Tech Law Journal Daily E-Mail Alert
February 19,2002, 9:00 AM ET, Alert No. 371.
TLJ Home Page | Calendar | Subscribe | Back Issues
Clarke Addresses Cyber Security on Capitol Hill
2/13-14. Richard Clarke, Special Advisor to the President for Cyberspace Security, addressed cyber security issues on Capitol Hill. He briefed the Senate Judiciary Committee's Administrative Oversight and the Courts Subcommittee on February 13. See, opening statement and excerpts from question and answer session. He also gave a speech at a luncheon hosted by Sen. Jay Rockefeller (D-WV) and Sen. Bill Frist (R-TN) on February 14.
He explained the origin of the cyber security problem at the February 14 luncheon. "We see that something remarkable happened in the course of the 1990s. Something akin to the industrial revolution occurred. ... What did happen is that every sector of our economy and government moved the operation of critical functionality onto network systems. ... everybody moved all of their operations on to these network systems, and are now dependent upon them. ... And in doing this migration of functionality into these network systems, we did not, as a nation pay enough attention to designing security in. In effect, we took systems that were designed to do something very different, and we made them do a great deal. We made them run our country. That was great for us in terms of productivity increases. It was great for us in terms of lowering the cost of doing business. But it was bad for us in the opening up of vulnerability, because the software, the hardware, the overall architecture was never designed with the thought that somebody maliciously would attack it. And so, we have legacy systems proliferated throughout our economy that are very vulnerable to attack."
He also addressed what to do about cyber threats. He stated that "We have to think of it primarily first as a software and hardware architecture problem, not as a criminal problem, not as an intelligence problem, not even as a national security problem, primarily. We have, first, get the government to serve as an example." He stated that the President's FY 2003 budget request contains a 64% increase for government IT security.
He continued that the private sector needs to do the same thing. He said that "we need a partnership between the private sector and the government to share information, to get over the roadblocks of secret and top secret, to share information, to share the burden for research and development, and to cooperate in an effort to secure our infrastructures. And to do all of this, without heinous regulation. Because, if the government tried to regulate IT security, it would never achieve it. So, we are going to try to do this in partnership, and using market forces."
Clarke went into more detail in his longer briefing of the Senate Judiciary Committee. He was the sole briefer. Sen. Charles Grassley (R-IA) and Sen. John Edwards (D-NC) both appeared briefly. Otherwise, the entire proceeding was conducted by Sen. Charles Schumer (D-NY). Hence, the proceeding was conducted more like a deposition than a typical Congressional hearing.
Clarke reviewed the vulnerabilities of networked computer systems, and the spectrum of threats to them. He stated that to date terrorist groups, such as "Hamas, Hezbollah, Al Queda", have used the Internet for propaganda and fund raising, but not for cyber attacks. However, he added, "That may be about to change, because, ... there is evidence that Al Queda was using the Internet to do at least reconnaissance of American utilities, and American facilities, by going to publicly available web sites, where all too often we have too much information about our facilities."
Sen. Schumer asked Clarke why the U.S. has been spared so far from cyber attacks. Clarke responded, "You don't know what you don't know. And we clearly do not know whether or not there have already been successful penetrations of our networks, that we don't know about. If I were a betting person, I would bet that many of our key networks have already been penetrated. The trap doors, or trojan horses, or logic bombs, may already be in many of our key infrastructures."
Sen. Schumer asked about the capability of nation states to conduct cyber attacks. Clarke stated that he could not assess this. He elaborated that "this is one of the differences between, say, weapons of mass destruction, and information warfare weapons. As you well know, when we were looking at Iraq, to see if they had nuclear weapons, or when we look at Iran to see if it has biological weapons, there are things that we can look for, that our satellites can take pictures of. You can look for, particularly, types of facilities, and try to estimate, based upon the things like what they are buying, and what, how far along they are in the process of weapons development. ... But, on information warfare, there is nothing for our satellites to take a picture of. And, it is not possible to take a look at what there procurement records are, and deduce from that that they have this capability or that capability. So, it is a little bit tougher to know how far along they are."
Sen Schumer asked about the U.S. policy regarding retaliation for cyber attacks. Clarke stated that "I think we have had a policy that has not been well known. But I think that it is a fairly well articulated policy, for the last several years, which is that anyone that engages information warfare against us, be they a nation state, or a terrorist group, has to realize that we will respond in whatever way we think is appropriate. Somehow, people have gotten the idea in some academic circles that if an information warfare attack is launched on the United States, the only thing that we can do is respond with information warfare attacks of our own. That is not true. If we find a terrorist group or a nation state that is engaged in information warfare against us, we reserve the right to respond in any way appropriate -- through covert action, through military action, any one of the tools available to the President."
Administration Supports Cyber Security Exception to FOIA
2/13. Richard Clarke, Special Advisor to the President for Cyberspace Security, stated that the administration supports a narrowly crafted amendment to the Freedom of Information Act (FOIA) to provide incentives to the private sector to provide information to the government regarding cyber security.
