|Representatives Introduce Bill to Increase
Authority of DHS's Top Cyber Security Officer
9/13. Rep. Mac Thornberry
(R-TX) and Rep. Zoe Lofgren (D-CA) introduced
HR 5068, the "Department of Homeland Security Cybersecurity Enhancement Act
of 2004". It would increase the rank and responsibilities of the top cybersecurity
officer in the Department of Homeland Security (DHS). It
would also define "cybersecurity" to include protection of "wire
This bill would amend the Homeland Security Act of 2002 (HSA), which is codified at
6 U.S.C. § 121 et seq.
This bill was
HR 5005 in the 107th Congress. It is now Public Law No. 107-296.
Title II of the HSA creates a Directorate for Information Analysis and
Infrastructure Protection, headed by an Under Secretary. This directorate has primary
responsibility for information sharing and cyber security matters. Title II also
creates the positions of Assistant Secretary for Infrastructure Protection and
Assistant Secretary for Information Analysis. See, Section 201(b) of the HSA.
Currently, the top cybersecurity
officer at the DHS is Amit
Yoran. On November 15, 2003, Yoran (at right) was named Director of the National Cyber
Security Division (NCSD) of the Information Analysis and Infrastructure Protection
Directorate (IAIP) at the DHS. See, story titled "Amit Yoran Named Head of Cyber
Security Division" in
TLJ Daily E-Mail
Alert No. 740, September 16, 2003.
This places him several levels below the Secretary in the DHS hierarchy.
Yoran works for
the Assistant Secretary for Infrastructure Protection in the IAIP. Liscouski works for
Libutti, the Under Secretary for Information Analysis and Infrastructure
Protection. Libutti works for
the Secretary of Homeland Security.
Neither Ridge nor Libutti have backgrounds
in technology. Ridge is a politician -- a former two term Governor of
Pennsylvania, and a former Congressman from Pennsylvania. Libutti is an
ex-Marine General. Only Liscouski has a background in technology.
Some technology companies, and groups that represent them in Washington DC,
have argued that the top cybersecurity officer at the DHS should hold a higher
rank and more authority.
In addition, on January 16, 2004, the Democrats on the
House Homeland Security Committee released a
report [18 pages in PDF] titled "America At Risk: The State of Homeland
Security: Initial Findings". It criticized the Bush administration for not
making Yoran's position more important. The report states that "The top
cybersecurity position in the government is now the Director of the National
Cyber Security Division, buried deep within DHS. There is no longer a
Presidential advisor or senior official with the authority to direct all the
agencies responsible for cybersecurity should a cyber-crisis occur."
(at left) stated in a
that "During the past year and a half, the
subcommittee has heard from numerous experts about the need to address the increasing
threats and vulnerabilities facing our nation's computer networks and systems. Our
legislation will strengthen the Department's cybersecurity efforts and make sure the
appropriate person within DHS has the authority and direction to get the job
Rep. Thornberry is chairman of the House Homeland
Security Committee's Subcommittee on Cybersecurity, Science, and Research and
Development. Rep. Lofgren is the ranking Democrat on this Subcommittee.
This bill would amend the HSA to create a new position
of Assistant Secretary for Cybersecurity. It would also provide a definition of
the term "cybersecurity".
The bill defines cybersecurity broadly, to encompass not only computers and
computer networks, but also communications, including "wire communication".
The bill provides that "cybersecurity" means "the prevention of damage to,
the protection of, and the restoration of computers, electronic communications
systems, electronic communication services, wire communication, and electronic
communication, including information contained therein, to ensure its
availability, integrity, authentication, confidentiality, and nonrepudiation."
It also provides that "wire communications" has the same meaning as in
18 U.S.C. § 2510.
This section provides that ''wire communication'' means "any aural transfer made
in whole or in part through the use of facilities for the transmission of
communications by the aid of wire, cable, or other like connection between the
point of origin and the point of reception (including the use of such connection
in a switching station) furnished or operated by any person engaged in providing
or operating such facilities for the transmission of interstate or foreign
communications or communications affecting interstate or foreign commerce".
(Parentheses in original.)
This would appear to give the new Assistant Secretary for Cybersecurity, and the
DHS, authority regarding the security of telecommunications. Individuals associated with
the Federal Communications Commission (FCC), the
Network Reliability and Interoperability Council
(NRIC), the House Commerce Committee
(HCC), and telecommunications carriers might take note of this definition of
The bill would increase the rank of the top cybersecurity officer at the DHS,
and define and expand the responsibilities of this officer. However, this
increase in position would come at the expense of other government officers and
offices. There is nothing in the bill that would increase governmental authority
over the private sector.
