Your update on important Internet policy issues
OUTLOOK
The U.S. Congress spent much of its efforts during January on organizing and populating its legislative and operational committees. Following a lengthy process involving fifteen rounds of voting and extensive negotiations on rule changes and committee assignments with a select group of Republican conservative Representatives who were opposing his election, Rep. Kevin McCarthy (R-CA) succeeded in his bid to become the next Speaker of the U.S. House. As expected, House Democrats, now in the minority, chose Rep. Hakeem Jeffries (D-NY) to be their new leader. The Senate returned to Washington on January 23 and has been engaged in finalizing committee rosters and completing other organizational matters. Congress is poised soon to begin substantial legislative and oversight activity going forward. House Republicans, in particular, plan to concentrate on a broad range of oversight and investigation activities directed at the Biden administration. Given a Republican-controlled House and a Democrat-led Senate–with narrow majorities in both bodies–passing legislation in the 118th Congress will be complex and difficult. The House and Senate will need to work with the Biden administration on raising the debt ceiling. The U.S. hit the debt ceiling on January 19, and the Treasury Department initiated “extraordinary measures” to ensure the federal government continues to pay its obligations on time. Absent Congressional action, the Treasury Department estimates a default date sometime by early summer, an event that Treasury Secretary Janet Yellen warns could lead to an economic catastrophe.
TECH POLICY PRIORITIES
Section 230/Intermediary Liability. In mid-January, numerous amici briefs from a wide range of stakeholders were filed in support of Section 230 in Gonzalez v. Google LLC. The Court will hear oral arguments on February 21, 2023. The next day, the U.S. Supreme Court will hear the oral argument in Twitter v. Taamneh, which considers social media platforms’ potential liability under an anti-terrorism statute. On January 25, the House Energy & Commerce Committee Republican members held a roundtable on the role of “Big Tech” in the fentanyl crisis, during which Section 230 came up repeatedly in the discussion. In a Wall Street Journal op-ed published on January 11, President Biden called for fundamental reform of Section 230.
Federal Privacy. With the change in control of the House, the precise path forward on federal consumer data privacy legislation is not yet known. The new House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) supports a comprehensive, national approach and could choose to build upon the American Data Privacy and Protection Act (ADPPA) on which she partnered in the prior Congress with Rep. Frank Pallone (D-NJ)–now the Ranking Member of the Energy and Commerce Committee. The federal privacy legislative priorities of the Senate Commerce Committee leaders in the new Congress–Chair Maria Cantwell (D-WA) and Ranking Member Ted Cruz (R-TX)–are not yet clear. In his January 11 Wall Street Journal op-ed, President Biden called upon Congress to find bipartisan, common ground on privacy protection for Americans, especially children.
Copyright/IP. The U.S. Patent and Trademark Office extended the deadline until February 17 for submitting comments in response to a request for input on the agency’s 2022-2026 strategic plan. In 2023, the rising use and prominence of AI technology, like ChatGPT, may increase pressure on policymakers in Congress and the government to explore its ramifications for IP legislation and litigation, among other areas.
Antitrust/Competition. On January 24, the U.S. Dept. of Justice and eight states filed an antitrust lawsuit against Google, alleging that the company has abused its market power in online ads. The lawsuit, expected to be lengthy and complex, calls on Google to divest itself of parts of its interlocking systems of ad tech tools. President Biden called for bringing more competition back to the tech sector in his January 11 Wall Street Journal op-ed. The Federal Trade Commission (FTC) proposed a new rule that would ban non-compete clauses in employment contracts based on a preliminary finding that such terms constitute an unfair method of competition in violation of the FTC Act.
Broadband. The NTIA is developing guidance for states about how to approach local map challenges after it allocates the $42.5 billion from the Broadband Equity, Access, and Deployment (BEAD) program. The NTIA is preparing to allocate money to the states from BEAD following the closing of the deadline to challenge the Federal Communications Commission’s maps on which that funding is dependent. The NTIA has already decided on a base of $100 million for each state and has said it expects to allocate all remaining funds by June 30. In Congress, spectrum auction reauthorization will be on the agenda again in the first quarter of 2023 after key telecom and defense stakeholders in the prior Congress failed to reach an agreement on the issue in a broader year-end package. A short-term spectrum auction reauthorization included in the FY 2023 omnibus appropriations bill expires on March 9, 2023.
ISSUES
Section 230/Intermediary Liability
President Biden: Big Tech Op-Ed in Wall Street Journal – President Biden called on Congress to enact comprehensive privacy legislation, fundamentally reform Section 230 liability protections for hosted content, and pass strong antitrust measures targeted at Big Tech in an op-ed that was published in the Wall Street Journal on January 11. “[O]ur existing authority has limits,” Biden wrote. “We need bipartisan action from Congress to hold Big Tech accountable.” Getting a bipartisan agreement across all three issues seems unlikely at this time. House Republicans appear uninterested in pursuing an antitrust agenda. In addition, the two parties’ misgivings about Section 230—Republicans’ concerns about censorship and Democrats’ alarm about hate speech and disinformation—are opposed to one another. It also remains to be seen whether Congress can craft a bipartisan compromise federal privacy bill that can pass in both the House and the Senate, given how previous efforts foundered in the 117th Congress.
U.S. Supreme Court: Upcoming Oral Argument in Section 230 Review – Attorneys for Google defended the application of Section 230 liability protections to algorithmic recommendations in a brief they filed with the Supreme Court on January 12. In mid-January, numerous amici briefs from a wide range of stakeholders were filed in support of Section 230 in Gonzalez v. Google LLC. On February 21, 2023, the U.S. Supreme Court will hear oral arguments. The question presented in the case has been framed as whether Section 230—which protects tech platforms from lawsuits prompted by user-posted content — extends to content that platforms actively recommend, including via algorithms. The plaintiff has alleged that YouTube (which is owned by Google) promoted pro-terrorism videos ahead of 2015’s deadly attacks by ISIS terrorists in Paris. On February 22, the Supreme Court will hear arguments in Twitter, Inc. v. Taamneh. That case asks whether tech platforms can face liability under an anti-terrorism statute for “aiding and abetting” terrorism if pro-terrorism content shows up on the platform, regardless of whether the platform works to remove most instances of the content.
SCOTUS: Request for Biden Administration Views on Texas, Florida Social Media Laws – The Supreme Court invited the Biden administration to submit its views on the constitutionality of state laws enacted in Texas and Florida that would prohibit social media platforms from discriminating based on viewpoint and open up the platforms to legal liability for discriminatory bans or takedowns. The move will likely delay consideration of two petitions before the Court seeking to challenge the laws on First Amendment grounds. The 11th Circuit Court of Appeals struck down the Florida law in a ruling earlier this year, while the 5th Circuit upheld the Texas law but agreed in October to stay the law until the tech platforms could appeal to the Supreme Court. The outcome of these cases could have a profound impact on Section 230 and online speech generally.
House: Protecting Speech from Government Interference (H.R. 140) – House Oversight & Accountability Chair Rep. James Comer (R-KY), House Energy & Commerce Chair Cathy McMorris Rodgers (R-WA), and House Judiciary Committee Chair Jim Jordan (R-OH) introduced the Protecting Speech from Government Interference Act (H.R.140) on Jan. 9. The legislation prohibits federal officials from using their official authority, influence, or resources—including contracting, grantmaking, rulemaking, licensing, permitting, investigatory, or enforcement actions—to promote the censorship of lawful speech or to advocate for censorship by a third party or private entity. The bill is a response to allegations the Biden administration colluded with social media platforms to suppress certain COVID information and the Hunter Biden laptop story.
House: Oversight and Accountability Committee to Hear from Ex-Twitter Employees – The House Oversight and Accountability Committee is expected to receive testimony from several ex-Twitter employees the week of Feb. 6 at a hearing on alleged efforts to limit the reach of the Hunter Biden laptop story. Chairman James Comer (R-KY) called on Twitter’s former Chief Legal Officer Vijaya Gadde, former Deputy General Counsel James Baker, and former Global Head of Trust and Safety Yoel Roth to testify in a series of letters this past December.
House: E&C Republicans Blast Social Media for Contributing to Fentanyl Crisis – On Jan. 25, the new Republican majority on the House Energy and Commerce Committee held a roundtable on Big Tech and the fentanyl crisis at which Members blasted social media companies for allegedly promoting drug-related content. Chairwoman Rodgers accused the companies of “encouraging addictive behaviors in our children” and failing “to protect their users from malicious actors on their platform like drug dealers targeting vulnerable populations with counterfeit drugs laced with fentanyl.” Others, including Rep. John Curtis (R-UT), called for Section 230 reform to exempt certain content from liability protection.
House: CASE-IT Act Reintroduced – Rep. Greg Staub (R-FL) reintroduced the CASE-IT Act. The bill would amend Section 230 in an effort to promote free speech online while protecting children from dangerous content. This legislation would make Section 230 immunity conditional for market-dominant Big Tech companies – in order to receive special government protection, these platforms would be required to adhere to a First Amendment standard for their content moderation practices.
Senate: Online Illegal Drug Sales/Sec. 230 Bill Reintroduced – On Jan. 30, Sens. Joe Manchin (D-WV) and John Cornyn (R-TX) reintroduced the “See Something, Say Something Online Act.” The bill (S. 147) would require tech platforms to report illegal drug sales on their platforms or lose their legal protections under Section 230.
States: Lawsuits Alleging Social Media Harm Pile Up – On Jan. 6, a Seattle, Washington school district filed suit against top social media platform companies for allegedly manipulating youth into spending more and more time on their platforms, thereby creating a mental health crisis among children and teens. The district seeks damages under Washington’s public nuisance law. Plaintiffs in California and the Utah Attorney General are reportedly preparing to file similar lawsuits in state courts. Attorneys for the California plaintiffs are set to argue that algorithmic recommendation engines can cause eating disorders, anxiety, and depression. If the case is allowed to move forward, it will test a novel legal theory equating algorithms to defective products. Meanwhile, the State of Utah reportedly plans to file its suit in the near future. The Attorney General is currently evaluating “any and all” claims against the various social media platforms. Absent federal regulation, these cases seek to have profound regulating and liability impact on the relationship social media platforms have to their users.
i2Coalition’s Perspective – i2Coalition will continue its work to educate policymakers about the complexities of the Section 230 debate and threats posed to the entire Internet ecosystem beyond the largest tech social media platforms if uninformed legislation is adopted or legal cases are wrongly decided. In 2022, the i2Coalition joined with other prominent tech trade associations in a letter to the Senate Judiciary Committee to defeat further consideration of the ill-advised EARN IT Act. Throughout 2022, the i2Coalition built on its existing collaboration with our key allies in the library and higher education communities to promote a full understanding of the scope of Section 230. The i2Coalition filed an amici brief with the U.S. Supreme Court in Gonzalez v. Google LLC on January 18, 2023, to advance the Court’s accurate understanding of the scope and impact of Section 230’s immunity protections for Internet intermediary providers. Similarly, in the new 118th Congress, the i2Coalition will continue to inform and educate policymakers if misplaced enforcement and procedural approaches to online problems are proposed (e.g., the DRUGs Act).
Privacy
Congress: Comprehensive Federal Consumer Data Privacy & Children’s Privacy Legislation Outlook – The outlook for restarting consideration of federal comprehensive consumer data privacy and federal children’s privacy measures is still unclear, as the new 118th Congress so far has been occupied with organizing and populating its committees. The new House E&C Chair Cathy McMorris Rodgers (R-WA) strongly supports a comprehensive, national approach and could choose to build upon the American Data Privacy and Protection Act (ADPPA) on which she partnered in the prior Congress with Rep. Frank Pallone (D-NJ)–now the Ranking Member of the Committee. Whether and how the Senate Commerce Committee leaders–Chair Maria Cantwell (D-WA), and Ranking Member Ted Cruz (R-TX)–will work together to address comprehensive federal privacy legislation is not yet known. Committee roster changes in the new Congress also could affect the outlook for children’s privacy measures. Senate Democrats announced that Sen. Richard Blumenthal (D-CT) would no longer serve on the Senate Commerce Committee. As former chair of the Consumer Protection Subcommittee and lead sponsor of the Kids Online Safety Act (KOSA) in the prior Congress, Sen. Blumenthal was a champion of policies to protect children and teens online. KOSA is expected to be reintroduced this Congress, but it is now
unclear whether Sen. Blumenthal will remain the lead sponsor. The state of play on federal privacy legislation should become clearer in the coming weeks as Congress starts committee legislative business. Meanwhile, states with laws already on the books will continue their implementation, and many other states are expected to move ahead to debate privacy legislation introduced in their legislatures.
House: Terms of Service Labeling, Design and Readability (TLDR) Act Set for Reintroduction – In the coming weeks, Rep. Lori Trahan (D-MA) is planning to reintroduce her TLDR Act. The bill requires online service providers to “clearly” state what kinds of sensitive data they collect, provide consumers options for deleting these data, and disclose any data breaches within the past three years. The legislation also requires providers to declare what rights consumers cede by subscribing to a service and to summarize any recent changes to their software. The version of the TLDR Act introduced in the previous Congress is available here.
NTIA: Public Comments Invited on Data Privacy – NTIA issued a Request for Comment on Jan. 20 to address “issues at the intersection of privacy, equity, and civil rights.” The agency is looking to gather feedback on how the processing of personal information by private entities creates, exacerbates, or alleviates disproportionate harms for marginalized and historically excluded communities. It hopes to identify ways to prevent and deter harmful behavior, address harmful impacts, and remedy any gaps in existing privacy or civil rights law. The comments—along with information gathered through the three listening sessions NTIA held on these topics in December 2021—will inform a report on whether and how commercial data practices impact marginalized or disadvantaged communities. The commenting period closes on March 6.
i2Coalition’s Perspective – i2Coalition works closely with U.S. policymakers to educate about and maximize understanding of the business impacts of privacy and data collection legislation and regulation affecting the technology sector in the U.S. and globally. On October 6, 2022, in Washington, and on December 6 in Brussels, the i2Coalition and eco hosted timely webinars on the status of the EU-US Data Privacy Framework, with panelists from government, industry, and civil society. The i2Coalition will continue to follow EU-US efforts on transatlantic data flows policy making and engage with the responsible U.S. Department of Commerce officials and staff and with our EU allies and partners. In the 118th Congress, we will continue to focus on presenting
substantive updates and educational resources to Congress and federal policymakers about the work we are doing and the progress being made with ICANN and NTIA on the development of a
sound, workable global access model for domain name registration data meeting the requirements
of the GDPR and federal and state laws, and the needs of law enforcement agencies. In Congress
and before the Biden Administration, we will continue to emphasize the need to combine enhanced
privacy policies with the ability to deploy strong encryption, unencumbered by backdoors, as
primary tools we leverage in order to keep people safe online.
Copyright/IP
USPTO: Strategic Plan 2022-2026 Comments Extended – The U.S. Patent and Trademark Office extended the deadline for submitting comments in response to their request for input on the agency’s 2022-2026 strategic plan. The new deadline for providing feedback is February 17.
AI & Copyright Analysis: ChatGPT Impact – Increasing attention on AI and ChatGPT is putting a spotlight on copyright issues common to AI generally, such as how to assess copyright infringement risks when interacting with chatbots trained on copyrighted works, such as books. Questions include: can one own copyright in what ChatGPT generates, and who, ultimately, owns the works created? The legal landscape remains murky when it comes to copyright issues surrounding AI. Comprehensive case law has not yet developed on the subject, nor has statutory or regulatory guidance. As a starting point, the Copyright Office requires human creativity for copyright protection. What level of human creativity is sufficient, however, is unsettled. Stakeholders and Congress can be expected to ramp up consideration of these matters.
i2Coalition’s Perspective – i2Coalition will continue to actively fight for the preservation of Section 512 safe harbors of the DMCA that its members have relied upon, including particularly the conduit provisions, in order to launch and operate their businesses successfully without being deluged with litigation threats. We will work to educate policymakers in Congress and the Biden administration to ensure balanced policy outcomes for our members. In addition, the i2Coalition will engage through outreach, dialog, and the public comments process in any future Canadian copyright consultations to urge continuity of balanced approaches in the consideration of any reforms of Canada’s safe harbor framework for online intermediaries.
Cybersecurity
House: TikTok CEO to Testify in March – House E&C Chair Cathy McMorris Rodgers (R-WA) announced that the CEO of short-form video app TikTok will testify before the Committee on March 23. This will be the first time Shou Zi Chew has testified before Congress and comes amid plans in the House Foreign Affairs Committee to vote next month on legislation blocking TikTok in the U.S. over national security concerns.
