The United States and Estonia: Partners in Cyber Security and Internet Freedom
Office of the Spokesperson
December 3, 2013
Secretary of State John Kerry and Estonian Foreign Minister Urmas Paet met in Brussels on December 3 to sign the U.S.-Estonia Cyber Partnership Statement on the margins of the NATO Ministerial meeting. Estonia is a key Ally of the United States and a recognized leader on issues of cyber security and Internet freedom. This Statement affirms the commitment of the United States and Estonia to continue working together to enhance an open, interoperable, secure, and reliable information and communications infrastructure and to prioritize openness and innovation on the Internet. The leaders pledged to deepen U.S.-Estonian cyber engagement in the following key areas:
Estonia is a recognized leader in cyber security. Our bilateral cyber relationship includes collaborative efforts on network protection, development cooperation, combating cyber-crime, strategic global policy alignment, internet freedom, and improving cyber education. Estonian and American Computer Emergency Readiness Teams (CERTs) are in regular contact in order to cooperate and effectively respond to cyber incidents.
Estonia hosts the NATO Cooperative Cyber Defense Center of Excellence, which serves as a repository of expertise on cyber security issues. The Center’s mission is to enhance the capability, cooperation and information sharing among NATO Allies and partners in cyber defense by virtue of education, research and development, lessons learned and consultation.
Estonia’s role as a leader and innovator in e-governance dates to 2001, after which many government and business services were offered online and an electronic national ID card system was developed and used for electronic voting. By 2005, Estonians were able to vote in local and national elections using the Internet.
Internet Freedom and Internet Governance
Estonia is a close partner in the Freedom Online Coalition, a group of governments collaborating with other stakeholders to advance Internet freedom. As current chair of the Coalition, Estonia will host the next Coalition Conference in Tallinn in spring 2014. The United States and Estonia are also donors to the Digital Defenders Partnership, which provides emergency support for Internet users in repressive environments who are under threat for peacefully exercising their universal rights online.
Estonia and the United States are strong partners on international cyber policy matters, including Internet governance and Internet freedom. Our governments work together in a wide variety of international fora, including the UN Group of Government Experts (GGE), which discusses the development of norms of state-to-state behavior in cyberspace, and the Organization for Security Co-operation in Europe (OSCE).
Category Archives: Cyber Law
Source – The White House:
The White House
Office of the Press Secretary
For Immediate Release November 22, 2013
Joint Statement on the Inaugural Meeting of the U.S.-Russia Bilateral Presidential Commission Working Group on Threats to and in the Use of Information and Communication Technologies (ICTs) in the Context of International Security
The United States and the Russian Federation held the inaugural bilateral meeting of the Working Group on Threats to and in the Use of ICTs in the Context of International Security, under the U.S.-Russia Bilateral Presidential Commission, on November 21–22 in Washington, D.C. In June 2013, President Obama and President Putin agreed to establish the working group to enhance confidence between the United States and the Russian Federation. U.S. Special Assistant to the President and Cybersecurity Coordinator Michael Daniel and Russian Deputy Secretary of the Security Council Nikolay Klimashin chaired the meeting, and State Department Coordinator for Cyber Issues Christopher Painter and Russian Special Coordinator for Political Affairs in the Use of ICTs Andrey Krutskikh served as the co-coordinators.
This meeting of the working group addressed a broad range of issues of mutual interest on threats to and in the use of ICTs in the context of international security. A key component of the discussion concerned the implementation of the bilateral confidence building measures (CBMs) announced by Presidents Obama and Putin in June 2013. These bilateral CBMs are intended to promote transparency and enhance strategic stability by reducing tensions caused by threats to and in the use of ICTs. One CBM, for example, uses the Nuclear Risk Reduction Centers in Washington and Moscow to facilitate reliable, real-time bilateral communication about malicious activity concerning threats to and in the use of ICTs. The participants discussed the implementation of the bilateral CBMs, and ways to promote regional CBMs in venues such as the OSCE and the ASEAN Regional Forum.
In addition to the CBMs, the working group also addressed policy issues such as norms of state behavior, cooperation to combat crime in the use of ICTs, and defense issues resulting from the use of ICTs.
The United States and the Russian Federation agreed to hold meetings of the Working Group on Threats to and in the Use of ICTs in the Context of International Security on a regular and scheduled basis.
Source – BIICL:
International Space and Cyber Security: Is International Law (Finally) Going Extra-terrestrial?
Thursday 5 December 2013 17:30 to 19:00
British Institute of International and Comparative Law, Charles Clore House, 17 Russell Square, London WC1B 5JP
Dr Jackson Maogoto, University of Manchester School of Law
Professor Sa’id Mosteshar, London Institute of Space Policy and Law
Mark Roberts, Programme Manager, Atkins
Space is increasingly having a practical impact on our lives. Issues ranging from the fast-approaching prospect of commercial space flights, the growing number of telecommunication satellites, space races between major and emerging powers and the fact that space may provide the next theatre of conflict – all raise acute questions relating to the regulation of space and cyber security. Although international law has been dealing with these issues for many decades, the time has come for international space law to yet again feature as a priority on research and policy agendas.
This event will discuss these topical issues from both academic and practical perspectives.
