Archive for the ‘federal legislation’ Category
With health care reform out of the way, lots of politicians are pushing out new legislative ideas, hoping that Congress can now focus on other issues — so we’re seeing lots of bad legislation proposed. Let’s do a two for one post, highlighting two questionable bills that many of you have been submitting. The first, proposed by Senators Schumer and Graham, is technically about immigration reform, which is needed, but what’s scary is that the plan includes yet another plan for a national ID card. Didn’t we just go through this with Real ID, which was rejected by the states? Jim Harper, who follows this particular issue more than just about anyone, has an excellent breakdown of the proposal, questioning what good a national ID does, while also pointing to the potential harm of such a plan.
Then we have the big cybercrime bill put forth by.. Senators Rockefeller and Snowe (updated, since there are two separate cybersecurity bills, and its the Rockefeller/Snowe one that has people scared), that tries to deal with the “serious threat of cybercrime.” But, of course, it already has tech companies worried about the unintended consequences, especially when it requires complying with gov’t-issued security practices that likely won’t keep up with what’s actually needed:
“Despite all [the] best efforts, we do have concerns regarding whether government can rapidly recognize best practices without defaulting to a one-size-fits all approach,” they wrote.
“The NIST-based requirements framework in the bill, coupled with government procurement requirements, if not clarified, could have the unintended effect of hindering the development and use of cutting-edge technologies, products, and services, even for those that would protect our critical information infrastructure.”
They added the bill might impose a bureaucratic employee-certification program on companies or give the president the authority to mandate security practices.
This is one of those bills that sounds good for the headlines (cybercrime is bad, we need to stop it), but has the opposite effect in reality: setting up needless “standards” that actually prevent good security practices. It’s bills like both of these that remind us that technologically illiterate politicians making technology policy will do funky things, assuming that technology works with some sort of magic.
BTC Exclusive – Language to HB 234, Utah’s state bill to opt-out of Real ID, was amended recently as a concession to gain Gov. Herbert’s signature. The amendment, authored by Senator Margaret Dayton, limited the state bill’s ability to prohibit all future national identity programs from consideration in the State of Utah. Future federal identity legislation, like the proposed Schumer-Graham bill to approve national biometric worker ID cards, would not be excluded from considerations in the amended version of the bill.
WASHINGTON – U.S. Senators Jeff Bingaman and Tom Udall today asked the Department of Homeland Security to provide New Mexicans with assurances that their travel plans early in the new year will not be disrupted by a federal law governing drivers’ licenses.
In 2005, Congress passed legislation — called the REAL ID Act — requiring states to tighten requirements related the issuance of drivers’ licenses because they are used as a standard form of identification for a variety of federal purposes, including air travel. While the senators support strengthening the standards governing IDs, they are concerned about a National Governors Association estimate that as many as 36 states – including New Mexico – will not be able to meet the Dec. 31, 2009, deadline to comply with the law.
In a letter to Homeland Security Secretary Janet Napolitano, the senators said enforcing the Dec. 31 deadline would cause a significant disruption in air travel. They also pointed out that New Mexico has asked for an extension of the deadline. In their letter, the senators urged DHS to quickly clarify its plans regarding the implementation of the REAL ID Act:
“The Department of Homeland Security has not indicated whether it will grant an extension, despite the fact that a majority of states are unlikely to be in compliance with the REAL ID Act. This is causing a great deal of anxiety for our constituents, who are seeing news reports that they will need a passport in order to fly on a commercial airline after the first of the year. Without assurances from your Department that a passport will not be necessary, many people may alter or cancel their travel plans. This uncertainty may also have a significant economic impact if the residents of non-compliant states decide not to fly or are unable to do so,” Bingaman and Udall wrote.
President Obama has indicated his desire to modify the REAL ID Act through new legislation, called the PASS ID Act, but that proposal has not yet been passed into law.
“While we understand the Administration’s desire to enact the PASS ID Act in lieu of granting an additional extension, the uncertainty surrounding the steps the Department may or may not take if the legislation is not signed into law is creating confusion and raising serious concerns in the many states that are not currently in full compliance with existing law,” Bingaman and Udall wrote.
SEE LETTER BELOW…
Full text of letter to DHS Secretary Napolitano:
November 30, 2009
The Honorable Janet Napolitano
U.S. Department of Homeland Security
Washington D.C. 20528
Dear Secretary Napolitano:
We are writing to respectfully request that the Department of Homeland Security provide an extension for states to become materially compliant with the REAL ID Act of 2005. As you know, more than thirty states, including New Mexico, are unlikely to meet the December 31, 2009 deadline. While we understand the Administration’s desire to enact the PASS ID Act in lieu of granting an additional extension, the uncertainty surrounding the steps the Department may or may not take if the legislation is not signed into law is creating confusion and raising serious concerns in the many states that are not currently in full compliance with existing law.
