Other Developments, Further Reading, and Coming Events (14 September 2021)

Artificial Intelligence, Big Data, CISA, Coming Events, Cybersecurity, Data Flows, Data Protection, data security, DHS, DOJ, Further Reading, GDPR, NIST, Other Developments, privacy, Section 230, Social Media, Technology, Telecommunications 21 Minutes

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week. The Wavelength will transition to a subscription product early in 2022. Posts on this site will continue in a fashion. Details to come.

Other Developments

  • The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) “are seeking public feedback on strategic and technical guidance documents meant to move the U.S. government towards a zero trust architecture.” OMB and CISA issued these draft documents per Executive Order 14028“Improving the Nation’s Cybersecurity”. The agencies stated:
    • Read and comment on OMB’s Federal Zero Trust Strategy. The goal of this strategy is to accelerate agencies towards a shared baseline of early zero trust maturity.
    • Read and comment on CISA’s Zero Trust Maturity Model. The maturity model complements OMB’s Federal Zero Trust Strategy, and is designed to provide agencies with a roadmap and resources to achieve an optimal zero trust environment.
    • Read and comment on CISA’s Cloud Security Technical Reference Architecture, a guide for agencies to leverage when migrating to the cloud securely. The document explains considerations for shared services, cloud migration, and cloud security posture management.
  • Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) “issued the “Guidance on the Ethical Development and Use of Artificial Intelligence” (Guidance) to help organisations understand and comply with the relevant requirements of the Personal Data (Privacy) Ordinance (PDPO) when they develop or use AI.”The PCPD claimed:
    • The Guidance recommends that organisations embrace three fundamental Data Stewardship Values when they develop and use AI, namely, being respectful, beneficial and fair to stakeholders. In line with international standards, the Guidance sets out the following seven ethical principles for AI :
      • Accountability – Organisations should be responsible for what they do and be able to provide sound justifications for their actions;
      • Human Oversight – Organisations should ensure that appropriate human oversight is in place for the operation of AI;
      • Transparency and Interpretability – Organisations should disclose their use of AI and relevant policies while striving to improve the interpretability of automated decisions and decisions made with the assistance of AI;
      • Data Privacy – Effective data governance should be put in place;
      • Fairness – Organisations should avoid bias and discrimination in the use of AI;
      • Beneficial AI – Organisations should use AI in a way that provides benefits and minimises harm to stakeholders; and
      • Reliability, Robustness and Security – Organisations should ensure that AI systems operate reliably, can handle errors and are protected against attacks.
    • The Guidance also provides a set of practice guide, structured in accordance with general business processes, to assist organisations in managing their AI systems. The practice guide covers four main areas:
    • Establish AI strategy and governance;
      • Conduct risk assessment and human oversight;
      • Execute development of AI models and management of overall AI Systems; and
      • Foster communication and engagement with stakeholders.
  • The National Institute of Standards and Technology (NIST) issued a whitepaper titled“DRAFT Baseline Security Criteria for Consumer IoT Devices” per Executive Order 14028“Improving the Nation’s Cybersecurity”. NIST explained:
    • Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” tasks the National Institute of Standards and Technology (NIST), in coordination with the Federal Trade Commission (FTC) and other agencies, to initiate pilot programs informed by existing consumer product labeling programs to educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices. NIST also is to consider ways to incentivize manufacturers and developers to participate in these programs. This white paper proposes baseline security criteria for consumer IoT devices. This is one of three dimensions of a consumer Internet of Things (IoT) cybersecurity labeling program that would be responsive to Sections 4 (s) and (t) of the EO. The other dimensions are criteria for conformity assessment and the label. In addition to the feedback sought on this white paper, NIST will also consult with stakeholders on those additional considerations.
    • NIST will identify key elements of labeling programs in terms of minimum requirements and desirable attributes. Rather than establishing its own programs, NIST will specify desired outcomes, allowing providers and customers to choose the best solutions for their devices and environments. One size may not fit all, and multiple solutions might be offered by label providers.
