Net Neutrality 2017: The Battle Continues…

By Danny Restivo (posted 7/6/17)

On July 12, 2017, a number of website landing pages will display “blocked,” “please upgrade,” or “paying customers only” banners. Fortunately for active users, the banners will only last 24 hours. These protest banners (example below) will be part of The Day of Action”, which is supported by the likes of Netflix, Amazon, Facebook, Twitter, GitHub, Reddit, OKCupid, Etsy, and a broad coalition of tech, media/social media, e-commerce, and other companies that peg their livelihood to the internet. The campaign aims to raise awareness regarding the Federal Communication Commission (FCC)’s proposed plan to roll back net neutrality measures later this summer.

Just two years ago, the FCC classified internet service providers as carriers under Title II of the Telecommunications Act. The decision forced ISPs to face regulatory measures like public utilities, while ensuring all ISPs treat content equally. Under President Donald Trump’s guidance, the FCC has targeted the regulation, drawing a number of large companies into a fray that may decide how online audiences view content.

The FCC’s net neutrality establishes three rules:

  1. Broadband providers can’t block access to legal content, applications, services or non-harmful devices.
  2. ISP’s can’t impair or reduce lawful internet traffic on the basis of content, applications, services or non-harmful devices.
  3. They may not favor some internet traffic over other internet traffic in exchange for consideration of any kind—no paid prioritization or fast lanes.

“The Internet is the most powerful and pervasive platform on the planet. It’s simply too tom_wheeler_fccimportant to be left without rules and without referees on the field,” said Tom Wheeler, the former chair of the Federal Communications Commission, following the FCC’s 3-2 vote in favor of Net Neutrality in 2015. “Today is a red-letter day for Internet freedom, for consumers who want to use the Internet on their terms, for innovators who want to reach consumers without the control of gatekeepers.”

Since its implementation, the vote has drawn the ire of internet companies such as AT&T, Comcast, Oracle and Verizon. These industry leaders have cited government overreach, as well as limits to free speech and free market principles. Because net neutrality designates ISPs as “common carriers,” such as telephone companies, they are open to a host of other government regulations.

GOP leadership blasted the FCC ruling on similar grounds after it was approved in 2015.

“Overzealous government bureaucrats should keep their hands off the Internet,” Former House Speaker Rep. John Boehner (Ohio-R) said in a statement after the ruling. “More mandates and regulations on American innovation and entrepreneurship are not the answer, and that’s why Republicans will continue our efforts to stop this misguided scheme.”

Image result for net neutrality

Cable companies spent $44 million in lobbying efforts (including other issues besides net neutrality) during the 2015 showdown. Meanwhile, neutrality proponents like Amazon, Facebook and Alphabet Inc (formerly Google), paid $35 million in lobbying efforts that year.

Following his inauguration in January 2017, Trump enlisted the help of three net neutrality opponents to assist his FCC transition from Democratic to Republican control. On January 23, Trump appointed Ajit V. Pai to Chairman of the FCC. The former attorney for Verizon was one of two Republican votes against the 2015 decisions (Pai and Michael O’Rielly were the lone dissenters in the commission’s ruling).

Shortly after the transition, Congress overturned Obama-era internet privacy protections—a Republican bill removed regulations requiring individual permission before ISP’s could sell users data. Only a few days later, White House Press Secretary Sean Spicer announced the President’s goals for reversing net neutrality during a March 30 press briefing. A month later, Pai unveiled plans to loosen government oversight of the internet during a speech at the Newseum in Washington, D.C.

“Two years ago, I warned that we were making a serious mistake,” said Pai. “It’s basic economics. The more heavily you regulate something, the less of it you’re likely to get.”

On May 18, the FCC voted 2-1 in favor of moving forward with rolling back the Obama administration’s Net Neutrality regulation. “The Restoring Internet Freedom Notice of Proposed Rulemaking” does not include specific details on how the FCC will remove Net Neutrality regulations, however the proposal does allow for a 90-day public comment period. The FCC will stop receiving comments on July 18, but will allow a second 30-day commenting period for replies ending on August 18.

