Monday, November 09, 2015

:: "The Commission has been unequivocal in declaring that it has no intent to regulate edge providers."

In Re Consumer Watchdog Petition for Rulemaking toRequire Edge Providers to Honor ‘Do Not Track’Requests Released: November 6, 2015

1. In this Order, we dismiss Consumer Watchdog’s request that the Commission “initiate arulemaking proceeding requiring ‘edge providers’ (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor ‘Do Not Track’ Requests from consumers.” 1 The Commission has been unequivocal in declaring that it has no intent to regulate edge providers.

2 We therefore find that, pursuant to section 1.401(e) of our rules, the Consumer Watchdog Petition “plainly do[es] not warrant consideration by the Commission.”3 2. Section 222 of the Communications Act governs telecommunications carriers’ protection and use of information obtained from their customers or other carriers, and calibrates the protection of such information based on its sensitivity. The Commission has adopted rules implementing section 222’s privacy protections with respect to providers of voice services, has amended those rules over time to respond to emerging threats to consumer privacy, and has vigorously enforced those rules.4

3. Earlier this year, when the Commission reclassified broadband Internet access service (BIAS) as a telecommunications service under Title II of the Communications Act, it declined to forbear from applying section 222 to BIAS providers. 5 The Commission found that broadband providers “serve as a necessary conduit for information passing between an Internet user and Internet sites or other Internet users, and are in a position to obtain vast amounts of personal and proprietary information about their customers.”6 Recognizing, however, that the existing rules were written for voice services, the Commission held it was “not persuaded that the Commission’s current rules implementing section 222 necessarily would be well suited to broadband Internet access service.”7 It therefore forbore from applying the section 222 rules to BIAS services, “pending adoption of rules to govern broadband Internet access service in a separate rulemaking proceeding.”8 At the same time, the Commission specified that in reclassifying BIAS, it was not “regulating the Internet, per se, or any Internet applications or content.”9 Rather, as the Commission explained, its “reclassification of broadband Internet access service involves only the transmission component of Internet access service.”10

 4. Consumer Watchdog’s request that “the Commission should, in addition to the CPNI rules it intends to adopt, promulgate rules protecting the authorized use of consumers’ personal information by requiring edge providers to honor ‘Do Not Track’ Requests” is inconsistent with the Commission’s articulation of the effect of its reclassification of BIAS and the scope of the privacy practices it stated that it intends to address pursuant to that reclassification. 11 We therefore find that the Consumer Watchdog Petition plainly does not warrant consideration by the Commission pursuant to section 1.401(e) of the Commission’s rules.

5. Accordingly, IT IS ORDERED that, pursuant to sections 0.91, 0.291, and 1.401(e) of the Commission’s rules, 47 C.F.R. §§ 0.91, 0.291, 1.401(e), Consumer Watchdog’s Petition for Rulemaking to Require Edge Providers to Honor ‘Do Not Track’ Requests IS DISMISSED.

Thursday, November 05, 2015

:: NIST Invites Comments on Practice Guide for Improving Mobile Device Security

The National Cybersecurity Center of Excellence (NCCoE) requests comments on a draft guide to help organizations better secure and manage their mobile devices.
The draft NIST Cybersecurity Practice Guide Mobile Device Security: Cloud & Hybrid Builds (Special Publication 1800-4) demonstrates how commercially available technologies can help companies secure sensitive data accessed by and/or stored on mobile devices used by employees.
“Mobile devices extend or eliminate the notion of traditional organization boundaries, posing challenges that nearly all businesses regardless of sector or organization size,” said Nate Lesser, deputy director of the NCCoE, part of the National Institute of Standards and Technology (NIST). “Our guidance can help organizations reduce their risk and increase their ability to see and respond to security issues.”
Security controls at many organizations have not kept pace with risks that mobile devices can pose. To address this challenge, NCCoE security engineers re-created a typical IT scenario involving commonly used devices, organizational email, calendaring and contact-management software. They then developed several configurations of commercial management and security technologies to improve mobile device security. The example solution detailed in the guide shows organizations how to configure a device so that it can be trusted, as well as how to remove the device from systems should it be lost or stolen or when an employee leaves the company.
The draft guide maps security characteristics to standards and best practices from NIST and other organizations. It provides instructions for implementers and security engineers on installing, configuring, and integrating the example mobile device security solution into existing IT infrastructures.
While the guide uses a suite of commercial products as part of the example solution, it does not endorse any particular products or guarantee regulatory compliance. The NCCoE’s example solution may be adopted or be used as a starting point for tailoring and implementing parts of a solution.
The draft guide can be downloaded from the NCCoE website, which includes a form for submitting comments. The public comment period is open through Jan. 8, 2016.
The guide is part of the center’s new series of publications, called NIST Cybersecurity Practice Guides (Special Publication Series 1800), which target complex cybersecurity challenges in the public and private sectors. The practical, user-friendly guides show members of the information security community how to implement example solutions intended to help them align more easily with relevant standards and best practices.
The NCCoE is the nation’s cybersecurity laboratory, addressing businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies. The center collaborates with industry, academic and government experts to build modular, open, end-to-end reference designs that are broadly applicable and repeatable.