This bill has been referred to the House Homeland Security Committee.
|Representatives Introduce Homeland Security
Science and Tech Bill
9/13. Rep. Mac Thornberry
(R-TX), Rep. Zoe Lofgren (D-CA) and
HR 5069 [18 pages in PDF], the "Department of Homeland Security Science and Technology
Enhancement Act of 2004".
This is a wide ranging bill concerning science and technology programs
relating to homeland security, including cybersecurity.
Rep. Lofgren stated that "I believe
the Department must invest more time, more money and more energy to R&D. Our
legislation will help the Department develop the cutting-edge technologies
needed to win the war on terror."
Cybersecurity Grants. HR 5069 would create a cybersecurity grant program at
the DHS, to be run by the Assistant Secretary for Cybersecurity (a position to
be created by the related bill, HR 5068), in conjunction with the National
The grants would be limited to "institutions of higher education (and
consortia thereof)". (Parentheses in original.)
The purposes of the grants would be "(1) the establishment or expansion of
cybersecurity professional development programs; (2) the establishment or
expansion of associate degree programs in cybersecurity; and (3) the purchase of
equipment to provide training in cybersecurity for either professional
development programs or degree programs."
It would authorize the appropriation of $3,700,000 for FY 2005 for this grant
Interoperabilty of Public Safety Communications. The bill would
require that the DHS "establish a program to enhance public safety interoperable
communications at all levels of government." It would also allow the creation of
an Office of Public Safety Interoperable Communications at the DHS.
(at right) stated in a
that the Department of Homeland Security's (DHS)
"Science and Technology
Directorate is making progress, but we want to help the Department focus on
working with the private sector and to establish a formal program to improve the
interoperability of public safety communications,"
Technology Development and Transfer Program. The bill would also
create a technology development and transfer program at the DHS.
Specifically, it would amend Section 313 of the Homeland Security Act of
2002, which is codified at
6 U.S.C. § 193.
Section 313 provides that the DHS "shall establish and promote a program to
encourage technological innovation in facilitating the mission of the
Department". It currently enumerates five components of this program.
HR 5059 would add a sixth -- "The establishment of a homeland security
technology and equipment transfer program to facilitate the identification,
modification, and commercialization of technology and equipment for use by
Federal, State, and local governmental agencies, emergency response providers,
and the private sector."
Special Access Programs. Section 302 of the Homeland Security Act of
2002, which is codified at
6 U.S.C. § 182,
provides the responsibilities and authorities of the Under Secretary for Science
and Technology at the DHS.
HR 5069 would provide that "For the purposes of carrying out the
responsibilities of the Secretary under section 302", the Secretary of Homeland
Security is authorized "to establish and maintain special access programs associated
with research, development, test and evaluation, and acquisition of technology or
systems." The bill adds that "Access to knowledge of such programs shall be
strictly limited, and such programs shall be subject to restricted reporting
The bill also contains provisions relating to geospatial information and
technologies, joint development of counter-terrorism technologies with other
governments, assessment of homeland security science and technology, and the
Homeland Security Science and Technology Advisory Committee.
This bill was referred to the House Science
|House Committee Holds Hearing on Cyber and
Other Threats to Financial Infrastructure
9/8. The House Financial
Services Committee (HFSC) held a hearing titled "Protecting our Financial
Infrastructure: Preparation and Vigilance".
Wayne Abernathy of the Department of the Treasury wrote in his
testimony [6 pages in PDF] that "Our nation's financial institutions are
under assault virtually every day. Most of these assaults are in the nature of
electronic or cyber attacks, such as computer viruses, Trojans, worms, and
various forms of financial fraud, including phishing and spoofing. These
assaults have progressed from computer hackers and pranksters, into theft, and
now we believe on to schemes to disrupt the operations of our financial systems.
Some of these attacks have their sources in organized crime. We believe that,
increasingly, still more sinister actors are involved. I do not say this to be
alarmist but rather to make the point that our financial institutions have for
some time now been operating in a dangerous environment and are becoming
increasingly adept at doing so successfully."
prepared testimony [7 pages in PDF] of
(Department of Homeland Security) which addresses, among other topics, the
"trustworthiness of cyber systems and the software which drives the financial
services and other critical infrastructures of our nation", and
prepared testimony of
Mark Olson (Federal Reserve) which addresses the efforts of the Federal
Reserve and others to strengthen the resilience of the communications networks
and information technology operations that support the financial system to
terrorist attacks, power outages and cyber attacks.
