Other Developments, Further Reading, and Coming Events (7 June 2021)

Artificial Intelligence, Big Data, CCPA, CISA, Coming Events, Cybersecurity, Data Protection, data security, DHS, DOD, EDPB, EU, FBI, FCC, Further Reading, GDPR, Other Developments, Ransomware, Technology, Telecommunications 22 Minutes

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

  • The United States (U.S.) Department of Homeland Security’s Transportation Security Administration (TSA) issued the text of the security directive it issued in response to the ransomware attack that shut down Colonial Pipeline’s systems. TSA stated:
    • This Security Directive requires three critical actions.
    • First, it requires TSA-specified Owner/Operators to report cybersecurity incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
    • Second, it requires Owner/Operators to designate a Cybersecurity Coordinator who is required to be available to TSA and CISA 24/7 to coordinate cybersecurity practices and address any incidents that arise.
    • Third, it requires Owner/Operators to review their current activities against TSA’s recommendations for pipeline cybersecurity to assess cyber risks, identify any gaps, develop remediation measures, and repo1t the results to TSA and CISA.
  • The European Commission (EC) announced that “the EU Digital COVID Certificate has reached another important milestone with the go-live of the technical system at EU level, which allows to verify certificates in a secure and privacy-friendly way.” The EC further explained:
    • Following the political agreement between the European Parliament and Council on the Regulation governing the certificate on 20 May, today, the technical backbone of the EU systems goes live. Set up in only two months, the EU gateway provides for the verification of the security features contained in the QR codes of all certificates. This will allow citizens and authorities to be sure that the certificates are authentic. During this process, no personal data is exchanged or retained. The go-live of the gateway completes the preparatory work at EU level.
    • Since 10 May, 22 countries have already tested the gateway successfully. While the Regulation will be applied from 1 July, all Member States, which have passed the technical tests and are ready to issue and verify certificates, can now start using the system on a voluntary basis. Already today, seven Member States – Bulgaria, Czechia, Denmark, Germany, Greece, Croatia and Poland – have decided to connect to the gateway and started issuing first EU certificates, while certain countries have decided to launch the EU Digital COVID Certificate only when all functions are deployed nationwide. Therefore, more countries will join in the coming days and weeks. An updated overview is available on a dedicated webpage.
    • The political agreement of 20 May has to be formally adopted by the European Parliament and the Council. The Regulation will enter into application on 1 July, with a phasing-in period of six weeks for the issuance of certificates for those Member States that need additional time. In parallel, the Commission will continue to provide technical and financial support to Member States to on-board the gateway.
  • The United States (U.S.) Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) published an Activity Alert on “Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs.” In their statement, CISA and the FBI stated:
    • [They] are engaged in addressing malicious activity by a cyber threat actor that leveraged an account hosted by a third-party email service to send malicious emails to approximately 350 organizations, including federal agencies and NGOs. At this point CISA has not identified significant impact on federal government agencies resulting from these activities.  CISA continues to work with the FBI to understand the scope of these activities and assist potentially impacted entities. While many organizations have controls in place to block malicious emails and prevent associated impacts, we encourage all organizations to review our Activity Alert and take steps to reduce their exposure to these types of threats.
    • In the Activity Alert, CISA and FBI asserted:
    • A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact, a legitimate email marketing software company, to spoof a U.S.-based government organization and distribute links to malicious URLs.[1] CISA and FBI have not determined that any individual accounts have been specifically targeted by this campaign.
    • Note: CISA and FBI acknowledge open-source reporting attributing the activity discussed in the report to APT29 (also known as Nobelium, The Dukes, and Cozy Bear).[2,3] However, CISA and FBI are investigating this activity and have not attributed it to any threat actor at this time. CISA and FBI will update this Joint Cybersecurity Advisory as new information becomes available. Note:
    • This Joint Cybersecurity Advisory contains information on tactics, techniques, and procedures (TTPs) and malware associated with this campaign. For more information on the malware, refer to Malware Analysis Report MAR-10339794-1.v1: Cobalt Strike Beacon.
