Group items tagged

Oh, the double-edged sword of Twitter. It's not nice when it makes PR people and reporters look like asses, as Jennifer Leggio will post tomorrow. But it's a whole new can o' beans when it affects political power. And yup, Twitter did in fact (or not - see below) alter the balance of power in Virginia (the state capital of which is Richmond, Va., for what it's worth) this week, as Talking Points Memo blogs: Yesterday the Virginia GOP came very close to taking control of the state Senate, nearly luring a Democratic Senator to switch parties and put them at a 20-20 tie, which would have been broken by the Republican Lt. Governor. Then Jeff Frederick, a state legislator and the party chairman, ruined it all by Twittering this: Big news coming out of Senate: Apparently one dem is either switching or leaving the dem caucus. Negotiations for power sharing underway. The Dems then read the message, quickly mobilized to talk the renegade out of it, and stopped the GOP coup before it could happen. Here's Frederick's exciting presence on Twitter, featuring such nail-biting updates as: * Had great meeting; dinner @ Bookbinders; now at Lucky Strike/Cap Results party. Tired * Meeting w/ Senator about a bill he wants me to support. And then this intriguing post: Meeting w/ HseMajLdr abt my senate post earlier.He gave me info, which came f/ a Senator who said it was public. That will be a fun meeting. At any rate Frederick pointed to a blog post from conservative Roanoke County, which says the whole Twitter story is b.s., that the Dems already knew about the rogue House member before Frederick ever Tweeted. Even so, the strange power of Twitter is now well-established.

Feds would spend $20 billion on health IT if Senate and House agree in coming weeks. The House-passed version of the economic stimulus bill includes about $20 billion in spending for health IT. The bill, known as H.R. 1 or the American Recovery and Reinvestment Act of 2009, would make Medicare and Medicaid providers and hospitals eligible for incentive payments for using certified e-health records technology. It also supports health information exchanges, standards development and conformance testing, a chief privacy officer for health IT and other aspects of health IT. The portion of the bill called the Health Information Technology for Economic and Clinical Health Act -- the Hitech Act, for short -- and health IT spending provisions passed largely unchanged from the bills introduced earlier this month. The Senate is expected to take up a similar bill in the first week of February. The Senate bill now calls for $23 billion in health IT spending. Once it is passed, a House-Senate conference will need to resolve differences between the bills. Congressional leaders aim to send President Barack Obama the bill by mid-February.

US senators have drafted legislation that would give the federal government unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies. The bill would also establish a broad set of cybersecurity standards that would be imposed on the government and the private sector, including companies that provide software, IT work or other services to networks that are deemed to be critical infrastructure. It would also mandate licenses for all individuals administering to strategically important networks. The bill, which is being co-sponsored by Senate Commerce Committee chairman John Rockefeller IV and Senator Olympia Snowe, was expected to be referred to a senate committee on Wednesday. Shortly after a working draft of the legislation began circulating, some industry groups lined up to criticize it for giving the government too much control over the internet and the private companies that make it possible. "This gives the president too much power and there's too little oversight, if there's any at all," said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. "It gives him the power to act in the interest of national security, a vague term that has been broadly defined." Nojeim was pointing to language in the bill that permits the president to "order the limitation or shutdown of internet traffic to and from any compromised federal government or United States critical infrastructure information system or network" after first declaring a national cybersecurity emergency. A separate provision allows the executive in chief to "order the disconnection of any federal government or United States critical infrastructure information systems or networks in the interest of national security." "It applies to any critical infrastructure," Nojeim added. "Surely, the internet is one." The bill would also require NIST, or the National Institute of Standards and Techn

Legislation to reform the Federal Information Security Management Act of 2002 will be introduced in the Senate on Tuesday, a Senate staffer who helped draft the bill told a panel at the RSA Conference in San Francisco on Thursday. Erik Hopkins' presentation provided further evidence that the White House could assume greater control in coordinating federal government security. In the panel - The New FISMA: Security Finally Transcends Compliance - Hopkins offered a diagram illustrating the bill that showed a cyber office reporting directly to the president. Hopkins, who works for the Senate Committee on Homeland Security and Governmental Affairs, was the third federal official addressing conference attendees to suggest the White House will be given more authority in safeguarding federal government information systems. On Wednesday, Obama administration cybersecurity advisor Melissa Hathaway - who last week submitted to the president an assessment of federal cybersecurity policy - said the White House must lead federal government cybersecurity efforts. A day before, National Security Agency Director Keith Alexander said NSA would not lead the nation's cybersecurity efforts, suggesting a greater role for the White House. Hopkins said the benefits of FISMA reform includes improved coordination of security efforts, better economies of scale and greater situational awareness of security threats such as knowing where they originate and how the government will respond.