House: National Digital Reserve Corps bipartisan legislation – A bipartisan bill was reintroduced on Jan. 11 that would create a National Digital Reserve Corps – a civilian organization tasked with addressing digital and cyber needs across the Federal government. The National Digital Reserve Corps bill – introduced by Reps. Robin Kelly, D-Ill., and Tony Gonzales, R-Texas–would require the General Services Administration (GSA) to detail individuals to agencies according to the government’s specific cybersecurity needs. The bill would allow private-sector tech specialists to sign up for a three-year period in which they would work for the Federal government for 30 days each calendar year to take on digital and cybersecurity projects, digital education and training, data triage, acquisition assistance, and development of technical solutions. The legislation is one of many attempts across the government to address a nationwide shortage of cyber talent. According to the bill, members of the corps would obtain security clearances, complete certifications, and receive training and education from the Federal government. Additionally, the National Digital Reserve Corps Act would require the Department of Labor to issue regulations that ensure the civilians’ jobs are waiting for them once they finish their annual service with the government. The same legislation was introduced in the 117th Congress, and Rep. Gonzales attempted unsuccessfully to tack it onto the 2022 National Defense Authorization Act. Critics of the legislation said the 30-day service period was too short to benefit the agencies’ cyber efforts.
CISA: Corporate Cyber Responsibility 2023 Goals – A top priority for the Cybersecurity and Infrastructure Security Agency (CISA) in 2023: cajoling corporations into better safeguarding their networks — including a potential laundry list of what that should include. In an interview with Yahoo Finance in early January at CES 2023 in Las Vegas, CISA Director Jen Easterly explained that the tech industry, consumers, and government need to come together to help improve cyber safety in the U.S. Companies need to embrace the idea of “corporate cyber responsibility,” CISA Chief of Staff Kiersten Todt told Politico in an interview on Jan. 27. Todt stressed that she’s talking about voluntary actions by companies and said CISA is exploring putting out guidelines to help them do that. That could include CISA creating a “series of best practices” on cybersecurity for boards and senior officials, she said. Todt said that CISA leaders would likely be discussing the initiative during appearances this year and stressed that the products created will not be presented as a “fait accompli” by CISA.
● CISA’s upcoming guidelines follow a long-held practice of trying to work with industry first and encourage the private sector to implement cybersecurity improvements on its own accord. As ransomware and other types of cyberattacks increasingly target the bottom line and reputations of businesses, the private sector has more incentive to comply. Todt said CISA would involve industry in any crafting of guidelines and that there
are no specific deadlines at the moment for the initiative. CISA could work with other agencies in prioritizing corporate cybersecurity, such as with the Small Business Administration, to help get smaller organizations involved, Todt said. More formally, the Internet Security Alliance and the National Association of Corporate Directors will be jointly involved in the program alongside CISA.
● NACD CEO and President Peter Gleason said in a statement that the group plans to release a new version of its Cyber-Risk Oversight Handbook in partnership with ISA at an event in March, which he said will include a “contribution from CISA and other agencies focused on cybersecurity.” He noted that more than 80 percent of directors surveyed by the NACD reported that the understanding of cybersecurity at the board level had
increased in the last two years, a positive trend. “Our collaboration with CISA helps communicate critical U.S. government guidance on urgent cyber matters to the board community,” Gleason said. ISA President Larry Clinton said that the program would help to “reorient the understanding of cybersecurity as a top-down strategic concern as opposed to simply a bottom-up operational concern…Working with CISA to help
broaden the adoption of these proven successful principles and practices could lead to a substantially improved cyber ecosystem and demonstrate that the most effective way for us to pursue cybersecurity is through the industry-government partnership model,” Clinton said.
● Companies have been more fixated on cybersecurity after a year in which CISA worked to ensure critical infrastructure groups were alert to potential threats from Russia as part of its “Shields Up” campaign. Todt noted that this effort served as a “catalyst” for boards to invest more in cybersecurity and that industry has made clear to CISA that they don’t want to go “shields down,” particularly due to ongoing ransomware attacks that have made cybersecurity a major concern for Americans.
DOJ: Hive Ransomware Network Seized – The Department of Justice, in cooperation with German and Dutch authorities, announced on Jan. 26 the seizure of servers and websites associated with the Hive ransomware network. The seizure marks the culmination of a months-long network intrusion campaign designed to take down the ransomware-as-a-service provider. Since infiltrating the Hive network in July 2022, the Federal Bureau of Investigation has provided over 300 decryption keys to Hive victims with active ransom demands and over 1,000 additional decryption keys to previously targeted organizations. The Department estimates it thwarted over $130 million in ransom payments.
NIST: Concept Paper for Revisions in CSF 2.0 – On Jan. 19, NIST published a 14-page concept paper outlining some of the major changes stakeholders can expect in version 2.0 of its Cybersecurity Framework. The text is generally being reviewed for broad applicability across sectors to organizations of all types and sizes, whereas the current CSF is targeted mainly at critical infrastructure.
● The new CSF will include a sixth, crosscutting “govern” function to inform and support the five high-level cybersecurity functions—identify, protect, detect, respond, and recover. NIST is also looking to expand the discussion of cybersecurity supply chain risk management, although it has not yet decided what form this will take. The agency offered three possible alternatives: (1) further integrating the supply chain across functions, (2) creating a new function related to oversight and management, or (3) expanding on existing material within the identified functions.
● NIST also made clear what is not changing in CSF 2.0. The agency does not intend to put forward a single approach to cybersecurity assessment—the revised framework will maintain the current level of flexibility and generality. Instead, NIST is looking to improve supplemental materials, such as example implementations and mappings of the CSF to sector or use-case-specific standards.
