Government must better understand how social media transmission of “hateful” content leads to violence, said Senate Homeland Security Committee Chairman Gary Peters, D-Mich., during a hearing Tuesday. The committee will examine the issue throughout the year, he said. Ranking member Rob Portman, R-Ohio, expressed disappointment officials didn’t testify about how agencies are addressing the problem. Five years after a Permanent Subcommittee on Investigations hearing with witnesses from the Department of Homeland Security, FBI and State Department, extremists are still exploiting platforms, said Portman. Congress must change the way the federal government approaches domestic terrorism, said Peters. The committee released a bipartisan report Tuesday saying seven of eight federal agencies are failing to comply with baseline cybersecurity requirements under the Federal Information Security Modernization Act. It describes systemic failures at the State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education departments and the Social Security Administration. The report cites failures to protect personal information, to “maintain accurate and comprehensive IT asset inventories, to maintain current authorizations to operate for information systems, to install security patches quickly, and to retire legacy technology no longer supported by the vendor.”
Karl Herchenroeder
Karl Herchenroeder, Associate Editor, is a technology policy journalist for publications including Communications Daily. Born in Rockville, Maryland, he joined the Warren Communications News staff in 2018. He began his journalism career in 2012 at the Aspen Times in Aspen, Colorado, where he covered city government. After that, he covered the nuclear industry for ExchangeMonitor in Washington. You can follow Herchenroeder on Twitter: @karlherk
Senate Intelligence Committee leaders are negotiating with the Homeland Security and Governmental Affairs Committee (HSGAC) over a cyber legislative package in response to the recent flurry of high-profile attacks on U.S. businesses and government, leaders from both committees said in recent interviews. They are discussing potential inclusion of a bill that would require agencies, contractors and critical infrastructure operators to report cyberhacks within 24 hours of discovery (see 2107210023), said lead sponsor and Intelligence Committee Chairman Mark Warner, D-Va. He’s in conversation with HSGAC Chairman Gary Peters, D-Mich., and ranking member Rob Portman, R-Ohio, “in support” of their cyber work, he told us.
Colorado is nearly done requesting preliminary data from Google to understand surface-level information about the company’s data gathering practices, an attorney representing Colorado Attorney General Philip Weiser told U.S. District Court in Washington during a status hearing (in Pacer) Friday in docket 1:20-cv-03010 (see 2102160052). Colorado expects to make “full-fledged” data requests by the end of September in its antitrust case against Google, Jonathan Sallet told Judge Amit Mehta. The preliminary data will help plaintiffs understand what data Google has, how it measures impact on consumers and what it sees about consumer behavior, said Sallet. Google attorney John Schmidtlein said the company is on track to deliver on this batch of requests, which involves hundreds of thousands of documents. The latest DOJ request is being converted and should be available next week, and the company expects to deliver documents to Colorado by the end of August, he said. DOJ Civil Division trial attorney Kenneth Dintzer said there are “looming” third-party issues to be resolved. Mehta told the attorneys the court will address those after August deposition proceedings.
The prospect of an FTC privacy rulemaking is facing a partisan divide in the agency and on Capitol Hill. House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., and House Consumer Protection Subcommittee ranking member Gus Bilirakis, R-Fla., told us the agency shouldn’t issue a rule because it’s a legislative issue Congress needs to fix.
The Senate Judiciary Committee wants to explore cryptocurrency legislation to help enforcers trace and retrieve digital payments in ransomware attacks. Ranking member Chuck Grassley, R-Iowa, told us he would be “glad to work on legislation” with Chairman Dick Durbin, D-Ill., after the latter expressed interest during Tuesday’s hearing with officials from DOJ, the FBI, the Cybersecurity and Infrastructure Security Agency and the Secret Service (see 2107230058).