The California State Senate approved today SB 20, legislation by State Senator Joe Simitian (D-Palo Alto), which aims to strengthen existing privacy protection laws for California consumers. The new law builds on legislation authored by Simitian in 2002 that requires a business or government agency that incurs a data breach to provide notice to the individual(s) whose information was compromised. More than 40 states have adopted similar legislation since that time, largely based on the California measure. "No one likes to get the news that information about them has been stolen," said Simitian, "but when it happens, people are entitled to get a notice they can understand, and that helps them decide what to do next." "The premise is simple," added Simitian. "What you don´t know can hurt you. Ignorance is not bliss. And you can´t protect yourself if you don´t know you´re at risk." Simitian said his latest proposal (SB 20), "is designed to make a good law even better." California´s current security breach notification law (AB 700, Simitian -2002) requires notice to consumers when their information has been compromised, but does not require data holders to provide any standard set of information about the nature of the breach. SB 20 will enhance consumer knowledge about security breaches by requiring that the notification contain specified information, including the type of personal information breached and the date of the breach.

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

"Legislation, which now moves to the Senate, requires data brokers to provide nationwide notice for certain data breaches and allows consumers to verify and to correct information held on them by data brokers. The U.S. House of Representatives approved legislation Dec. 8 requiring data brokers to establish procedures to verify the accuracy of information that identifies individuals in their databases and to allow consumers to access and request correction of incorrect information. The Data Accountability and Trust Act, approved on a voice vote, would also require data brokers to provide nationwide notice in the event of certain security breaches. The legislation now moves to the U.S. Senate."

"The United States House of Representatives took a major step this week toward enacting a national data breach notification law. H.R. 2221, the Data Accountability and Trust Act (DATA), cleared the House with a voice vote. In its current form, DATA requires businesses to notify customers and the Federal Trade Commission (FTC) if sensitive information has been exposed to a security breach. If the U.S. Senate can reconcile its own approach to data breach notification legislation with DATA, a new federal standard will emerge. If signed into law by President Barack Obama, a federal data breach ¬law would pre-empt the jumbled mass of dozens of state laws. "You'd be better served by federal legislation if the federal legislation has teeth and doesn't pre-empt the state's law," said California state senator Joe Simitian, speaking to executive editor Scot Petersen in September. "If there was a meaningful standard at the national level, I think many states would be happy to accept it." Aside from the data breach notification required by the HITECH Act, DATA would put into place the first national law of its kind. H.R. 2221 was sponsored by House Subcommittee Chair Rep. Bobby L. Rush of Illinois. The bill specifically states that: "Any person engaged in interstate commerce that owns or possesses data in electronic form containing personal information shall, following the discovery of a breach of security of the system maintained by such person that contains such data -- 1. notify each individual who is a citizen or resident of the United States whose personal information was acquired by an unauthorized person as a result of such a breach of security; and 2. notify the Federal Trade Commission."

U.S. lawmakers need to make sure privacy safeguards are in place before pushing electronic health records (EHR) on the public, senators and witnesses said at a Senate Judiciary Committee hearing today. Health IT improvements are needed to improve the quality and efficiency of health care in the U.S., but patients might be wary of electronic health records without strong privacy safeguards built in, Sen. Patrick Leahy (D-Vt.) said. "If you don't have adequate safeguards to protect privacy, many Americans aren't going to seek medical treatment," Leahy said. "Health care providers who think there's a privacy risk ... are going to see that as inconsistent with their professional obligations, and they won't want to participate."

U.S. lawmakers need to make sure privacy safeguards are in place before pushing electronic health records (EHR) on the public, senators and witnesses said at a Senate Judiciary Committee hearing today. Health IT improvements are needed to improve the quality and efficiency of health care in the U.S., but patients might be wary of electronic health records without strong privacy safeguards built in, Sen. Patrick Leahy (D-Vt.) said. "If you don't have adequate safeguards to protect privacy, many Americans aren't going to seek medical treatment," Leahy said. "Health care providers who think there's a privacy risk ... are going to see that as inconsistent with their professional obligations, and they won't want to participate." An $825 billion economic stimulus package, called the American Recovery and Reinvestment Act, includes $20 billion targeted toward health IT efforts. The bill, which could come before the full House for a vote this week, establishes an Office of the National Coordinator for Health Information Technology, which will be responsible for driving health IT standards.

