6/25. Sen. Tom Carper (D-DE) and Sen. Tom Coburn (R-OK) introduced S 2519 [LOC | WW], the "National Cybersecurity and Communications Integration Center Act of 2014" on June 24, 2014. The Senate Homeland Security and Governmental Affairs Committee amended and approved this bill on June 25.

S 2519 would amend the Homeland Security Act of 2002 regarding the Department of Homeland Security's (DHS) National Cybersecurity & Communications Integration Center (NCCIC). The NCCIC already exists.

This bill would make it a creature of statute, and list its responsibilities, including "serving as a Federal civilian information sharing interface for cybersecurity" and "conducting analysis of cybersecurity risks and incidents".

However, S 2519 would not give the DHS any new powers. Nor would it create any new incentives for private businesses to provide information or data to the DHS or other federal government entities.

Sen. Carper (at right) wrote in his opening statement at the June 25 mark up session that this bill will "formally codify the entity within DHS that works with the private sector, Federal agencies, and state and local governments in addressing cyber threats and sharing best practices." He read this statement with few changes.

This bill would also provide that the NCCIC would be composed of representatives of federal, state and local government, as well as representatives of "private sector owners and operators of critical information systems".

Intelligence Agencies. The bill also provides that the NCCIC "shall be composed of ... law enforcement agencies and elements of the intelligence community".

This creates irreconcilable conflicts of interests and missions. On the one hand, there is the goal of promoting cyber security. On the other hand, there is the interest of law enforcement and intelligence agencies in reducing cyber security, and weakening information assurance, to further their goals in breaking encryption and accessing other people's data, conversations and e-mail.

Moreover, this conflict is not merely theoretical. It played out at the National Institute of Standards and Technology (NIST) after the Congress by statute inserted the National Security Agency (NSA) into the NIST standards setting process. 

See, for example, October 4, 2013 comment [11 pages in PDF] titled "Technologists' Comment to the Director of National Intelligence Review Group on Intelligence and Communications Technology", at pages 4-5. That comment states that the NSA has "apparently engaged in subversion to undermine encryption online", and "reportedly worked to covertly and overtly plant backdoors in software and hardware products, undermining the security and privacy of vast swaths of Internet users in an indiscriminate, dragnet manner."

See also, related story in this issue titled "Sen. Walsh Introduces Bill to Prevent NIST and NSA From Dumbing Down Encryption Standards".

Regulatory Authority. The Congress has not enacted legislation that grants the DHS or any other federal agency authority to regulate the cyber security related practices of private businesses. President Obama previously sought legislation, but failed. Neither the House nor the Senate passed a bill. However, the Obama has proceeded by executive order, in the absence of a legislative mandate, to engage in processes that resemble regulation.

This bill as introduced contains no grant of regulatory authority. Sen. Tim Johnson (R-SD) offered an amendment that clarifies that the bill does not grant the DHS any new rule making authority. Sen. Carper supported it. It passed with only two votes against.

Sen. Carl Levin (D-MI) spoke and voted against the amendment. He argued in favor of granting the DHS new regulatory authority. He argued that "it is a mistake to deny a regulatory capability to an agency, if it has regulatory capability now, which I assume it does, under existing authority."

Sen. Coburn said that "the whole purpose for this is to codify what we are doing right now. Sen. Johnson's concern is he doesn't want to imply backwardly what we are not intending in this legislation. We are not giving Homeland Security the right to regulate private security systems." He added, "that is not Homeland Security's intent at this time".

Sen. Carper said that the DHS is satisfied with this legislation, "we are as well", and he supports the amendment.

6/25. Sen. Tom Carper (D-DE) and Sen. Tom Coburn (R-OK) introduced S 2521 [LOC | WW], the "Federal Information Security Modernization Act of 2014" on June 24, 2014. The Senate Homeland Security and Governmental Affairs Committee approved this bill without amendment on June 25.

Sen. Carper wrote in his opening statement at the June 25 mark up session that this bill "would make clear the division of labor between OMB and DHS on cybersecurity. In doing so, our legislation would also free Federal agencies from some dated and burdensome paperwork requirements while putting into place a more efficient and effective process for monitoring and addressing threats to Federal networks in real time."

He continued that "our committee will still have some important cybersecurity work that needs to be done. For example, we need to further clarify the Department of Homeland Security's role in working with the private sector on cybersecurity matters. This includes specifying the ``rules of the road´´ for DHS in interacting with private critical infrastructure owners on cybersecurity issues."

