|TLJ News from September 1-5, 2013|
FCC Announces Tentative Agenda for September 26 Meeting
9/5. The Federal Communications Commission (FCC) released a tentative agenda for its event titled "open meeting" scheduled for September 26, 2013. It is scheduled to adopt an NPRM regarding towers and birds, an NPRM regarding its TV ownership rule, and a MOO that resolves Bloomberg's two year old complaint against Comcast for allegedly violating the neighborhooding condition imposed with the approval of the Comcast NBCU transaction. There will also be a staff update on LPFM.
Birds. The FCC is scheduled to adopt a Notice of Proposed Rulemaking (NPRM) regarding its antenna structure registration (ASR) program, and environmental processing.
The National Environmental Policy Act (NEPA), which is codified at 42 U.S.C. § 4321 et seq., requires all federal agencies, including the FCC, to identify and take into account environmental effects when deciding whether to authorize or undertake a major federal action.
Hence, the FCC must comply with the NEPA in proceedings pertaining to the effect of communications towers on migratory birds. The FCC opened a proceeding back on August 20, 2003 with a Notice of Inquiry (NOI) [18 pages in PDF]. See, story titled "FCC Release NOI On Communications Towers and Migratory Birds" in TLJ Daily E-Mail Alert No. 723, August 21, 2003. The FCC released a Notice of Proposed Rulemaking (NPRM) [40 pages in PDF] on November 7, 2006.
The U.S. Court of Appeals (DCCir), construing the NEPA, issued an opinion on February 18, 2008, in which it vacated an FCC order that denied a petition for protection of birds. See, American Bird Conservancy v. FCC, which is reported at 516 F.3d 1027.
The FCC adopted an Report and Order (R&O) [58 pages in PDF] on December 6, 2011. It released that order on December 9, 2011. It is FCC 11-181 in WT Docket No. 08-61 and WT Docket No. 03-187.
The FCC's rules for "Construction, Marking and Lighting of Antenna Structures" are codified at 47 C.F.R. Part 17. Its ASR rules are codified at 47 C.F.R. § 17.4.
On March 13, 2012, the FCC's Wireless Telecommunications Bureau (WTB) released a document [166 pages in PDF] titled "Final Programmatic Environmental Assessment for the Antenna Structure Registration Program". The FCC outsourced the writing of that document to the URS Group, Inc.
The Department of the Interior's (DOI) Fish and Wildlife Service (FWS) wants the FCC to impose a more onerous ASR regulatory regime upon communications companies for the purpose of reducing the number of collisions of migratory birds with communications towers. See, March 2013 filing [15 pages in PDF].
The DOI wants the FCC to "create a programmatic approach to authorizing communication towers that, along with its goal of avoiding and minimizing hazards to air navigation, explicitly seeks to avoid or minimize bird mortality. The FCC could begin by revising the ``Purpose´´ section to include a goal of reducing adverse effects to migratory birds, in particular, birds of conservation concern (BCC) that are drawn from the list of 1,007 species that are presently protected under the Migratory Bird Treaty Act (MBTA). Accordingly, the alternatives considered would then incorporate measures that are designed to avoid or minimize the environmental damages associated with those actions. We recommend that the FCC use the present opportunity to coordinate with the FWS to formulate systematic, consistent, and verifiable measures that would reduce bird mortalities at facilities regulated under the ASR."
Several interest groups (Defenders of Wildlife, Audubon Society, and American Bird Conservancy) advocate enhanced regulation. See, January 14, 2011 filing [12 pages in PDF].
Verizon Wireless wants the FCC to exempt temporary cells on light trucks (COLTs) and cells on wheels (COWs) from the antenna structure notice requirements adopted in the 2011 R&O. See, October 26, 2012 filing.
There is also Congressional activity pertinent to this topic. Members of the House -- mostly Republicans and mostly members of the House Judiciary Committee (HJC) -- have introduced legislation that would ease various environmental permitting processes. These bills are primarily directed at regulation of the oil and gas industry, but may also impact bird based regulation of communications. For the 112th Congress, see HR 4377 [LOC | WW], the "Responsibly And Professionally Invigorating Development Act of 2012", or "RAPID Act". For the 113th Congress, see, HR 2641 [LOC | WW], also titled the "RAPID Act", introduced on July 10, 2013, by Rep. Tom Marino (R-PA) and others.
Rep. Marino stated in a release that the NEPA "requires federal agencies to analyze the environmental impacts of new federal actions. While the goals of NEPA are worthy, there are no checks or limits on the process. As often happens with an over-expansive federal government, over the years the machinery has slowed as more and more bureaucrats have gotten involved in the process."