The FCC’s proposal includes three key tenants.

  1. Removes Title II classification from ISP’s
  2. Returns classification of mobile broadband internet carriers to private mobile service
  3. Eliminates “the catch all internet conduct standard created by the Title II order”

Mignon Clyburn, a Democrat who previously voted for net neutrality, remained the lone dissenter during the May 18 vote.

“If you unequivocally trust that your broadband provider will always put the public interest over self-interest or the interest of their stockholders, then the ‘Destroying Internet Freedom’ [proposal] is for you,” she said after the vote.

Since FCC announced its proposal, the President has tapped two more members to serve on the commission. On June 14, Trump nominated Democrat Jessica Rosenworcel, who previously served as commissioner until her term ended in 2016. Two weeks later, Trump nominated Republican Brenda Carr, a former FCC aide to chairman Pai.  Carr’s selection solidifies a 5-person commission. According to the rules, no more than three members of the commission may be of the same political party; if both Carr and Rosenworcel are confirmed, Republicans would have a 3-2 majority.

In conjunction with the commission’s plan, Sen. Mike Lee (Utah-R) introduced S. 993: “the Restoring Internet Freedom Act “in early May. With nine other cosponsors, the proposed legislation would prohibit the FCC from classifying Internet Service Providers as Title II carriers ever again. The bill—Lee introduced an identical version nearly a year ago—would require legislative action to implement net neutrality in the future. The bill has been referred to the committee on Commerce, Science and Transportation.

Lee, along with Senate cosponsors Ted Cruz (Texas-R) and Ron Johnson (Wisc.-R), penned an opinion piece about internet freedom in the Washington Post on May 4.

“We reject the idea that the federal government should control the Internet. That’s why we have introduced the Restoring Internet Freedom Act, which will complement Pai’s efforts to repeal the 2015 Internet takeover by preventing the FCC from issuing any similar regulations in the future.”

Meanwhile, 13 Democratic Senators signed a letter supporting the FCC’s Net Neutrality rules which was published in Tech Crunch on May 17.

“By proposing to take away the existing net neutrality protections, President Trump’s FCC is threatening to take away your ability to have free and open use of the internet. This proposal will have profound impacts on the way all of us watch movies, listen to music, do homework, talk to family, consult with a doctor, pay bills, and conduct business. Taking away these rules benefits no one except cable, telephone, and wireless broadband companies.”

The Internet Association, which represents Facebook, Google, Amazon, Netflix and other internet giants, released a white paper titled “Principles to Preserve and Protect an Open Internet” on June 21.  The paper outlined the “substance of the underlying rules” behind the FCC’s Net Neutrality. The paper contains “six principles and policies for preserving a free and open internet by which all proposals and potential changes to the rules will be judged.”

Principles to Preserve and Protect and Open Internet:

  1. Net neutrality rules preserve the success of the internet in driving economic growth.
  2. The FCC’s 2015 rules are working and the entire broadband internet ecosystem is thriving.
  3. Forecasting rules remain necessary to preserve and protect an open internet.
  4. Specific net neutrality rules are needed to preserve an open internet. These rules include: no blocking, no throttling, no paid prioritization, no unreasonable interference or disadvantaging of content by ISPs, and transparency and disclosure requirements.
  5. Open internet protections should apply to broadband internet access providers on a platform-neutral basis.
  6. Strong and effective enforcement by the FCC of net neutrality rules is critical to ensuring that the benefits of the rules are realized.

The paper also states, “a free and open internet remains vital to preserving and protecting the virtuous circle of broadband innovation that benefits edge-based innovators and entrepreneurs, businesses, ISPs, and, above all, consumers.”

