Tech Law Journal Daily E-Mail Alert
September 15, 2004, 9:00 AM ET, Alert No. 977.
Home Page | Calendar | Subscribe | Back Issues | Reference
Representatives Introduce Bill to Increase Authority of DHS's Top Cyber Security Officer

9/13. Rep. Mac Thornberry (R-TX) and Rep. Zoe Lofgren (D-CA) introduced HR 5068, the "Department of Homeland Security Cybersecurity Enhancement Act of 2004". It would increase the rank and responsibilities of the top cybersecurity officer in the Department of Homeland Security (DHS). It would also define "cybersecurity" to include protection of "wire communication".

This bill would amend the Homeland Security Act of 2002 (HSA), which is codified at 6 U.S.C. § 121 et seq. This bill was HR 5005 in the 107th Congress. It is now Public Law No. 107-296.

Title II of the HSA creates a Directorate for Information Analysis and Infrastructure Protection, headed by an Under Secretary. This directorate has primary responsibility for information sharing and cyber security matters. Title II also creates the positions of Assistant Secretary for Infrastructure Protection and Assistant Secretary for Information Analysis. See, Section 201(b) of the HSA.

Amit YoranCurrently, the top cybersecurity officer at the DHS is Amit Yoran. On November 15, 2003, Yoran (at right) was named Director of the National Cyber Security Division (NCSD) of the Information Analysis and Infrastructure Protection Directorate (IAIP) at the DHS. See, story titled "Amit Yoran Named Head of Cyber Security Division" in TLJ Daily E-Mail Alert No. 740, September 16, 2003.

This places him several levels below the Secretary in the DHS hierarchy. Yoran works for Bob Liscouski, the Assistant Secretary for Infrastructure Protection in the IAIP. Liscouski works for Frank Libutti, the Under Secretary for Information Analysis and Infrastructure Protection. Libutti works for Tom Ridge, the Secretary of Homeland Security.

Neither Ridge nor Libutti have backgrounds in technology. Ridge is a politician -- a former two term Governor of Pennsylvania, and a former Congressman from Pennsylvania. Libutti is an ex-Marine General. Only Liscouski has a background in technology.

Some technology companies, and groups that represent them in Washington DC, have argued that the top cybersecurity officer at the DHS should hold a higher rank and more authority.

In addition, on January 16, 2004, the Democrats on the House Homeland Security Committee released a report [18 pages in PDF] titled "America At Risk: The State of Homeland Security: Initial Findings". It criticized the Bush administration for not making Yoran's position more important. The report states that "The top cybersecurity position in the government is now the Director of the National Cyber Security Division, buried deep within DHS. There is no longer a Presidential advisor or senior official with the authority to direct all the agencies responsible for cybersecurity should a cyber-crisis occur."

Rep. Zoe LofgrenRep. Lofgren (at left) stated in a release that "During the past year and a half, the subcommittee has heard from numerous experts about the need to address the increasing threats and vulnerabilities facing our nation's computer networks and systems. Our legislation will strengthen the Department's cybersecurity efforts and make sure the appropriate person within DHS has the authority and direction to get the job done."

Rep. Thornberry is chairman of the House Homeland Security Committee's Subcommittee on Cybersecurity, Science, and Research and Development. Rep. Lofgren is the ranking Democrat on this Subcommittee.

This bill would amend the HSA to create a new position of Assistant Secretary for Cybersecurity. It would also provide a definition of the term "cybersecurity".

The bill defines cybersecurity broadly, to encompass not only computers and computer networks, but also communications, including "wire communication".

The bill provides that "cybersecurity" means "the prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation."

It also provides that "wire communications" has the same meaning as in 18 U.S.C. § 2510. This section provides that ''wire communication'' means "any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station) furnished or operated by any person engaged in providing or operating such facilities for the transmission of interstate or foreign communications or communications affecting interstate or foreign commerce". (Parentheses in original.)

This would appear to give the new Assistant Secretary for Cybersecurity, and the DHS, authority regarding the security of telecommunications. Individuals associated with the Federal Communications Commission (FCC), the Network Reliability and Interoperability Council (NRIC), the House Commerce Committee (HCC), and telecommunications carriers might take note of this definition of cybersecurity.