He added that "We also need to make technical changes to update the Homeland Security Act so that it's clear who in DHS is responsible for cybersecurity, and to continue to improve research and development on cybersecurity given the ever-growing and ever-evolving nature of this threat."

Sen. Coburn (at right), the ranking Republican on the SHSGAC, began by praising the leadership at the DHS.

He stated that "this is a compromise bill" that is about "accountability" rather than funding. He said that this bill "strengthens accountability by enhancing the role of the agency CIOs."

"It strengthens existing transparency and reporting requirements, so we can actually know what is going on". Also, "it clarifies that OMB is ultimately responsible for FISMA."

This is a reference to the Federal Information Security Management Act of 2002.

The bill also contains a new provision regarding public disclosure of certain data breaches at federal agencies.

The Committee approved the bill by unanimous voice vote.

6/19. Sen. John Walsh (D-MT) introduced S 2500 [LOC | WW], the "American Digital Security and Commerce Act of 2014", a bill that directs the NIST not to undermine privacy, security, or encryption protections included in any standard or guideline.

This bill is a response to disclosures in 2013 that the Department of Commerce's (DOC) National Institute of Standards and Technology (NIST), which has responsibility for drafting information security standards, had, for example, at the request of the National Security Agency (NSA), reduced security standards, to make it easier for the NSA to break encryption.

Sen. Walsh (at right) stated in a release that "Montanans and Americans have lost their confidence in the federal government to protect our civil liberties, and it is Congress’ responsibility to take further action to ensure our rights and freedoms are secure ... That is why I’m introducing this bill to prohibit federal agencies from undermining security standards that are put in place to protect our constitutional rights and strengthen our online privacy."

This bill recites in its findings that the NIST "plays a vital role in developing the tools that keep global electronic communications secure" and that the U.S. government "should actively promote privacy and computer security".

The bill also recites in its findings that "Allegations that entities within the United States Government seek to undermine the security of encryption standards or commercial products weaken privacy and erode trust in the United States Government and in products from the United States."

The bill states that "To promote privacy protection and restore trust in the encryption standards of the United States and hardware and software from the United States, the United States Government should be prohibited from undermining the security of the United States technologies on which global commerce relies."

Currently, the Federal Information Security Management Act of 2002, at 44 U.S.C. § 3543, provides in relevant part as follows:

"(a) ... The Director shall oversee agency information security policies and practices, including ... (3) coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure, to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems;"

S 2500 would amend this to provides as follows:

"(a) ... The Director shall oversee agency information security policies and practices, including ... (3) coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure--
  (A) to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems; and
  (B) that any agency or office described in subparagraph (A) does not intentionally weaken, circumvent, undermine, or create any mechanism through which any agency or office of the Federal Government may bypass, the privacy, security, or encryption protections included in any standard or guideline;"

This bill would also amend the NIST Act, at 15 U.S.C. § 278g-3, by adding the following: "Each agency or office that the Institute consults with ... may not intentionally weaken, circumvent, undermine, or create any mechanism through which any agency or office of the Federal Government may bypass, the privacy, security, or encryption protections included in any standard or guideline ..."

The bill was referred to the Senate Commerce Committee (SCC).

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
3034 Newark St. NW, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2014 David Carney. All rights reserved.

The House will meet at 12:00 NOON for morning hour, and at 2:00 PM for legislative business. It will consider several items under suspension of the rules, including HR 4263 [LOC | WW], the "Social Media Working Group Act of 2014", and HR 4289 [LOC | WW], the "Department of Homeland Security Interoperable Communications Act". Votes will be postponed until 6:30 PM. See, Rep. Cantor's schedule.

The Senate will meet at 10:00 AM.

10:00 AM - 12:00 NOON. The Senate Banking Committee (SBC) will hold a hearing titled "The Role of Regulation in Shaping Equity Market Structure and Electronic Trading". The witnesses will be Jeffrey Sprecher (Intercontinental Exchange, Inc.), Kenneth Griffin (Citadel LLC), Kevin Cronin (Invesco, Ltd), James Angel (Georgetown University business school), Thomas Wittman (NASDAX OMX Group, Inc.) and Joe Ratterman (BATS Global Markets, Inc.). See, notice. Location: Room 538, Dirksen Building.

9:00 AM - 3:00 PM. Day two of a five day event hosted by the University of Maryland's (UM) Maryland Cybersecurity Center and Google title "Cybers Defense Training Camp". This event is provided for high school juniors and seniors. For more information, contact Cristin Caparotta at 301-405-6735 or ccapa at umd dot edu. See, notice. Location: __, UM, College Park, MD.

