May 21 2021

This Week in Washington

NextGov FCC Creates Public Database to Track Compliance with New Robocall-Killing Program
The Federal Communications Commission is moving ahead with a program requiring telephone service providers to verify the origins of phone calls—potentially eliminating spoof and robocalls—and is creating a new public database to track compliance among carriers.  This summer, telephone service providers in the U.S. will be required to comply with the Secure Telephone Identity Revisited, or STIR, and Signature-based Handling of Asserted Information Using toKENs, or SHAKEN, which requires tracking and accurately displaying the true caller ID of incoming calls.

NextGov Senate Bills Aim to Grow Federal Tech-Ready Workforce—and the Government’s Transparency About its AI Use
Two new pieces of Senate legislation aim to accelerate the study, fielding and buying of artificial intelligence capabilities across some agencies and the military, ensure transparency in the government’s deployments of the evolving technology, and confront relevant expertise gaps among the federal workforce. Provisions in the Artificial Intelligence Capabilities and Transparency, or AICT Act, and Artificial Intelligence for the Military, or AIM Act—recently unveiled by Sens. Rob Portman, R-Ohio, and Martin Heinrich, D-N.M.—broadly incorporate recommendations made by the Congressionally-mandated National Security Commission on AI.

Bloomberg Biden Proposes Billions for Cybersecurity After Wave of Attacks
President Joe Biden’s infrastructure proposal includes billions of dollars tied to improving cybersecurity, an area of intensified interest after the ransomware attack on the Colonial Pipeline Co. sent U.S. gasoline prices soaring last week. But the exact amount that will be spent on improving cyber defenses remains to be seen. The $2 trillion American Jobs Plan, as the infrastructure proposal is known, includes $20 billion for state, local and tribal governments to modernize their energy systems contingent upon meeting cybersecurity standards, as well as $2 billion for grid resilience in high-risk areas that will be contingent on meeting cybersecurity targets, the White House said in a fact sheet obtained by Bloomberg News ahead of its release Tuesday.

CyberScoop Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts
U.S. lawmakers are demanding to know whether Colonial Pipeline paid a ransom to hackers who forced the company to shut down operations for days. Following a Monday briefing with Colonial Pipeline, the heads of the House Homeland Security and Oversight and Reform committees said the company’s refusal to share information on any ransom payment hindered their ability to craft legislation to address the ransomware problem. Bloomberg News reported that Colonial Pipeline, which says it supplies 45% of the fuel consumed on the East Coast, paid cybercriminals nearly $5 million to recover their computer systems.

FedScoop Continuous monitoring of critical infrastructure absent from cyber executive order
The cybersecurity executive order issued by the Biden administration last week doesn’t require the relevant agencies to increase their visibility into critical infrastructure, a lingering weakness for the federal government, security experts told FedScoop. When the May 7 ransomware attack on Colonial Pipeline Co. occurred, the Cybersecurity and Infrastructure Security Agency lacked any knowledge of the incident until it was notified by the FBI.

The Verge Biden revokes Trump executive order that targeted Section 230
President Biden on Friday revoked several of former President Trump’s executive orders, including one that would have changed legal protections for social media sites and other online platforms. Section 230 of the 1996 Communications Decency Act limits how much online platforms can be held liable for content users share on their platforms. The Trump order, titled “preventing online censorship,” would have allowed federal authorities to hold companies like Twitter, Google, and Facebook responsible if they were found to be infringing on users’ speech by deleting or otherwise modifying users’ posts.

Article Summary

The MarkUp Nevada Lawmakers Introduce Privacy Legislation After Markup Investigation into Vaccine Websites
Nevada lawmakers have introduced legislation that would create new web privacy protections after an investigation by The Markup found the state’s COVID-19 vaccine information site contained the most trackers in the country. The emergency legislation, introduced by Assembly minority leader Robin Titus and other members of the Assembly, would broaden the scope of Nevada’s existing privacy law. Currently the law requires “commercial” website operators to explain how they collect information and give consumers a way to opt out. Under the proposal, the law would expand to cover any website running a public awareness campaign by or on behalf of government officials.

The New York Times As Congress Dithers, States Step In to Set Rules for the Internet
News outlets in Florida may soon be able to sue Facebook and Twitter if the social media companies take down their content. Arkansans shopping on Amazon will be able to see contact information for third-party merchants, which the site won’t be required to show people outside the state. Residents of Virginia can ask Google and Facebook not to sell their personal data, and the state can sue the companies if they don’t comply. The moves are the result of an extraordinary legislative blitz by states to take on the power of the biggest tech companies. Over the past six months, Virginia, Arkansas, Florida and Maryland have been among at least 38 states that have introduced more than 100 bills to protect people’s data privacy, regulate speech policies and encourage tech competition, according to a tally by The New York Times.

