TLJ News from January 11-15, 2012

Obama Administration Officials Criticize DNS Filtering Provisions of SOPA and PROTECT IP Act

1/14. The Executive Office of the President (EOP) released a statement regarding pending bills directed at foreign web sites dedicated to infringing activity. It criticizes the DNS blocking provisions of the SOPA and PROTECT IP Act.

The statement is attributed to Victoria Espinel (Intellectual Property Enforcement Coordinator), Aneesh Chopra (Chief Technology Officer in the Office of Management and Budget), and Howard Schmidt (Special Assistant to the President and Cybersecurity Coordinator for National Security Staff).

It states that "We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security."

It continues that "Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk."

The bills at issue are S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act", and HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA", which is currently under consideration by the House Judiciary Committee (HJC). See also, HR 3261 as amended in the first phase of the mark up by the HCC.

For an explanation of the possible dangers inherent in DNS blocking, see story titled "Summary of the Argument that DNS Blocking May Decrease Cyber Security" in TLJ Daily E-Mail Alert No. 2,325, January 12, 2012.

The statement also addresses in broad strokes the subjects of censorship and innovation. "Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small. Across the globe, the openness of the Internet is increasingly central to innovation in business, government, and society and it must be protected. To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity."

The statement adds that "Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing."

The statement encourages "all sides to work together to pass sound legislation this year that provides prosecutors and rights holders new legal tools to combat online piracy originating beyond U.S. borders".

It also encourages "all private parties, including both content creators and Internet platform providers working together, to adopt voluntary measures and best practices to reduce online piracy.

It concludes that "we will continue to work with Congress on a bipartisan basis on legislation that provides new tools needed in the global fight against piracy and counterfeiting, while vigorously defending an open Internet based on the values of free expression, privacy, security and innovation".

Sherwin Siy
Sherwin Siy
Copyright PK

Sherwin Siy of the Public Knowledge (PK) stated in a release that "This is a fantastic sign". He wrote that it "affirms the message that legislation tampering with the DNS poses real risks to the security and stability of the Internet. It also recognizes that, regardless of intent, copyright legislation can affect free speech, and that it's therefore important for copyright enforcement laws to be narrowly tailored and provide due process."

Siy continued that "The White House also noted that laws can give private parties far too much litigation power -- power that can sue startup companies out of existence and stifle innovation. This is critically important, but then the statement makes a reference that could undermine this point. It notes that content producers and intermediaries should both have voluntary best practices measures. That's a perfectly legitimate stand-alone proposition, but only if it isn't taken to mean the sort of "voluntary measures" that are crafted to create legal pressures for intermediaries to fold under pressure from potential plaintiffs.

In contrast, the Information Technology and Innovation Foundation (ITIF) stated in a release that "many of the critics who tout the benefits of Secure DNS have not yet implemented it because of the many barriers that  stand in the way of its successful operation on today's Internet. With or without Protect IP and SOPA, Secure DNS is little more than a "paper tiger" at present, albeit a very desirable one."

The ITIF added that "We remain confident that the technical measures proposed by Protect IP and SOPA do not threaten cybersecurity, and we believe that careful analysis will show this."

Obama Hypes Proposal to Consolidate Some Trade Related Agencies

1/13. The White House news office stated in a vaguely worded release that states that President Obama wants to consolidate the "Department of Commerce's core business and trade functions, the Small Business Administration, the Office of the U.S. Trade Representative, the Export-Import Bank, the Overseas Private Investment Corporation, and the U.S. Trade and Development Agency".

The White House news office also released a second vaguely worded release that states that "there will be one Department where entrepreneurs can go from the day they come up with an idea and need a patent, to the day they start building a product and need a warehouse, to the day they are ready to export and need help breaking into new markets overseas". It adds that this Department would have one mission -- "helping American businesses succeed".

This announcement bears many attributes of a statement intended for public consumption, made for the purpose of swaying public opinion during a presidential election year, and touted without any realistic expectation of implementation.

Neither release names the Department of Commerce's (DOC) "core business and trade functions". Neither release references either the DOC's National Telecommunications and Information Administration (NTIA), or its responsibilities with respect to the Internet Corporation for Assigned Names and Numbers (ICANN) and internet governance. Nor does either reference the DOC's Bureau of Industry and Security (BIS), which regulates exports.

President Obama did not include within his consolidation proposal numerous other trade related agencies in the federal government. For example, he did not include any of the trade related functions of the Department of State (DOS). Nor did he include the U.S. International Trade Commission (USITC). Nor did he include units of the Department of the Treasury (DOT) involved in regulating trade in financial services and foreign investment, such as the DOT's Financial Crimes Enforcement Network (FinCEN) and the DOT's Committee on Foreign Investment in the US (CFIUS). Nor did he include the functions of the Federal Communications Commission (FCC) related to international telecommunications. Nor did he include the Department of Agriculture's (DOA) Foreign Agricultural Service (FAS).

President Obama spoke about government reform in his January 2011 state of the union speech. His next state of the union speech will be on January 24. The present announcement may have been made without an expectation that government agencies will actually be combined, but rather to substantiate statements in the forthcoming speech that progress is being made on government reform.

Reorganizing government agencies is an immensely difficult task. Major reorganizations usually occur after major crises. For example, the Department of Homeland Security (DHS) was created out of many existing units of other departments after the terrorist attacks of September 11, 2011. The event that precipitated President Obama's government reform proposals was the Republican gains in the 2010 Congressional elections.

