Leaders from House Homeland Security Committee and House Intelligence Committee were to have met after our deadline on final language for a conference cybersecurity information sharing bill that could be passed on to House leaders, an industry lobbyist following negotiations told us. Negotiations Wednesday and Thursday continued to center on restoring the Department of Homeland Security's status as the main civilian portal for information sharing, the lobbyist said. House Intelligence and House Homeland Security didn't comment. House Homeland Security Chairman Michael McCaul, R-Texas, has been pushing for restoring the civilian portal role that DHS held in the House-passed National Cybersecurity Protection Advancement Act (HR-1731) and the Senate-passed Cybersecurity Information Sharing Act (S-754). The Intelligence committees circulated conference bill text that would have endangered DHS' status within the information sharing apparatus (see 1512070056). Senate Intelligence Chairman Richard Burr, R-N.C., told reporters Thursday before the House leaders' meeting that he's optimistic about chances for reaching agreement.
The House Foreign Affairs Committee cleared the Combat Terrorist Use of Social Media Act (HR-3654) Wednesday on a voice vote. The bill would require the Obama administration to develop a more “comprehensive strategy” to counter foreign terrorist groups’ use of social media and to enhance “the exchange of information and dialogue” between the federal government and social media companies on terrorists’ social media usage. The State Department’s “current strategy of countering ISIS and other terrorist groups online obviously isn’t working,” said Rep. Brad Sherman, D-Calif., one of HR-3654’s lead sponsors. He said Facebook, Twitter and Google's YouTube “have a responsibility to make sure their platforms aren’t being used by terrorists.” Rep. Ted Poe, R-Texas, HR-3654’s other lead sponsor, credited Facebook and YouTube with doing a “pretty good job of bringing down” terrorist-related content, but noted less satisfaction with Twitter’s response. Companies’ efforts to take down terrorist content “won’t work effectively if [the State Department] isn’t identifying the bad content,” Sherman said. “The only thing worse than whack-a-mole is to not whack the moles.” House Foreign Affairs’ approval of HR-3654 came a day after Senate Intelligence Committee leaders reintroduced the Requiring Reporting of Online Terrorist Activity Act, which would require tech companies to report such activity to law enforcement agencies. The bill’s text had previously been part of Senate Intelligence’s annual intelligence authorization bill but was later removed (see 1512080070).
Senate Intelligence Committee Vice Chairwoman Dianne Feinstein, D-Calif., said Wednesday that she and Senate Intelligence Chairman Richard Burr, R-N.C., are working on legislation in response to the recent Paris and San Bernardino, California, terrorist attacks to compel tech companies to decrypt data under court orders. “I think this world is really changing in terms of people wanting the protection and wanting” data encryption to “be able to be pierced,” she said during a Senate Judiciary Committee hearing on FBI oversight. The Paris and San Bernardino attacks have resulted in renewed calls for increased government surveillance and may be an impetus for progress on cybersecurity information sharing legislation passed by both houses of Congress and now being negotiated in a conference committee (see 1511240023 and 1512070056).
Prospects for enactment of the Domain Openness Through Continued Oversight Matters (DOTCOM) Act remain unclear, despite recent optimism the Senate might be nearing a deal to pass its version of S-1551 after months of stymied progress, said stakeholders and legislators in interviews. ICANN CEO Fadi Chehadé said during a recent conference call with Cross Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability) leaders that he was optimistic that the Senate would "likely" pass S-1551 in December, several stakeholders told us. Chehadé didn't cite the source for his optimism, but stakeholders noted perceived behind-the-scenes movement to find a way to pass S-1551. ICANN didn't comment.
Final language for a conference cybersecurity information sharing bill is likely to go public as early as Tuesday, industry lobbyists told us. Days ago, language began circulating for a largely rewritten information sharing bill that would swing the center of gravity in an expanded information sharing apparatus away from the Department of Homeland Security and back toward intelligence and law enforcement agencies. House and Senate cybersecurity leaders have been in informal negotiations on a conference information sharing bill since the Senate passed the Cybersecurity Information Sharing Act (S-754) in late October (see 1510280057).
The FCC Enforcement Bureau’s recent data breach case against Cox Communications (see 1511050064) shows the FCC and FTC need to use “compatible” approaches on privacy and data security cases, FTC Commissioner Maureen Ohlhausen said during a Practising Law Institute event Friday. The FCC is still grappling with its final standards on ISP privacy rules, with Chairman Tom Wheeler indicating he plans to begin a rulemaking in early 2016 (see 1511170060). Ohlhausen has argued the FTC is better equipped to protect privacy (see 1509020040), while FTC Commissioner Julie Brill pushed the FCC to create strong privacy rules for ISPs (see 1509280062). Industry executives agreed with Ohlhausen during a separate PLI session Friday that joint FCC-FTC privacy jurisdiction creates uncertainty, while officials from both agencies noted similar joint jurisdiction situations have worked well in the past.
Recent attacks in Paris and San Bernardino, California, “tragically [put] an exclamation point” on the FCC Communications Security, Reliability and Interoperability Council work on telecom infrastructure security and reliability, said CSRIC Chairman John Schanz, Comcast Cable chief network officer. CSRIC's work on reliability of 911 systems is critical to police having situational awareness “that will make possible big data added to emergency response,” said Public Safety Bureau Chief David Simpson after a presentation at the group's meeting by Working Group 1. It's working on recommendations for rerouting 911 calls between public safety answering points and on recommendations on aspects of location-based routing that use latitude and longitude information and other information.
Cybersecurity stakeholders moved forward via NTIA's multistakeholder process on vulnerability research disclosure, further revising the scope of working groups' examination of the issue. A working group on increasing adoption and awareness of vulnerability disclosure best practices generated the most debate during Wednesday's NTIA-facilitated meeting. Other multistakeholder working groups are examining possible incentives for safe vulnerability research disclosures, best practices for multi-party vulnerability disclosures and best practices for disclosures within safety industries. Most at an initial multistakeholder meeting in September identified increasing adoption of vulnerability disclosure best practices and examining incentives for adoption as the most pressing issues the NTIA process should focus on (see 1509290061).
The House Administration Committee’s Wednesday hearing on IT issues at the Copyright Office and Library of Congress is likely also to continue to raise questions about whether the CO should be granted additional autonomy from the LOC, copyright interests told us. House Administration said in a statement that the hearing will include “an update on the current state of management over the entire Library of Congress information technology systems, as well as how both the Copyright Office and the Library of Congress are working together to meet the demands of today’s digital age.”
The Cross Community Working Group on Enhancing ICANN Accountability reached a rough compromise Thursday on how to handle advice from the Governmental Advisory Committee following the Internet Assigned Numbers Authority transition, CCWG-Accountability members told us. CCWG-Accountability had been struggling to reach a consensus on whether to propose amending ICANN’s bylaws to require the ICANN board to find a “mutually acceptable solution” when GAC provides advice that’s supported by GAC member consensus. Lack of consensus on the issue earlier this month forced CCWG-Accountability to issue a formal update on its progress instead of an anticipated executive summary of its latest draft of a proposed set of changes to ICANN's accountability mechanisms (see 1511160047). CCWG-Accountability's compromise likely removes the last major barrier to finalizing the revised draft, which is set for release Monday, working group members said. The CCWG-Accountability proposal is widely seen as crucial to moving ahead with the IANA transition process.