How the Government’s 2013 Tech Policy Agenda Will Impact IT
From cybersecurity to privacy, mobile broadband to net neutrality, the coming year in Washington promises to be a busy one for the technology sector.
By Kenneth Corbin
As President Obama heads into his second term and the 113th Congress gavels in, lawmakers and regulators will return to work on a host of issues affecting the technology and telecom industries.
The committees seats are shuffling, and many senior administration officials and top staffers are expected to resign from their posts, but many of the core policy issues in the tech sector are still very much in play.
Here is a guide to a few of the many tech-policy debates on tap for 2013.
Cybersecurity Tops Lists of Policy Concerns
Of the many policy issues in play concerning the tech sector, few (if any) are debated with the same urgency as cybersecurity. The attacks are increasing in frequency and sophistication, and it may only be a matter of time before attackers deal a crippling blow to a critical segment of U.S. infrastructure, whether a regional electric grid or a financial market, a water-supply system or communications network. Senior government officials talk in terms of a “cyber Pearl Harbor” and an “existential threat.”
Of course, many find that level of rhetoric a bit overstated, but there is widespread agreement that the threats are real, and that policymakers have a role in addressing the issue, though there is sharp debate over what that role should be. After concerted bipartisan efforts to enact cybersecurity legislation stalled in the past two Congresses, the issue awaits the 113th.
Before the first committee even takes up cybersecurity in a hearing, however, the discussion could change dramatically with the release of an executive order from the White House, widely expected as early as this month.
That directive appears likely to call on private-sector operators of critical infrastructure to coordinate with government authorities to devise cybersecurity standards–on a voluntary basis–to bolster their defenses against digital attacks, according to Jake Olcott, a principal at the cybersecurity practice of the Washington consultancy Good Harbor Security Risk Management, and a former counsel to Sen. John Rockefeller (D-W.V.) who led negotiations to advance a comprehensive cybersecurity bill.
“It’s pretty clearly going to focus on critical infrastructure problems. The White House is sort of taking a page from some of the legislative debate and conversation and seeking to develop a public-private partnership that will create security baselines for owners and operators of critical infrastructure across all the various sectors,” Olcott says. “That’s not creating an obligation to follow those baselines–that can only be done with legislation.”
And that was one of the principal stumbling blocks that stalled the bill Olcott helped draft, along with another comprehensive measure led by now-retired Sen. Joe Lieberman (I-Conn.). Those two bills were eventually consolidated into one piece of legislation, which Majority Leader Harry Reid (D-Nev.) tried to bring to the Senate floor in November only to see it derail on a procedural vote before the debate could begin.
Opponents objected to new authorities that would be created for the Department of Homeland Security to oversee private-sector systems, even after the bill’s authors revised those sections to scale back the regulatory role for DHS.
“There does seem to be a bit of controversy about whether DHS is capable of certainly on one hand regulating critical infrastructure, on the other hand overseeing federal information security management,” Olcott says. “Some people in Congress claim that DHS shouldn’t be responsible for anything.”
Sen. John McCain (R-Ariz.) has been one of the more vocal skeptics of DHS’s ability to handle cybersecurity oversight, and in 2012 introduced a bill that would focus more narrowly on clearing away barriers to the sharing of information about threats and attacks between government and private-sector entities.
Somewhat reluctantly, Olcott lays odds at just better than 50-50 that Congress will pass a cybersecurity bill this year, and projects that activity on Capitol Hill will begin in earnest following the release of the White House executive order.
But from an industry perspective, the most important and meaningful action might not come from either end of Pennsylvania Ave., but from the Securities and Exchange Commission, where regulators pressing the businesses they oversee to make disclosures about cyber threats, according to Olcott, who advises executives on corporate governance relating to cybersecurity in his role at Good Harbor.
“I think the most significant development in Washington on cybersecurity will come from the SEC’s enforcement of the obligation that publicly traded companies have to report material cyber risks and events to investors,” he says.
Online Privacy Draws FTC, Commmerce and White House Attention
On the ever-contentious topic of online privacy, activity in the past year was concentrated outside of Congress, where the Federal Trade Commission, Commerce Department and White House all advanced outlines for protecting consumers’ personal information on the Web.
The FTC issued a call for makers of Web browsers to incorporate a do-not-track capability into their products, and the World Wide Web Consortium has since convened a series of multi-stakeholder talks concerning how such a tool could be implemented and standardized. Those talks, which have at times turned contentious, will continue into 2013, though the outcome is hardly clear.
Separately, the White House and Commerce Department issued a report early in the year calling for an online consumer bill of rights, reiterating the administration’s support for a largely self-regulatory approach through which Web companies like Google and Yahoo agree to and abide by a set of best practices to safeguard their users’ information.
The FTC and the Commerce Department’s National Telecommunications and Information Administration (NTIA) have both been convening separate series of meetings with various stakeholders to further hone their privacy frameworks. The heads of both agencies, while at once supportive of meaningful self-regulation, have endorsed privacy legislation that would avoid strict regulatory burdens while providing a baseline level of protection for consumers.
As a practical matter, the FTC is limited in its own enforcement authority on privacy matters to existing statutes concerning unfair and deceptive practices, or in specific cases when it has secured a consent decree from a company detailing specific commitments, as it has with both Facebook and Google. But in the hands of Congress, privacy legislation, though not a strictly partisan issue, has languished for the last several sessions, and the coming year might not be any different.