See also, HFSC
web pages with hyperlinks to opening statements of members and prepared
testimony of witnesses.
|DOT Dismisses Privacy Related Complaint
Against Northwest Airlines
9/10. The Department of Transportation
(DOT) issued its
Dismissing Complaint [18 page PDF scan] in its proceeding on the third party
pages PDF] submitted by the Electronic Privacy
Information Center (EPIC).
On January 20, 2004, the EPIC, a Washington DC based interest group,
submitted its complaint asserting that Northwest
Airlines' (NWA) transfer of a sample of its passenger name record (PNR) data
to the National Aeronautics and Space
turn, constituted an unfair and deceptive trade practice in violation of
49 U.S.C. § 41712.
See, story titled "EPIC Complains to DOT About Transfer of Airline Passenger
Data to NASA" in
TLJ Daily E-Mail Alert No. 820, January 21, 2004.
Section 41712 provides that "On the initiative of the Secretary of
Transportation or the complaint of an air carrier, foreign air carrier, or
ticket agent, and if the Secretary considers it is in the public interest, the
Secretary may investigate and decide whether an air carrier, foreign air
carrier, or ticket agent has been or is engaged in an unfair or deceptive
practice or an unfair method of competition in air transportation or the sale of
air transportation. If the Secretary, after notice and an opportunity for a
hearing, finds that an air carrier, foreign air carrier, or ticket agent is
engaged in an unfair or deceptive practice or unfair method of competition, the
Secretary shall order the air carrier, foreign air carrier, or ticket agent to
stop the practice or method."
This was a case of first impression for the DOT. It ruled against the EPIC on
several different grounds.
preclude it from sharing data with the federal government; that, even if it did,
such a promise would be unenforceable as against public policy, as Northwest is
required by law to make such records available to the Department and to other
agencies ``upon demand´´; and that, in this case, the record contains no
evidence of actual or likely harm to those passengers who provided Northwest
with the data that it shared."
The DOT emphasized the security needs of the airline industry following the
terrorist attacks of September 11, 2001, and Northwest's motive of assisting the
government's effort to increase
However, the language of this order suggests that the outcome might be
different if an airline were to share electronic passenger data with a
commercial database company for use unrelated to airline security.
The DOT wrote that "Northwest's release of a small portion of its PNR data to
a data analysis laboratory at NASA is far removed from the perceived scourges of
the digital age. The risks of identity theft, in the extreme case, or of
unsolicited commercial contact or profiling, appear to have been exceedingly
remote in this case. Northwest's passenger data scarcely could have been safer
if kept within Northwest's own file servers."
|Upcoming Agency Workshops
On Thursday, October 7, 2004, the Federal
Communications Commission (FCC) will host an event titled "Radio
Frequency Identification Workshop". See,
notice [PDF]. For more information, contact Bill Lane at
email@example.com or 202-418-0676.
On Tuesday, November 9 and Wednesday, November 10, 2004, the
Federal Trade Commission (FTC) and the
National Institute of Standards and Technology
(NIST) will host an event titled "Email Authentication Summit". The
FTC's interest in this issue is dealing with spam and fraudulent e-mail. The Simple Mail
Transfer Protocol (SMTP) for the email system allows information to travel freely with
relative anonymity and ease, thereby making bulk unsolicited distribution, and fraud,
relatively easy. The purpose of this summit is to encourage the development, testing,
evaluation and implementation of domain level authentication systems. Written comments
are due by September 30, 2004. Written requests to participate are due by September 30,
notice in the Federal Register, September 15, 2004, Vol. 69, No. 178, at
Pages 55632 - 55636.
|Washington Tech Calendar
New items are highlighted in red.
|Wednesday, September 15
The House will meet at 10:00 AM for legislative
Republican Whip Notice.
The Senate will meet at 9:45 AM. It will begin consideration of the
military construction appropriations bill for FY 2005.
10:00 AM. The
U.S. District Court (DC) will hold
an initial conference in Electronic Privacy Information Center (EPIC) v.
