2/20. Attorney General Eric Holder gave a speech in Washington DC regarding cyber security and theft of trade secrets.

Holder (at right) said that the Department of Justice (DOJ) "has made the investigation and prosecution of trade secret theft a top priority". He said that the DOJ "has also gathered valuable intelligence about foreign-based economic espionage"; but, he did not identify any foreign nations that conduct, or are home to, cyber theft of trade secrets. And, he called for greater cooperation among government agencies, and government and the private sector.

Substantively, he said little. He disclosed no new criminal arrests or prosecutions. He identified no offenders. He announced no new DOJ policies or practices. He proposed no new legislation. He said nothing about DOJ or FBI investigation or surveillance authorities or practices.

However, that the Attorney General devoted a speech to cyber security and trade secrets theft is in itself significant.

And, the Executive Office of the President's (EOP) Intellectual Property Enforcement Coordinator (IPEC) released a document titled "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets". See, related story in this issue titled "IPEC Releases Administration Strategy Regarding Theft of Trade Secrets".

Holder discussed the nature of the problem. He stated that the proliferation of "smart phones, tablets, laptops, and other internet-access devices" and "cloud-based computing" creates "more access points and vulnerabilities that allow criminals to steal confidential information".

He added that "as new technologies have torn down traditional barriers to international business and global commerce, they’ve also made it easier for criminals to steal trade secrets -- and to do so from anywhere in the world. A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk. With a few keystrokes, a terminated or simply unhappy employee of a defense contractor can misappropriate designs, processes, and formulas worth billions of dollars."

"By corrupting insiders, hiring hackers, and engaging in other unscrupulous and illegal activities, these entities can inflict devastating harm on individual creators, start-ups, and major companies." He elaborated that "Some of these criminals exploit pilfered secrets themselves -- often by extorting the victim company or starting their own enterprise. Others try to sell the illicit information to a rival company, or obtain a bounty from a country interested in encouraging such theft. And all represent a significant and steadily increasing threat to America's economic and national security interests."

He did disclose that the DOJ's National Security Division's (CSD) Counterespionage Section "has taken a leading role in economic espionage cases -- and others affecting national security and the export of military and strategic commodities or technology."

He also said that "We need to increase cooperation and coordination between partners at every level of government.  We need to improve engagement with the corporations represented in the room today. We need to find ways to work together more efficiently and effectively -- by following the road map set forth in the Administration’s new, comprehensive strategy.  And we need to do so starting immediately -- because continuing technological expansion and accelerating globalization will lead to a dramatic increase in the threat posed by trade secret theft in the years ahead."

2/20. The Executive Office of the President's (EOP) Intellectual Property Enforcement Coordinator (IPEC) released a document titled "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets".

It states, among other things, that

• the US will put diplomatic pressure, mainly via the Department of State (DOS), on the governments of nations where trade secret theft is practiced
• the US will utilize trade policy tools, including via the Office of the U.S. Trade Representative (OUSTR), and especially with the Special 301 process
• the US FBI will expand its investigations into trade secrets theft
• the US intelligence community will share more information with the private sector

This document also contains many items that are more rhetorical than substantive in nature.

Diplomacy and the DOS. This document states that "The Administration will continue to apply sustained and coordinated diplomatic pressure on other countries to discourage trade secret theft. This will be achieved by utilizing a whole of government approach directed at a sustained, consistent and coordinated message from all appropriate agencies to foreign governments where there are regular incidents of trade secret theft".

Trade Policy and the OUSTR. This document states that another strategy will be "Targeting weaknesses in trade secret protection through enhanced use of the annual Special 301 process, including the Special 301 Report". (Footnote omitted.)

It adds that the US will seek, "through USTR-led trade negotiations such as the Trans Pacific Partnership, new provisions on trade secret protections requiring parties to make available remedies similar to those provided for in U.S. law".

It should be noted that neither the People's Republic of China (PRC), nor other nations that are likely the most egregious thieves of trade secrets, are not parties to the ongoing Trans Pacific Partnership Agreement negotiations.

The Special 301 process, which was created by the Trade Act of 1974, requires the executive branch to identify countries that fail to protect the intellectual property rights (IPR) and market access of US companies, and take certain actions against those countries. These Special 301 provisions are codified at 19 U.S.C. § 2411, et seq.