9:30 AM - 3:00 PM. The Department of Health and Human Services' (DHHS) Office of the National Coordinator for Health Information Technology's (ONC/HIT) HIT Policy Committee will meet. See, DHHS notice and notice in the Federal Register, Vol. 78, No. 243, December 18, 2013, at Page 76627. Location: __.

11:00 AM - 1:00 PM. The Heritage Foundation HF) will host a pair of panel discussions titled "The Supreme Court's 2013-2014 Term". The speakers on the first panel will be Noel Francisco (Jones Day), Mark Rienzi (Catholic University law school), Paul Smith (Jenner & Block), and John Malcolm (HF). The speakers on the second panel will be Jess Bravin (Wall Street Journal), Adam Liptak (New York Times), David Savage (Los Angeles Times), and James Swanson (HF). Free. Open to the public. Webcast. See, notice. Location: HF, 214 Massachusetts Ave., NE.

12:00 NOON. Rep. Darrell Issa (R-CA) will give a speech regarding the program run by the Department of Justice (DOJ) and federal financial regulatory agencies titled "Operation Choke Point". The House Oversight and Government Reform Committee (HOGRC), which Rep. Issa chairs, released a report on May 29, 2014 that states that "Operation Choke Point was created by the Justice Department to “choke out” companies the Administration considers a “high risk” or otherwise objectionable, despite the fact that they are legal businesses. The goal of the initiative is to deny these merchants access to the banking and payments networks that every business needs to survive. Operation Choke Point has forced banks to terminate relationships with a wide variety of entirely lawful and legitimate merchants. ... The Department lacks adequate legal authority for the initiative." The report discloses that among the businesses targeted for termination are online gambling and various online sales businesses. Webcast. Free. Open to the public. Lunch will be served after the program. See, notice. Location: Cato Institute, 1000 Massachusetts Ave., NW.

12:15 - 1:30 PM. The Federal Communications Bar Association's (FCBA) Telehealth Committee will host a panel discussion titled "Topic: Broadband and Health Data: Opportunities and Issues". The speakers will be Thomas Martin (HIMSS North America), Matt Quinn (Director of the FCC's Health Care Initiatives), Tom Reid (Southern Ohio Health Network), and Zachary Rothstein (Samsung Electronics). No webcast. Free. Bring your own lunch. Location: CTIA Wireless Association, Suite 600, 1400 16th St., NW.

1:00 PM. The US Telecom will host a webcast presentation titled "Cyberthreats Today and Into the Future: An Overview of Symantec’s 2014 Internet Security Threat Report". The speaker will be Symantec's Jeffrey Greene. Free. See, notice and Symantec's report [98 pages in PDF].

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed meeting to mark up undisclosed items. See, notice. Location: Room 219, Hart Building.

3:30 - 5:00 PM. The Free Press (FP) will host a panel discussion titled "Innovation, Creativity and the Future of the Internet: Why Real Net Neutrality Matters". The speakers will be Sen. Al Franken (D-MN), Craig Aaron (FP), Althea Erickson (Etsy), Ruth Livier, Alexis Ohanian, Barbara van Schewick (Stanford Law School). Location: Room 385, Russell Building.

4:00 PM. The Cato Institute will host a panel discussion titled "You're Gonna Need a Warrant for That: The Path to Digital Privacy Reform". The speakers will be Rep. Ted Poe (R-TX), Greg Nojeim (Center for Democracy & Technology), Katie McAuliffe (Americans for Tax Reform), David Lieber (Google), Eric Wenger (Microsoft), and Julian Sanchez (Cato). Webcast. Free. Open to the public. A reception will follow the program. See, notice. Location: Cato, 1000 Massachusetts Ave., NW.

The House will meet at 10:00 AM for morning hour, and at 12:00 NOON for legislative business. See, Rep. Cantor's schedule.

9:00 AM - 3:00 PM. Day three of a five day event hosted by the University of Maryland's (UM) Maryland Cybersecurity Center and Google title "Cybers Defense Training Camp". This event is provided for high school juniors and seniors. For more information, contact Cristin Caparotta at 301-405-6735 or ccapa at umd dot edu. See, notice. Location: __, UM, College Park, MD.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Wireless Ink Corporation v. Google, App. Ct. No. 13-1683, an appeal from the U.S. District Court (SDNY) in a patent infringement case. Defendants Google and Facebook won judgments of non-infringement. They then moved for attorneys fees for exceptional circumstances under 35 U.S.C. § 285, which provides that "The court in exceptional cases may award reasonable attorney fees to the prevailing party." See, December 17, 2013 Memorandum and Order denying their motions. The District Court case is D.C. No. 10 Civ. 1841 (PKC), Judge Kevin Castel presiding. HR 3309 [LOC | WW], the "Innovation Act", the patent bill passed by the House on December 5, 2013, would amend Section 285 to provide that the general rule would be for the award of reasonable attorneys fees to the prevailing party. Panel C. Location: Courtroom 402, 717 Madison Place, NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in SSL Services v. Citrix Systems, App. Ct. No. 13-1419, an appeal from the U.S. District Court (EDTex) in a patent infringement case involving technology for remotely accessing computer systems. Panel B. Location: Courtroom 201, 717 Madison Place, NW.

