7/27. The U.S. Patent and Trademark Office (USPTO) published a notice in the Federal Register that announces, describes, recites, and sets the comment deadline for, its further interim guidance for the patent examining corps to use when determining subject matter eligibility under 35 U.S.C. § 101 following the June 28, 2010, opinion [71 pages in PDF] of the Supreme Court in Bilski v. Kappos.

In Bilski the Court addressed when processes that can be described as business methods can be patentable subject matter. See, story titled "Supreme Court Rules in Bilski" in TLJ Daily E-Mail Alert No. 2,101, June 30, 2010.

David Kappos, head of the USPTO, stated in a release that "We now seek input from the public as we further refine and finalize this guidance.  In the meantime, this interim guidance will assist our examiners in their examination of applications where subject matter eligibility of method claims must be determined".

This interim guidance is effective as of July 27, 2010. The comment deadline is September 27, 2010. This notice supplements the USPTO interim instructions dated August 24, 2009, and supersedes the USPTO's interim guidance memorandum dated June 28, 2010.  

See, Federal Register, July 27, 2010, Vol. 75, No. 143, at Pages 43922-43928.

7/27. The Federal Trade Commission (FTC) filed an administrative complaint [PDF] against Rite Aid Corporation alleging violation of Section 5(a) of the FTC Act in connection with its discarding in dumpsters records containing personally identifiable information (PII).

The FTC simultaneously entered into an Agreement Containing Consent Order [9 pages in PDF] with Rite Aid. It orders that Rite Aid will not "misrepresent ... the extent to which it maintains and protects the privacy, confidentiality, security, or integrity of personal information collected from or about consumers", and that Rite Aid will create "a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers".

It also mandates periodic third party compliance reports, and periodic reports to the FTC.

Section 5(a) of the FTC Act, which is codified at 15 U.S.C. § 45, provides in part that "Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful."

The complaint alleges that Rite Aid "has disseminated or caused to be disseminated statements and privacy policies to consumers regarding the privacy and confidentiality of personal information, including, but not limited to" a statement in its published privacy policy that "Rite Aid takes its responsibility for maintaining your protected health information in confidence very seriously."

It then alleges that Rite Aid has "discarded materials containing personal information in clear readable text (such as pharmacy labels and employment applications) in unsecured, publicly-accessible trash dumpsters used by Rite Aid pharmacies on numerous occasions".

The complaint states that Rite Aid "has engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information. Among other things, respondent has failed to: (1) implement policies and procedures to dispose securely of such information, including, but not limited to, policies and procedures to render the information unreadable in the course of disposal; (2) adequately train employees to dispose securely of such information; (3) use reasonable measures to assess compliance with its established policies and procedures for the disposal of such information; and (4) employ a reasonable process for discovering and remedying risks to such information."

Rite Aid is also regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which is enforced by the DHHS.

In the FTC proceeding, Rite Aid admitted no wrongdoing, and the FTC imposed no penalty. However, DHHS fined Rite Aid $1 Million.

The DHHS and Rite Aid entered into a Resolution Agreement [24 pages in PDF] on June 7, 2010. The DHHS released this agreement on July 27, 2010. Rite Aid admitted no wrongdoing, but agreed to pay the DHHS $1 Million in three installments.

The DHHS disclosed in a release that government regulators learned of Rite Aid's actions after television reporters videotaped records with PII being tossed into dumpsters.

7/28. Several components of the Department of Commerce (DOC) published a notice in the Federal Register that announces, describes, and sets the comment deadline for, a Notice of Inquiry (NOI) regarding the "nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy".

Gary Locke, the Secretary of Commerce, gave a speech on July 27, 2010, at an event hosted by the DOC's Internet Policy Task Force titled "Cybersecurity and Innovation in the Information Economy".

Locke (at right) said that "The task force is working on developing cyber security policy, as well as policy recommendations on other critical Internet issues like privacy, copyright protection, and international e-commerce."

He recited some of the things that the DOC has done, or is doing, with respect to cyber security. He then asked for feedback from stakeholders on several subjects, and noted that the DOC is also issuing a NOI.

First, "What are the marketplace incentives and disincentives for better cyber security practices?"

Second, "By Presidential directive, the Department of Homeland Security has responsibility for coordinating cyber security initiatives with those who operate critical infrastructure and those who provide other key resources. For the rest of the private sector, what are the most effective ways to share best practices?"

Third, "How can policymakers prevent balkanization of the global legal framework?"

Fourth, "How can the government’s data gathering capability be put to better use in this space?"