    • CISA and FBI urge governmental and international affairs organizations and individuals associated with such organizations to adopt a heightened state of awareness and implement the recommendations in the Mitigations section of this advisory.
  • The United States Department of Defense (DOD) published a memorandum titled “Implementing Responsible Artificial Intelligence in the Department of Defense.” Deputy Secretary of Defense Kathleen Hicks reaffirmed “the DOD Al Ethical Principles adopted by the Department on February 21, 2020, for the design, development, deployment, and use of Al capabilities.” Hicks stated:
    • The DOD AI Ethical Principles build on and complement the existing ethical, legal, safety, and policy frameworks that are the hallmark of our Department. They apply to all DOD Al capabilities, of any scale, including AI-enabled autonomous systems, for warfighting and business applications. To ensure our Nation’s values are embedded in the AI capabilities, as the Department develops, procures, and deploys AI, these principles will be implemented not only in technology, but also in enterprise operating structures and organizational culture.  This memorandum establishes and directs the Department’ s holistic, integrated, and disciplined approach for RAI.
    • Hicks argued:
      • The Department will implement RAI in accordance with the following foundational tenets:
      • l. RAJ Governance: Ensure disciplined governance structure and processes at the Component and DoD-wide levels for oversight and accountability and clearly articulate DOD guidelines and policies on RAJ and associated incentives to accelerate adoption of RAI within the DOD.
      • 2. Warfighter Trust: Ensure warfighter trust by providing education and training, establishing a test and evaluation and verification and validation framework that integrates real-time monitoring, algorithm confidence metrics, and user feedback to ensure trusted and trustworthy Al capabilities.
      • 3. Al Product and Acquisition Lifecycle: Develop tools, policies, processes, systems, and guidance to synchronize enterprise RAI implementation for the AI product throughout the acquisition lifecycle through a systems engineering and risk management approach.
      • 4. Requirements Validation: Incorporate RAJ into all applicable AI requirements, including joint performance requirements established and approved by the Joint Requirements Oversight Council, to ensure RAI inclusion in appropriate DOD AI capabilities.
      • 5. Responsible AI Ecosystem: Build a robust national and global RAI ecosystem to improve intergovernmental, academic, industry, and stakeholder collaboration, including cooperation with allies and coalition partners, and to advance global norms grounded in shared values.
      • 6. Al Workforce: Build, train, equip, and retain an RAI-ready workforce to ensure robust talent planning, recruitment, and capacity-building measures, including workforce education and training on RAI.
  • A coalition of European advocacy organizations have filed complaints against Clearview AI in European Union (EU) nations. In a press release, none of your business (noyb) stated that “[a] coalition of organisations including noyb, Privacy International (PI), Hermes Center and Homo Digitalis has filed a series of submissions against Clearview AI, Inc., a facial recognition company that claims to have “the largest known database of 3+ billion facial images” attained from social media accounts and other online sources.” The groups stated that “[t]he complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.” The organizations added:
    • Clearview’s dishonest practices. The company became widely known in January 2020, when a New York Times investigation revealed its practices to the world. Prior to this, Clearview had operated with intentional secrecy, while offering its product to law enforcement agencies in various countries, as well as to private companies. The company uses an automated image scraper, a tool that searches the web and collects any images that it detects as containing human faces. Along with these images, the scraper also collects metadata associated with these images, such as the image or webpage title, geolocation, and source link. Both the facial images and any accompanying metadata are stored on Clearview’s servers indefinitely.
    • Multiple authorities are on the case. The five submissions add to the series of investigations launched in the wake of last year’s revelations and noyb’s past intervention in a case before the Hamburg data protection authority. Currently, both the UK and Italian regulators are looking into the company’s practices. Clearview has also been reported to have entered into contracts with law enforcement authorities in Europe. In Greece, following a query submitted by Homo Digitalis, the police have denied collaboration with the company.