The FTC lacks authority and resources to properly enforce against consumer protection and competition violations, the commission tells the House Commerce Committee in testimony prepared for Wednesday’s House Consumer Protection Subcommittee hearing (see 2107210061). In a joint statement, the commission highlighted its weakened authority to obtain monetary relief, resulting from the Supreme Court’s decision in AMG Capital Management v. FTC (see 2106210054). The commission is “facing extremely severe resource constraints,” commissioners wrote, citing a heavy surge in global “mergers and acquisitions.” The pandemic also is causing more complaints about marketplace abuse, the commission said. It cited bipartisan support for some of the legislative proposals the committee is considering at the hearing. It cites the agency’s call for Congress to repeal the telecom common carrier exemption, which it said impedes enforcement against activity like illegal telemarketing. The commission notes broad support for enforcement against nonprofits and for rulemaking and civil penalty authorities, “although some Commissioners would support such measures in more limited ways.” Senate Antitrust Subcommittee ranking member Mike Lee, R-Utah, wrote Tuesday against several recent measures from FTC Chair Lina Khan. He raised concerns about the “diminished role” of minority commissioners and allowing public input only after commissioners voted on agenda items at recent public meetings. He criticized the FTC’s “refusal to grant early terminations of the waiting period for mergers that pose no threat to competition under the Hart-Scott-Rodino (HSR) Act.” Restoring FTC’s authority to “force lawbreakers to return money to scammed consumers and disgorge ill-gotten gains" should be a key priority, says ex-FTC official David Vladeck, now a Georgetown law professor, in prepared remarks. He seeks adequate funding, saying the FTC has “barely” two-thirds of the personnel it had in the early 1980s.
Potential recusal of Jonathan Kanter in DOJ’s case against Google could draw Senate Judiciary Committee attention during his confirmation to lead the department's Antitrust Division (see 2107200070). Some experts told us last week there’s a stronger case for Kanter’s recusal than requests for FTC Chair Lina Khan's disqualification from cases involving Amazon and Facebook (see 2107160052). Senators told us they’re reviewing Kanter’s record.
Bipartisan legislation introduced Wednesday would require agencies, contractors and critical infrastructure operators to report cyberhacks within 24 hours of discovery (see 2103040066). Introduced by Senate Intelligence Committee Chairman Mark Warner, D-Va.; Vice Chairman Marco Rubio, R-Fla.; and Sen. Susan Collins, R-Maine, the Cyber Incident Notification Act includes liability protection in certain circumstances. Warner has predicted a bipartisan cybercrimes reporting bill (see 2106100053). Senate Environment and Public Works Committee members told a hearing the federal government should invest in resources to defend against cyberthreats to critical infrastructure. Cyber is a long-term, constantly evolving challenge, said Chairman Tom Carper, D-Del.: It requires “sustained federal investment, not one-time solutions.” Ranking member Shelley Moore Capito, R-W.Va., backed training exercises and information sharing between agencies. She’s looking forward to including cyber policies in committee legislation. The Cyberspace Solarium Commission’s March 2020 report concluded water utilities remain largely unprepared to defend networks against cyber disruption, testified Rep. Mike Gallagher, R-Wis., commission co-chair with Sen. Angus King, I-Maine. It's an “extremely dangerous” situation, said King, saying the next Pearl Harbor or Sept. 11, 2001, attack will be cyber-related. The private sector should have liability protection when sharing information because delays don’t work, said King. The government hasn’t made the necessary investments to protect transportation systems, which begins with cybersecurity, said ITS America CEO Shailen Bhatt. ITS recommended a more robust transportation cybersecurity strategy with requirements for transportation agencies to meet certain “marks” determined by the National Institute of Standards and Technology and the Center for Internet Security.
The FTC unanimously approved a policy statement Wednesday aimed at bolstering consumers’ rights to self-repair and access to third-party independent repairs by vowing to crack down on manufacturers whose restrictions are deemed to violate antitrust or consumer protection laws. The agency also rescinded a merger-related policy statement on a party-line vote (see 2107190066).
President Joe Biden will nominate Jonathan Kanter to lead DOJ’s Antitrust Division, the White House announced Tuesday. Congressional Democrats and consumer advocates called Kanter the right pick to strengthen antitrust enforcement against Big Tech. Some questioned the potential for Kanter to recuse himself in DOJ’s antitrust case against Google.