It also said, “undoing the existing light touch rules will create uncertainty among edge providers, innovators, and consumers, and would threaten to unravel the most dynamic segment of our economy. Instead, policymakers should seek to preserve the current rules and ensure that they remain on a firm legal footing.”

In addition to large companies supporting net neutrality, more than 800 startups, innovators, entrepreneurs and investors from all 50 states sent a letter to Pai and the FCC.

“Without net neutrality, the incumbents who provide access to the Internet would be able to pick winners or losers in the market,” the letter reads. “They could impede traffic from our services in order to favor their own services or established competitors. Or they could impose new tolls on us, inhibiting consumer choice…Our companies should be able to compete with incumbents on the quality of our products and services, not our capacity to pay tolls to Internet access providers.”

If net neutrality gets abolished, companies like Verizon, Comcast, Oracle and AT&T have said they can now reinvestment on infrastructure and broadband technology in communities throughout the United States.

“We also support Chairman Pai’s proposal to roll back Title II utility regulation on broadband,” Kathy Grillo, Verizon senior vice president and deputy general counsel, public policy and government affairs, said in a statement released on April 26. “Title II (or public utility regulation) is the wrong way to ensure net neutrality; it undermines investment, reduces jobs and stifles innovative new services. And by locking in current practices and players, it actually discourages the increased competition consumers are demanding.”

AT&T Chairman and CEO Randall Stephenson echoed Grillo’s comments.

“AT&T continues to support the fundamental tenets of net neutrality. And we remain committed to open internet protections that are fair and equal for everyone,” he said. “The bipartisan, light-touch regulatory approach that Congress established at the internet’s inception brought American consumers unparalleled investment in broadband infrastructure, created jobs and fueled economic growth. It was illogical for the FCC in 2015 to abandon that light-touch approach and instead regulate the internet under an 80-year-old law designed to set rates for the rotary-dial-telephone era.”

While many Silicon Valley tech companies have voice opposition to the FCC plan, the multinational computer corporation Oracle has levied support. In a letter sent to the FCC in early May, Oracle said “the stifling open internet regulations and broadband classification that the FCC put in place in 2015 – for just one aspect of the internet ecosystem – threw out both the technological consensus and the certainty needed for jobs and investment.”

Image result for federal communications commission 2017

Whether or not Pai and the FCC cement their proposal, the Net Neutrality rules will remain in effect through 2018.

Members of the public have until July 17 to comment on the FCC’s net neutrality proceeding. Reply comments will then be due on August 16, unless the FCC extends the process. After that, a final FCC decision on the net neutrality rollback could take several more months.

DMGS will continue to monitor this and provide updates as it develops.

Brett Goldman edited this report.

Legislative Insight: Federal and State Gas Taxes

By Danny Restivo (posted 5/24/17)

Shortly after President Donald Trump entered the White House, he pledged a large investment in America’s infrastructure during a nationally televised address to Congress.

“To launch our national rebuilding, I will be asking the Congress to approve legislation that produces a $1 trillion investment in the infrastructure of the United States—financed through both public and private capital—creating millions of new jobs,” the President said during his February speech.

The American Society for Civil Engineers gave American infrastructure a D+ in its 2017 report card.Deteriorating infrastructure is impeding our ability to compete in the thriving global economy, and improvements are necessary to ensure our country is built for the future,” the report said. “While we have made some progress, reversing the trajectory after decades of underinvestment in our infrastructure requires transformative action from Congress, states, infrastructure owners, and the American people.”

The report also said current road conditions cost the country $160 billion in time and money every year, while a report from the Federal Highway Administration says the country’s transit system has a $90 billion backlog on repairs. Democratic lawmakers have long-supported federal dollars to help improve America’s roads, bridges, dams, airports and tunnels. Trump’s plan offers a rare opportunity for bi-partisan support in an increasingly fractured political environment.