Media Ownership. Second, the FCC is scheduled to adopt an NPRM regarding one of its many regimes for regulating ownership of media. This NPRM pertains to the FCC's national television rule, which limits any entity from owning TV stations that cumulatively reach more that 39 percent of TV households nationwide.
The current rule counts TV stations on UHF channels (14 and above) differently from TV stations on VHF channels (13 and below). The NPRM may propose changing the rule to end the current 50% UHF discount for the purpose of estimating a TV station's national audience reach.
The FCC's media ownership rules are old and obsolete. They are repugnant to the First Amendment, and fail to recognize the proliferation of new platforms for distribution of news, programming, information, and other things.
However, there are well organized lobbies for media ownership regulation, and the U.S. Court of Appeals (3rdCir), which has ruled in challenges to the FCC's media ownership rules, does not recognize the veracity of the preceding paragraph.
47 C.F.R. § 73.3555(e) provides in part that "No license for a commercial television broadcast station shall be granted, transferred or assigned to any party (including all parties under common control) if the grant, transfer or assignment of such license would result in such party or any of its stockholders, partners, members, officers or directors having a cognizable interest in television stations which have an aggregate national audience reach exceeding thirty-nine (39) percent."
It further provides that "National audience reach means the total number of television households in the Nielsen Designated Market Areas (DMAs) in which the relevant stations are located divided by the total national television households as measured by DMA data at the time of a grant, transfer, or assignment of a license. For purposes of making this calculation, UHF television stations shall be attributed with 50 percent of the television households in their DMA market."
Bloomberg v. Comcast. Third, the FCC is scheduled to adopt a Memorandum Opinion and Order (MOO) regarding Bloomberg's complaint to the FCC about Comcast's compliance with merger conditions imposed by the FCC when it approved the Comcast NBCU transaction in January of 2011. Bloomberg asserted that Comcast violated the new neighborhooding condition imposed upon Comcast.
The FCC issued its Memorandum Opinion & Order (MOO) [279 pages in PDF] approving the merger, subject to conditions, on January 20, 2011. It is FCC 11-4 in MB Docket No. 10-56.
That 2011 MOO, in Appendix A, at page 121, sets forth the following condition: "If Comcast now or in the future carries news and/or business news channels in a neighborhood, defined as placing a significant number or percentage of news and/or business news channels substantially adjacent to one another in a system's channel lineup, Comcast must carry all independent news and business news channels in that neighborhood."
Bloomberg filed a complaint with the FCC on June 13, 2011, in which it wrote that "Despite a clear requirement in the FCC Order that Comcast include independent news channels, such as Bloomberg Television ("BTV"), in Comcast's existing news neighborhoods, Comcast refuses to implement the Commission's express direction."
Bloomberg continued that it "has asked Comcast to place BTV in Comcast's existing news neighborhoods on all Comcast systems in the 35 most populous DMAs. Comcast, however, has refused, claiming that it does not currently have any news neighborhoods and, in any event, that the Commission's news neighborhooding condition applies only to neighborhoods that will be created in the future. Neither of these assertions has any merit."
Comcast filed an answer [206 pages in PDF] with the FCC on July 27, 2011. It wrote that Bloomberg is attempting to "extract preferential channel placement on Comcast's cable systems through regulatory gamesmanship", that it has not violated the MOO, and that the complaint should be denied.
This proceeding is MB Docket No. 11-104.
LPFM. Finally, there will be a presentation by personnel of the FCC's Media Bureau regarding the October 15-29, 2013 open filing window for applicants seeking to operate new Low Power FM radio stations.
The event is scheduled for Thursday, September 26, 2013 at 10:30 AM at the FCC headquarters, Room TW-C305, 445 12th Street, SW.
Report Addresses Development of Cloud Computing in the PRC
9/5. The U.S.-China Economic and Security Review Commission (USCESRC) released an outsourced report [59 pages in PDF] titled "Red Cloud Rising: Cloud Computing in China".
The report states that the government of the People's Republic of China (PRC) has prioritized the development of cloud computing within the PRC, and that this may affect the economic and security interests of U.S., and the interests of U.S. consumers.
It states that "The emergence of China-based cloud computing services and solutions may raise significant concerns for US consumers, particularly if their data is being stored or processed using infrastructure located within Mainland China."
It elaborates that "Any future growth in US consumer use of China-based cloud computing infrastructure would likely raise significant security concerns. Regulations requiring foreign firms to enter into joint cooperative arrangements with Chinese companies in order to offer cloud computing services may jeopardize the foreign firms’ information security arrangements. Furthermore, Chinese-language news sources indicate that China’s primary foreign intelligence collection organization, the Ministry of State Security, has taken an oversight role in projects aimed at bringing foreign cloud computing investment to China."
