Tag Archives: legislation

Congress Not Interested in Cyber Security

President Obama SignatureIn a move to spur the move to pin and chip cards President Obama signed an executive order directing government agencies to shift to the use of chip-and-PIN cards. The order directs the use of the more secure cards for use in consumer benefits programs, including Social Security.

At the Oct. 17 appearance at the federal Consumer Financial Protection Bureau, the President also announced a cyber security and consumer protection summit that will be hosted at the White House. The summit will bring together cabinet members and key industry players  in the consumer financial sector to examine the best practices, advance adoption of stronger security standards and discuss next generation technologies.

“We are also calling on Congress to pass meaningful cyber security legislation that will help the government better protect federal networks and legislation that appropriately balances the need for greater information sharing and strong protection for privacy and civil liberties – respecting the longstanding responsibilities of civilian and military agencies,” Obama says.

President Obama also urged Congress to pass a national data breach notification law. According to the President the numerous differing state laws is unsustainable and benefits no one. “Today we are calling on Congress to act with urgency on data breach legislation, to bring clarity to the expectations consumers should have when their data has been breached, and to mandate steps companies must take to notify their customers of risks after such security breaches,” said the President.

Although the President is urging Congress to act Washington not changed. Many experts do not believe that a national data breach law is possible this year. Experts say that no bill has been introduced on Senate or House floors in the current Congress. Those familiar with the legislative process report that those who promote the law and those who would be subject to it cannot agree. Congress simply cannot agree on key provisions of data breach notification measures. Basically businesses want less stringent data breach notification rules than do consumer advocates.

“In some ways the inaction is remarkable,” says Peter Swire, senior fellow at the Future of Privacy Forum and professor at Georgia Tech’s Scheller College of Business. “We had spectacular data breaches involving tens of millions of consumers, and even that is not enough to prompt Congress into action.”

During the last four Congresses, the Senate Judiciary Committee has approved bipartisan data breach notification legislation. Sadly none of the bills ever came up for a vote. Chances of that happening in the current Congress don’t look good.

Even without federal data breach legislation data breach notification is regulated in most of the United States. Data breach law is enforced on a state-by-state basis. Currently 47 states have enacted data breach notification laws. You can examine your state data breach law at States Advance Breach Notification Laws. These state laws vary from one another and companies suffering data breaches can pick and choose what state laws they wish to follow. Many business groups would prefer to see a single, national statute to cut down on the paperwork involved in reporting data breaches.

Breaking it down

What President is saying is that the ones that are supposed to be working to protect us are clearly failing. Congress has exhibited a pathetic lack of desire to do what they are elected to do. In the past year we have seen massive data breaches that exposed the payment information of hundreds of millions of Americans. Does it look like Congress gives a damn? We have seen our government systems hacked and government employee personal information stolen. Has Congress done anythinh? We see our intellectual property stolen, medical records stolen and even military systems attacked and breached. And what are they doing in Washington? Nothing! Not a single data breach or cyber security law has even reached the floor for a vote. You might want to vote this election year. Why is Congress waiting for security advocates and companies to come to an agreement? We need our elected officials to act in the best interest of the citizens. They should have been up in arms about their constituents information being stolen. They should be but does it look that way to you?


President Obama to Unlock Cell Phones

Obama Returns To Washington After Primary NightA bill making  it legal to unlock cell phones so they can be used on any service provider’s network has arrived at the White House. President Obama is expected to sign the legislation.

The House passed the legislation after the bill passed the Senate last week.  The bill reverses a decision by the Library of Congress that made cell phone unlocking illegal. Unlocking a cell phone was actually legal until a decision by the Library of Congress in 2012 declared that such unlocking was a copyright infringement.

A petition on the White House website demanding the action collected 114,000 signatures thus prompting action.

When it comes to technology legislation or any legislation, it is rare to get action of any kind. But it seems that the both Republicans and Democrats saw a common ground and common sense on this issue and the bill was passed.

Led by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and his counterpart in the House Bob Goodlatte (R-Va.) the two men took action on the petition.  Both men believed that the issue was a basic consumer demand that made sense in the marketplace. Although there were several versions of the bill with some lawmakers attempting to use the bill to instigate broader copyright reform the bill finally passed.  

The White House has not said when the president will sign the bill.