The bill would increase the rank of the top cybersecurity officer at the DHS, and define and expand the responsibilities of this officer. However, this increase in position would come at the expense of other government officers and offices. There is nothing in the bill that would increase governmental authority over the private sector.

This bill has been referred to the House Homeland Security Committee.

Representatives Introduce Homeland Security Science and Tech Bill

9/13. Rep. Mac Thornberry (R-TX), Rep. Zoe Lofgren (D-CA) and others introduced HR 5069 [18 pages in PDF], the "Department of Homeland Security Science and Technology Enhancement Act of 2004".

This is a wide ranging bill concerning science and technology programs relating to homeland security, including cybersecurity.

Rep. Lofgren stated that "I believe the Department must invest more time, more money and more energy to R&D. Our legislation will help the Department develop the cutting-edge technologies needed to win the war on terror."

Cybersecurity Grants. HR 5069 would create a cybersecurity grant program at the DHS, to be run by the Assistant Secretary for Cybersecurity (a position to be created by the related bill, HR 5068), in conjunction with the National Science Foundation.

The grants would be limited to "institutions of higher education (and consortia thereof)". (Parentheses in original.)

The purposes of the grants would be "(1) the establishment or expansion of cybersecurity professional development programs; (2) the establishment or expansion of associate degree programs in cybersecurity; and (3) the purchase of equipment to provide training in cybersecurity for either professional development programs or degree programs."

It would authorize the appropriation of $3,700,000 for FY 2005 for this grant program.

Interoperabilty of Public Safety Communications. The bill would require that the DHS "establish a program to enhance public safety interoperable communications at all levels of government." It would also allow the creation of an Office of Public Safety Interoperable Communications at the DHS.

Rep. Mac ThornberryRep. Thornberry (at right) stated in a release that the Department of Homeland Security's (DHS) "Science and Technology Directorate is making progress, but we want to help the Department focus on working with the private sector and to establish a formal program to improve the interoperability of public safety communications,"

Technology Development and Transfer Program. The bill would also create a technology development and transfer program at the DHS.

Specifically, it would amend Section 313 of the Homeland Security Act of 2002, which is codified at 6 U.S.C. § 193. Section 313 provides that the DHS "shall establish and promote a program to encourage technological innovation in facilitating the mission of the Department". It currently enumerates five components of this program.

HR 5059 would add a sixth -- "The establishment of a homeland security technology and equipment transfer program to facilitate the identification, modification, and commercialization of technology and equipment for use by Federal, State, and local governmental agencies, emergency response providers, and the private sector."

Special Access Programs. Section 302 of the Homeland Security Act of 2002, which is codified at 6 U.S.C. § 182, provides the responsibilities and authorities of the Under Secretary for Science and Technology at the DHS.

HR 5069 would provide that "For the purposes of carrying out the responsibilities of the Secretary under section 302", the Secretary of Homeland Security is authorized "to establish and maintain special access programs associated with research, development, test and evaluation, and acquisition of technology or systems." The bill adds that "Access to knowledge of such programs shall be strictly limited, and such programs shall be subject to restricted reporting requirements ..."

The bill also contains provisions relating to geospatial information and technologies, joint development of counter-terrorism technologies with other governments, assessment of homeland security science and technology, and the Homeland Security Science and Technology Advisory Committee.

This bill was referred to the House Science Committee.

House Committee Holds Hearing on Cyber and Other Threats to Financial Infrastructure

9/8. The House Financial Services Committee (HFSC) held a hearing titled "Protecting our Financial Infrastructure: Preparation and Vigilance".

Wayne Abernathy of the Department of the Treasury wrote in his prepared testimony [6 pages in PDF] that "Our nation's financial institutions are under assault virtually every day. Most of these assaults are in the nature of electronic or cyber attacks, such as computer viruses, Trojans, worms, and various forms of financial fraud, including phishing and spoofing. These assaults have progressed from computer hackers and pranksters, into theft, and now we believe on to schemes to disrupt the operations of our financial systems. Some of these attacks have their sources in organized crime. We believe that, increasingly, still more sinister actors are involved. I do not say this to be alarmist but rather to make the point that our financial institutions have for some time now been operating in a dangerous environment and are becoming increasingly adept at doing so successfully."