It also states that "Chinese cloud computing infrastructure could be used for offensive cyber operations, but the same is true of public cloud computing platforms globally."
It also states that "The security vulnerabilities of Chinese cloud infrastructure are not inherently different from those of other cloud infrastructure around the globe."
The authors of the report are Leigh Ann Ragland, Joseph McReynolds, Matthew Southerland, and James Mulvenon of the Center for Intelligence Research and Analysis (CIRA), which is a division of the Defense Group Inc. (DGI).
BIS Seeks Comments on Extending Rules That Restrict Exports of Certain IT Products
9/5. The Department of Commerce's (DOC) Bureau of Industry and Security (BIS), which regulates exports and related matters, published a notice in the Federal Register (FR) requesting comments regarding extension of its foreign policy based export control regulations.
The BIS's foreign policy based rules affect, among other things, certain microprocessors, encryption products, cameras, and communication intercepting devices, software and technology.
Section 6 of the Export Administration Act of 1979 (EAA), as expired, requires the BIS to extend these regulations annually.
The BIS asks, for example, what is the "likelihood that such controls will achieve their intended foreign policy purposes, in light of other factors, including the availability from other countries of the goods, software or technology proposed for such controls"?
The BIS also asks what are the "comparative benefits to U.S. foreign policy objectives versus the effect of the controls on the export performance of the United States, the competitive position of the United States in the international economy, the international reputation of the United States as a supplier of goods and technology"?
The BIS also asks for information about similar export controls, and licensing regimes, maintained by other countries.
The deadline to submit comments is October 7, 2013. See, FR, Vol. 78, No. 172, September 5, 2013, at Pages 54623-54625.
The provisions of the EAA remain in effect, notwithstanding expiration of the statute, by annual Presidential declarations. See, notice in the Federal Register, Vol. 78, No. 155, August 12, 2013, at Pages 49105-49107, and "More News" in TLJ Daily E-Mail Alert No. 2,590, August 27, 2013. See also, stories titled "Obama Issues Annual Routine Emergency Export Regulation Declaration" in TLJ Daily E-Mail Alert No. 2,429, August 15, 2012, and "President Issues Another Routine Emergency Declaration to Continue Export Regulation Regime" in TLJ Daily E-Mail Alert No. 2,288, August 13, 2011.
NYT Reports on NSA Encryption Cracking Tactics
9/5. The New York Times (NYT) published a story on September 5, 2013 titled "N.S.A. Able to Foil Basic Safeguards of Privacy on Web" by Nicole Perlrothy, Jeff Larson and Scott Shane.
This article states that it is based in large part of documents disclosed by Edward Snowden.
The NYT story states that the National Security Agency (NSA) "has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show."
That the NSA breaks encryption is nothing new. NSA personnel have stated in public Congressional hearings that the NSA continually seeks the capacity to decrypt encrypted items, including digital files and communications, and that it enjoys considerable success at this.
However, the NYT story states much more.
The NYT states that the NSA "began collaborating with technology companies in the United States and abroad to build entry points into their products".
This is a particularly vague statement. This statement is not inconsistent with compliance by companies with requirements imposed by the Communications Assistance for Law Enforcement (CALEA), as implemented and expanded by the Federal Communications Commission (FCC), to build their networks in a manner that facilitates lawful law enforcement and intelligence intercepts.
On the other hand, "entry points" is a vague term that could also mean activities unrelated to the CALEA.
The CALEA is codified at 47 USC §§ 1001-1010. See also, story titled "FCC Amends CALEA Statute" in TLJ Daily E-Mail Alert No. 1,191, August 9, 2005.
The NYT states that the NSA "hacked into target computers to snare messages before they were encrypted".
The NYT states that "companies say they were coerced by the government into handing over their master encryption keys or building in a back door."
The article does not list any such companies. Nor does it list which agencies engaged in coercion.
Nor does the article disclose what it means by "coerced". For example, it does not state whether or not being "coerced" means compliance with lawfully issued court orders. Indeed, late in the article, the NYT refers to "forcing their cooperation with court orders".
On the other hand, being "coerced" could mean submission in the face of unlawful or improper government actions. For example, it does not state whether government agencies withheld approvals, such as merger approvals by the Department of Justice (DOJ) or license transfer approvals by the Federal Communications Commission (FCC), to coerce companies. Similarly, coercion could mean improper threat of Sherman Act Section 2 single firm conduct actions, or other improper threats of regulatory action.
The NYT also accuses the NSA of "surreptitiously stealing their encryption keys".
