Archive for the ‘federal legislation’ Category

BTC –  In a legislative recalculation, a proposal to retroactively defund appropriations for the Real ID hubs did not pass as previously anticipated, according to Jim Harper at the Cato Institute.
The defunding proposal was expected to pass as part of an annual budget bill drafted by Democrats before the 112th session commenced.  In an effort to fight overall budget expenditures, Republicans worked instead to pass a temporary spending measure over a year long budget.
Congress is expected to resume discussion of the annual budget in March.
Advertisements
c/o TechDirt , Mike Masnick

With health care reform out of the way, lots of politicians are pushing out new legislative ideas, hoping that Congress can now focus on other issues — so we’re seeing lots of bad legislation proposed. Let’s do a two for one post, highlighting two questionable bills that many of you have been submitting. The first, proposed by Senators Schumer and Graham, is technically about immigration reform, which is needed, but what’s scary is that the plan includes yet another plan for a national ID card. Didn’t we just go through this with Real ID, which was rejected by the states? Jim Harper, who follows this particular issue more than just about anyone, has an excellent breakdown of the proposal, questioning what good a national ID does, while also pointing to the potential harm of such a plan.

Then we have the big cybercrime bill put forth by.. Senators Rockefeller and Snowe (updated, since there are two separate cybersecurity bills, and its the Rockefeller/Snowe one that has people scared), that tries to deal with the “serious threat of cybercrime.” But, of course, it already has tech companies worried about the unintended consequences, especially when it requires complying with gov’t-issued security practices that likely won’t keep up with what’s actually needed:

“Despite all [the] best efforts, we do have concerns regarding whether government can rapidly recognize best practices without defaulting to a one-size-fits all approach,” they wrote.

“The NIST-based requirements framework in the bill, coupled with government procurement requirements, if not clarified, could have the unintended effect of hindering the development and use of cutting-edge technologies, products, and services, even for those that would protect our critical information infrastructure.”

They added the bill might impose a bureaucratic employee-certification program on companies or give the president the authority to mandate security practices.


This is one of those bills that sounds good for the headlines (cybercrime is bad, we need to stop it), but has the opposite effect in reality: setting up needless “standards” that actually prevent good security practices. It’s bills like both of these that remind us that technologically illiterate politicians making technology policy will do funky things, assuming that technology works with some sort of magic.

BTC Exclusive – Language to HB 234, Utah’s state bill to opt-out of Real ID, was amended recently as a concession to gain Gov. Herbert’s signature. The amendment, authored by Senator Margaret Dayton, limited the state bill’s ability to prohibit all future national identity programs from consideration in the State of Utah. Future federal identity legislation, like the proposed Schumer-Graham bill to approve national biometric worker ID cards, would not be excluded from considerations in the amended version of the bill.

The bill, if passed as amended, would close the door on any future implementations or benchmark compliance movements in Utah. The issue of license benchmark compliances were debated during the bill’s passage through the House, according to sponsor Rep. Stephen Sandstrom. Citizens opposed to Real ID and similar legislations balked at some of the bill’s language, doubting the bill’s ability to stop incremental movements forward to implement the use of RFID and subsequent databases.

“There is nothing in the current [license] code to [move forward with RFID, databases], ” said Sandstrom, who says the bill would opt-out Utah of any future compliance with the Real ID Act, but not of future programs involving national identity.
License holders who possesss cards which comply in part with the Real ID Act program will not have to return to the DMV to get a different license once the bill is passed. For instance, Utah license holders with benchmark compliant bar codes won’t return to long lines to renew or replace licenses for new IDs without barcodes. Utah licenses with the barcodes also won’t be moved to the next step of being incorporated into a national to international database aggregate set forward by the Real ID program.

New Mexico’s Senators provide representation on National ID debate

WASHINGTON – U.S. Senators Jeff Bingaman and Tom Udall today asked the Department of Homeland Security to provide New Mexicans with assurances that their travel plans early in the new year will not be disrupted by a federal law governing drivers’ licenses.

