TLJ News from June 6-10, 2012

Holder Assigns Two to Investigate Cyber Warfare Leaks

6/8. Attorney General Eric Holder released a statement regarding federal investigation of the unauthorized release of information regarding US cyber warfare operations against Iran and other leaks.

He wrote that "Today, I assigned U.S. Attorney for the District of Columbia Ronald C. Machen Jr. and U.S. Attorney for the District of Maryland Rod J. Rosenstein to lead criminal investigations into recent instances of possible unauthorized disclosures of classified information."

Eric HolderHolder (at left) did not disclose what leaks will be the subject of these investigations. However, recently information was disclosed to the New York Times (NYT) regarding US cyber warfare operations against Iran. Other leaks have disclosed information about the use of drones in Yemen and adjacent Africa, and hit lists of terrorists.

The cyber warfare leaks at issue resulted in the publication in the NYT of a story by David Sanger on June 1, 2012, titled "Obama Order Sped Up Wave of Cyberattacks Against Iran". See also, story titled "Members of Congress Condemn Leaks of Information About US Cyber Attacks on Iran" in TLJ Daily E-Mail Alert No. 2,391, June 6, 2012.

Holder added that the Machen and Rosenstein "will be directing separate investigations currently being conducted by the FBI".

Holder did not specify whether the two will conduct overlapping and redundant investigations, or whether there will be a division of responsibilities. For example, one may have been tasked with investigating the federal officials who may have disclosed the information, while the other is tasked with investigating those to whom the information was leaked. Alternatively, Machen could have primary responsibility, and Rosenstein responsibility for those portions of the investigation from which Machen and Department of Justice's (DOJ) main office recuse themselves.

Sen. Patrick Leahy (D-VT) stated in a release on June 8 that "I agree with the Attorney General. He and I discussed this today and I am pleased he has picked strong, capable, independent prosecutors for the investigation. The Department’s consultation with the Judiciary and Intelligence Committees aids congressional oversight."

Also, President Obama held a news conference on Friday, June 8. He was asked about "reports of cyber-attacks on the Iranian nuclear program that you ordered". The questions were "First of all, what's your reaction of this information getting out in public? And secondly, what’s your reaction to lawmakers who accuse your team of leaking these details in order to promote your reelection bid?"

The President responded that "the issues that you have mentioned" are "classified". He also said that "we will conduct thorough investigations".

He also asserted that "the writers of these articles have all stated unequivocally that they didn't come from this White House". See, transcript.

The most likely objects of these investigations are senior Obama administration officials, officials at the agencies involved, contractors who assisted, and perhaps NYT employees.

It is not in the interests of senior members of the Obama administration to prosecute or embarrass any of these people, or even to cause them to incur burdensome legal defense costs.

Holder's action suggests that he does not seek productive investigations. First, he has not given anyone independent counsel status. Machen and Rosenstein remain under the control of the DOJ, and Holder, a partisan Democrat, and Obama loyalist.

Sen. John McCain (R-AZ) argued for the appointment of an independent counsel. He stated in a June 6 release that "What is grossly irresponsible is the deliberate leaking and discussion of covert and highly classified programs to launch cyber attacks against Iran’s illicit nuclear program by, according to The New York Times, ‘participants in the program,’ ‘aides’ to the President, ‘members of the President’s national security team ..."

Sen. John McCainSen. McCain (at right) continued that "Laws have apparently been broken. For this reason, yesterday I called for the appointment of a special counsel to investigate and, where appropriate, prosecute those responsible for these damaging leaks of military and intelligence secrets."

Second, one of the possible sources of the leaks is persons within the DOJ. Hence, Holder may be calling upon the DOJ to investigate the DOJ, thus creating a conflict of interest, and an incentive to fail.

Rep. Mike Rogers (R-MI), Chairman of the House Intelligence Committee (HIC) stated at a news conference on June 8 that the DOJ's National Security Division (NSD) "has recused itself from at least one element of the investigation, suggesting some of these leaks could have come from the sources within the DOJ or the FBI." He added that "it appears that the sources of these leaks could be in a position to influence the investigations". Also, he said that "you should probably have someone outside the normal track of investigation on the particular leak case". See, transcript.

Third, neither Machen nor Rosenstein are the sort of prosecutors that an Attorney General would appoint if he sought an aggressive and successful investigation of senior government officials.

Ronald MachenOne of Holder's picks, Ronald Machen (at right), has been the U.S. Attorney (USA) for the District of Columbia since February of 2010. Before that, he was a partner in the Washington DC office of the law firm of Wilmer Hale.

Machen is a Democrat and a political appointee. Federal Election Commission (FEC) records show that he is an Obama contributor. Most recently, he made a $500 contribution on September 5, 2011. Like Holder, he is not only politically loyal to the Obama administration, he is also a revolving door lawyer. One of the reasons for lawyers taking short term senior positions in government is to enhance one's ability to more effectively represent clients' interests after leaving office. Investigating and prosecuting government officials detracts from this goal.

In short, Machen is not a likely candidate for conducting an investigation that would cause embarrassment to President Obama, his senior appointees, or other government officials.

leftRod Rosenstein (at left), in contrast, is a career DOJ attorney. An online search of FEC individual contributor records for Rod Rosenstein for recent election cycles produces no results.

He has held numerous positions since joining the DOJ in 1990. Notably, he is a USA as a Republican appointee. Former President George Bush appointed him USA in 2005. He remains in this position with the support of Maryland's two Democratic Senators. Bush also nominated him to be a Judge of the U.S. Court of Appeals (4thCir) in 2007. Senate Democrats successfully blocked his confirmation.

Rosenstein worked in the DOJ's Criminal Division's Public Integrity Section early in his career. This unit has vast resources, but brings few cases. When it does, it sometimes acts without integrity or competence.

He also worked with former Independent Counsel Kenneth Starr. Rosenstein also boasts in his USA bio that "he supervised the investigation that found no basis for criminal prosecution of White House officials who had obtained FBI background reports". That episode is better known a Filegate.

