Further Reading, Other Developments, and Coming Events (28 September)

Coming Events

• The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
  • September 30: Diversity in Cybersecurity
  • October 7: Defending our Democracy
  • One can register for the event here.
• September 30 the House Veterans’ Affairs Committee’s Technology Modernization Subcommittee will meet for an oversight hearing titled “Examining VA’s Ongoing Efforts in the Electronic Health Record Modernization Program.”
• The Federal Communications Commission (FCC) will hold an open meeting on 30 September and has made available its agenda with these items:
  • Facilitating Shared Use in the 3.1-3.55 GHz Band. The Commission will consider a Report and Order that would remove the existing non-federal allocations from the 3.3-3.55 GHz band as an important step toward making 100 megahertz of spectrum in the 3.45-3.55 GHz band available for commercial use, including 5G, throughout the contiguous United States. The Commission will also consider a Further Notice of Proposed Rulemaking that would propose to add a co-primary, non-federal fixed and mobile (except aeronautical mobile) allocation to the 3.45-3.55 GHz band as well as service, technical, and competitive bidding rules for flexible-use licenses in the band. (WT Docket No. 19-348)
  • Expanding Access to and Investment in the 4.9 GHz Band. The Commission will consider a Sixth Report and Order that would expand access to and investment in the 4.9 GHz (4940-4990 MHz) band by providing states the opportunity to lease this spectrum to commercial entities, electric utilities, and others for both public safety and non-public safety purposes. The Commission also will consider a Seventh Further Notice of Proposed Rulemaking that would propose a new set of licensing rules and seek comment on ways to further facilitate access to and investment in the band. (WP Docket No. 07-100)
  • Improving Transparency and Timeliness of Foreign Ownership Review Process. The Commission will consider a Report and Order that would improve the timeliness and transparency of the process by which it seeks the views of Executive Branch agencies on any national security, law enforcement, foreign policy, and trade policy concerns related to certain applications filed with the Commission. (IB Docket No. 16-155)
  • Promoting Caller ID Authentication to Combat Spoofed Robocalls. The Commission will consider a Report and Order that would continue its work to implement the TRACED Act and promote the deployment of caller ID authentication technology to combat spoofed robocalls. (WC Docket No. 17-97)
  • Combating 911 Fee Diversion. The Commission will consider a Notice of Inquiry that would seek comment on ways to dissuade states and territories from diverting fees collected for 911 to other purposes. (PS Docket Nos. 20-291, 09-14)
  • Modernizing Cable Service Change Notifications. The Commission will consider a Report and Order that would modernize requirements for notices cable operators must provide subscribers and local franchising authorities. (MB Docket Nos. 19-347, 17-105)
  • Eliminating Records Requirements for Cable Operator Interests in Video Programming. The Commission will consider a Report and Order that would eliminate the requirement that cable operators maintain records in their online public inspection files regarding the nature and extent of their attributable interests in video programming services. (MB Docket No. 20-35, 17-105)
  • Reforming IP Captioned Telephone Service Rates and Service Standards. The Commission will consider a Report and Order, Order on Reconsideration, and Further Notice of Proposed Rulemaking that would set compensation rates for Internet Protocol Captioned Telephone Service (IP CTS), deny reconsideration of previously set IP CTS compensation rates, and propose service quality and performance measurement standards for captioned telephone services. (CG Docket Nos. 13-24, 03-123)
  • Enforcement Item. The Commission will consider an enforcement action.
• On October 1, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold a hearing as part of its series on online competition at which it may unveil its proposal on how to reform antitrust enforcement for the digital age. The hearing is titled “Proposals to Strengthen the Antitrust Laws and Restore Competition Online.”
• On 1 October, the Senate Commerce, Science, and Transportation Committee may hold a markup to authorize subpoenas to compel the attendance of the technology CEOs for a hearing on 47 U.S.C. 230 (aka Section 230). Ranking Member Maria Cantwell (D-WA) has said:
  • Taking the extraordinary step of issuing subpoenas is an attempt to chill the efforts of these companies to remove lies, harassment, and intimidation from their platforms. I will not participate in an attempt to use the committee’s serious subpoena power for a partisan effort 40 days before an election,” indicating a vote, should one occur, may well be along party lines.
