TLJ News from April 21-25, 2012

Republicans Introduce Bills to Prevent Agencies From Adopting Major Rules Under a Lame Duck President

4/25. Rep. Reid Ribble (R-WI) and other House Republicans introduced HR 4607 [LOC | WW], the "Midnight Rule Relief Act of 2012", on April 24, 2012. Sen. Ron Johnson (R-WI) and other Senate Republicans introduced S 2368 [LOC | WW], the companion bill in the Senate, on April 25.

These bills would prevent federal agencies, including the Federal Communications Commission (FCC), from proposing or finalizing any major rules between the Presidential election day, and inauguration day, unless the sitting President is re-elected.

These bills would provide that "an agency may not propose or finalize any midnight rule that the Administrator of the Office of Information and Regulatory Affairs of the Office of Management and Budget finds is likely to result in -- (1) an annual effect on the economy of $100,000,000 or more; (2) a major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies, or geographic regions; or (3) significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of United States-based enterprises to compete with foreign-based enterprises in domestic and export markets."

Rep. Ribble stated in a release that these bills "will serve as a levee to protect job creators against a flood of new regulations imposed by officials with no accountability to the American public".

Rep. Ron JohnsonSen. Johnson (at right) stated in a release that "Significant regulatory actions should be proposed and put in place before Election Day. Too often, Presidents wait until after the voters have spoken to impose new and costly rules -- rules that the people ought to know about before going to the polls. This bill ensures that except for some specific circumstance, new major regulations will not be imposed once a President has become a lame duck."

The House Oversight and Government Reform Committee (HOGRC) approved HR 4607 on April 26, 2012, by voice vote. The bill was also referred to the House Judiciary Committee (HJC).

The original cosponsors include Rep. Lee Terry (R-IA), Vice Chairman of the House Commerce Committee's (HCC) Subcommittee on Communications and Technology.

The full House passed HR 3309 [LOC | WW], the "Federal Communications Commission Process Reform Act of 2012", on March 27, 2012. That bill would affect FCC rulemaking. However, it would not affect rulemaking by the FCC under lame duck Presidents. It would impose additional requirements upon the FCC when it adopts rules with an "economically significant impact".

Moreover, the HR 3309 definition of "economically significant impact" mirrors HR 4607. HR 3309's definition is "an effect on the economy of $100,000,000 or more annually or a material adverse effect on the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities".

See also, stories titled "House Passes FCC Process Reform Act" and "Summary of HR 3309 As Passed by the House" in TLJ Daily E-Mail Alert No. 2,361, March 30, 2012.

The Senate bill has 35 sponsors. It was referred to the Senate Homeland Security and Governmental Affairs Committee.

If Mitt Romney were to defeat Barack Obama in the Presidential election in November, then Democratic appointees at many federal agencies would likely adopt rules that these bills are intended to block. Hence, these bills have the support of many Congressional Republicans, but not Congressional Democrats, and President Obama has incentives to veto these bills. In the next Congress, if Romney were elected President, Congressional Republicans would no longer have the same incentives to pass bills like these.

House Passes DATA Act

4/25. The House passed HR 2146 [LOC | WW], the "Digital Accountability and Transparency Act", or DATA Act, by voice vote under suspension of the rules. See, manager's amendment [51 pages in PDF]. The Senate has yet to pass this bill.

This bill is intended to increase transparency in federal government spending. It would provide for the creation of financial data reporting standards for federal agencies and recipients of federal funding.

It would create a five member bipartisan Federal Accountability and Spending Transparency Commission, or FAST Commission, which would be "responsible for the collection, storage, and public disclosure of information about Federal spending". It would also be responsible for "Standardizing common data elements and data reporting standards to foster transparency and accountability for Federal spending". It would also oversee the online publication of federal spending data in a successor web site to USASpending.gov.

See also, story titled "Rep. Issa Releases Revised Draft of DATA Bill" in TLJ Daily E-Mail Alert No. 2,376, April 20, 2012.

Sponsors Agree to Some Amendments to CISPA

4/25. The House Rules Committee (HRC) adopted a rule [PDF] for consideration of HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA", on Wednesday, April 25, 2012.

This bill would enhance cyber security efforts by enabling more information sharing. It would also leverage this information sharing process to broadly expand surveillance activities unrelated to cyber security.

The House is scheduled to begin consideration of the CISPA on Thursday, April 26, 2012, and finish on Friday, April 27.