Public Knowledge Staff Attorney Laura Moy said in a statement. The bill will “make it easier for consumers to switch from one provider to another, improving competition in the wireless market. It will improve the availability of free and low-cost secondhand phones for consumers who cannot afford to purchase new devices, and it will keep millions of devices out of landfills.”

Breaking It Down

Imagine buying a car and the car company puts a lock on the gas cap so that you can only buy gas from them. Well that’s what the cell phone companies have been doing! This was a rip off and the corporations know it. The deal worked pretty well in the beginning. You get a free cellphone if you sign up for their service. OK. But you can’t use that cell phone if you move to a different carrier.OK. But did anyone notice how the cell phone market changed? The first thing that happened was that cell phones got better and smarter. They could do more. And the carriers stop giving away the best cell phone for free. They instead gave you discounts on the best phones. You got the phone and they added a little to your bill each month until it was paid for. You signed up for their service, you paid for the phone but you still could not take it to another carrier. Wait; discount or no discount, didn’t you pay for that phone? Its yours! Why can’t you use it on another service? Because the cell phone companies were forcing you to buy another phone! Now guess what? You got a phone sitting in your closet, in the glove compartment of your car or in your desk drawer (that’s where mine is)  that is perfectly fine but it won’t work. Why? Because the cell phone companies forced you to buy another phone! Well it looks like the president is putting an end to that and justly so. How many phones are the corporations going to force the American consumer to buy? Its gone on for too long! We have a right to use the cell phone we paid for on any service we choose. After the cell phone companies have bled us for two years we have a right to move to a pre-paid or no contract service if we choose. Yeah, now its our choice.

Cyber Security Bill Hinges on Liability,Privacy

A draft cyber security bill  is circulating in Congress that will promote information sharing on cyber threats between private industry and government by offering liability protection. The draft legislation was introduced by Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Ca) and Vice Chairman Saxby Chambliss (R-Ga). Officials familiar with the draft legislation says there’s no timeline for when the complete bill will be introduced, saying only that the legislation is merely a “discussion draft.”

This is not the first time an attempt has been made to pass cyber security legislation. In April of 2013 the House of Representatives approved the Cyber Intelligence Sharing and Protection Act by a 288-127 vote. The Obama administration threatened to veto the bill because privacy protections were inadequate. The administration’s response, written by White House Cybersecurity Coordinator Michael Daniel and Federal Chief Technology Officer Todd Park, stated the Obama administration advocates for cyber security legislation that protects privacy. “It’s important to keep in mind that there is a larger legislative process that is ongoing as we speak, including efforts in the Senate,” Daniel and Park wrote.

The second major issue hindering the passing of  cyber security legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information. Congress simply can’t agree on how much liability protection to offer. Sen. Tom Carper (D-Del), Chairman of the Senate Homeland Security and Governmental Affairs Committee, said “The one issue that has made it difficult for us to put together any kind of comprehensive cybersecurity security has been our inability to agree on what kind of liability is appropriate.” 

Th fundamental concern with providing liability protection is that businesses could potentially exploit it to collude on other matters. Democrats are the primary supporters of targeted liability protection arguing it would provide sufficient protection to enable businesses to share cyberthreat information. Republicans argue businesses would not feel adequately protected if they were granted only limited liability. Corporate legal counsel would caution them that they could still be subject to legal action.

The Obama administration has twice threatened to veto House legislation  providing broad liability protection and there are no indications they will compromise. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our nation’s economic, national security, and public safety interests,” the administration said.

Breaking it Down

We could go round and round with this forever. And it seems that is what Congress is going to be doing. The question of liability can easily be translated to mean, we don’t want to pay for our sloppy IT networks.

Private corporations are doing a piss poor job of protecting the consumer. Data breaches are national disgrace and yet they want liability protection. Those we elected to represent us have failed to do anything in this areas because they are looking in the face of lobbyist everyday and those lobbyist have open checkbooks. Why not share information about cyber threats? Instead of working with the government the private corporations are too busy trying to cover their collective asses. Why? because what they are doing on their side of the issue is sloppy and careless. If we can’t get the legislative branch to whip then into shape then let them get sued. Money is the only thing they understand.

I am personally appalled that the government has not mandated that any information regarding cyber threats be reported immediately. The reason this isn’t done voluntary is because the corporation don’t want to answer questions about how carelessly they are handling things.  Example. Target stores.