TLJ News from April 6-10, 2012

Wireless Service Providers Announce Plans for Disabling Stolen Smart Phones

4/10. The CTIA announced in a release that certain wireless service providers will take coordinated action "to help deter smartphone thefts and protect consumer data".

The gist of the program is the creation of integrated databases of unique identifiers of mobile communications devices reported as stolen, by participating wireless service providers, combined with a commitment by such providers to not provide service to the unique identifiers associated with devices reported as stolen.

Neither the CTIA, nor others, released the text of any agreement.

The CTIA stated in a release that "Wireless providers will work to initiate, implement and deploy database solutions, using unique smartphone identifying numbers, designed to prevent smartphones reported by their customers as stolen from being activated and/or provided service on their own networks".

This release elaborates that by October 31, 2012, US GSM providers will implement this database so that GSM smart phones reported as stolen will not work on any US GSM network. Also, by November 30, 2013, US LTE providers will create a common database for LTE smart phones.

Also, by April 30, 2013, smart phone makers "will implement a system to notify/inform users via the new smartphones upon activation or soon after of its capability of being locked and secured from unauthorized access by setting a password".

Also, wireless service providers "will inform consumers, using communications including email or text messages, about the existence of -- and access to -- applications that can lock/locate/erase data from smartphones."

Finally, the CTIA release states that the industry will engage in consumer education efforts.

The CTIA announcement lacks many details about this program.

Sen. Charles Schumer (D-NY) issued a release with some more specifics. It states that "major cell phone carriers in the United States ... have agreed ... to set up an integrated database of unique cell phone identifiers, known as International Mobile Equipment Identity (IMEI) numbers, to allow cell phone companies to permanently disable stolen cell phones."

It adds that "stolen phones, like the iPhone and Android phones, are easily resold on the black market because they use SIM card technology".

It explains that under the just announced program, "carriers in the United States will no longer just deactivate SIM cards, which store a user's account information, but instead, they will deactivate the actual handheld device, using the phone's individual IMEI number. IMEI numbers are unique to the actual handheld device similar to a vehicle VIN number and can be found usually in battery compartments of phones".

Sen. Charles SchumerThis release also states that Sen. Schumer (at right) will introduce a bill in the Senate that would "make it a federal crime to tamper or alter a cell phone IMEI numbers in order to activate a stolen phone. Schumer's legislation will be modeled on similar federal statutes with respect to VIN numbers on automobiles. Anyone convicted of tampering with or altering the IMEI number on a cell phone could face a maximum of five years in prison."

Also, a CTIA spokesman told TLJ that "The databases will be made interoperable with appropriate international stolen smartphone databases."

Kathleen Grillo, Verizon Wireless SVP for federal regulatory relations, stated in a release that "Verizon Wireless has a long-standing commitment to protect our customers if their mobile device is stolen, including such resources as an internal system that does not allow devices reported as stolen to be activated on the Verizon Wireless network. We support the broader, industry-wide solutions announced today. We will work with policymakers and collaborate with other providers, device manufacturers, and application and software developers, to increase consumer protections and to empower consumers with additional resources to help ensure stolen devices cannot be used or accessed illegally."

AT&T's Jim Bugle stated in a release that "We have been working with carriers, manufacturers, OS providers, governments and law enforcement for some time now on finding a comprehensive solution that helps the law enforcement community do their job but that wireless carriers are able to quickly implement from a technical standpoint".

FCC Role. The Federal Communications Commission (FCC) hosted an event for the announcement of this industry initiative on April 10.

FCC Chairman Julius Genachowski did not assert that the FCC possesses any statutory authority to regulate service providers or equipment manufacturers for the purpose of deterring smart phone theft.

Nor did he propose a rulemaking proceeding at this time. However, the FCC issued a release that states that "The FCC will launch a proceeding if progress on the above deliverables falls behind schedule".

Genachowski discussed the problem, praised the industry initiative, credited individual companies, and announced governmental involvement in, and approval of, this collaboration among competitors.

He stated in a short speech that "In DC, New York and other major cities, roughly 40% of all robberies now involve cell phones -- endangering both the physical safety of victims and the safety of the personal information on stolen devices".