Locke concluded that "what we need most in the cyber security arena is a commitment to ``pull together´´ -- to define roles and responsibilities more clearly -- and to deliver on those responsibilities."

The NOI, which takes up eight pages in the Federal Register, poses numerous questions. It states that "The primary focus of this inquiry, as reflected above and in the questions listed below, is on enhancing the cybersecurity practices of commercial actors, consumers, and citizens outside the CIKR sectors. Activities involving government systems, other critical infrastructures and key resources receive attention from the Department of Homeland Security and other agencies."

The NOI first asks for information regarding quantifying the impact of cyber security threats. For example, "How should a data gathering and analysis system (or systems) be fashioned to facilitate the collection of well-defined, consistent metrics to measure the financial impact of cybersecurity incidents and investments in cybersecurity protection?" (Parentheses in original.)

Also, "Are there adequate incentives for businesses to provide information about security breaches, data security losses, and cybersecurity investments?" And, what "data would be helpful"?

The NOI next asks questions about raising awareness and education. It asks, among other things, "Which educational plans are succeeding or failing, and have providers of such educational efforts attempted to measure return-on-investment? What additional role, if any, should the government play in cybersecurity education and awareness efforts? What programs, beyond continuing education for IT professionals, workplace training for users, or curriculum development for K-12 or post-secondary institutions, should be developed? Does the private sector require government assistance"?

The NOI next asks about data breach statutes and information sharing regarding cyber breaches. "Are existing information sharing mechanisms adequately-resourced but under-utilized? If so, what deters their use? How can the state of affairs be improved?"

It also asks, "is there a reluctance to use" existing resources and mechanisms for information? "If so, why? Does the government adequately assist businesses in the throes or in the aftermath of a cyber incident? Should the government create a cybersecurity service center"?

The NOI next asks about web site security, including government verification of web site security. "Should the government alone, the private sector, or the government and private sector collaboratively explore whether third-party verification of Web site and component security is or can prove effective in reducing the proliferation of malware? If so, what measures should be considered? What would be the implementation challenges in deploying such measures?"

The NOI next asks about authentication. For example, "what, if any, federal government support is needed to improve authentication/identity management controls, mechanisms, and supporting infrastructures? Do the authentication and/or identity management controls employed by commercial organizations or business sectors, in general, provide adequate assurance? If not, what improvements are needed?"

It also asks about anonymous identity credentials. "Is there a continuing need for limited revelation identity systems, or even anonymous identity processes and credentials? If so, what would be the potential benefits of wide-scale adoption of limited revelation identity systems or anonymous credentialing from a cybersecurity perspective? What would be the drawbacks?"

Also, "How might government procurement activities best promote development of a market for more effective authentication tools"?

And, it asks about "privacy and civil liberties questions raised by government involvement in identity management".

The NOI next asks about problems with foreign governments that result from doing business abroad, such as "foreign governments requiring access to product source code", and "unfair competition when competing against nationally controlled companies". It also asks, "Would a set of internationally accepted ``cybersecurity principles´´ in the area of standards and conformity assessment procedures be useful?"

The NOI next asks about product assurance. "Do current U.S. Government product assurance requirements inhibit production of timely security components and/or security-enhanced IT products and systems? Do current assurance processes inhibit innovation? If so, what would be the best way to improve the current U.S. product assurance scheme?"

The NOI next asks about cyber security research. "How can the federal government best promote additional commercial and academic research and development in cybersecurity technology? What particular research and development areas do not receive sufficient attention in the private sector?"

Finally, the NOI asks about the incentives for businesses to pursue cyber security. "Are existing incentives adequate to address the current risk environment? Do particular business segments lack sufficient incentives to make cybersecurity investments? If so, why? What would be the best way to encourage businesses to make appropriate investments in cybersecurity?"

The NOI adds that the DOC will issue a report regarding "domestic and international policies and activities in advancing both cybersecurity and the Internet economy".

The DOC's National Telecommunications and Information Administration (NTIA), National Institute of Standards and Technology (NIST), and International Trade Administration (ITA) issued this NOI.

The deadline to submit comments is September 13, 2010. See, Federal Register, July 28, 2010, Vol. 75, No. 144, at Pages 44216-44223. See also, DOC release.

7/27. The National Institute of Standards and Technology (NIST) published a notice in the Federal Register that requests nominations for membership on various of its federal advisory committees, including:

• Information Security and Privacy Advisory Board (ISPAB)
• Technology Innovation Program Advisory Board
• Board of Overseers of the Malcolm Baldrige National Quality Award
• Judges Panel of the Malcolm Baldrige National Quality Award
• NIST Smart Grid Advisory Committee
• Visiting Committee on Advanced Technology.