This rule provides for consideration of a base bill [18 pages in PDF], and makes in order 16 amendments.

Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD), the Chairman and ranking Democrat on the House Intelligence Committee (HIC), and sponsors of the bill, announced in a joint release that they have agreed to several amendments.

Greg Nojeim of the Center for Democracy and Technology (CDT) stated in a short piece on April 25 that the HIC "has agreed to support certain amendments that will improve CISPA in terms of  privacy and civil liberties. However, the Committee-supported amendments leave two key issues unresolved -- the flow of information to the super-secret National Security Agency and the broad purposes for which that information can be used."

The CDT announced late on April 25 that since the HRC has not made in order key amendments, the CDT opposes the bill.

What Use Can Government Make of Shared Information? This remains one of the most controversial aspects of the bill.

The base bill provides as follows:

This is broad.

Rep. RuppersbergerRep. Rogers and Rep. Ruppersberger (at right) announced their joint release on April 24 that they have agreed to an amendment that they state would "significantly tighten the bill's current limitation on the Federal Government’s use of cyber threat information".

However, the new language continues to allow broad use, including use unrelated to cyber security.

This amendment would provide that "The Federal Government may use cyber threat information shared with the Federal Government ... for cybersecurity purposes ... for the investigation and prosecution of cybersecurity crimes ... to protect the national security" and to investigate and prosecute a wide range of crimes, including pornography crimes.

This is amendment number 38, offered by Rep. Ben Quayle (R-AZ), Rep. Anna Eshoo (D-CA), Rep. Mike Thompson (D-CA), and Rep. Paul Broun (R-GA).

Rep. Zoe Lofgren (D-CA) submitted an amendment (number 25) to the HRC that was not made in order. It would have provided the following limitation:

18 U.S.C. § 2516 pertains to "Authorization for Interception of Wire, Oral or Electronic Communications", and lists the predicate offenses for the issuance of an intercept order.

Rep. Lofgren also released a list of her "Key Concerns" with the CISPA. She wrote that "CISPA would override all other federal and state privacy laws, and allow a private company to share nearly anything -- from the contents of private emails and Internet browsing history to medical, educational and financial records -- as long as it "directly pertains to" a "cyber threat," which is broadly defined."

What Information Can Companies Give to the Government? The base bill contains a definition of "Cyber Threat Information", which can be shared with the government.

Rep. Rogers and Rep. Rupperberger announced their joint release that they have agreed to an amendment that they state would "tighten the bill's definitions to narrow what cyber threat information may be identified, obtained, and shared".

This amendment that would replace the definition of "Cyber Threat Information", to provide that it means (1) "a vulnerability of a system or network of a government or private entity", (2) "a threat to the integrity, confidentiality, or availability of a system or network of a government or private entity or any information stored on, processed on, or transiting such a system or network, (3) "efforts to degrade, disrupt, or destroy a system or network of a government or private entity", or (4) "efforts to gain unauthorized access to a system or network of a government or private entity, including to gain such unauthorized access for the purpose of exfiltrating information stored on, processed on, or transiting a system or network of a government or private entity".

But, it would not include "information pertaining to efforts to gain unauthorized access to a system or network of a government or private entity that solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access".

This is amendment 39 offered by Rep. Bob Goodlatte (R-VA).

To What Government Agencies Can Companies Give Information? The base bill allows companies to share information with the "Federal Government".

Rep. Lofgren wrote in her list of "Key Concerns" that "Other information sharing bills would direct private information from domestic sources to civilian agencies, such as the Department of Homeland Security. CISPA contains no such limitation. Instead, the Department of Defense and the NSA could solicit and receive information directly from American companies, about users and systems inside the United States."

However, Rep. Rogers and Rep. Rupperberger announced no concessions on this issue. Moreover, the HRC did not make in order key amendments that would allow the full House to vote on this issue.

Rep. Jan Schakowsky (D-IL) and Rep. Loretta Sanchez (D-CA) submitted an amendment (number 19) to the HRC that was not made in order. It would have provided that "Federal Government" does not include the Department of Defense (DOD), National Security Agency (NSA), or any of the five armed services.

Rep. Jan SchakowskyRep. Schakowsky (at right) is the only member of the HIC who voted against the bill in Committee.

Rep. Bennie Thompson (D-MS) and others submitted an amendment (number 21) to the HRC that was not made in order. It would have replaced the words "Federal Government" with "Department of Homeland Security or another civilian agency".

Rep. Thompson is the ranking Democrat on the House Homeland Security Committee (HHSC), which oversees the Department of Homeland Security (DHS).