  • Representative Anna Eshoo (D-CA), Senator Cory Booker (D-NJ), and other Members wrote the Department of the Treasury “to recommend a change to the Interim Final Rule related to allowable expenditures of funds for state and local governments under the American Rescue Plan Act (ARPA).” They asserted that “[t]he proposed change would allow for more municipalities to use funds to provide accessible, high-speed internet in their towns and cities.” They asserted:
    • The Treasury Department’s Interim Final Rule expects state and local governments to use ARPA funds in areas that lack access to wireline internet connections capable of reliably delivering speeds of 25 Mbps download and 3 MBps upload (25/3) while also requiring recipients of ARPA funds to invest in broadband speeds of at least 100 Mbps download and 100 MBps upload (100/100). This limits municipalities that have broadband too slow for multiple video conferencing connections from using ARPA funds to upgrade their infrastructure to higher speeds.
  • The European Data Protection Board (EDPB) issued “Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions.” The EDPB explained:
    • In the context of the COVID-19 pandemic the digital economy and e-commerce continuously developed. Analogously the risks of using credit card data online has increased. As stated by the Article 29 Working Party in its guidelines on Data Protection Impact Assessments, credit card data violations “clearly involves serious impacts in the data subject’s daily life”, as financial data can be used for “payment fraud”
    • Therefore, it is very important that controllers put in place the appropriate safeguards for the data subjects, and to ensure them the control over their personal data, in order to decrease the risk of unlawful processing and foster trust in the digital environment. The EDPB deems this trust vital for sustainable growth of the digital economy.
    • For this purpose, these recommendations aim to encourage a harmonised application of data protection rules regarding the processing of credit card data within the European Economic Area (EEA), and to guarantee a homogeneous protection of data subject’s rights, in full respect of the fundamental data protection principles as required by the GDPR.
    • More specifically, these recommendations deal with the storing of credit card data by online providers of goods and services, for the sole and specific purpose of facilitating further purchases by data subjects. They cover the situation where a data subject buys product or pays for a service via a website or an application, and provides his/her credit card data, generally on a dedicated form, in order to conclude this unique transaction.
  • A British appeals court ruled that the “immigration exception” in the “Data Protection Act 2018” violates the parts of the General Data Protection Regulation (GDPR) that have become enshrined in British caselaw. The appeals court found that the United Kingdom’s Home Office’s restriction of full data protection rights for non-British citizens, especially those seeking to migrate to the UK.
  • Senator Ed Markey (D-MA) and Representative Doris Matsui (D-CA) introduced the “Algorithmic Justice and Online Platform Transparency Act of 2021” (S.1896/H.R.3611) that would:
    • Prohibit algorithmic processes on online platforms that discriminate on the basis of race, age, gender, ability and other protected characteristics.
    • Establish a safety and effectiveness standard for algorithms, such that online platforms may not employ automated processes that harm users or fail to take reasonable steps to ensure algorithms achieve their intended purposes.
    • Require online platforms to describe to users in plain language the types of algorithmic processes they employ and the information they collect to power them. 
    • Require online platforms to maintain detailed records describing their algorithmic process for review by the Federal Trade Commission (FTC), in compliance with key privacy and data de-identification standards.
    • Require online platforms to publish annual public reports detailing their content moderation practices.
    • Create an inter-agency task force comprised of entities including the FTC, Department of Education, Department of Housing and Urban Development, Department of Commerce, and Department of Justice, to investigate the discriminatory algorithmic processes employed in sectors across the economy.
  • The United Kingdom’s (UK) Information Commissioner’s Office (ICO)”is calling for views on the first draft chapter of its Anonymisation, pseudonymisation and privacy enhancing technologies draft guidance.” The ICO stated:
    • We are sharing our thinking in stages to ensure we gather as much feedback as possible to help refine and improve the final guidance, which we will consult on at the end of the year.
    • This first draft chapter, Introduction to anonymisation, defines anonymisation and pseudonymisation. It explores the legal, policy and governance issues around the application of anonymisation and pseudonymisation in the context of data protection law.
    • As part of this we explore when personal data can be considered anonymised, if it is possible to anonymise data adequately to reduce risks, and what the benefits of anonymisation and pseudonymisation might be.