Reorganizing government requires the approval of the Congress. Yet, President Obama did not consult with numerous key members of Congress before announcing this proposal. Requisite Congressional support is absent.

One of the stated purposes of this proposal is to promote trade. Yet, to date President Obama has assigned trade promotion a lower priority than other recent Presidents, Republican and Democratic.

Finally, many affected interests, and members of Congress, may conclude that if the government were reorganized pursuant to this proposal, trade and the benefits that flow there from would not be greater than under the status quo.

The DOC is tasked with both promoting commerce and regulating commerce. Often, achieving one regulatory goal comes at the expense of the attaining the other goal, and vice versa. For example, the BIS is tasked with regulating exports. Its main tool is blocking the export of products, software, and technology. Its function is to reduce exports. This reduces revenues of US businesses, and overall employment in the US. In contrast, the International Trade Administration (ITA) has as its goal the promotion of non-agricultural exports and market access. And, it is not a particularly significant entity.

The Office of the U.S. Trade Representative (OUSTR), which is independent of the DOC, and has a trade promotion task, but no regulatory task, is more effective, and has accomplished much more, to promote trade, consumer welfare, and employment. The perception held by many in Congress is that were the OUSTR to be absorbed by the DOC, it would be reduced to the level of government efficiency and effectiveness of the DOC, an already a bloated and unwieldy bureaucracy plagued by inconsistent missions.

It should be noted too that some prior DOC Secretaries have sought, but failed to obtain, control of the OUSTR, in part, for these reasons.

Sen. Max Baucus (D-MT), the Chairman of the Senate Finance Committee (SFC), and Rep. Dave Camp (R-MI), the Chairman of the House Ways and Means Committee (HWMC), promptly criticized the proposal. These two committees have jurisdiction over trade issues.

They wrote in a joint statement that "we are concerned about the impact that the President's proposal could have on the ability of the United States to aggressively open new markets to American-made goods and services and create U.S. jobs".

Sen. Max BaucusSen. Baucus (at right) and Rep. Camp continued that the OUSTR "is nimble, lean and effective -- and time and again it delivers on its mission and creates jobs here at home. Taking USTR, one of the most efficient agencies that is a model of how government can and should work, and making it just another corner of a new bureaucratic behemoth would hurt American exports and hinder American job creation."

Similarly, Sen. Orrin Hatch (R-UT), the ranking Republican on the SFC, wrote in a release that "After three years in the White House presiding over the largest expansion of government in generations, the timing of this announcement and the failure to consult Congress raise questions about the President’s commitment to a real reorganization and reduction in the size of the federal government."

"What's disconcerting is that the President has again chosen not to work with Congress -- even after I specifically asked the Obama Administration to fully brief Congress if it chose to reorganize our trade agencies." Sen. Hatch concluded, "I ... will expect a full accounting by the Administration in short order".

Also, Sen. Charles Grassley (R-IA), another member of the SFC, responded in a release that "The enactment of trade agreements has been a hard slog with the President. Any reorganization that disrupts trade negotiations and expanded markets for U.S. businesses and farmers would cause me serious concern. Consolidation that doesn't hurt export opportunities might make sense. Congress will need to look at this proposal carefully. It's not surprising that the President is focusing on this area for consolidation. Trade is already a lower priority than it should be for this White House."

Rep. Upton Criticizes Genachowski's Spectrum Speech

1/13. Rep. Fred Upton (R-MI), Chairman of the House Commerce Committee (HCC), released a statement in which he criticized Federal Communications Commission (FCC) Chairman Julius Genachowski's January 11, 2012 speech in Las Vegas on pending legislation regarding incentive auctions and the D block.

See, stories titled "Genachowski Addresses Incentive Auctions and Unlicensed Spectrum", "Four Senators Advocate Use of Incentive Auction Process for Allocating Spectrum for Unlicensed Use", and "Commentary on FCC Spectrum Discretion" in TLJ Daily E-Mail Alert No. 2,326, January 13, 2012.

Rep. Fred UptonRep. Upton (at right) stated that "Bluster aside, it sounds like we have a federal agency more concerned about preserving its own power than offering serious improvements as we prepare to finalize this legislation. We worked with the FCC's auction experts to give the agency the legitimate flexibility it needs to design the mechanics of the auction."

He said that "It's time to stop the FCC from engaging in political mischief that will hurt competition and steal money from the taxpayer's coffers. Don't take our word for it -- look at the 2008 auction. The FCC imposed conditions on the C and D blocks that ultimately prevented the D-block from selling and pushed smaller carriers out of the auction. Taxpayers lost somewhere in the neighborhood of $5 billion, and spectrum remains sidelined."

The D Block is 10 megahertz of paired spectrum (758-763 MHz and 788-793 MHz). The FCC's failed plan was to auction the D Block in the 700 MHz auction (the FCC's Auction No. 73) as one nationwide license, subject to a Public/Private Partnership. The plan was for a commercial licensee to build a nationwide broadband interoperable network for use by public safety entities. This licensee would then have had preemptible secondary access to the spectrum. The FCC closed this auction on March 18, 2008. However, no bidder bid the reserve price for the D Block.