  • A number of Florida Members of Congress, mostly Republicans, wrote Attorney General Merrick Garland about the Department of Justice’s announcement that a number of United States (U.S.) Attorneys Offices may have been compromised in the SolarWinds hack. They stated:
    • The DOJ confirmed the breach affected 80 percent of Microsoft email accounts used by USAO employees in New York, but did not provide additional information on the extent of the hack or its effect on Florida USAOs or offices in other identified states. This announcement is alarming as USAO email servers contain highly sensitive information. Florida USAOs are responsible for the prosecution of some of the most significant federal crimes, including crimes related to drugs and trafficking. Additionally, according to recent media reports the DOJ launched an internal review of cybersecurity procedures in April 2021. The DOJ was reportedly conducting a 120-day review of interagency cybersecurity challenges. However, the DOJ did not formally announce this review and does not appear to have publically shared any information about the scope of this review. We are confident that the DOJ and other involved federal agencies are working tirelessly to prevent cyberattacks. However, the breach of USAO email servers is very concerning.
    • Accordingly, we ask that you answer the following questions no later than Friday, October 1, 2021:
      • 1. What USAO information was compromised as a result of this hack?
      • 2. Was sensitive information, such as witness information, victim information, or information that relates to national security compromised? If so, please describe the types of information compromised.
      • 3. What steps have you taken to ensure the vulnerabilities that led to this intrusion have been remedied?
      • 4. During your confirmation hearing, you committed to a whole-of-government response to cyber threats. Please describe the current collaborative framework within the federal government for interagency coordination on cyber threats. Please describe the President’s strategy for a whole-of-government coordinated response to responding to and preventing cyberattacks, including which individual is leading this effort.
      • 5. In response to a question at your confirmation hearing, you said you would use the full power of the DOJ to combat cyber threats. You also said that you would fully support the President and his National Security team’s efforts on cybersecurity. What have been the efforts of the President related to cybersecurity that you have supported since you were  confirmed?
      • 6. In June, you announced you were doubling the number of attorneys working on voting rights at the DOJ. Given the significant threat to America posed by cyberattacks, how much have you increased the number of attorneys or other staff working on cybersecurity issues?
  • The Securities and Exchange Commission (SEC) “filed an action against BitConnect, an online crypto lending platform, its founder Satish Kumbhani, and its top U.S. promoter and his affiliated company, alleging that they defrauded retail investors out of $2 billion through a global fraudulent and unregistered offering of investments into a program involving digital assets.”The SEC asserted:
    • According to the SEC’s complaint, filed in the United States District Court for the Southern District of New York, from early 2017 through January 2018, Defendants conducted a fraudulent and unregistered offering and sale of securities in the form of investments in a “Lending Program” offered by BitConnect. The complaint alleges that, to induce investors to deposit funds into the purported Lending Program, Defendants falsely represented, among other things, that BitConnect would deploy its purportedly proprietary “volatility software trading bot” that, using investors’ deposits, would generate exorbitantly high returns. However, the SEC alleges that instead of deploying investor funds for trading with the purported trading bot, defendants BitConnect and Kumbhani siphoned investors’ funds off for their own benefit by transferring those funds to digital wallet addresses controlled by them, their top promoter in the U.S., defendant Glenn Arcaro, and others. The SEC’s complaint further alleges that BitConnect and Kumbhani established a network of promoters around the world, and rewarded them for their promotional efforts and outreach by paying commissions, a substantial portion of which they concealed from investors. According to the complaint, among these promoters was Arcaro, the lead national promoter of BitConnect for the United States who used the website he created, Future Money, to lure investors into the Lending Program.
  • Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) published guidance titled “The transfer of personal data to a country with an inadequate level of data protection based on recognised standard contractual clauses and model contracts.” The FDPIC stated:
    • …the FDPIC recognises the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (pursuant to Implementing Decision 2021/914/EU) as the basis for personal data transfers to a country without an adequate level of data protection, provided that the necessary adaptations and amendments are made for use under Swiss data protection law.
  • The United States (U.S.) Patent and Trademark Office (PTO) prevailed in U.S. court in its determination that an artificial intelligence machine cannot be an inventor under U.S. law. The court summed up its finding:
  • Minnesota’s Commerce Department announced that “Minnesota consumers have new protections to protect the privacy of data they provide to insurance companies, including personal and financial information, through a new law championed by the Minnesota Department of Commerce.” The Department further claimed:
    • In recent years, there have been several major data breaches involving large insurers that have exposed and compromised the sensitive personal information of millions of insurance consumers. The NAIC Data Security Model Act, passed by the 2021 Minnesota Legislature, adopts a model insurance law proposed by the National Association of Insurance Commissioners (NAIC). The NAIC model law has been enacted by 18 states, including Minnesota. The U.S. Treasury has urged states to adopt the NAIC model law or the administration plans to ask Congress to preempt states to take action.  