    • We will continue to publish draft chapters for comment at regular intervals, throughout the summer and autumn. As outlined in Building on the data sharing code – our plans for anonymisation guidance, chapters to follow include:
      • Identifiability – outlining approaches such as the spectrum of identifiability and their application in data sharing scenarios, including guidance on managing re-identification risk, covering concepts such as the ‘reasonably likely’ and ‘motivated intruder’ tests;
      • Guidance on pseudonymisation techniques and best practices;
      • Accountability and governance requirements in the context of anonymisation and pseudonymisation, including data protection by design and DPIAs;
      • Anonymisation and research – how anonymisation and pseudonymisation apply in the context of research;
      • Guidance on privacy enhancing technologies (PETs) and their role in safe data sharing;
      • Technological solutions – exploring possible options and best practices for implementation; and
      • Data sharing options and case studies – supporting organisations to choose the right data sharing measures in a number of contexts including sharing between different organisations and open data release. Developed with key stakeholders, our case studies will demonstrate best practice.
    • Input at this early stage can make a significant difference as we will use the responses we receive to inform our work in developing the guidance.
  • The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) published an independent report The UK Safety Tech Sector: 2021 Analysis that “highlights startups such as Checkstep which uses AI to tackle disinformation and improve content moderation and SafeToNet which detects and filters risks to users such as cyberbullying and grooming online in real time.” The DCMS stated that
    • With more people than ever before going online during the pandemic, new research published today shows the safety tech sector is one of the fastest growing parts of the UK’s tech industry, with a 40 per cent increase in revenues in the past year – reaching £314 million – and a 30 per cent increase in jobs, equating to more than 500 new roles.
    • More than half (58 per cent) of all safety tech jobs are based outside London, with high-performing hubs developing in tech savvy cities including Leeds, Cambridge and Edinburgh. The sector has seen overall growth of 43 per cent, with the number of safety tech companies surpassing 100.
    • The UK’s safety tech companies make up a quarter of the international market and their reach is global – more than half of UK safety tech companies export to international markets.
    • Safety tech companies provide products and services to create safer online experiences for people. This includes products such as AI programmes which can block illegal content, identify underage users, disrupt the spread of harmful disinformation and help moderators detect abuse.
    • Last year ministers committed to developing the safety tech sector and recently published the draft Online Safety Bill to give online companies a new legal duty of care to protect their users, particularly children, from harm. UK safety tech providers are delivering innovative products that can help companies meet their new duties under the Bill.
  • The European Data Protection Board (EDPB) rendered its opinion on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe. Thereafter Belgium’s Data Protection Authority (DPA) approved “its first transnational code of conduct” and “also accredited SCOPE Europe as the monitoring body for the EU Cloud CoC.” The DPA added:
    • The EU Cloud CoC concretizes requirements of Art. 28 GDPR (concerning the processor) – and other relevant related Articles of the GDPR – for practical implementation within the cloud market (including IaaS, PaaS, SaaS). Adherence to the EU Cloud CoC is also achievable for SMEs that are active in this sector. Through the approval of this code the Belgian Data Protection Authority contributes to a harmonized interpretation of GDPR provisions in the cloud sector across the European Union.
    • David Stevens, Chairman of the Belgian Data Protection Authority, said:
      • The approval of the EU Cloud CoC was achieved through narrow collaboration within the European Data Protection Board and is an important step towards a harmonised interpretation and application of the GDPR in a crucial sector for the digital economy.I hope that this first experience in approving a European code of conduct will mark the beginning of the development of more European codes of conduct to foster compliance for companies, harmonisation for sectoral organizations and transparency for data subjects

Further Reading

  • Largest meat producer getting back online after cyberattack” By Dee-Ann Durbin and Frank Bajak — The Associated Press. The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved. In a statement late Wednesday, the FBI attributed the attack on Brazil-based meat processor JBS SA to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.