For more on the FCC's failed D Block auction, see:

Genachowski also argued in his January 11 speech that the FCC should be allowed to take spectrum recovered pursuant to incentive auction authority, and rather than auction it, make it available for unlicensed use. This would generate no auction revenues.

Rep. Upton responded that "time for the FCC and others to be honest about how taxpayers would be affected by their plans to give away valuable spectrum to favored constituencies. Our goal is to strike the right balance by keeping plenty of opportunity for unlicensed use without forcing taxpayers to forfeit any return on a resource that everyone agrees is worth billions."

AT&T Criticizes Genachowski's Spectrum Speech

1/13. Jim Cicconi, VP of AT&T for external and Congressional affairs, criticized Federal Communications Commission (FCC) Chairman Julius Genachowski's January 11, 2012 speech on pending legislation regarding incentive auctions and the D block.

James Cicconi

Cicconi (at right) wrote in a short piece that AT&T supports giving the FCC incentive auction authority. This is in both House and Senate legislative proposals.

He then wrote that "We are troubled, though, that the chairman and some of his staff are now saying that the FCC, and not the United States Congress, should have full power to impose conditions, and to decide which companies are allowed to participate in spectrum auctions and which should not."

He added that "anytime a regulatory agency seeks unfettered discretion, that is the best reason Congress should not give it to them."

“The entire principle behind spectrum auctions is to allow free and competitive markets to work, thus ensuring that valuable spectrum goes to the most economically viable uses. This also provides maximum return to the U.S. Treasury." Cicconi elaborated that "For the FCC to assert, in the name of 'fostering competition', that it should have final say on which companies can bid on spectrum is for them to engage in picking winners and losers. That is not the job of the FCC."

He argued that "The FCC should be a neutral arbiter, ensuring fairness and impartially enforcing a system of rules and laws. It should not be empowered by Congress to advantage some companies and disadvantage others, or to impose its preferences on a free market."

He concluded, "We commend the Congress for advancing spectrum legislation in a way that helps the economy, maximizes revenue for the Treasury, and ensures that consumers -- not regulators -- decide who wins and loses in the competitive wireless market. It would be a disservice to the Nation if the FCC is so adamant about preserving and enhancing its own power that it would risk killing this crucial legislation."

The House Commerce Committee's (HCC) discussion draft [113 pages in PDF] is titled the "Jumpstarting Opportunity with Broadband Spectrum Act of 2011" or "JOBS Act of 2011". See also, story titled "House Communications Subcommittee Approves Spectrum Bill" in TLJ Daily E-Mail Alert No. 2,317, December 1, 2011, for summaries of, and hyperlinks to, amendments approved on December 1, 2011.

The Senate bill is S 911 [LOC | WW], the "Strengthening Public-safety and Enhancing Communications Through Reform, Utilization, and Modernization Act" or "SPECTRUM Act". The Senate bill was marked up by the Senate Commerce Committee (SCC) on June 8, 2011. However, the Library of Congress has not yet published a copy of the bill as amended.

Senate Republicans Ask for Delay of Consideration of PROTECT IP Act

1/13. Six Republican Senators on the Senate Judiciary Committee (SJC) sent a letter [2 pages in PDF] to Senate leaders the Chairman of the SJC, the full Senate should not yet take up S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011", "PROTECT IP Act", or "PIPA". The Senate is currently scheduled to begin consideration next week.

The six are Sen. Charles Grassley (R-IA), Sen. Orrin Hatch (R-UT), Sen. Jeff Sessions (R-AL), Sen. John Cornyn (R-TX), Sen. Mike Lee (R-UT), and Sen. Tom Coburn (R-OK).

The six sent their letter to Sen. Harry Reid (D-V), the Senate Majority Leader, Sen. Mitch McConnell (R-KY), the Senate Minority Leader, and Sen. Patrick Leahy (D-VT), the Chairman of the SJC, and sponsor of the PROTECT IP Act.

They wrote that "for both substantive and procedural reasons, the process at this point is moving too quickly".

They explained that prior to the SJC mark up on May 26, 2011, "some members expressed substantive concerns about the bill, and there was a commitment to resolve them prior to floor consideration. That resolution has not yet occurred."

They continued that there are concerns about "breaches in cybersecurity, damaging the integrity of the Internet, costly and burdensome litigation, and dilution of First Amendment rights". Moreover, the cyber security concerns warrant "hearing from the Administration and relevant agencies".

They also wrote that "It is important that the bill be fully debated and amendments not limited. We would like a firm commitment that once the Senate considers S. 968, the amendment process will be open".

Sen. Ron Wyden (D-OR) also released a statement. He wrote that "PIPA and SOPA would inflict severe harm to the Internet and undermine our national interest. The 11th-hour changes that the sponsors of the bills are proposing, and the letter of concern sent by Senator Grassley and others, are proof that both bills require further discussion and study before being considered by the House or the Senate."

He added that "The DNS provisions in PIPA and SOPA are clearly unacceptable, but they are far from the only problems with the legislation. I agree with Senator Grassley and other senators that more time is needed to determine the best course of action that will narrowly target truly ``rogue´´ foreign websites without undermining speech and innovation."