See also, prepared testimony [7 pages in PDF] of Robert Liscouski (Department of Homeland Security) which addresses, among other topics, the "trustworthiness of cyber systems and the software which drives the financial services and other critical infrastructures of our nation", and prepared testimony of Mark Olson (Federal Reserve) which addresses the efforts of the Federal Reserve and others to strengthen the resilience of the communications networks and information technology operations that support the financial system to terrorist attacks, power outages and cyber attacks.

See also, HFSC web pages with hyperlinks to opening statements of members and prepared testimony of witnesses.

DOT Dismisses Privacy Related Complaint Against Northwest Airlines

9/10. The Department of Transportation (DOT) issued its Order Dismissing Complaint [18 page PDF scan] in its proceeding on the third party complaint [11 pages PDF] submitted by the Electronic Privacy Information Center (EPIC).

On January 20, 2004, the EPIC, a Washington DC based interest group, submitted its complaint asserting that Northwest Airlines' (NWA) transfer of a sample of its passenger name record (PNR) data to the National Aeronautics and Space Administration (NASA) violated Northwest's privacy policy, and that this, in turn, constituted an unfair and deceptive trade practice in violation of 49 U.S.C. § 41712. See, story titled "EPIC Complains to DOT About Transfer of Airline Passenger Data to NASA" in TLJ Daily E-Mail Alert No. 820, January 21, 2004.

Section 41712 provides that "On the initiative of the Secretary of Transportation or the complaint of an air carrier, foreign air carrier, or ticket agent, and if the Secretary considers it is in the public interest, the Secretary may investigate and decide whether an air carrier, foreign air carrier, or ticket agent has been or is engaged in an unfair or deceptive practice or an unfair method of competition in air transportation or the sale of air transportation. If the Secretary, after notice and an opportunity for a hearing, finds that an air carrier, foreign air carrier, or ticket agent is engaged in an unfair or deceptive practice or unfair method of competition, the Secretary shall order the air carrier, foreign air carrier, or ticket agent to stop the practice or method."

This was a case of first impression for the DOT. It ruled against the EPIC on several different grounds.

The DOT concluded that "Northwest's privacy policy did not unambiguously preclude it from sharing data with the federal government; that, even if it did, such a promise would be unenforceable as against public policy, as Northwest is required by law to make such records available to the Department and to other agencies ``upon demand´´; and that, in this case, the record contains no evidence of actual or likely harm to those passengers who provided Northwest with the data that it shared."

The DOT emphasized the security needs of the airline industry following the terrorist attacks of September 11, 2001, and Northwest's motive of assisting the government's effort to increase security.

However, the language of this order suggests that the outcome might be different if an airline were to share electronic passenger data with a commercial database company for use unrelated to airline security.

The DOT wrote that "Northwest's release of a small portion of its PNR data to a data analysis laboratory at NASA is far removed from the perceived scourges of the digital age. The risks of identity theft, in the extreme case, or of unsolicited commercial contact or profiling, appear to have been exceedingly remote in this case. Northwest's passenger data scarcely could have been safer if kept within Northwest's own file servers."

Upcoming Agency Workshops

On Thursday, October 7, 2004, the Federal Communications Commission (FCC) will host an event titled "Radio Frequency Identification Workshop". See, notice [PDF]. For more information, contact Bill Lane at or 202-418-0676.

On Tuesday, November 9 and Wednesday, November 10, 2004, the Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST) will host an event titled "Email Authentication Summit". The FTC's interest in this issue is dealing with spam and fraudulent e-mail. The Simple Mail Transfer Protocol (SMTP) for the email system allows information to travel freely with relative anonymity and ease, thereby making bulk unsolicited distribution, and fraud, relatively easy. The purpose of this summit is to encourage the development, testing, evaluation and implementation of domain level authentication systems. Written comments are due by September 30, 2004. Written requests to participate are due by September 30, 2004. See, notice in the Federal Register, September 15, 2004, Vol. 69, No. 178, at Pages 55632 - 55636.

Washington Tech Calendar
New items are highlighted in red.
Wednesday, September 15

The House will meet at 10:00 AM for legislative business. See, Republican Whip Notice.

The Senate will meet at 9:45 AM. It will begin consideration of the military construction appropriations bill for FY 2005.