    • “This new law serves as a guide for Minnesota insurance businesses on how to prepare for, and react to, a data incident,” said Commerce Commissioner Grace Arnold. “Being prepared, prioritizing consumer privacy and increasing public disclosure will better protect all Minnesotans.” 
    • The new law applies to insurers, insurance agents, and other insurance-related entities licensed by the Department of Commerce and asks them to do three things: 
      • To create a plan on how to deal with cybersecurity events. 
      • To work this plan and investigate cybersecurity events if they think one has occurred. 
      • To notify the Department of Commerce and to notify consumers when a cybersecurity event has occurred. 
    • These three requirements will increase the likelihood that companies are prepared for the internal and external data threats they face and help consumers take immediate steps to protect themselves when their private data is exposed. 
    • Protecting the privacy of consumer data has been a priority for Commerce and the NAIC. Commerce continues to work with NAIC committees on additional policy ideas for consumer privacy protection. 
    • States that, as of Aug. 3, had adopted the NAIC Data Security Model Act are: Alabama, Connecticut, Delaware, Indiana, Iowa, Hawaii, Louisiana, Maine, Michigan, Minnesota, Mississippi, New Hampshire, North Dakota, Ohio, South Carolina, Tennessee, Virginia and Wisconsin. 
  • The United Kingdom’s Office for Science and Council for Science and Technology published a report titled “Harnessing technology for the long-term sustainability of the UK’s healthcare system.” The entities claimed:
    • Changing environments and lifestyles, an ageing population and an increased need for managing chronic and multiple long-term conditions in the UK will challenge our health system and increase healthcare costs. Often those people most in need of healthcare (such as older, rural and socially deprived populations) have the most difficulty accessing service delivery centres. In some cases, there is also a variation in quality and quantity of healthcare provision. Such healthcare inequalities are driving disparities in health outcomes within and between regions.
    • There are challenges within the system itself. Structural silos exist at several levels; within the medical field there is a division into specialisms, within the National Health Service (NHS) there is an administrative and financial division into trusts, worsened by a lack of interoperability, and across the wider system there is a separation of health from social care and public health services. These structures reduce the ease with which information from one part of the system can be shared with other parts, can complicate a patient’s journey through the system, and may waste time and resources. Taken together, these barriers to flow of information affect the quality and integration of care. Furthermore, the composition and distribution of the healthcare workforce is changing, with difficulties such as staff shortagesserving to compound the strain on service delivery.
    • The COVID-19 pandemic has further exposed the limitations of the current system, highlighting health inequalities, the challenges to integrated health and social care and the shortcomings in our approach to public and population health. It has also led to further pressures on the system, with a backlog of treatment requirements that may take considerable time to clear.
    • As currently structured, spending on the NHS would need to increase to maintain long term sustainability of the service. Under the current system, a continued drive for health service efficiency and cost reductions could further reduce resilience to emerging crises and further increase inequalities. As the government’s white paperon health and social care recognises, a change in approach is needed.
  • The National Institute of Standards and Technology (NIST) announced that “Draft NISTIR 8286B, Prioritizing Cybersecurity Risk for Enterprise Risk Management, is now available for public comment.” NIST stated:
    • This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), with a focus on the use of enterprise objectives to prioritize, optimize, and respond to cybersecurity risks.
    • The NISTIR 8286 series of documents is intended to help organizations better implement cybersecurity risk management (CSRM) as an integral part of ERM – both taking its direction from ERM and informing it. The increasing frequency, creativity, and severity of cybersecurity attacks mean that all enterprises should ensure that cybersecurity risk is receiving appropriate attention within their ERM programs and that the CSRM program is anchored within the context of ERM.
    • This publication draws upon processes and templates described in NISTIR 8286A, Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), and on feedback received on public comment drafts of that report. Draft NISTIR 8286B extends the use of stakeholders’ risk appetite and risk tolerance statements to define risk expectations. It further describes the use of the risk register and risk detail report templates to communicate and coordinate activity.
    • Since enterprise resources are nearly always limited, and must also fund other enterprise risks, it is vital that CSRM work at all levels be coordinated and prioritized to maximize effectiveness and to ensure that the most critical needs are adequately addressed. Risk prioritization, risk response, and risk aggregation should be aggregated and optimized to help guide enterprise risk communication and decision-making. Through effective prioritization and response, based on accurate risk analysis in light of business objectives, managers throughout the enterprise will be able to navigate a changing risk landscape and take advantage of innovation opportunities.