In that matter, a White House official of one political party requested secret FBI files on hundreds of key members of the other political party, without legal basis. The FBI turned over the files, without authority for doing so. Rosenstein began with the names of the people who both disclosed and received the files. However, after years of investigation, he could not spot a single violation of federal law. That matter, and the one to which he has just been assigned, are similar. Both involve the wrongful disclosure of confidential information by government officials. If he does not demonstrate improved legal skills, he is unlikely to be able to spot any wrongdoing in the recent leak of cyber warfare secrets.

Intelligence Committee Leaders Hold News Conference to Condemn Cyber Warfare Leaks

6/8. The Chairmen and ranking members of the House Intelligence Committee (HCC) and Senate Intelligence Committee (SIC) held a news conference regarding recent leaks of national security secrets, including information about the US cyber attack on Iran's nuclear weapons development program. See, transcript.

Sen. Dianne Feinstein (D-CA), Chairman of the SIC, said that "When people say they don't want to work with the United States because they can't trust us to keep a secret, that's serious. When allies become concerned, when an asset's life is in jeopardy or the asset's family's life is in jeopardy, that's a problem. The point of intelligence is to be able to know what might happen to protect this country. And we can't do that if the intelligence is no longer kept, with strict scrutiny, within the number of people that need to have it."

Sen. Feinstein also called for legislation. See, related story in this issue titled "Sen. Feinstein and Rep. Rogers Call for Legislation Following Cyber Warfare Leaks".

Sen. Saxby Chambliss (R-GA), ranking Republican on the SIC, stated that "all of us are extremely upset about the fact that not only have leaks occurred, but there's been just a cascade of leaks coming out of the intelligence community over the last several weeks and months. And it's our clear intention to put a stop to this in the best way that we can. Leaks are part of the nature of this town. We understand that. But the fact of the matter is, when you have the kind of leaks that have been coming out in the last few weeks, it put lives in danger and it infringes upon the ability of the intelligence community to do their job."

He also said that the Director of National Intelligence, James Clapper, is "extremely upset about this issue".

Sen. Chambliss also stated in the Senate on June 6 that "From kill lists to cyber warfare, it appears that nothing is off-limits, nothing is too secret, no opinion is too sensitive, and no source is too valuable to be used as a prop in this election-year posturing. And now the doctor who is associated with the Bin Laden operation appears to be paying the price for this posturing. Following public disclosures of his involvement, he's been sentenced to a true life sentence of 33 years in prison in Pakistan. This hardly provides incentive for anyone else to help us." See, transcript and video [YouTube].

Rep. Dutch Ruppersberger (D-MD), the ranking Democrat on the HIC, stated that "It puts us at risk. It puts lives at risk. It hurts our ability with our allies to get -- have them work with us and get information. And it hurts us in recruiting assets that give us intelligence information that will allow us to protect our citizens, to work through issues that are so important to the whole issue of peace throughout the world and how we protect our citizens throughout the world."

Rep. Mike Rogers (R-MI), Chairman of the HIC, stated that "To have all four of us come forward today and talk about the severity of these leaks, I hope, sends a very clear message about how dangerous this has become. And it's not just an isolated incident, and that's what has brought us together. It seems to be a pattern that is growing worse and more frequent."

Sen. John McCain (R-AZ), is not a member of the SIC, and did not participate in this news conference. However, he is the ranking Republican on the Senate Armed Services Committee (SASC). He stated in a release on June 8 that "What the President did not unequivocally say today is that none of the classified or highly sensitive information recently leaked to the media came from the White House. I continue to call on the President to immediately appoint a special counsel to fully investigate, and where necessary, prosecute these gravely serious breaches of our national security."

Sen. Feinstein and Rep. Rogers Call for Legislation Following Cyber Warfare Leaks

6/8. Sen. Dianne Feinstein (D-CA) stated on June 8, 2012, at a news conference regarding recent disclosures of information regarding US cyber attacks on Iran's nuclear weapons development program that there is a need to pass legislation.

"We're doing a bill", said Sen. Feinstein. "We need to legislate." However, she did not elaborate. See, transcript.

Rep. Mike Rogers (R-MI) spoke at the same news conference. He said this. "Two problems here. One is that we get to the bottom of what is a growing and serious problem and the nature of these leaks, and second, that we put together legislation quickly that moves to put -- give the tools to the intelligence community to prevent this from happening in the future."

One relevant, but outdated, statute, is codified at 18 U.S.C. § 798. It pertains to "Disclosure of classified information". This section is also sometimes referred to as the Espionage Act, or a section of the Espionage Act. This section criminalizes the disclosure of certain "classified information" in "any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States".

It is limited mainly to cryptographic matters, communications intelligence systems, and protecting the secrecy of the activities of the National Security Agency (NSA). Other sections of Chapter 37 criminalize certain espionage activities directed at "information respecting the national defense", harboring persons who engage in such activities, photographing defense installations, and aerial photography of defense installations.

There is arguably a problem of under-inclusion of national security related information covered by Section 798.

There was an effort to enact legislation in the 111th Congress following the publication of large volumes of documents by Wikileaks. See for example, S 4004 [LOC | WW], the "Securing Human Intelligence and Enforcing Lawful Dissemination Act" or "SHIELD Act". See also, stories titled "Senators Introduce Bill to Amend Espionage Act to Reach WikiLeaks and Others" and "Commentary: Expansion of Espionage Law" in TLJ Daily E-Mail Alert No. 2,174, December 10, 2010.

Neither that bill, nor the companion bill in the House, HR 6506 LOC | WW], was passed by either body, or by any committee.

However, reform of Section 798 is just one possible topic for legislation, and may not be what Sen. Feinstein and Rep. Rogers have in mind.

The Senate Intelligence Committee (SIC) and House Intelligence Committee (HCC) are currently working authorization bills for the intelligence agencies.

The House passed HR 5743 [LOC | WW], the "Intelligence Authorization Act for Fiscal Year 2013", on May 31, 2012.

A year ago, when the House and Senate were considering a prior "Intelligence Authorization Act", a Senate bill included a section, which was not enacted into law, that would have given intelligence agencies broad powers to administratively punish employees who leak classified information. See, stories titled "Intelligence Authorization Bills Seek to Counter WikiLeaks" and "Commentary: Information Sharing and National Security Leaks" in TLJ Daily E-Mail Alert No. 2,235, May 7, 2011.

It should also be noted, with respect to the classification of information, that some have argued that there is a problem of over-inclusion. That is, much information is classified, and remains classified, which in an open and democratic society ought to be made public.