The article suggests that the NSA may accomplish this by "hacking into companies' computer servers". The article does not mention breaking and entering, bribing or blackmailing company employees, or other methods. And, it does not identify any companies.
The NYT also accuses the NSA of surreptitiously "altering their software or hardware".
The NYT states that the NSA "used its influence as the world's most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world".
It adds that the NSA "has been deliberately weakening the international encryption standards adopted by developers".
The Center for Democracy and Technology's (CDT) Joseph Hall stated in a release that "These revelations demonstrate a fundamental attack on the way the Internet works. In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it's incredibly destructive for the NSA to add flaws to such critical infrastructure".
Hall continued that "The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners. The NSA simply should not be building vulnerabilities into the fundamental tools that we all rely upon to protect our private information".
The NYT states that the NSA works with industry "to insert vulnerabilities into Internet security products".
The article does not list any internet security companies, or describe any vulnerabilities.
The NYT also states that the NSA has worked with equipment makers to build in back doors.
The article does not list any equipment makers, or describe the nature of any "back doors".
The article states that "the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by exploiting security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments."
More Reaction. The ACLU's Christopher Soghoian stated in a release that "The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets"
He added that "Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA's efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States' reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies."
Commentary: Industry Cooperation on Surveillance
9/5. There are many broad statements in the New York Times' (NYT) September 5, 2013 story about government collaboration with, cooperation from, and coercion of, software, security, communications and chip making companies. However, the article lacks both explanation, and corroborating facts, regarding industry cooperation.
There is an argument to be made, without recourse to any disclosures by Edward Snowden, the NYT or the Guardian, that for at least the last 15 years (TLJ has been reporting for 15 1/2 years) there has been an observable correlation between the treatment that companies have received from federal law enforcement, regulatory and tax agencies, and the extent of their cooperation on surveillance related matters.
Companies that have been in a position to offer U.S. intelligence and law enforcement agencies assistance in their surveillance efforts, and have done so, have fared better before government agencies than companies generally. Conversely, companies that have been in a position to offer surveillance assistance, but have resisted, have fared worse than other companies generally.
Similarly, technologies, business models and practices that have facilitated government surveillance efforts have fared well before government agencies, while technologies, business models and practices that have frustrated surveillance efforts have received unfavorable treatment from government agencies.
These patterns have persisted across the administrations of Clinton, Bush and Obama, and changes in partisan control in the House and Senate.
The most significant agencies involved (other than intelligence and law enforcement) would be the Federal Communications Commission (FCC), the Department of Justice's (DOJ) Antitrust, Tax, Criminal Divisions, the Internal Revenue Service (IRS) and the Securities and Exchange Commission (SEC).
These patterns are not inconsistent with the hypothesis that the federal government has both rewarded and advanced companies and technologies that assist the government, and punished and retarded those that do not. And, if this hypothesis is correct, and understood by the key corporate officers and investors, it would provide a huge incentive to cooperate and collaborate in matters described in the just published NYT article.
Neither government officials nor corporate employees write or state as much publicly. Also, it is often difficult to identify when a company is cooperating or resisting. Such an argument would be based in significant part upon an analysis of the nature, underlying merits, and consequences of a huge number of government prosecutions, administrative proceedings, civil actions to which the U.S. is a party, rulemakings, and other public proceedings.
People and Appointments
9/5. The Copyright Office (CO) announced the creation of two programs for temporary employment of scholars. First, it created a Kaminstein Scholar in Residence Program for established scholars of copyright law. Abraham Kaminstein was the Register of Copyright from 1960 through 1971. Robert Brauneis (George Washington University law school) was named the first Kamenstein Scholar, for the 2013-2014 academic year. Second, the CO created a Ringer Copyright Honors Program for recent law school graduates. Barbara Ringer was the Register of Copyright from 1973 through 1980. See, CO release.
9/4. The Electronic Privacy Information Center (EPIC) and other groups sent a letter [5 pages in PDF] to the Federal Trade Commission (FTC) urging it to take action against Facebook in connection with its recently announced changes to its "Data Use Policy".
The other signers of the letter are the Center for Digital Democracy (CDD), Consumer Watchdog (CW), Patient Privacy Rights (PPR), U.S. Public Interest Research Group (USPIRG), and Privacy Rights Clearinghouse (PRC).
They wrote that "The changes will allow Facebook to routinely use the images and names of Facebook users for commercial advertising without consent. The changes violate Facebook's current policies and the 2011 Facebook settlement with the FTC. The Commission must act to enforce its Order."