The notice sets no deadlines. See, Federal Register, July 27, 2010, Vol. 75, No. 143, at Pages 43933-43939.

7/28.The Federal Communications Commission (FCC) published a notice in the Federal Register that announces, describes, recites, and sets the comments deadlines for, its proposed changes to its satellite television significantly viewed rules to implement Section 203 of the Satellite Television Extension and Localism Act of 2010 (STELA). The deadline to submit initial comments is August 17, 2010. The deadline to submit reply comments is August 27, 2010. The FCC adopted its Notice of Proposed Rulemaking (NPRM) on July 22, 2010, and released the text [27 pages in PDF] on July 23, 2010. It is FCC 10-130 in MB Docket No. 10-148. See, Federal Register, July 28, 2010, Vol. 75, No. 144, at Pages 44198-44209.

7/28. The Department of Health and Human Services (DHHS) published a notice in the Federal Register that announces, describes, recites, and sets the effective date (August 27, 2010) for, its final rule setting its initial set of standards,
implementation specifications, and certification criteria for electronic health record technology. See, Federal Register, July 28, 2010, Vol. 75, No. 144, at Pages 44589-44654.

7/27. The Bureau of Industry and Security (BIS) published a notice in the Federal Register regarding its encryption registration requirement. See, Federal Register, July 27, 2010, Vol. 75, No. 143, at Pages 43819-43821.

7/22. The Department of Agriculture's (DOA) Rural Utilities Service (RUS) announced in its web site that it seeks comments on telemedicine. See, web page titled "The Power of Telemedicine -- Access", and DOA release.

The House will meet at 10:00 AM for legislative business. See, Rep. Hoyer's schedule for the week of July 26, and schedule for July 28.

The Senate will meet at 9:30 AM. It will resume consideration of HR 5297 [LOC | WW], the "Small Business Jobs and Credit Act of 2010".

9:00 AM. Day one of a two day meeting of the Department of Commerce's (DOC) Bureau of Industry and Security's (BIS) Information Systems Technical Advisory Committee (ISTAC). The July 28 agenda includes "Smart Grid", "Civil Satellite Telecommunications", and "GPU/CPU/Accelerators". The July 28 portion of this meeting is open to the public, and will also be teleconferenced. See, notice in the Federal Register, July 13, 2010, Vol. 75, No. 133, at Pages 39919-39920. Location: DOC, Room 3884, 14th Street between Constitution and Pennsylvania Aves., NW.

10:00 AM. The Senate Judiciary Committee (SJC) will hold a hearing titled "Oversight of the Federal Bureau of Investigation". The witness will be FBI Director Robert Mueller. See, notice. The SJC will webcast this event. Location: Room 226, Dirksen Building.

10:00 AM. The House Commerce Committee (HCC) will meet to mark up several bills, including HR 5710 [LOC | WW], the "National All Schedules Prescription Electronic Reporting Reauthorization Act of 2010". See, notice. Location: Room 2131, Rayburn Building.

11:00 AM - 12:00 NOON. The Federal Communications Commission's (FCC) WRC-12 Advisory Committee will meet. See, notice in the Federal Register, June 30, 2010, Vol. 75, No. 125, at Pages 37802-37803. Location: FCC, Commission Meeting Room, 445 12th St., SW.

1:00 - 2:30 PM. The American Bar Association (ABA) will host a webcast and teleconferenced event titled "New Developments and Trends in Music Publishing Law". The speakers will be Zeina Hamzeh (Warner Chappell Music, Inc.) and Ed Pierson. See, notice. Prices vary. CLE credits.

2:00 PM. The House Judiciary Committee's (HJC) Subcommittee on Crime, Terrorism, and Homeland Security will hold a hearing titled "Online Privacy, Social Networking, and Crime Victimization". The witnesses will be Gordon Snow (Federal Bureau of Investigation), Michael Merritt (U.S. Secret Service), Marc Rotenberg (Electronic Privacy Information Center), Joe Pasqua (Symantec), and Joe Sullivan (Facebook). See, notice. The HJC will webcast this event. Location: Room 2141, Rayburn Building.

2:30 PM. The Senate Judiciary Committee (SJC) will hold a hearing titled "Nominations". The witnesses will be Kathleen O'Malley, nominated to be a Judge of the U.S. Court of Appeals for the Federal Circuit), Beryl Howell (U.S. District Court of the District of Columbia), and Robert Wilkins (USDC/DC). See, notice. The SJC will webcast this event. Location: Room 226, Dirksen Building.