10:00 AM. The Copyright Office (CO) will host a roundtable regarding a new procedure to allow copyright owners to audit the Statements of Account and royalty payments that cable operators and satellite carriers deposit with the CO. The deadline to submit requests to participate is June 26, 2014. Free. Open to the public. See, notice in the Federal Register, Vol. 79, No. 106, June 3, 2014, at Pages 31992-31995. Location: Room LM-403 Madison Building, Library of Congress, 101 Independence Ave., SE.

12:15 - 1:45 PM. The DC Bar Association's Media Law Committee will host a brown bag lunch meeting to discuss media and communications law developments. Free. No CLE credits. No reporters. No webcast. For more information, contact the DC Bar at 202-626-3463 or Jim McLaughlin at mclaughlinj at washpost dot com. See, notice. Location: Washington Post, 1150 15th St., NW.

4:00 PM. The House Commerce Committee's (HCC) Subcommittee on Commerce, Manufacturing and Trade will meet to begin its mark up three bills, including HR __, a yet to be introduced bill titled the "Targeting Rogue and Opaque Letters Act of 2014". This bill would regulate patent infringement demand letter practices by amending the FTC Act. The July 9 meeting is for opening statements only. See, HCC notice. Location: Room 2123, Rayburn Building.

The House will meet at 10:00 AM for morning hour, and at 12:00 NOON for legislative business. See, Rep. Cantor's schedule.

9:00 AM - 3:00 PM. Day four of a five day event hosted by the University of Maryland's (UM) Maryland Cybersecurity Center and Google title "Cybers Defense Training Camp". This event is provided for high school juniors and seniors. For more information, contact Cristin Caparotta at 301-405-6735 or ccapa at umd dot edu. See, notice. Location: __, UM, College Park, MD.

9:30 AM. The Senate Judiciary Committee (SJC) will hold an executive business meeting. The agenda includes consideration of S 517 [LOC | WW], the "Unlocking Consumer Choice and Wireless Competition Act". Webcast. The agenda also includes consideration of the nominations of Pamela Harris (USCA/4thCir), Pamela Pepper (USDC/EDWisc), Brenda Sannes (USDC/NDNY), Patricia McCarthy (U.S. Court of Federal Claims), and Jeri Kaylene Somers (U.S. Court of Federal Claims). See, notice. Location: Room 226, Dirksen Building.

10:00 AM. The House Intelligence Committee (HIC) will hold a closed hearing titled "Ongoing Intelligence Activities". No webcast. See, notice. Location: Room HVC 304, Capitol Building.

10:00 AM. The House Commerce Committee's (HCC) Subcommittee on Commerce, Manufacturing and Trade will meet to complete its mark up three bills, including HR __, a yet to be introduced bill titled the "Targeting Rogue and Opaque Letters Act of 2014". This bill would regulate patent infringement demand letter practices by amending the FTC Act. See, HCC notice. Location: Room 2123, Rayburn Building.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Wi-LAN USA v. Ericsson, App. Ct. No. 13-1485, and in Wi-LAN. v. Alcatel-Lucent USA, App. Ct. No. 13-1566. Panel D. Location: Courtroom 201, 717 Madison Place, NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Gammino v. Sprint Communications, App. Ct. No. 13-1636. Panel F. Location: Courtroom 203, 717 Madison Place, NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will consider on the briefs Tse v. Google, App. Ct. No. 14-1222, and Tse v. Blockbuster, App. Ct. No. 14-1223. Panel E.

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed hearing on undisclosed matters. See, notice. Location: Room 219, Hart Building.

The House will meet at 9:00 AM for legislative business. See, Rep. Cantor's schedule.

9:00 - 11:00 AM. The National Press Club (NPC) will host an event titled "get {smart}: More Than a Blog: How to Build a Content Marketing Machine". Prices vary. No webcast. See, notice. Location: NPC, 13th floor, 529 14th St., NW.