While a final proposal has yet to be agreed upon, Trump has called for a public-private partnership, but that seems more viable in urban areas where companies can recoup money by levying tolls. In rural areas, where less people live, projects may not entice enough investment because of revenue concerns.

In early May, President Donald Trump signaled that he’s open to raising the federal gas tax to help subsidize infrastructure improvements.

“It’s something I would certainly consider,” the President said to Bloomberg News in an interview. His statement underscores an issue that’s plagued politicians for years. The last time Congress increased a nationwide gas tax was in 1993, when lawmakers approved a 19.3 cent per gallon tax on gasoline, and a 24.3 cent per gallon tax on diesel fuel. However, that tax has not adjusted for inflation, and the Highway Trust Fund has not kept pace. Since 2008, the federal government has injected $143 billion in the fund, while the tax has generated roughly $34 billion a year. However, the federal government usually spends $50 billion per year on transportation projects, leaving a $16 billion annual shortfall.

The Congressional Budget Office said the fund will become insolvent by 2021 without additional funding. According to the Joint Committee on Taxation, increasing the federal tax to 35 cents per gallon will create an additional $473.6 billion over a period of 10 years.

The Chamber of Commerce, AAA auto club and the American Trucking Association support a new gasoline tax. After the 2014 mid-term elections, the group sent a joint letter to the 114th Congress that lends support for a bill that increases the gas tax. 

“While no one wants to pay more, we urge you to support an increase to the federal fuels user fee, provided the funds are used to ease congestion and improve safety, because it is the most cost efficient and straightforward way to provide a steady revenue stream to the Highway Trust Fund.”

However, critics believe a gas tax will hurt working families by leveling fees on middle class commuters, many of whom supported Trump. Low gas prices may provide cover for a tax increase, but a sharp spike in gas prices could change consumer sentiments. In an interview with CNBC, Chevron CEO John Watson, pushed back against a tax on gas.

“I think a good first step would be to evaluate where existing taxes are going,” he said. “In other words, we have road taxes today. How are they being used? Are they being put to good use in rebuilding our infrastructure?”

In light of the debate, several states have increased their respective gas tax to shore up roads, bridges, tunnels and other state-operated transportation systems.Since 2015, sixteen states and the District of Columbia have enacted legislation to increase taxes on gas that help support infrastructure programs. According to American Road and Transportation Builders Association, voters approved 269 of the 361 transportation funding measures that appeared on township, city, county or state ballots in 2016. Many of these initiatives were approved in Democratic and Republican-dominated regions of the country. Furthermore, Louisiana, Minnesota, Oklahoma and Oregon have transportation funding measures pending in their respective legislatures.

Gas Tax Map

States Enacting Gas Taxes in 2017

California

The State Senate approved a 10 cent per gallon tax hike in April as part transportation bill estimated to raise $5.2 billion a year to repair state roads and highways. The legislation, which was backed by Governor Jerry Brown, increases the per gallon tax rate from 18 cents to 30 cents. The law also mandates $100 annual fee for electric cars, as well as annual fees ranging from $25 for cars valued at or under $5,000, to $175 for a car worth $60,000 or more. About $34 billion of the first $52 billion would go to repairing roads, bridges, highways and culverts, with most of the money split 50-50 between state and local projects.

Michigan

Michigan drivers saw a 7 cent tax increase in fuel prices at the beginning of the year, increasing a 19 cent per gallon tax to 26.3 cents per gallon, while diesel fuel will increase 11.3 cents from 15 to 26.3 cents per gallon as well. Lawmakers also approved a 20 percent increase in vehicle registration fees, while gas-electric hybrid and electric vehicles will experience an added $47 and $135, respectively. The hike is the first gas tax increase in 20 years, and aims to fund crumbling bridges and roads with an additional $2.3 billion over the next four years. The plan allocates 61 percent of the funding to counties, cities and villages, while the rest goes to state projects.