  • Nonetheless, the Committee may subpoena the following CEOs:
    • Mr. Jack Dorsey, Chief Executive Officer, Twitter
    • Mr. Sundar Pichai, Chief Executive Officer, Alphabet Inc., Google
    • Mr. Mark Zuckerberg, Chief Executive Officer, Facebook
• The Senate Judiciary Committee will markup the “Online Content Policy Modernization Act” (S.4632), a bill to reform 47 U.S.C. 230 (aka Section 230) that provides many technology companies with protection from lawsuits for third party content posted on their platforms and for moderating and removing such content. This would be the second markup of a Section 230 bill by this committee in a few months. The other bill,
• On October 1, the Senate Armed Services Committee’s Readiness and Management Support Subcommittee will hold a hearing on supply chain integrity with Under Secretary of Defense for Acquisition and Sustainment Ellen Lord testifying. Undoubtedly, implementation of the ban on Huawei, ZTE, and other People’s Republic of China (PRC) equipment and services as required by Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) will be discussed. Also, the Cybersecurity Maturity Model Certification (CMMC) program will also likely be discussed.

Other Developments

• The National Institute of Standards and Technology (NIST) released what it characterizes as a “complete renovation” “to its security and privacy controls catalog that will provide a solid foundation for protecting organizations and systems—including the personal privacy of individuals—well into the 21st century.” NIST’s Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, is binding for non non-security systems in use by federal agencies and contractors’ systems used for and by federal agencies. This is the first revision of this document in seven years. Of course NIST’s standards and guidelines are often used by or inform private sector security and privacy standards. NIST explained:
  • This publication establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information. The use of these controls is mandatory for federal information systems10 in accordance with Office of Management and Budget (OMB) Circular A-130 (OMB A-130) and the provisions of the Federal Information Security Modernization Act11 (FISMA), which requires the implementation of minimum controls to protect federal information and information systems. This publication, along with other supporting NIST publications, is designed to help organizations identify the security and privacy controls needed to manage risk and to satisfy the security and privacy requirements in FISMA, the Privacy Act of 1974, OMB policies (e.g., OMB A-130), and designated Federal Information Processing Standards (FIPS), among others. It accomplishes this objective by providing a comprehensive and flexible catalog of security and privacy controls to meet current and future protection needs based on changing threats, vulnerabilities, requirements, and technologies. The publication also improves communication among organizations by providing a common lexicon that supports the discussion of security, privacy, and risk management concepts.
  • NIST stated that “[t]he most significant changes to SP 800-53, Revision 5 include:
    • Making controls outcome-based: Revision 5 accomplishes this by removing the entity responsible for satisfying the control (i.e., information system, organization) from the control statement—thus focusing on the protection outcome to be achieved by the application of the control.Note that for historical continuity, Appendix C, Control Summaries now includes an “implemented by [system/organization]” column.
    • Consolidating the control catalog: Information security and privacy controls are now integrated into a seamless, consolidated control catalog for systems and organizations. The privacy controls in Appendix J of Revision 4 have been incorporated into a new privacy family and the existing Program Management family. Some of the privacy controls were also incorporated into current security controls—allowing the controls to serve both the security and privacy communities as well as achieving more efficient control implementation.
    • Integrating supply chain risk management: Revision 5 establishes a new Supply Chain Risk Management (SCRM) control family and integrates supply chain risk management aspects throughout the other control families to help protect system components, products, and services that are part of critical systems and infrastructures. The SCRM controls help ensure that security and privacy requirements, threats, and other concerns are addressed throughout the system development life cycle and the national and international supply chains.
    • Separating the control selection process from the controls: Having a consolidated, stand-alone control catalog allows the controls to be used by different communities of interest, including systems engineers, security architects, software developers, enterprise architects, systems security and privacy engineers, and mission or business owners. These communities of interest can now better collaborate on points of intersection or use an individualized process as needed for selecting controls to manage risk consistent with their mission and business needs as well as internal organizational policies and procedures.