2:30 PM. The Senate Banking Committee (SBC) will hold an executive session to consider pending nominations, including Janet Yellen, Peter Diamond, and Sarah Raskin to be members of the Board of Governors of the Federal Reserve System. See, notice. Location: Room 538, Dirksen Building.

5:00 - 7:00 PM. The New America Foundation (NAF) will host a panel discussion titled "Digital District: Local News and Online Media Access in Washington". The speakers will be Dan Silverman, Veronica Davis, Ariel Valdez, Justin Jouvenal, and Steve Coll (NAF). See, notice. Location: NAF, Suite 400, 1899 L St., NW.

The House will meet at 10:00 AM for legislative business. See, Rep. Hoyer's schedule for the week of July 26.

9:00 AM. Day two of a two day meeting of the Department of Commerce's (DOC) Bureau of Industry and Security's (BIS) Information Systems Technical Advisory Committee (ISTAC). The July 29 agenda is undisclosed. The July 29 portion of this meeting is closed to the public. See, notice in the Federal Register, July 13, 2010, Vol. 75, No. 133, at Pages 39919-39920. Location: DOC, Room 3884, 14th Street between Constitution and Pennsylvania Aves., NW.

10:00 AM. The Senate Judiciary Committee (SJC) will hold an executive business meeting. The agenda includes consideration of several judicial nominees: Mary Helen Murguia (to be a Judge of the U.S. Court of Appeals for the 9th Circuit), Edmond E-Min Chang (U.S. District Court, Northern District of Illinois), Leslie Kobayashi (USDC/DHawaii), Denise Casper (USDC/DMass), and Carlton Reeves (USDC/DMiss). See, notice. The SJC will webcast this event. The SJC rarely follows its published agendas. Location: Room 226, Dirksen Building.

11:00 AM. The Department of Homeland Security's (DHS) Immigration and Customs Enforcement's (ICE) National Intellectual Property Rights Coordination Center (NIPRCC) will host a roundtable discussion with reporters about the mission and growth of the NIPRCC. John Scott Ballman (Deputy Director of the NIPRCC) will speak. Location: NIPRCC, 2451 Crystal Drive, Suite 200, Arlington, VA.

2:00 PM. The House Oversight and Government Reform Committee's (HOGR) Subcommittee on Information Policy, Census and National Archives Subcommittee will hold a hearing titled "Public Access to Federally-Funded Research". See, notice. The HOGRC will webcast this event. Location: Room 2154, Rayburn Building.

The House may meet at 9:00 AM for legislative business. See, Rep. Hoyer's schedule for the week of July 26.

The House is scheduled to "complete its business for the July work period". See, Rep. Steny Hoyer's June 18 release.

RESCHEDULED FROM JUNE 25. 12:15 - 1:30 PM. The Federal Communications Bar Association's (FCBA) Young Lawyers Committee will host a brown bag lunch titled "Bridging the Gap: Broadband 101 -- An Introduction to Broadband Regulation and Policy". The speaker will be Dan Brenner (Hogan Lovells). For more information, contact Micah Caldwell at mcaldwell at fh-law dot com or Mark Brennan at mark dot brennan at hoganlovells dot com. Location: Harris Corporation, Suite 850E, 600 Maryland Ave., SW.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rule Making (NPRM) regarding amateur radio use of the allocation at 5 MHz. The FCC adopted this NPRM on May 4, 2010, and released the text on May 7, 2010. It is FCC 10-76 in ET Docket No. 10-98. See, notice in the Federal Register, June 15, 2010, Vol. 75, No. 114, at Pages 33748-33752.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to its Public Notice [PDF] regarding revisions to FCC Forms 470 and 471. This item is DA 10-1248 in CC Docket No. 02-6.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Public Notice [PDF] regarding Dish Network's Application for Certification as a qualified carrier pursuant to the Satellite Television Extension and Localism Act of 2010. See, Section 105 of S 3333 [LOC | WW], signed into law on May 27, 2010. See also, story titled "Obama Signs Satellite TV Bill" in TLJ Daily E-Mail Alert No. 2,089, May 28, 2010. This item is DA 10-1036 in MB Docket No. 10-124.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Public Notice [21 pages in PDF] requesting input and data on mobile wireless competition for the FCC's Fifteenth Annual Report on the State of Competition in Mobile Wireless. This item is DA 10-1234 in WT Docket No. 10-133.

1:00 - 4:00 PM. The Federal Communications Bar Association's (FCC) Young Lawyers Committee will host an event titled "Summer Rooftop BBQ and Pool Party". For more information, contact Justin Faulb at faulb at lojlaw dot com, Evan Morris at evan dot morris at harris dot com, or Mark Brennan at mark dot brennan at hoganlovells dot com. Location: undisclosed.