Under the Special 301 provisions, the OUSTR identifies other countries that deny adequate and effective protection of IP or deny fair and equitable market access to U.S. artists and industries that rely upon IP protection. It does this primarily in annual reports. However, it also conducts out of cycle reviews (OCRs). And, it recently began doing separate notorious markets reports.

The definitions in Section 2411 are clear that Special 301 authority extends to trade secrets protection. Subsection 2411(d)(3)(F)(1) provides that "adequate and effective protection of intellectual property rights includes adequate and effective means under the laws of the foreign country for persons who are not citizens or nationals of such country to secure, exercise, and enforce rights and enjoy commercial benefits relating to patents, trademarks, copyrights and related rights, mask works, trade secrets ..." (Emphasis added.)

However, it should also be noted that the OUSTR's Special 301 reports have placed the PRC on the Priority Watch List, and detailed numerous denials of adequate and effective protection of IPR in the PRC, usually to little avail.

See, for example, report [54 pages in PDF] titled "2012 Special 301 Report", report [53 pages in PDF] titled "2011 Special 301 Report" and story titled "OUSTR Releases Special 301 Report" in TLJ Daily E-Mail Alert No. 2,231, May 3, 2011.

US Law Enforcement Investigations. This IPEC document states that DOJ and its Federal Bureau of Investigation (FBI) "will continue to prioritize these investigations and prosecutions and focus law enforcement efforts on combating trade secret theft. The FBI is also expanding its efforts to fight computer intrusions that involve the theft of trade secrets by individual, corporate, and nation-state cyber hackers."

Although, this document discloses nothing about "these investigations", such numbers of personnel by area of expertise, whether the DOJ invokes Foreign Intelligence Surveillance Act (FISA) authority to investigate theft of trade secrets of US companies by foreign companies, or what investigation or surveillance techniques are being employed.

Information Sharing by the Intelligence Community. This document states that the Office of the Director of National Intelligence (ODNI) "will coordinate within the intelligence community to inform the private sector about ways to identify and prevent the theft of trade secrets that benefit a state sponsor or an entity with ties to a foreign government."

It also states that "ODNI will coordinate expanded discussions between the intelligence community and the private sector".

However, missing from this document are any proposed changes to the law, and particularly regarding immunity, to incent private sector entities to provide information regarding cyber attacks to government agencies.

Information Sharing by the Private Sector. This document states that "The Administration encourages companies to consider and share with each other practices that can mitigate the risk of trade secret theft", and that the government "will help facilitate efforts by organizations and companies to develop industry led best practices to protect trade secrets".

However, there are a number of legal impediments to private sector information sharing, with other private sector entities, or government agencies, including risk of civil liability for data breaches, loss of proprietary information to Freedom of Information Act requests, and violation of privacy related laws and antitrust prohibitions. This document proposes nothing to  remove any of these impediments.

This section of the report adds that "In identifying and promoting the adoption of best practices, it should be emphasized that such guidelines are intended solely to offer suggestions to assist businesses in safeguarding information they wish to keep secret and are not designed to be a minimum standard of protection".

Legislation. This document contains a section on legislation. However, it merely states that the administration will "review existing Federal laws to determine if legislative changes are needed to enhance enforcement against trade secret theft".

It makes no proposals for statutory changes.

It cites two minor changes to trade secret law enacted in the 112th Congress: S 3642 [LOC | WW], the "Theft of Trade Secrets Clarification Act of 2012" and HR 6029 [LOC | WW], the "Foreign and Economic Espionage Penalty Enhancement Act of 2012".

Other. This document states that the government will seek greater "international law enforcement cooperation", and conduct domestic "education and outreach".

2/13. Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) introduced HR 624 [LOC | WW | PDF], the "Cyber Intelligence and Sharing Protection Act" or CISPA. This is a revised version of HR 3523 [LOC | WW], a bill with the same titled, that the House passed in the 112th Congress.

Rep. Rogers is the Chairman of the House Intelligence Committee (HIC). Rep. Ruppersberger is the ranking Democrat on the HIC.

Rep. Ruppersberger (at right) stated in a release that "American industry is under attack, costing our country and our economy billions of dollars and thousands of jobs. We need to do everything we can to enable American companies to defend themselves against these devastating cyber attacks. Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties".

