Washington Update

CongressDaily PM reports:

"The Senate Judiciary Committee punted on a bill today that would rework a portion of U.S. copyright law. Republican members needed more time to review the measure, which was new on the agenda, a GOP aide said after the brief markup. The legislation would change a statute that governs "orphan works," which are musical tracks, writings, images, videos or other content whose owners cannot be easily located. Judiciary Chairman Patrick Leahy said he had hoped the panel would approve the bill, which is co-sponsored by Sen. Orrin Hatch, R-Utah, a day after companion legislation passed the House Judiciary Courts, the Internet, and Intellectual Property Subcommittee."

Governor Timothy M. Kaine of Virginia has signed several General Assembly bills that arose from the Virginia Tech tragedy of a year ago "that will improve protections for our citizens and treatment for people with mental illness" according to a press release. Among the signed legisation is Senate Bill 538 that imposes new requirements for emergency notifications:

The U.S. Department of Education has issued a Notice of Proposed Rulemaking with proposed regulations pertaining to the Family Education Rights and Privacy (FERPA). Among other things, "the proposed regulations respond to changes in information technology and address other issues identified through the Department's experience administering FERPA," according to the Notice. Additionally, the regulations are needed to implement amendments to FERPA contained in the USA Patriot Act and the Campus Sex Crimes Prevention Act, to implement two U.S. Supreme Court decisions interpreting FERPA, and to make other necessary changes.

Among the IT-related changes are:

On December 10 and 11, 2007, the Federal Trade Commission will host a public workshop, “Security in Numbers: SSNs and ID Theft,” to explore the uses of Social Security numbers in the private sector and the role of SSNs in identity theft.  This workshop continues the work of the President’s Identity Theft Task Force, and, in particular, its recommendation to explore ways to reduce unnecessary uses of the SSN. 

The workshop will provide a forum for public-sector, private-sector, and consumer representatives to discuss the various uses of SSNs by the private sector, the necessity of those uses, alternatives available, the challenges faced by the private sector in moving away from using SSNs, and how SSNs are obtained and used by identity thieves.  The workshop will be free and open to the public.

For more information, visit http://www.ftc.gov/bcp/workshops/ssn/index.shtml

In a hearing before the U.S. House of Representatives Homeland Security Committee Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, subcommittee chair Rep. James R. Langevin (Dem.-RI) said, “I have great apprehension about the current framework DHS is creating with the sector specific plans (SSP’s) as they relate to cybersecurity.”  He continued, “The Federal government and the American people want to ensure there is a high level of cybersecurity protections on our critical infrastructure.

In response to the tragedy at Virginia Tech, Chairman Patrick Leahy of the Senate Judiciary Committee has combined several pre-existing bills into a comprehensive package that would provide for improvements in school safety and law enforcement. This legislation was approved by Committee and is waiting for full consideration by the Senate.

The Senate package -- titled The School Safety and Law Enforcement Improvement Act of 2007 ("SSLEIA") -- combines four bills previously reported to or by the Senate Judiciary Committee, with some modifications:

• The School Safety Enhancements Act (S.1217)
• The NICS Improvement Amendments Act (H.R. 2640)
• The Equity in Law Enforcement Act (S.1448)
• The Law Enforcement Officers Safety Act of 2007 (S.376)

The bill would, among other things,:

A Federal Register Notice has been published for the Department of Homeland Security's "Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development." The deadline for comments is December 7, 2007.

According to the Notice:

More information, including a downloadable version of the IT Security EBK, is available at http://www.us-cert.gov/ITSecurityEBK/

The Federal Trade Commission (FTC) has announced that it is seeking comments on the use of Social Security Numbers (SSNs) in the private sector. This inquiry is in response to a recommendation in the President’s Identity Theft Task Force Strategic Plan that called for the development of a comprehensive record on the uses of the SSN in the private sector and evaluate the necessity of those uses.

The Federal Trade Commission recently hosted a Spam Summit that focused on the next generation of threats and solutions.   The workshop brought together experts from the business, government, and technology sectors, consumer advocates, and academics to explore consumer protection issues surrounding spam, phishing, and malware. 

“This new generation of malicious spam goes beyond mere annoyance – it can result in significant harm to consumers and undermine the stability of the Internet and email in particular,” remarked FTC Chair Deborah Platt Majoras in her opening comments.  “Botnets – networks of hijacked personal computers that spammers use to conceal their identities – have become the preferred method for sending spam,” she observed.  She continued, “Even more troubling, spam reaching consumers’ inboxes is more often being used to launch phishing attacks and to deliver malicious code or ‘malware’ to consumers’ computers.” 

The Emerging Threats, Cybersecurity, and Science and Technology Subcommittee of the Homeland Security Committee in the U.S. House of Representatives held a hearing yesterday on the topic of “Hacking the Homeland: Investigating Cybersecurity Vulnerabilities at the Department of Homeland Security”. Chairman Rep. James Langevin (Dem-RI) commented, "It was a shock and disappointment to learn that the Department of Homeland Security - the agency charged with being the lead in our national cybersecurity - has suffered so many significant security incidents on its networks."

The full committee chairman, Rep. Bennie Thompson (Dem-Miss), asked: