TLJ News from October 16-20, 2012

Quarterly Earnings

10/19. AT&T, Facebook, Google, Intel, Microsoft and Verizon recently reported quarterly financial results. See:

Comcast will report on October 26. See, release. Sprint Nextel will report on October 25. See, release.

More News

10/19. The National Institute of Standards and Technology's (NIST) Information Technology Laboratory (ITL) published a notice in the Federal Register (FR) in which it invited "interested U.S. companies to submit letters of interest in collaborating with" the NIST's ITL in its "National Cybersecurity Center of Excellence". This notice contains no deadline. See, FR, Vol. 77, No. 203, October 19, 2012, at Pages 64314-64315.

Update on Iranian DDOS Attacks

10/18. The Wall Street Journal (WSJ) published a story by Siobhan Gorman in its online edition on October 17, and in its print edition of October 18, titled "Iran Renews Internet Attacks on U.S. Banks".

This WSJ story states that "U.S. officials said the attacks against banks, and others against Middle Eastern energy companies, were sponsored by the Iranian government and approved at high levels as part of a low-grade cyberwar that officials warned could lead to retaliation."

Secretary of Defense Leon Panetta gave a speech in New York City on October 11 in which he addressed cyber security, and recent cyber attacks, but stopped short of attributing the attacks to Iran. See, story titled "Defense Secretary Panetta Discusses Cyber Security" in TLJ Daily E-Mail Alert No. 2,461, October 15, 2012.

Prolexic Technologies, a company that provides distributed denial of service (DDOS) protection services, stated in a release on October 17, 2012 that "the size of DDoS attacks increased significantly against its global client base in Q3 2012."

It added that "During Q3, Prolexic mitigated seven DDoS attacks of more than 20 Gigabits per second (Gbps) for different clients across multiple industries. A number of these denial of service attacks leveraged the PHP-based bot toolkit called itsoknoproblembro that has been used in some recent high-profile DDoS attacks."

Neither this release, nor an accompanying 14 page report, references Iran.

A TLJ review on October 18 of several financial institutions identified in various news stories as targets of recent DDOS attacks revealed that their web sites are accessible, that they have not recently published releases that disclose DDOS attacks, and that they have not recently filed statements with the Securities and Exchange Commission (SEC) that disclose DDOS attacks. Whether, and if so, what, they will disclose in their annual Form 10-K, or next quarterly Form 10-Q, remains to be seen.

SEC Disclosure Requirements Arising from DDOS Attacks

10/18. The Securities and Exchange Commission (SEC) has not promulgated rules requiring cyber threat, or cyber incident, reporting. However, the SEC's Division of Corporation Finance issued a document that contains "guidance" on October 13, 2011.

It begins that "This guidance is not a rule, regulation, or statement of the Securities and Exchange Commission. Further, the Commission has neither approved nor disapproved its content."

It states that "there has been increased focus by registrants and members of the legal and accounting professions on how these risks and their related impact on the operations of a registrant should be described within the framework of the disclosure obligations imposed by the federal securities laws".

It notes that "Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on websites", and that "Cyber attacks may also be directed at disrupting the operations of registrants or their business partners."

Then, cyber attacks may result in remediation costs, increased cyber security costs, lost revenues, lost reputation and/or liability and litigation.

"The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision."

Hence, this guidance states that "Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky. In determining whether risk factor disclosure is required, we expect registrants to evaluate their cybersecurity risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. As part of this evaluation, registrants should consider the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption." (Footnote omitted.)

The guidance then delves into details. However, the meaning of the guidance, and the requirements that it imposes, remain unclear, as demonstrated  by subsequent filings and correspondence.

See, for example, letter of March 12, 2012 from the SEC to Amazon, letter of April 9, 2012 from Amazon to SEC, and letter of May 3, 2012, from Amazon to the SEC. These pertain to the security breach at, which is owned by Amazon. See, Zappos' disclosure in its web site.