The bill would incent companies to share cyber threat information with relevant government agencies. Opponents of the bill equate this with surveillance, and a diminution of privacy.

The bill would also allow the government to share cyber threat intelligence with certain approved companies and other entities.

The bill would not create a new government regulatory regime. This is a source of opposition for those he seek such a regime, such as President Obama.

Legislative History. Rep. Rogers and Rep. Ruppersberger introduced the first version of this bill on November 30, 2011. See, story titled "Representatives Introduce Cyber Threat Information Sharing Bill" in TLJ Daily E-Mail Alert No. 2,316, November 30, 2011.

The HIC approved it by a vote of 17-1 on December 1, 2011.

The full House considered this bill, and numerous amendments, on April 26, 2012. The vote on final passage was 248-168. See, Roll Call No. 192. See also, stories titled "House Passes CISPA" and "Amendment by Amendment Summary of House Consideration of CISPA" in TLJ Daily E-Mail Alert No. 2,380, April 25, 2012.

President Obama opposed the bill. See, story titled "Obama EOP Opposes CISPA" in TLJ Daily E-Mail Alert No. 2,379, April 24, 2012.

See also, stories titled,

• "Update on CISPA and Related Bills" and "Anonymous Launches DDOS Attack on Supporters of CISPA" in TLJ Daily E-Mail Alert No. 2,367, April 10, 2012.
• "House to Consider CISPA on April 26-27" and "Advocates of Limited Government Request Changes to CISPA" in TLJ Daily E-Mail Alert No. 2,377, April 21, 2012.
• "Sponsors Agree to Some Amendments to CISPA" and "Rep. Lofgren Announces Key Concerns with CISPA" in TLJ Daily E-Mail Alert No. 2,379, April 24, 2012.

Neither any Senate Committee, nor the full Senate, considered the CISPA during the 112th Congress.

The bill backed by Sen. Harry Reid (D-NV) and President Obama was S 3414 [LOC | WW], the "Cybersecurity Act of 2012", or "CSA". This bill would have created a new cyber security regulatory regime. Neither any Senate Committee, nor the full Senate, approved S 3414 during the 112th Congress. However, Sen. Reid twice tried, but failed, to ram the CSA through the Senate without debate or opportunity to amend the bill.

Also, Sen. John McCain (R-AZ) introduced another cyber security bill, S 2151 [LOC | WW], the "Secure IT Act", in the 112th Congress.

Bill Summary. The CISPA is bill that would promote, but not mandate, information sharing. It would allow sharing, by the private sector, and by the government. It would create new immunities. On the other hand, it would create no new regulatory regime, no new criminal prohibition regime, and no data retention mandate.

It provides that the Director of National Intelligence (DNI) "shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and utilities and to encourage the sharing of such intelligence."

This bill would amend Title 50, which pertains to national defense and intelligence, to authorize U.S. intelligence agencies to provide "classified cyber threat intelligence" to certain private sector entities, namely, "cybersecurity providers", "protected entities" (of cyber security providers), and "self-protected entities" (which provide their own cyber security). The bill further allows these entities to further share this intelligence, but prohibits "unauthorized disclosure".

This bill would also allow "cybersecurity providers" and "self-protected entities" to provide "cyber threat information" to others, and to the federal government.

Such information would be exempt from disclosure under the Freedom of Information Act. It would also be "considered proprietary information and shall not be disclosed to an entity outside of the Federal Government except as authorized by the entity sharing such information". Moreover, such information "shall not be used by the Federal Government for regulatory purposes".

The bill would also grant sweeping immunity from state and federal, and civil and criminal, actions and liability.

It provides that "No civil or criminal cause of action shall lie or be maintained in Federal or State court against a protected entity, self-protected entity, cybersecurity provider, or an officer, employee, or agent of a protected entity, self-protected entity, or cybersecurity provider, acting in good faith -- (A) for using cybersecurity systems to identify or obtain cyber threat information or for sharing such information in accordance with this section; or (B) for decisions made based on cyber threat information identified, obtained, or shared under this section."

