.
A Further Notice of Proposed Rule Making concerning its cable
horizontal and vertical ownership limits and certain
aspects of its attribution rules as affected by the opinion
of the U.S. Court of Appeals (DCCir) in Time Warner
Entertainment v. FCC, 240 F.3d 1126 (D.C. Cir. 2001, No.
94-1035, March 2, 2001).
A First Report and Order to streamline the equipment
authorization procedures for software defined radios.
ET Docket No. 00-47. |
|
|
| Friday, Sept 14 |
| 2:00 - 5:00 PM. National
Science Foundation's (NSF) Advisory Committee for
Cyberinfrastructure will hold a meeting to develop a plan
for the preparation of a report to the NSF regarding advanced
cyberinfrastructure and the evaluation of the existing
Partnerships for Advanced Computational Infrastructure. See, notice
in Federal Register, September 4, 2001, Vol. 66, No. 171, at
Page 46293. Location: Room 1150, National Science Foundation,
4201 Wilson Boulevard, Arlington, Virginia. |
|
|
|
|
|
| About Tech Law Journal |
Tech Law Journal is a free access web site and e-mail alert
that provides news, records, and analysis of legislation,
litigation, and regulation affecting the computer and Internet
industry. This e-mail service is offered free of charge to
anyone who requests it. Just provide TLJ an e-mail address.
Number of subscribers: 2,037.
Contact: 202-364-8882; E-mail.
P.O. Box 15186, Washington DC, 20003.
Privacy
Policy
Notices
& Disclaimers
Copyright 1998 - 2001 David Carney, dba Tech Law Journal. All
rights reserved. |
|
|