The seminar will be followed by a drinks reception.
This event has been convened by Dr Andraž Zidar, Dorset Senior Research Fellow in Public International Law.
Source – ECCWS:
13th European Conference on Cyber Warfare and Security ECCWS-2014
(formally the European Conference on Information Warfare and Security)
hosted by the The University of Piraeus
3-4 July 2014
Andrew Liaropoulos, University of Piraeus, Piraeus, Greece
George Tsihrintzis, University of Piraeus, Piraeus, Greece
The University of Piraeus has the honour and pleasure to invite you to the 13th European Conference on Cyber Warfare and Security to Piraeus. We strongly believe that this conference will once again provide an opportunity to advance communication between academics, researchers and industry. As in previous years, the ECCWS will address both theoretical and practical aspects of Information Warfare and Cyber Security. The ECCWS will provide the ideal forum to stimulate ideas and establish collaborations as well as to initiate intense discussions and provide network opportunities.
All of us at the University of Piraeus look forward for this event and wish to welcome you all in beautiful Piraeus in July 2014.
Source – EU Parliament:
European Parliament resolution of 24 October 2013 on Implementation report on the regulatory framework for electronic communications (2013/2080(INI))
The European Parliament ,
– having regard to Directive 2009/140/EC (Better Regulation Directive),
– having regard to Directive 2009/136/EC (Citizens’ Rights Directive),
– having regard to Regulation (EU) No 211/2009 (BEREC Regulation),
– having regard to Directive 2002/21/EC (Framework Directive),
– having regard to Directive 2002/20/EC (Authorisation Directive),
– having regard to Directive 2002/19/EC (Access Directive),
– having regard to Directive 2002/22/EC (Universal Service Directive),
– having regard to Directive 2002/58/EC (Directive on privacy and electronic communications),
– having regard to Regulation (EU) No 531/2012 (recast Roaming Regulation),
– having regard to Recommendation 2010/572/EU (Recommendation on regulated access to Next Generation Access Networks),
– having regard to Recommendation 2007/879/EC (Recommendation on relevant markets),
– having regard to Recommendation 2009/396/EC (Recommendation on termination rates),
– having regard to COM 2002/C 165/03 (SMP Guidelines),
– having regard to Recommendation 2008/850/EC (Rules of procedure in Article 7 of the Framework Directive),
– having regard to Decision No 243/2012/EU establishing a multiannual radio spectrum policy programme (RSPP),
– having regard to the proposal of 19 October 2011 for a Regulation of the European Parliament and of the Council establishing the Connecting Europe Facility (COM(2011)0665),
– having regard to the proposal of 7 February 2013 for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security (COM(2013)0048),
– having regard to the recent work done by the Body of European Regulators for Electronic Communications (BEREC) on net neutrality,
– having regard to the proposal of 26 March 2013 for a Regulation of the European Parliament and of the Council on measures to reduce the cost of deploying high-speed electronic communications networks (COM(2013)0147),
– having regard to Rule 48 of its Rules of Procedure,
– having regard to the report of the Committee on Industry, Research and Energy and the opinion of the Committee on the Internal Market and Consumer Protection (A7-0313/2013),
A. whereas the regulatory framework for electronic communications in the Union was last amended in 2009, on the basis of proposals presented in 2007 and following years of preparatory work;
B. whereas transposition of the 2009 amendments in the Member States was due by 25 May 2011 and was completed in the last Member State in January 2013;
C. whereas there is a margin of interpretation for each National Regulatory Authority (NRA) in the way it implements the framework, so that the evaluation of the framework’s efficiency canalso take account of the conditions under which the framework is implemented in the Member States;
D. whereas the differences in enforcement and implementation of the regulatory framework have led to higher costs for operators active in more than one country, thereby hindering investment and the development of a single market for telecoms;
E. whereas the Commission has not made use of the possibility of adopting a decision identifying transnational markets as specified in Article 15(4) of the Framework Directive (FD);
F. Whereas pan-European business users have not been recognised as a separate market segment, resulting in a lack of standardised wholesale offers, unnecessary costs and a fragmented internal market;
G. whereas the aims of the framework are to promote an ecosystem of competition, investment and innovation that contributes to the development of the internal market in communications to the benefit of consumers and enterprises – and in particular European enterprises – in that sector;
H. whereas the regulatory framework should be maintained as a coherent whole;
I. whereas, in line with better regulation principles, the Commission is obliged to periodically review the framework in order to ensure that it keeps pace with technological and market developments;
J. whereas, rather than building on the regulatory framework, the Commission has engaged in a parallel trail of individual initiatives, with the ‘single digital market’ as the latest avatar;
K. whereas the Commission has declared its intention to review the Directive on privacy and electronic communications and the recommendation on relevant markets, but not yet the other parts of the regulatory framework;
L. whereas the Commission has not updated the universal service obligations since 1998, despite the request included in the 2009 Citizens’ Rights Directive;
M. whereas a relevant, stable and consistent framework is essential to promote investment, innovation and competition and hence services of better quality;
N. whereas a collective NRA-based bottom-up approach has proven to be effective in promoting common regulatory case-law;