Select Other Amendments Made in Order.

Rep. Mick Mulvaney (R-SC) offered an amendment (number 29) that the HRC made in order that would sunset the provisions of the bill after five years.

Rep. Justin Amash (R-MI)) offered an amendment (number 33) that the HRC did make in order that would provide that the government cannot make use of the following information shared pursuant to this bill: "Library circulation records ... Library patron lists ... Book sales records ... Book customer lists ... Firearms sales records ... Tax return records ... Educational records ... Medical records".

Rep. John Conyers (D-MI) offered an amendment (number 30) that the HRC did make in order that revises the provision regarding "Exemption from Liability" for sharing information. It would delete immunity from criminal prosecution, but retain immunity from civil suit.

Select Other Amendments Not Made in Order.

Rep. Adam SchiffRep. Adam Schiff (D-CA) (at right), a member of the HIC, submitted an amendment (number 26) to the HRC that was not made in order. It contains several changes to the base bill. It would narrow the use government could make of shared information. It would also require the DHS to "develop and periodically review policies and procedures governing the receipt, retention, use, and disclosure" of information shared pursuant to this bill.

He stated in a release that "I believe that my amendment would narrowly tailor the bill to its purpose of protecting us from attacks on our cyber infrastructure and protecting trade secrets while protecting the privacy and civil liberties of ordinary Americans."

Obama EOP Opposes CISPA

4/25. The Executive Office of the President (EOP) released a statement in opposition to the HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA".

The statement, titled "Statement of Administration Policy" or SAP, preceded the House Rules Committee's (HRC) adoption of a rule [PDF] that makes in order amendments that address criticisms contained in the SAP.

The SAP states that "the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form", and "if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill".

"The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace." The SAP continues that the bill repeals "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards".

The SAP adds that the bill "effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."

Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD), the Chairman and ranking Democrat on the House Intelligence Committee (HIC), and sponsors of the bill, wrote in a joint statement on April 25 that "The basis for the Administration's view is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction."

"We would also draw the White House's attention to the substantial package of privacy and civil liberties improvement announced yesterday which will be added to the bill on the floor."

"The SAP was limited to the bill in ``its current form´´ -- however, as the bipartisan managers of the bill announced yesterday -- they have agreed to a package of amendments that address nearly every single one of the criticisms leveled by the Administration, particularly those regarding privacy and civil liberties of Americans."

Judicial Appointments

4/25. President Obama nominated Terrence Berg to be a Judge of the U.S. District Court for the Eastern District of Michigan. See, White House news office release and release.

4/25. President Obama nominated Jesus Bernal to be a Judge of the U.S. District Court for the Central District of California. See, White House news office release and release.

4/25. President Obama nominated Shelly Dick to be a Judge of the U.S. District Court for the Middle District of Louisiana. See, White House news office release and release.

4/25. President Obama nominated Lorna Schofield to be United States District Judge for the Southern District of New York. See, White House news office release and release. She has worked for the law firm of Debevoise & Plimpton since 1988.

More News

4/24. Rep. Eddie Johnson (D-TX) and other Democrats introduced HR 4483 [LOC | WW], the "Broadening Participation in STEM Education Act", a bill pertaining to National Science Foundation (NSF) grants related to university science, technology, engineering, and mathematics (STEM) education, and underrepresented minority groups at institutions of higher education. It was referred to the House Science Committee (HSC).

4/24. The U.S. Department of Justice (DOJ) announced in a release that it has "intervened in a lawsuit against Japanese company, Toyo Ink Manufacturing Co. Ltd. and its U.S. subsidiaries", Toyo Ink International Corp., Toyo Ink America LLC, and Toyo Ink Manufacturing America LLC. The complaint alleges that these companies misrepresented the country of origin on documents presented to U.S. Customs and Border Protection to avoid paying antidumping and countervailing duties. Toyo Ink International responded in a release that "We are disappointed by today's announcement by the Department of Justice that it is intervening in a whistleblower lawsuit initiated by a Toyo Ink competitor. The whistleblower allegations that Toyo Ink engaged in any fraudulent activity are false and appear to be driven by business considerations rather than facts. Toyo Ink has a substantial presence in the US, including multiple production facilities and administrative offices providing meaningful employment opportunities for US workers. ... Toyo Ink expects its conduct to be fully vindicated by the court and regrets the competitor’s attempts to gain an unfair competitive advantage over Toyo Ink by initiating this unfounded lawsuit." Toyo Ink makes printing ink, including for film printing, paper printing, printed circuit boards (PCBs), flexible printed circuits (FPCs), RFID antennas and EMI shields.