    • Transferring control baselines and tailoring guidance to a separate publication: Control baselines have been moved to the new NIST SP 800-53B, Control Baselines for Information Systems and Organizations. The three security baselines and one privacy baseline are applicable to federal agencies and reflect specific requirements under the Federal Information Security Modernization Act and the Office of Management and Budget (OMB) Circular A-130. Other organizations may choose to develop their own customized baselines in accordance with their mission or business needs and organizational risk tolerance.
    • Improving descriptions of content relationships: Revision 5 clarifies the relationship between requirements and controls as well as the relationship between security and privacy controls. These relationships are important to understand whether you are selecting and implementing controls at the enterprise level or as part of a life cycle-based systems engineering process.
    • Adding new state-of-the-practice controls: As cyber threats evolve rapidly, new safeguards and countermeasures are needed to protect the critical and high value assets of organizations including individual’s privacy and personally identifiable information. The new controls in Revision 5 are based on the latest threat intelligence and cyber-attack data (e.g., controls to support cyber resiliency, secure systems design, security and privacy governance, and accountability).
• A report on Russian influence operations was released in concert with Facebook taking down “three separate networks for violating our policy against foreign or government interference which is coordinated inauthentic behavior (CIB) on behalf of a foreign or government entity…[that] originated in Russia. Facebook “shared a list of the assets with Graphika for independent analysis” and Graphika’s “report presents an initial overview of the findings.”
  • Facebook listed its findings:
    • 1. We removed 214 Facebook users, 35 Pages, 18 Groups and 34 Instagram accounts for violating our policy against foreign or government interference which is coordinated inauthentic behavior on behalf of a foreign or government entity. This activity originated in Russia and focused primarily on Syria and Ukraine, and to a lesser extent on Turkey, Japan, Armenia, Georgia, Belarus, and Moldova A small portion of this activity focused on the UK and the US.
    • 2. We also removed one Page, five Facebook accounts, one Group and three Instagram accounts for foreign or government interference which is coordinated inauthentic behavior on behalf of a foreign or government entity. This small network originated in Russia and focused primarily on Turkey and Europe, and also on the United States.
    • 3. We also removed 23 Facebook accounts, 6 Pages, and 8 Instagram accounts for foreign or government interference which is coordinated inauthentic behavior on behalf of a foreign or government entity. This network originated in Russia and focused on global audiences, Russia’s neighboring countries including Belarus.
  • In its report, Graphika explained:
    • Russian military units have been exposed for running numerous influence operations in recent years. Most notoriously, the military intelligence service known as the GRU interfered in the 2016 U.S. presidential election by hacking emails from the Democratic National Committee and the Clinton campaign and releasing them online. Other known Russian military operations have focused on the Ukraine and Syria conflicts, Russia’s regional rivalries with Japan and in the Arctic, President Emmanuel Macron’s emails in 2017 in France, the poisoning of former spy Sergei Skripal in the UK in 2018, and the World Anti-Doping Agency , among others.
    • Facebook said that the networks it took down were “linked to the actors associated with election interference in the US in the past, including those involved in ‘DC leaks’ in 2016,” but underscored that it had “not seen the networks we removed today engage in” hack-and-leak efforts or directly target the 2020 US election. In 2016, the GRU used a persona that had largely posted about geopolitics and conflict, Alice Donovan ,to create the DC Leaks Facebook page.
    • The assets in this takedown aimed at targets beyond Russia’s borders to the North, East, South and West. As with earlier operations from various Russian actors, different clusters posted about the Arctic; security and territorial claims in Japan and North Korea; the Syria and Ukraine conflicts; Russia’s rivalry with Turkey; and NATO’s presence throughout Eastern Europe. A very small proportion of the activity focused on U.S. domestic politics, notably by creating a fake outlet designed to appeal to Black audiences. Only the earliest assets, which focused on Ukraine in early 2014, were associated with hack-to-leak operations.