Thursday, October 29, 2015

:: FCC and CU Boulder Public Safety Cybersecurity Summit

FCC and University of Colorado, Boulder Interdisciplinary Telecommunications Program to co-sponsor summit exploring cybersecurity issues for communications and public safety sectors

On December 7, 2015, the Federal Communications Commission and the Regents of the University of Colorado, a body corporate, contracting on behalf of the CU Boulder Interdisciplinary Telecommunications Program will co-host a summit to explore cybersecurity issues facing the telecommunications sector and the public safety community.  The summit will seek to promote ways to develop, implement and measure best practices, enhance c-suite and agency senior level awareness, and evolve policy planning related to cybersecurity recommendations for the telecommunications sector, public safety sector, research and development, and workforce planning/talent management.  This day-long public forum would allow exchange of ideas, as well as allow extended interaction with critical industry, academic and government personnel involved in securing our commercial networks, evolving the next generation of public safety networks, and planning for the future of these critical communications assets. 

WHAT:            FCC-CU Boulder ITP Public Safety Cybersecurity Summit

The event will feature industry, public safety, academic and government thought leaders in the field of cybersecurity in a series of moderated panels, considering technical, practical, and policy issues related to the cybersecurity threats facing our commercial and public safety networks.
A summit agenda, providing additional details about the event will be released at a later date.     
WHEN:            Monday, December 7, 2015, 9:00 AM, DLC Bechtel Collaboratory, College of Engineering and Applied Science, University of Colorado, Boulder, Colorado

WHO:              Security researchers, policymakers, industry leaders, cybersecurity organizations, investors, public safety organizations, state, local and Tribal government officials, academic institutions and others interested in understanding the current and evolving cybersecurity landscape in these sectors.  Space is limited for this event.  Please e-mail with “Registration” in the subject line and provide your name, organization affiliation and contact information.

Released:  10/27/2015.  FCC AND CU BOULDER TO HOLD PUBLIC SAFETY CYBERSECURITY SUMMIT. (DA No.  15-1224).  PSHSB . Contact:  Erika Olsen at (202) 418-2868, email: Erika.Olsen@fcc.govor ITP Corporate Outreach:Terese Manley at (303) 492-3824, email: News Media Contact: Rochelle Cohen at (202) 418-1162, email: Rochelle.Cohen@fcc.gov

Wednesday, October 28, 2015

:: NIST Seeks Comments on New Project Aimed at Protecting Privacy Online

The National Cybersecurity Center of Excellence (NCCoE), in partnership with the National Strategy for Trusted Identities in Cyberspace National Program Office, is seeking comments on a new project focused on protecting privacy and security when reusing credentials at multiple online service providers.
Many organizations now allow online customers to use third-party credentials to create and manage accounts and services. For example, your social media account login can be used to access your fitness tracker account. In effect, the social media company is vouching for you with the tracker company.
Allowing third-party credentials saves businesses time and resources in managing identities. For users, the benefit comes from not having yet another username and password to manage and remember.
As these arrangements become more common, a growing number of organizations are laboring to manage—and integrate—each third-party relationship. So now a new service, called brokered identity management, has emerged. Organizations can engage identity brokers to manage multiple third-party credentialing options on their behalf.
The benefits to organizations and individuals are significant, but there is also a concern that these connections meant to improve security can create opportunities for increased tracking of users.
This new collaborative project will examine how commercially available privacy-enhancing technologies can be integrated into identity broker solutions. The NCCoE is seeking comments on a draft document that describes a potential “building block”—one of a series of solutions that address cybersecurity concerns for multiple industry sectors. The document, Privacy-Enhanced Identity Brokers, describes the technical challenges of adding privacy-enhancing technologies to existing products or services, and the technical controls needed to address the privacy risks inherent in them.
Feedback from businesses and the public will inform the project and solution development. This will ultimately result in an 1800-series NIST Cybersecurity Practice Guide that will demonstrate the example solution and provide all the information necessary to replicate the reference design.
The NCCoE addresses businesses' most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies. The center collaborates with industry, academic and government experts to build modular, open, end-to-end reference designs that are broadly applicable and repeatable.
The document can be viewed on the NCCoE website. Comments should be submitted to via a web form or to by Dec. 18, 2015.