On November 29, 2011, the FTC released an administrative complaint against Facebook, and an Agreement Containing Consent Order [10 pages in PDF] that settled that action. The FTC stated in a release that "Facebook changed its website so certain information that users may have designated as private -- such as their Friends List -- was made public. They didn't warn users that this change was coming, or get their approval in advance." See also, story titled "FTC Imposes Privacy Related Terms on Facebook" in TLJ Daily E-Mail Alert No. 2,315, November 29, 2011.
That eight count complaint alleged "unfair or deceptive acts or practices" in violation of Section 5 of the FTC Act, which is codified at 15 U.S.C. § 45.
Count 6 of the complaint pertained to photos. It stated that "Facebook has collected and stored vast quantities of photos and videos that its users upload", and that Facebook has "disseminated statements communicating that a user can restrict access to his or her profile information -- including, but not limited to, photos and videos that a user uploads – by deleting or deactivating his or her user account".
But, the FTC complaint states that contrary to Facebook's assertions, "Facebook has continued to display users' photos and videos to anyone who accesses Facebook's Content URLs for them, even after such users have deleted or deactivated their accounts".
EPIC wrote in its letter that Facebook's just announced policy contains the following new language: "You give us permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you." (Parentheses in original.)
The EPIC and its allies also complained about Facebook's censorship of its users' speech regarding privacy. "In 2010 FB shut down all of the privacy groups on Facebook, including ``FB users against new TOS,´´ which had more than 150,000 members. And Facebook subsequently revised its governing documents to prevent the use of the company's name in any Facebook group, including groups that were formed to protest Facebook's business practices." (Footnotes omitted.)
FTC Brings and Settles Case Alleging Lax Security for IP Based Home Monitoring Camera System
9/4. The Federal Trade Commission (FTC) filed an administrative complaint [8 pages in PDF] against TRENDnet, Inc., a company that markets and sells video cameras designed to allow consumers to remotely monitor their homes via the internet, alleging violation of Section 5 of the FTC Act (15 U.S.C. § 45) for providing lax security which a hacker was able to exploit, and for making false or misleading representations to consumers about the security of its system.
The FTC simultaneously released an agreement [11 pages in PDF] that contains a proposed consent order. It bars TRENDnet from making false representations about the security of its system. It requires TRENDnet to maintain a "comprehensive security program", and to obtain assessments and reports from an independent third party professional. It also imposes record keeping and FTC inspection requirements. The order remains in effect for 20 years.
However, the order imposes no fine, and TRENDnet admits no wrongdoing.
The complaint alleges violation of both the deception and unfairness prongs of Section 5. It alleges deception in connection with TRENDnet's false representation to consumers that it takes reasonable steps to ensure that its IP cameras and mobile apps are a secure means to monitor private areas of a consumer's home or workplace, and other false representations.
The complaint alleges unfairness for failure "to provide reasonable security to prevent unauthorized access to the live feeds from its IP cameras".
The complaint states that TRENDnet "has subjected its users to a significant risk that their sensitive information, namely the live feeds from its IP cameras, will be subject to unauthorized access", and that hackers have in fact exploited the vulnerability of TRENDnet's system.
The complaint states that last year a "hacker visited respondent’s website and reviewed the software that respondent makes available for its cameras. The hacker was able to identify a web address that appeared to support the public sharing of users’ live feeds, for those users who had made their feeds public. Because of the flaw in respondent’s DVSA setting, however, the hacker could access all live feeds at this web address, without entering login credentials, even for users who had not made their feeds public". (DVSA is Direct Video Stream Authentication.)
See also, FTC release.
NIST ISPAB to Hold Three Day Meeting
9/4. The Department of Commerce's (DOC) National Institute of Standards and Technology's (NIST) Information Security and Privacy Advisory Board (ISPAB) announced that it will hold a three day meeting on October 9-11, 2013, to address cyber security and other matters. See, notice in the Federal Register (FR), Vol. 78, No. 171, September 4, 2013, at Page 54454.
This event is open to the public. It will be held at the U.S. Access Board, Suite 800, Conference Room, 1331 F St., NW.
The just released NIST FR notice contains a preliminary agenda for the meeting in October. Most of the items relate to cyber security, and especially, the President's Executive Order (EO) titled "Improving Critical Cybersecurity Infrastructure" of February 12, 2013, and the NIST's Notice of Inquiry (NOI) of March 28, 2013. See, notice in the FR, Vol. 78, No. 60, March 28, 2013, at Pages 18954-18955.
The agenda also lists "Development of New Cybersecurity Framework". The NIST released a document [36 pages in PDF] titled "Discussion Draft of the Preliminary Cybersecurity Framework" on August 28, 2013. See also, related story in this issue titled "NIST Releases Cyber Security Standards Document".