    • A third companion document, NISTIR 8286C, which will detail processes for enterprise-level aggregation and oversight of cybersecurity risks, is being developed and will be available for review and comment in the coming months.

Further Reading

  • Sensitive government data could be another casualty of Afghan pullout” By Joseph Marks — The Washington Post. Among the many long-term costs of the rapid fall of the Afghan government and the swift withdrawal of U.S. diplomatic and military personnel, count this one: Troves of sensitive U.S. government data are surely being left behind in the nation now under Taliban control. The vast majority of classified information that lived on U.S. embassy computers was almost certainly flown out of Afghanistan or destroyed. A lot of government’s highly sensitive data is also housed in computer clouds rather than on hard drives and protected with multiple security controls. But reams of unclassified but sensitive material will probably remain in the country, both in digital forms and on paper. 
  • ‘Vaccine passports’ to combine jab records with QR check-ins for more freedoms” By David Crowe — The Age. Millions of vaccinated Australians will be able to use their mobile phones to gain exemptions to lockdown rules at cafes, restaurants and public events under a national cabinet plan to use digital records to verify vaccine status. A federal vaccine record will be combined with state check-in systems to expand the use of QR codes at public venues to be sure those who gain entry have been immunised against COVID-19.
  • Amazon to proactively remove more content that violates rules from cloud service -sources” By Sheila Dang — Reuters. Amazon.com Inc plans to take a more proactive approach to determine what types of content violate its cloud service policies, such as rules against promoting violence, and enforce its removal, according to two sources, a move likely to renew debate about how much power tech companies should have to restrict free speech. Over the coming months, Amazon will hire a small group of people in its Amazon Web Services (AWS) division to develop expertise and work with outside researchers to monitor for future threats, one of the sources familiar with the matter said.
  • Amazon denies reports that it will proactively moderate content on its hosting service” By Russell Brandom — The Verge. Amazon is planning to expand its in-house moderation team for Amazon Web Services, according to a report published on Thursday by Reuters. Citing two sources, the report says Amazon is planning to use the new workforce to proactively remove more prohibited content from AWS before it’s reported by users. Reached for comment on Thursday, Amazon said it did not plan to pre-review content before it is posted on the platform, but declined to confirm or deny specifics. On Friday, however, Amazon followed up with a more strongly worded statement directly contesting that the team’s methodology would change.
  • How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users” By Craig Silverman — Pro Publica. Clarification, Sept. 8, 2021: A previous version of this story caused unintended confusion about the extent to which WhatsApp examines its users’ messages and whether it breaks the encryption that keeps the exchanges secret. We’ve altered language in the story to make clear that the company examines only messages from threads that have been reported by users as possibly abusive. It does not break end-to-end encryption. When Mark Zuckerberg unveiled a new “privacy-focused vision” for Facebook in March 2019, he cited the company’s global messaging service, WhatsApp, as a model. Acknowledging that “we don’t currently have a strong reputation for building privacy protective services,” the Facebook CEO wrote that “I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about. We plan to build this the way we’ve developed WhatsApp.”
  • New Zealand internet outage blamed on DDoS attack on nation’s third largest internet provider” By Tim Richardson — The Register. Parts of New Zealand were cut off from the digital world today after a major local ISP was hit by an aggressive DDoS attack. Vocus – the country’s third-largest internet operator which is behind brands including Orcon, Slingshot and Stuff Fibre – confirmed the cyberattack originated at one of its customers. According to a network status update, the company said: “This afternoon a Vocus customer was under DDoS attack… A DDoS mitigation rule was updated to our Arbor DDoS platform to block the attack for the end customer.”
  • China’s New Data Security Law Will Provide It Early Notice Of Exploitable Zero Days” By Brad D. Williams — Breaking Defense. China’s new Data Security Law, which takes effect today, includes cyber vulnerability disclosure provisions that will provide its government with nearly exclusive early access to a steady stream of zero-day vulnerabilities — potentially to include those discovered in technologies used by the Defense Department and Intelligence Community. Armed with that information, experts fear, China could exploit cyber vulnerabilities in tech used broadly across the US public and private sectors.