In 2005, Congress passed legislation — called the REAL ID Act — requiring states to tighten requirements related the issuance of drivers’ licenses because they are used as a standard form of identification for a variety of federal purposes, including air travel. While the senators support strengthening the standards governing IDs, they are concerned about a National Governors Association estimate that as many as 36 states – including New Mexico – will not be able to meet the Dec. 31, 2009, deadline to comply with the law.

In a letter to Homeland Security Secretary Janet Napolitano, the senators said enforcing the Dec. 31 deadline would cause a significant disruption in air travel. They also pointed out that New Mexico has asked for an extension of the deadline. In their letter, the senators urged DHS to quickly clarify its plans regarding the implementation of the REAL ID Act:

“The Department of Homeland Security has not indicated whether it will grant an extension, despite the fact that a majority of states are unlikely to be in compliance with the REAL ID Act. This is causing a great deal of anxiety for our constituents, who are seeing news reports that they will need a passport in order to fly on a commercial airline after the first of the year. Without assurances from your Department that a passport will not be necessary, many people may alter or cancel their travel plans. This uncertainty may also have a significant economic impact if the residents of non-compliant states decide not to fly or are unable to do so,” Bingaman and Udall wrote.

President Obama has indicated his desire to modify the REAL ID Act through new legislation, called the PASS ID Act, but that proposal has not yet been passed into law.

“While we understand the Administration’s desire to enact the PASS ID Act in lieu of granting an additional extension, the uncertainty surrounding the steps the Department may or may not take if the legislation is not signed into law is creating confusion and raising serious concerns in the many states that are not currently in full compliance with existing law,” Bingaman and Udall wrote.

SEE LETTER BELOW…

Full text of letter to DHS Secretary Napolitano:

November 30, 2009

The Honorable Janet Napolitano
Secretary
U.S. Department of Homeland Security
Washington D.C. 20528

Dear Secretary Napolitano:

We are writing to respectfully request that the Department of Homeland Security provide an extension for states to become materially compliant with the REAL ID Act of 2005. As you know, more than thirty states, including New Mexico, are unlikely to meet the December 31, 2009 deadline. While we understand the Administration’s desire to enact the PASS ID Act in lieu of granting an additional extension, the uncertainty surrounding the steps the Department may or may not take if the legislation is not signed into law is creating confusion and raising serious concerns in the many states that are not currently in full compliance with existing law.

The Department of Homeland Security has not indicated whether it will grant an extension, despite the fact that a majority of states are unlikely to be in compliance with the REAL ID Act. This is causing a great deal of anxiety for our constituents, who are seeing news reports that they will need a passport in order to fly on a commercial airline after the first of the year. Without assurances from your Department that a passport will not be necessary, many people may alter or cancel their travel plans. This uncertainty may also have a significant economic impact if the residents of non-compliant states decide not to fly or are unable to do so.

The Director of the New Mexico Motor Vehicle Division sent you a request on November 25 to grant the state an extension of the December 31 deadline. We support this request; however, we also ask that if the Department does not intend to provide such an extension, that you issue a public statement as soon as possible to reassure the traveling public that you will work to mitigate the adverse impact of REAL ID.

Thank you for your attention to this matter and for your ongoing efforts to strengthen homeland security.

Sincerely,

_________________
Jeff Bingaman
U.S. Senator

_________________
Tom Udall
U.S. Senator

Source: Senator Tom Udall

Keeping Personal Data Private

c/o Wall Street Journal

Senator Patrick Leahy, a Democrat of Vermont, is sponsoring a bill, the Personal Data Privacy and Security Act of 2009, that would beef up cybersecurity and make people’s personal information safer. It would require entities that keep personal data to establish effective programs for ensuring that that data is kept confidential. That could include encryption of data, although the law does not specify any security method. When there is a breach, it would require that notice be given to individuals whose personal information is exposed.

The Leahy bill applies both to the private companies and to government, which is important, since both the private and public sectors have been responsible for major data breaches in the past few years. It would require data brokers — companies that collect personal data and sell it to third parties — to inform consumers about the data they have on them and allow people to correct erroneous information. The bill also makes it a crime to intentionally conceal a security breach that exposes personal data, and it increases criminal penalties for identity theft by use of electronic personal data.