People and Appointments

1/13. The U.S. Patent and Trademark Office (USPTO) published a notice in the Federal Register that solicits nominations for the National Medal of Technology and Innovation (NMTI). The deadline to submit nominations is March 31, 2012. See, Federal Register, Vol. 77, No. 9 Friday, January 13, 2012, at Pages 2047-2048. For more information about this program, see stories titled "Bush Awards National Medals of Technology and Science", "House Democrats Promote Their Innovation Agenda", and "Commentary: National Medal of Technology Program" in TLJ Daily E-Mail Alert No. 1,312, February 17, 2006.

1/13. President Obama named Ed Pagano Deputy Assistant to the President and Senate Liaison. He begins next week. He has worked for Sen. Patrick Leahy (D-VT) since 1993. He is now Sen. Leahy's Chief of Staff. Sen. Leahy stated in a release that "Pagano has advised Leahy on the recently enacted Leahy-Smith America Invents Act" and "on the hearings and confirmations of Supreme Court Justices Sonia Sotomayor and Elena Kagan." Before that, he was Sen. Leahy's Senior Counsel for the Senate Judiciary Committee (DJC). Sen. Leahy stated that Pagano worked on "the USA PATRIOT Act, anti-crime and victims' assistance programs, Leahy's Bulletproof Vest Partnership Act, and the September 11 Victim Compensation Fund. He headed Leahy's work in drafting the charter for the nation’s first-responder grant program, which Leahy included in the USA PATRIOT Act."

House Commerce Committee Democrats Seek Hearing on Carrier IQ Software

1/12. Rep. Henry Waxman (D-CA), Rep. Diana DeGette (D-CO), and Rep. GK Butterfield (D-NC) sent a letter to their Republican counterparts on the House Commerce Committee (HCC) requesting that the HCC "hold a hearing as expeditiously as possible to explore the answers to questions raised by recent reports about Carrier IQ and data collection, analysis, and transmission in the mobile device market".

For more detail on this issue, see related story in this issue titled "Carrier IQ, Telcos and Phone Makers Respond to Sen. Franken's Questions".

On January 12, 2012 the HCC announced several hearings to be held by the HCC or its Subcommittees in February. However, none pertain to this issue, or any other information or communications technology related issues.

The three wrote that "Carrier IQ software is designed to help mobile device manufacturers and wireless carriers track the performance of their phones and networks. It is present on millions of phones on Sprint, T-Mobile, AT&T, and other networks. Although consumers know little if anything about this software, it could represent a significant threat to privacy."

"Carrier lQ has confirmed some important information about its software: that it can collect information such as calls made and received, a phone's physical location, the URLs of websites searched by a device use r, and in some cases, internet search queries, and that it can transmit this information back to network providers."

They also enumerated that questions that should be addressed by the HCC: "What are the data collection, analysis, and transmission capabilities of Carrier IQ and similar software, and what privacy protections are built into the software? Were Android phones sold with security flaws that could have exacerbated privacy concerns related to Carrier IQ and other software and, if so, have these flaws been addressed? Are carriers and device manufacturers providing sufficient disclosure to consumers about this data collection, analysis, and transmission? Do these practices create privacy and security risks for consumers and, if so, how are carriers and manufact1lrers addressing them? How much control do mobile device users have over this data collection, analysis, and transmission and should that control be expanded?"

The three Democrats sent their letter to their Republican counterparts, Rep. Fred Upton (R-MI), Chairman of the HCC, Rep. Cliff Stearns (R-FL), the Chairman of the HCC's Subcommittee on Oversight and Investigations, and Rep. Mary Mack (R-CA), Chairman of the Subcommittee on Commerce, Manufacturing and Trade.

Carrier IQ, Telcos and Phone Makers Respond to Sen. Franken's Questions

1/12. Sen. Al Franken's (D-MN) sent letters to Carrier IQ, wireless service providers, and phone makers. Companies sent responses in December. These letters provide many details regarding the data collection properties of Carrier IQ software, how phone makers and service providers install and use the software, and what might be the implications for consumers' interests in privacy.

On November 30, 2011, Sen. Franken, Chairman of the Senate Judiciary Committee's (SJC) Subcommittee on Privacy Technology and the Law, sent a letter [PDF] to Carrier IQ, stating that its software, "pre-installed on smartphones ... is logging and may be transmitting extraordinarily sensitive information from consumers' phones, including ... the phone numbers they dial ... the contents of text messages they receive ... the URLs of the websites they visit ... the contents of online search queries ... and ... the location of the customer using the smartphone ..."

Sen. Al FrankenSen. Franken (at right) added that average users have no way to know about this, and "no reasonable means to remove or stop it".

He wrote that "These actions my violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act", also known as the ECPA and CFAA.

In particular, he focused on the wiretap provisions of the ECPA (codified at 18 U.S.C. § 2511 et seq.), the pen register provisions of the ECPA which address numbers dialed (codified at 18 U.S.C. § 3121 et seq.), and the Stored Communications Act provisions of the ECPA (codified at 18 U.S.C. § 2701 et seq.). The CFAA is codified at 18 U.S.C. § 1030.

He then propounded numerous interrogatories about what Carrier IQ's software does, how long it stores data, what data is shares and with whom, how data is protected from hackers, and whether Carrier IQ is violating federal law.

Sen. Franken also wrote letters to AT&T, Sprint, HTC, Samsung, HTC, T-Mobile USA, and Motorola.