The Washington Post Ransomware is a national security threat and a big business — and it’s wreaking havoc
The hacker ring’s ransom note appeared on the company’s computer screens this past Monday. “Your computers and servers are encrypted, backups are deleted,” it said. “We use strong encryption algorithms, so you cannot decrypt your data.” But, the extortionists said, “you can restore everything by purchasing a special program from us — universal decryptor.” This program, the message said, “will restore all your network.” The price: $1.2 million. They also had stolen 1 terabyte — the equivalent of 6.5 million document pages — of the company’s sensitive data. If the firm did not pay to decrypt it, the data would be “automatically published” online, the hackers said, according to the note, which was shared with The Washington Post by the firm that helped the victim deal with the attack.

Motherboard Tech Companies Want Schools to Use COVID Relief Money on Surveillance Tools
As vaccination rates rise and schools prepare to reopen, surveillance companies have trained their sights on the billions of dollars in federal COVID-19 relief funds being provided to schools across the US, hoping to make a profit by introducing a bevy of new snooping devices. “$82 BILLION,” reads the huge front-page font on one Motorola Solutions brochure distributed to K-12 schools after the passage of the Coronavirus Response and Relief Supplemental Appropriations Act.

The Guardian ‘Privacy by design’: Google to give people more power over their personal data
Google is attempting a rebrand with a suite of new privacy controls that give people more power over their personal data – but the move may conflict with its core business of online search advertising. Being able to target people based on data collected by Google about their interests or demographics has been immensely valuable for advertisers, but a growing number of people are becoming more privacy-conscious and there is pushback from regulators and rivals such as Apple. As a result of the pressure, the company is now seeking to shift to a “privacy by design” approach to many of its products.

The New York Times Rural Areas Are Looking for Workers. They Need Broadband to Get Them.
As a manufacturer of asphalt paving equipment, Weiler is exactly the type of company poised to benefit if the federal government increases spending on roads and bridges. But when Patrick Weiler talks about infrastructure, the issue he brings up first has next to nothing to do with his company’s core business. It’s broadband internet service. Weiler is based in Marion County, Iowa, a rural area southeast of Des Moines. Internet speeds are fine at the company’s 400,000-square-foot factory, because Weiler paid to have a fiber-optic cable run from the nearby highway. But that doesn’t help the surrounding community, where broadband access can be spotty at best. SpaceX’s Starlink internet satellites to connect with Google Cloud systems
SpaceX plans to build out its Starlink internet satellite constellation with the help of Google Cloud. The two tech giants announced the collaboration Thursday (May 13) to provide data, cloud services and applications for enterprise Starlink customers at locations around the world, starting later in 2021. The value of the deal was not disclosed.

Think Tank / Tech Trade Association Highlights

Information Technology & Innovation Foundation

  • Blog on New York City Privacy Law
    Privacy panic has been swirling around New York. Many state policymakers have gotten caught up in the panic, evidenced by the more than 50 privacy bills introduced in the legislature since the beginning of the year. But last month, the frenzied rhetoric reached new heights when the New York City Council passed a bizarre bill that places strict rules on how owners of smart access buildings—buildings that use technologies like electronic key fobs, Bluetooth authentication on smartphones, or biometrics to control access—can collect, use, and store residential tenant data. The Tenant Data Privacy Act would require all owners of residential buildings that use digital technologies to provision access to residents, such as through electronic key fobs or biometric door locks, to obtain informed consent through writing or a mobile app. (ITIF Blog – New York City is Sacrificing Residential Safety for Unwarranted Privacy Concerns, May 17, 2021)

The Brookings Institution

  • Blog on Broadband Expansion
    Jackson County, Kentucky, has one stop light in its 347 square miles—but also high-speed fiber optic internet service to rival any big city. In the coal country of eastern Kentucky, the 800-person town of McKee is the hub of a one-thousand-mile fiber-to-the-home network covering two of the nation’s poorest and most remote counties. The fiber link was built almost entirely with dollars from the federal government. It is a powerful example of the infrastructure of the 21st century and the importance of extending those connections to all Americans. (TechTank – Changing lives by connecting all Americans to broadband internet, May 19, 2021)