Karl Herchenroeder

Senate Intelligence Committee Chairman Mark Warner, D-Va., is drafting a mandatory cyber breach reporting bill with Sens. Susan Collins, R-Maine, and John Cornyn, R-Texas, they told us this week. Ranking member Marco Rubio, R-Fla., also expressed interest. He said there’s a future for such legislation, after the Russia-linked SolarWinds hack (see 2102230064).

The Library of Congress’ 3G cell system, which is nearing the “end of its life” and has security issues, must be replaced, Librarian of Congress Carla Hayden told a House Legislative Branch Subcommittee hearing Wednesday.

Congress should make Medicare reimbursement for telehealth services permanent, said House Health Subcommittee Chair Anna Eshoo, D-Calif., during a hearing Tuesday. She cited the benefit of such waivers signed by the Centers for Medicare & Medicaid Services during the pandemic. Expansion should continue but can’t replace all in-person visits, said ranking member Brett Guthrie, R-Ky. He noted broadband is a limiting factor, and he will work to address infrastructure limitations. Telehealth has been important for rural communities, said House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash. She's especially interested in telehealth advantages for mental health services, given the rise in anxiety and suicide during the pandemic. First consider a number of items, said Commerce Committee Chair Frank Pallone, D-N.J.: the value of telehealth care, ways to strengthen program integrity, and methods to ensure equitable access to telehealth. Utilization data can help ensure underserved populations have access, he said. Permanent repeal of rural and site exclusions would give certainty, testified American Medical Association board member Jack Resneck. Stanford Health Care Chief of Staff Megan Mahoney agreed, supporting anything that expands access to care and removes geographic barriers. Research is needed on effectiveness and outcomes, said Purchaser Business Group on Health CEO Elizabeth Mitchell: Telehealth isn't necessarily duplicative but supplementary to in-person care. Some telemedicine offerings are more cost-effective than others, and services should be expanded there, said Ateev Mehrotra, Harvard Medical School associate professor-health care policy.

House Communications Subcommittee ranking member Bob Latta, R-Ohio, wants to legislate access to personal Whois data, he told us (see 2008270055). Stakeholders concerned with intellectual property, online security, law enforcement and other interests said in interviews that Congress must take control of the debate because ICANN can't resolve the issue.

Cyber notification requirements are a legislative priority, said House Homeland Security Committee Chairman Bennie Thompson, D-Miss., and ranking member John Katko, R-N.Y., Friday during a virtual hearing on the SolarWinds breach. They echoed interest from Senate Intelligence Committee Chairman Mark Warner, D-Va., Sen. Susan Collins, R-Maine, and Sen. John Cornyn, R-Texas, at a hearing earlier in the week (see 2102230064).

Data portability and interoperability could get early movement as the House Antitrust Subcommittee looks to draft bipartisan bills for its antitrust review, Chairman David Cicilline, D-R.I., and ranking member Ken Buck, R-Colo., told us. At a hearing earlier Thursday, members of both parties showed support for working on portability and interoperability. Buck highlighted both items for potential subcommittee collaboration.

There won’t be legislative announcements from leadership at Thursday’s hearing on tech antitrust, House Antitrust Subcommittee Chair David Cicilline, D-R.I., told us Wednesday. But he expects the conversation to further define specific proposals. Legislative proposals could touch on interoperability, explicit prohibitions on favoring products and services, and nondiscrimination, he said. The hearing focus will be on the power of dominant firms to exclude competitors and favor products and services to make it difficult for entrants to compete, he added.

Senate Intelligence Committee Chairman Mark Warner, D-Va., and Sen. John Cornyn, R-Texas, suggested Tuesday it might be time for legislation on mandatory notification requirements for cyberattacks. Microsoft and FireEye executives agreed with the suggestion, which would include liability protection, during a hearing on the SolarWinds breach (see 2102180043).

SolarWinds CEO Sudhakar Ramakrishna will testify Friday about the company’s recent breach, the House Oversight and Homeland Security committees announced Monday (see 2102180043). Microsoft President Brad Smith, FireEye CEO Kevin Mandia and ex-SolarWinds CEO Kevin Thompson will also testify. The vulnerability that enabled the breach exists in “every company, so what happened to us can happen to any software developer in the world,” Ramakrishna told a Center for Strategic and International Studies event Monday. The attacker was able to inject malware into Orion software code in a narrow way that went undetectable, so SolarWinds delivered and signed it, he said: “The ability for our bill systems to identify that did not exist.” Ramakrishna “came to know” about the breach around Dec. 13-14, when he wasn’t officially an employee, he said. He noted the attackers used older software releases as test beds. He said SolarWinds is working with third parties to understand the breadth, depth of the sophistication and patience of the attackers. SolarWinds is working with the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology on potential generalized best practices, he said. He suggested the U.S. government should have one agency for companies to inform and brief about incidents, because having multiple points of contact results in wasted time and effort.

Apple threatens online advertising through its anticipated policy requiring developers to gain consent for tracking users across platforms and sites, Facebook Chief Privacy Officer-Policy Erin Egan said Friday. Privacy claims shouldn’t be used to oppose ads, which is the basis for a free internet, she told a Media Institute virtual forum.