The bill also imposes limits on the use of information given to the federal government. "The Federal Government may use cyber threat information shared with the Federal Government ... for cybersecurity purposes ... for the investigation and prosecution of cybersecurity crimes ..."

But then the bill would broadly allow use of such information for "for the protection of individuals from the danger of death or serious bodily harm and the investigation and prosecution of crimes involving such danger of death or serious bodily harm".

The bill adds that the federal government could not search its databases of cyber threat information, except for the above listed purposes.

Support for CISPA. This bill is back by many information technology companies and groups. For example, Peter Cleveland of Intel wrote in a letter to the HIC that "We applaud you for adopting a voluntary and non-regulatory approach to improving cybersecurity that incentivizes industry participation by providing much-needed legal certainty and liability protection to businesses engaged in responsible information sharing practices, and leverages existing public-private partnerships rather than creating new bureaucracies."

See also, statements of support from IBM, Internet Security Alliance and TechAmerica.

This bill is also backed by many voice, programming, and broadband service providers and their trade groups. For example, Walter McCormick, head of the US Telecom, stated in a release that "USTelecom is pleased to again support the "Cyber Intelligence Sharing and Protection Act," a bill that would enable the government and private sector to more efficiently detect, deter and respond to cyber threats. The legislation addresses this critical need, while providing the appropriate safeguards necessary for facilitating real-time information sharing. As threats and attacks continue to increase, this bill is needed even more urgently now than when it passed the House on a bipartisan vote last April. We look forward to working with Congressmen Rogers and Ruppersberger on this legislation."

Steve Largent, head of the CTIA, stated in a release that "Recent attacks on The New York Times, The Wall Street Journal and the Federal Reserve highlight the pressing need to enhance America’s ability to address cyberthreats. Our members are committed to helping, but they need the government to be a willing partner to share intelligence and develop solutions to protect our consumers and our networks."

Largent added that the "CTIA welcomes the introduction of the Rogers-Ruppersberger bill because Congress can help facilitate this collaboration by enacting a sensible framework to enable information sharing and provide appropriate liability protections. This bipartisan bill does that and CTIA urges the Congress to act quickly to make it law."

See also, statements of support from AT&T, Verizon, Comcast, Time Warner Cable, and National Cable & Telecommunications Association.

See also, letter signed by numerous groups, including Information Technology Industry Council (ITIC) and the Software and Information Industry Association (SIIA), as well as oil and gas, airline, railroad, electricity groups, and the U.S. Chamber of Commerce and the National Association of Manufacturers. Finally, financial services groups expressed their support.

Opposition to CISPA. Several groups announced their opposition to the just introduced CISPA on privacy grounds.

Michelle Richardson of the American Civil Liberties Union (ACLU) stated in a release that "The ACLU still opposes CISPA, which once again allows companies to share sensitive and personal American internet data with the government, including the National Security Agency and other military agencies ... CISPA does not require companies to make reasonable efforts to protect their customers’ privacy and then allows the government to use that data for undefined ‘national-security’ purposes and without any minimization procedures, which have been in effect in other security statutes for decades."

The Electronic Frontier Foundation (EFF) stated in a release that "EFF is adamantly opposed to CISPA".

Leslie Harris, head of the Center for Democracy and Technology (CDT), state in a release that the "CISPA remains fundamentally flawed".

She said that "It allows private Internet communications and information of American citizens to go directly to the NSA, a military intelligence agency that operates secretly with little public accountability. Once that private information is in the hands of the military, it can be used for purposes completely unrelated to cybersecurity."

"In seeking to promote cybersecurity information sharing, CISPA creates a sweeping exception to all privacy laws," said Harris. "It dismantles years of hard fought privacy protections for Americans. We urge all Members of Congress to oppose this bill and to work instead for cybersecurity legislation that enhances both privacy and security. CDT will work with all Members of Congress and all stakeholders to achieve that goal."

2/14. The Government Accountability Office (GAO) released a report [112 pages in PDF] titled "Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented".

It states that "it is critical that the government adopt a comprehensive strategic approach to mitigating the risks of successful cybersecurity attacks. Such an approach would not only define priority problem areas but also set a roadmap for allocating and managing appropriate resources, making a convincing business case to justify expenses, identifying organizations' roles and responsibilities, linking goals and priorities, and holding participants accountable for achieving results."