Department of Defense, D.C. No. 1:2004-cv-01219-CKK, a Freedom of
Information Act (FOIA) case. Judge Colleen Kotelly will preside. See, story
titled "EPIC Files FOIA Complaint Against DOD Seeking Records Regarding Data
Mining Project" in
TLJ Daily E-Mail
Alert No. 945, July 26, 2004. Location: Courtroom 11, Prettyman
Courthouse, 333 Constitution Ave., NW.
10:30 AM. The Senate
Appropriations Committee will meet to mark up several appropriations bills,
including that for Departments of Commerce, Justice, and State, the Judiciary, and
related agencies for FY 2005. Location: Room 216, Hart Building.
12:15 PM. The Federal Communications Bar
Association's (FCBA) Cable Practice Committee will host a brown bag lunch. The
topics will be the FCC's Fall agenda and potential subjects for future meetings. The
speakers will be Catherine Bohigian (Legal Advisor on Media Issues for FCC Commissioner
Kevin Martin), Frank Lloyd (Mintz
To-Quyen Truong (Dow Lohnes & Albertson). RSVP to To-Quyen Truong
at firstname.lastname@example.org. Location:
Dow Lohnes & Albertson, 1200 New Hampshire
Ave., NW, 8th floor.
The Federal Communications Commission (FCC)
will conduct Auction No. 57, an auction of licenses in the Automated Maritime
Telecommunications System (AMTS) spectrum. See,
notice in the Federal Register, June 25, 2004, Vol. 69, No. 122, at Pages
35614 - 35626.
Deadline to submit written comments to the Office
of the U.S. Trade Representative (USTR) regarding the USTR's annual report to the
Congress on the Peoples Republic of China's compliance with the commitments that it
made in connection with its accession to the World Trade
Organization (WTO). See,
notice in the Federal Register, July 29, 2004, Vol. 69, No. 145, at Pages
45369 - 45370.
EXTENDED TO OCTOBER 15.
Deadline to submit comments to the
Federal Communications Commission (FCC) in response
Notice of Inquiry (NOI) [15 pages in PDF] regarding "issues relating to the
presentation of violent programming on television and its impact on children." This
NOI is FCC 04-175 in MB Docket No. 04-261. See, story titled "FCC Issues NOI on
Violent TV Programming" in TLJ Daily E-Mail Alert No. 950, August 2, 2004. See also,
notice in the
Federal Register, August 12, 2004, Vol. 69, No. 155, at Pages 49899 - 49904.
Order [PDF] extending the deadlines.
|Thursday, September 16
9:30 AM. The U.S. Court of Appeals
(DCCir) will hear oral argument in Polygram Hold Inc v. FTC, No.
03-1293. The Federal Trade Commission
(FTC) filed its administrative
Polygram and others on July 30, 2001 alleging unfair methods of competition in
violation of Section 5 of the FTC Act by agreeing with competitor Warner
Communications to restrict price competition and forgo advertising, in
connection with the sale of audio and video recordings titled "Three Tenors".
The FTC issued its
order [8 pages in PDF] and the
opinion [61 pages in
PDF] of Chairman Timothy Muris on July 24, 2003, finding that the agreement
between PolyGram and Warner unreasonably restrained trade and constitutes an
unfair method of competition. Judges Ginsburg, Edwards and Rogers will
preside. Prettyman Courthouse, 333 Constitution Ave., NW.
Snowden, Chief of the Federal Communications
Commission's (FCC) Consumer & Governmental
Affairs Bureau, will hold a press briefing. RSVP to Rosemary Kimball at 202
418-0511 or email@example.com.
Location: FCC, 445 12th St., SW, Hearing Room B/Conference Room, TW A-402/A-442.
Deadline for the President to submit a report to the Congress on the
establishment and operation of the Terrorist Screening Center, established on
September 16, 2003, by
Homeland Security Presidential Directive/Hspd-6. This report is required
by Section 360 of
HR 2417, the "Intelligence Authorization Act for Fiscal Year 2004". See,
story titled "Bush Signs Intelligence Authorization Bill" in TLJ Daily E-Mail
Alert No. 799, December 15, 2003.
Deadline to submit comments to the
Federal Communications Commission (FCC) in response
to its notice of proposed rulemaking (NPRM) regarding Amateur Radio Service
rules. The FCC adopted this NPRM on March 31, 2004, and released it on April 15, 2004.
This NPRM is FCC 04-79 in WT Docket No. 04-140. See,
in the Federal Register, August 17, 2004, Vol. 69, No. 158, at Pages 51028 - 51034.