He added that "The Major Cities Police Chiefs Association, representing more than 60 U.S. cities, serving 76 million people, and headed by Commissioner Ramsey, issued a declaration calling for action. They all said: This is a real problem; we need a solution."

He commended the "CTIA and the wireless companies including AT&T, Sprint, T-Mobile, Verizon, and Nex-Tech Wireless for their commitment to these steps." He also thanked "equipment manufacturers and operating system developers, Apple, Motorola, Qualcomm, HTC, Microsoft, Nokia, and RIM, for being part of this solution."

Legislative Activity. This industry announcement follows the commencement of legislative actions directed at imposing a regulatory framework for deterring smart phone theft and data loss.

On March 22, 2012, Rep. Eliot Engel and others introduced HR 4247 [LOC | WW], the "Cell Phone Theft Prevention Act of 2012", a bill that would require service providers to not provide service to a stolen phone. See, story titled "House Democrats Introduce Bill to Enable Service Blacklisting and Data Erasure for Stolen Mobile Devices" in TLJ Daily E-Mail Alert No. 2,356, March 25, 2012.

On March 23 Rep. Henry Waxman (D-CA), Rep. Ed Markey (D-MA), and Rep. Anna Eshoo (D-CA) sent similar letters to communications carriers, handset manufacturers, and operating system developers regarding what they are doing, or could be doing, to combat rising theft of smart phones, and protect consumers from theft of personal and financial information. See for example, letter to Apple. See also, story titled "House Commerce Committee Democrats Question Companies Regarding Smart Phone Theft" in TLJ Daily E-Mail Alert No. 2,356, March 25, 2012.

Rep. Eshoo and Rep. Markey issued a release on April 10 praising this industry announcement.

Commentary. Wireless service providers already know how to terminate service to their own customers. This just announced program would enable termination of service to devices, and across all participating service providers.

Thus, once the just announced program is implemented, a thief, or subsequent purchaser of a stolen device, would not be able to obtain service, not only for the lawful owner's service provider, but from any participating service provider.

However, thieves, and downstream purchasers in the illegal market for stolen devices, might still acquire wireless service for stolen devices. First, they might acquire service by changing the device's unique identifier, thereby rendering the system incapable of identifying it as a stolen device.

Second, they might obtain service from non-participating service providers. For example, stolen devices might be exported abroad, and resold, in locations where service providers are not participating in any program for the termination of service to stolen US devices.

To the extend that such options remain viable, the deterrent impact of the just announced program would be diminished.

Also, hypothetically, the mission of this just announced program could be expanded to limiting activities other than theft, such as termination of service to devices alleged to be used for unauthorized access to computer systems, for infringing activity, or for other illegal purposes.

People and Appointments

4/10. The Electronic Privacy Information Center (EPIC) announced in a release the members of its Advisory Board for 2012. They are Colin Bennett (University of Victoria, Canada), Ryan Calo (Stanford University law school), Laura Donohue (Georgetown University law school), Cynthia Dwork (Microsoft), Orin Kerr (George Washington University law school), and Frank Pasquale (Seton Hall University law school).

More News

4/10. The National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) released its proposed revisions [4 pages in PDF] to its June 2009 FIPS 186-3 [130 pages in PDF] titled "Digital Signature Standard". The deadline to submit comments is May 25, 2012. See also, notice in the Federal Register, Vol. 77, No. 69, Tuesday, April 10, 2012, at Pages 21538-21539.

Anonymous Launches DDOS Attack on Supporters of CISPA

4/9. The US Telecom announced in a release that a group named Anonymous "has claimed credit for a denial-of-service attack this morning on the USTelecom website in retaliation for the association's support for the Cyber Intelligence Sharing and Protection Act of 2011" or CISPA.

Anonymous is a public interest group that has no organization, hierarchy, corporate status, or agent for service of process. It is a loose association of anarchic individuals who engage in distributed denial of service (DDOS) attacks, and other illegal cyber strategies, to intimate others from engaging in lawful activity to which they object. It focuses on internet related issues. See, related story in this issue titled "Anonymous DDOS Attacks".