O. whereas functional separation, i.e. the obligation of a vertically integrated operator to place the activities related to the wholesale provision of relevant access products in an independently operating internal business unit, remains a remedy of last resort;
P. whereas effective and sustainable competition is an important driver of efficient investment over time;
Q. whereas the regulatory framework has promoted competition in the provision of electronic communications networks and services, to the benefit of consumers;
R. whereas the promotion of competition in the provision of electronic communications networks and services, along with the promotion of investment, are key policy objectives laid down in Article 8 of the FD;
S. whereas despite the progress being made, the EU is only taking small steps towards achieving the Digital Agenda’s broadband objectives within the targeted timeframe;
T. whereas the rollout of high-speed broadband internet access has been gradual (54 % of European households now have access to speeds of over 30 Mbps), but European consumers have been slow to adopt this type of access (only 4,2 % of households); whereas the rollout of ultrafast internet access (over 100 Mbps) has been slow, representing only 3,4 % of all fixed lines, and user demand appears weak, with only about 2 % of households subscribing to such lines(1) ;
U. whereas transparency in network traffic management is insufficient in itself to ensure net neutrality;
V. whereas issues regarding competition both between electronic communications services providers and between them and information society services providers deserve attention, in particular threats to the open character of the internet;
W. whereas obstructions to competition continue to be present on many networks; having regard to the failure to define and apply a principle of net neutrality to ensure non-discrimination of services for end-users;
X. whereas 4G deployment in Europe has been hindered by a lack of sufficient coordination in radio spectrum allocations, in particular the delay by Member States in carrying out the authorisation process in order to allow use of the 800 MHz band for electronic communications services by 1 January 2013, as stipulated by the Radio Spectrum Policy Programme (RSPP);
Y. whereas the RSPP has called on the Commission to review the use of the spectrum between 400 MHz and 6 GHz and assess whether additional spectrum could be freed and made available for new applications, such as, though not exclusively, the 700 Mhz band;
Z. whereas innovation and the development of new technologies and infrastructures should be taken into consideration when assessing the impact of the legal framework on the options offered to users and consumers;
AA. whereas the framework should remain neutral, and the same rules should apply to equivalent services;
1. Regrets the delay by Member States in transposing the 2009 changes to the regulatory framework for electronic communications, and draws attention to the fragmentation of the internal market in communications caused by the varying implementation of that framework in the 28 Member States;
2. Underlines the fact that while the framework has made substantial progress towards achieving its aims, the EU telecoms market remains fragmented along national borders, making it difficult for businesses and citizens to fully benefit from a single market;
3. Considers that only by having a competitive European market in high-speed broadband services can innovation, economic growth and job creation be stimulated and competitive prices offered to end users;
4. Considers that the next review should aim at a further evolution of the framework, with a view to addressing any weaknesses and taking account of market, social and technological developments and future trends;
5. Considers that the aspects to be considered in a review of the entire regulatory framework should include:
(i) the overdue review of the universal service obligation, including the obligation to offer broadband internet access at a fair price in response to the urgent need to reduce the digital divide, and in doing so mitigate the constraints imposed by state aid guidelines;
(ii) the competence of NRAs for all issues, including spectrum, that are addressed by the framework; the powers granted to the NRAs in the Member States and the scope of the NRA independence requirement, accordingly;
(iii) cooperation between the NRAs and national competition authorities;
(iv) the symmetric obligations relating to network access (Article 12 FD), since in certain Member States such regulatory powers were not given to NRAs;
(v) the rules on leverage effects (Article 14 FD) and joint dominance (Annex II FD), since despite the 2009 amendments the NRAs still find those tools difficult to use;
(vi) the market review processes;
(vii) the impact of services that are fully substitutable to those provided by traditional providers; in certain cases clarifications regarding the reach of the framework’s technological neutrality would be needed, as would clarifications on the dichotomy between services in the ‘information society’ bracket and those in the ’electronic communications’ bracket;
(viii) the necessity of abolishing redundant regulation;
(ix) the lifting of regulation where a market analysis has shown the market concerned to be truly competitive and that ways and means exist for extended monitoring;
(x) giving NRAs the opportunity to report on their experience with non-discrimination obligations and remedies;
(xi) the effectiveness and workings of the Article 7/7a procedures (‘co-regulation’): while overall both the Commission and BEREC agree that they work well, allowing for a proper balancing, the former argues that in some cases NRAs did not adjust all their regulatory measures, or were slow to adapt them, and the latter complain of tight time constraints;
(xii) the situation where phase II of the procedure is not triggered due to an NRA withdrawing its draft measure or where an NRA does not propose a remedy to a problem recognised on a certain market, in which case the only solution is an infringement procedure: for both such cases, a way to trigger a proper Article 7/7a procedure should exist;