This agenda also states that the White House Cybersecurity Coordinator will speak.
The agenda also states that there will be updates on the Privacy and Civil Liberties Oversight Board (PCLOB) and the NIST's Computer Security Division (CSD).
The agenda also lists several topics related to cyber security at federal agencies.
The agenda also lists "Information Sharing Update".
President Obama and the House have taken widely different approaches to increasing cyber security in the private sector. The President is pursuing a regulatory approach. The House passed bills in both the 112th and 113th Congresses that are designed to increase incentives for companies to share information related to cyber security with the government, and to increase private sector access to cyber threat information.
For the 112th Congress, see HR 3523 [LOC | WW], the "Cyber Intelligence and Sharing Protection Act" or "CISPA", and stories titled "House Passes CISPA" and "Amendment by Amendment Summary of House Consideration of CISPA" in TLJ Daily E-Mail Alert No. 2,380, April 25, 2012. President Obama opposed that bill. See, story titled "Obama EOP Opposes CISPA" in TLJ Daily E-Mail Alert No. 2,379, April 24, 2012. The Senate twice took up a bill supported by the President, but failed to pass it both times.
For the current 113th Congress, see HR 624 [LOC | WW], also titled the "CISPA". The House passed it on April 18, 2013, by a vote of 288-127. Once again, the Senate has not taken it up.
The Senate Commerce Committee (SCC) approved S 1353 [ LOC | WW], the "Cybersecurity Act of 2013", on July 30, 2013. It would amend the NIST Act to give the NIST authority to "facilitate and support the development of a voluntary, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes to reduce cyber risks to critical infrastructure".
The agenda for the NIST/ISPAB meeting in October also states that there will be an "Update on Legislative proposals relating to information security and privacy".
NIST to Hold Workshop on Cloud Computing and Mobility
9/4. The Department of Commerce's (DOC) National Institute of Standards and Technology (NIST) announced that it will host a three day event on October 1-3, 2013 titled "Intersection of Cloud and Mobility Forum and Workshop". See, notice in the Federal Register (FR), Vol. 78, No. 171, September 4, 2013, at Page 54453.
The agenda states that on Tuesday, October 1 there will be presentations "on the future of Cloud Computing, Mobility and where the two intersect", and "a status update on NIST efforts to develop or support development of security, interoperability and portability open standards, cloud service metrics and service level agreement guidance".
On Wednesday, October 2, "the workshop will focus on current Cloud Computing and Mobility challenges and how these challenges could be alleviated or exacerbated at the intersection of Cloud and Mobility".
On the half day session on Thursday, October 3, "the workshop will focus on the path forward to achieve full integration and harmonization of Cloud Computing and Mobility and to explore possibilities for harmonizing the two in ways that unleash their complementing power and augment their inter-correlation to promote progress and prosperity".
The NIST will also provide exhibition space for up to "25 academic, industry, and standards developing organizations to exhibit their respective Cloud Computing or Mobility work at an exhibit table or with a poster".
This event is open to the public. However, registration required. It will be held in the NIST's Red Auditorium, 100 Bureau Drive, Gaithersburg, MD.
Neither the FR notice, nor the event web site or brochure [PDF], requests written comments.
Update on FTC v. LabMD
9/4. The TLJ Daily E-Mail Alert No. 5,595 included a story titled "FTC Administrative Complaint Asserts Authority to Regulate Data Security Practices". The Federal Trade Commission (FTC) has not yet released its complaint, or a redacted copy of the complaint. Subsequent to the publication of that story, Robert Schoshinski of the FTC told TLJ that the complaint alleges violation of Section 5 of the FTC Act (15 U.S.C. § 45), and that it relies upon the unfairness prong, but not the deception prong.
2nd Circuit Rules on FCC's Program Carriage Rules
9/4. The U.S. Court of Appeals (2ndCir) issued its opinion in Time Warner Cable v. FCC, a petition for review of the Federal Communications Commission's (FCC) August 1, 2011 program carriage order. The Court of Appeals rejected the petitioners' First Amendment argument, but held that the FCC adopted its standstill provision in violation of the APA's notice and comment requirement. That is, the FCC's order adopted rules not proposed in the relevant NPRM. Hence, the Court of Appeals granted the petition in part, and vacated the order in part. Of course, the FCC may now issue a new NPRM that gives proper notice, and re-adopt the just vacated rules.
9/4. The Federal Trade Commission (FTC) issued an advisory opinion [6 pages in PDF] to Ezra Levine (Morrison & Foerster), attorney for the Money Services Round Table (MSRT), stating the "FTC staff has no present intention of recommending law enforcement action" regarding the MSRT's proposal to develop a database for the collection and dissemination of information regarding terminated U.S. money transmitter agents. The MSRT is an information sharing and advocacy group for six U.S. non-bank money transmitters: Western Union, MoneyGram International, RIA, SIGUE, Integrated Payment Systems, and American Express.
