Senator Urges Privacy Oversight Board Nominations

Posted on March 12, 2010 by Hunton & Williams LLP

According to BNA’s Privacy Law Watch, on March 8, 2010, Senator Patrick Leahy asked President Obama to nominate members for the dormant Privacy and Civil Liberties Oversight Board.  The Board, which was created in 2004 upon the recommendation of the 9/11 Commission, focuses on ensuring that privacy and civil liberties concerns are incorporated into anti-terrorism laws and regulations.  Although President Obama had pledged in May 2009 to reconstitute the board, which has had no members since January 2008, privacy advocates say that his focus on cybersecurity issues has delayed the nomination process.

Tags: , , , , , , ,

Obama Proposes New Agency to Regulate Consumer Financial Privacy

Posted on July 2, 2009 by Hunton & Williams LLP

On June 30, 2009, the Obama Administration sent legislation to Congress that would create a new Consumer Financial Protection Agency ("CFPA").  Working with state regulators, the new agency would assume authority for the privacy provisions of the Gramm-Leach-Bliley Act, and would have the power to write rules and impose penalties pursuant to a variety of existing statutes, including the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act.  To date, these powers have been shared among all financial services regulators, including the Federal Trade Commission ("FTC").  Under the proposal, the FTC would retain primary responsibility for preventing fraud and encouraging security in the financial markets. 

While some regulatory authority for financial products and services protections would flow from the FTC to the CFPA, the FTC would have increased powers to issue rules related to unfair and deceptive practices, and an enhanced ability to issue civil monetary penalties.  The proposal also includes expanded FTC authority over the banking sector with respect to data security.  While the legislation proposes transferring staff from certain financial services regulators, there would be no transfer of staff from the FTC.  Accordingly, the FTC may have more resources to pursue other consumer protection issues, including privacy in non-financial markets.

The Administration's full report on its financial reform plan can be viewed here.

Tags: , , , , , , , , , ,

White House Releases 60-day Cybersecurity Review Detailing Threats

Posted on May 29, 2009 by Hunton & Williams LLP

The White House today released the report from the 60-day cybersecurity review the President ordered in February. Speaking to a packed audience in the East Room, President Obama outlined the broad range of threats facing the digital infrastructure, focusing not only on national security and organized crime attacks, but also on identity theft and incursions into individual privacy. 

He promised a “new comprehensive approach to securing our nation’s infrastructure,” including appointment of a White House cybersecurity coordinator reporting to both the National Security Council and the National Economic Council. The coordinator would have broad responsibilities, but little direct authority, although the President did promise that the coordinator would have access to him.

The President also indicated that he would be appointing a privacy and civil liberties official reporting to the new cybersecurity coordinator.

The President cautioned, however, that dealing with cybersecurity issues would take time. “Protecting our prosperity and security in this globalized world is going to be a long, difficult struggle demanding patience and persistence over many years. But we need to remember: We’re only at the beginning. The epochs of history are long—the Agricultural Revolution; the Industrial Revolution. By comparison, our Information Age is still in its infancy.”

The President did not say who would be the new coordinator, nor did he provide a timeline for naming the new officials.

Today’s announcement is obviously a significant step towards a broader, higher priority approach from the federal government towards the growing problem of securing information and the systems that process it. While the President stressed that the new approach would include the private sector, he said that the government would not be telling the private industry how to go about securing their infrastructure, nor would the government engage in information monitoring.

According to published press reports, release of the cybersecurity report was delayed six weeks over disagreements within the administration over how the new cybersecurity position would be managed. That delay, the decision not to name the new coordinator, the tone of the President’s announcement, and the tools for fighting cyberattacks that he appeared to rule out suggest that while the administration’s response is serious, it is not necessarily as urgent as some experts have sought.

The Cyberspace Policy Review is available at http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf.

The President’s announcement is available at http://www.whitehouse.gov/the_press_office/Remarks-by-the-President-on-Securing-Our-Nations-Cyber-Infrastructure/.

And the unclassified documents on which the review relied are available at: http://www.whitehouse.gov/cyberreview/documents/.

 
Tags: , , , , , , ,

U.S. Cyber Security Draws the Attention of the White House and Congress

Posted on April 16, 2009 by Hunton & Williams LLP

News last week that Chinese and Russian hackers had infiltrated the U.S. electrical power grid gave practical significance to already high-profile issues in Washington -- how better to secure the nation’s cyber-infrastructure.  Late in 2008, the Center for Strategic and International Studies Commission on Cyber Security for the 44th Presidency (the Commission) released a report citing the U.S.’s failure to protect cyberspace as “one of the most urgent national security problems” facing the Obama administration.  The failure threatens the safety and well-being of the United States and its allies and raises immediate risks for the economy.  In a global economy, where economic strength and technological leadership are as important to national power as military force, failing to secure cyberspace puts the U.S. at a disadvantage.  When Chinese and Russian intruders apparently left software on networks supporting the U.S. power grid that could be used to compromise electric and water systems, the warnings of the Commission proved true in a real-world way.

The Obama Administration has taken these threats seriously.  On February 10 it initiated a 60 day review of federal cyber security efforts to protect vital U.S. computer networks (the Review).  The Review staff has engaged in significant and broad outreach to the government, the private sector and non-governmental organizations.  As the work of the Review draws to a close, its director, Melissa Hathaway, has intimated that it will not result in the naming of a cyber security advisor at the White House level.  This is an important, if controversial, signal.   However, on April 2, 2009, Senator Jay Rockefeller (D-WVA) and Senator Olympia Snow (R-ME) proposed legislation that would establish just such a position, invested with sweeping powers.  The legislation would empower government to set and enforce security standards for industry, and broaden the focus of the government’s cyber security efforts to include not only military networks but also private systems that control critical infrastructure, such as electricity and water distribution.  Such new powers raise serious questions for industry and civil liberties.

The Centre for Information Policy Leadership has played a prominent role in these efforts.  Centre Senior Policy Advisor Professor Fred H. Cate has consulted on several occasions with the Review committee, and Paula Bruening served on the Commission. On April 5, Paula was featured as a guest on National Public Radio’s Diane Rehm show, along with Jim Lewis, director of the Commission’s  study, and Paul Kurtz, a cyber security consultant and former senior director, Office of Cyberspace Security at the National Security Council. During the hour-long discussion,  guests explained the nature of these cyber security threats, considered the challenges faced by government and industry, the consumer’s role, issues of civil liberties, and proposed possible ways to move forward.  To view the discussion, click here.
Tags: , , ,