(xiii) the effectiveness and workings of the Article 19 procedure: the Commission used its Article 19 powers twice (the NGA recommendation in September 2010, and the recommendation on non-discrimination and costing methodologies); since unlike for Article 7/7a there is no timeframe for the Article 19 procedure, the regulatory dialogue between BEREC and the Commission was less smooth, leading to complaints from BEREC that its opinion was requested at very short notice, and from the Commission that certain NRAs were reluctant in the drafting and implementation period;
(xiv) pan-European services and operators, taking into account the (unused) provision of Article 15(4) of the FD allowing the Commission to identify transnational markets; more focus should be given to the competitive provision of communications services to EU businesses and to the effective and consistent application of business grade remedies across the EU;
(xv) identification of transnational markets, as a first step at least with respect to business services; enabling providers to notify BEREC that they intend to serve such markets, and supervision of providers serving such markets by BEREC;
(xvi) BEREC and its functioning as well as the extension of the scope of its competences;
(xvii) freedom of access to content for all, following Article 1(3a) of the Framework Directive, and net neutrality building on Article 8(4)(g) of the Framework Directive;
(xviii) the recommendation on relevant markets;
(xix) the regulation of equipment, including bundling of equipment and operating systems;
(xx) recent global developments in cybersecurity and cyberespionage and the expectations of European citizens regarding respect of their privacy when using electronic communications and information society services, and
(xxi) the fact that the internet has become a crucial infrastructure for conducting a wide array of economic and social activities;
6. Considers that the main goals of the review should include:
(i) ensuring that fully substitutable services are subject to the same rules; to this end the definition of electronic communications services in Article 2(c) of the FD should be taken into consideration;
(ii) ensuring that consumers have access to comprehensive and comprehensible information on internet connection speeds to enable them to compare the services offered by different operators;
(iii) further promoting effective and sustainable competition, which is the main driver of efficient investment over time;
(iv) increasing competition on the European high-speed broadband market;
(v) providing a stable and sustainable framework for investment;
(vi) ensuring harmonised, consistent and effective application;
(vii) facilitating the development of pan-European providers and the provision of cross-border business services;
(viii) ensuring that the framework is fit for the digital age and delivers an internet ecosystem that support the entire economy, and
(ix) increasing user confidence in the internal market in communications, including through measures to implement the future regulatory framework for the protection of personal data and measures to increase the security of electronic communications on the internal market;
7. Believes that the overall aim of the framework should continue to be the promotion of a sectoral ecosystem of competition and investment which benefits consumers and users, while encouraging the creation of a true internal market in communications and promoting the global competitiveness of the Union;
8. Underlines that the regulatory framework must remain coherent, relevant and effective;
9. Believes that the framework must serve to maintain consistency and provide regulatory certainty so as to ensure fair and balanced competition in which European players stand every chance; considers that all the provisions proposed by the Commission, including a single European authorisation, consumer aspects and technical arrangements for spectrum auctions, could play an important role with a view to creating a single market for communications, but that they need to be assessed in the light of that objective; considers that the procedure for the review of the framework as called for herein must be viewed as a step forward for the Union’s digital economy and should hence be addressed by means of a cohesive and planned approach;
10. Stresses that non-discrimination of information in the sending, transmitting and receiving phase is necessary for encouraging innovation and eliminating entry barriers;
11. Emphasises that there is a potential for anti-competitive and discriminative behaviour in traffic management; calls, therefore, on the Member States to prevent any violation of net neutrality;
12. Notes that the provisions allowing N RAs to intervene to mandate service quality in the event of anti-competitive service blocking or restrictions, combined with better contract transparency, are powerful tools to ensure that consumers have access to and use of the services they choose;
13. Stresses that end-to-end quality of service prioritisation alongside best effort delivery could undermine the principle of net neutrality; calls on the Commission and the regulators to monitor these trends and, if appropriate, to deploy the quality of service obligation tools set out in Article 22 of the Universal Service and Users Rights Directive; calls for the consideration, if necessary, of additional legislative measures at EU level;
14. Stresses that in order to stimulate innovation, increase consumer choice, reduce costs and increase efficiency in the deployment of the high-speed electronic communication infrastructure, a mix of different measures and all available technologies should be explored and offered to consumers, so as to prevent the deterioration of service, the blocking of access and the slowing of traffic over networks;
15. Emphasises that the competent national authorities should aim to apply regulatory principles, procedures and conditions for spectrum usage which do not impede European electronic communications providers from providing networks and services in several Member States or across the Union;
16. Is convinced that increased spectrum coordination combined with the application of common principles for spectrum use rights across the Union would constitute a key remedy for tackling the problem of lack of predictability regarding spectrum availability, thus encouraging investment and economies of scale;