:: Committee Leaders Request Audit of FCC's Enforcement Bureau

WASHINGTON, DC – Leaders of the House Energy and Commerce Committee and its Subcommittee on Communications and Technology today asked the Government Accountability Office – the nation’s nonpartisan watchdog – to complete a review of the management of the Federal Communications Commission’s Enforcement Bureau. Full Committee Chairman Fred Upton (R-MI), along with subcommittee Chairman Greg Walden (R-OR) and Vice Chairman Bob Latta (R-OH), are seeking the report in conjunction with the subcommittee’s ongoing oversight of the commission.
The leaders wrote:
This committee’s concern with the openness, transparency, and fairness of the Federal Communications Commission’s (FCC) process is well established and has led to multiple and varied inquiries into the management of the agency under multiple chairmen. These inquires include, among other things, the monitoring of the FCC’s backlog reduction efforts, the FCC’s success in meeting bureau and office performance metrics, and more recently the Chairman’s proposal to reduce the Enforcement Bureau’s geographic footprint by closing more than half of the Bureau’s field offices.
The information submitted by the FCC in response to these inquiries has validated our concerns with FCC management and process. One area of particular and ongoing concern is the management of the FCC’s largest subdivision – the Enforcement Bureau. …

:: NIST to Support Cybersecurity Jobs “Heat Map” to Highlight Employer Needs and Worker Skills

"WASHINGTON, DC – As part of the U.S. Department of Commerce’s “Skills for Business” initiative, the National Institute of Standards and Technology (NIST) is funding the development of a visualization tool that will show the demand for and availability of critical cybersecurity jobs across the nation. The project, funded through NIST’s National Initiative for Cybersecurity Education (NICE), will provide data to help employers, job seekers, policy makers, training providers, and guidance counselors in order to meet today’s increasing demand for cybersecurity workers. 

"In partnership with job market analytics and research firm Burning Glass Technologies, CompTIA, a non-profit trade association for IT professionals and organizations, has received a three-year grant to conduct extensive research and create a “heat map” that visualizes the need for, and supply of, cybersecurity workers across the country. Heat maps are a popular data visualization tool that, in this case, will use varying shades of color to show relative differences in the geographic concentration of supply and demand. CompTIA has been awarded $249,000 in first-year funding. "

:: Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies

"In this final rule, the Librarian of Congress adopts exemptions to the provision of the Digital Millennium Copyright Act (“DMCA”) that prohibits circumvention of technological measures that control access to copyrighted works, codified in section 1201(a)(1) of title 17 of the United States Code. As required under the statute, the Register of Copyrights, following a public proceeding, submitted a Recommendation concerning proposed exemptions to the Librarian of Congress. After careful consideration, the Librarian adopts final regulations based upon the Register's Recommendation.Fed Reg Notice.

Thursday, October 22, 2015

:: NTIA Twenty-Fifth Quarterly Status Report to Congress Regarding BTOP

October 16, 2015
Pursuant to Section 6001(d)(4) of the American Recovery and Reinvestment Act of 2009 (ARRA or Recovery Act) (Public Law No. 111-5), the NTIA provides this Quarterly Report on the status of the Broadband Technology Opportunities Program. This Report focuses on the Program’s activities from January 1 to March 31, 2015.

:: House Commerce Hearing: Common Carrier Regulation of the Internet: Investment Impacts Tuesday, October 27, 2015 - 10:00am
Background Documents and Information: 
Hearing Notice
To read a related press release, click here.

Frank V. Louthan
  • Managing Director- Equity Research
  • Raymond James Financial
Michael Mandel
  • Chief Economic Strategist
  • Progressive Policy Institute
Robert Shapiro
  • Co-Founder and Chairman
  • Sonecon LLC
Nicholas Economides
  • Professor of Economics
  • New York University Stern School of Business