    • Most of the clusters in the takedown operated across multiple platforms. Beyond Facebook and Instagram, Graphika discovered related accounts on Twitter, YouTube, Medium, Tumblr, Reddit, Telegram, Pinterest, WordPress, Blogspot and a range of other blogging sites. The majority of the content consisted of long-form articles, typically supporting Russia and its allies while attacking NATO, the United States, Japan, Ukraine and/or Turkey.
• An advisory body to the Department of Defense (DOD) released a summary of a study it performed last summer on United States’ (U.S.) military superiority and what the DOD and U.S. government will need to do to maintain this superiority. The Defense Science Board (DSB) stated:
  • This Study completed an extensive technical review of the full spectrum of national capabilities needed to manage escalation and deter adversary aggression. The Study findings emphasized creative ways and means beyond traditional weapons systems to achieve National Defense Strategy objectives. These findings apply to four technical domains: cyber capabilities, new military multi-domain capabilities, information capabilities, and economic/commercial capabilities.
  • The report provides key recommendations that align with the establishment of strategic engagement campaign leadership and harmonization of these capabilities at the whole-of- government level. We fully endorse all the recommendations contained in this report and urge their careful consideration and soonest adoption.
  • The United States is engaged in a Great Power Competition. The term “great power” loosely describes the motives of strategic competitor regimes in how they see themselves in the competition. These competitors seek to be dominant global powers in the economic, military and socio-political domains with the objective to diminish the U.S. and its critical Allies’ standing in the World order. Meanwhile, they also use their militaries to coerce neighbors, attempt to counter U.S. military superiority, and undermine international freedom of action. In addition, such competitors also challenge the United States and its Allies in the Gray Zone through undermining elections, malicious use of social media, and employing unfair business practices globally. The systematic use of these capabilities pursues the long-term objective of undermining democratic systems and the current World order.
  • The DSB stated:
    • To win this competition and counter adversary objectives, the United States requires coherent and sustained strategic engagement campaigns at the whole-of-government level. The DOD has the authorities, resources, and experience to lead this effort, but it must partner with other agencies to ensure that these campaigns are targeted across all elements of national power. The following capabilities provide whole-of-government integration of strategic engagement campaigns:
    • Develop better targeted intelligence within the social media and economic domains
    • Establish the National Strategic Engagement Intelligence Center within the Office of the Director of National Intelligence
    • Expand Cyber capabilities and selectively use them in conjunction with other whole-of- government activities
    • Establish Cyber S&T Intelligence Activity within United States Cyber Command
    • Build a set of unique multi-domain military capabilities to counter adversary regional military advantages and force them to consider the costs of their actions
    • Create proactive campaigns to identify, communicate, and deter adversary malign activities in the information domain
    • Establish the Joint Information Warfare Engineering Laboratory
    • Utilize existing economic, financial, and trade authorities to counter the adverse activities of strategic competitors
    • Develop, coordinate, execute, and assess strategic engagement campaigns across whole-of- government
    • Establish the not-for-profit Strategic Competition Support Capability
• The Government Accountability Office (GAO) issued a report “Internet of Things: Information on Use by Federal Agencies” on the state of current Internet of Things (IoT) usage and deployment across the federal government. The GAO sent out surveys to gather data and draw conclusions. Senators Brian Schatz, Deb Fischer, Cory Gardner (R-CO) Cory Booker (D-NJ) asked the GAO “to review federal agencies’ current use and experience with IoT technologies.” These Members are cosponsoring the “Developing Innovation and Growing the Internet of Things Act” (DIGIT Act) (S. 1611) that was added to the “National Defense Authorization Act for Fiscal Year 2021“ (S.4049). S.1611 would direct the Department of Commerce to convene a working group would need to submit its recommendations to Congress that would then presumably inform additional legislation regulating IoT. The GAO explained “[t]his report addresses:
  • IoT technologies that selected federal agencies are using,
  • benefits and challenges agencies associated with using IoT technologies, and
  • federal policies and guidance that inform agencies’ decision-making about using and acquiring IoT technologies.