Extended deadline to submit nominations to the U.S. Patent and Trademark Office's (USPTO) National Medal of Technology and Innovation Nomination Evaluation Committee. See, notice in the Federal Register, May 24, 2010, Vol. 75, No. 99, at Pages 28782-28783.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Phoenix Solutions v. Directv Group, App. Ct. No. 2010-1125. Location: Courtroom 201.

Extended deadline to submit comments to the U.S. Patent and Trademark Office (USPTO) regarding its draft [76 pages in PDF] of its "FY 2010-2015 Strategic Plan". See, notice in the Federal Register, July 9, 2010, Vol. 75, No. 131, at Pages 39493-39494. See also, story titled "USPTO Releases Draft Five Year Plan" in TLJ Daily E-Mail Alert No. 2,102, July 12, 2010. And see, notice of extention.

8:30 - 10:45 AM. Day one of a two day partly closed meeting of the Department of Commerce's (DOC) Bureau of Industry and Security's (BIS) Emerging Technology and Research Advisory Committee. The BIS did not disclose the subject matter of this meeting. See, notice in the Federal Register: July 16, 2010, Vol. 75, No. 136, at Pages 41439-41440. Location: DOC, Hoover Building, Room 3884, 14th Street between Pennsylvania and Constitution Avenues, NW.

12:00 NOON - 1:30 PM. The American Bar Association (ABA) will host a webcast and teleconferenced event titled "The New HIPAA/HITECH Regulations: What's New and What Do Those Changes Mean?". See, notice. Prices vary. CLE credit.

1:30 - 5:00 PM. The Federal Aviation Administration's (FAA) RTCA Special Committee 222: Inmarsat Aeronautical Mobile Satellite (Route) Services will meet. See, notice in the Federal Register, July 12, 2010, Vol. 75, No. 132, at Pages 39724-39725. Location: ARINC Building 6, Conference Center Room 6-A1, 2551 Riva Road, Annapolis, MD.

2:30 PM. The Senate Homeland Security and Government Affairs Committee's (SHSGAC) Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security will hold a hearing titled "Transforming Government Through Innovative Tools and Technology". See, notice. The SHSGAC will webcast this event. Location: Room 342, Dirksen Building.

8:30 - 10:45 AM. Day two of a two day partly closed meeting of the Department of Commerce's (DOC) Bureau of Industry and Security's (BIS) Emerging Technology and Research Advisory Committee. The BIS did not disclose the subject matter of this meeting. See, notice in the Federal Register: July 16, 2010, Vol. 75, No. 136, at Pages 41439-41440. Location: DOC, Hoover Building, Room 3884, 14th Street between Pennsylvania and Constitution Avenues, NW.

9:00 AM - 5:00 PM. Day one of a three day meeting of the National Institute of Standards and Technology's (NIST) Information Security and Privacy Advisory Board (ISPAB). The agenda includes "Embedded software (biomedical, ICS) and associated malware", "FISMA Guidance", "National Initiative for Cybersecurity Education (NICE)", "Key Priorities next 2-3 years for NIST in cyber security", "Threat Vector Initiative", "Fedramp", "Cyber Coordinator Briefing", "National Protection and Programs Directorate Briefing", "Security Roadmap", "Initiative 3 Exercise (Einstein)", "S-Cap usage and continuous monitoring", "Authentication and Trust Framework Secure Online Transaction (SOT) Work", and "Assurance of Legitimate Government Outbound Mail". See, notice in the Federal Register, July 13, 2010, Vol. 75, No. 133, at Pages 39920-39921. Location: Marriott Hotel Washington, 1221 22nd St., NW.

10:00 - 11:00 AM. The American Enterprise Institute (AEI) will host an event titled "After ECFA: The Present and Future of Cross-Strait Relations". The ECFA is the Economic Cooperation Framework Agreement, a free trade agreement between the People's Republic of China and Taiwan. The speakers will be Shin-Yuan Lai (Minister of Taiwan's Mainland Affairs Council), and Gary Schmitt (AEI). See, notice. Location: AEI, 1150 17th St., NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Shum v. Intel, App. Ct. Nos. 2009-1385 and 2010-1109. Location: Courtroom 201.

2:00 - 4:00 PM. The Federal Communications Commission's (FCC) Consumer Advisory Committee will meet. See, FCC notice and notice in the Federal Register, July 19, 2010, Vol. 75, No. 137, at Page 41863. Location: FCC, Room 3B516, 445 12th St., SW.

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2010 David Carney. All rights reserved.