10:00 AM. The U.S. District Court (DC) will hold an initial conference in Electronic Privacy Information Center (EPIC) v. Department of Defense, D.C. No. 1:2004-cv-01219-CKK, a Freedom of Information Act (FOIA) case. Judge Colleen Kotelly will preside. See, story titled "EPIC Files FOIA Complaint Against DOD Seeking Records Regarding Data Mining Project" in TLJ Daily E-Mail Alert No. 945, July 26, 2004. Location: Courtroom 11, Prettyman Courthouse, 333 Constitution Ave., NW.

10:30 AM. The Senate Appropriations Committee will meet to mark up several appropriations bills, including that for Departments of Commerce, Justice, and State, the Judiciary, and related agencies for FY 2005. Location: Room 216, Hart Building.

12:15 PM. The Federal Communications Bar Association's (FCBA) Cable Practice Committee will host a brown bag lunch. The topics will be the FCC's Fall agenda and potential subjects for future meetings. The speakers will be Catherine Bohigian (Legal Advisor on Media Issues for FCC Commissioner Kevin Martin), Frank Lloyd (Mintz Levin), an To-Quyen Truong (Dow Lohnes & Albertson). RSVP to To-Quyen Truong at Location: Dow Lohnes & Albertson, 1200 New Hampshire Ave., NW, 8th floor.

The Federal Communications Commission (FCC) will conduct Auction No. 57, an auction of licenses in the Automated Maritime Telecommunications System (AMTS) spectrum. See, notice in the Federal Register, June 25, 2004, Vol. 69, No. 122, at Pages 35614 - 35626.

Deadline to submit written comments to the Office of the U.S. Trade Representative (USTR) regarding the USTR's annual report to the Congress on the Peoples Republic of China's compliance with the commitments that it made in connection with its accession to the World Trade Organization (WTO). See, notice in the Federal Register, July 29, 2004, Vol. 69, No. 145, at Pages 45369 - 45370.

EXTENDED TO OCTOBER 15. Deadline to submit comments to the Federal Communications Commission (FCC) in response to its Notice of Inquiry (NOI) [15 pages in PDF] regarding "issues relating to the presentation of violent programming on television and its impact on children." This NOI is FCC 04-175 in MB Docket No. 04-261. See, story titled "FCC Issues NOI on Violent TV Programming" in TLJ Daily E-Mail Alert No. 950, August 2, 2004. See also, notice in the Federal Register, August 12, 2004, Vol. 69, No. 155, at Pages 49899 - 49904. See, Order [PDF] extending the deadlines.

Thursday, September 16

Rosh Hashanah.

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Polygram Hold Inc v. FTC, No. 03-1293. The Federal Trade Commission (FTC) filed its administrative complaint against Polygram and others on July 30, 2001 alleging unfair methods of competition in violation of Section 5 of the FTC Act by agreeing with competitor Warner Communications to restrict price competition and forgo advertising, in connection with the sale of audio and video recordings titled "Three Tenors". The FTC issued its order [8 pages in PDF] and the opinion [61 pages in PDF] of Chairman Timothy Muris on July 24, 2003, finding that the agreement between PolyGram and Warner unreasonably restrained trade and constitutes an unfair method of competition. Judges Ginsburg, Edwards and Rogers will preside. Prettyman Courthouse, 333 Constitution Ave., NW.

10:30 AM. Dane Snowden, Chief of the Federal Communications Commission's (FCC) Consumer & Governmental Affairs Bureau, will hold a press briefing. RSVP to Rosemary Kimball at 202 418-0511 or Location: FCC, 445 12th St., SW, Hearing Room B/Conference Room, TW A-402/A-442.

Deadline for the President to submit a report to the Congress on the establishment and operation of the Terrorist Screening Center, established on September 16, 2003, by Homeland Security Presidential Directive/Hspd-6. This report is required by Section 360 of HR 2417, the "Intelligence Authorization Act for Fiscal Year 2004". See, story titled "Bush Signs Intelligence Authorization Bill" in TLJ Daily E-Mail Alert No. 799, December 15, 2003.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to its notice of proposed rulemaking (NPRM) regarding Amateur Radio Service rules. The FCC adopted this NPRM on March 31, 2004, and released it on April 15, 2004. This NPRM is FCC 04-79 in WT Docket No. 04-140. See, notice in the Federal Register, August 17, 2004, Vol. 69, No. 158, at Pages 51028 - 51034.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to the Wireline Competition Bureau's (WCB) public notice inviting interested parties to update the record pertaining to petitions for reconsideration of the 1997 Price Cap Review Order. This is in CC Docket Nos. 94-1 and 96-262. See, notice [PDF].