  • China Deepens Fintech Dominance With New Digital Currency” By Robert Farley — The Diplomat. Chinese firms have begun to dominate the fintech sector, and there’s every reason to believe that the stand up of China’s new digital currency will extend and deepen that dominance. Indeed, the prominence of many Chinese firms in the fintech sector has helped lay the necessary foundation for China’s digital leap. This represents an important step in China’s effort to throw off the U.S. dollar’s dominance, as fintech innovation has the potential to become a node of “weaponized interdependence,” the idea that states can exert power through control of multilateral regulatory regimes.
  • The Full Story of the Stunning RSA Hack Can Finally Be Told” By Andy Greenberg — WIRED. Amid all the sleepless hours that Todd Leetham spent hunting ghosts inside his company’s network in early 2011, the experience that sticks with him most vividly all these years later is the moment he caught up with them. Or almost did. It was a spring evening, he says, three days—maybe four, time had become a blur—after he had first begun tracking the hackers who were rummaging through the computer systems of RSA, the corporate security giant where he worked. Leetham—a bald, bearded, and curmudgeonly analyst one coworker described to me as a “carbon-based hacker-finding machine”—had been glued to his laptop along with the rest of the company’s incident response team, assembled around the company’s glass-encased operations center in a nonstop, 24-hours-a-day hunt. And with a growing sense of dread, Leetham had finally traced the intruders’ footprints to their final targets: the secret keys known as “seeds,” a collection of numbers that represented a foundational layer of the security promises RSA made to its customers, including tens of millions of users in government and military agencies, defense contractors, banks, and countless corporations around the world.
  • Amazon warehouse workers suffer serious injuries at higher rates than other firms” By Jay Greene and Chris Alcantara — The Washington Post. Amazon, the second-largest private employer in the United States, is also a leader in another category: how often its warehouse workers are injured. New work-related injury data from the Occupational Safety and Health Administration showed those jobs can be more dangerous than at comparable warehouses. Since 2017, Amazon reported a higher rate of serious injury incidents that caused employees to miss work or be shifted to light-duty tasks than at other warehouse operators in retail.
  • China could have ordered Huawei to shut down Australia’s 5G” By Peter Hartcher — The Sydney Morning Herald. The federal government’s cyber spies advised Australia would have had to put 300 separate security measures on Huawei’s equipment to make it safe for the nation’s 5G system but the network could still have been shut down on Beijing’s orders. The Australian Signals Directorate spent more than eight months trying to find a way to make the Chinese company’s telecommunications equipment acceptably safe but ultimately told the Turnbull government the risk could not be contained satisfactorily.
  • Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting” By Dan Grodkin — Ars Technica. Apple’s new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found. The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can’t be detected—or at least without specialized equipment.
  • Pentagon Plans To Monitor Social Media Of Military Personnel For Extremist Content” By Ken Klippenstein — The Intercept. As part of the Biden administration’s crackdown on domestic extremism, the Pentagon plans to launch a pilot program for screening social media content for extremist material, according to internal Defense Department documents reviewed by The Intercept, as well as a source with direct knowledge of the program. An extremism steering committee led by Bishop Garrison, a senior adviser to the secretary of defense, is currently designing the social media screening pilot program, which will “continuously” monitor military personnel for “concerning behaviors,” according to a Pentagon briefing in late March. Although in the past the military has balked at surveilling service members for extremist political views due to First Amendment protections, the pilot program will rely on a private surveillance firm in order to circumvent First Amendment restrictions on government monitoring, according to a senior Pentagon official. Though the firm has not yet been selected, the current front runner is Babel Street, a company that sells powerful surveillance tools including social media monitoring software.
  • This facial recognition website can turn anyone into a cop — or a stalker” By Drew Harwell — The Washington Post. The facial recognition site PimEyes is one of the most capable face-searching tools on the planet. In less than a second, it can scan through more than 900 million images from across the Internet and find matches with startling accuracy. But its most distinguishing trait is who can use it: Anyone. While most facial recognition tools are reserved for police or government use, PimEyes is open to the masses, whether they’re hunting down U.S. Capitol riot suspects or stalking women around the Web.
