Cybersecurity Legislation Introduced in the House and Senate

On March 2, legislators in both the House of Representatives (House) and the Senate introduced several bills relating to cybersecurity reforms. As of this writing, the text of the bills below has not been publicly released.

The following bills were introduced in the House:

• H.R.1340, the Interagency Cybersecurity Cooperation Act. Introduced by Rep. Eliot Engel (D-NY), the bill “requires the [Federal Communications Commission] (FCC) to create an interagency committee to review cybersecurity incidents, recommend investigations, and issue regular reports on the results of these investigations including relevant findings and policy recommendations,” according to a statement on Rep. Engel’s website. The bill has been referred to the House Energy and Commerce Committee (House Commerce Committee) and the House Committee on Oversight & Government Reform.

• H.R.1324, the Securing IoT Act. Introduced by Rep. Jerry McNerney (D-CA), the bill has been reported to require the FCC to create, in conjunction with the National Institute of Standards and Technology, cybersecurity standards for Internet of Things (IoT) devices. The bill has been referred to the House Commerce Committee.

• H.R.1335, the Cybersecurity Responsibility Act. The legislation, introduced by Rep. Yvette Clarke (D-NY) would direct the FCC “to establish regulations protecting communications networks from cyberattacks” according to a press release on Rep. Clarke’s website. The bill has been referred to the House Commerce Committee.

• H.R.1344, the State Cyber Resiliency Act. Introduced by Rep. Derek Kilmer (D-WA), the bill would “set up a cybersecurity grant program that would provide resources for states to develop and implement effective cyber resiliency plans,” which would include “efforts to identify, detect, protect, respond, and recover from cyber threats” according to a press release on Rep. Kilmer’s website. The bill has been referred to the House Transportation and Infrastructure Committee.

In the Senate, Sen. Mark Warner (D-VA) introduced S.516, the companion bill to H.R.1344, which is also titled the State Cyber Resiliency Act and is designed to achieve the same purpose as the legislation introduced in the House. The Senate bill has been referred to the Senate Homeland Security and Governmental Affairs Committee.

This Week’s Hearings:

• Wednesday, March 8: The Senate Commerce, Science, and Transportation Committee has scheduled a hearing titled “Oversight of the Federal Communications Commission.” FCC Chairman Ajit Pai and Commissioners Mignon Clyburn and Michael O’Rielly will testify as witnesses at the hearing.

FCC Releases Tentative Agenda for March 23 Open Commission Meeting

The FCC has announced that the following items are tentatively on the agenda for consideration at the agency’s Open Commission on March 23:

• Advanced Methods to Target and Eliminate Unlawful Robocalls. The FCC will consider a Notice of Proposed Rulemaking and Notice of Inquiry “that would enable voice service providers to better protect subscribers from illegal and fraudulent robocalls.”

• Promoting Technological Solutions to Combat Contraband Wireless Device Use. The FCC will consider a Report and Order and Further Notice of Proposed Rulemaking “that would adopt rules to facilitate the deployment of technologies used to combat contraband wireless devices in correctional facilities, while seeking comment on additional proposals and solutions.”

• Improving the Quality and Efficiency of Video Relay Service. The FCC will consider a Report and Order, Notice of Inquiry, Further Notice of Proposed Rulemaking, and Order “that would enhance service quality and propose a new provider compensation plan for video relay services.”

• Cellular Service Reform. The FCC will consider a Second Report and Order, Report and Order, and Second Further Notice of Proposed Rulemaking “that would facilitate mobile broadband deployment, including LTE, promote greater spectrum efficiency, and reduce regulatory burdens and costs.”

• Part 43 Reporting Requirements for U.S. Providers of International Services. The FCC will consider a Notice of Proposed Rulemaking “that proposes to (1) eliminate the Traffic and Revenue Reports and (2) streamline the Circuit Capacity Reports.”

• Channel Sharing by Stations Outside the Broadcast Television Spectrum Incentive Auction Context. The FCC will consider a Report and Order “that would authorize channel sharing outside the context of the incentive auction and thus permit stations with auction-related channel sharing agreements to continue to operate if their auction-related agreements expire or otherwise terminate.”

Consistent with Chairman Pai’s pilot program, which is intended to increase transparency into agency action, the FCC has released draft versions of the above items, which are available here.

The FCC’s Open Commission Meeting will be held on March 23 at 10:30 a.m. in the Commission Meeting Room at the FCC’s headquarters at 445 12th Street S.W., Washington, D.C. 20554, and will be streamed live at fcc.gov/live.

FCC Partially Stays Broadband Privacy Data Security Rule

On March 1, the FCC issued a Stay Order to “stay on an interim basis” the aspects of the data security rule adopted in the 2016 Privacy Order that are scheduled to become effective on March 2. The stay is in effect “until the [FCC] has decided the petitions for reconsideration pending” in the FCC’s broadband privacy proceeding. The FCC notes in the Stay Order that by January 3, the FCC had received eleven petitions to reconsider the 2016 Privacy Order, and on January 27, “nine trade associations filed a petition for stay” of the rules adopted in the 2016 Privacy Order.

With respect to data security, the 2016 Privacy Order “requires [broadband Internet access service (BIAS)] providers and other telecommunications carriers to ‘take reasonable measures to protect customer [proprietary information] from unauthorized use, disclosure, or access,’” according to the Stay Order. In the Stay Order, the FCC stayed the relevant data security requirements on a finding that the petitioners requesting a stay are “uniquely likely to succeed on the merits of their claim on reconsideration with respect to these requirements.” The FCC also, on its own motion, stayed the application of the “new [data security rule] to non-BIAS carriers because the same reasoning that justifies a stay to BIAS applies equally to other telecommunications carriers.”

FCC Chairman Ajit Pai and Acting FTC Chairman Maureen K. Ohlhausen issued a joint statement on the FCC’s decision to partially stay the data security rule:

“The Federal Communications Commission and the Federal Trade Commission are committed to protecting the online privacy of American consumers. We believe the best way to do that is through a comprehensive and consistent framework. After all, Americans care about the overall privacy of their information when they use the Internet, and they shouldn’t have to be lawyers or engineers to figure out if their information is protected differently depending on which part of the Internet holds it. . . . We still believe that jurisdiction over broadband providers’ privacy and data security practices should be returned to the FTC, the nation’s expert agency with respect to these important subjects.”

FCC Issues an Emergency Waiver to Help Jewish Community Centers and Law Enforcement Determine the Origin of Harassing Calls

On March 3, the FCC’s Consumer and Governmental Affairs Bureau issued an emergency temporary wavier to Jewish Community Centers (JCCs) and telecommunications providers servicing the centers to facilitate law enforcement officials’ access to the caller-ID information of “threatening and harassing callers.” In an FCC news release, Chairman Pai stated that the FCC “must and will do whatever it can to combat the recent wave of bomb threats against Jewish Community Centers,” noting further that he is “pleased that we are taking quick action to address this issue and hope that this waiver will help Jewish Community Centers, telecommunications carriers, and law enforcement agencies track down the perpetrators of these crimes.” FCC regulations require companies to respect a calling party’s request to block its information. The waiver was requested by New York Senator Charles Schumer, who noted that there were “69 such incidents involving 54 JCCs in 27 different states since the beginning of 2017.” In addition to the order, the Commission issued a public notice soliciting comment on “whether a permanent waiver would be appropriate.”