See also:

More News

10/18. The U.S. Patent and Trademark Office (USPTO) published a notice in the Federal Register (FR) that announces, describes, recites, and sets the comment deadline for, proposed changes to the USPTO's professional responsibility rules. The USPTO proposes to align its rules with American Bar Association's (ABA) Model Rules of Professional Conduct of the ABA, which were published in 1983, substantially revised in 2003 and updated through 2011. The proposed changes do not incorporate the ABA's August 2012 revisions. See, FR, Vol. 77, No. 202, October 18, 2012, at Pages 64189-64215. See also, USPTO release. The deadline to submit comments is December 17, 2012.

10/18. Joaquín Almunia, VP of the European Commission responsible for Competition Policy, gave a speech in Trier, Germany, titled "Competition Enforcement in the EU: Beyond the Integration of Markets". He said that "Our action has helped -- among other things -- to give Europe cheaper telecom services; it has made it easier to choose between airlines; it has accompanied the emergence of the digital sector -- as in the landmark Microsoft cases -- it has brought more choice and better prices to a range of consumer goods, and much more."

10/18. The Federal Communications Commission (FCC) revised its online service titled "Small Biz Cyber Planner".

FCC Prohibits Robocalls to PSAPs

10/17. The Federal Communications Commission (FCC) adopted and released a Report and Order [36 pages in PDF] that, as directed by the Congress, amends FCC rules to prohibit robocalling to Public Safety Answering Point (PSAP) numbers.

The new rules provide, in part, that "An operator of automatic dialing or robocall equipment is prohibited from using such equipment to contact any telephone number registered on the PSAP Do-Not-Call registry other than for an emergency purpose. This prohibition encompasses both voice and text calls."

Also, the new rules define "emergency purpose" as "A call made necessary in any situation affecting the health and safety of any person."

The new rules thus allow automated calls to PSAPs from home emergency systems.

FCC Chairman Julius Genachowski wrote in his statement that "robocalls can be seriously irritating". FCC Commission Robert McDowell wrote in his statement that "autodialed calls and robocalls are annoying". However, this order provides no relief to ordinary individuals and businesses who are vexed, annoyed and repeatedly interrupted by robocallers.

The Congress directed the FCC to write these rules in the same bill that provided for incentive auctions and the creation of a public safety broadband network, HR 3630 [LOC | WW], the "Middle Class Tax Relief and Job Creation Act of 2012". It is Public Law No. 112-96. See, Section 6507.

The bill, and these new rules, provide that the monetary penalty for robocalling PSAPs ranges from $10,000 per call to $100,000 per call. The rules provide that "the monetary penalty for contacting such a telephone number shall be not less than $10,000 per call nor more than $100,000 per call depending on whether the violation was negligent, grossly negligent, reckless, or willful, and depending on whether the violation was a first or subsequent offense."

The new rules also prohibit unauthorized disclosure or dissemination of registered PSAP numbers.

FCC Commissioner Ajit Pai wrote in his statement that "When Americans call 911, it is vital that they reach emergency personnel quickly. Indeed, it is often a matter of life and death. Public safety lines therefore can’t be tied up with non-emergency calls, and those who staff Public Safety Answering Points (PSAPs) can’t be diverted by such calls."

This Report and Order is FCC 12-129 in CG Docket No. 12-129.

FCC Commissioners Praise Wireless Monthly Usage Alerts

10/17. The Federal Communications Commission (FCC) held an event titled "Open Meeting" on November 17, 2012, at which FCC staff made a presentation, and Commissioners made statements, regarding the wireless service providers' program for sending usage alerts to their customers.