9/4. The National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) released its draft SP 800-101 Rev. 1 [85 pages in PDF] titled "Guidelines on Mobile Device Forensics". The deadline to submit comments is October 4, 2013.
9/4. The National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) released its draft NIST IR 7946 [41 pages in PDF] titled "CVSS Implementation Guidance". CVSS is Common Vulnerability Scoring System. The deadline to submit comments is October 4, 2013.
FCC Approves AT&T Verizon Grain Spectrum Transaction
9/3. The Federal Communications Commission (FCC) Wireless Telecommunications Bureau (WTB) adopted and released a Memorandum Opinion and Order [31 pages in PDF, redacted] that approves numerous 700 MHz spectrum license assignments and leases involving AT&T, Verizon Wireless and Grain, subject to buildout requirements.
This MOO summarizes the applications that it approves. "Verizon Wireless would assign to AT&T 39 full Lower 700 MHz Band B Block licenses and would assign to Grain I three Lower 700 MHz Band B Block licenses, whose spectrum Grain I would then lease to AT&T. For its part, AT&T would assign to Verizon Wireless one full and five partitioned AWS-1 licenses and would assign to Grain II one AWS-1 license, whose spectrum Grain II would lease to Verizon Wireless. In total, the proposed transactions affect spectrum in 72 markets across the country. For the reasons detailed below, we approve the applications, subject to a condition involving the buildout of the AWS-1 licenses and spectrum being acquired by Verizon Wireless that is consistent with a similar condition imposed by the Commission last year."
AT&T's Bob Quinn stated in a release that "Today's approval of the AT&T/VZW/Grain deal within the FCC’s 180-day review period demonstrates that the secondary market continues to work under Acting Chairwoman Clyburn to ensure that under-utilized spectrum is deployed quickly and efficiently."
Quinn added that "We are also continuing to work with the FCC on the ATNI transaction to provide additional information which addresses the remaining open issues so that deal can be resolved in a timely fashion as well." See, story titled "FCC Further Delays AT&T ATNI Transaction" in TLJ Daily E-Mail Alert No. 2,590, August 27, 2013.
This MOO is DA 13-1854 in WT Docket No. 13-56.
9th Circuit Affirms in Somers v. Apple
9/3. The U.S. Court of Appeals (9thCir) issued its opinion [26 pages in PDF] in Somers v. Apple, a putative class action alleging violation of federal and state antitrust law by Apple in connection with portable digital media players (PDMPs) such as the iPod, music download services such as the iTunes music store, and digital rights management (DRM).
The Court of Appeals affirmed the judgment of the U.S. District Court (NDCal), which denied class certification, and dismissed the complaint for failure to state a claim under Rule 12(b)(6), FRCP.
There is another iPad iTunes antitrust case pending in the same district court. See, In re Apple iPod iTunes Antitrust Litigation, U.S. District Court (NDCal), D.C. No. 05-00037. The Court of Appeals also refers to that other action as the "Direct Purchaser Action".
This is a grasping and lingering case with an ancient history. Apple introduced iTunes in 2001, and later that year began sales of the first iPod. It started the iTunes music store in 2003, with the standard price per song of 99¢, and digital rights management (DRM) named "FairPlay".
See, full story.
Microsoft to Acquire Nokia's Devices and Services
9/3. Microsoft and Nokia announced that the Boards of Directors for both companies "have decided to enter into a transaction whereby Microsoft will purchase substantially all of Nokia's Devices & Services business, license Nokia's patents, and license and use Nokia's mapping services". See, Microsoft release and release.
Microsoft elaborated that "Under the terms of the agreement, Microsoft will pay EUR 3.79 billion to purchase substantially all of Nokia’s Devices & Services business, and EUR 1.65 billion to license Nokia’s patents, for a total transaction cost of EUR 5.44 billion in cash."
Nokia states in another release that "Nokia will grant Microsoft a 10 year non-exclusive license to its patents as of the time of the closing, and Microsoft will grant Nokia reciprocal rights related to HERE services. In addition, Nokia will grant Microsoft an option to extend this mutual patent agreement to perpetuity".
Nokia's HERE provides mapping and location services.
The transaction requires approval from U.S. and EU antitrust regulators. Nokia stated that "The transaction is subject to ... a USD 750 million termination fee payable by Microsoft to Nokia in the event that the transaction fails to receive necessary regulatory clearances."