● The concept paper will be discussed at two upcoming events: a virtual workshop on February 15 and in-person working sessions on February 22-23. Comments can be submitted to NIST by March 3. NIST intends to publish its first draft of the CSF 2.0 this summer. The final publication is expected in winter 2024.
GAO: Report on Insufficient U.S. Govt. Agency Adoption of Cyber Recommendations – The Government Accountability Office (GAO) reported on Jan. 19 that U.S. government agencies failed to implement nearly 60 percent of its cybersecurity recommendations for federal IT systems since 2010. The report, the first of four planned on cybersecurity risk, urges the Biden administration to speed completion of its National Cybersecurity Strategy.
NIST: Digital Identity Guideline Revisions – The National Institute of Standards and Technology (NIST) held a Jan. 12 webinar to go over recently published draft updates to its guidelines for digital identification in federal systems. The guidelines are intended to help agencies prevent fraud, preserve privacy, and foster equity while delivering high-quality, usable services to all. The latest revision generally places a greater emphasis on equity, requiring agencies to account for impacts on individuals and communities as well as impacts on the organization. It also expands the list of acceptable identity-proofing alternatives to provide new mechanisms of secure service delivery for individuals with differing means, motivations, and backgrounds. Comments on the draft publication are due by March 24, 2023. To submit comments, download the comments template and email the completed form to dig-comments@nist.gov.
Senate: Warner Eyes Categorical Application Ban – Senate Intelligence Committee Chair Mark Warner (D-VA) is reportedly working on legislation to ban certain categories of applications from U.S. networks. “I have been reluctant to join some of the efforts that are just, ‘let’s just one-off ban a single app,’ because I think that invites retaliation,” Warner said. “I think you have to have a theory of the case that’s broader than a single use.” Such legislation would likely include TikTok within its scope.
Biden Admin.: Upcoming National Cybersecurity Strategy Calls For Regulation – The Biden Administration’s new National Cybersecurity Strategy, for the first time, calls on regulators to impose minimum cybersecurity requirements. The proposal seeks to use existing authorities to make rules for eleven of the sixteen critical infrastructure sectors and requests Congress authorize regulation of the remaining five. Organizations that “fail to take reasonable precautions to secure their software” would face legal liability. The draft strategy is currently undergoing final checks through interagency review and is expected to be published in the coming weeks.
NIST: Revised Zero-Trust Architecture Practice Guide Open for Comment – The National Cybersecurity Center of Excellence (NCCoE), a component of the National Institute of Standards and Technology (NIST), is seeking public comment on the second version of volumes A-D and the first version of volume E of its preliminary draft practice guide titled Implementing a Zero Trust Architecture. The publication showcases various interoperable, open, standards-based example implementations that use commercially available technology and align with concepts and principles in NIST Special Publication 800-207, Zero Trust Architecture. The updated versions of volumes A-D document three additional zero-trust implementations, while Volume E provides a risk analysis and mapping of zero-trust security characteristics to cybersecurity standards and recommended practices. Comments are due by February 6, 2023.
FCC: Proposed Updating Customer Data Breach Notification Rules for Telcos – On Jan. 6, the FCC issued a Notice of Proposed Rulemaking that would impose stricter notification requirements on telecommunication companies that experience a customer data breach. The new rule would eliminate the seven business day mandatory waiting period before notifying customers of a breach, expand the scope of reportable breaches to include inadvertent exposure of customer data, and mandate reporting of breaches to the FCC, FBI, and Secret Service.
ITRC: 2022 Data Breach Report – The non-profit organization Identity Theft Resource Center (ITRC) has just released its 2022 data breach report. The report found a steep year-on-year decline in the amount of useful information provided to customers affected by a data breach. This sudden lack of transparency created risks for victims and fueled uncertainty about the true scale and impact of data compromises, the report said. The ITRC also found that supply chain attacks were responsible for significantly more compromises than malware attacks. While the overall amount of data compromises was flat compared to 2021, the estimated number of victims increased dramatically due to data breaches at a single organization.
i2Coalition’s Perspective – As policymaker concerns and efforts intensify around how to improve cybersecurity and guard against growing attacks and threats, the i2Coalition has increased its monitoring of this area. We will continue to engage in targeted policy matters and proceedings where the i2Coalition’s participation can enhance understanding and support improvements. In this regard, on Nov. 14, the i2Coalition filed comments with CISA in response to the RFI on CIRCIA implementation.
Antitrust/Competition
DOJ: Google Sued by U.S. Govt. Over Alleged Ad Monopoly – The Justice Department and eight states filed an antitrust suit on Jan. 24 against Google for allegedly monopolizing multiple digital advertising technology products in violation of Sections 1 and 2 of the Sherman Act. The complaint alleges Google engaged in fifteen years of sustained conduct that effectively drove out rivals, diminished competition, inflated advertising costs, reduced website publisher revenues, stymied innovation, and flattened the public marketplace of ideas. It seeks to force divestiture of Google’s Ad Manager suite, including its publisher ad server and ad exchange. This is the second antitrust case DOJ has brought against Google in two years. The first, filed in October 2020, targeted the company’s dominance in search.
Senate: Judiciary Committee Live Nation Hearing – On Jan. 24, the Senate Judiciary Committee held a hearing on competition in the live entertainment industry, spurred on by the Taylor Swift ticketing controversy. Democratic Sens. Dick Durbin (D-IL) and Amy Klobuchar (D-MN) criticized Live Nation for reportedly retaliating against venues that use other ticketing services and locking out competitors through the use of multi-year exclusivity contracts, respectively. Republican Sens. Mike Lee (R-UT) and Josh Hawley (R-MO), meanwhile, focused on the Department of Justice’s apparent lack of enforcement of the Live Nation/Ticketmaster consent decree. A number of senators also raised concerns about the secondary ticket market, including the prevalence of bots and the online sale of speculative tickets. We expect a renewed focus on federal ticketing legislation in the months to come. Senators Blumenthal and Blackburn announced their plans to introduce a bill.