Carrier IQ Response. Carrier IQ responded by letter [7 pages in PDF] dated December 14. It wrote that "Carrier IQ has built software that allows Network Operators to better understand how mobile devices interact with and perform on their networks. Today our technology is used by our customers in two specific ways: Network Management and Customer Care."

Also, it provides to its users -- carriers and phone makers -- "diagnostic data that help them identify how their networks, and devices on those networks, are performing" and data "to assist individual users who are experiencing problems with their device or with the network".

Carrier IQ stated that its software does enable the software's users to collect location data. But, it asserted that "our software is not used to track the location of consumers".

Also, the software collects "the phone numbers dialed and received". But again, Carrier IQ asserted that its users used its software for "diagnosing and maintaining" their networks.

Also, Carrier IQ disclosed that there is "an unintended bug" that results in the collection of content of text messages. Carrier IQ added that it is working on changes to the software to "ensure that this information is no longer captured".

Carrier IQ added that its software does not collect the "content of emails", or the "details from users' address books". Nor is the software a keystroke logger.

Also, the software can be used for "collection of URLs", that is, web sites visited by the customer using the smartphone.

Also, the Software can be used to collect  search queries "To the extent that such queries may be passed in the URL string.

Carrier IQ letter does not elaborate that search engines such as Google operate in this manner. That is, when one uses a web browser and enters search terms into Google's search box, the browser sends a URL that consists of plus a text string that includes the search terms. In other words, Carrier IQ's software enables widespread collection of individuals' search queries.

Carrier IQ added that when all of the data collected by the software is transmitted from individuals' phones to the carriers or phone makers, the phone user does not get billed. Also, Carrier IQ wrote that for one of its carrier customers the data is transmitted from individuals' phones to the carrier. For other customers, the data is transmitted to Carrier IQ. It wrote that "Carrier IQ hosts data for its customers in Carrier IQ's data center", but that Carrier IQ "does not have any rights to the data" and "does not transmit the data to any third parties"

Carrier IQ also wrote about data retention. "Typical minimum retention periods for Carrier IQ's customers are 30 days, although data may be retained beyond date. Carrier IQ is continuing to investigate how long data has been stored for each customer. Due to pending litigation, Carrier IQ is taking efforts to preserve all data currently in its data center."

Carrier IQ wrote that there has been no law enforcement access. "To date, Carrier IQ has not received legal process to provide end user data to any federal or state agency, and Carrier IQ has not provided such data. Should such requests be made, Carrier IQ would comply with its legal obligations, and would direct such requests to its customers, which have the legal rights to the data."

Finally, Carrier IQ wrote that is is not violating federal law.

Sprint Response. Sprint stated in its December 14 letter "there are approximately 26 million active devices have the Carrier IQ software installed", but "At any one time, only 1.3 million devices may be tasked to collect and report data".

Sprint wrote that this is "diagnostic software" and the data collected does not go beyond "technical diagnostics information".

Sprint made the point that, separately from Carrier IQ software, it knows, because it operates the wireless network, the URLs of web sites that its customers visit, the numbers they call or send a text message, and in which cell site they are located.

It then stated that Carrier IQ software enables it to receive location information and the URLs of web sites visited by its customers, but that it does not use this software to obtain customers' numbers dialed, numbers from which customers receive calls, the contents of text messages sent or received, the contents of emails sent or received, the contents of search queries, the contents of address books, or keystroke data.

Sprint also stated that it does not share Carrier IQ data with third parties, and it has not disclosed such data to "federal or state law enforcement".

Sprint also stated that it is not violating federal law.

AT&T Response. AT&T responded by letter dated December 14, 2011. It stated the Carrier IQ software is resident on about 900,000 devices on AT&T's wireless network.

AT&T stated that it uses Carrier IQ software, but "only to collect diagnostic information", and "not to obtain the contents of customers' communications, to track where our customers go on the Internet, or to track customer location".

But, in response to specific questions, it stated that it does use Carrier IQ software to collect location data, and phone numbers. It does not, however, use this software to collect content of emails or text messages (subject to the programming error noted by Carrier IQ), URLs of web sites visited, search queries, information from address books, or keystroke data.

It also stated that it has not shared data collected by this software with law enforcement agencies or third parties other than AT&T companies.

See also, response of Samsung, which makes phones and tablets for companies that provide wireless services, such as Sprint, AT&T and T-Mobile. It stated that it pre-installs Carrier IQ software at the direction of these companies. It also stated that it "does not receive any data that may be collected by Carrier IQ software or Carrier IQ". And hence, it does not share any such data with third parties, make it available to law enforcement, or store it. And, it opines that it is not violating federal law.

See also, response of HTC, which also makes phones for wireless service providers, and installs Carrier IQ software pursuant to its contracts with them. It stated that it does not receive any data from Carrier IQ software. And, it is not violating federal law.

Sen. Leahy Comments on DNS Blocking Provisions of PROTECT IP Act

1/12. Sen. Patrick Leahy (D-VT) released a statement regarding the DNS blocking provisions of S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act".

Sen. Leahy, the Chairman of the Senate Judiciary Committee, and sponsor of the PROTECT IP Act, rushed the bill through the SJC last May, two weeks after introducing the bill. The Senate is scheduled to take up the bill as early as January 23, 2012.

Sen. Leahy stated that he wants the Senate to pass the bill, and then the merits of its DNS blocking provisions should be studied.