Clarke briefed the Senate Judiciary Committee's Administrative Oversight and the Courts Subcommittee on February 13. Sen. Charles Grassley (R-IA), who initiated the discussion, stated that "the government's vitally important work to protect critical infrastructure can only be done in partnership with private industry. For that to happen, I think we all know there has to be trust. But the private sector can be hesitant to report information, especially if it's proprietary, and they don't want their competitors to know about it. Corporations are even more hesitant to give this type of information to a law enforcement agency."
Clarke responded, "you are absolutely right, there is a problem right now. Companies don't tell the government when they have been hit. The nimda virus in November of last year attacked many household name companies in the banking industry, the finance industry, and elsewhere, and yet, we don't know that officially. And, I can't tell you officially the names of these banks and companies that were hit because the only way we know is through the rumor mill."
Clarke continued: "Well, why won't they tell us? The real block seems to be the Freedom of Information Act. The Freedom of Information Act, justifiable, or unjustifiably, scares corporate counsel. And, I have been told by numerous companies across the country, ``Our lawyers tell us not to share information with you in the government because it could then be requested by any citizen through a Freedom of Information Act request´´. I think that is an inaccurate reading of the law. I think that information could be exempt under the existing law. But, what I think isn't what counts. What counts is what the corporate lawyers are telling the companies. And so I support, and the President supports, a very narrowly, very narrowly, crafted amendment to the Freedom of Information Act that would remove that barrier ..." See, transcript of Clarke's opening statement and excerpts from question and answer session.
Sen. Robert Bennett (R-UT), who is not a member of the Senate Judiciary Committee, is the sponsor of a bill that would provide such an exemption. S 1456, the Critical Infrastructure Information Security Act of 2001, would provide a FOIA exemption for certain cyber security information provided to certain federal agencies, including the NIPC, FCC, Justice Department, Defense Department, and Commerce Department. The bill would also provide an antitrust exemption for certain collaboration on cyber security issues.
Administration Opposes Cyber Security Tax Incentives and Mandates
2/13. Richard Clarke, Special Advisor to the President for Cyberspace Security, stated that the administration opposes both tax incentives and regulatory mandates to incent the private sector to increase cyber security.
Clarke briefed the Senate Judiciary Committee's Administrative Oversight and the Courts Subcommittee on February 13. In response to questions from Sen. John Edwards (D-NC), he stated: "Senator, you talk about inducements and mandates to the private sector. And, we decided not to do either. We don't think that a tax credit is the way to go."
Clarke also stated that "We don't think that the government mandating IT security practices is the way to go. By the time the government issued a regulation, it would be out of date, and it would probably be wrong. What we think has to be done is that the private sector has to realize the importance of this issue, and they have to organize themselves to deal with this issue. That means that the average company needs to ask, ``Why don't I have a secure product? Why was I have by code red in July? Why was I hacked by nimda in November?´´ " See, transcript of Clarke's opening statement and excerpts from question and answer session.
WTO Appointments
2/15. The World Trade Organization (WTO) announced the names of chairpersons for WTO bodies. See, list of appointees and statement by WTO Director General Mike Moore.
About Tech Law Journal
Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for entities with multiple subscribers. Free one month trial subscriptions are available. Also, free subscriptions are available for law students, journalists, elected officials, and employees of the Congress, courts, and executive branch, and state officials. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert and news items are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882; E-mail.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy

Notices & Disclaimers

Copyright 1998 - 2002 David Carney, dba Tech Law Journal. All rights reserved.
Federal Circuit Rules on Applicable Law in Patent Appeals
2/15. The U.S. Court of Appeals (FedCir) issued its opinion in Fiskars v. Hunt a patent infringement case involving applicable law in appeals to the Federal Circuit, and motions for relief from judgment pursuant to FRCP 60(b).
Fiskars owns U.S. Patent No. 5,322,001, which is directed to a paper trimmer with a rotary blade. Fiskars filed a complaint in U.S. District Court (WDWisc) against Hunt Manufacturing alleging patent infringement. The trial court jury found Hunt liable for infringement under the doctrine of equivalents and awarded damages, and the District Court entered judgment. Hunt filed a motion for relief from judgment pursuant to Federal Rule of Civil Procedure 60(b), which the District Court denied.
The Appeals Court first addressed what law to apply in its review of the denial of the Rule 60 motion --  the law of the Federal Circuit, or the regional circuit. The Appeals Court wrote that "When reviewing non-patent issues, our general practice is to apply the law of the regional circuit". It further stated that "Because rulings under Rule 60(b) commonly involve procedural matters unrelated to patent law issues as such, we often defer to the law of the regional circuit in reviewing such rulings."