Cyber Warfare, Presidential War Powers, and Congressional Oversight

6/8. Sen. Dianne Feinstein (D-CA) dodged questions regarding Presidential authority to conduct cyber warfare at a news conference on June 8, 2012, regarding recent disclosures of information regarding US cyber attacks on Iran's nuclear weapons development program.

Sen. Feinstein, the Chairman of the Senate Intelligence Committee (SIC) participated in a news conference with her Republican counterpart, Sen. Saxby Chambliss (R-GA), and the Chairman and ranking Democrat on the House Intelligence Committee (HCC), Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD).

She was asked, "if the administration conducted cyberwarfare against Iran, that could constitute an act of war. Do you believe that Congress should be involved in oversight on this?"

Sen. Feinstein responded, "I'm not going to respond to that question." None of the other Senators present spoke up.

The Senators were also asked, "Do each of you agree with the use of drones, with the use of cyberwarfare?"

Sen. Feinstein responded, "I'm not going to answer that question here." None of the others responded.

The War Powers Resolution of 1973, which is codified at 50 U.S.C. §§ 1541-1548, purports to limit the "introduction of United States Armed Forces into hostilities" by the President. However, in the stuxnet program, computer code, not armed forces, were introduced into Iran.

With respect to Congressional oversight, neither Sen. Feinstein, nor the other Senators disclosed whether or not President Obama had disclosed details of the stuxnet program in a timely manner to the relevant oversight committees.

Nor did they address what committees have oversight jurisdiction over cyber warfare.

Commentary: Cyber Warfare and the Department of Energy

6/8. This articles offers the analysis, based upon the missions and operations of the Department of Energy (DOE), that it was well placed to provide much of the expertise to implement the US cyber attack upon the nuclear weapons program of Iran, also known as the stuxnet program.

Hence, while Republicans have advanced the idea that White House political aides leaked information to the New York Times (NYT) in a bid to boost President Obama's re-election chances in November, one might also consider the DOE as an alternative source of leaks.

Also, if the Congress is to revise federal law prohibiting the disclosure of secret government information pertaining to national security, and if it is also ultimately revealed that the DOE or other government research agencies were involved in leaking cyber warfare information, then revision of law might specifically address maintaining secrecy at government research agencies.

This article relies upon information provided in the web sites of the DOE and its laboratories, and news articles published in the NYT regarding the stuxnet cyber warfare program. See, especially, story by David Sanger, dated June 1, 2012, and titled "Obama Order Sped Up Wave of Cyberattacks Against Iran", and story by William Broad, John Markoff and Sanger, dated January 15, 2011, and titled "Israeli Test on Worm Called Crucial in Iran Nuclear Delay".

First, the DOE includes the National Nuclear Security Administration (NNSA), which is responsible for the US nuclear weapons program, US naval and non-military nuclear reactors, and nuclear non-proliferation. Hence, it is an agency with both missions and expertise related to sabotaging the nuclear weapons development programs of other countries.

Second, the DOE includes the Office of Intelligence and Counterintelligence, a secretive unit that maintains no web site. It assesses the nuclear weapons programs of other countries, including Iran. It is one of the components of the US intelligence community.

Third, the DOE's Idaho National Laboratory (INL), which focuses on nuclear sciences, may have played a role in the stuxnet program. In particular, it possesses expertise regarding the computer controllers that manage industrial machinery. This includes nuclear weapons program equipment, including centrifuges, which are used for uranium enrichment for weapons. Stuxnet was intended to use controllers to cause Iran's centrifuges to malfunction.

Fourth, the DOE's Oak Ridge National Laboratory (ORNL) might also have played a role in the stuxnet program. Iran wants nuclear weapons. Uranium is used in nuclear weapons. However, uraniuim exists in three isotopes. Less than one percent is U-235 -- such stuff as bombs are made of. The trick is separating the U-235 from the rest. The method used by Iran is high speed centrifuges. Centrifuges separate gaseous or liquid content by weight. For uranium isotopes, this is a difficult process, because uranium isotopes have nearly the same weight. Iran uses technology obtained from Pakistan, which has developed nuclear weapons. Libya also acquired the same technology, but abandoned its nuclear weapons program a decade ago. The US acquired centrifuges from Libya. They are at the ORNL in the state of Tennessee. Hence, it is possible that the DOE might have tested stuxnet at the ORNL.

Fifth, the DOE is an agency with expertise in materials, including metals, alloys and composites. For example, US nuclear programs use materials. As another example, the DOE is tasked with reducing US consumption of carbon fuels. One way is to develop and incorporate lighter materials in the construction of cars, trucks, aircraft, and other vehicles. The DOE has expertise in developing and testing materials that do not break during intended use. This leads to spill over expertise in how to cause materials to fail. And, causing materials in centrifuges to fail was a goal of the stuxnet program.

Finally, it should be noted that much of the federal computer science research is conducted by the DOE, including at the Argonne National Laboratory (ANL).

OMB Memo Addresses Administration's Research Priorities

6/8. The Office of Management and Budget (OMB) released a memorandum [PDF] titled "Science and Technology Priorities for the FY 2014 Budget".

This memorandum instructs the heads of executive departments and agencies to focus their research activities on areas listed in this memorandum. It lists the Obama administration's interest in manufacturing technology, clean energy technology, global climate research, nanotechnology, STEM education, and biotech.

It also lists two information technology research fields -- big data and cyber security.

It states that "Within the interagency Networking and Information Technology Research and Development initiative, agencies should give priority to investments that address the challenges of, and tap the opportunities afforded by, the Big Data revolution -- the fast-growing volume of large and complex collections of digital data to advance agency missions and further scientific discovery and innovation."

It also states that "Within the initiative, agencies should give priority to investment in data analytics and management and to fundamental research in computer science and engineering above funding for the development and procurement of large-scale high performance computing systems."

See, Networking and Information Technology Research and Development's (NITRD) Big Data web page.

The memorandum adds that "Agencies should also give priority to research guided by the Trustworthy Cyberspace: Strategic Plan for Cybersecurity R&D Programs to develop technologies that can protect our systems against current and future cyber-attacks."

