Further Reading, Other Developments, and Coming Events (17 August)

Antitrust, CCPA, Coming Events, Competition, COVID-19, Cybersecurity, Data Flows, Data Protection, data security, DHS, DOD, FBI, FCC, FTC, Further Reading, NIST, NSA, Other Developments, People's Republic of China, privacy, Technology, Telecommunications 12 Minutes

Here are Coming Events, Other Developments, and Further Reading.

Coming Events

  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.” By 21 August, the FTC “is seeking comment on a range of issues including:
    • How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
    • What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
    • To what extent has data portability increased or decreased competition?
    • Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
    • Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
    • Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
    • How do companies verify the identity of the requesting consumer before transmitting their information to another company?
    • How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
    • What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?”
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • On 14 August, the California Office of Administrative Law (OAL) approved the Attorney General’s proposed final regulations to implement the California Consumer Privacy Act (CCPA) (A.B.375) and they took effect that day. The Office of the Attorney General (OAG) had requested expedited review so the regulations may become effective on 1 July as required by the CCPA. With respect to the substance, the final regulations are very similar to the third round of regulations circulated for comment in March, in part, in response to legislation passed and signed into law last fall that modified the CCPA.
    • The OAL released an Addendum to the Final Statement of Reasons and explained
      • In addition to withdrawing certain provisions for additional consideration, the OAG has made the following non-substantive changes for accuracy, consistency, and clarity. Changes to the original text of a regulation are non-substantive if they clarify without materially altering the requirements, rights, responsibilities, conditions, or prescriptions contained in the original text.
    • For further reading on the third round of proposed CCPA regulations, see this issue of the Technology Policy Update, for the second round, see here, and for the first round, see here. Additionally, to read more on the legislation signed into law last fall, modifying the CCPA, see this issue.
    • Additionally, Californians for Consumer Privacy have succeeded in placing the “California Privacy Rights Act” (CPRA) on the November 2020 ballot. This follow on statute to the CCPA could again force the legislature into making a deal that would revamp privacy laws in California as happened when the CCPA was added to the ballot in 2018. It is also possible this statute remains on the ballot and is added to California’s laws. In either case, much of the CCPA and its regulations may be moot or in effect for only the few years it takes for a new privacy regulatory structure to be established as laid out in the CPRA. See here for more detail.
  • In a proposed rule issued for comment, the Federal Communications Commission (FCC) explained it is taking “further steps to protect the nation’s communications networks from potential security threats as the [FCC] integrates provisions of the recently enacted Secure and Trusted Communications Networks Act of 2019 (Secure Networks Act) (P.L. 116-124) into its existing supply chain rulemaking proceeding….[and] seeks comment on proposals to implement further Congressional direction in the Secure Networks Act.” Comments are due by 31 August.
    • The FCC explained
      • The concurrently adopted Declaratory Ruling finds that the 2019 Supply Chain Order, 85 FR 230, January 3, 2020, satisfies the Secure Networks Act’s requirement that the Commission prohibit the use of funds for covered equipment and services. The Commission now seeks comment on sections 2, 3, 5, and 7 of the Secure Networks Act, including on how these provisions interact with our ongoing efforts to secure the communications supply chain. As required by section 2, the Commission proposes several processes by which to publish a list of covered communications equipment and services. Consistent with sections 3, 5, and 7 of the Secure Networks Act, the Commission proposes to (1) ban the use of federal subsidies for any equipment or services on the new list of covered communications equipment and services; (2) require that all providers of advanced communications service report whether they use any covered communications equipment and services; and (3) establish regulations to prevent waste, fraud, and abuse in the proposed reimbursement program to remove, replace, and dispose of insecure equipment.
    • The agency added
      • The Commission also initially designated Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE) as covered companies for purposes of this rule, and it established a process for designating additional covered companies in the future. Additionally, last month, the Commission’s Public Safety and Homeland Security Bureau issued final designations of Huawei and ZTE as covered companies, thereby prohibiting the use of USF funds on equipment or services produced or provided by these two suppliers.
      • The Commission takes further steps to protect the nation’s communications networks from potential security threats as it integrates provisions of the recently enacted Secure Networks Act into the Commission’s existing supply chain rulemaking proceeding. The Commission seeks comment on proposals to implement further Congressional direction in the Secure Networks Act.
  • The White House’s Office of Science & Technology Policy (OSTP) released a request for information (RFI) “[o]n behalf of the National Science and Technology Council’s (NSTC) Subcommittee on Resilience Science and Technology (SRST), OSTP requests input from all interested parties on the development of a National Research and Development Plan for Positioning, Navigation, and Timing (PNT) Resilience.” OSTP stated “[t]he plan will focus on the research and development (R&D) and pilot testing needed to develop additional PNT systems and services that are resilient to interference and manipulation and that are not dependent upon global navigation satellite systems (GNSS)…[and] will also include approaches to integrate and use multiple PNT services for enhancing resilience. The input received on these topics will assist the Subcommittee in developing recommendations for prioritization of R&D activities.”
    • Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, was issued on February 12, 2020, and President Donald Trump explained the policy basis for the initiative:
      • It is the policy of the United States to ensure that disruption or manipulation of PNT services does not undermine the reliable and efficient functioning of its critical infrastructure. The Federal Government must increase the Nation’s awareness of the extent to which critical infrastructure depends on, or is enhanced by, PNT services, and it must ensure critical infrastructure can withstand disruption or manipulation of PNT services. To this end, the Federal Government shall engage the public and private sectors to identify and promote the responsible use of PNT services.
    • In terms of future steps under the EO, the President directed the following:
      • The Departments of Defense, Transportation, and Homeland Security must use the PNT profiles in updates to the Federal Radionavigation Plan.
      • The Department of Homeland Security must “develop a plan to test the vulnerabilities of critical infrastructure systems, networks, and assets in the event of disruption and manipulation of PNT services. The results of the tests carried out under that plan shall be used to inform updates to the PNT profiles…”
      • The heads of Sector-Specific Agencies (SSAs) and the heads of other executive departments and agencies (agencies) coordinating with the Department of Homeland Security, must “develop contractual language for inclusion of the relevant information from the PNT profiles in the requirements for Federal contracts for products, systems, and services that integrate or utilize PNT services, with the goal of encouraging the private sector to use additional PNT services and develop new robust and secure PNT services. The heads of SSAs and the heads of other agencies, as appropriate, shall update the requirements as necessary.”
      • the Federal Acquisition Regulatory Council, in consultation with the heads of SSAs and the heads of other agencies, as appropriate, shall incorporate the [contractual language] into Federal contracts for products, systems, and services that integrate or use PNT services.
      • The Office of Science and Technology Policy (OSTP) must “coordinate the development of a national plan, which shall be informed by existing initiatives, for the R&D and pilot testing of additional, robust, and secure PNT services that are not dependent on global navigation satellite systems (GNSS).”
  • An ideologically diverse bipartisan group of Senators wrote the official at the United States Department of Justice in charge of the antitrust division and the chair of the Federal Trade Commission (FTC) “regarding allegations of potentially anticompetitive practices and conduct by online platforms toward content creators and emerging competitors….[that] stemmed from a recent Wall Street Journal report that Alphabet Inc., the parent company of Google and YouTube, has designed Google Search to specifically give preference to YouTube and other Google-owned video service providers.”
    • The Members asserted
      • There is no public insight into how Google designs its algorithms, which seem to deliver up preferential search results for YouTube and other Google video products ahead of other competitive services. While a company favoring its own products, in and of itself, may not always constitute illegal anticompetitive conduct, the Journal further reports that a significant motivation behind this action was to “give YouTube more leverage in business deals with content providers seeking traffic for their videos….” This exact conduct was the topic of a Senate Antitrust Subcommittee hearing led by Senators Lee and Klobuchar in March this year.
    • Senators Thom Tillis (R-NC), Mike Lee (R-UT), Amy Klobuchar (D-MN), Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), Josh Hawley (R-MO), Elizabeth Warren (D-MA), Mazie Hirono (D-HI), Cory Booker (D-NJ) and Ted Cruz (R-TX) signed the letter.
  • The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a “Cybersecurity Advisory [and a fact sheet and FAQ] about previously undisclosed Russian malware” “called Drovorub, designed for Linux systems as part of its cyber espionage operations.” The NSA and FBI asserted “[t]he Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165” developed and deployed the malware. The NSA and FBI stated the GRU and GTsSS are “sometimes publicly associated with APT28, Fancy Bear, Strontium, and a variety of other identities as tracked by the private sector.”
    • The agencies contended
      • Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise.
  • The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems (UAS) “a companion piece to CISA’s Foreign Manufactured UASs Industry Alert,…[to] assist in standing up a new UAS program or securing an existing UAS program, and is intended for information technology managers and personnel involved in UAS operations.” CISA cautioned that “[s]imilar to other cybersecurity guidelines and best practices, the identified best practices can aid critical infrastructure operators to lower the cybersecurity risks associated with the use of UAS, but do not eliminate all risk.”
  • The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released the “Identity, Credential, and Access Management (ICAM) Value Proposition Suite of documents in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), Office of the Director of National Intelligence (ODNI), and Georgia Tech Research Institute (GTRI)…[that] introduce[] ICAM concepts, explores federated ICAM use-cases, and highlights the potential benefits for the public safety community:”
    • ICAM Value Proposition Overview
      • This document provides a high-level summary of federated ICAM benefits and introduces domain-specific scenarios covered by other documents in the suite.
    • ICAM Value Proposition Scenario: Drug Response
      • This document outlines federated ICAM use cases and information sharing benefits for large-scale drug overdose epidemic (e.g., opioid, methamphetamine, and cocaine) prevention and response.