17. Stresses that incentive payments and/or the revoking of right of use in case of failure to use relevant radio spectrum could be important measures to free up sufficient harmonised radio spectrum in order to stimulate high-capacity wireless broadband services;
18. Emphasises that a pan-European auctioning of 4G and 5G wireless services, with a limited number of licensees collectively serving the whole territory of the EU, would enable pan-European wireless services, eroding the bases upon which roaming is built;
19. Calls on the Member States to give the consumer aspects of electronic communications a much higher priority; emphasises that well-functioning markets, with well-informed and confident consumers, are the backbone of the EU market as a whole;
20. Stresses that since consumers are increasingly choosing bundled contracts covering multiple services, it is particularly important that pre-contractual and existing contract update information requirements are strictly enforced;
21. Stresses the importance of enhanced consumer information requirements regarding service restrictions, device subsidies and traffic management; calls on the Member States and the Commission to ensure consistent enforcement of the ban on misleading advertising;
22. Emphasises that bundling of content can be a barrier to switching, and asks the Commission and BEREC to look at the potential anti-competitive aspects involved in this regard;
23. Notes that there are cases where carriers have restricted the tethering functionality (whereby a mobile phone can be used as a router/hotspot) of consumers’ mobile phones even though the consumer contract specifies unlimited data usage; asks the Commission and BEREC, therefore, to look into the issue of potentially misleading advertising in the light of the need for increased clarity in this regard;
24. Notes the importance of switching, ease of number portability in a dynamic market, contract transparency and provision of information to consumers regarding contract changes; regrets the fact that portability targets are not being met, and calls for action by the Commission and BEREC;
25. Supports those Member States which have implemented reinforced requirements for equivalent access for disabled users, and calls on all Member States to follow their example; calls on BEREC to improve the promotion of provisions and access for disabled users;
26. Commends all Member States for the implementation of the 112 common emergency telephone number; calls for improvements regarding caller location response time; notes that several Member States have already configured technologies that provide near-instant caller location;
27. Welcomes the Commission’s work on the practical implementation of the 116 numbers, especially the missing child hotline (116000); calls for better promotion of these numbers by the Commission;
28. Notes that the Commission has abandoned its ambitions for a pan-European telephone numbering system;
29. Emphasises the significant progress made in providing entry-level universal broadband access, while noting that it has been very uneven; encourages the Member States to meet the digital agenda targets by stimulating private and deploying public investment in new network capacity;
30. Emphasises that increasing data volume, limited availability of spectrum resources and the convergence of technologies, equipment and content require intelligent data traffic management and different methods of dissemination, such as cooperation between digital terrestrial broadcasting and wireless broadband networks;
31. Stresses that a review must be based on broad consultations with all interested parties and a thorough analysis of all issues;
32. Calls on the Commission, therefore, to initiate the next review of the entire framework, in order to allow a proper debate during the next parliamentary term;
33. Instructs its President to forward this resolution to the Council and the Commission.
S. 1638: A bill to promote public awareness of cybersecurity was introduced on October 31, 2013 by Sen. Sheldon Whitehouse (D-RI).
H.R. 3361: To reform the authorities of the Federal Government to require the production of certain business records, conduct electronic surveillance, use pen registers and trap and trace devices, and use other forms of information gathering for foreign intelligence, counterterrorism, and criminal purposes, and for other purposes was introduced on October 29, 2013 by Rep. James Sensenbrenner Jr. (R-WI5). This is the table of contents from the bill:
H.R.3361 — USA FREEDOM Act (Introduced in House – IH)
October 29, 2013
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
Sec. 1. Short title; table of contents.
TITLE I–FISA BUSINESS RECORDS REFORMS
SEC. 101. PRIVACY PROTECTIONS FOR BUSINESS RECORDS ORDERS.
`SEC. 502. EMERGENCY AUTHORITY FOR ACCESS TO CALL DETAIL RECORDS.
SEC. 102. INSPECTOR GENERAL REPORTS ON BUSINESS RECORDS ORDERS.
TITLE II–FISA PEN REGISTER AND TRAP AND TRACE DEVICE REFORMS
SEC. 201. PRIVACY PROTECTIONS FOR PEN REGISTERS AND TRAP AND TRACE DEVICES.
SEC. 202. INSPECTOR GENERAL REPORTS ON PEN REGISTERS AND TRAP AND TRACE DEVICES.
TITLE III–FISA ACQUISITIONS TARGETING PERSONS OUTSIDE THE UNITED STATES REFORMS
SEC. 302. PROTECTION AGAINST COLLECTION OF WHOLLY DOMESTIC COMMUNICATIONS.
SEC. 303. PROHIBITION ON REVERSE TARGETING.
SEC. 304. LIMITS ON USE OF UNLAWFULLY OBTAINED INFORMATION.
SEC. 305. MODIFICATION OF FISA AMENDMENTS ACT OF 2008 SUNSET.
SEC. 306. INSPECTOR GENERAL REVIEWS OF AUTHORITIES.
TITLE IV–FOREIGN INTELLIGENCE SURVEILLANCE COURT REFORMS
SEC. 401. OFFICE OF THE SPECIAL ADVOCATE.
`SEC. 901. DEFINITIONS.
`SEC. 902. OFFICE OF THE SPECIAL ADVOCATE.
`SEC. 903. ADVOCACY BEFORE THE FOREIGN INTELLIGENCE SURVEILLANCE COURT.
`SEC. 904. APPELLATE REVIEW.
`SEC. 905. DISCLOSURE.
`SEC. 906. ANNUAL REPORT TO CONGRESS.
`TITLE IX–OFFICE OF THE SPECIAL ADVOCATE
SEC. 402. FOREIGN INTELLIGENCE SURVEILLANCE COURT DISCLOSURE OF OPINIONS.
SEC. 403. PRESERVATION OF RIGHTS.
TITLE V–NATIONAL SECURITY LETTER REFORMS
SEC. 501. NATIONAL SECURITY LETTER AUTHORITY.
`SEC. 1114. ACCESS TO FINANCIAL RECORDS FOR CERTAIN INTELLIGENCE AND PROTECTIVE PURPOSES.