See, the paper titled "Trustworthy Cyberspace: Strategic Plan for Cybersecurity Research and Development Program", released by the Executive Office of the President's (EOP) Office of Science and Technology Policy (OSTP) in December of 2011.

New America Foundation Criticizes US Offensive Cyber Warfare

6/8. Steve Coll, President of the New America Foundation (NAF), wrote a short piece titled "The Rewards and Risks of Cyberwarfare".

He wrote that the US cyber attack on Iran's nuclear weapons development program "will invite imitation and retaliation in kind, and it has established new and disturbing norms for state aggression on the Internet and in its side-channels. American and Israeli official action now stands available as a justification for others."

He added that "in the future, ... the ability to conduct cyber attacks will be very broadly distributed -- not just among governments, but among individuals, corporations, and terrorists."

In addition, Fred Kaplan, a Senior Fellow at the NAF, wrote a short piece titled "Why the United States Can't Win a Cyberwar".

Kaplan argued that "Because our social and economic structures are far more dependent on computer networks than those in any other country, a major cyberattack would do far more damage to us. Therefore, the situation in the cyber domain is more like this: We hurt you; you cripple us. That being the case, an offensive cyber strategy amounts to a suicidal trap."

He continued that in the case that "China puts a move on Taiwan or the South China Sea -- and threatens to trigger a power blackout in every American city if we interfere", than threatening to "retaliate in kind ... would have little effect".

People and Appointments

6/8. Rama Elluru, John Evans, Larry Hume, Ulrike Jenks, Hyun Jung, Brett Martin, John Martin, Brian McNamara, Annette Reimers, Sheridan Snedden, and Michael Strauss took the oath of office as administrative patent judges on the U.S. Patent and Trademark Office's (USPTO) Board of Patent Appeals and Interferences (BPAI). See, USPTO release.

More News

6/8. Rep. Judy Chu (D-CA), Rep. Lamar Smith (R-TX), and others introduced HRes  683, which expresses the regret of the House of Representatives for the passage of laws in the 19th Century that adversely affected the Chinese in the United States, including the Chinese Exclusion Act.

6/8. The Federal Communications Commission (FCC) published a notice in the Federal Register (FR) that sets deadlines to submit oppositions, comments and replies to the American Cable Association's (ACA) Petition for Reconsideration of the FCC's Fifth Report and Order [130 pages in PDF] regarding the Emergency Alert System (EAS). This order continues the FCC's process of revising its EAS rules to specify the manner in which EAS participants must be able to receive alert messages formatted in the Common Alerting Protocol (CAP). The FCC adopted this item on January 9, 2012, and released the text on January 12, 2012. It is FCC 12-7 in EB Docket No. 04-296. The ACA asked in its on April 23, 2012, petition for a streamlined waiver process for small cable systems serving fewer than 501 subscribers that lack physical connectivity to broadband Internet access. See, FR, Vol. 77, No. 111, Friday, June 8, 2012, at Pages 33995-33997. See also, the ACA's April 23 release and the FCC's May 25, 2012, Public Notice (DA 12-834). The deadline to submit oppositions and comments is June 25. The deadline to submit replies is July 3.

Senate Considers Bill To Extend FISA Outside the US Warrantless Wiretap Authority

6/7. Sen. Dianne Feinstein (D-CA) introduced S 3276 [LOC | WW], misleadingly titled the "FAA Sunsets Extension Act of 2012". This bill has nothing to do with the Federal Aviation Administration (FAA). Rather it would extend for five years a key surveillance section of the Foreign Intelligence Surveillance Act of 1978 (FISA), enacted in 2008, that is set to expire on December 31, 2012.

Sen. Feinstein's bill would extend for five years government authority to conduct surveillance related to persons outside the US, without individualized court approval. Surveillance of persons "outside of the United States" is a term of art that also enables surveillance of persons inside of the US who fall within the protection of the 4th Amendment.

This bill was referred to the Senate Intelligence Committee (SIC), which secretly approved the yet to be introduced bill, in a closed May 22 meeting, tunc pro nunc.

The full Senate might have also promptly passed the bill, without debate, but for a hold being placed on the bill by Sen. Ron Wyden (D-OR), who also opposed the bill in the SIC on May 22.

The House has also been begun consideration of sunset extension legislation, but in a more orderly and open process.

The House passed HR 6304 [LOC | WW], the "Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008", on June 20, 2008. The Senate passed it on July 9, 2008. Former President Bush signed it on July 10, 2008. It is now Public Law No. 110-261. See, stories titled "House Approves FISA Reform Bill" and "Attorney General and DNI Praise FISA Reform Bill" in TLJ Daily E-Mail Alert No. 1,783, June 19, 2008, and "House and Senate Leaders Release Draft FISA Reform Bill" in TLJ Daily E-Mail Alert No. 1,782, June 18, 2008.

The 2008 Act is huge. Section 403(b)(1) of the 2008 Act provides that "Except as provided in section 404, effective December 31, 2012, title VII of the Foreign Intelligence Surveillance Act of 1978, as amended by section 101(a), is repealed." That is, the relevant language sunsets at the end of 2012. The just introduced bill would replace "December 31, 2012" with "June 1, 2017". That is, it extends the sunset for about five years.

The 2008 Act, at Section 101, completely replaced Title VII of the 1978 Act. It allows federal surveillance, without court approval, under the FISA, of people believed to be outside of the US. More specifically, it pertains to "the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information".

However, US citizens are located abroad, persons abroad communicate with persons inside the US, and those conducting surveillance often do not know the location of the persons they are attempting to surveil. Hence, this provision enables the government to conduct warrantless wiretaps and other surveillance of US citizens located in the US when communicating with persons whom the government believes are abroad.

Foreigners located outside the US are not protected by the 4th Amendment. The US government can wiretap them at will without court approval. However, the 2008 Act authorizes surveillance that also results in the interception of communications of persons who are protected by the 4th Amendment.

Sen. Ron WydenAs Sen. Wyden (at right) and Sen. Mark Udall (D-CO) wrote in their dissenting statement in the SIC report, this provision creates "a loophole in the law that could allow the government to effectively conduct warrantless searches for Americans' communications".

They elaborated that "We have concluded, however, that section 702 currently contains a loophole that could be used to circumvent traditional warrant protections and search for the communications of a potentially large number of American citizens. We have sought repeatedly to gain an understanding of how many Americans have had their phone calls or emails collected and reviewed under this statute, but we have not been able to obtain even a rough estimate of this number."