 

 

Indiana

Governor Eric Holcomb signed a $1.2 billion highway improvement plan in April which increases the Hoosier gas tax from 18 cents to 28 cents per gallon in July. Furthermore, registration and licensing fees will increase by $15. There’s also a $50 fee on hybrids and a $150 fee on electric cars. In addition, Holcomb intends to draft a plan that adds tolls for certain interstate projects by the end of 2018.

Montana

The Montana house assembly approved a bill this year that will levy a 6 cent per gallon gas tax increase phased-in over 6 years. More than four percent will take effect on July 1, while the remainder is implemented in 0.5 cent increments between 2019 and 2022. The Montana tax is expected to generate $28 million in 2018, and more in future years to help repair state roads and bridges, as well as the construction of new ones.

South Carolina

On May 10 the South Carolina House and Senate overrode a veto from Governor Henry McMaster to approve an infrastructure bill that increases the state’s gas tax. The legislation will enact a 12 cent per gallon increase phased in over six years, with a two cent increase occurring in July. The tax will eventually reach 28.75 cents per gallon while generating $600 million for infrastructure projects throughout the state.

Tennessee

The House and Senate approved a bill sponsored by Governor Bill Haslam, which would generate $350 million for the state’s highway fund, and boost road revenues for cities and counties. The gas tax will rise by 6 cents per gallon and the diesel tax by 10 cents on July 1. The bill also has several fee increases, including a $5 car registration increase and a $100 fee on electric car users

States Enacting Gas Taxes in 2016

New Jersey

In October 2016, Governor Chris Christie signed a bill that increased the gasoline tax to 23 cents per gallon. The bill marked the first tax hike of Christie’s tenure, and the first tax increase on gas since 1988. The law takes the second lowest gas tax rate from 14.5 cents per gallon, to 37.5 cents, the seventh highest. The law levies diesel users with a 15.9 cent per gallon tax increase, totaling more than 27 cents per gallon.

The bill will generate $1.23 billion annually to help finance an eight year, $16 billion transportation program. The legislation comes after the state’s Transportation Trust Fund, which helps pay for Garden State roads, bridges and railways, had no money to pay for new projects over the summer.

After Christie signed the bill in October, voters approved a November referendum to amend the state’s constitution to allocate the tax revenue to transportation projects. The law prevents lawmakers from reallocating the money to different projects.

States Enacting Gas Taxes in 2015

Georgia

The Georgia Legislature enacted the Transportation Act of 2015, increasing the excise gas tax by 7.5 cents per gallon, along with a four percent state sales tax, to 26 cents per gallon. These rates will then adjust to Consumer Price Index Every year. The money accrued from the tax will allocate to future state transportation projects. Additionally, the state will also collect a $5 per night hotel fee, as well as fees for heavy trucks and a $200 registration fee for electric cars. The law also eliminates a $5,000 tax credit for anyone who purchases an electric car. House Bill 170 also allows counties and municipalities to levy a 1 percent use tax on all motor fuels. The bill aims to collect $900 million a year to help fund transportation projects throughout the Peach State.

Idaho

Idaho’s gas tax increased 7 cents after state lawmakers approved a funding bill in April 2015 to help raise money for road repairs. The house bill increased the gas tax from 25 to 32 cents, to help raise more than $95 million a year. The accrued revenue is then split between local governments and state highway departments (60/40). Idaho also stipulates a $145 registration fee for an electric car, and a $75 fee for hybrid vehicles. However, a house bill introduced in 2017 will eliminate those fees if approved by the Governor.

Iowa

Governor Terry Branstad signed a bill in February 2015, which increased Iowa’s gas tax from 20 cents to 30 cents per gallon. The bipartisan initiative provides $215 million in annual funds for city, county and state roads. The gas tax increase received support from the Iowa Farm Bureau, the Chamber of Commerce, the trucking Industry, the Iowa State Association of Counties and the Iowa County Engineers Association. The gas tax legislation was the first fuel tax increase since 1989.