Its power to coerce is shown by the American Bar Association's (ABA) decision to host an event later this month titled "Should I Sue? The Perils of Litigation in the Age of Anonymous".

On April 24 the ABA will host a panel discussion regarding hacking attacks launched in retaliation for the filing of lawsuits. The speakers will be Tanya Forsheit (InfoLawGroup), Marcia Hofmann (Electronic Frontier Foundation), Steven Teppler (Edelson McGuire), and Gib Sorebo (SAIC). See, ABA notice.

The bill at the root of the Anonymous's DDOS attack against the US Telecom is HR 3523 [LOC | WW], the "CISPA". Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) introduced it on November 30, 2011. See, story titled "Representatives Introduce Cyber Threat Information Sharing Bill" in TLJ Daily E-Mail Alert No. 2,316, November 30, 2011.

Walter McCormick, head of the US Telecom, stated in this release that "As an industry in the business of facilitating communications, we respect the right of those calling themselves `Anonymous´ to express their views and engage in lawful political advocacy. But by launching a cyber attack in an effort to coerce, intimidate and stifle speech, members of Anonymous are acting contrary to the very freedoms and Internet norms that they espouse."

McCormick added that "Ironically, by their actions Anonymous hacktivists underscore the importance of speedy action on the bipartisan Rogers-Ruppersberger legislation to ensure that the Internet remains an open and safe forum for all."

Update on CISPA and Related Bills

4/9. The House Intelligence Committee (HIC) amended and approved HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA" on December 1, 2011, by a vote of 17-1.

The bill now has a total of 107 sponsors. Support is bipartisan, and also includes senior members of the House Commerce Committee (HCC), including Rep. Greg Walden (R-OR) and Rep. Anna Eshoo (D-CA), the Chairman and ranking Democrat on the HCC's Subcommittee on Communications and Technology.

In contrast, there is less support for HR 3523 from members of the House Judiciary Committee (HJC) and House Homeland Security Committee (HHSC). Rep. Dan Lungren (R-CA), a senior member of both the HJC and HHSC, is the lead sponsor of another bill with cyber security information sharing provisions.

However, it is more narrowly tailored. See, HR 3674 [LOC | WW], the "Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011" which nearly produces the acronym of "PRECISE Act".

HR 3523, the bill which has drawn the ire of the Anonymous cyber hackers, is drafted to promote, but not mandate, information sharing about cyber threats. It would allow sharing. It would create new immunities. On the other hand, it would create no new regulatory regime, no new criminal prohibition regime, no data retention mandate, and no new government surveillance powers.

This bill would amend Title 50, which pertains to national defense and intelligence, to authorize U.S. intelligence agencies to provide secret "cyber threat intelligence" to certain private sector entities, namely, "cybersecurity providers", "protected entities" (of cybersecurity providers), and "self-protected entities" (which provide their own cybersecurity). The bill further allows these entities to further share this intelligence, but prohibits "unauthorized disclosure".

This bill would also allow "cybersecurity providers" and "self-protected entities" to provide "cyber threat information" to others, and to the federal government. But, shared cyber threat information "may not be used by an entity to gain an unfair competitive advantage".

The bill would also grant sweeping immunity from state and federal, and civil and criminal, actions and liability, for "using cybersecurity systems or sharing information in accordance with this" bill, or "for not acting on information obtained or shared in accordance with this" bill.

Rep. Mary Mack (R-CA), a cosponsor of HR 3523, wrote in a social medium statement on April 9, "Hacker group Anonymous launches cyber attack on USTelecom. Yet another reason to support my SECURE IT Act."

She is the lead sponsor of  HR 4263 [LOC | WW], the "Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012" or "SECURE IT Act". It too would incent information sharing. HR 4263 is the House version of S 2151 [LOC | WW], also titled the "SECURE IT Act", introduced on March 1, 2012 by Sen. John McCain (R-AZ) and others. See, related story in this issue titled "Rep. Mack and Rep. Blackburn Introduce SECURE IT Act".