They elaborated that "The Office of the Director of National Intelligence told the two of us in July 2011 that `it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed' under the FISA Amendments Act. We are prepared to accept that it might be difficult to come up with an exact count of this number, but it is hard for us to believe that it is impossible to even estimate it."

It should be noted that the provision in the 2008 Act that is up for extension does require a court order. However, it allows broad generalized orders. It allows orders that cover entire surveillance program, without identification or description of any person, phone, or email account.

The 4th Amendment requires individualized orders. That is, it requires orders "particularly describing the place to be searched, and the persons or things to be seized".

The 2008 Act also contains some limitations on this broad surveillance authority. For example, the government "may not intentionally target any person known at the time of acquisition to be located in the United States" under this Title VII authority.

DOT Releases Report on Distracted Driving

6/7. The Department of Transportation (DOT) released a report [PDF] titled "Blueprint for Ending Distracted Driving". It describes the activities of the DOT and other entities to study and reduce distracted driving.

Ray LaHood, Secretary of Transportation, stated in a release that "Distracted driving is an epidemic. While we’ve made progress in the past three years by raising awareness about this risky behavior, the simple fact is people are continuing to be killed and injured -- and we can put an end to it".

Ray LaHoodLaHood (at right) added that "Personal responsibility for putting down that cell phone is a good first step -- but we need everyone to do their part, whether it’s helping pass strong laws, educating our youngest and most vulnerable drivers, or starting their own campaign to end distracted driving."

This report states that the DOT's National Highway Traffic Safety Administration (NHTSA) "estimates that there are at least 3,000 deaths annually from distraction-affected crashes -- crashes in which drivers lost focus on the safe control of their vehicles due to manual, visual, or cognitive distraction. Studies show that texting simultaneously involves manual, visual, and mental distraction and is among the worst of all driver distractions. Observational surveys show that more than 100,000 drivers are texting at any given daylight moment, and more than 600,000 drivers are holding phones to their ears while driving." (Footnotes omitted.)

It adds that "As of June 2012, 39 States have enacted anti-texting laws, and 10 States have passed laws banning all hand-held phone use by drivers. One way to help address the problem is to encourage the remaining 11 States to pass anti-texting laws."

The report also addresses the "NHTSA's enforcement pilot programs in Hartford, Connecticut, and Syracuse, New York.

The report notes that in February the NHTSA proposed voluntary guidelines for vehicle manufacturers to discourage the introduction of excessively distracting devices that are integrated into vehicles. It adds that "NHTSA expects to finalize these Phase 1 Distraction Guidelines during 2012."

Moreover, the report states, the NHTSA "is considering Phase 2 guidelines to address portable devices not built into the vehicle, including aftermarket GPS navigation systems, smart phones, electronic tablets and pads, and other mobile communications devices."

And then, "Phase 3 guidelines may address voice-activated controls to further minimize distraction in factory-installed aftermarket and portable devices."

Rep. Scott Introduces Drones Bill

6/7. Rep. Austin Scott (R-GA) introduced HR 5925 [LOC | WW], the "Preserving Freedom from Unwarranted Surveillance Act of 2012", a bill regarding the use of drones in the United States by the federal government.

This bill would regulate the use by the federal government of unmanned aerial vehicles within the United States.

It would provide that subject to certain exceptions, "a person or entity acting under the authority of the United States shall not use a drone to gather evidence or other information pertaining to criminal conduct or conduct in violation of a regulation except to the extent authorized in a warrant issued under the procedures described in the Federal Rules of Criminal Procedure".

The exceptions include the use of drones to patrol national borders, and use of drones under "exigent circumstances".

Nothing in the bill prevents the warrantless use of drones to collect information for other purposes, such as national defense, surveillance under the Foreign Intelligence Surveillance Act (FISA), geographic survey, or weather or traffic monitoring.

Nothing in the bill would prevent the use of drones in the US by non-governmental entities.

Nothing in the bill would prevent the use of drones by states, or political subdivisions of states. Most law enforcement and criminal prosecution is conducted by state and local entities.

The bill is inartfully drafted. It leaves unaddressed many key issues. For example, it is silent regarding whether a defendant in a criminal proceeding may obtain an order excluding evidence obtained from a drone, or as a result of use of a drone, in violation of the prohibition of this bill.

The bill provides that "Any aggrieved party may in a civil action obtain all appropriate relief to prevent or remedy a violation of this Act." It does not define an "aggrieved party". Nor does it enumerate what relief is available. For example, is relief limited to damages? Can an aggrieved party obtain an injunction against continued violation?

The bill does not state whether it would amend Title 18, and if so, which chapter.

It was referred to the House Judiciary Committee (HJC).

Bernanke Addresses Economy and R&D

6/7. Federal Reserve Board (FRB) Chairman Ben Bernanke testified before the Congress's Joint Economic Committee (JEC) on June 7. He wrote in his prepared testimony that "Real gross domestic product (GDP) rose at an annual rate of about 2 percent in the first quarter after increasing at a 3 percent pace in the fourth quarter of 2011".

Ben BernankeBernanke (at right) said that "To the fullest extent possible, federal tax and spending policies should increase incentives to ... promote research and development ...".

The research and development (R&D) tax credit expired on December 31, 2011. The Congress has repeatedly enacted short term extensions of this credit. It was last extended at the end of 2010. See, story titled "Tax Bill Enacted With R&D Tax Credit Extension" in TLJ Daily E-Mail Alert No. 2,182, December 18, 2010.

On Friday, June 8, the House Ways and Means Committee's (HWMC) Subcommittee on Select Revenue Measures will hold a hearing on expiring tax provisions, including the R&D tax credit.

This credit, which is codified at 21 U.S.C. § 41, is also in need of modernization in order to incent newer companies, including tech companies, to conduct more R&D.

Bernanke also stated that "Economic growth appears poised to continue at a moderate pace over coming quarters". He also noted that "the demand for U.S. exports has held up well. The U.S. business sector is profitable and has become more competitive in international markets."

Obama Reappoints Clyburn

6/7. President Obama nominated Mignon Clyburn to be a member of the Federal Communications Commission (FCC). See, White House news office release and release.

