The U.S. hasn't done a good job responding proportionately to cyberattacks, House Homeland Security Committee ranking member John Katko, R-N.Y., told an American Enterprise Institute webinar Friday: "The bad guys don't take you seriously unless you whack the hell out of them." Diplomacy doesn't work because countries that enable attacks understand only strength and power, which the U.S. isn't projecting, he said. Until recently, cyberattacks had little visible public impact, but the Colonial Pipeline hack let people see the disruption that stopped them from buying gas, he said. Katko criticized President Joe Biden's budget request for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, saying it doesn't appear to match Biden's rhetoric on cybersecurity. Information-sharing in the cybercommunity is in its infancy, and the U.S. needs better reporting of cyber incidents, Katko said. One key issue is how to encourage the private sector to share information without worrying about lawsuits and immunity from liability, he said. Colonial Pipeline, SolarWinds and other incidents show malefactors are ratcheting up attacks and have figured out that going for critical infrastructure is "where the rubber meets the road." Asked about possible regulation, Katko said it's under discussion. One idea would be to require companies to certify in SEC 10-K filings they're adhering to cybersecurity best practices. Katko has floated legislation aimed at beefing up cybersecurity standards in the critical infrastructure industry, and said such other measures could be rolled out sector by sector. Lack of chips is also a serious threat the U.S. must address by bringing some manufacturing home, he said. Asked what responsibility industry bears to balance security with new technologies such as 5G and quantum computing, the lawmaker sought standards. U.S. companies paid $350 million in ransomware payments in 2020, up 171% from 2019, said AEI Resident Fellow Klon Kitchen.
Florida should prepare to list “every decision by any court anywhere” saying that a private entity must comply “with the obligations the First Amendment places on a public actor,” said Judge Robert Hinkle at a teleconferenced scheduling hearing Thursday at U.S. District Court in Tallahassee (case 4:21-cv-00220). Florida is “on the side of free speech,” said Blaine Winship, representing Florida Attorney General Ashley Moody (R): Internet industry groups are “not.” Oral argument on the groups’ motion for preliminary injunction against Florida’s social media law (see 2106040045) will be videoconferenced June 28 at 1:30 p.m., ruled Hinkle despite defendants seeking more time. Hinkle plans to rule before the law takes effect July 1, he said. Florida must file a written response to plaintiffs’ motion by June 21, and industry groups may reply June 24, Hinkle said. While making their case for more time, Florida’s lawyers told the court the state promised not enforce the law before Aug. 1, or later go back and prosecute anything that happened in July. Hinkle asked why Florida needed more than a couple of weeks to put together a defense: “Didn't you put the facts together before you got to the statute?”
Vizio surpassed 11.2 million addressable TVs across the U.S. that enable “frame-accurate dynamic ad insertion,” it said Wednesday. It's a “significant milestone” for members of Project OAR, the addressable ad consortium that Vizio founded in 2018 with top TV media companies (see 1903130054), Vizio said. Vizio’s Inscape automatic content recognition technology is the keystone of the consortium’s Open Addressable Ready standard for targeted advertising via connected TVs.
Commerce Department Bureau of Industry and Security rules and procedures raise technology concerns, the department's Regulations and Procedures Technical Advisory Committee meeting (see 2106090049) was told. The industry is especially concerned by BIS rules on military uses, said Tina Termei, an Amazon lawyer speaking on behalf of CompTIA members. The rules impose “unreasonable” obligations on companies that may not have the expertise and resources to do necessary due diligence, Termei said Tuesday. “Unlike the United States government that has these resources, that's not what these companies do,” Termei said: “They're not investigators, they are not experts on the complicated world of” military intelligence. She urged BIS to consider making its military end-user list “exhaustive”: “This way, everybody will have the same rule book, which means people and companies can actually follow it. They'll have the list, and they can comply.” Termei said CompTIA members complain about lengthy licensing times. Average license processing in FY 2020 was 23 days, a BIS spokesperson told us. "Each license application is evaluated on its own merits and decisions are made on the merits." Officials didn't comment Wednesday on the other tech concerns.