“I don’t think most people would expect any privacy legislation to be passed, although I suspect that there will be some hearings,” says Thomas Lenard, president of the Technology Policy Institute, a Washington think tank. “I don’t think there’s a critical mass to pass anything.”
Lenard sees a privacy debate in 2013 that is “to a large extent a continuation of the status quo,” which is to say more hearings, more multi-stakeholder meetings–such as NTIA’s ongoing work on mobile apps and privacy–more debates and the issuance of more reports. A wild card could involve any major data breaches or scandals concerning the misuse of sensitive information that result in specific enforcement actions against bad actors.
The NTIA has already scheduled five days of meetings on mobile apps dating out to April 4, and plans next to turn its attention to other facets of the privacy debate.
“We expect the consumer data privacy multi-stakeholder work on establishing a code of conduct on mobile application transparency to conclude successfully, and the stakeholders to move on to other business contexts,” NTIA Deputy Administrator Anna M. Gomez wrote in a blog post on the agency’s plans for 2013. “We also stand ready to work with Congress to enact baseline privacy rights through legislation.”
Many lawmakers on both sides of the aisle have expressed support for such a bill, but so far the technology and advertising industries have prevailed in their opposition to any legislation that could potentially stifle a new business model or undercut access to popular services and content on the Web, many made free by ads tailored to users’ online behavior.
“I still think when some of these members looks at these things closely they start to get a little worried–you better be careful not to make a mistake that could be harmful to innovation on the Internet,” Lenard says. “It’s not easy and I don’t know that there’s a huge demand on the part of the public for it.”
FCC Looks to Build Out Wireless Broadband
At the Federal Communications Commission, officials have been working in a number of areas to free up more spectrum for mobile broadband, an ongoing effort that will continue through 2013 and beyond.
The FCC will move forward with its rulemaking proceedings to set to the parameters of a major series of auctions it plans to hold in 2014, through which it plans to reallocate spectrum from TV broadcasters to mobile broadband providers, giving the broadcasters that participate a cut of the auction proceeds.
The agency also figures to tinker with other aspects of its spectrum policy as the year unfolds. At its first monthly meeting of 2013, scheduled for Jan. 31, FCC commissioners plan to vote on a report and order that would seek to make experimental spectrum available for novel medical devices and other products in the hopes of speeding their time to market.
At the Consumer Electronics Show in January, FCC Chairman Julius Genachowski outlined a new effort to expand the availability of super-fast, “Gigabit Wi-Fi” by some 35 percent in heavy-traffic areas like airports and convention centers. To achieve that goal, the FCC plans to make available 195 MHz of unlicensed spectrum in the 5 GHz band by coordinating with other federal agencies and non-government users of the band to free up the airwaves.
Genachowski’s support for mobile broadband capacity, though not without its skeptics, is fairly well supported on Capitol Hill. Lawmakers might quibble with some of the proposed rules for the auctions, and object to the balance the commission strikes between licensed and unlicensed spectrum, but the general goal of boosting wireless capacity amid soaring data consumption on smartphones, tablets and other devices is broadly welcomed (though the trade group representing TV broadcasters challenges the notion of spectrum scarcity and resists any effort to strong-arm its members into giving up their licenses).
But when Genachowski tried in 2010 to enact rules that would bar ISPs, both wireline and wireless, from blocking or slowing certain kinds of lawful content on their networks, such as a rival service that competes with one of the provider’s own offerings, he ran into a buzz saw.
GOP lawmakers erupted, and members of the telecom industry and their allies in Washington mounted a full-bore opposition campaign to the net neutrality proposal. At the end of a tortured year of negotiations among telecom opponents, Internet industry supporters like Google, lawmakers, advocacy groups of various dispositions and, of course, the FCC itself, Genachowski won just enough support within the commission to pass a watered-down version of his original proposal, which barred outright blocking but included significant exemptions for wireless carriers.
Nevertheless, the FCC was quickly hit with a lawsuit at the hands of Verizon, which was later joined by MetroPCS. The U.S. Court of Appeals for the D.C. Circuit is hearing the case, and the litigants filed a series of briefs over the past year leading up to oral arguments, which the court has yet to schedule.
The court’s ruling will have a major, if not definitive, impact on the FCC’s legal authority to impose its will on broadband providers. In 2010, the same D.C. court struck down an earlier agency order rebuking Comcast for throttling peer-to-peer traffic on its network, and many legal experts believe it will do so again when it rules on the industry-wide net neutrality rules.
If it does, the FCC will have the chance to appeal to the Supreme Court, or it could abandon net neutrality altogether. Alternatively, the agency could march ahead with a highly controversial proposal Genachowski floated in 2010 to reclassify broadband as a regulated telecommunications service, relying on its so-called Title II authority in communications law. Much to GOP lawmakers’ frustration, the FCC has kept that Title II proceeding open, despite pursuing a path toward net neutrality that did not involve reclassification. Though the politics would be formidable, the FCC could, conceivably, go the Title II route should it lose in court.
Adding another wrinkle to an already-convoluted situation is the widespread speculation that Genachowski won’t stick around much longer at the FCC, leaving the fate of broadband policy in the hands of his successor. No matter which scenario plays out, it figures to be an eventful year at the commission.