There are currently many bills pending in the House or Senate that pertain to cyber security. Many of these address information sharing, including the following:

Recent Anonymous DDOS Attacks

4/9. The group Anonymous has engaged in illegal internet based attacks that attempt to stop or intimidate persons, entities, and government agencies from revising, enforcing or implementing laws and policies that enable government to block, deter and prosecute illegal activity on the internet.

The April 9, 2012 distributed denial of service (DDOS) attack on the US Telecom was related to its urging the Congress to enact HR 3523 [LOC | WW], the "CISPA", a bill that is intended to reduce cyber threats.

Last year the Anonymous was involved in DDOS attacks related to the publication by WikiLeaks of information illegally provided to WikiLeaks.

For example, on July 19, 2011, the U.S. District Court (NDCal) unsealed an indictment [12 pages in PDF] that charged damage to a protected computer in violation of 18 U.S.C. § 1030, and conspiracy, in connection with the Anonymous retaliatory DDOS attacks directed at PayPal servers after PayPal suspended WikiLeaks' accounts for violating its terms of service (TOS) by publishing classified State Department cables in its web site. WikiLeaks had used PayPal to receive contributions.

The indictment alleged that "In retribution for PayPal's termination of WikiLeaks' donation account, Anonymous co-ordinated and executed DDoS attacks against PayPal's computer servers" using an open source computer program named "Low Orbit Ion Cannon". The indictment adds that "Anonymous referred to these co-ordinated attacks on PayPal as ``Operation  Avenge Assange.´´"

See, story titled "Grand Jury Indicts 14 for WikiLeaks Related DDOS Attacks" in TLJ Daily E-Mail Alert No. 2,264, July 20, 2011.

Earlier this year the Anonymous was involved in attacks related to the negotiation of the Anti-Counterfeiting Trade Agreement (ACTA). On February 17, 2012, the Federal Trade Commission (FTC) published a notice in its web site that states that the FTC's Bureau of Consumer Protection's (BCP) Business Center was hacked on February 17.

The notice stated, in full, "The Bureau of Consumer Protection's Business Center website, run by the Federal Trade Commission, was hacked on February 17, 2012. The FTC takes this malicious act seriously. The site has been taken down and will be brought back up when we're satisfied that any vulnerability has been addressed."

News stories in various publications reported that the Anonymous claimed responsibility, and that the ACTA was its complaint. Although, the FTC does not enforce copyright laws, and was not the agency that negotiated the ACTA. The Office of the U.S. Trade Representative (OUSTR) did.

The Hill published a story on February 17, 2012, by Brendan Sasso, titled "Anonymous hacks FTC websites", that states that "The hackers replaced the government websites with a German-language video depicting a man in a ski mask gunning down people for downloading copyrighted music. In a profanity-laced statement, Anonymous promised to ``rain torrential hellfire down on all enemies of free speech, privacy and internet freedom´´ if ACTA is approved.

Also, various news publications have reported on Anonymous attacks on the web sites of movie industry web sites. The attackers' complaint is the industry's support for pending legislation directed at web sites dedicated to infringing activity, the SOPA and PIPA.

Also, on December 13, 2011, a grand jury of the U.S. District Court (CDCal) returned an indictment that charges Kevin George Poe with unauthorized impairment of a protected computer in violation of 18 U.S.C. § 1030 in connection with his conducting a DDOS attack against the web site of Gene Simmons, a musician long affiliated with a rock band titled Kiss. Simmons is an aging rock musician who is best know for painting his face black and white and sticking out his tongue. However, the reason that the Anonymous attacked his web site was his advocacy of rights under copyright law.

The Office of the U.S. Attorney (USAO) for the Central District of California stated in a release that "Poe and others linked to Anonymous allegedly conducted" this DDOS attack by "sending tens of thousands of electronic requests designed to overload the computer server and render the website useless. According to the indictment, Poe used a favorite software tool of the Anonymous collective -- a Low Orbit Ion Cannon, which is a computer program that is used to send extremely large numbers of ``packets´´ or requests over a network in an attempt to overwhelm a target computer."

Allegations of Race Discrimination at Tech Companies

4/9. The web site titled "Online IT Degree" published a short piece titled "Is Tech Racist" last July. It is a short collection of graphics, with little text. It states that "It's one of the world's most rapidly growing industries, and yet from where it starts in Silicon Valley to where it ends in the hands of consumers, technology presents an irreconcilable flaw: It seems to be racist."