Kentucky

Kentucky lawmakers approved legislation pegging the gas tax to the average wholesale price of gas over a three-month span. However, a $1.46 drop in gas prices in 2015 created a significant shortfall in the Commonwealth’s transportation budget. As a result, the lower gas taxes helped create a $125 million gap for transportation projects in local municipalities and townships, as well as state highways. To ensure a steady stream of revenue, lawmakers approved a 26-cent minimum for the gas tax rate.

 

 

Nebraska

State legislators overrode a veto from the Governor to increase the state’s gas tax by cents per gallon, creating roughly $75 million a year in additional funding for transportation projects. The law says the gas rate will increase 1.5 cents every year for the next four years, through 2019. The State’s Transportation Innovation Act is estimated to raise $400 million. Nebraska’s gas tax has three components. This legislation will impact the fixed tax, which is set by state law at 12.3 cents per gallon in 2017. Meanwhile, the wholesale tax is pegged at the wholesale price and the variable tax adjusts every six months to meet the funding demands of previously approved state roads projects. The gas tax currently sits at 27.3 cents per gallon.

North Carolina

Governor Pat McCrory signed a bill reducing the fuel tax from 37.5 cents per gallon to 34 cents per gallon by 2016. In January 2017, the gas tax began using a formula that accounts for population, energy prices and the consumer price index to help adjust the rate. The reformed gas tax formula takes population and energy prices into account when calculating future gas tax increases in the years ahead. The first of those increased the rate to 34.3 cents per gallon.

South Dakota

Governor Dennis Daugaard signed legislation that increased the gas tax from 22 cents per gallon to 28 cents. The legislation also increases the excise tax on vehicle registration from three to four percent and increases license plate fees for noncommercial vehicles by 20 percent. The fuel tax hike will generate an estimated $40.5 million annually, while the excise tax increase will produce an additional $27 million to $30 million. Most of the revenue generated is allocated to state roads and local bridges. The new bill allows municipalities to levy their own taxes to repair roads in their jurisdiction.

Utah

State lawmakers approved legislation to increase the state’s gas tax by 5 cents per gallon from 24.5 cents. The legislation levies a 12 percent wholesale tax on fuel and pegs future increases to a formula that considers fuel prices and inflation. In March 2017, the state house voted to pass fuel tax increases of .6 cents per gallon beginning in 2019 and 1.2 cents a gallon in 2020, essentially reworking the formula established two years prior.

Washington

The Governor signed a 16-year transportation revenue package in August 2015, which increases the state’s gas tax to 44.5 cents per gallon. The legislation is part of the state’s $16 billion transportation project aimed at improving highways and roads, as well as non-highway projects like walkways, bike paths and transit systems. The two-part tax hike increased rates by an additional 4.9 cents a gallon, putting the total tax at 49.4 cents.

Technology Briefing: Hacking Vehicles

By Danny Restivo (Posted 5/3/17)

A few months ago, we looked at the legislative developments surrounding driverless vehicles–something that nearly all 50 states are thinking about. As driverless vehicles become reality and states continue to grapple with regulatory challenges, more threats have emerged, including the ability for hackers to take control of someone’s car whether they’re driving it or the car drives itself.

Recent technological developments have allowed drivers greater accessibility and convenience than ever before. Whether it’s a WiFi hotspot, a mobile car starter application, a locator connected to your phone or a computer located under the hood that monitors maintenance, new technology has given consumers and technicians a level of sophistication that was once the work of science fiction.