9:00 AM - 3:00 PM. Day five of a five day event hosted by the University of Maryland's (UM) Maryland Cybersecurity Center and Google title "Cybers Defense Training Camp". This event is provided for high school juniors and seniors. For more information, contact Cristin Caparotta at 301-405-6735 or ccapa at umd dot edu. See, notice. Location: __, UM, College Park, MD.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Multimedia Patent Trust v. Apple, App. Ct. No. 13-1620, and in Multimedia Patent Trust v. LG Electronics, App. Ct. No. 13-1621. Panel G+. Location: Courtroom 201, 717 Madison Place, NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in American Radio v. Qualcomm, App. Ct. No. 13-1641. Panel G. Location: Courtroom 201, 717 Madison Place, NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Mformation Technologies, Inc. v. Research in Motion, App. Ct. No. 12-1679. Panel H. Location: Courtroom 402, 717 Madison Place, NW.

10:30 AM. The Federal Communications Commission (FCC) will host an event titled "Open Meeting". See, agenda. Location: FCC, Commission Meeting Room, Room TW-C305, 445 12th St., SW.

12:00 NOON. The Internet Caucus will host a panel discussion titled "The NSA Surveillance Programs: Assessing The Damage to U.S. Commerce, Confidence & Credibility". The speakers will be __. See, notice. Location: Room __, Rayburn Building.

Deadline to submit comments to the National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) regarding its draft SP 800-160 [121 pages in PDF] titled "Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems".

Deadline for the U.S. International Trade Commission (USITC) to submit to the Senate Finance Committee (SFC) its report titled "Digital Trade in the U.S. and Global Economies, Part 2". See, USITC release, and notice in the Federal Register, Vol. 78, No. 162, August 21, 2013, at Pages 51744-51746. See also, story titled "USITC Releases First Report on Digital Trade" in TLJ Daily E-Mail Alert No. 2,589, August 26, 2013.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Further Notice of Proposed Rulemaking (FNPRM) regarding wireless broadband services in the 3550-3650 MHz band.. The FCC adopted and released this item on April 23, 2014. It is FCC 14-49 in 12-354. See, notice in the Federal Register, Vol. 79, No. 105, June 2, 2014, at Pages 31247-31282. See also, story titled "FCC Adopts NPRM Regarding 3550-3650 MHz Band" in TLJ Daily E-Mail Alert No. 2,645, April 23, 2014.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Public Notice (PN) that requests comments on a proposal of the National Association of Broadcasters (NAB) to relax FCC rules that require the filtering of Travelers' Information Stations (TIS) audio frequencies between 3 and 20 kHz. The FCC released this PN on April 16, 2014. It is DA 14-508 in PS Docket No. 09-19. See, NAB's November 22, 2013, filing and notice in the Federal Register, Vol. 79, No. 103, May 29, 2014, at Pages 30788-30790.

Deadline to submit applications for membership on the Department of Commerce (DOC) National Advisory Council on Innovation and Entrepreneurship. See, notice in the Federal Register, Vol. 79, No. 116, June 17, 2014, at Pages 34488-34489.

11:00 AM - 2:00 PM. The National Science Foundation's (NSF) Networking and Information Technology Research and Development (NITRD) Program's Large Scale Networking Joint Engineering Team (LSN/JET) meets the third Tuesday of each month. See, notice in the Federal Register, Vol. 78, No. 226, November 22, 2013, at Page 70076. Location: NSF, 4201 Wilson Boulevard, Arlington, VA.

12:00 NOON - 1:30 PM. The Federal Communications Bar Association's (FCBA) Young Lawyers Committee will host a panel discussion titled "All Things Spectrum". The speakers will be Jeff Carlisle (LightSquared), Kathleen Ham (T-Mobile USA), Tamara Preiss (Verizon), Jessica Elder (LMI Advisors), and Sean Spivey (Competitive Carriers Association). For more information, contact Lindsey Tonsager at ltonsager at cov dot com or Rachael Bender at rbender at mobilefuture dot org. No webcast. Free. Bring your own lunch. Location: Hogan Lovells, 555 13th St., NW.

Deadline to submit initial comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking (NPRM) that proposes rules for the regulation of the network management practices of broadband internet access service (BIAS) providers. The FCC adopted and released this item on May 15, 2014. It is FCC 14-61 in GN Docket No. 14-28. See also, stories titled "FCC Adopts Net Neutrality NPRM", "Summary of the FCC's Proposed Net Neutrality Rules", and "Net Neutrality NPRM and Pay for Priority Agreements" in TLJ Daily E-Mail Alert No. 2,659, May 19, 2014.