SEC. 502. LIMITATIONS ON DISCLOSURE OF NATIONAL SECURITY LETTERS.
SEC. 503. JUDICIAL REVIEW.
SEC. 504. INSPECTOR GENERAL REPORTS ON NATIONAL SECURITY LETTERS.
SEC. 505. NATIONAL SECURITY LETTER SUNSET.
SEC. 506. TECHNICAL AND CONFORMING AMENDMENTS.
TITLE VI–FISA AND NATIONAL SECURITY LETTER TRANSPARENCY REFORMS
SEC. 601. THIRD-PARTY REPORTING ON FISA ORDERS AND NATIONAL SECURITY LETTERS.
SEC. 602. GOVERNMENT REPORTING ON FISA ORDERS.
SEC. 603. GOVERNMENT REPORTING ON NATIONAL SECURITY LETTERS.
TITLE VII–PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD SUBPOENA AUTHORITY
SEC. 701. PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD SUBPOENA AUTHORITY.
H.Res. 399: Supporting the goals and ideals of National Cyber Security Awareness Month and raising awareness and enhancing the state of cybersecurity in the United States was introduced on October 30, 2013 by Rep. James “Jim” Langevin (D-RI2):
HRES 399 IH
H. RES. 399
Supporting the goals and ideals of National Cyber Security Awareness Month and raising awareness and enhancing the state of cybersecurity in the United States.
IN THE HOUSE OF REPRESENTATIVES
October 30, 2013
Mr. LANGEVIN submitted the following resolution; which was referred to the Committee on Science, Space, and Technology
Supporting the goals and ideals of National Cyber Security Awareness Month and raising awareness and enhancing the state of cybersecurity in the United States.
Whereas the use of the Internet in the United States to communicate, conduct business, or generate commerce that benefits the overall United States economy is ubiquitous;
Whereas many people use the Internet in the United States to communicate with family and friends, manage finances and pay bills, access educational opportunities, work remotely, shop at home, participate in online entertainment and games, and stay informed of news and current events;
Whereas the exponential growth of these services has led to a concomitant increase in the amount of personal data stored electronically;
Whereas the avenues to attack repositories holding these data have correspondingly increased and led to significant financial and personal privacy losses through theft and fraud;
Whereas the intellectual property, including proprietary information, copyrights, patents, trademarks, and related information, of business, academic institutions, government, and individuals are vital to the economic security of the United States;
Whereas the theft of intellectual property in the United States likely results in the loss of over $300,000,000,000 per year, according to the Commission on the Theft of American Intellectual Property;
Whereas this massive illicit activity is facilitated by advanced persistent threats and other state and non-state cyber actors;
Whereas United States small businesses, which employ a significant fraction of the private workforce, increasingly rely on the Internet to manage their businesses, expand their customer reach, and enhance the management of their supply chain;
Whereas studies have shown that small businesses are frequently the target of cyberattacks due to their less comprehensive defenses and that small businesses incur a significantly higher per capita cost per cyber incident than do larger companies;
Whereas critical infrastructure systems in the United States rely on the secure and reliable operation of information networks to support the United States Armed Forces, civilian government, energy, telecommunications, financial services, transportation, health care, and emergency response systems;
Whereas critical infrastructure owners and operators face a growing threat of cyberattack as evidenced by increasingly sophisticated and destructive attacks and the denial of service attacks perpetrated on financial institutions;
Whereas research tools continue to reveal the large number of industrial control systems and other critical information infrastructure connected to the Internet;
Whereas nearly all public schools in the United States have Internet access to enhance education, with a significant percentage of instructional rooms connected to the Internet to provide access to educational online content and encourage self-initiative to discover research resources;
Whereas the number of children who connect to the Internet continues to rise, and teaching children of all ages to become good cyber-citizens through safe, secure, and ethical online behaviors and practices is essential to protect their computer systems and potentially their personal safety;
Whereas in addition to increasing personal safety and web hygiene, cybersecurity education initiatives can foster an interest in the discipline that may culminate in matriculation into a cybersecurity occupation helping to ease the shortage of qualified professionals;
Whereas national organizations, policymakers, government agencies, private sector companies, nonprofit institutions, schools, academic organizations, consumers, and the media recognize the need to increase awareness of cybersecurity and the need for enhanced cybersecurity in the United States;
Whereas coordination between the numerous Federal agencies involved in cybersecurity efforts is essential to securing the cyber infrastructure of the United States;
Whereas the National Strategy to Secure Cyberspace, published in February 2003, recommends a comprehensive national awareness program to empower all people in the United States, including businesses, the general workforce, and the general population, to secure their own parts of cyberspace;
Whereas the White House’s Cyberspace Policy Review, published in May 2009, recommends that the United States Government initiate a national public awareness and education campaign to promote cybersecurity;
Whereas `STOP. THINK. CONNECT.’ is the national cybersecurity awareness campaign founded and led by the National Cyber Security Alliance and the Anti-Phishing Working Group as a public-private partnership with the Department of Homeland Security to help all digital citizens stay safer and more secure online;
Whereas the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology, is the coordinating body for the Federal Government to establish a sustainable, operational, and continually improving cybersecurity education program to enhance the Nation’s cybersecurity and support the development of a professional cybersecurity workforce and cyber-capable citizens; and
Whereas the National Cyber Security Alliance, the Multi-State Information Sharing and Analysis Center, the Department of Homeland Security, and other organizations working to improve cybersecurity in the United States have designated October 2013 as the tenth annual National Cyber Security Awareness Month in order to educate the people of the United States about the importance of cybersecurity: Now, therefore, be it
Resolved, That the House of Representatives–
(1) supports the goals and ideals of National Cyber Security Awareness Month;
(2) continues to work with Federal agencies, businesses, educational institutions, and other organizations to enhance the state of cybersecurity in the United States;
(3) commends the work of the National Initiative for Cybersecurity Education and all the Federal agencies, nonprofits, educational institutions, businesses, and other organizations that support this effort;
(4) recognizes `STOP. THINK. CONNECT.’ as the national cybersecurity awareness campaign to educate people of the United States and help all citizens stay safer and more secure online; and
(5) congratulates the National Cyber Security Alliance, the Multi-State Information Sharing and Analysis Center, the Department of Homeland Security, and other organizations working to improve cybersecurity in the United States on the tenth anniversary of the National Cyber Security Awareness Month.