Further Reading

  • Trump’s Labor Chief Accused of Intervening in Oracle Pay Bias Case” By Noam Scheiber, David McCabe and Maggie Haberman – The New York Times. In the sort of conduct that is apparently the norm across the Trump Administration, there are allegations that the Secretary of Labor intervened in departmental litigation to help a large technology firm aligned with President Donald Trump. Starting in the Obama Administration and continuing into the Trump Administration, software and database giant Oracle was investigated, accused, and sued for paying non-white, non-male employees significantly less in violation of federal and state law. Estimates of Oracle’s liability ranged between $300-800 million, and litigators in the Department of Labor were seeking $400 million and had taken the case to trial. Secretary Eugene Scalia purportedly stepped in and lowered the dollar amount to $40 million and the head litigator is being offered a transfer from Los Angeles to Chicago in a division in which she has no experience. Oracle’s CEO Safra Catz and Chair Larry Ellison have both supported the President more enthusiastically and before other tech company heads engaged.
  • Pentagon wins brief waiver from government’s Huawei ban” By Joe Gould – Defense News. A Washington D.C. trade publication is reporting the Trump Administration is using flexibility granted by Congress to delay the ban on contractors using Huawei, ZTE, and other People’s Republic of China (PRC) technology for the Department of Defense. Director of National Intelligence John Ratcliffe granted the waiver at the request of Under Secretary of Defense for Acquisition and Sustainment Ellen Lord, claiming:
    • You stated that DOD’s statutory requirement to provide for the military forces needed to deter war and protect the security of out country is critically important to national security. Therefore, the procurement of goods and services in support of DOD’s statutory mission is also in the national security interests of the United States.
    • Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) requires agencies to remove this equipment and systems and also not to contract with private sector entities that use such equipment and services. It is the second part of the ban the DOD and its contractors are getting a reprieve from for an interim rule putting in place such a ban was issued last month.
  • DOD’s IT supply chain has dozens of suppliers from China, report finds” By Jackson Barnett – fedscoop. A data analytics firm, Govini, analyzed a sample of prime contracts at the Department of Defense (DOD) and found a surge in the presence of firms from the People’s Republic of China (PRC) in the supply chains in the software and information technology (IT) sectors. This study has obvious relevance to the previous article on banning PRC equipment and services in DOD supply chains.
  • Facebook algorithm found to ‘actively promote’ Holocaust denial” by Mark Townsend – The Guardian. A British counter-hate organization, the Institute for Strategic Dialogue (ISD), found that Facebook’s algorithms lead people searching for the Holocaust to denial sites and posts. The organization found the same problem on Reddit, Twitter, and YouTube, too. ISD claimed:
    • Our findings show that the actions taken by platforms can effectively reduce the volume and visibility of this type of antisemitic content. These companies therefore need to ask themselves what type of platform they would like to be: one that earns money by allowing Holocaust denial to flourish, or one that takes a principled stand against it.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Foundry Co from Pixabay

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s