This piece states that the Silicon Valley "employment population" is 1.5% black and 4.7% black, while the overall U.S. population is 12.8% black and 15.4% hispanic.

This piece also refers to HP's "face tracking" technology. It also states that "Microsoft patented an app dubbed ``avoid ghetto.´´". This piece states that the "app's purpose" is "Helping pedestrians navigate around black neighborhoods".

See, full story.

More News

4/9. T-Mobile USA and Leap Wireless announced plans to exchange spectrum. T-Mobile announced in a release that it "has entered into an agreement with Leap Wireless International, Inc. and Savary Island Wireless, LLC (Leap's non-controlled, majority-owned venture), to exchange wireless spectrum in various markets." (Parentheses in original.) It added that "T-Mobile will receive spectrum from Leap in several markets in Alabama, Illinois, Missouri and Minnesota, and Leap will receive spectrum from T-Mobile in Phoenix, AZ and Houston, Galveston and Bryan-College Station, TX. Additionally, the companies will exchange spectrum in Philadelphia, Wilmington, DE and Atlantic City, NJ as well as several markets in Texas and New Mexico." The license transfers require approval by the Federal Communications Commission (FCC). See also, Leap Wireless release.

4/9. The U.S. Patent and Trademark Office (USPTO) released a short piece by David Kappos titled "Electronic Terminal Disclaimers Now Get Immediate Approvals".

FCC Releases Tentative Agenda for Meeting of April 27

4/6. The Federal Communications Commission (FCC) released a tentative agenda for its event titled "Open Meeting", scheduled for Friday, April 27, 2012. This agenda contains five items.

Cramming. The FCC is scheduled to approve a Report and Order (R&O) and Further Notice of Proposed Rulemaking (FNPRM) regarding the common practice of cramming -- the placement of unauthorized charges on consumers' telephone bills.

On July 12, 2011, the FCC adopted and released a Notice of Proposed Rule Making (NPRM) [48 pages in PDF]. It is FCC 11-106 in CG Docket Nos. 11-116 and 09-158, and CC Docket No. 98-170. See also, story titled "FCC Adopts Cramming NPRM" in TLJ Daily E-Mail Alert No. 2,258, July 14, 2011.

However, the proposed rules in the July 2011 NPRM would only impose minimal new requirements on carriers. First, this NPRM does not propose either to prohibit third party charges on carriers' phone bills, or to require that consumers be given the option to block all third party charges.

Rather, this NPRM merely proposes to tinker with the arrangement of bills, and notices contained in bills. It proposes that FCC's rules be amended to provide that "Where charges for two or more carriers appear on the same telephone bill, the charges must be separated by service provider."

The Senate Commerce Committee (SCC) held a hearing on cramming on July 13, 2011. See, story titled "Senate Commerce Committee Holds Hearing on Phone Bill Cramming" in TLJ Daily E-Mail Alert No. 2,258, July 14, 2011.

Broadcast Regulation. The FCC is scheduled to approve a R&O that would increase the regulatory burdens on broadcasters to disclose information about their operations. See, MM Docket No. 00-168 and MM Docket No. 00-44.

This R&O may adopt rules that implement some of the recommendations contained in the July 2011 FCC paper [468 pages in PDF] titled "Information Needs of Communities" written by Steven Waldman, who now works for the Columbia Journalism School.

Also, on April 20, at 12:15 PM, the New America Foundation (NAF) will host a panel discussion by proponents of new rules. The speakers will be Michael Calabrese (NAF), Steven Waldman (Columbia Journalism School), Corie Wright (Free Press), Harold Feld (Public Knowledge), and Kathy Kiely (Sunlight Foundation).

Other Items. The FCC's tentative agenda states that the FCC is scheduled to adopt a NPRM regarding "whether to allow noncommercial educational broadcast stations to conduct on-air fundraising activities that interrupt regular programming for the benefit of third-party non-profit organizations".

The FCC is scheduled to adopt a R&O that contains rules "for channel sharing among television licensees in connection with an incentive auction of spectrum".