Sen. Leahy wrote that "The PROTECT IP Act provides new tools for law enforcement to combat rogue websites that operate outside our borders but target American consumers with stolen American property and counterfeits.  One of those tools enables law enforcement to secure a court order asking Internet Service Providers (ISPs) to use the Domain Name System to prevent consumer access to foreign rogue websites."

He argued that it "remains a strong and balanced approach to protecting intellectual property through a no-fault, no-liability system that leverages the most relevant players in the Internet ecosystem".

Sen. Patrick Leahy"I and the bill's cosponsors have continued to hear concerns about the Domain Name provision from engineers, human rights groups, and others." Sen. Leahy (at right) added that "As I prepare a managers' amendment to be considered during the floor debate, I will therefore propose that the positive and negative effects of this provision be studied before implemented."

He did not explain in this statement by whom the study would be conducted. Nor did he explain whether the study would be conducted between Senate passage of S 968 and enactment of the Act into law, or after enactment. Nor did he explain what consequences the study would have.

Nor did Sen. Leahy explain why he advocates Senate passage of a bill before the Senate has studied the merits of one of its key provisions.

Ed Black, head of the Computer and Communications Industry Association (CCIA) stated in a release that "I hope this statement signals a recognition they didn't understand this issue when the bill was drafted. We hope this means they will step back, talk to stakeholders, identify and focus on the real problem they’re trying to solve and target that. But it seems more likely to be aimed at newer opponents of the bill that haven’t absorbed how harmful the legislation would still be, even if there was a firm commitment to remove DNS blocking, which there isn’t."

The Consumer Electronics Association (CEA) stated in a release that "We are pleased" that Sen. Leahy recognizes this issue. "The Act's domain name system (DNS) provisions are a significant concern, as are the imposition of liability on search engines, the inclusion of a private right of action, and the broad definitions of what constitutes an infringing site."

The CEA added that "If the bill is to be rewritten, we urge that stakeholders be brought together in an attempt to reach agreement on these and other outstanding issues. We also urge that a legislative hearing be held on the bill for the benefit of the members being asked to debate and vote on it."

Sherwin Siy of the Public Knowledge wrote in a release that "We appreciate the action Chairman Leahy is taking to improve his legislation. Even with that change, however, the bill would still be unacceptable."

Summary of the Argument that DNS Blocking May Decrease Cyber Security

1/12. Some critics of the two main foreign rogue web sites bills have expressed concerns about the DNS blocking provisions. Moreover, this is shaping up to be one of the key argument against the bills. The House Judiciary Committee (HJC) may complete its mark up this month, while the full Senate is scheduled to begin consideration of its bill on January 23.

The main concern pertains to the possible effect of DNS blocking upon cyber security.

Numerous letters and papers regarding this issue have been released since the Congress began consideration of DNS blocking as a means to address foreign infringing web sites. For example, Steve Crocker (Shinkuro), David Dagon (Georgia Tech), Dan Kaminsky (DKH), Danny McPherson (Verisign), and Paul Vixie ( Internet Systems Consortium) released a paper [17 pages in PDF] in May of 2011 titled "Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill".

Some opponents of the House bill, HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA", offered brief summaries of arguments expressed in this paper during the first phase of the HJC mark up of this bill in late December.

The Senate bill is S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011", "PROTECT IP Act", or "PIPA".

The authors of this paper wrote that the "PROTECT IP would empower the Department of Justice, with a court order, to require operators of DNS servers to take steps to filter resolution of queries for certain names. Further, the bill directs the Attorney General to develop a textual notice to which users who attempt to navigate to these names will be redirected. Redirecting users to a resource that does not match what they requested, however, is incompatible with end-to-end implementations of DNS Security Extensions (DNSSEC), a critical set of security updates. Implementing both end-to-end DNSSEC and PROTECT IP redirection orders simply would not work. Moreover, any filtering by nameservers, even without redirection, will pose security challenges, as there will be no mechanism to distinguish court-ordered lookup failure from temporary system failure, or even from failure caused by attackers or hostile networks." (Footnote omitted.)

"In short, DNSSEC allows for DNS records to be cryptographically signed, thereby providing a secure authentication of Internet assets. When implemented end-to-end between authoritative nameservers and requesting applications, DNSSEC prevents man-in-the-middle attacks on DNS queries by allowing for provable authenticity of DNS records and provable inauthenticity of forged data. This secure authentication is critical for combatting the distribution of malware and other problematic Internet behavior. Authentication flaws, including in the DNS, expose personal information, credit card data, e-mails, documents, stock data, and other sensitive information, and represent one of the primary techniques by which hackers break into and harm American assets."

They continued that "By mandating redirection, PROTECT IP would require and legitimize the very behavior DNSSEC is designed to detect and suppress. Replacing responses with pointers to other resources, as PROTECT IP would require, is fundamentally incompatible with end-to-end DNSSEC. Quite simply, a DNSSEC-enabled browser or other application cannot accept an unsigned response; doing so would defeat the purpose of secure DNS. Consistent with DNSSEC, the nameserver charged with retrieving responses to a user's DNSSEC queries cannot sign any alternate response in any manner that would enable it to validate a query."

"From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable."