  • Ransomware’s next target: Schools” By Laurens Cerulus — Politico EU. Cybercriminals, like anxious parents, are also waiting for schools to reopen. As children prepare for the new academic year, schools are following hospitals, energy firms and food makers as the next prime target for gangs of hackers. Gangs using ransomware — often operating from Russia — target low-tech sectors like health care, utilities and manufacturing services, which increasingly rely on digital tools but often lag in investing in cybersecurity to protect their systems. It makes for low-effort, high-reward targets for ransomware criminals.
  • Tesla must deliver Autopilot crash data to federal auto safety watchdog by October 22” By Lora Kolodny — CNBC. The National Highway Traffic and Safety Administration has added a 12th crash into the scope of its investigation into Tesla’s Autopilot system, and is demanding that the company provide an exhaustive amount of data about its driver assistance systems by Oct. 22.
  • FBI says Chinese authorities are hacking US-based Uyghurs” By Carly Page — Tech Crunch. The FBI has warned that the Chinese government is using both in-person and digital techniques to intimidate, silence and harass U.S.-based Uyghur Muslims. The Chinese government has long been accused of human rights abuses over its treatment of the Uyghur population and other mostly Muslim ethnic groups in China’s Xinjiang region. More than a million Uyghurs have been detained in internment camps, according to a United Nations human rights committee, and many other Uyghurs have been targeted and hacked by state-backed cyberattacks. China has repeatedly denied the claims.
  • NSO Group Affiliate Circles Sold Equipment to Uzbekistan ‘Secret Police’” By Scott Stedman — Forensic News. Shipping records reveal that a lesser-known affiliate of the hack-for-hire company NSO Group supplied equipment in 2020 to Uzbekistan’s national intelligence agency (SGB), often referred to as a “secret police” force with a record of brutality and oppression. NSO Group creates hacking tools that governments around the world have purchased to ostensibly monitor terrorists and other criminals. However, the tools have often been used by autocratic regimes to spy on journalists and dissidents.
  • West lacks clear plan to rival China’s ‘Belt and Road,’ Estonia says” By Laurens Cerulus — Politico EU. Europe, the U.S. and their allies need a better, single infrastructure investment project to rival China’s Belt and Road Initiative, according to Estonian Prime Minister Kaja Kallas. “We have many initiatives that actually tackle the same issue,” Kallas told POLITICO in an interview, singling out the Blue Dot Network initiative by the U.S., Australia and Japan, and the Three Seas Initiative that covers Eastern Europe and has the support of the EU and U.S.  “We need to connect them all … This is what I feel is lacking,” Kallas said.
  • Report details how Airbus pilots saved the day when all three flight computers failed on landing” By Richard Speed — The Register. Airbus is to implement a software update for its A330 aircraft following an incident in 2020 where all three primary flight computers failed during landing. The result was a loss of thrust reversers and autobrake systems and the pilots having to use manual braking to bring the aircraft, a China Airlines A330-302, to a halt just 30 feet before the end of the runway. The incident happened at Taipei Songshan Airport on 14 June 2020. The flight, CI202 from Shanghai with 87 passengers and nine cabin crew members, had been uneventful. The landing, however, was anything but.
  • Pro-China social media campaign hits new countries, blames U.S. for COVID” By Joseph Menn — Reuters. A misinformation campaign on social media in support of Chinese government interests has expanded to new languages and platforms, and it even tried to get people to show up to protests in the United States, researchers said on Wednesday. Experts at security company FireEye (FEYE.O) and Alphabet’s (GOOGL.O) Google said the operation was identified in 2019 as running hundreds of accounts in English and Chinese aimed at discrediting the Hong Kong democracy movement. The effort has broadened its mission and spread from Twitter (TWTR.N), Facebook(FB.O) and Google to thousands of handles on dozens of sites around the world.

Coming Events 

  • 14 September
    • The National Institute of Standards and Technology (NIST) will hold a virtual public workshop “on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software.” NIST added:
      • According to the EO, by February 6, 2022, in coordination with the Federal Trade Commission (FTC) and other agencies, NIST is required to:
      • identify IoT cybersecurity criteria for a consumer labeling program and
      • identify secure software development practices or criteria for a consumer software labeling program.
  • 15 September
    • The Federal Trade Commission (FTC) will hold an open meeting with the following tentative agenda:
      • Proposed Policy Statement on Privacy Breaches by Health Apps and Connected Devices: The Commission will vote on whether to issue a policy statement on the importance of protecting the public from privacy breaches by health apps and other connected devices.