Apple intentionally inflicted damage on consumers' iPhones through frequent iOS software updates, alleged a complaint (in Pacer) Monday in U.S. District Court in San Jose that seeks class-action status. Three iOS updates released since April rendered iPhones “significantly damaged” by causing processing speeds to “decrease dramatically” and batteries to drain faster, it said. “After hundreds of online complaints on forums, articles on technology blogs and on traditional media websites, and hundreds of complaints on social media, Apple has failed to acknowledge improperly damaging user’s iPhones without disclosure.” The potential class is iPhone owners dating to the iPhone 8 who experienced “reduced functionality” after iOS updates 14.5, 14.5.1 or iOS 14.6. The lawsuit alleged violation of the Consumer Fraud and Abuse Act and similar California statutes and seeks statutory and punitive damages. Apple didn’t comment Tuesday.
China will be capable of supplying at least 30% of its domestic semiconductor needs within 30 months through an organized industrial program of “self-reliance,” reported Strategy Analytics Monday. “This level of self reliance is considered the minimum needed to buffer against import supply disruptions,” said analyst Christopher Taylor. The trade war with the U.S. and global chip shortages are fueling China’s drive toward such “self-sufficiency” through targeted investments and incentives, especially in “higher-demand mature process nodes,” said SA.
New provisions for data transfers will give businesses more legal certainty, the European Commission said Friday. It published its long-awaited revamped standard contractual clauses, which drew some U.S. tech industry support. One SCC set is for use between data controllers and processors, a second is for personal data transfers to third countries. They take into account new requirements under general data protection regulation and the European Court of Justice ruling in Schrems II, which annulled Privacy Shield, the EC said. Key changes update protections to align with GDPR, cover a wide range of transfer scenarios instead of necessitating use of separate sets of clauses, and list practical actions companies must take to comply with the ECJ judgment. Companies using former versions of SCCs have 18 months to switch. "Unlike its predecessor, the new SCCs can be used by a wider range of companies in different data transfer scenarios," said the Computer & Communications Industry Association. CCIA Public Policy Senior Manager Alexandre Roure urged the EU to quickly "conclude its data transfer negotiations with its main trading partners." Like CCIA, the Information Technology Industry Council urged EU leaders to stay focused on a new Privacy Shield agreement. The two most important changes are new flexibility that enables businesses to enter into the same SCCs covering new kinds of transfers, and new obligations to assess transfer risks case by case, emailed Linklaters data protection attorney Tanguy Van Overstraeten.
The FCC signed a memorandum of understanding with the Australian Communications and Media Authority to "develop and coordinate a global approach to addressing unlawful robocalls or robotexts, and ... spoofing," said a news release Thursday.
The Office of the U.S. Trade Representative concluded its one-year Section 301 investigation into the digital services tax policies of Austria, India, Italy, Spain, Turkey and U.K. by imposing and immediately suspending remedial tariffs against those countries, said the agency Wednesday. Putting the tariffs on hold for up to 180 days will give more time to complete the ongoing multilateral negotiations on international taxation at the Organisation for Economic Co-operation and Development and through the G20 process, it said. The U.S. “remains committed to reaching a consensus on international tax issues through the OECD and G20 processes,” said USTR Katherine Tai. “Today’s actions provide time for those negotiations to continue to make progress while maintaining the option of imposing tariffs under Section 301 if warranted in the future.” DSTs "undercut significant activity in multilateral negotiations and further fragment the international tax system,” said Information Technology Industry Council CEO Jason Oxman. ITI encourages all governments to "quickly withdraw" DSTs "and double down on their work to realize a multilateral, consensus-based agreement" through the OECD and G20, he said. The Computer & Communications Industry Association “welcomes USTR’s actions in the Section 301 investigations that show the continued commitment of the U.S. to the ongoing negotiations, while making clear that tariffs remain an option if discriminatory taxes continue,” said Policy Counsel Rachael Stelly.
Comments are due June 17 for NTIA’s software bill of materials minimum elements (see 2105280039), says Wednesday's Federal Register.