The concluded that "DNSSEC is being implemented to allow systems to demand verification of what they get from the DNS. PROTECT IP would not only require DNS responses that cannot deliver such proof, but it would enshrine and institutionalize the very network manipulation DNSSEC must fight in order to prevent cyberattacks and other miscreant behavior on the global Internet."

People and Appointments

1/12. The Department of Homeland Security (DHS) published a notice in the Federal Register announcing that it seeks private sector members for its Homeland Security Science and Technology Advisory Committee (HSSTAC). The deadline to submit applications is January 30, 2012. See, Federal Register, Vol. 77, No. 8, Thursday, January 12, 2012, at Page 1942.

1/12. Robert Fisher was named a Deputy Director of the Securities and Exchange Commission's (SEC) Office of International Affairs. See, SEC release.

Groups Seek Congressional Reversal of Leegin Opinion on RPM

1/11. The American Antitrust Institute (AAI), Consumers Union (CU), and National Consumers League (NCL) sent a letter to Rep. Hank Johnson (D-GA), the sponsor of HR 3406 [ LOC | WW], the "Discount Pricing Consumer Protection Act", expressing their support for the bill.

The bill has little chance of passage by the current House Judiciary Committee (HJC). Some members of Congress, as well as economists and the American Bar Association, back the Supreme Court's 2007 opinion [55 pages in PDF] in Leegin Creative Leather Products v. PSKS, which this bill would undo.

Leegin, and this bill, pertain to the treatment of resale price maintenance (RPM) under antitrust law. RPM exists when a manufacturer agrees with its distributor(s) to set the minimum price that the distributor(s) can charge for the manufacturer's goods. Leegin did not involve a dispute between tech companies. However, RPM is also employed in the tech sector for consumer electronics and other products.

Prior to 2007, RPM was subject to the antitrust per se rule, rather than the lighter rule of reason standard. Then the Supreme Court of the U.S. (SCUS) held in Leegin that all vertical price restrains are to be judged by the rule of reason, and that the SCUS's 1911 opinion in Dr. Miles Medical Co. v. John D. Park & Sons Co., which is reported at 220 U.S. 373, is overturned.

See, story titled "SCUS Holds That All Vertical Price Restraints Are Subject to Rule of Reason" in TLJ Daily E-Mail Alert No. 1,603, June 28, 2007.

The Leegin opinion changed the law for vertical RPM. Under the lighter rule of reason standard, plaintiffs must show actual or potential harm to competition.

After Leegin, horizontal agreements among competitors to fix prices remain per se violations of the Sherman Act. Group boycotts, and horizontal market division are other examples of per se violations.

The AAI, CU and NCL argued in their letter that "RPM agreements raise consumer prices, prevent efficient retailers from passing on the benefits of their lower costs to consumers, and tend to retard the development of new forms of retailing. At the same time, the purported benefits to consumers of RPM agreements are dubious and even if such benefits exist they can be achieved by less restrictive business practices."

Rep. Johnson introduced HR 3406 on November 14, 2011. It is a short bill that provides that "Any agreement setting a price below which a product or service may not be sold by a retailer, wholesaler, or distributor shall violate section 1 of the Sherman Act (15 U.S.C. 1)."

He also introduced a similar bill in the 111th Congress, HR 3190 [LOC | WW], also titled the "Discount Pricing Consumer Protection Act".

The Senate version of the bill is S 75 [LOC | WW]. It contains a statement of findings and declaration of purposes that is not in the House bill. It them provides that "Any contract, combination, conspiracy or agreement setting a minimum price below which a product or service cannot be sold by a retailer, wholesaler, or distributor shall violate this Act". The Senate Judiciary Committee (SJC) approved it on November 3, 2011.

Genachowski Addresses Incentive Auctions and Unlicensed Spectrum

1/11. Federal Communications Commission (FCC) Chairman Julius Genachowski gave a speech at the Consumer Electronics Show (CES) in Las Vegas in which he addressed legislation to give the FCC incentive auction authority.

An incentive auction would provide for the sharing of spectrum auction proceeds with the licensees who voluntarily relinquish that spectrum. It would provide a financial incentive for television broadcasters and other licensees to relinquish some of their spectrum.

While there is broad support for the concept, there are many hotly debated issues regarding how to structure a regime for incentive auctions, as well as related matters. Genachowski engaged in legislative advocacy, and criticized components of some pending bills.

See, full story.

Commentary on FCC Spectrum Discretion

1/11. Federal Communications Commission (FCC) Chairman Julius Genachowski gave a speech at the Consumer Electronics Show (CES) in Las Vegas in which he offered an idealized vision of the FCC.

The main purpose his speech was to take sides in ongoing Congressional debates regarding incentive auction legislation. See, related story in this issue titled "Genachowski Addresses Incentive Auctions and Unlicensed Spectrum".

He argued, in effect, that the Congress should reject language in the House Republicans' incentive auction bill that would limit FCC discretion regarding allocation of spectrum for unlicensed uses, and regarding auction eligibility conditions.

He argued that such legislation "preempts an expert agency process that's fact-based, data-driven and informed". He asserted that the FCC possesses "technical expertise", and makes decisions "based on the evidence, on an open record", and in a timely manner.

And for these reasons, the FCC Chairman argued, it should be granted broad discretion with respect to spectrum auctions and allocations.