Friday, September 17

11:00 AM. Jessica Litman (Wayne State University Law School) will present a paper titled "Sharing and Stealing" [47 pages in PDF] at an event hosted by the Dean Dinwoodey Center for Intellectual Property Studies at the George Washington University Law School (GWULS). For more information, contact Robert Brauneis at 202 994-6138 or The event is free and open to the public. See, notice. Location: GWULS, Faculty Conference Center, Burns Building, 5th Floor, 716 20th Street, NW.

Extended deadline to submit nominations to the U.S. Patent and Trademark Office (USPTO) for positions on the Patent Public Advisory Committee (PPAC) and the Trademark Public Advisory Committee (TPAC) with terms that begin November 27, 2004. See, original notice in the Federal Register, August 2, 2004, Vol. 69, No. 147, at Pages 46136 - 46137, and notice of extension in the Federal Register, September 3, 2004, Vol. 69, No. 171, at Page 53895.

Monday, September 20

12:30 PM. Secretary of the Treasury John Snow will give a luncheon speech. Location: National Press Club, 529 14th St. NW, 13th Floor.

Deadline to submit comments to the Federal Communications Commission (FCC) in response to it Public Notice [PDF] requesting interested parties to provide comments on filings by AT&T and TracFone Wireless regarding eligible telecommunications carrier (ETC) designations and the Lifeline and Link-Up universal service support mechanism. This is CC Docket No. 96-45 and WC Docket No. 03-109.

Tuesday, September 21

1:00 - 4:00 PM. The Department of Commerce's (DOC) Technology Administration (TA) will host a roundtable titled "Technology Recycling: Achieving Consensus for Stakeholders: Roundtable on Electronics Recycling". See, notice. Location: DOC, Auditorium, 1401 Constitution Avenue, NW.

Wednesday, September 22

9:30 AM. The Department of Homeland Security's (DHS) Homeland Security Advisory Council will hold a meeting, part of which will be closed to the public. The open portion will be held from 9:30 - 11:15 AM. See, notice in the Federal Register, September 8, 2004, Vol. 69, No. 173, at Pages 54299 - 54300. Location: U.S. Coast Guard Headquarters, 2100 Second Street, SW.

12:00 NOON - 1:30 PM. The DC Bar Association's Law Practice Management Section will host a presentation titled "50 Hot Technology Tips And Web Sites: What Lawyers Should Know". The speaker will be Reid Trautz (DC Bar Lawyer Practice Assistance Program). See, notice. Prices vary from $15 to $25. For more information, call 202 626-3463. Location: D.C. Bar Conference Center, B-1 Level, 1250 H Street, NW.

12:15 PM. The Federal Communications Bar Association's (FCBA) Young Lawyers Committee will host a brown bag lunch. The topic will be "Universal Service Fund: A Primer". The speakers will be Paul Garnett (CTIA), Tina Pidgeon (GCI), Dan Mitchell (NTCA), Tom Buckley (FCC), and Eric Einhorn (SBC). For more information, contact Jason Friedrich at or Pam Slipakoff at Location: Drinker Biddle & Reath,1500 K Street NW, 11th floor.

1:30 - 3:30 PM. The World Radiocommunication Conference (WRC-07) Advisory Committee's Informal Working Group 2: Satellite Services and HAPS will meet. See, notice [PDF] Location: Leventhal Senter & Lerman, 2000 K Street, NW, 7th Floor.

Notice of Change of E-Mail Address

The e-mail address for Tech Law Journal has changed. The new address is as follows:

Address Graphic

All previous e-mail addresses no longer operate. This new address is published as a graphic to avoid e-mail address harvesting, and the associated spam messages and malicious code messages. If your e-mail system does not display graphics, see notice in TLJ website.

About Tech Law Journal

Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998 - 2004 David Carney, dba Tech Law Journal. All rights reserved.