House: Judiciary Antitrust Subcommittee GOP Leadership Change – Rep. Thomas Massie (R-KY) was named Chair of the House Judiciary Subcommittee on Antitrust for the 118th Congress instead of Rep. Ken Buck (R-CO). Rep. Buck was the subcommittee’s Ranking Member in the prior Congress, and he is a vocal Big Tech critic and co-sponsored the major tech antitrust bills in the 118th Congress, which failed to garner sufficient support to become law.
FTC: Updates HSR Merger Filing Fees – Following up on last year’s passage of the Merger Filing Fee Modernization Act, the Federal Trade Commission recently published a new set of filing fees for proposed merger transactions. Under the new schedule, the fee for transactions valued at less than $161.5 million will decrease to $30,000, while the fee for transactions valued above $5 billion will increase to $2.25 million.
FTC: Proposed Ban on Non-compete Clauses – The Federal Trade Commission (FTC) proposed a new rule on Jan. 5 that would ban non-compete clauses in employment contracts—based on a preliminary finding that such terms constitute an unfair method of competition in violation of Section 5 of the Federal Trade Commission Act. The FTC characterized non-compete clauses as an “often exploitative practice that suppresses wages, hampers innovation, and blocks entrepreneurs from starting new businesses.” According to agency estimates, the proposed rule could expand career opportunities for about 30 million
Americans currently subject to non-competes and increase workers’ earnings by nearly $300 billion per year. Comments on the proposal are due 60 days after publication in the Federal Register. The FTC’s preliminary finding of authority in this matter will almost certainly be challenged in federal court. i2Coalition’s Perspective – i2Coalition monitors but has not actively engaged on this issue.
Trade
EU-US Data Privacy Framework: Status – On Jan. 17, the European Data Protection Board reported that it would use its next plenary meeting to discuss the proposed EU-U.S. Data Privacy Framework. This is an important next step in cementing the proposed EU-U.S. Data Privacy Framework and maintaining the $7.1 trillion transatlantic economic relationship.
U.S.-China: Japan, Netherlands Join U.S. Restrictions on Exporting Chip-Making Equipment – The Netherlands and Japan have reportedly agreed to implement restrictions on sales of advanced chip-making equipment to China. The move aligns the two U.S. allies with export licensing requirements the Biden Administration unilaterally imposed on American firms in October of last year. The exact details of the agreement have not been made public.
i2Coalition’s Perspective – i2Coalition continues to work for balanced trade agreements that foster digital trade, and we generally support efforts to put trade with China on a more level footing. We support the global digital trade principles articulated in the global industry letter to the G20 and will continue our engagement with USTR in support of those principles and against non-tariff trade barriers. The i2Coalition will also continue our work with our EU-based members on the DSA, DMA, and the NIS2 Directive toward balanced and transparent regulations, including providing input on major relevant U.S. policy discussions having an impact on evolving global intermediary liability principles (e.g., the Section 230 debate in the U.S. Congress). The i2Coalition will continue to underscore and educate USTR officials in the Special 301 proceedings about the key point that USTR should not confuse “notorious markets” with neutral intermediaries such as Internet infrastructure providers. The i2Coalition’s efforts before USTR are succeeding, as demonstrated in the 2021 Review of Notorious Markets for Counterfeiting and Piracy report released on February 17, in which not one of our Internet intermediary members or any other traditional Internet infrastructure company was cited in the online markets list.
Tech
NIST: Publication of AI Risk Management Framework – On Jan. 26, the National Institute of Standards and Technology (NIST) published version 1.0 of its voluntary AI Risk Management Framework (RMF). The AI RMF is divided into two parts. The first part discusses how organizations can frame the risks related to AI and outlines the characteristics of trustworthy AI systems. The second part, the core of the framework, describes four specific functions—govern, map, measure, and manage—to help organizations address the risks of AI systems in practice. NIST also released a companion AI RMF Playbook, which suggests ways to navigate and use the framework.
House: Science, Oversight Committee Chairs Question OSTP’s AI Blueprint – On Jan. 19, House Science Committee Chairman Frank Lucas (R-OK) and House Oversight Committee Chairman James Comer (R-KY) sent a letter to the White House Office of Science and Technology Policy (OSTP) raising concerns about inconsistencies between the National Institute of Standards and Technology (NIST) AI Risk Management Framework and OSTP Blueprint for an AI Bill of Rights. The Framework—developed with extensive input from government, academic, and industry stakeholders—is intended to serve as a guide to best practices for trustworthy AI design, development, and use. Lucas and Comer praised NIST’s work while expressing concern about the administration’s decision to publish what they view as inconsistent and duplicative guidance. They believe that the OSTP document conflicts with the Framework in a number of respects, including on fundamental issues like the definition of AI and principles for trustworthiness in AI systems. To help clear up any lingering confusion, the letter asks OSTP to respond to a series of questions no later than January 31st.
House: Congressman Lieu Calls for AI Regulator – In an op-ed published in the New York Times on Jan. 23, Congressman Ted Lieu (D-CA) called for the establishment of a federal agency dedicated to AI regulation. As a follow-up to the op-ed, Cong. Lieu used ChatGPT to draft related legislation. While the Congressman admitted the idea of an AI regulator was unlikely to garner immediate support, he said he was working on legislation to create a nonpartisan AI Commission that would recommend which types of AI to regulate, applicable regulatory standards, and potential agency structure. Mr. Lieu sits on the House Judiciary Committee and is one of only three Members of Congress to hold a computer science degree.
