|TLJ News from March 11-15, 2014|
3/14. The National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) released its third draft of SP 800-16 Rev. 1 [163 pages in PDF] titled "A Role-Based Model for Federal Information Technology / Cyber Security Training". The deadline to submit comments is April 30, 2014.
People and Appointments
3/13. The Senate confirmed Caroline Krass to be General Counsel of the Central Intelligence Agency (CIA).
3/13. The National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) released its draft SP 800-56 B Rev. 1 [132 pages in PDF] titled "Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography". The deadline to submit comments is May 15, 2014.
GSA Seeks Comments on Cyber Security Related Regulation of Federal Suppliers
3/12. The General Services Administration (GSA) published a notice in the Federal Register (FR) that requests public comments regarding "how to implement" the "recommendations" contained in the joint GSA and Department of Defense (DOD) document titled "Final Report of the Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition".
The just released notice in the FR requests comments, but poses no specific questions. The deadline to submit comments is April 28, 2014. See, FR, Vol. 79, No. 48, March 12, 2014, Page 14042.
This GSA/DOD report is dated November 2013. The GSA and DOD released it on January 23, 2014.
First, this GSA/DOD document imposes requirements for cyber security in products and services procured by the federal government. The federal government is tasked by statute with maintaining cyber security in federal systems.
This document merely contains six broad, unspecified, and/or vague requirements related to federal procurement.
This document requires that the federal government and federal suppliers institute baseline cyber security requirements as a condition of contract award for appropriate acquisitions, address cyber security in relevant training, develop common cyber security definitions for federal acquisitions, institute a federal acquisition cyber risk management strategy, include a requirement to purchase from original equipment or component manufacturers, their authorized resellers, or other trusted sources, for appropriate acquisitions, increase government accountability for cyber risk management. Although, this document provides no definitions, and imposes no specific requirements.
However, this document also creates a process that goes beyond federal systems and federal procurement.
This document leverages the federal government procurement process to regulate private sector cyber security practices unrelated to procurement.
This documents also creates regulatory processes that may be employed the federal government, and lobbyists, to pursue policy goals unrelated to cyber security.
See, full story.
People and Appointments
3/12. The Senate confirmed France Cordova to be Director of the National Science Foundation (NSF) for a term of six years.
3/12. The Senate confirmed Carolyn McHugh to be a Judge of the U.S. Court of Appeals (10thCir).
3/12. The Senate confirmed Matthew Leitman, Judith Levy, Laurie Michelson and Linda Parker to be Judges of the U.S. District Court (EDMich).
House Passes FCC Process Reform Act
3/11. The House passed HR 3675 [LOC | WW], the "Federal Communications Commission Process Reform Act", by voice vote. The Senate has not passed this bill.
This is the second time around for this bill. The House passed a similar bill in the 112th Congress, HR 3309 [LOC | WW], the "Federal Communications Commission Process Reform Act of 2012". The vote on final passage was 247-174. See, Roll Call No. 138. Republicans voted 235-0. Democrats vote 12-174. The Senate did not pass that bill.
Rep. Greg Walden (R-OR), the Chairman of the House Commerce Committee's (HCC) Subcommittee on Communications and Technology (SCT), introduced this bill on December 9, 2013. The HCC approved it the next day.
Unlike the bill in the 112th Congress, this one passed the House with broad bipartisan support.
See also, related story titled "Commentary: FCC Process Reform Act", in TLJ Daily E-Mail Alert No. 2,633, March 12, 2014.
See, full story.
Commentary: FCC Process Reform Act
3/11. This piece offers the analysis that HR 3675 [LOC | WW], the "Federal Communications Commission Process Reform Act", which the House passed on March 11, 2014, will do little to promote transparency at the FCC.
Rep. Walden stated in the House that the purpose of this bill is to make the FCC "a transparent and responsive government agency". Rep. Doyle (D-PA) stated that "both Democrats and Republicans believe that the FCC must be efficient, transparent, and accountable".