The FCC adopted no rules. However, on October 14, 2010, the FCC adopted a Notice of Proposed Rulemaking (NPRM) that proposed a regulatory regime for service providers' communications with their customers. FCC Chairman Julius Genachowski and other proponents described such regulation as "bill shock" relief. See, story titled "FCC Adopts Bill Shock NPRM" in TLJ Daily E-Mail Alert No. 2,142, October 19, 2010. That NPRM is FCC 10-180 in CG Docket No. 10-207 and CG Docket No. 09-158.

The FCC had previously issued a Public Notice requesting comments on imposing a "bill shock" regulatory regime. See, stories titled "FCC Starts Bill Shock Proceeding" and "FCC Releases Paper on Consumer Understanding of Cell Phone Billing Practices" in TLJ Daily E-Mail Alert No. 2,088, May 27, 2010.

On October 17, 2011, the CTIA and participating wireless service providers announced a voluntary program for sending free alerts on subscribers' voice, data, messaging and international service usage as part of the CTIA Consumer Code for Wireless Service.

Steve Largent, head of the CTIA stated in a release on October 17, 2012 that "all of CTIA’s member signatories to the Consumer Code have met their commitment. Currently, each provider offers notifications in at least two of the applicable four categories of service, and will meet -- or beat -- next April’s deadline."

FCC Commissioner Robert McDowell wrote in his statement for the October 17 meeting that "This result was produced without a government mandate, which provides us with a model for future non-governmental solutions". He said that "cooperative efforts, rather than forced mandates, yield the best results".

FCC Chairman Julius Genachowski wrote in his statement that "we put our rulemaking on hold and said we would take a ``trust, but verify´´ approach to ensuring that carriers take these steps to help eliminate bill shock, and that consumers are treated as they deserve. Today we can verify that carriers are living up to their commitments."

FCC Commissioner Jessica Rosenworcel wrote in her statement that "the Commission needs to remain the cop on the beat".

See also, FCC release, statement of Mignon Clyburn, and statement of Ajit Pai.

See also, TLJ stories titled:

Pai Defends Usage Based Pricing

10/17. Federal Communications Commission (FCC) Commissioner Ajit Pai addressed unit based pricing (UBP) at the FCC's event on October 17, 2012 titled "Open Meeting".

The matter before the FCC was the voluntary industry program for sending wireless service usage alerts to customers. See, related story in this issue titled "FCC Commissioners Praise Wireless Monthly Usage Alerts".

However, Pai spoke more broadly. He wrote in his statement that "I also hope that the Commission will continue its hands-off policy when it comes to usage-based pricing in the wireless world."

He elaborated that "Most of us know and accept that the more we consume, the more we pay. If you use more electricity or water at your home, your bill will go up. If you order more food at a restaurant, you will be charged more. The more clothes you buy at the department store, the more money you will have to fork over. The government can’t interfere with this fundamental tenet of our free-market economy without unintended and unpleasant results, and we should be clear that the FCC will not travel down that path."

See also, stories titled "Public Knowledge Paper Urges FCC Oversight of BIAS Pricing Plans" in TLJ Daily E-Mail Alert No. 2,380, April 25, 2012, and "Phoenix Center Defends BIAS UBP" in TLJ Daily E-Mail Alert No. 2,385, May 23, 2012.

FCC Adopts WCS Band Order

10/17. The Federal Communications Commission (FCC) adopted and released an Order on Reconsideration [103 pages in PDF] regarding the Wireless Communications Service (WCS) band.

This implements a proposal put forth by AT&T and Sirius XM that is intended to enable AT&T to use most of the WCS band for LTE mobile broadband wireless service. The WCS band has remained unused for years because of issues regarding interference with use in the adjacent satellite radio band.

Sirius XM holds the licenses in the Satellite Digital Audio Radio (SDARS) band. AT&T holds licenses in the WCS band, and there are applications to assign other licenses in the WCS band to AT&T.

FCC Chairman Julius Genachowski wrote in his statement that "The WCS band is a long-troubled band that has evaded easy answers for 15 years. I am pleased that we are now solving it."

Although, the FCC has announced that it has solved this problem before.