Rep. Lofgren Announces Key Concerns with CISPA

4/23. Rep. Zoe Lofgren (D-CA), who represents a Silicon Valley district, released a document that lists her "Key Concerns" with HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA".

She stated in a release on April 23 that "Our country faces a serious challenge in securing both public and private networks from a wide variety of attacks. I would support narrowly-drafted legislation that allows the government and the private sector to share information when truly necessary for cybersecurity purposes, as long as it also includes robust privacy protections."

"Unfortunately", wrote Rep. Lofgren, "CISPA as currently drafted does not meet these criteria and therefore I cannot support it in its current form. I made suggestions to improve the bill to safeguard the privacy and due process rights of all Americans."

However, on April 24, the House Rules Committee (HRC) did not make in order her amendment (number 25) that would have limited the use the government can make of shared information.

Rep. Zoe LofgrenRep. Lofgren (at right) wrote in her list of concerns that "CISPA could allow any private company to share vast amounts of sensitive, private data about its customers with the government."

She wrote that "CISPA does not require that data shared with the government be stripped of unnecessary personally-identifiable information."

She wrote that "CISPA would allow the government to use collected private information for reasons other than cybersecurity."

She wrote that "CISPA would give Internet Service Providers free rein to monitor the private communications and activities of users on their networks."

She wrote that "CISPA would empower the military and the National Security Agency (NSA) to collect information about domestic Internet users."

She wrote that "CISPA places too much faith in private companies, to safeguard their most sensitive customer data from government intrusion."

She elaborated that "While information sharing would be voluntary under CISPA, the government has a variety of ways to pressure private companies to share large volumes of customer information. With complete legal immunity, private companies have few clear incentives to resist such pressure. There is also no requirement that companies ever tell their customers what they have shared with the government, either before or after the fact."

Public Knowledge Paper Urges FCC Oversight of BIAS Pricing Plans

4/23. The Public Knowledge (PK) released a vaguely argued paper titled "Know Your Limits: Considering the Role of Data Caps and Usage Based Billing in Internet Access Service". The paper praises flat rate price plans for broadband internet access service (BIAS), and criticizes both usage based pricing (UBP) plans and data caps on flat rate plans.

Also on April 23, the PK sent letters to BIAS providers AT&T, AT&T Mobility, Comcast, Cox, Sprint, T-Mobile, Time Warner Cable, Verizon, and Verizon Wireless that propounds numerous interrogatories regarding usage based pricing plans and data caps on flat rate plans.

The PK paper argues that BIAS providers must disclose, explain, and justify their pricing. Moreover, this must be subject to monitoring and oversight by regulators. However, the paper avoids use of the phrase "FCC price regulation".

Randall May, head of the Free State Foundation, and a former FCC Associate General Counsel, stated in a release that the PK is ultimately calling for "rate regulation for Internet providers. While Public Knowledge doesn't put the matter so bluntly, or transparently, when it calls for government ``oversight´´ of usage-based pricing, it acknowledges the government, of necessity, would examine factors such as the cost justification for different pricing structures, the costs of additional network investments, the relation of various prices to additional increments of usage, the relation of prices to usage during different periods during the day, and the like."

The PK paper does not suggest a costs plus reasonable rate of return method of price regulation. Rather, the PK suggests oversight of the method of pricing BIAS.

The PK paper states that BIAS providers must disclose the "underlying justifications for the pricing structures" and "must explain what goals UBP is designed to achieve".

It states that ""regulators must vigilantly monitor UBP schemes to ensure that service providers do not leverage market power to increase costs and suppress demand for competing services delivered over IP."

It adds that "regulatory oversight is critical to maintaining a competitive landscape for services delivered over IP".

In 2007 the PK and Free Press (FP) complained to the FCC about Comcast's network management practices. The FCC ultimately issued an order in which it asserted authority to regulate Comcast's network management practices. The Court of Appeals then overturned that order. However, in their complaint to the FCC, the PK and FP stated that, rather than degrading peer to peer applications, Comcast "could charge by usage". (See, PK/FP complaint at page 26.)

They also wrote, citing a paper by Chris Yoo, that "network providers would most efficiently manage their networks not by blocking applications, but by charging users for the users' bandwidth use. If users must pay for the bandwidth they use, then the users will better internalize the costs and benefits of their use. If the users do not pay per-bandwidth of use, then the users have no incentive to conserve their bandwidth." (At page 27.)