      • Non-HSR Reported Acquisitions by Select Technology Platforms, 2010-2019: An FTC Study: Staff will present some findings from the Commission’s inquiry into large technology platforms’ unreported acquisitions, including an analysis of the structure of deals that customarily fly under enforcers’ radar. The public release of the report is subject to commission vote.
      • Proposed Revisions to FTC Procedural Rules Concerning Petitions for Rulemaking: The Commission will vote on putting in place a process to receive public input on rulemaking petitions by external stakeholders.
      • Proposed Withdrawal of 2020 Vertical Merger Guidelines: The Commission will vote on whether to rescind the Vertical Merger Guidelines adopted in June 2020 and the Commentary on Vertical Merger Enforcement issued in December 2020.
    • The National Institute of Standards and Technology (NIST) will hold a virtual public workshop “on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software.” NIST added:
      • According to the EO, by February 6, 2022, in coordination with the Federal Trade Commission (FTC) and other agencies, NIST is required to:
      • identify IoT cybersecurity criteria for a consumer labeling program and
      • identify secure software development practices or criteria for a consumer software labeling program.
  • 23 September
  • 28 September
    • The Information Security and Privacy Advisory Board (ISPAB) will hold an open meeting and “The agenda is expected to include the following items:
      • —Board Discussion on Executive Order 14028, Improving the Nation’s Cybersecurity (May 12, 2021) deliverables and impacts to date,
      • —Presentation by NIST, the Department of Homeland Security, and the General Services Administration on upcoming work specified in Executive Order 14028,
      • —Presentation by the Office of Management and Budget on Executive Order 14028 directions and memoranda to U.S. Federal Agencies,
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:
      • Promoting More Resilient Networks. The Commission will consider a Notice of Proposed Rulemaking to examine the Wireless Network Resiliency Cooperative Framework, the FCC’s network outage reporting rules, and strategies to address the effect of power outages on communications networks. (PS Docket Nos. 21-346, 15-80; ET Docket No. 04-35)
      • Reassessing 4.9 GHz Band for Public Safety. The Commission will consider an Order on Reconsideration that would vacate the 2020 Sixth Report and Order, which adopted a state-by-state leasing framework for the 4.9 GHz (4940-4900 MHz) band. The Commission also will consider an Eighth Further Notice of Proposed Rulemaking that would seek comment on a nationwide framework for the 4.9 GHz band, ways to foster greater public safety use, and ways to facilitate compatible non-public safety access to the band. (WP Docket No. 07-100)
      • Authorizing 6 GHz Band Automated Frequency Coordination Systems. The Commission will consider a Public Notice beginning the process for authorizing Automated Frequency Coordination Systems to govern the operation of standard-power devices in the 6 GHz band (5.925-7.125 GHz). (ET Docket No. 21-352)
      • Spectrum Requirements for the Internet of Things. The Commission will consider a Notice of Inquiry seeking comment on current and future spectrum needs to enable better connectivity relating to the Internet of Things (IoT). (ET Docket No. 21-353)
      • Shielding 911 Call Centers from Robocalls. The Commission will consider a Further Notice of Proposed Rulemaking to update the Commission’s rules regarding the implementation of the Public Safety Answering Point (PSAP) Do-Not-Call registry in order to protect PSAPs from unwanted robocalls. (CG Docket No. 12-129; PS Docket No. 21-343)
      • Stopping Illegal Robocalls From Entering American Phone Networks. The Commission will consider a Further Notice of Proposed Rulemaking that proposes to impose obligations on gateway providers to help stop illegal robocalls originating abroad from reaching U.S. consumers and businesses. (CG Docket No. 17-59; WC Docket No. 17-97)
      • Supporting Broadband for Tribal Libraries Through E-Rate. The Commission will consider a Notice of Proposed Rulemaking that proposes to update sections 54.500 and 54.501(b)(1) of the Commission’s rules to amend the definition of library and to clarify Tribal libraries are eligible for support through the E-Rate Program. (CC Docket No. 02-6)
      • Strengthening Security Review of Companies with Foreign Ownership. The Commission will consider a Second Report and Order that would adopt Standard Questions – a baseline set of national security and law enforcement questions – that certain applicants with reportable foreign ownership must provide to the Executive Branch prior to or at the same time they file their applications with the Commission, thus expediting the Executive Branch’s review for national security and law enforcement concerns. (IB Docket No. 16-155)

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Rodrigo Souza from Pexels

Photo by Ana Cruz on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s