Tag: Legislation | Page 2

Far Reaching Impacts of New Internet of Things Legislation

March 12, 2021/in Internet Security

Enacted on December 4, 2020, the Internet of Things Cybersecurity Improvement Act of 2020 (the “IoT Act”) is expected to dramatically improve the cybersecurity of the ubiquitous IoT devices.[1] With IoT devices on track to exceed 21.5 billion by 2025, the IoT Act mandates cybersecurity standards and guidelines for the acquisition and use by the federal government of IoT devices capable of connecting to the Internet. The IoT Act, and the accompanying standards and guidance being developed by the National Institute of Standards and Technology (NIST) will directly affect government contractors who manufacture IoT devices for federal government use, or who provide services, software or information systems using IoT devices to the federal government.

There will also be a significant indirect effect on private sector organizations purchasing IoT devices or systems using such devices for corporate use. Indeed, Congress specifically intended for a wide ranging spillover effect on the private sector with the expectation that the proverbial rising tide will raise all boats. Organizations will ultimately need to determine whether they will purchase and use IoT devices, software and systems that meet the standards for federal use, or acquire insecure or less secure IoT devices and systems. Corporations that consume and use IoT devices and systems, including in manufacturing, logistics, healthcare, hospitality and retail, should consider the impact the IoT Act will have on organizational cybersecurity. The IoT Act and the accompanying NIST standards will influence compliance under state and federal laws providing for the cybersecurity of protected information, such as personal or private information, and protected health information (PHI).

Among other things, the IoT Act contains the following requirements:

NIST STANDARDS AND GUIDELINES FOR USE AND MANAGEMENT OF IoT DEVICES: NIST shall publish standards and guidelines for the federal government’s use of IoT devices, including minimum information security requirements for managing cybersecurity risks. The guidance shall address secure development, identity management, patching and configuration management. NIST…

Source…

EARN IT Legislation Threatens Long-Term Internet Security and Resiliency

June 28, 2020/in Internet Security

The EARN IT Act could make all online users far more vulnerable to cybersecurity risks without making children safer online.
internet security – read more

Rhode Island Legislators Decide To Introduce Some Random Dude’s First Amendment-Threatening Legislation

March 6, 2020/in Internet Security

Today’s most inexplicable legislative news comes to us from the state of Rhode Island, where legislators are apparently accepting (and submitting!) unsolicited pre-written bills from strangers on the street.

[Rep. Grace] Diaz told The Journal she introduced the legislation at the request of a man named Chris who approached her after a State House hearing, wearing what appeared to be a military uniform.

According to Diaz, Chris told her he had been “accused of something,″ and then found not guilty.

Diaz said the man told her the media reported the accusations, but not his acquittal, so he was left with a damaged reputation and no recourse. Diaz said the man gave her a copy of the bill, which appears to echo a bill filed in Mississippi.

Rep. Diaz asked Senator Sandra Cano to introduce the bill in the Senate, promising to do the same thing on the House side. Diaz did not do this and now Sen. Cano is trying to separate herself from a bill that openly threatens First Amendment protections while citing the enshrined right on its way to tarnishing it shortly thereafter.

The “Stop Guilt by Association Act” [PDF] threatens journalists with punishment if they don’t report on the outcome of court cases, civil and criminal. The incredibly stupid act is pure cognitive dissonance that would fine newspapers up to $ 10,000 for “failing” to report on lawsuit dismissals and dropped charges — supposedly with an eye on maintaining some bizarre level of “fairness” for subjects of news coverage.

In their legislation, the lawmakers acknowledge that the First Amendment of the U.S. Constitution says the government “shall make no law abridging the freedom of the press.”

But they make this argument in their bill:

“The state has a compelling interest to compel the press to promote the objective truth for the sake of the viability of democracy and for the safety, health, and welfare of our communities and in keeping with the spirit of the Due Process Clause of the Fourteenth Amendment and to stop the press from serving as a slander machine.”

For many reasons, legislators shouldn’t accept pre-written bills handed to them by people outside the legislature. They especially shouldn’t accept legislation written by this particular “Chris,” no matter what he’s wearing.

The man who spoke to Diaz was Chris Sevier, an anti-gay and anti-abortion activist who at one point was accused of stalking country music star John Rich.

This is the idiot behind multiple states’ declarations that porn is a “public health crisis.” This is the same man who once sued Apple because its products didn’t prevent him from viewing porn. He has also previously talked Rhode Island legislators into introducing extremely questionable legislation, so perhaps someone should have called bullshit on this before tossing it into the Senate’s inbox.

While it’s understandable people might not recognize Sevier on sight, despite his insistence on thrusting himself uninvited into the legislative limelight, it’s pretty much inexcusable to take a handful of paper from some rando on the street and ask other legislators to damage their own reputations by association.