• The GAO found:
  • According to the survey responses, federal agencies are planning to increase use of IoT. Many of the agencies (25 of 56) currently using IoT technologies indicated that they planned to expand IoT technology use in the next 5 years. For example, while EPA reported that it currently uses IoT technologies to collect environmental data, it also reported planning to use IoT technologies to, among other things, track physical assets and control access to facilities. Furthermore, many agencies not currently using IoT technologies (21 of 34) reported that they plan to do so in the next 5 years. These agencies most frequently reported planning to use IoT technologies to track physical assets or to control and monitor equipment.
  • Federal agencies responding to our survey identified four areas that benefited from IoT technologies:
    • Data collection. Many federal agencies (45 of 74) responding to our survey identified an improvement in data collection as a benefit of IoT technologies. Two case study agencies noted that these technologies can provide real-time data to better inform and aid decision making. EPA officials reported using IoT sensors to provide real-time data during emergencies. For example, during a factory fire in New Jersey, EPA deployed sensors to monitor chlorine gas being released. The deployment provided a real-time picture of how the gas was dispersing. According to EPA officials, this helped EPA and other emergency responders coordinate a proper response, including directing some civilians to shelter in place. In addition, as discussed above, NASA reported that it tested IoT technologies to support the development of new space flight technologies. The IoT sensors collected and transmitted acceleration, temperature, and pressure data to help evaluate the effectiveness of the technology.
    • Operational efficiency. Many federal agencies (43 of 74) responding to our survey also identified improving the efficiency of operations as a benefit of IoT technologies by allowing agencies to accomplish more with the same resources. For example, NOAA deployed unmanned systems–including aircraft, watercraft, and sensors on buoys–in conjunction with manned aircraft and ships to increase operational efficiencies. This deployment resulted in additional oceanographic and atmospheric data that support NOAA’s research and reporting. EPA officials told us that data transmitted by IoT sensors eliminate the need for employees to visit sites to collect data. Previously, when collecting environmental data, EPA staff traveled to locations to download data from monitoring equipment. Now, for example, EPA staff no longer have to physically collect data from the water monitors in the Charles River because the data are now transmitted electronically. In addition, SLSDC officials said the hands-free mooring technology at their two vessel locks improved the speed of transit through SLSDC’s lock system by approximately 5 to 7 minutes for each lock.
    • Operational productivity. An increase in operational productivity was identified by many federal agencies (40 of 74) as another benefit to IoT technologies. Agencies using IoT technologies reported that increases in output and that they were able to accomplish things they were not able to accomplish without this technology. CBP officials told us that IoT has allowed for faster processing of vehicles at its ports-of- entry compared with before the technology existed. This efficiency includes quickly identifying potential threats and being able to take action. It also includes quickly identifying vehicles as non-threats and keeping them moving through the entry process. Similarly to CBP, NOAA officials told us that IoT technology helped them increase productivity by placing sensors and collecting data in areas that may be difficult or impossible for humans to access and monitor such as around active volcanos.
    • Automated program and services. Many federal agencies (40 of 74) responding to the survey indicated IoT technologies have increased the automation of programs and services. IoT devices are performing certain processes or services, thereby freeing up resources that had previously been responsible for performing these processes or services. As previously discussed, NOAA’s National Ocean Service officials reported that in water labs, IoT technologies are used to monitor the cycling of water into labs to ensure water is pumped into the labs during high tide when the water is cleanest. Prior to this technology, this cycling of water and monitoring of the tides was manual and required staff to be present.
  • Agencies responding to our survey reported that cybersecurity issues present the most significant challenge, and one case study agency has stopped IoT use and another decided not to adopt it for this reason. In our survey of federal agencies, cybersecurity was the most frequently cited challenge (43 of 74). According to NIST, cybersecurity of IoT devices and the network they access presents a significant issue to the adoption of these technologies.
  • Interoperability with legacy systems was the second most frequently cited challenge (30 of 74) by agencies. As new IoT technologies develop, these technologies’ ability or inability to work with existing technologies presents a challenge. If these systems are not interoperable, the benefits of IoT technologies can be limited.
• The Australian Cyber Security Centre (ACSC), the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police (AFP) issued “the first unclassified annual threat report since the ACSC became part of the Australian Signals Directorate (ASD)  in July 2018.” The agencies explained the “report outlines key cyber threats and statistics over the period 1 July 2019 to 30 June 2020…[and] [o]ver this period, the ACSC responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes.” The agencies stated
  • Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Phishing and spearphishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content. Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign.
  • Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments. Cybercriminals often illicitly obtain user logins and credentials through spearphishing, before utilizing remote desktop protocol (RDP) services to deploy ransomware on their targets. Recovering from ransomware is almost impossible without comprehensive backups.
  • While our cyber adversaries are becoming more adept, the likelihood and severity of cyber-attacks is also increasing due to our growing dependence on new information technology platforms and interconnected devices and systems. The 5G mobile network will underpin Australia’s transition to a more digital economy, and Internet of Things (IoT) devices will enable greater information flows and efficiencies than ever before. The 5G network and IoT devices have the potential to be revolutionary, but they require new thinking about how best to adopt them securely. Insecure or misconfigured systems make it very easy for hackers looking to compromise networks, cause harm and steal information. Specifically, the increased use of consumer IoT devices such as internet-enabled home assistants, TVs, fridges, baby monitors and home security systems will create more vulnerabilities in networks.
  • Australians need to be mindful that cyber adversaries are constantly looking for vulnerabilities and weaknesses in systems and networks. The ACSC continues to identify many products and services being adopted and implemented by organisations that lack ‘secure by design’ principles. Applying the fundamentals of good cyber security as individuals, business owners and government agencies is vitally important and in many ways Australians are not necessarily learning from past experience.
  • The ACSC responds to hundreds of cyber security incidents each year. Many of these could have been avoided or substantially mitigated by good cybersecurity practices. Implementing ASD’s Essential Eight security controls will substantially reduce the risk of compromise, and help to prevent the most common tactics, techniques and procedures (TTPs) used by malicious cyber adversaries.
  • Equally, many of the methods used by cybercriminals to steal personal and financial information can be easily mitigated through measures such as not responding to unsolicited emails and text messages, implementing multi-factor authentication and never providing another party with remote access to your computer. It is critically important that individuals and businesses understand the cyber threat and are taking active steps to mitigate the risks.
• By a split vote across party lines, the Federal Trade Commission (FTC) asked a United States (U.S.) appeals court to reconsider a ruling that overturned a lower court’s ruling that Qualcomm has violated antitrust laws in the licensing of its technology and patents vital to smartphones. Republican Commissioners Noah Joshua Phillips and Christine Wilson voted against filing the brief asking for a rehearing with Chair Joseph Simons joining the two Democratic Commissioners Rohit Chopra and Rebecca Kelly Slaughter in voting to move forward with the brief. This case could have major ramifications for antitrust law and the technology sector in the U.S. and for the 5G market as Qualcomm is a major player in the development and deployment of the technology necessary for this coming upgrade in wireless communications expected to bring a host of intended and unintended improvements in communications.
  • In the brief, the FTC argued the (U.S.) Court Of Appeals for The Ninth Circuit (Ninth Circuit) did not disagree with the District Court’s factual findings of anticompetitive conduct and rather took issue with the lack of “a cogent theory of anticompetitive harm.” The FTC argued the case should be reconsidered on three grounds:
    • The Ninth Circuit ruled on the basis of formal labels and not economic substance contrary to established Supreme Court law
    • Facially neutral surcharges by one market participant to its rivals is, in fact, an unequal and exclusionary burden on rivals, conduct the Supreme Court has ruled violates antitrust law; and
    • Harm to customers is indeed a central focus and concern of antitrust cases and ruling that this harm is outside relevant antitrust markets is also a misreading of established law.