However, meaningful transparency is not in the interests of either House Democrats and Republicans.
The Constitution gives the Congress authority to pass legislation. But, it very hard to pass significant legislation. The Congress can and does exercise legislative like authority by creating agencies with broad powers. While nominally independent, these agencies operate, to a significant extent, in a quasi agent principal relationship with the Congress.
The FCC, as former Supreme Court Justice Stevens wrote in the 2009 opinion in FCC v. Fox Television Stations, "is better viewed as an agent of Congress".
House Republicans began the process of enacting FCC process legislation several years ago in part because the FCC under the leadership of former Chairman Julius Genachowski, on issues such as network neutrality, operated as an agent of Congressional Democrats and President Obama, rather than the Congress.
A significant cause of this legislative process was the diminishment of House Republicans' role in FCC decision making processes during the tenure of Genachowski. While House Republicans have employed the rhetoric of promoting transparency, a fully open and fair administrative processes would undermine the ability of Members of Congress in both parties to give non-statutory direction to the FCC.
Genachowski is now gone. The salience of the network neutrality issue has declined. Also, the FCC under new Chairman Thomas Wheeler issued a 92 page document titled "Report on FCC Process Reform" on February 14, 2014 that addresses some of the concerns of the proponents of this legislation.
The just passed bill drops some of the mandatory procedures that were in the bill passed by the House in the 112th Congress. Hence, the present bill went through the House with bipartisan support, with little discussion on the floor, and without a roll call vote on the floor.
The bill does impose some requirements that may contribute to some greater transparency. However, the bill would also reduce transparency. For example, this bill would allow Commissioners to meet in secret, rather than in public meetings, as otherwise required by Title 5.
It would permit a bipartisan majority of Commissioners to meet if they disclose such meetings within two business days. However, the disclosure need only contain "a list of the persons who attended such meeting" and "a summary of the matters discussed". This provision was also in the bill passed by the House in the 112th Congress.
The five Commissioners conduct little business in public. Its events titled "Open Meeting" are largely ceremonial gatherings at which Commissioners read written statements, and hold votes. The real communications and debate takes place, away from public view, via their staffs. This bill would replace one secretive process with another.
This bill also fails to eliminate other practices that contribute to the FCC's lack of transparency.
For example, while ex parte communications (EPCs) are antithetical to openness and fairness in both rulemaking and adjudicatory proceedings, EPCs are an integral part of many FCC proceedings. The bill contains a vague requirement that the FCC "establish policies" regarding EPCs "to ensure that the public has adequate notice of and opportunity to respond".
However, the bill would impose no significant limitations on EPCs. The bill falls far short, for example, of requiring publication of a audio recording of ex parte meetings between company or group representatives and FCC staff or Commissioners in pending rulemaking or adjudicatory proceedings. Ordinary people are capable of quickly and easily posting audio and video in social networking sites. It would be neither technologically infeasible nor burdensome to impose a similar requirement for those who have ex parte meetings with the FCC.
Similarly, the bill does nothing to require disclosure of Congressional EPCs made to influence FCC actions.
Finally, it should be noted that the most fundamental component of both due process of law and judicial transparency is the right to a hearing before an impartial decision maker. However, there is nothing in this bill that provides a right to any kind of hearing in any FCC proceeding, including adjudications.
3/11. The U.S. China Economic and Security Review Commission (USCESRC) released a report titled "Should China Join the WTO's Services Agreement?" The author is Iacob Koch-Weser.
3/11. The Federal Trade Commission (FTC) published a notice in the Federal Register (FR) that announces, describes, recites, and set the effective date for, its changes to its rules to increase various civil monetary penalties for violation of the Clayton Act, Section 5 of the FTC Act, and other statutes enforced by the FTC. The FTC's FR notice states that it is "increasing certain civil penalty amounts" to "reflect inflation since the penalty amounts were last adjusted". These rules changes take effect on April 10, 2014. See, FR, Vol. 79, No. 47, March 11, 2014, at Pages 13539-13540.