However, the Appeals Court continued that "a procedural issue that is itself not a substantive patent law issue may be governed by Federal Circuit law if the issue ``pertain[s] to patent law, ... bears an essential relationship to matters committed to our exclusive control by statute, ... or clearly implicates the jurisprudential responsibilities of this court in a field within its exclusive jurisdiction.´´ ... Consequently, when a district court’s Rule 60(b) ruling turns on substantive matters that pertain to patent law, we review the ruling under Federal Circuit law because ``we perceive a clear need for uniformity and certainty in the way the district courts treat [the] issue.´´ " (Citations omitted). The Appeals Court applied Federal Circuit law. The Court then held that the District Court did not abuse its discretion in denying the Rule 60 motion. Affirmed. 
Tuesday, Feb 19
The House and Senate are in recess this week.
4:00 PM. Deadline to submit grant applications to the Department of Labor's Employment and Training Administration for funds for skills training programs. These grants are financed by user fees paid by employers in the H-1B visa program. See, notice in Federal Register, January 10, 2002. This notice changes a deadline of February 12 contained in a previous notice in the Federal Register.
Extended deadline to submit reply comments to the FCC in response to its Further Notice of Proposed Rulemaking regarding its cable horizontal and vertical ownership limits. See, original notice [PDF] in Federal Register of October 11, 2001, and extension Order [PDF] of January 29, 2002. The NCTA requested the extension.
Deadline to submit comments to the FTC regarding its proposed settlement with Eli Lilly (which accidentally disclosed the e-mail addresses of 669 subscribers to a Prozac e-mail list). The proposed settlement requires Eli Lilly to establish a security program. See, notice in the Federal Register.
Deadline to submit comments to the FCC in the matter of Ambient's application for a determination that it is an exempt telecommunications company. It is an electric power company that also provides broadband Internet access and related information services over power lines to electrical outlets in residences. See, FCC release [PDF].
Wednesday, Feb 20
9:00 AM - 4:30 PM. The FTC and the Antitrust Division of the Department of Justice will hold the third in a series of joint hearings on antitrust and intellectual property. There will be two sessions (9:00 AM - 12:30 PM and 2:00 - 4:30 PM) titled "Economic Perspectives on Intellectual Property, Competition and Innovation". The morning speakers will be Wesley Cohen (Carnegie Mellon Univ.), Robert Evenson (Yale), Edmund Kitch (Univ. of Virginia), James Langenfeld (LECG), and Maureen O’Rourke (Boston Univ.). The afternoon speakers will be Shane Greenstein (Northwestern Univ.), Margaret Calvert (Economists, Inc.), Joshua Lerner (Harvard Business School), Stan Liebowitz (Univ. of Texas at Dallas), Philip Nelson (Economists, Inc.), Janusz Ordover (NYU), Lawrence White (NYU). Location: Room 432, FTC, 600 Pennsylvania Ave., NW.
8:00 AM - 6:00 PM. The FCBA and Georgetown University Law Center (GULC) will co-host a CLE program titled "FCC Speaks". FCC Chairman Michael Powell will speak on "The Path to the Digital Broadband Migration" at 8:30 AM. FCC Commissioners Abernathy, Copps, and Martin will participate in a panel discussion at 4:20 PM. The program will also include panels titled "National Broadband Policy", "Competition Policy Panel", "Spectrum Allocation Policy", "Media Ownership Working Group", "Digital Television Task Force", and "Homeland Security Council". See, full schedule. The price to attend is $795, $745 (GULC alumni), $695 (FCBA members), and $595 (government employees). Location: GULC, Moot Courtroom, 600 New Jersey Ave., NW.
Thursday, Feb 21
9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Unity Broadcasting v. FCC, No. 01-1148. Judges Henderson, Randolph and Rogers will preside. Location: 333 Constitution Ave. NW.
12:15 PM. The FCBA's Young Lawyers Committee will hold a brown bag lunch. RSVP to Yaron Dori at ydori @hhlaw.com. Location: Hogan & Hartson, 555 13th Street, NW, Room 13E-407 (use East Tower elevators).
Monday, Feb 25
The Senate will reconvene at 12:00 NOON following its Presidents Day recess. The House will not be in session.
Deadline to submit oppositions and responses to the FCC's Cable Services Bureau regarding the applications of Hughes Electronics Corporation and EchoStar Communications Corporation to the FCC requesting consent to the transfer of control of licenses and authorizations involved in the EchoStar DirecTV merger. See, FCC notice [MS Word]. This is CS Docket No. 01-348.
4:00 PM. Deadline for Members of the House to submit to the House Rules Committee proposed amendments to HR 1542, the Tauzin Dingell bill. See, Cong. Rec., Feb. 7, 2002, at H217.
6:30 PM. The National Press Club will host a panel discussion on distance learning. The topics to be discussed include copyright issues. The speakers will be Deborah Everhart (Blackboard.com) and Martin Irvine (Georgetown University). Coffee reception starts at 6:30 PM. The program starts at 7:15 PM, and is scheduled to finish at 9:00 PM. Location: NPC, 529 14th St. NW, 13th Floor.