As the National Security Council works on its comprehensive review of federal cybersecurity programs for President Obama, it is going to great lengths to consider privacy and civil liberty issues, some Congress members said Thursday. The House Cybersecurity Caucus on Thursday met with Melissa Hathaway, the acting senior director for cyberspace for the National Security and Homeland Security Councils, who is conducting for the administration a 60-day cybersecurity review. Rep. James Langevin (D-R.I.), co-chair of the House Cybersecurity Caucus, said Hathaway has been meeting with privacy and civil liberties groups to receive their input on how to reform cybersecurity. Those issues are "a forethought rather than an afterthought," he said. "Because these are such powerful tools (to grant federal authorities to regulate cyberspace), we're going to have to have the buy-in of the public and have their support." While the Senate is working on its own plan for White House-run cybersecurity efforts, Langevin said Hathaway's assessment may ultimately suggest a strategy with a stronger emphasis on inter-agency efforts. Langevin said it is still unclear whether Hathaway will recommend that a new office for cybersecurity should be created within the Executive Office of the President--a move some senators are pushing for. Certainly, though, policy will have to come from the White House. "This is going to have to be an ongoing strategy of collaboration and cooperation directed out of the White House," Langevin said. "But there won't be one king, so to speak, at the end of the day. The chief information officers at the departments and agencies are still going to have a role to play."

Abortion has long been a misguided litmus test for the Supreme Court - but privacy rights?

Supreme Court nominee Judge Sonia Sotomayor's views on abortion and privacy rights are coming into the spotlight as attention turns to her confirmation. NARAL Pro-Choice America is urging senators to make sure Sotomayor is questioned on Roe v. Wade and privacy rights during her confirmation hearings. President Barack Obama is pro-choice, but Sotomayor's views are not known. The White House was asked yesterday if the president asked Sotomayor about abortion or privacy rights. A spokesman says the president did not specifically ask that question. The discussion comes as supporters and opponents of Sotomayor's nomination are taking their message to the airwaves. A coalition of liberal groups has unveiled a television advertisement in favor of Sotomayor's confirmation touting her extensive resume, while a conservative group calling itself the Judicial Confirmation Network has put out its own ad, charging Sotomayor will push a liberal agenda based on her gender and racial background. The White House is hoping Sotomayor will get the green light before the Senate goes on recess in August. Republicans are signaling they will not delay Sotomayor's confirmation, but will scrutinize her legal philosophy and some of her past decisions as a judge.

Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers' personal information. This will be the third time around the block for the Personal Data Privacy and Security Act, which has cleared the Judiciary Committee, but never come to a vote on the Senate floor. The bill would preempt the more than 40 state laws laying out requirements for notifying consumers in the event of a data breach, a long-deferred legislative goal that has the general support of the IT industry. But Leahy's bill is about more than just data breaches. Among other things, it would set baseline security information standards for government agencies, something that the Obama administration has begun to work on with the early steps of an overhaul of the government's cybersecurity apparatus. "This is a comprehensive bill that not only deals with the need to provide Americans with notice when they have been victims of a data breach, but that also deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place," Leahy said in a statement. "Passing this comprehensive data privacy legislation is one of my highest legislative priorities as Chairman of the Judiciary Committee."

"As the federal government readies the third iteration of Einstein, privacy concerns over the intrusion detection system were voiced at a Senate hearing on Tuesday. Philip Reitinger, Department of Homeland Security deputy undersecretary for the National Protection and Programs Directorate, told the Senate Committee on the Judiciary's Subcommittee on Terrorism and Homeland Security that DHS envisions deploying Einstein 3 as an intrusion prevention system. Einstein 1 monitors network flow and Einstein 2 detects system intrusions. "This more robust version of Einstein would provide the federal government with an improved early warning and an enhanced situational awareness; the ability to automatically detect malicious activity; and the capability to prevent malicious intrusions before harm is done," Reitinger said. But Gregory Nojeim, senior counsel and director of Project Freedom, Security and Technology at the Center for Democracy and Technology, cited press accounts that Einstein 3 would rely on pre-defined signatures of malicious code that might contain personally identified information, and threaten the privacy of law-abiding citizens. "While Einstein 2 merely detected and reported malicious code, Einstein 3 is to have the capability of intercepting threatening Internet traffic before it reaches a government system, raising additional concerns," Nojeim testified. Einstein 3 reportedly could operate within the networks of private telecommunications companies, and Nojeim wondered if the technology could analyze private-to-private communications. "If Einstein were to analyze private-to-private communications, that would likely be an interception under the electronic surveillance laws, requiring a court order," he said. "

Reform legislation is expected to be introduced this spring to update the Federal Information Security and Management Act, known as FISMA. A major complaint about FISMA is that complying with its rules does not necessarily guarantee departmental and agency information systems are secure. In this exclusive interview, Sen. Tom Carper, chairman of the Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, discusses: Key provisions in the bill to improve ways to measure and determine the security of federal government information systems; Efforts to create a government-wide Chief Information Security Officer Council; His views on the most pressing cybersecurity challenges facing the nation: identity theft and the viability of financial institutions and threats by foreign nations to federal information systems.