Background. The FCC auctioned this WCS spectrum in 1997, but it has remained mostly unused. It is adjacent to the SDARS band. 2305-2320 MHz and 2345-2360 MHz is WCS spectrum. 2320-2345 MHz is SDARS spectrum.

In 2007 the FCC adopted a Notice of Proposed Rulemaking (NPRM) and Second Further NPRM [28 pages in PDF] regarding rules and policies for licensing satellite digital audio radio service (SDARS) terrestrial repeaters in the 2320-2345 MHz frequency band. It stated that "A principal challenge in establishing a regulatory framework for SDARS repeaters has been the difficulty of resolving potential interference issues between SDARS repeaters and the proposed operations of terrestrial licensees in the Wireless Communications Service (WCS) in adjacent frequency bands that will permit the two services to co-exist." That item is FCC 07-215 in WT Docket No. 07-293 and IB Docket No. 95-91.

The FCC's March 15, 2010 staff report [376 pages in PDF] titled "A National Broadband Plan for Our Future" recommended that the FCC make more spectrum available for broadband internet access services. That report stated that "The FCC should make 20 megahertz available for mobile broadband use in the 2.3 GHz Wireless Communications Service (WCS) band, while protecting neighboring federal, non-federal Aeronautical Mobile Telemetry (AMT) and satellite radio operations." (See, pages 75 and 85.)

That 2010 staff report elaborated that the FCC "established the 2.3 GHz WCS band in 1997. At that time, the FCC adopted strict operating parameters to protect operations in the adjacent Satellite Digital Audio Radio (SDARS) band. Certain WCS technical rules, particularly the out-of-band emission (OOBE) limits, largely preclude the provision of mobile broadband services in the spectrum. Based on an extensive record, the FCC should revise certain technical rules, including the WCS OOBE limits, to enable robust mobile broadband use of the 2.3 GHz WCS spectrum, while protecting federal, non-federal AMT and satellite radio operations in the neighboring SDARS band." (See, page 85. Footnotes omitted.)

In May of 2010 the FCC revised its technical rules, and imposed build out requirements, for this band. See, Report and Order and Second Report and Order (R&O) [155 pages in PDF] regarding mobile broadband use of 25 MHz of spectrum in the 2.3 GHz Wireless Communications Service (WCS) band. See also, story titled "FCC Adopts WCS-SDARS R&O" in TLJ Daily E-Mail Alert No. 2,087, May 26, 2010. That item is FCC 10-82 in WT Docket No. 07-293 and IB Docket No. 95-91.

The just released order addresses petitions for reconsideration of the 2010 R&O.

AT&T and Sirius XM submitted a joint proposal to the FCC on June 15, 2012, which largely serves as the basis for this order.

Reaction. Joan Marsh of AT&T stated in a release that "we anticipate that the service rules adopted today will permit deployment of LTE technologies in the WCS band while ensuring that satellite radio services are protected from unreasonable interference", and that "We expect to commence deployment of LTE infrastructure in the band in as early as three years".

The CTIA's Chris McCabe stated in a release that this action facilitates "the deployment of mobile broadband services in the Wireless Communications Service band. Freeing up underutilized spectrum is a critical component in the effort to meet the rapidly-escalating demand for mobile broadband services."

Matt Wood of the Free Press stated in a release that "The compromise between AT&T and XM-Sirius is a positive move for mobile broadband deployment, and we are pleased the FCC acted quickly to approve this proposal. Consumers are better off when carriers like AT&T utilize their existing spectrum instead of pursuing growth strategies that reduce competition and choice."

And, Wood asserted once again that "the talk of a spectrum crunch is more rhetoric than reality."

This order is FCC 12-130 in WT Docket No. 07-293 and IB Docket No. 95-91.