The Department of Homeland Security has not indicated whether it will grant an extension, despite the fact that a majority of states are unlikely to be in compliance with the REAL ID Act. This is causing a great deal of anxiety for our constituents, who are seeing news reports that they will need a passport in order to fly on a commercial airline after the first of the year. Without assurances from your Department that a passport will not be necessary, many people may alter or cancel their travel plans. This uncertainty may also have a significant economic impact if the residents of non-compliant states decide not to fly or are unable to do so.
The Director of the New Mexico Motor Vehicle Division sent you a request on November 25 to grant the state an extension of the December 31 deadline. We support this request; however, we also ask that if the Department does not intend to provide such an extension, that you issue a public statement as soon as possible to reassure the traveling public that you will work to mitigate the adverse impact of REAL ID.
Thank you for your attention to this matter and for your ongoing efforts to strengthen homeland security.
Source: Senator Tom Udall
Keeping Personal Data Private
c/o Wall Street Journal
Senator Patrick Leahy, a Democrat of Vermont, is sponsoring a bill, the Personal Data Privacy and Security Act of 2009, that would beef up cybersecurity and make people’s personal information safer. It would require entities that keep personal data to establish effective programs for ensuring that that data is kept confidential. That could include encryption of data, although the law does not specify any security method. When there is a breach, it would require that notice be given to individuals whose personal information is exposed.
The Leahy bill applies both to the private companies and to government, which is important, since both the private and public sectors have been responsible for major data breaches in the past few years. It would require data brokers — companies that collect personal data and sell it to third parties — to inform consumers about the data they have on them and allow people to correct erroneous information. The bill also makes it a crime to intentionally conceal a security breach that exposes personal data, and it increases criminal penalties for identity theft by use of electronic personal data.
One potentially troubling aspect of the bill is that it would pre-empt, or nullify, state laws in this area. That is not a problem if the bill remains in its current form. But it should not be allowed to get weaker during the legislative process. A weak federal law that pre-empts state protections would be worse than no federal law at all.
Mr. Leahy’s bill was sent to the full Senate by the Judiciary Committee this month along with another worthy, but more limited, bill introduced by Senator Dianne Feinstein, a Democrat of California. ::: MORE HERE:::
by Kevin Bankston
Even better, the Committee kept going after it was finished with PATRIOT to consider Representative Nadler’s State Secret Protection Act (HR 984), which would reform the state secrets privilege that the government has repeatedly used to try and throw EFF’s warrantless wiretapping cases out of court. After an impassioned defense by Mr. Nadler, who described how the government has used the privilege like a “magic incantation” to cover-up wrongdoing and warned that state secrecy “is the greatest threat to liberty at present,” the bill passed with even better numbers than the PATRIOT bill, 18 to 12!
It was, to say the least, a busy couple of days in the House Judiciary Committee. If you want the entire blow-by-blow of both day’s meetings, check out our Twitter stream at @EFF.
Admittedly, the PATRIOT bill isn’t all we had hoped for — as we described yesterday, it’s been weakened in a number of ways due to quiet pressure from the Obama Administration — but it passed through the Committee with most of its major reforms intact, and it is a substantial improvement over the PATRIOT bill approved by the Senate Judiciary Committee last month. Meanwhile, the state secrets reform bill made it through the committee without being watered down at all, with only a few technical changes. Thanks and congratulations to the representatives and activists that worked so hard to make that happen.
Eyes now turn to the Senate, where the Senate Judiciary Committee’s PATRIOT Bill (S. 1692) will soon land on the floor, and to the House Intelligence Committee, which will soon be marking-up its own competing PATRIOT bill with much fewer reforms (HR 3969). So, the war is far from over. But two important battles were won today.
$397 million for agency’s internal information security needs awaits Obama’s signature
The $43 billion appropriations bill included similar increases in other technology areas. A budget of about $1 billion, or about $75 million more than 2009, was approved for the DHS’s department of science and technology, which conducts research on such areas as cybersecurity and air cargo security.
The bill also provides an additional $91 million on top of a previously approved $60 million for a massive data center migration and consolidation effort underway at the DHS. The consolidation is part of a move by the DHS to build a new 4.5 million-square-foot facility in the Washington area. Obama’s economic stimulus package, which passed earlier this year, provided another $248 million for planning, design, IT infrastructure, fixtures and other costs related to the consolidation.
The Senate bill also extended the DHS’s online employment eligibility verification program, called E-Verify, by three years and allocated $137 million for operating the system and for improving its reliability and accuracy. Opponents of E-Verify had claimed the system was too buggy and error-prone to be used as the federal government’s primary tool for employment verification.
Meanwhile, in what appears to be a reaction to the growing opposition to the program, funding for the controversial Real ID initiative was cut back 40% from $100 million to $60 million in 2010.
Real ID, launched during the Bush administration, requires states to meet new federal standards for issuing driver’s licenses. It also requires links to driver’s license databases around the country.