Ronald Klingebiel, a professor at the University of Warwick's business school, stated in a release that "Handset markets are commoditising. The action is in software, apps, and soon these will be delivered online. The emergence of html5 is an early indication. Smartphones will then turn into mere windows to the cloud. There will be little that differentiates one black, rectangular touchscreen phone from another, besides perhaps screen quality and battery life. Handset manufacturers without a suitable software platform in the cloud stand to suffer and Nokia is right to divest of its phone business. Blackberry should do the same. As for Microsoft, it remains to be seen whether it can leverage its still significant strength in desktop operating systems and software and migrate its customers to the mobile cloud."
Verizon to Acquire Vodafone's Interest
9/3. Vodafone announced in a release that it intends "to sell our US group whose principal asset is its 45% interest in Verizon Wireless (``VZW´´) to Verizon Communications Inc. (``Verizon´´), our joint venture partner in VZW, for a total consideration of US$130 billion (£84 billion)."
It added that "As part of the deal we will also acquire Verizon's 23% interest in Vodafone Italy (Vodafone owns the remaining 77%) at a price of US$3.5 billion (£2.3 billion), thereby securing full ownership of Vodafone Italy."
These transactions require numerous regulatory approvals.
9/3. The Department of Justice's (DOJ) Antitrust Division published a notice in the Federal Register (FR) that announces that the Cable Television Laboratories filed a notification of a change in its membership, pursuant to the National Cooperative Research and Production Act of 1993, which pertains to limiting antitrust liability of standard setting consortia. See, Federal Register, Vol. 78, No. 170, September 3, 2013, at Page 54277.
9/3. The Federal Communications Commission (FCC) published a notice in the Federal Register (FR) that sets comment deadlines for its Further Notice of Proposed Rulemaking [94 pages in PDF] regarding the provision and marketing of Internet Protocol Captioned Telephone Service (IP CTS). The FCC adopted and released this item on August 26, 2013. It is FCC 13-118 in CG Docket Nos. 13-24 and 03-123. Initial comments are due by October 18. Reply comments are due by November 18. See, FR, Vol. 78, No. 170, September 3, 2013, at Pages 54201-54209.
CBS Reaches Carriage Agreement with Time Warner Cable
9/2. CBS announced in a release that its has reached an agreement with Time Warner Cable (TWC) and Bright House Networks "for carriage of CBS owned stations on Time Warner Cable systems across the country, as well as Showtime Networks, CBS Sports Network and Smithsonian Channel".
TWC stated in a release that "Our long, frustrating blackout with the CBS Corporation is now over. We have reached an agreement that returns CBS and CBS-owned programming to your channel lineup."
The parties did not disclose the terms of their agreement.
TWC also stated that it calls on the "Congress and the Federal Communications Commission to reassess the 21-year-old rules that allow this sort of broadcaster brinksmanship to happen in the first place."
The retransmission consent regulatory regime was established by the Cable Act of 1992, and is further implemented by rules promulgated by the FCC. 47 U.S.C. § 325 provides that "No cable system or other multichannel video programming distributor shall retransmit the signal of a broadcasting station, or any part thereof, except ... with the express authority of the originating station".
Broadcasters charge cable companies and other MVPDs for retransmission of their programming. The companies have been negotiating retransmission consent contracts for over 20 years. Withholding of consent by broadcasters, and resulting the blackouts, have become common.
See also, story titled "CBS, Time Warner Cable, and Retransmission Consent" in TLJ Daily E-Mail Alert No. 2,588, August 7, 2013.
FCC Chairman Mignon Clyburn stated in a release that "I am pleased CBS and Time Warner Cable have resolved their retransmission consent negotiations, which for too long have deprived millions of consumers of access to CBS programming. At the end of the day, media companies should accept shared responsibility for putting their audience's interests above other interests and do all they can to avoid these kinds of disputes in the future."
Matthew Polka, head of the American Cable Association (ACA), stated in a release that "The point that no one should miss is that CBS' massive blackout of Time Warner Cable and Bright House Networks showed that the retransmission consent market is broken and outdated rules governing these negotiations need to be updated to reflect current market conditions. If CBS can leave millions of pay-TV viewers in the dark for 32 days, no one can say with a straight face that the marketplace is working well for consumers."
Polka added that "The CBS blackout also underscores the broadcast industry's refusal to endorse new rules supported by cable operators that will allow consumers to continue to view programming while broadcasters and pay-TV operators continue to negotiate new contracts."
People and Appointments
9/2. Link Hoewing will leave Verizon's government relations staff. He has worked for Verizon and Bell Atlantic since 1985. Hoewing wrote a parting piece regarding policy advocacy.