"However," the report finds that "the federal government’s efforts at defining a strategy for cybersecurity have often not fully addressed these key elements, lacking, for example, milestones and performance measures, identified costs and sources of funding, and specific roles and responsibilities. As a result, the government's cybersecurity strategy remains poorly articulated and incomplete."

It adds that "In fact, no integrated, overarching strategy exists that articulates priority actions, assigns responsibilities for performing them, and sets time frames for their completion. In the absence of an integrated strategy, the documents that comprise the government’s current strategic approach are of limited value as a tool for mobilizing actions to mitigate the most serious threats facing the nation."

The House will not meet. It will next meet at 2:00 PM on February 25.

The Senate will not meet. It will next meet at 2:00 PM on February 25.

12:00 NOON. The Federal Communications Bar Association (FCBA) will host a lunch. The speaker will be FCC Commissioner Ajit Pai. The deadline for reservations and cancellations is 12:00 NOON on February 15. Prices vary. No CLE credits. See, notice. Location: Mayflower Hotel, 1127 Connecticut Ave., NW.

12:00 NOON - 1:30 PM. The National Economists Club (NEC) will hold lunch. The speaker will be Jun Saito (Senior Research Fellow, Japan Center for Economic Research). Location: Chinatown Garden Restaurant, 618 H St., NW.

1:00 - 5:00 PM. The National Telecommunications and Information Administration (NTIA) will hold another in its series of meetings regarding mobile application transparency. See, notice. This event will also be teleconferenced. Location: American Institute of Architects, 1735 New York Ave., NW.

1:00 PM. The US Telecom will host a webcast seminar titled "Monitoring & Optimizing Real Time IP Communications Networks". The speaker will be Renuka Prasad (Acme Packet). Free. See, notice.

The House will not meet. It will next meet at 2:00 PM on February 25.

The Senate will not meet. It will next meet at 2:00 PM on February 25.

Supreme Court conference day. See, Supreme Court calendar.

President Obama will meet in Washington DC with the Prime Minister of Japan, Shinzo Abe. See, White House news office notice.

12:00 NOON - 1:15 PM. The American Bar Association (ABA) will host a teleconferenced panel discussion titled "IP Fundamentals for Antitrust Attorneys". The speakers will be Sean Gates (Morrison Foerster), David Balto (Law Offices of David Balto), Kristin Cooklin (Crowell & Moring), and Edward Mathias (Axinn Veltrop Harkrider). Free. No CLE credits. See, notice.

Day one of a two day event hosted by the Practicing Law Institute (PLI) titled "SEC Speaks 2013". The speakers will include the SEC Commissioners. Among the topics to be addressed by panels are implementation of HR 3606 [LOC | WW], the "Jumpstart Our Business Startups Act of 2012" or "JOBS Act" and the value of XBRL and structured data to investors. Prices vary. CLE credits. See, notice. For more information, contact Laura Shields at 212-824-5797 or lshields at pli dot edu. Location: Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Ave., NW.

Day two of a two day event hosted by the Practicing Law Institute (PLI) titled "SEC Speaks 2013". The speakers will include the SEC Commissioners. Among the topics to be addressed by panels are implementation of the JOBS Act and the value of XBRL and structured data to investors. Prices vary. CLE credits. See, notice. For more information, contact Laura Shields at 212-824-5797 or lshields at pli dot edu. Location: Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Ave., NW.

58th birthday of Steve Jobs.

The House will meet at 2:00 PM.

The Senate will meet at 2:00 PM.

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Comcast v. FCC, App. Ct. No. 12-1337. This is a challenge to the Federal Communications Commission's (FCC) Memorandum Opinion and Order (MOO) in the matter of the Tennis Channel's complaint against Comcast. This MOO is FCC 12-78 in MB Docket No. 10-204 and File No. CSR-8258-P. See also, story titled "FCC Asserts Broad MVPD Program Carriage Authority" in TLJ Daily E-Mail Alert No. 2,412, July 26, 2012. And see, FCC brief. This case is the third of three on the schedule. Judges Kavanaugh, Edwards and Williams will preside. Location: USCA Courtroom, 5th floor, Prettyman Courthouse, 333 Constitution Ave., NW.