The ranking member of the Senate Homeland Security and Governmental Affairs Committee told the chief executive of Heartland Payment Systems that she was "astonished" a breach the company's information system lasted for nearly 1½ years without being detected. At a panel hearing Monday on protecting industry against growing cyber threats, Sen. Susan Collins, R.-Maine, asked Heartland CEO Robert Carr to explain how this delay happened. Carr responded that a breach is usually detected when the processing payer is notified of fraudulent use of cards, and that didn't occur until the end of 2008. "Isn't there software in the systems to detect such a breach?" Collins asked.

Late last month, the House passed an economic recovery package containing $20 billion for health information technology, which would require the Department of Health and Human Services to develop standards by 2010 for a nationwide system to exchange health data electronically. The version of the recovery package passed by the Senate yesterday contains slightly less funding for health information technology ("health IT"). But as Congress moves to reconcile the two stimulus packages, conservatives have begun attacking the health IT provisions, falsely claiming that they would lead to the government "telling the doctors what they can't and cannot treat, and on whom they can and cannot treat." The conservative misinformation campaign began on Monday with a Bloomberg "commentary" by Hudson Institute fellow Betsy McCaughey, which claimed that the legislation will have the government "monitor treatments" in order to "'guide' your doctor's decisions." McCaughey's imaginative misreading was quickly trumpeted by Rush Limbaugh and the Drudge Report, eventually ending up on Fox News, where McCaughey's opinion column was described as "a report." In one of the many Fox segments focused on the column, hosts Megyn Kelly and Bill Hemmer blindsided Sens. Arlen Specter (R-PA) and Jon Tester (D-MT) with McCaughey's false interpretation, causing them to promise that they would "get this provision clarified." On his radio show yesterday, Limbaugh credited himself for injecting the false story into the stimulus debate, saying that he "detailed it and now it's all over mainstream media."

With so many workers being axed, the threat to sensitive customer, corporate, military information should be examined. Once workers leave with sensitive information, good luck controlling exposure. Cross International borders and the issue potentially expands into an national "incident" with dire consequences for corporate reputation. Protectionism vs Patriotism. Issues raised in the Great Depression revisited with more impact due to expansion of the economy to global status.

Microsoft Corp.'s plan to eliminate U.S. workers after lobbying for more foreigner visas is stirring resentment among lawmakers and employees. As many as 5,000 employees are being shown the door at Microsoft, which uses more H1-B guest-worker visas than any other U.S. company. Some employees and politicians say Microsoft should get rid of foreigners first. "If they lay people off, are they going to think of America first or are they going to think of the world first?" Chuck Grassley, a Republican Senator from Iowa, said in an interview. He sent a letter to Microsoft Chief Executive Officer Steve Ballmer the day after Microsoft announced the job cuts last month, demanding Ballmer fire visa holders first. Across the technology industry, some of the biggest users of H1-B visas are cutting jobs, including Intel Corp., International Business Machines Corp. and Hewlett-Packard Co. The firings at Microsoft, the world's largest software maker, came less than a year after Chairman Bill Gates lobbied Congress for an expansion of the visa program. Even before Microsoft announced the cuts, its first-ever companywide layoffs, comments on a blog run by an anonymous Microsoft worker angrily debated getting rid of guest workers first. The author of the Mini-Microsoft blog eventually had to censor and then completely block all arguments about visas, after the conversation "got downright nasty."

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

Securing our Nation against cyber attacks has become one of the Nation's highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must vigorously defend against external attacks. Furthermore, for those external attacks that are successful, defenses must be capable of thwarting, detecting, and responding to follow-on attacks on internal networks as attackers spread inside a compromised network. A central tenet of the US Comprehensive National Cybersecurity Initiative (CNCI) is that 'offense must inform defense'. In other words, knowledge of actual attacks that have compromised systems provides the essential foundation on which to construct effective defenses. The US Senate Homeland Security and Government Affairs Committee moved to make this same tenet central to the Federal Information Security Management Act in drafting FISMA 2008.