Source – EU Parliment:
European Parliament resolution of 23 October 2013 on the suspension of the TFTP agreement as a result of US National Security Agency surveillance (2013/2831(RSP))
The European Parliament ,
– having regard to Article 16 of the Treaty on the Functioning of the European Union (TFEU),
– having regard to Article 87 TFEU,
– having regard to Article 225 TFEU,
– having regard to Article 226 TFEU,
– having regard to Article 218 TFEU,
– having regard to Article 234 TFEU,
– having regard to Article 314 TFEU,
– having regard to the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program (TFTP Agreement),
– having regard to its resolution of 4 July 2013 on the US National Security Agency surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ privacy(1) ,
– having regard to Council Decision 2010/412/EU of 13 July 2010 on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program(2) and the accompanying declarations by the Commission and the Council,
– having regard to its resolution of 17 September 2009 on the envisaged international agreement to make available to the United States Treasury Department financial payment messaging data to prevent and combat terrorism and terrorist financing(3) ,
– having regard to its position of 11 February 2010 on the proposal for a Council decision on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program(4) ,
– having regard to its resolution of 5 May 2010 on the Recommendation from the Commission to the Council to authorise the opening of negotiations for an agreement between the European Union and the United States of America to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing(5) ,
– having regard to its position of 8 July 2010 on the draft Council decision on the conclusion of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program(6) , and to the recommendation of its Committee on Civil Liberties, Justice and Home Affairs,
– having regard to the Commission reports of 30 March 2011 (SEC(2011)0438) and of 14 December 2012 (SWD(2012)0454) on the joint review of the implementation of the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program,
– having regard to the report of 1 March 2011 on the inspection of Europol’s implementation of the TFTP Agreement, conducted in November 2010 by the Europol Joint Supervisory Body,
– having regard to the Europol Joint Supervisory Body’s public statement of 14 March 2012 on the implementation of the TFTP Agreement,
– having regard to the assessment of 18 March 2013 by the Europol Joint Supervisory Body of the outcome of its third inspection of Europol’s implementation of its tasks under the TFTP Agreement,
– having regard to the letter of 18 April 2011 from Paul Breitbarth, of the Dutch Data Protection Authority, to the Head of Delegation of the EU Joint Review Team TFTP,
– having regard to the letter of 7 June 2011 from Jacob Kohnstamm, on behalf of the Article 29 Data Protection Working Party, to Ms Melissa A. Hartman, Deputy Assistant Secretary, US Department of the Treasury,
– having regard to the letter of 21 December 2012 from Jacob Kohnstamm, on behalf of the Article 29 Data Protection Working Party, to Juan Fernando López Aguilar, Chair of the Committee on Civil Liberties, Justice and Home Affairs,
– having regard to the letter of 12 September 2013 from Commissioner Malmström to David Cohen, Under-Secretary of the US Department of the Treasury for Terrorism and Financial Intelligence, and to Under-Secretary Cohen’s answer of 18 September 2013,
– having regard to the Commission communication of 13 July 2011 entitled ‘A European terrorist finance tracking system: available options’ (COM(2011)0429),
– having regard to Written Questions E-011200/2010, E-002166/2011, E-002762/2011, E-002783/2011, E-003148/2011, E-003778/2011, E-003779/2011, E-004483/2011, E-006633/2011, E-008044/2011, E-008752/2011, E-00617/2012, E-002349/2012, E-003325/2012, E-007570/2012 and E-000351/2013,
– having regard to Rule 110(2) and (4) of its Rules of Procedure,
A. whereas the Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Program (hereinafter ‘the Agreement’) entered into force on 1 August 2010;
B. whereas press reports indicate that the US National Security Agency (NSA) has had direct access to the IT systems of a number of private companies and gained direct access to financial payment messages referring to financial transfers and related data by a provider of international financial payment messaging services currently covered by the Agreement;
C. whereas in its aforementioned resolution of 4 July 2013 Parliament instructed its Committee on Civil Liberties, Justice and Home Affairs to conduct an in-depth inquiry into the matter in collaboration with national parliaments and the EU-US expert group set up by the Commission and to report back by the end of the year;
D. whereas, having rejected the temporary TFTP Agreement, a majority of the European Parliament gave its consent to the current TFTP Agreement only on account of the strengthened protection it afforded with a view to safeguarding EU citizens’ personal data and privacy rights;
E. whereas the US Treasury has classified a large quantity of relevant information regarding this Agreement as ‘EU Secret’;
F. whereas, according to the Article 29 Data Protection Working Party, the current procedure for exercising the right of access may not be adequate and in practice it may not be possible to exercise the right to rectification, erasure and blocking;
G. whereas the Commission has stated that while the Agreement sets out strict safeguards regarding the transfer of data;