10:00 - 11:30 AM. The Copyright Office (CO) will host a webcast and teleconferenced event titled "The Orphan Works Problem: Recent Developments, Proposed Legislation, and Alternative Solutions". This pertains to the CO's open proceeding on orphan works. See, story titled "Copyright Office Issues Notice of Inquiry on Orphan Works" in TLJ Daily E-Mail Alert No. 2,468, November 2, 2012. The speakers will include Karyn Clagget, the CO's Associate Register of Copyrights and Director of Policy & International Affairs, who is responsible for this proceeding. The other participants will be Marco Giorello (European Commission), June Besek (Columbia Law School), Kevin Smith (Duke University Libraries), and Jennifer Urban (UC Berkeley law school). The price for the general public is $195. Prices for others are less. CLE credits. The American Bar Association (ABA) states that this is an ABA event. See, ABA notice. See also, CO's original notice in the Federal Register, Vol. 77, No. 204, October 22, 2012, at Pages 64555-64561, and extension notice in the FR, Vol. 77, No. 231, November 30, 2012 at Page 71452. And see, initial comments. The extended deadline to submit initial comments was February 4. The extended deadline to submit reply comments is March 4, 2013.

12:15 - 1:30 PM. The Federal Communications Bar Association's (FCBA) Intellectual Property Committee will host a brown bag lunch. The topic will be patent infringement litigation. The speakers will be Bill Bradley (Roylance Abrams) and Tim Simeone (Wiltshire & Grannis). Free. Location: Wiltshire Grannis, 1200 18th St., NW.

Day one of a three day event hosted by the Department of Energy (DOE) titled "ARPA-E Energy Innovation Summit". On February 25 from 4:30 to 5:30 PM there will be a panel discussion titled "Get Smart about IP: Pros, Cons and Costs of Your Patent Strategy". The speakers will include Robert Atkinson (Information Technology and Innovation Foundation). See, conference web site. Location: Gaylord National Hotel and Convention Center, 201 Waterfront Street National Harbor, MD.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rule Making (NPRM) regarding implementing allocation decisions from the World Radiocommunication Conference held in Geneva in 2007 (WRC-07) regarding spectrum between 108 MHz and 20.2 GHz, and changing service rules for this spectrum. The FCC adopted this NPRM on November 15, 2012, and released the text on November 19. It is FCC 12-140 in ET Docket No. 12-338. See, notice in the Federal Register, Vol. 77, No. 248, December 27, 2012, at Pages 76250-76287.

10:00 AM. The House Science Committee's (HSC) Subcommittee on Technology and Subcommittee on Research will hold a joint hearing titled "Cyber R&D Challenges and Solutions". The witnesses will be __. See, notice. Location: Room 2318, Rayburn Building.

10:00 AM - 12:00 NOON. The Senate Banking Committee (SBC) will hold a hearing titled "The Semiannual Monetary Policy Report to the Congress". The witness will be Ben Bernanke (Chairman of the Federal Reserve Board). See, notice. Location: Room 106, Dirksen Building.

10:00 AM - 3:00 PM. The Public Knowledge (PK) will host an event titled "2013 PK Policy Symposium". There will be panels titled "Data Caps", "Future of Video", "Copyright Reform", and "Digital First Sale". See, notice and registration page. Location: Room SVC201-00, Capitol Visitor Center.

2:00 PM. The House Foreign Affairs Committee's (HFAC) Subcommittee on Asia and the Pacific will hold a hearing titled "The Rebalance to Asia: Why South Asia Matters (Part I)". The witnesses will be Robert Blake (Department of State) and Joseph Yun (Department of State). See, notice. Location: Room 2172, Rayburn Building.

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed hearing on undisclosed topics. See, notice. Location: Room 219, Hart Building.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking (NPRM) regarding IP Captioned Telephone Service. This item is FCC 13-13 in CG Docket Nos. 13-24 and 03-123. The FCC adoptd this item on January 24, 2013, and released the text on January 25. See, notice in the Federal Register, Vol. 78, No. 24, February 5, 2013, at Pages 8090-8096.

CANCELLED. 5:30 - 7:00 PM. The Institute for Policy Innovation (IPI) will host a reception in advance of its February 28 event titled "5th Annual Communications Summit".