  • Confronting Disinformation Spreaders on Twitter Only Makes It Worse, MIT Scientists Say” By Matthew Gault — Vice. Of all the reply guy species, the most pernicious is the correction guy. You’ve seen him before, perhaps you’ve even been him. When someone (often a celebrity or politician) tweets bad science or a provable political lie, the correction guy is there to respond with the correct information. According to a new study conducted by researchers at MIT, being corrected online just makes the original posters more toxic and obnoxious.
  • A Press Corps Deceived, and the Gaza Invasion That Wasn’t” By David Halbfinger — The New York Times. The Israeli military abruptly announced after midnight on Friday that its ground forces had begun “attacking in the Gaza Strip,” saying it on Twitter, in text messages to journalists, and in on-the-record confirmations by an English-speaking army spokesman. Several international news organizations, including The New York Times, immediately alerted readers worldwide that a Gaza incursion or invasion was underway, a major escalation of Israeli-Palestinian hostilities.
  • Amazon Faced 75,000 Arbitration Demands. Now It Says: Fine, Sue Us” By Sara Randazzo — The Wall Street Journal. Companies have spent more than a decade forcing employees and customers to resolve disputes outside the traditional court system, using secretive arbitration proceedings that typically don’t allow plaintiffs to team up and extract big-money payments akin to a class action. Now, Amazon is bucking that trend. With no announcement, the company recently changed its terms of service to allow customers to file lawsuits. Already, it faces at least three proposed class actions, including one brought May 18 alleging the company’s Alexa-powered Echo devices recorded people without permission.
  • ‘Silicon Six’ tech giants accused of inflating tax payments by almost $100bn” By Rupert Neate — The Guardian. The giant US tech firms known as the “Silicon Six” have been accused of inflating their stated tax payments by almost $100bn (£70bn) over the past decade. As Chancellor Rishi Sunak called on world leaders to back a new tech tax ahead of next week’s G7 summit in the UK, a report by the campaign group Fair Tax Foundation singled out Amazon, Facebook, Google’s owner, Alphabet, Netflix, Apple and Microsoft.
  • Colonial hack exposed government’s light-touch oversight of pipeline cybersecurity” By Ellen Nakashima, Lori Aratani, and Douglas MacMillan — The Washington Post. Three times over the past year, Colonial Pipeline and the Transportation Security Administration discussed scheduling a voluntary, in-depth cybersecurity review — an assessment the federal agency began doing in late 2018 to strengthen the digital defenses of oil and natural gas pipeline companies, according to a company official and an industry official familiar with the matter. But no such review of Colonial’s systems has occurred, according to a Colonial spokesman. And the pipeline company has previously told federal officials it wants to first complete a headquarters move to a new building — probably in November — though the spokesman, Kevin Feeney, said on Friday that it may allow a review sooner.
  • NSA spying row: Denmark accused of helping US spy on European officials” — The BBC. Denmark’s secret service helped the US spy on European politicians including German Chancellor Angela Merkel from 2012 to 2014, Danish media say. The Defence Intelligence Service (FE) collaborated with the US National Security Agency (NSA) to gather information, according to Danish public service broadcaster DR. Intelligence was allegedly collected on other officials from Germany, France, Sweden and Norway. Similar allegations emerged in 2013. Then, secrets leaked by US whistleblower Edward Snowden alleged tapping of the German chancellor’s phone by the NSA.

Coming Events

  • On 8 June, the Senate Armed Services Committee will hold a hearing titled “The United States’ strategic competition with China” with these witnesses:
    • Mr. Matt Pottinger, Former Assistant to the President and Deputy National Security Advisor; Distinguished Visiting Fellow, the Hoover Institution Stanford University
    • Dr. Evan Medeiros, Penner Family Chair in Asia Studies in the School of Foreign Service and the Cling Family Distinguished Fellow in U.S.-China Studies Georgetown University
    • Dr. Sheena Chestnut Greitens, Associate Professor, Lyndon B. Johnson School of Public Affairs University of Texas at Austin
    • Ms. Bonnie Glaser, Director, Asia Program, German Marshall Fund of the United States
  • The Senate Homeland Security and Governmental Affairs Committee will hold an 8 June hearing titled “Threats to Critical Infrastructure: Examining the Colonial Pipeline Cyber Attack” with Colonial Pipeline CEO Joseph Blount Jr.