Deadline to submit comments to the
Federal Communications Commission (FCC) in
response to the Wireline Competition Bureau's
(WCB) public notice inviting interested parties to update the record pertaining to
petitions for reconsideration of the 1997 Price Cap Review Order. This is in CC Docket
Nos. 94-1 and 96-262. See,
|Friday, September 17
11:00 AM. Jessica
Litman (Wayne State University Law School) will present a paper titled "Sharing and
Stealing" [47 pages in PDF] at an event hosted by the Dean Dinwoodey Center for
Intellectual Property Studies at the George
Washington University Law School (GWULS). For more information, contact
Robert Brauneis at 202 994-6138 or
firstname.lastname@example.org. The event is free and open to the public. See,
Location: GWULS, Faculty Conference Center, Burns Building, 5th Floor, 716
20th Street, NW.
Extended deadline to submit nominations to the
U.S. Patent and Trademark Office (USPTO)
for positions on the Patent Public Advisory Committee (PPAC) and the Trademark
Public Advisory Committee (TPAC) with terms that begin November 27, 2004. See, original
notice in the Federal Register, August 2, 2004, Vol. 69, No. 147, at Pages
46136 - 46137, and
notice of extension in the Federal Register, September 3, 2004, Vol. 69,
No. 171, at Page 53895.
|Monday, September 20
12:30 PM. Secretary of the Treasury
will give a luncheon speech. Location:
National Press Club, 529 14th St. NW, 13th Floor.
Deadline to submit comments to the Federal
Communications Commission (FCC) in response to it
Public Notice [PDF] requesting interested parties to provide comments on filings
by AT&T and TracFone Wireless regarding eligible telecommunications carrier (ETC)
designations and the Lifeline and Link-Up universal service support mechanism. This
is CC Docket No. 96-45 and WC Docket No. 03-109.
|Tuesday, September 21
1:00 - 4:00 PM. The Department of Commerce's (DOC)
Technology Administration (TA) will
host a roundtable titled "Technology Recycling: Achieving Consensus
for Stakeholders: Roundtable on Electronics Recycling". See,
Location: DOC, Auditorium, 1401 Constitution Avenue, NW.
|Wednesday, September 22
9:30 AM. The
Department of Homeland Security's (DHS) Homeland Security Advisory Council
will hold a meeting, part of which will be closed to the public. The open
portion will be held from 9:30 - 11:15 AM. See,
notice in the Federal Register, September 8, 2004, Vol. 69, No. 173, at Pages
54299 - 54300. Location: U.S. Coast Guard Headquarters, 2100 Second Street, SW.
12:00 NOON - 1:30 PM. The DC
Bar Association's Law Practice Management Section will host a presentation titled
"50 Hot Technology Tips And Web Sites: What Lawyers Should Know". The
speaker will be Reid Trautz (DC Bar Lawyer Practice Assistance Program). See,
Prices vary from $15 to $25. For more information, call 202 626-3463. Location: D.C. Bar
Conference Center, B-1 Level, 1250 H Street, NW.
12:15 PM. The Federal Communications Bar
Association's (FCBA) Young Lawyers Committee will host a brown bag lunch. The
topic will be "Universal Service Fund: A Primer". The speakers will
be Paul Garnett (CTIA), Tina Pidgeon
(GCI), Dan Mitchell
(NTCA), Tom Buckley (FCC), and Eric Einhorn
(SBC). For more information, contact Jason Friedrich at
email@example.com or Pam
Slipakoff at Pam.Slipakoff@fcc.gov.
Location: Drinker Biddle & Reath,1500 K Street
NW, 11th floor.
1:30 - 3:30 PM. The World Radiocommunication
Conference (WRC-07) Advisory Committee's
Informal Working Group 2:
Satellite Services and HAPS will meet. See,
notice [PDF] Location: Leventhal Senter &
Lerman, 2000 K Street, NW, 7th Floor.
|Notice of Change of E-Mail
The e-mail address for Tech Law Journal has changed. The new address is
All previous e-mail addresses no longer operate. This new address is
published as a graphic to avoid e-mail address harvesting, and the associated
spam messages and malicious code messages. If your e-mail system does not
display graphics, see notice in TLJ website.
|About Tech Law Journal
Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
P.O. Box 4851, Washington DC, 20008.
Copyright 1998 - 2004 David Carney, dba Tech Law Journal. All