There exists another vision of the nature of FCC processes -- that it is an agency comprised of, and run by lawyers; that it is dependent upon information and analysis provided to it by interested companies and trade groups; that it is frequently influenced by political pressure from the Congress and President; and that is has limited commitments to transparent processes, Congressional statutes, and timely decision making.

In addition, when certain members of Congress back legislation that would give the FCC broad discretion, it is not necessarily because they hold an idealized vision of the FCC as an independent expert agency. Rather, it is sometimes because they hold an alternative vision of the FCC as an agency that is subject to pressure and manipulation from the Congress, and they look forward to exerting such influence over FCC decision making in the future.

Moreover, in recent years, Genachowski has often disregarded House Republicans, but not House Democrats, in key proceedings. Hence, some House Republicans have developed a tendency to support legislation that limits FCC discretion.

Rep. Issa's Committee to Hold Hearing on DNS Blocking and Search Takedown Provisions of SOPA

1/11. The House Oversight and Government Reform Committee (HOGRC) announced that it will hold a hearing on January 18, 2012, titled "Government Mandated DNS Blocking and Search Takedowns -- Will It End the Internet as We Know It?" See, HOGRC hearing notice.

The House and Senate are both considering bills, directed at foreign web sites dedicated to infringing activity.

The Senate bill is S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act". The Senate Judiciary Committee (SJC) amended and approved this bill on May 26, 2011. The full Senate is scheduled to consider it when it returns on January 23.

The House bill is HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA". The House Judiciary Committee (HJC) began, but did not complete, its mark up of the SOPA in late December.

At this mark up, several members of the HJC, including Rep. Darrell Issa (R-CA), vehemently criticized the SOPA, and argued that the HJC's hurried consideration of this bill included only one hearing. Moreover, this hearing included no witnesses who could address the technical aspects of DNS blocking, which is one component of the SOPA. Several members of the HJC therefore argued that the HJC should hold a hearing on the DNS blocking provisions of this bill before continuing with the mark up.

The HJC has not yet publicly announced a date for resumption of its mark up of HR 3261. Nor has it announced a hearing on DNS blocking.

Rep. Issa is both a member of the HJC and Chairman of the HOGRC. He is using his position to conduct a hearing that will likely produce much testimony against the DNS blocking provisions of the SOPA.

Rep. Issa has also publicly released, but not introduced in the House, a draft of a bill that takes a different approach to combating foreign web sites dedicated to infringing activity. It is titled "Online Protection & Enforcement of Digital Trade Act". This title provides a near acronym -- "OPEN Act". See, draft [18 pages in PDF]. See also, story titled "Rep. Issa and Others Propose USITC Based Approach to Web Sites Dedicated to Infringing Activity" in TLJ Daily E-Mail Alert No. 2,318, December 14, 2011.

Rep. Jason Chaffetz (R-UT) was another active critic of the SOPA during the HJC mark up sessions in December. He is also a member of the HOGRC.

Nominations on Senate Calendar

1/11. The Senate is scheduled to resume business on January 23, 2012. There are numerous pending nominations, that require Senate confirmation, that have been approved by the relevant committee, and that are on the Senate's executive calendar.

There are two pending Federal Communications Commission (FCC) nominations: Ajit Pai to be an FCC Commissioner for a term of five years from July 1, 2011, and Jessica Rosenworcel to be an FCC Commissioner for a term of five years from July 1, 2010.

Pai has been nominated for the seat previously held by Meredith Baker, and Rosenworcel has been nominated for the seat previously held by Michael Copps. See, story titled "Obama Nominates Pai and Rosenworcel to Be FCC Commissioners" in TLJ Daily E-Mail Alert No. 2,309, November 3, 2011.

There are also two pending Federal Trade Commission (FTC) nominations: Jon Leibowitz to be a FTC Commissioner for a term of seven years from September 26, 2010, and Maureen Ohlhausen to be a FTC Commissioner for a term of seven years from September 26, 2011.

Leibowitz is currently a Commissioner, and the FTC Chairman. This is a reappointment. Ohlhausen has been nominated for the seat previously held by William Kovacic. See, story titled "Obama Picks Ohlhausen for FTC Commissioner" in TLJ Daily E-Mail Alert No. 2,264, July 20, 2011.

There is one pending Department of Justice (DOJ) nomination of significance to information and communications technology. Michael Horowitz has been nominated to be Inspector General. The previous IG was Glenn Fine.

The DOJ and its Federal Bureau of Investigation (FBI) has engaged in rampant abuse of surveillance powers. Some of this was investigated and disclosed to the public by the former IG Fine. For an overview of Fine's reports, see story titled "Obama Picks Michael Horowitz to Be DOJ Inspector General" in TLJ Daily E-Mail Alert No. 2,276, August 1, 2011.

At the Department of Commerce (DOC) the nomination of Rebecca Blank to be Deputy Secretary of Commerce is pending. She is currently acting Deputy Secretary.

There are three nominations for U.S. Courts of Appeals pending on the Senate calendar: Jacqueline Nguyen (9th Circuit), Stephanie Thacker (4th Circuit), and Adalberto Jordan (11th Circuit).

There are also a larger number of pending nominations for U.S. District Courts, including Rudolph Contreras, for the U.S. District Court for the District of Columbia, and Jesse Furman and Ronnie Abrams, for the Southern District of New York.

The other pending District Court nominees on the Senate executive calendar are:

Go to News from January 6-10, 2012.