  • On 8 June, the House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee will hold a hearing on the Department of Commerce’s FY 2022 budget request with Secretary of Commerce Gina Raimondo.
  • On 9 June, the House Homeland Security Committee will hold a hearing on the Colonial Pipeline ransomware attack with the company’s CEO and FireEye Mandiant’s Senior Vice President and Chief Technology Officer Charles Carmakal.
  • On 9 June, the Senate Banking, Housing, and Urban Affairs Committee’s Economic Policy Subcommittee will hold a hearing titled “Building A Stronger Financial System: Opportunities of a Central Bank Digital Currency.”
  • On 10 June, the Senate Homeland Security and Governmental Affairs Committee will hold a hearing on the nominations of Robin Carnahan to be Administrator, General Services Administration; Jen Easterly to be Director, Cybersecurity and Infrastructure Security Agency, DHS; and Chris Inglis to be National Cyber Director.
  • The House Judiciary Committee will conduct an oversight hearing of the Federal Bureau of Investigation on 10 June.
  • On 14 June, the California Privacy Protection Agency Board will hold its inaugural meeting.
  • On 17 June the Senate Appropriations Committee will hold a hearing on the Department of Defense’s FY 2022 budget request.
  • The Federal Communications Commission (FCC) will hold its June meeting on 17 June with this tentative agenda:
    • Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization and Competitive Bidding Programs.
      The Commission will consider a Notice of Proposed Rulemaking and Notice of Inquiry seeking comments on steps it could take to secure the nation’s critical communications networks through its equipment authorization and competitive bidding programs. (ET Docket No. 21-232; EA Docket No. 21-233)
    • Allowing Earlier Equipment Marketing and Importation Opportunities. The Commission will consider a Report and Order that would adopt changes to the equipment authorization rules to allow expanded marketing and importation of radiofrequency devices prior to certification, with conditions. (ET Docket No. 20-382)
    • Improving the Emergency Alert System and Wireless Emergency Alerts. The Commission will consider a Report and Order and Further Notice of Proposed Rulemaking to implement section 9201 of the National Defense Authorization Act for Fiscal Year 2021, which is intended to improve the way the public receives emergency alerts on their mobile phones, televisions, and radios. (PS Docket Nos. 15-94, 15-91)
    • Improving Robocall and Spoofing Input from Private Entities. The Commission will consider a Report and Order to implement Section 10(a) of the TRACED Act by adopting a streamlined process that will allow private entities to alert the FCC’s Enforcement Bureau about suspected unlawful robocalls and spoofed caller ID. (EB Docket No. 20-374)
    • Promoting Telehealth for Low-Income Consumers. The Commission will consider a Second Report and Order that would provide guidance on the administration of the Connected Care Pilot Program and further instructions to program participants. (WC Docket No. 18-213)
    • Exploring Spectrum Options for Devices Used to Mark Fishing Equipment. The Commission will consider a Notice of Proposed Rulemaking that would satisfy the Commission’s statutory obligation in Section 8416 of the National Defense Authorization Act for Fiscal Year 2021 to initiate a rulemaking proceeding to explore whether to authorize devices that can be used to mark fishing equipment for use on Automatic Identification System (AIS) channels consistent with the core purpose of the AIS to prevent maritime accidents. (WT Docket No. 21-230)
    • Improving Low Power FM Radio. The Commission will consider an Order on Reconsideration of a proceeding to modernize the LPFM technical rules. (MB Docket No. 19-193)
    • Enforcement Bureau Action. The Commission will consider an enforcement action.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Ricardo Gomez Angel on Unsplash

Photo by Crawford Jolly on Unsplash

Photo by Amber Kipp on Unsplash

Photo by Ahmet Yalçınkaya on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s