  • As noted, the Ninth Circuit reversed a U.S. District Court’s decision that Qualcomm’s licensing practices violated the Sherman Antitrust Act. Specifically, the lower court held these practices “have strangled competition in the Code Division Multiple Access (CDMA) and premium Long-Term Evolution (LTE) modem chip markets for years, and harmed rivals, original equipment manufacturers (OEMs), and end consumers in the process.” Consequently, the court found “an unreasonable restraint of trade under § 1 of the Sherman Act and exclusionary conduct under § 2 of the Sherman Act….and that Qualcomm is liable under the FTC Act, as “unfair methods of competition” under the FTC Act include “violations of the Sherman Act.”
  • However, the Ninth Circuit disagreed, overturned the district court and summarized its decision:
    • [We] began by examining the district court’s conclusion that Qualcomm had an antitrust duty to license its standard essential patents (SEPs) to its direct competitors in the modern chip markets pursuant to the exception outlined in Aspen Skiing Co. v. Aspen Highlands Skiing Corp., 472 U.S. 585 (1985). [We] held that none of the required elements for the Aspen Skiing exception were present, and the district court erred in holding that Qualcomm was under an antitrust duty to license rival chip manufacturers. [We] held that Qualcomm’s OEM-level licensing policy, however novel, was not an anticompetitive violation of the Sherman Act.
    • [We] rejected the FTC’s contention that even though Qualcomm was not subject to an antitrust duty to deal under Aspen Skiing, Qualcomm nevertheless engaged in anticompetitive conduct in violation of § 2 of the Sherman Act. [We] held that the FTC did not satisfactorily explain how Qualcomm’s alleged breach of its contractual commitment itself impaired the opportunities of rivals. Because the FTC did not meet its initial burden under the rule of reason framework, [We were] less critical of Qualcomm’s procompetitive justifications for its OEM-level licensing policy—which, in any case, appeared to be reasonable and consistent with current industry practice. [We] concluded that to the extent Qualcomm breached any of its fair, reasonable, and nondiscriminatory (FRAND) commitments, the remedy for such a breach was in contract or tort law.
• The United States Department of Defense (DOD) released a request for information (RFI) on the possibility of the agency sharing its prized portions of electromagnetic spectrum with commercial providers to speed the development and adoption of 5G in the United States. The DOD has long used mid-band spectrum other nations, notably the People’s Republic of China (PRC), are dedicating to the commercial rollout of 5G. The Trump Administration has been working to get the DOD to free up or share as much of these frequencies as possible. Responses to this inquiry are due by 19 October 2020.
  • Specifically, two DOD entities, the Defense Information Systems Agency/Defense Information Technology Contracting Organization – National Capital Region are “seeking information from Industry regarding Dynamic Spectrum Sharing (DSS).”
  • The DOD
    • seeks information on innovative solutions and alternative approaches to enable DSS within the Department’s currently allocated spectrum with the goal of accelerating spectrum sharing decisions and 5G deployment.  The intent is to ensure the greatest effective and efficient use of the Department of Defense’s spectrum for training, readiness, and lethality.  This RFI is seeking information regarding all methods and approaches, and feasibility, to best develop and deploy DSS across a broad range of capabilities and for future understanding of how spectrum may be utilized in both 5G and innovative technologies.
  • The DOD requested information on these and other questions:
    • How could DOD own and operate 5G networks for its domestic operations?  What are the potential issues with DOD owning and operating independent networks for its 5G operations?
    • While the Department has made available the 3450-3550MHz spectrum band for 5G,  are there new technologies or innovative methods as to how additional mid-band spectrum currently allocated to DOD can be made available for 5G faster?
    • What are other innovative ideas as to how 5G can share spectrum with high-powered airborne, ground-based and ship-based radar operations in the 3100-3550MHz spectrum band?
    • Are there other spectrum bands that can be made available to share quickly in the low and high band spectrum ranges?
    • What types of technologies exist, or are anticipated, that will allow civilian users to share spectrum faster?
    • Do you foresee any national security concerns/issues with DOD sharing with commercial 5G?
  • Two key Democratic stakeholders in Congress reacted negatively to this RFI:
    • Energy and Commerce Chairman Frank Pallone, Jr. (D-NJ) and Communications and Technology Subcommittee Chairman Mike Doyle (D-PA) released a statement, arguing “[t]he DOD’s RFI on the creation of a government-owned and operated 5G network will do nothing but slow the deployment of this critical technology.”