One potentially troubling aspect of the bill is that it would pre-empt, or nullify, state laws in this area. That is not a problem if the bill remains in its current form. But it should not be allowed to get weaker during the legislative process. A weak federal law that pre-empts state protections would be worse than no federal law at all.

Mr. Leahy’s bill was sent to the full Senate by the Judiciary Committee this month along with another worthy, but more limited, bill introduced by Senator Dianne Feinstein, a Democrat of California. ::: MORE HERE:::

c/o EFF
by Kevin Bankston

After a long two days of legislative battle, the House Judiciary Committee just finished its second day of debate on Chairman Conyers’ PATRIOT reform bill, HR 3845 (see our wrap-up of the first day). Thanks in no small part to those of you who used our action alert, the Committee rejected almost all amendments that would have weakened the bill’s reforms and voted to recommend the bill to the House floor by a vote of 16 to 10.

Even better, the Committee kept going after it was finished with PATRIOT to consider Representative Nadler’s State Secret Protection Act (HR 984), which would reform the state secrets privilege that the government has repeatedly used to try and throw EFF’s warrantless wiretapping cases out of court. After an impassioned defense by Mr. Nadler, who described how the government has used the privilege like a “magic incantation” to cover-up wrongdoing and warned that state secrecy “is the greatest threat to liberty at present,” the bill passed with even better numbers than the PATRIOT bill, 18 to 12!

It was, to say the least, a busy couple of days in the House Judiciary Committee. If you want the entire blow-by-blow of both day’s meetings, check out our Twitter stream at @EFF.

Admittedly, the PATRIOT bill isn’t all we had hoped for — as we described yesterday, it’s been weakened in a number of ways due to quiet pressure from the Obama Administration — but it passed through the Committee with most of its major reforms intact, and it is a substantial improvement over the PATRIOT bill approved by the Senate Judiciary Committee last month. Meanwhile, the state secrets reform bill made it through the committee without being watered down at all, with only a few technical changes. Thanks and congratulations to the representatives and activists that worked so hard to make that happen.

Eyes now turn to the Senate, where the Senate Judiciary Committee’s PATRIOT Bill (S. 1692) will soon land on the floor, and to the House Intelligence Committee, which will soon be marking-up its own competing PATRIOT bill with much fewer reforms (HR 3969). So, the war is far from over. But two important battles were won today.

$397 million for agency’s internal information security needs awaits Obama’s signature

COMPUTER WORLD


The amount set aside for DHS cybersecurity spending next year looks “about right” said Karen Evans, former de facto federal CIO under the Bush administration. The amount is meant for internal DHS operations only and is consistent with increases provided to other departments and agencies, she said. Cybersecurity spending across the government for 2010 is projected at about $7.5 billion, or about 10% of the total IT budget of $75 billion, she added.

The $43 billion appropriations bill included similar increases in other technology areas. A budget of about $1 billion, or about $75 million more than 2009, was approved for the DHS’s department of science and technology, which conducts research on such areas as cybersecurity and air cargo security.

The bill also provides an additional $91 million on top of a previously approved $60 million for a massive data center migration and consolidation effort underway at the DHS. The consolidation is part of a move by the DHS to build a new 4.5 million-square-foot facility in the Washington area. Obama’s economic stimulus package, which passed earlier this year, provided another $248 million for planning, design, IT infrastructure, fixtures and other costs related to the consolidation.

The Senate bill also extended the DHS’s online employment eligibility verification program, called E-Verify, by three years and allocated $137 million for operating the system and for improving its reliability and accuracy. Opponents of E-Verify had claimed the system was too buggy and error-prone to be used as the federal government’s primary tool for employment verification.

Meanwhile, in what appears to be a reaction to the growing opposition to the program, funding for the controversial Real ID initiative was cut back 40% from $100 million to $60 million in 2010.

Real ID, launched during the Bush administration, requires states to meet new federal standards for issuing driver’s licenses. It also requires links to driver’s license databases around the country.