9:00 AM - 5:00 PM. Day one of a two day meeting of the Department of Homeland Security's (DHS) Homeland Security Information Network Advisory Committee (HSINAC). See, notice in the Federal Register Vol. 78, No. 23, February 4, 2013, at Pages 7797-7798. Location: Ronald Reagan International Trade Center, 1300 Pennsylvania Ave., NW.

9:30 AM. The House Oversight and Government Reform Committee (HOGRC) will hold a hearing titled "Time to Reform Information Technology Acquisition: The Federal IT Acquisition Reform Act". Location: Room 2154, Rayburn Building.

10:00 AM. The House Appropriations Committee's (HAC) Subcommittee on the Legislative Branch will hold a hearing on the budget for the Library of Congress. The witness will be James Billington. No webcast. See, notice. Location: Room HT-2, Capitol Building.

12:00 NOON - 1:30 PM. The DC Bar Association will host a panel discussion titled "What Intellectual Property Attorneys Need to Know About the New gTLD Program". The speakers will be Scott Harlan (Steptoe & Johnson), Brian Winterfeldt (Steptoe & Johnson), and Danny Awdeh (Finnegan). The price to attend ranges from $15 to $25. No CLE credits. Closed to reporters. See, notice. For more information, call 202-626-3488. Location: Steptoe & Johnson, 1330 Connecticut, Ave., NW.

2:00 PM. The Senate Judiciary Committee (SJC) will hold a hearing on the nomination of Jane Kelly to be a Judge of the U.S. Court of Appeals (8thCir). See, notice. Location: Room 226, Dirksen Building.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Public Notices (PNs) regarding development of the forward looking cost model for Connect America Phase II. These PNs are DA 12-1561, DA 12-1687, DA 12-2011, DA 12-2029, and DA 13-70 in WC Docket Nos. 10-90 and 05-337. See, notice in the Federal Register, Vol. 78, No. 18, January 28, 2013, at Pages 5765-5767.

CANCELLED. 9:00 AM - 1:00 PM. The Institute for Policy Innovation (IPI) will host an event titled "5th Annual Communications Summit". Free. Open to the public. Lunch will be served. See, notice and registration page. Location: Reserve Officers Association, 5th Floor, One Constitution Ave., NE.

9:00 AM - 2:00 PM. Day two of a two day meeting of the Department of Homeland Security's (DHS) Homeland Security Information Network Advisory Committee (HSINAC). See, notice in the Federal Register Vol. 78, No. 23, February 4, 2013, at Pages 7797-7798. Location: Ronald Reagan International Trade Center, 1300 Pennsylvania Ave., NW.

10:00 AM. The Senate Judiciary Committee (SJC) will hold an executive business meeting. The agenda includes consideration of the nomination of David Medine to be Chairman of the Privacy and Civil Liberties Oversight Board, and four judicial nominees, William Orrick (USDC/NDCal), Nelson Roman (USDC/SDNY), Shelly Dick (USDC/MDLa), and Sheri Chappell (USDC/MDFl). See, notice. Webcast. Location: Room 226, Dirksen Building.

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed hearing on undisclosed topics. See, notice. Location: Room 219, Hart Building.

6:00 - 8:15 PM. The Federal Communications Bar Association's (FCBA) Video Programming and Distribution Committee will host an event titled "The 1992 Cable Act: 20 Years Later". The speakers will include Toni Bush (Skadden Arps), Paul Glist (Davis Wright Tremaine), Seth Davidson (Edwards Wildman Palmer), Jim Casserly (Willkie Farr & Gallagher), Howard Symons (Mintz Levin), Diane Burstein (NCTA), and Loretta Polk (NCTA). No webcast. CLE credits. Prices vary. See, notice. Reservations and cancellations are due by 12:00 NOON on February 27. Location: Wiley Rein, 1776 K St., NW.

5:00 PM. Deadline to submit 2012 DART Royalty Claims Forms to the Copyright Royalty Board (CRB). See, online claims form.

2/13. President Obama signed an Executive Order (EO) titled "Improving Critical Cybersecurity Infrastructure" and Presidential Policy Directive 21 (PPD-21), titled "Critical Infrastructure Security and Resilience".

The EO states that "It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties."