Further Reading

• “Mark In The Middle” By Casey Newton — The Verge. Someone or multiple people inside Facebook leaked recordings of CEO Mark Zuckerberg and other top officials in their periodic calls with employees and internal memoranda from this year, depicting a company and its leadership trying to navigate the most unusual presidential election in recent history, disinformation, misinformation, a very liberal labor force, a more conservative consumer base, riots, and a pandemic. Despite it all, the company has remained massively profitable, but if these trends continue the company may be faced with trying to solve what appear to be unsolvable problems.
• “Putin Wants a Truce in Cyberspace — While Denying Russian Interference” By Anton Troianovski and David E. Sanger — The New York Times; “C.I.A. Reasserts Putin Is Likely Directing Election Influence Efforts to Aid Trump” By Julian E. Barnes and David E. Sanger — The New York Times. Even though the Central Intelligence Agency has determined that the Russian Federation and its President, Vladimir Putin, is again interfering in the United States’ (U.S.) election, in part, to again help Donald Trump, hurt Joe Biden, and to generally increase discontent and distrust, Putin is calling on the U.S. to enter into a cyber-détente along the lines of Cold War agreements. Putin is not admitting to any election interference, and on its face, it looks like he is not willing to make much in the way of concessions. Some experts think Putin is trying to hedge his bets in case front runner Biden indeed becomes President in January 2021 since he is likely to take a much harder line than Trump has.
  • In a statement, Putin said
    • One of today’s major strategic challenges is the risk of a large-scale confrontation in the digital field. A special responsibility for its prevention lies on the key players in the field of ensuring international information security (IIS). In this regard, we would like to once again address the US with a suggestion to agree on a comprehensive program of practical measures to reboot our relations in the field of security in the use of information and communication technologies (ICTs).
      • First. To restore a regular full-scale bilateral interagency high-level dialogue on the key issues of ensuring IIS.
      • Second. To maintain a continuous and effective functioning of the communication channels between competent agencies of our States through Nuclear Risk Reduction Centers, Computer Emergency Readiness Teams and high-level officials in charge of the issues of IIS within the bodies involved in ensuring national security, includig that of information.
      • Third. To jointly develop and conclude a bilateral intergovernmental agreement on preventing incidents in the information space similarly to the Soviet-American Agreement on the Prevention of Incidents On and Over the High Seas in force since 25 May 1972.
      • Fourth. To exchange, in a mutually acceptable format, guarantees of non-intervention into internal affairs of each other, including into electoral processes, inter alia, by means of the ICTs and high-tech methods.
  • A United States National Security Council Spokesperson responded:
    • It is hard to take such statements seriously when Russia, China, Iran and others have sought to undermine our election process. It is possible that this offer is a further effort by Russia to create divisions in the United States.
• “Western influencers boost their careers by embracing Chinese nationalism ” By Shen Lu — .coda. Beijing has found another route by which it seeks to foster propaganda positive for the People’s Republic of China (PRC): paying western influencers. If the Kim Kardashians of the world are paid to hawk products and services, it seems inevitable in retrospect that the same would be true of political views. In this piece, a number of western influencers are set up and encouraged by the PRC to post content that is often both pro-PRC and anti-United States. Even though this article does not delve into this possibility, might other nations be doing exactly the same?
•  “What’s the Deal With Google Now?” By Shira Ovide — The New York Times. This article provides a succinct overview of the possible antitrust grounds the United States’ government and state governments could bring against Google. Word is circulating that a case could be filed before the election.
• “The Risk Makers: Viral hate, election interference, and hacked accounts: inside the tech industry’s decades-long failure to reckon with risk” By Catherine Buni and Soraya Chemaly — OneZero. This exploration of how technology companies rarely give a second thought to things like risk, threats, and externalities. Also, these technology companies set up their products in ways that are most beneficial to white men, the majority demographic of the technology field.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.