Rep. Diaz at least appears to be properly horrified by this experience.

“My feeling is beyond what I can express,″ Diaz told The Journal on Thursday, after learning of Sevier’s history. “If I knew, I would run ten-thousand-million miles away from that guy.”

She said she sympathized with the issue Sevier raised in their very brief conversation, but regrets not doing more homework on him — and the legislation.

“I didn’t do my research,″ she said. “This is an experience that will teach me a lot for the future.”

But Senator Cano — despite withdrawing the bill — seems far too sympathetic to First Amendment-threatening legislation. Calling the lack of followup to indictments and lawsuits by journalists “fundamentally unfair,” Cano says she sympathizes with the intent of the bill, even if she realizes it runs afoul of the First Amendment.

No legislator should feel sympathetic to Sevier or his word salad. His bill is an unedited letter to the editor — one that makes its point about as skillfully and subtly as a Larry Klayman lawsuit.

“There has been a growing trend for individuals to abuse process and maliciously prosecute someone they disagree with ideologically by filing spurious cases and controversies in various government venues for ulterior motives, knowing that certain segments of the media that align with their ideology would serve as an accomplice by engaging in a form of defamation … by selectively reporting on the facts of the original case but not on the actual outcome.”

TIL: reporting on facts is defamation if it doesn’t include the facts someone might prefer to be highlighted. OK, then.

Fortunately, the bill is already dead. Unfortunately, this shows how little due diligence legislators do before submitting bills for consideration. A few minutes of Googling would have seen this headed to the trash receptacle, rather than the state legislature’s permanent record. And even the most cursory glance at its contents would have made it clear the bill was unconstitutional. Better late than never, I guess. But in this case, never would have been the much better option.

Permalink | Comments | Email This Story

Techdirt.

The Fate Of EU Legislation Designed To Bolster Data Protection Beyond The GDPR, The ePrivacy Regulation, Hangs In The Balance

December 6, 2019/in Internet Security

Whatever your views on the EU’s General Data Protection Regulation (GDPR), there is no denying the impact it has had on privacy around the world. Where the GDPR deals with personal data stored “at rest”, the proposed ePrivacy Regulation deals with with personal data “in motion” — that is, how it is gathered and flows across networks. As Techdirt discussed two years ago, the pushback from Internet companies and the advertising industry against increased consumer protection in this area has been unprecedented. Some details were provided at the time in a report from the Corporate Europe Observatory. Unfortunately, that massive lobbying has paid off. Good ideas in the draft text produced by the European Parliament, like banning encryption backdoors or “cookie walls”, have been dropped, as has the right of Internet users to refuse to accept tracking cookies. In the most recent version of the text (pdf) put together under the Austrian Presidency of the Council of the European Union (one of the three EU institutions that has to agree on the final law), there’s even a new bad idea:

In some cases the use of processing and storage capabilities of terminal equipment and the collection of information from end-users’ terminal equipment may also be necessary for providing an information society service, requested by the end-user, such as services provided to safeguard freedom of expression and information including for journalistic purposes, such as online newspaper or other press publications…that is wholly or mainly financed by advertising provided that, in addition, the end-user has been provided with clear, precise and user-friendly information about the purposes of cookies or similar techniques and has accepted such use

This section would give the news publishing industry a special right, enshrined in the ePrivacy Regulation, to use tracking cookies to support advertising, even though the original impetus behind the new law was to stop precisely this kind of obligatory commercial surveillance. Following its lobbyists’ success in obtaining a special link tax included in the awful EU Copyright Directive, this latest legal privilege is further testament to the power of the publishing industry in the EU.

Judging by the most recent draft text, the ePrivacy Regulation has been almost completely gutted of any strong protections for Internet users. And yet it seems even what little remains is too much for some EU member states, as a story on Euractiv reports:

The European Commission will present a revised ePrivacy proposal as part of the forthcoming Croatian Presidency of the EU, Internal Market Commissioner Thierry Breton announced on Tuesday (3 December), after previous talks failed to produce an agreement among member states.

The revamped measures will be made in a bid to find consensus between EU countries on the ePrivacy regulation which would see tech companies offering messaging and email services subjected to the same privacy rules as telecommunications providers.

Although the new Internal Market Commissioner Breton is quoted as saying: “You can count on me to find consensus between each of us”, others are not so sure. Some now believe that the entire ePrivacy Regulation will be dropped as being too hard to fix. That would be an incredible waste of years of work, a missed opportunity — and a huge victory for the lobbyists.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Permalink | Comments | Email This Story

Techdirt.

Tag Archive for: Legislation