Also, on April 23, 2012, the PK, FP, New America Foundation (NAF), and Consumers Union (CU) sent a letter to the Senate Commerce Committee (SCC) in which they criticized "economically unjustified limitations and restrictions on data usage imposed by certain broadband Internet access providers" and asked the SCC to "take a closer look at the justification for data caps".

The SCC held a hearing on April 24 titled "The Emergence of Online Video: Is It The Future?".

People and Appointments

4/23. The Senate confirmed Brian Wimes to be a Judge of the U.S. District Court for the Eastern and Western Districts of Missouri by a vote of 92-1. See, Roll Call No. 67.

4/23. Rep. Greg Walden (R-OR) and Rep. Anna Eshoo (D-CA), the Chairman and ranking Democrat of the House Commerce Committee's (HCC) Subcommittee on Communications and Technology, announced the formation of a Federal Spectrum Working Group. They will be ex officio members. Rep. Brett Guthrie (R-KY) and Rep. Doris Matsui (D-CA) will be co-chairs. The other members will be Rep. John Shimkus (R-IL), Rep. Mike Rogers (R-MI), Rep. Steve Scalise (R-LA), Rep. Diana DeGette (D-CO), Rep. John Barrow (D-GA), and Del. Donna Christensen (D-VI). All are members of the HCC.

More News

4/23. The Consumer Electronics Association (CEA) released its Index of Consumer Technology Expectations (ICTE) for the month of April. The CEA stated in a release that the ICTE "fell to 84.4, down 4.5 points from March. The ICTE, which measures consumer expectations about technology spending, is two points higher than this time last year."

Advocates of Limited Government Request Changes to CISPA

4/21. The Tech Freedom (TF), Competitive Enterprise Institute (CEI), Liberty Coalition, Freedom Works, and Americans for Limited Government sent a letter to Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) regarding HR 3523 [LOC | WW] is the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA".

They wrote that the base bill [18 pages in PDF] to be considered by the House on April 26-27 "risks unduly expanding federal power, undermining freedom of contract, and harming U.S. competitiveness in the technology sector".

First, they wrote that "While CISPA enables companies to restrict how cyber threat information they share may be used by other entities, the bill's sweeping immunity provision effectively denies providers the ability to make enforceable promises to impose such restrictions on third parties."

Second, they wrote that "CISPA wisely bars the federal government from using cyber threat information ``for regulatory purposes.´´ But the bill permits all other governmental uses so long as ``at least one significant purpose´´ of such use is for ``cybersecurity´´ or the ``protection of [U.S.] national security.´´ Thus, if a federal agency received a private e-mail pertaining to not only a cyber threat but also, for instance, to a criminal violation of the Internal Revenue Code or the Archaeological Resources Protection Act, that agency could share the e-mail with any other governmental entity for use in criminal prosecution." (Footnote omitted. Brackets in original.)

Third, they wrote that "CISPA creates a limited private right of action allowing individuals whose information has been improperly used or shared by a governmental entity to recover actual damages. But for an aggrieved party to prevail, it must show the governmental entity ``intentionally or willfully´´ violated the statute. Imposing such a high burden on potential plaintiffs will under-deter governmental agencies from negligently handling private information. Therefore, CISPA's private right should also allow individuals to recover damages for grossly negligent violations by governmental entities."

Fourth, they wrote that "CISPA immunizes covered private firms that share ``cyber threat information" for a ``cybersecurity purpose´´ with any other entity -- private or governmental -- from all forms of civil and criminal liability." But, they argue, "CISPA should only immunize companies for sharing information when they have an objectively reasonable belief that it pertains to a cyber threat."

Fifth, they argue that the CISPA should bar the federal government from using the procurement process to coerce private companies. "CISPA should contain an enforceable ban on such quid pro quos to deter potential abuse by federal agencies, some of which have historically leveraged the procurement process to strong-arm private entities into facilitating mass digital surveillance." (Footnote omitted.)

They also argue that the bill's definition of "cyber threat information" should be narrowed.

Finally, they argue for meaningful oversight, by the Privacy and Civil Liberties Oversight Board (PCLOB). See, story titled "Senate Judiciary Committee Holds Hearing on PCLOB Nominees" in TLJ Daily E-Mail Alert No. 2,375, April 19, 2012.

Go to News from April 16-20, 2012.