H. whereas the Commission was invited to submit to Parliament and the Council, no later than 1 August 2011, a legal and technical framework for the extraction of data on EU territory and, no later than 1 August 2013, a progress report on the development of an equivalent EU system under Article 11 of the Agreement;
I. whereas instead of submitting the legal and technical framework for the extraction of data on EU territory, on 13 July 2011 the Commission presented a description of the different steps it has taken to move towards establishing such a legal and technical framework, communicating preliminary results and some theoretical options for a European terrorist finance tracking system without going into detail;
J. whereas talks between Commission services and the US administration cannot be considered to count as an investigation, and nor does mere reliance on statements by the US;
1. Takes the view, given that the EU’s core aim is to promote freedom of the individual, that security measures, including counterterrorism measures, must be pursued through the rule of law and must be subject to fundamental rights obligations, including those relating to privacy and data protection;
2. Reiterates that any transfer of personal data must comply with EU and Member State law and with fundamental rights obligations, including those relating to privacy and data protection;
3. Is seriously concerned about recently revealed documents on the NSA’s activities as regards direct access to financial payment messages and related data, which would constitute a clear breach of the Agreement, in particular Article 1 thereof;
4. Calls for a full on-site technical investigation into allegations that the US authorities have had unauthorised access or created possible back doors in the SWIFT servers; deplores the fact that no Member State has launched, or asked for, an investigation, in the absence of which the facts cannot be verified;
5. Reiterates the need to base any data sharing agreement with the US on a coherent legal data protection framework offering legally binding personal data protection standards, including with regard to purpose limitation, data minimisation, information, access, correction, erasure and redress;
6. Is concerned that the Agreement has not been implemented in accordance with its provisions, in particular those laid down in Articles 1, 4, 12, 13, 15 and 16 thereof;
7. Strongly urges the three institutions to deliberate carefully on the human rights implications of any future data exchange alternatives which fully respect data protection principles, especially the necessity and proportionality test;
8. Points out that the test of the necessity and proportionality of any measure that limits fundamental rights and freedoms needs to take into account the entire body of existing security measures targeting terrorism and serious crime; believes that blanket justification of every security measure by a general reference to the fight against terrorism or serious crime is not sufficient;
9. Asks the Council and the Member States, in the light of the above, to authorise an investigation by the Europol Cybercrime Centre into the allegations of unauthorised access to financial payment data governed by the Agreement;
10. Calls on the special inquiry by the Committee on Civil Liberties, Justice and Home Affairs into the mass surveillance of EU citizens to further investigate the allegations of unlawful access to financial payment messages covered by the Agreement;
11. Considers that, although Parliament has no formal powers under Article 218 TFEU to initiate the suspension or termination of an international agreement, the Commission will have to act if Parliament withdraws its support for a particular agreement; points out that, when considering whether or not to give its consent to future international agreements, Parliament will take account of the responses of the Commission and the Council in relation to this Agreement;
12. Asks the Commission, in the light of the above, to suspend the Agreement;
13. Requests that all relevant information and documents be made available immediately for Parliament’s deliberations;
14. Instructs its President to forward this resolution to the Council, the Commission and Europol.
(1) Texts adopted, P7_TA(2013)0322.
(2) OJ L 195, 27.7.2010, p. 3.
(3) OJ C 224 E, 19.8.2010, p. 8.
(4) OJ C 341 E, 16.12.2010, p. 100.
(5) OJ C 81 E, 15.3.2011, p. 66.
(6) OJ C 351 E, 2.12.2011, p. 453.
Source – US State Department:
U.S. Participation at the 2013 Internet Governance Forum
Office of the Spokesperson
October 21, 2013
U.S. Coordinator for International Communications and Information Policy Ambassador Daniel A. Sepulveda, Coordinator for Cyber Issues Christopher Painter, and Deputy Assistant Secretary of State for Democracy, Human Rights and Labor Scott Busby, will travel to Bali, Indonesia for the 2013 Internet Governance Forum (IGF), October 22-25.
The IGF was established by the World Summit on the Information Society to draw together a broad community of internet stakeholders, including governments, the private sector, civil society, academia, etc., to address evolving questions related to internet governance, internet freedom, and cyber security.
The United States believes the IGF represents an important venue through which to promote the kind of multi-stakeholder processes that have made the internet an engine of global economic growth and innovation. The overarching theme for the 2013 IGF meeting is: “Building Bridges”- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development.”
For press inquiries, contact Megan Mattson at MattsonMM2@state.gov.