The FCC is also scheduled to adopt a FNPRM regarding how universal service taxes are assessed and collected.

This event is scheduled for Friday, April 27, 2012, at 11:00 AM at the FCC headquarters, Room TW-C305, 445 12th Street, SW.

BLS Employment Data Shows Downward Trend in Communications and Upward Trend in IT

4/6. The Department of Labor's (DOL) Bureau of Labor Statistics (BLS) released employment data for the U.S. for the month of March, 2012.

The BLS stated in a release that "Nonfarm payroll employment rose by 120,000 in March, and the unemployment rate was little changed at 8.2 percent".

Table B-1 attached to the report reveals employment trends in various industry sectors, including information and communications technology (ICT).

The data for some older communications and publishing industries shows a continuing decrease in total employment, which may be considered bleak from the perspective of promoting full employment, but bright from the perspective of increasing efficiency.

The ongoing downward trend in employment in telecommunications equipment manufacturing continues. The downward trend in telecommunications services is even sharper. Employment in non-internet publishing also continues to decline.

See, table below, and tables in stories titled "Bureau of Labor Statistics Reports on Overall and ICT Employment" in TLJ Daily E-Mail Alert No. 2,281, August 6, 2011, and "BLS Reports on Employment" in TLJ Daily E-Mail Alert No. 2,171, December 7, 2010.

The impact of the proposed merger of AT&T and T-Mobile USA, and the impact of the blocking of that merger, on employment has been hotly debated. The BLS data shows, in the least, that employment in telecommunications services overall was down sharply in March, down sharply from one year ago. Morever, BLS data shows that this is part of a long run trend.

Communications companies are providing more and better services, with fewer employees, with advancing technologies. However, nothing in BLS data enables one to separate out the effects of technological innovation and industry consolidation on efficiency and employment.

TLJ asked the BLS about this. It responded, "BLS does not comment on the reasons for employment change".

Employment in non-internet broadcasting was up in March, but down slightly from a year ago. The longer term trend is downwards.

Employment in the movie and record industries was down in March, but about even with one year ago.

Employment in IT sectors is growing. Employment in manufacturing of both computers and peripherals, and semiconductors, were almost unchanged from one month ago, but up slightly from one year ago.

Employment in both "Other information services" and "Computer systems design" are up for the month, up for the year, and continue a longer term trend.

Legal employment was down slightly in March, but up slightly from one year ago.

The table below contains ICT related excerpts from the BLS table titled "Table B-1. Employees on nonfarm payrolls by industry sector and selected industry detail". This is the seasonally adjusted data.

Table: Total Number of Employees in Thousands by ICT Industry Sector
  Computer & peripheral equipment 157.1 162.4 162.7 163.0
  Communication equipment 116.1 111.1 111.0 111.1
  Semiconductors & electronic comp. 381.2 387.0 387.7 387.5
  Electronic instruments 405.0 402.0 401.1 402.8
Information Services:        
  Publishing industries, except Internet 749.6 741.6 740.8 740.2
  Motion picture & sound recording 362.4 352.3 370.7 362.8
  Broadcasting, except Internet 283.0 280.4 279.8 282.7
  Telecommunications 882.1 847.0 841.2 837.6
  Data processing, hosting & related serv. 243.1 240.6 241.2 240.6
  Other information services 151.1 166.3 166.9 168.2
Professional Services:        
  Legal services 1,114.3 1,117.5 1,117.7 1,116.4
  Computer systems design & related serv. 1,509.9 1,558.8 1,570.0 1,573.9
Source: BLS, April 2012 employment report, Table B-1.

BLS Table B-1 contains detail on employment by industry sector. The BLS also released tables that contain detail on employment by demographic characteristics, such as race, sex, age, disability status, and educational attainment. (See, Tables A-1 through A-7.)

However, these tables do not enable one to examine employment by both demographic characteristic (such as race) and by industry sector.

The BLS does release limited data on employment by sector and sex, but not by race.

More News

4/6. The Federal Communications Commission (FCC) released a tentative agenda of its event on April 27, 2012 titled "Open Meeting".

Go to News from April 1-5, 2012.