Mignon ClyburnThis is a reappointment. President Obama first appointed Clyburn (at right) in 2009. See, story titled "Obama Announces Mignon Clyburn for FCC Commissioner" in TLJ Daily E-Mail Alert No. 1,933, April 29, 2009.

This is for a term of five years from July 1, 2012.

FCC Chairman Julius Genachowski praised the decision, and stated in a release that she has "focused on helping all Americans harness the benefits of broadband". Commissioner Robert McDowell praised her in a release. Commissioner Jessica Rosenworcel praised her in a release. Commissioner Pai praised her in a release.

Michael Powell, a former FCC Chairman, and now head of the National Cable and Telecommunications Association (NCTA), stated in a release that "We congratulate Commissioner Clyburn for her well-deserved renomination to a second term at the FCC. Commissioner Clyburn is a passionate advocate for empowering all consumers through technology and we look forward to continuing working with her and the entire Commission to ensure that all Americans enjoy the transformative benefits of broadband and other communications services."

FTC Takes Action Against Two Companies for Inadvertent P2P File Sharing

6/7. The Federal Trade Commission (FTC) announced that it brought and simultaneously settled two administrative actions against companies at which consumer data was inadvertently compromised. Both cases involved the use of peer to peer (P2P) software by employees on computers that were part of networks that contained personal information (PI).

Rep. Henry Waxman (D-CA) urged the FTC to take action of this nature as early as 2007. See, related story in this issue titled "Commentary: the Movie Industry and the FTC".

Both FTC cases, against a car dealership (Franklin Budget Car Sales, Inc.) and a debt collector (EPN, Inc.), are signed settlements, in which FTC staff prepared complaints and settlement agreements. Franklin signed on February 21, and EPN signed on March 5. The five member Commission voted to approve both actions at undisclosed times. FTC staff released these documents, and a release, on June 7.

See, administrative Complaint against Franklin, and Settlement Containing Consent Order. See also, administrative Complaint against EPN, and Settlement Containing Consent Order.

These pleadings contain little information about the actual conduct that prompted the FTC to bring these actions. In the Franklin case, the complaint states that "customers' personal information was accessed and disclosed on peer-to-peer (``P2P´´) networks by a P2P application installed on a computer that was connected to respondent's computer network".

As a result, "Information for approximately 95,000 consumers, including, but not limited to, names, Social Security numbers, addresses, dates of birth, and drivers' license numbers ... was made available on a P2P network".

In the EPN case, the complaint states that "EPN's chief operating officer was able to install a P2P application on her desktop computer, which was connected to EPN's computer network". As a result, "two files containing personal information about the client’s debtors were available on a P2P network".

These two files contained "contained personal information about approximately 3,800 consumers, including each consumer’s name, address, date of birth, Social Security number, employer name, employer address, health insurance number, and a diagnosis code".

Neither complaint discloses the P2P software involved.

The Franklin complaint is silent regarding when the violations took place. The EPN complaint discloses that EPN "disabled" the P2P program at issue in April of 2008.

Neither settlement involves fines or penalties. Both impose requirements that Franklin and EPN modify their business practices to better protect the privacy and security of PI. Neither case provides clear guidance to companies regarding if, or when, and under what circumstances they might allow P2P software to be installed on company computers.

In both actions, the FTC proceeded under Section 5 of the FTC Act. Section 5, which is codified at 15 U.S.C. § 45, provides that "Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful."

The complaints and settlements show that the FTC proceeded under Section 5 because both businesses had adopted and released privacy policies, and then violated those policies.

The FTC proceeded against both businesses under the "deceptive" prong of Section 5. These actions shed no light upon the FTC's view as to whether or not it could proceed under the "unfair" prong if the businesses had no privacy policies, and then allowed uninformed and unsupervised use of P2P networks by employees.

For more on the subject of FTC reliance upon the unfair prong to regulate privacy, see story titled "Commentary: Unfair v. Deceptive Conduct", and related stories, in TLJ Daily E-Mail Alert No. 2,357, March 26, 2012.

In addition, since the car dealership made loans, it fell within the Gramm Leach Bliley Act's definition of "financial institution". The GLB Act regulates the privacy related practices of financial institutions. The FTC has promulgated, under the GLB Act, both Safeguard Rules, and Privacy Rules. Hence, the FTC proceeded against Franklin under the additional theories that it violated both the Safeguard Rules and Privacy Rules.

Both the Safeguard Rules and Privacy Rules are written in broad language that address safeguards, monitoring, testing, investigations, and programs. They do not address the use of P2P software.

The complaints allege, and the agreement confirm, that violations occurred in the Franklin and EPN cases. However, these documents do not provide much guidance to businesses going forward. The actions do alert businesses that installation of P2P software on any computers used by businesses might subject them to enforcement action by the FTC.

This uncertainty may contribute to a chilling effect upon the use of P2P software on computers used in connection with interstate commerce.

Commentary: the Movie Industry and the FTC

6/7. The movie industry has a history of hostility to P2P software. It is a means by which copyrighted movies are widely infringed, thereby causing substantial financial losses to movie companies and people who work in the movie industry.

The FTC's just announced cases may have the effect of decreasing the use of P2P software, and thereby benefit the movie industry.

Rep. Henry Waxman (D-CA) represents a district that includes West Hollywood and Beverly Hills. His district is home to many people who work in the movie industry. Moreover, he has asked the FTC to take the type of action that it just did in the Franklin and EPN cases.

For example, Rep. Waxman sent a letter to the FTC on October 17, 2007, in which he urged the FTC to "investigate promptly recent disclosures regarding inadvertent file sharing over peer-to-peer (P2P) networks and to take steps to ensure that potential risks posed by P2P networks are incorporated into the Commission's ongoing efforts to combat identity theft." See, story titled "Representatives Write FTC Regarding Inadvertent P2P File Sharing" in TLJ Daily E-Mail Alert No. 1,658, October 19, 2007.

It may also be pertinent that the Chairman of the FTC is Jonathan Leibowitz. Prior to his appointment at the FTC, he was a Washington lobbyist employed by the Motion Picture Association of America (MPAA). See, story titled "Jonathan Leibowitz" in TLJ Daily E-Mail Alert No. 1,903, February 24, 2009.