People and Appointments

10/17. Federal Communications Commission (FCC) Chairman Julius Genachowski announced changes to his PR team. Neil Grace, who was his Press Secretary, will be "Senior Communications Advisor to the FCC". Justin Cole, who previously handled PR for Tata Communications (America) Inc., will replace Grace as Press Secretary. See, FCC release.

Copyright Office Requests Comments on Creating a Resale Royalty Right for Visual Artists

10/16. The Copyright Office (CO) published a notice in the Federal Register (FR) that requests comments regarding creating a "resale royalty right" for visual artists. It published a second notice on October 16 that provides an extended comment deadline.

Outline of this Story:

Introduction. The Berne Convention addresses such rights, but does not require signatories to enact implementing legislation. To date, the European Union and EU member states have accounted for most of the implementation activity. Moreover, the actual legislative implementations vary considerably.

There are two pending bills in the US that would create a process that minimally resembles creation of a "resale royalty right".

On December 15, 2011, Rep. Jerrold Nadler (D-NY) introduced HR 3688 [LOC | WW], the "Equity for Visual Artists Act of 2011" or "EVAA". On the same day, Sen. Herb Kohl (D-WI) introduced S 2000 [LOC | WW], the companion bill in the Senate.

Sen. Kohl asserted in a statement in the Congressional Record that these bills would fulfill "our obligation under the Berne Convention". However, these bills actually are only tenuously related to the concept of "resale royalty rights" stated in the Berne Convention, and implemented in Europe.

Rep. Jerrold NadlerOn May 17, 2012, Rep. Nadler (at right) and Sen. Kohl sent a letter to the CO asking that it "assess how existing law affects and supports visual artists, and how a federal resale royalty provision would affect copyright law, visual artists and those involved in the sale of art work".

This CO notice of inquiry (NOI) follows through on this request. The extended deadline to submit comments is December 5, 2012.

The CO also wrote a report [760 pages, 30 MB] on this subject 20 years ago, titled "Droit De Suite: The Artist's Resale Royalty".

See, full story.

UK Will Not Extradite Hacker to US

10/16. Theresa May, the United Kingdom (UK) Home Secretary, stated in the UK Parliament on October 16, 2012, that the UK will not extradite Gary McKinnon to the United States. He is under indictment for hacking into U.S. military computer systems over a decade ago.

She stated that "he is seriously ill", because "he has Asperger's syndrome and suffers from depressive illness", and this precludes extradition. See, Wikipedia page on Asperger's syndrome.

She stated that "Mr. McKinnon's extradition would give rise to such a high risk of him ending his life, that a decision to extradite would be incompatible with his human rights. I have therefore withdrawn the extradition order against Mr. McKinnon." See, video [YouTube].

In 2002 a grand jury of the U.S. District Court (DNJ) returned an indictment that charges McKinnon with unauthorized access and damage to computer systems of the U.S. Navy, in  violation of 18 U.S.C. § 1030.

U.S. Department of State (DOS) spokesman Victoria Nuland stated at a news conference on October 16 that "The United States is disappointed by the decision to deny Gary McKinnon's extradition to face long overdue justice in the United States. We are examining the details of the decision." See, DOS transcript.

The UK's disclosure of its decision not to extradite McKinnon follows by just over one week its actual extradition of Abu Hamza al Masri, and others, to the US. These defendants have long been under indictment on terrorism related charges. See, October 6, 2012 release of the Office of the U.S. Attorney for the Southern District of New York.

U.S. Attorney Preet Bharara stated in this release that "As is charged, these are men who were at the nerve centers of Al Qaeda’s acts of terror, and they caused blood to be shed, lives to be lost, and families to be shattered. After years of protracted legal battles, the extradition of these three alleged terrorists to the U.S. is a watershed moment in our nation’s efforts to eradicate terrorism, and it makes good on a promise to the American people to use every available diplomatic, legal, and administrative tool to pursue and prosecute charged terrorists no matter how long it takes."

Go to News from October 11-15, 2012.