NAIRR Task Force: Report Proposes New AI Research Infrastructure, Funding – The National Artificial Intelligence Research Resource (NAIRR) Task Force issued a Jan. 2023 report calling on policymakers to establish a “widely accessible AI research cyberinfrastructure that brings together computational
resources, data, testbeds, algorithms, software, services, networks, and expertise.” The report, mandated by the National Artificial Intelligence Initiative Act of 2020, includes a detailed implementation plan and requests $2.5 billion over six years to fund the program.
Industry: Microsoft Adds Investment in OpenAI – Microsoft announced on Jan. 23 that it is adding billions of dollars more into OpenAI, which has been in the spotlight for its ChatGPT product which was released in November 2022 and which has both captivated tech enthusiasts and raised concerns within industry, education, and many other communities. Microsoft recently moved to accelerate the adoption of the technology by offering to let any company apply to use it through its Azure cloud-computing platform.
i2Coalition’s Perspective – i2Coalition monitors but has not actively engaged on this issue.
Telecommunications
NTIA: Guidance for Post-BEAD Allocation Challenges to Broadband Map – The National Telecommunications and Information Administration (NTIA) is working to develop guidance for how states should navigate broadband map challenges submitted after the agency’s BEAD funding allocations, according to a senior advisor to NTIA head Alan Davidson. The Commerce Department’s deadline for consideration of map challenges—with respect to funding—passed on Jan. 20, though the Federal Communication Commission (FCC) will continue to refine the maps. NTIA reaffirmed in a blog post that June 30th is its target date for making state and territory allocations under the BEAD Program. Several Members of Congress had been pushing in recent weeks for NTIA to delay making allocations so that state and local broadband officials could submit additional challenges to the National Broadband Map. The draft map data will form the basis of BEAD funding allocations.
GAO: Report & Recommendations on FCC Affordable Connectivity Program – The General Accounting Office (GAO) released a report on Jan. 25 assessing the FCC’s Affordable Connectivity Program (ACP). To make broadband more affordable for low-income Americans, the FCC’s ACP offers monthly discounts on broadband service to eligible households. As of Sept. 2022, over 14 million households had enrolled—about a third of the estimated eligible households. The GAO report provides nine recommendations for improving ACP’s operation, including that FCC improve its program goals and measures, revise its language translation process, develop a consumer outreach plan, and develop and implement various processes for managing fraud risks. The FCC has indicated it agrees with the GAO recommendations and has described its plans to address each one.
Congress: Spectrum Reauthorization – Spectrum reauthorization will be on the Congressional agenda again in the first quarter of 2023 after key telecom and defense stakeholders failed to reach an agreement on the issue in a broader year-end package. A short-term reauthorization included in the FY 2023 omnibus appropriations bill expires on March 9, 2023. Opening the lower 3 GHz spectrum to commercial use will likely remain a point of friction in negotiations. The Department of Defense currently controls the band.
FAA: 5G-Safe Altimeter Deadline Established – The Federal Aviation Administration (FAA) published a Notice of Proposed Rulemaking in Jan. that sets a Feb. 1, 2024 deadline for replacing or retrofitting radio altimeters that may experience interference from wireless broadband operations in the 5G C-Band. The FAA estimates that 820 registered airplanes require the addition of 5G filters to block interference, while 180 airplanes need wholesale altimeter replacements. Almost 7,000 airplanes on the U.S. registry are already equipped or are currently being retrofitted with altimeters that address 5G interference.
House: Communications and Technology Subcommittee Feb. 2 Satellite Hearing – House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and incoming Communications and Technology Subcommittee Chair Bob Latta (R-OH) announced a Feb. 2 hearing on ensuring America continues to lead in the burgeoning satellite communications industry.
FCC: January 26 Open Meeting – The FCC’s January open meeting included the following issues:
● Ensuring 988 Reliability and Resiliency: The Commission considered a Notice of Proposed Rulemaking on establishing reporting and notice requirements for service outages potentially affecting the 988 Suicide and Crisis Lifeline.
● Rural Health Care Program: The Commission considered an Order on Reconsideration, Second Report and Order, Order, and Second Further Notice of Proposed Rulemaking to rescind rules requiring calculation of support for the Rural Health Care Telecommunications Program using a database, improve processes for invoicing and program caps, propose additional enhancements to calculations of support, and propose a mechanism to allow the participation of newly-eligible health care providers.
● FCC: February Open Meeting Agenda – FCC Chairwoman Jessica Rosenworcel has announced items tentatively on the agenda for the February Open Commission Meeting scheduled for Feb. 16, 2023. The Commission will consider a Notice of Proposed Rulemaking to begin implementing the Safe Connections Act of 2022. The legislation aims to help survivors of domestic violence separate shared lines from abusers, protect the privacy of calls made to domestic abuse hotlines, and offer financial assistance to survivors through existing affordability programs. The Commission will also consider a Notice of Proposed Rulemaking seeking comments on improvements to the E-Rate program that would increase access for American Indian tribal applicants.
FCC: Broadband Access Public Feedback – The FCC’s Task Force to Prevent Digital Discrimination announced it is offering consumers an opportunity to share their stories and experiences obtaining broadband internet access. Chairwoman Jessica Rosenworcel established the cross-agency Task Force to help combat digital discrimination and promote equal access to broadband. Members of the public can share their stories using this new complaint form.