Also, the FTC, prior to Leibowitz's tenure, took no action on the complaint submitted to the FTC on August 1, 2007 by Matt Schruers of the Computer and Communications Industry Association (CCIA). He argued  that Major League Baseball, National Football League, NBC/Universal, and others violated Section 5 of the FTC Act in connection with their alleged use of deceptive and threatening copyright notices.

The FTC sent the CCIA a letter [6 pages in PDF] on December 6, 2007, stating that "the FTC staff has determined not to recommend that the Commission take any formal action against the companies". See, story titled "CCIA Comments on FTC Letter Regarding Copyright Notices Complaint" in TLJ Daily E-Mail Alert No. 1,723, February 26, 2008.

People and Appointments

6/7. The Senate Judiciary Committee (SJC) held an executive business meeting at which it approved the nominations of Robert Bacharach (to be a Judge of the U.S. Court of Appeals for the 10th Circuit), Paul Grimm (U.S. District Court for the District of Maryland), John Dowdell (USDC/NDOkla), and Mark Walker (USDC/NDFl). The SJC held over consideration of the nomination of Brian Davis (USDC/MDFl). His nomination is again on the agenda for the SJC's executive business meeting of June 14.

House Judiciary Committee Approves RAPID Act

6/6. The House Judiciary Committee (HJC) amended and approved HR 4377 [LOC | WW], the "Responsibly And Professionally Invigorating Development Act of 2012", or "RAPID Act".

The HJC approved an amendment in the nature of a substitute (AINS) [31 pages in PDF] offered by Rep. Dennis Ross (R-FL). The vote on passage was 14-8. It was straight party line vote. All of the yes votes were cast by Republicans. All of the no votes were cast by Democrats.

The HJC rejected five amendments to the AINS offered by Democrats. See, amendment [1 page in PDF] offered by Rep. Hank Johnson (D-GA), amendment [1 page in PDF] offered by Rep. John Conyers (D-MI), amendment [1 page in PDF] offered by Rep. Jerrold Nadler (D-NY), amendment [1 page in PDF] offered by Rep. Sheila Lee (D-TX), and amendment [15 pages in PDF] offered by Rep. Steve Cohen (D-TN).

Each amendment failed on a straight party line vote. The lack of support from HJC Democrats does not bode well for the bill in the Senate, which has a Democratic majority.

Four California Democrats did not participate in any of the roll call votes: Rep. Howard Berman (D-CA), Rep. Zoe Lofren (D-CA), Rep. Judy Chu (D-CA), and Rep. Maxine Waters (D-CA).

Rep. Lamar Smith (R-TX), the Chairman of the HJC and a cosponsor of the bill, wrote in his opening statement that "The federal regulatory process remains an obstacle to job creation and business expansion. For example, our outdated and overly burdensome environmental review process keeps jobs and workers waiting for approval from government agencies in Washington. Employers and investors can't move forward without the necessary permits, and without confidence in the process."

He said that this bill would make the "federal environmental review and permit process more efficient and transparent".

This bill is primarily directed at the National Environmental Policy Act (NEPA), which was enacted in 1969, and which is now codified at 42 U.S.C. § 4321, et seq.

However, the RAPID Act would also impact information and communications technology (ICT) in several ways. For example, it would streamline the permitting processes for the extraction of rare earth minerals, which are used in a wide range of ICT devices and equipment, including fiber optic cable, disk drives, satellites, and smart phones.

Molycorp Minerals, which operates the Mountain Pass facility in California, is planning to resume extraction of rare earths. Molycorp announced in an April 9 release that there are "18.4 million short tons of rare earth ore" at Mountain Pass.

Also, the NEPA requires all federal agencies, including the Federal Communications Commission (FCC), to identify and take into account environmental effects, such as the impact on migratory birds, when deciding whether to authorize or undertake a major federal action, such as the licensing of communications towers.

For a more detailed discussion of the impact of the RAPID Act on ICT, see story titled "House Judiciary Committee to Mark Up RAPID Act" in TLJ Daily E-Mail Alert No. 2,388, June 1, 2012.

Former National Security Officials Urge Senate to Pass Cyber Security Bill

6/6. A group of former senior defense, national security, and intelligence officials (Michael Chertoff, Michael Hayden, Mike McConnell, Paul Wolfowitz, James Cartwright and William Lynn) sent a letter to Senate leaders Sen. Harry Reid (D-NV) and Sen. Mitch McConnell (R-KY) urging them to "bring cyber security legislation to the floor as soon as possible".

These former officials wrote that "Various drafts of legislation have attempted to address this important area -- the Lieberman/Collins bill having received the most traction recently. We will not advocate one approach over another -- however, we do feel strongly that critical infrastructure protection needs to be addressed in any cyber security legislation."

The continued that "Where market forces and existing regulations have failed to drive appropriate security, we believe that our government must do what it can to ensure the protection of our critical infrastructure. Performance standards in some cases will be necessary -- these standards should be technology neutral, and risk and outcome based. We do not believe that this requires the imposition of detailed security regimes in every instance, but some standards must be minimally required or promoted through the offer of positive incentives such as liability protection and availability of clearances."

Moreover, they wrote that "Any legislation passed by Congress should allow the public and private sectors to harness the capabilities of the NSA to protect our critical infrastructure from malicious users."

Michael Michael Chertoff (at left) is a former Secretary of Homeland Security. He is now of counsel to the law firm of Covington & Burling, and head of the Chertoff Group, a security consulting firm.

Mike McConnell is a former US Navy officer, former Director of the NSA and former Director of National Intelligence (the last two years of the Bush administration). He now works at Booz Allen Hamilton.

Paul Wolfowitz is a former Deputy Secretary of Defense. He is now a scholar at the American Enterprise Institute (AEI), and Chairman of the US Taiwan Business Council.

Michael HaydenMichael Hayden (at right) is a former US Air Force officer, former Director of the NSA, former Director of the CIA, and former Principal Deputy Director of National Intelligence. He now works at the Chertoff Group.

James Cartwright is a former US Marines officer, and former Vice Chairman of the Joint Chiefs of Staff (2007-2011).

William Lynn was Deputy Secretary of Defense (2009-2011) and a senior DOD official in the Clinton administration.