The PPD similarly states that "It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against both physical and cyber threats."

The EO and PPD direct the federal government to increase the flow of information from the government to the private sector regarding cyber threats. This is not controversial.

However, the EO and PPD take no meaningful steps to increase the flow of information from private sector entities about cyber attacks directed at them to the relevant government agencies. Indeed, this would require changes to law by the Congress.

Moreover, this is a controversial topic. On the one hand, some argue that this is a necessary component of any national cyber security strategy. The government needs this data to develop cyber threat intelligence. On the other hand, some argue that if private companies transfer more information to the government, that would entail diminishing the privacy of individuals.

Leslie Harris, head of the Center for Democracy and Technology (CDT), stated in a release that the EO "says that privacy must be built into the government's cybersecurity plans and activities, not as an afterthought but rather as part of the design ... By explicitly requiring adherence to fair information practice principles, the order adopts a comprehensive formulation of privacy. The annual privacy assessment, properly done, can create accountability to the public for government actions taken in the name of cybersecurity."

On the other hand, HR 624 [LOC | WW | PDF], the "Cyber Intelligence and Sharing Protection Act" or CISPA, introduced on February 13, seeks to incent the flow of information in both directions. See, related story in this issue titled "Rep. Rogers and Rep. Ruppersberger Re-Introduce CISPA".

There is also the matter of the role of the government in regulating the cyber security related practices of the entities that operate critical networks and systems. The federal government has authority to manage the cyber security practices of governmental and military networks and systems. And, the PDD addresses this.

However, most of the networks and systems that are or will be targeted by cyber attacks are owned and operated privately. There is no specific statute that enables the federal government to regulate private sector entities for the purpose of improving their cyber security.

President Obama sought, but failed to obtain passage of, a bill in the 112th Congress that would have created a cyber security regulatory regime. The just introduced CISPA would not create such a regulatory regime.

The EO and PPD are models of obfuscation on this matter government compulsion of private sector entities.

The EO is clear that the federal government will identify "critical infrastructure" and write "standards" for them.

The EO also states that "Nothing in this order shall be construed to provide an agency with authority for regulating the security of critical infrastructure in addition to or to a greater extent than the authority the agency has under existing law."

This EO calls for a partnership "partnership" and "collaboration" with the private sector.

It requires the Department of Commerce's (DOC) National Institute of Standards and Technology (NIST) to write a "Cybersecurity Framework" that includes "standards". It then requires that the DOC "shall establish a voluntary program to support the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities", and "a set of incentives designed to promote participation".

Moreover, various departments shall "make recommendations" regarding whether "incentives would require legislation or can be provided under existing law". Also, various government entities shall make recommendations regarding incorporating the "standards into acquisition planning and contract administration".

The EO states that "Agencies with responsibility for regulating the security of critical infrastructure shall engage in a consultative process with DHS, OMB, and the National Security Staff to review the preliminary Cybersecurity Framework and determine if current cybersecurity regulatory requirements are sufficient given current and projected risks."

Then, "these agencies shall submit a report to the President ... that states whether or not the agency has clear authority to establish requirements based upon the Cybersecurity Framework to sufficiently address current and projected cyber risks to critical infrastructure, the existing authorities identified, and any additional authority required".

Also, "If current regulatory requirements are deemed to be insufficient, within 90 days of publication of the final Framework, agencies ... shall propose prioritized, risk-based, efficient, and coordinated actions ... to mitigate cyber risk."

That is, while the EO asserts that it merely creates a "voluntary" program, the EO also states that the government writes standards, decides who is covered by those standards, and then pursues numerous procedures to compel compliance with these standards.

Agencies such as the Federal Communications Commission (FCC) are already adept at compelling companies to promise to take actions against their interest, and then calling this submission "voluntary commitments". Consider, for example, the outcomes of FCC antitrust merger reviews.

This EO and PPD do not in plain and clear language purport to create a federal cyber security regulatory regime. However, they are full of vague phrases regarding regulatory activities, ambiguities, euphemisms, and carefully crafted linguistic goobledygook, that in the hands of government lawyers could be interpreted to mean whatever they want it to mean, including compelling companies to comply with standards set by the government.

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
3034 Newark St. NW, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2013 David Carney. All rights reserved.