Telecommunications Workforce Interagency Group Issues Report – On Jan. 13, the Telecommunications Workforce Interagency Group (TWIG) issued a 48-page report listing recommendations to address the workforce needs of the telecommunications industry. TWIG members were appointed by the Chairwoman of the Federal Communications Commission, the head of the National Telecommunications and Information Administration, and the secretaries of Labor and of Education. The report was mandated by the Bipartisan Infrastructure Law.
NTIA: First Open Radio Access Networks Funding Available in Spring – The National Telecommunications and Information Administration (NTIA) announced at a listening session that it plans to release the first Notice of Funding Opportunity for the Public Wireless Supply Chain Innovation Fund in the spring. Authorized under the FY 2021 National Defense Authorization Act and funded through the CHIPS and Science Act, the program will award $1.5 billion in federal grants over ten years to boost the development and adoption of open radio access networks (ORANs).
Senate: Commerce Committee & Status of Hearing on Gigi Sohn Nomination – In early January, President Biden renominated Gigi Sohn to serve on the Federal Communications Commission (FCC), despite her confirmation stalling out for more than a year in the previous Congress. The timing for a third Senate Commerce Committee confirmation hearing on Gigi Sohn’s FCC nomination remains unclear. Chairwoman Maria Cantwell (D-WA) has indicated she wants to hold a hearing in February, while newly minted Ranking Member Ted Cruz (R-TX) reportedly objects to even having a third hearing. Communications Subcommittee Ranking Member John Thune (R-SD), meanwhile, is said to support a complete re-vetting of Sohn but is requesting to delay any hearing until March.
i2Coalition’s Perspective – i2Coalition monitors but has not actively engaged on this issue.
Economy/Energy/Environment
U.S. Hits Debt Limit – The Treasury Department started taking so-called “extraordinary measures” to keep paying the federal government’s bills as the U.S. hit its debt limit on Jan. 19. In a letter addressed to House Speaker Kevin McCarthy (R-CA), Treasury Secretary Janet Yellen said the Treasury will suspend new investments in the Civil Service Retirement and Disability Fund and the Postal Service Retiree Health
Benefits Fund from Thursday until June 5, 2023. Yellen warned that both moves are subject to “considerable uncertainty” if Congress does not pass a bill to increase the $31.4 trillion debt ceiling. The Secretary told lawmakers that she believes the extraordinary steps could allow the government to pay its obligations until early June. Yellen has urged Congress to “act in a timely manner to increase or suspend the debt limit,” as failing to do so could lead to a first-ever default on U.S. debt and cause economic damage around the world.
Senate: Manchin Seeks Delay of EV Tax Credits – Chairman Joe Manchin (D-WV) of the Senate Energy, and Natural Resources Committee is pushing to pass legislation to effectively delay the implementation of electric vehicle (EV) tax credits included in the Inflation Reduction Act (IRA) until the Treasury updates guidance on domestic battery and battery material sourcing. The American Vehicle Security Act would apply the IRA’s sourcing requirements effective January 1, 2023—disqualifying most EV purchasers from claiming the credit and potentially forcing some that do to repay the Treasury. The proposal has little chance of passage in the Democratic-majority Senate. Under current law, EV buyers may claim up to $7,500 in tax credits for most vehicles assembled in North America, pending Treasury guidance. Domestic content requirements for batteries will kick in only once new rules are issued. The Treasury was supposed to act before the end of 2022, but officials said they needed more time to think through enforcement. The Treasury expects to finalize its guidance by March 2023.
Congress: Outrage on Gas Stove Ban Comments – Members of the House and Senate expressed outrage at comments made by Consumer Protection and Safety Commission (CSPC) member Richard Trumka, who said he had not ruled out considering a ban on gas stoves. Recent studies have found evidence that gas stoves may lead to adverse health impacts (such as childhood asthma) because they can leak gas even when not turned on. The CPSC quickly clarified that the agency is only in the data-gathering stage and will be for a long time. There is currently no active effort to ban the sale or use of gas stove appliances.
EPA: Consideration of Cumulative Pollution to Boost Environmental Justice – The Environmental Protection Agency released a new playbook for confronting the onslaught of pollutants in low-income and minority communities across the country. The cumulative impacts addendum builds on a policy from May that dictates how the federal government considers pollution and climate change in communities of color when enforcing environmental statutes.
House: GOP Eliminates Select Committee on Climate – In the new Congress, House Republicans are eliminating the Select Committee on the Climate Crisis that had been established in the prior Congress by former Speaker Nancy Pelosi (D-CA). Instead, they are creating a new select committee to address competition with China. The GOP House members will likely work to bolster arguments against placing limits on U.S. energy production, which Republicans say fosters an over-reliance on Chinese products. The GOP also may go after activities at the EPA and the Departments of Interior and Energy they deem contrary to their energy and environmental goals.
i2Coalition’s Perspective – i2Coalition monitors but has not actively engaged on this issue.
COVID-19 Update
Vaccination Statistics – According to the CDC, as of January 26, 69.2% of the total U.S. population has completed a primary series of vaccination, and 81% has had at least one dose of vaccine. An updated (bivalent) booster dose has been received by 18.8% of people aged 18+ and 40.1% of people aged 65+.
i2Coalition’s Perspective – i2Coalition monitors but has not actively engaged on this issue.
RELEVANT HEARINGS & EVENTS TRACKED BY i2COALITION IN JANUARY
January 25
● House E&C GOP Members: Roundtable on Big Tech Role in the Fentanyl Crisis.
January 26
● FCC: Open meeting.
January 31st
● House Energy and Commerce: Organizational meeting.
● House Judiciary: Organizational meeting.
● House Energy and Commerce: Full Committee Hearing, American Energy Expansion:
Strengthening Economic, Environmental, and National Security.
● House Oversight: Organizational meeting.
● House Education and Workforce: Organizational meeting.