McConnell, Chertoff and Lynn wrote a piece titled "Chinese Cyber Espionage: How to Combat the Growing Threat" that was published in the Wall Street Journal on January 27, 2012.

There are numerous cyber security related bills pending in the House and Senate. However, few have been passed by the House of Senate.

The House passed HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA", a bill that would incent cyber threat information sharing, on April 26, 2012. See, stories titled "House Passes CISPA" and "Amendment by Amendment Summary of House Consideration of CISPA" in TLJ Daily E-Mail Alert No. 2,380, April 25, 2012.

The House passed HR 2096 [LOC | WW], the "Cybersecurity Enhancement Act of 2012", on April 27, 2012. This bills pertains to cyber security research and development, and education, and federal cyber security standards. See, story titled "House Passes Cybersecurity Enhancement Act" in TLJ Daily E-Mail Alert No. 2,281, April 30, 2012.

The House passed HR 3834 [LOC | WW], the "Advancing America's Networking and Information Technology Research and Development Act of 2012", also known as "NITRD". See, story titled "House Passes NITRD Bill" in TLJ Daily E-Mail Alert No. 2,281, April 30, 2012.

FCC Releases Agenda for June 13 Meeting

6/6. The Federal Communications Commission (FCC) released an agenda for its event on Wednesday, June 13, 2012, titled "Open Meeting".

First, the FCC is scheduled to adopt an Order that would modify its equipment authorization rules to increase the supply of grantee codes assigned to parties applying for equipment certification.

Second, the FCC is scheduled to adopt a Fourth Report and Order and Fifth Further Notice of Proposed Rulemaking regarding use of spectrum in the 4940-4990 MHz band.

This event is scheduled for 10:30 AM at the FCC's main building located at 445 12th St., SW. This event will be held in the Commission Meeting Room, Room TW-C305. The FCC will webcast this event.

Senate to Take Up Farm Bill with Rural Broadband and Telemedicine Provisions

6/6. The Senate is scheduled on Wednesday, June 6, to resume consideration of the motion to proceed to S 3240 [LOC | WW]. This is a huge bill pertaining to agriculture. It also includes provisions related to rural telecommunications, broadband and telemedicine.

Section 6102 of the bill would amend Section 313A(f) of the Rural Electrification Act of 1936 (REA), which is codified at 7 U.S.C. § 940c-1(f). It authorizes the Department of Agriculture (DOA) to make loan guarantees for telephone purposes. It is set to expire on September 30 of this year. This bill would to extend this program through 2017.

Section 6103 of the bill would amend Section 315(d) of the REA, which is codified at 7 U.S.C. § 940e(d). It authorizes the DOA to make loans "for facilities and equipment to expand or improve in rural areas ... 911 access ... integrated interoperable emergency communications ... homeland security communications ... transportation safety communications ... or ... location technologies ...". It is set to expire this year. This bill would extend this program through 2017.

Section 6104 of the bill would make numerous changes to Section 601 of the REA, which is codified at 7 U.S.C. § 950bb. It pertains to rural broadband loans and grants.

This section states that its purpose "is to provide loans and loan guarantees to provide funds for the costs of the construction, improvement, and acquisition of facilities and equipment for broadband service in rural areas."

This section authorizes the appropriation of $25 Million per year through 2012. This bill would extend this authorization through 2017.

This bill also provides that "In making grants or guaranteeing loans ... the Secretary shall give the highest priority to applicants that offer to provide broadband service to the greatest proportion of households that, prior to the provision of the broadband service, had no incumbent service provider."

Section 6201 of the bill would amend 7 U.S.C. § 950aaa-5, which authorizes the appropriation of $100 Million per year for telemedicine and distance learning in rural areas. Current authority expires this year. This bill would extend this program through 2017.

Members of Congress Condemn Leaks of Information About US Cyber Attacks on Iran

6/6. Members of Congress condemned the release to news media of confidential national security information regarding the use of cyber attacks on the nuclear weapons development programs of Iran.

For example, the Chairmen and ranking members of the Senate Intelligence Committee (SIC) and House Intelligence Committee (HIC) issued a joint statement condemning the leaks.

They wrote that "we have become increasingly concerned at the continued leaks regarding sensitive intelligence programs and activities, including specific details of sources and methods. The accelerating pace of such disclosures, the sensitivity of the matters in question, and the harm caused to our national security interests is alarming and unacceptable."

They also wrote that the SIC and HIC "each intend to review potential legislation to strengthen authorities and procedures with respect to access to classified information and disclosure of it, as well as to ensure that criminal and administrative measures are taken each time sensitive information is improperly disclosed."

They added that "We plan to move legislation quickly, to include possible action in this year's intelligence authorization act."

The New York Times published a story by David Sanger on June 1, 2012, titled "Obama Order Sped Up Wave of Cyberattacks Against Iran".

That article stated that President Obama "ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America's first sustained use of cyberweapons, according to participants in the program."

That article added that an "element of the program", known as Stuxnet, "accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran's Natanz plant and sent it around the world on the Internet".

That article reported on the content of debate regarding the program in the White House involving President Obama, Vice President Biden, then CIA Director Leon Panetta, and others.

For more on the Stuxnet, see story titled "Senate Committee Holds Hearing on Cyber Warfare" in TLJ Daily E-Mail Alert No. 2,158, November 17, 2012.

People and Appointments

6/6. The Senate confirmed Jeffrey Helmick to be a Judge of the U.S. District Court for the Northern District of Ohio, by a vote of 62-36. See, Roll Call No. 116. See also, Congressional Record, June 6, 2012, at Page S3801.

6/6. The Federal Trade Commission (FTC) published a notice in the Federal Register (FR) that announces the members of it Performance Review Board: Eileen Harrington, Willard Tom, Pauline Ippolito, Richard Feinstein, and Mary Engle. See, FR, Vol. 77, No. 109, Wednesday, June 6, 2012, at Page 33460.

More News

6/6. The Boards of The NASDAQ OMX Group and The NASDAQ Stock Market announced in a release that they "are seeking review by the Securities and Exchange Commission of a one-time voluntary accommodations program for qualifying members who were disadvantaged by technical problems that arose during the Facebook IPO cross on May 18. The technical problems experienced on that date have been remedied."

Go to News from June 1-5, 2012.