Unfortunately, a greater degree of convenience means an increased level of vulnerability. In August 2015, two hackers compromised a tech reporters’ vehicle on the highway (The Wired reporter was working on a story about the dangers of car hacking and was aware of their attempts). From a remote location, the two hacked into the reporter’s 2014 Jeep Cherokee and controlled the vehicles steering and brakes from a computer more than 10 miles away. Ultimately, the reporter’s car ended up in a ditch (no one was injured). The story grabbed public attention and Fiat Chrysler recalled more than 1.4 million vehicles, including Ram, Dodge, Jeep and Chrysler vehicles. A similar organized hack occurred in June 2016 when a British security firm purchased a 2017 Mitsubishi Outlander and successfully disabled the vehicles alarm system. Nissan, Tesla and Chevy have all experienced similar breaches in their vehicles computer systems.

The hacks underscore a growing concern among regulators and legislators that automakers haven’t safely created communication systems. In light of these security vulnerabilities, the FBI, The Department of Transportation and the National Highway Traffic Safety Administration issued a public service announcement in March 2016.

“While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle – it is important that consumers take appropriate steps to minimize risk,” the statement said. “Therefore, the FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles.”

They added: “Vulnerabilities stemming from wireless communication, such as a cellular phone or tablet connected to the vehicle via USB, Bluetooth, or Wi-Fi, can put drivers at significant risk,” the statement also included several best practices for minimizing cybersecurity risks:

  • Ensure vehicle software is up to date
  • Be aware of making any modifications to vehicle software
  • Exercise discretion when connecting third party devices to a vehicle
  • Be aware of who has physical access to your vehicle

If you end up a victim of a car hack:

  • Check for outstanding vehicle recalls or vehicle software updates
  • Contact the manufacturer or authorized dealer
  • Contact the National Highway Transportation Safety Administration
  • Contact the FBI

The NHTSA and the FBI also suggested that automakers and auto companies should consider the full life cycle of their vehicles, while creating a rapid response and recovery system to help stem cybersecurity incidents. With the introduction of autonomous driving technology by companies like Tesla Motors, Uber, and others, yet another layer of vulnerability has complicated the issue. In September 2016, the NHTSA issued a framework for states to regulate self-driving cars, but critics fault it for its lack of focus on car hacking. A 2016 report from the Government Accountability Office, an independent watchdog organization, said the Department of Transportation had not taken enough steps to help prevent car hacking.

“Until [DOT] develops such a plan … the agency’s response efforts could be slowed as agency staff may not be able to quickly identify the appropriate actions to take,” the report stated.

Shortly after hackers showcased their ability on a 2014 Jeep Cherokee, Senators Ed Markey (D-Mass) and Richard Blumenthal (D-Conn) introduced the SPY Act of 2015 (Security and Privacy in Your Car).  The proposed legislation would have created a uniform regulatory standard for vehicle communication, while protecting a driver’s privacy data. The bill would also have created a “cyber dashboard” to inform the public of how well the vehicle protects drivers’ security and privacy.  While Markey and Blumenthal’s legislation did not make it out of committee during the 114th Congress, they recently reintroduced the SPY Act legislation in March as S. 680, along with a reintroduction of the Cybersecurity Standards for Aircraft to Improve Resilience (Cyber Air) Act (as S. 679 in the 115th Congress).

“This critical legislation will help protect the public against cybercriminals who exploit advances in technology like wireless-connected aircraft and self-driving cars,” said Blumenthal in a release following the reintroduction. “As technology rapidly advances, we must ensure that auto and airline industries protect their systems from cybersecurity attacks. Security and safety cannot be sacrificed as we achieve convenience and promise of wireless progress.”

Markey and Blumenthal cited a need to reintroduce the legislation because of an increased vulnerability in our transportation systems. After Uber unveiled plans to use driverless cars in Pittsburgh in September, the National Highway Transportation Safety Administration unveiled a federal framework for the technology to prosper, giving states a significant degree of sovereignty. However, some believe the NHTSA’s mandate didn’t go far enough in solving technological vulnerabilities in vehicles. Conversely, tech researchers and developers fear any federal regulatory framework will not ensure safety because cyber technology often outpaces the law, making hacks more accessible.

In a bipartisan effort, the House introduced a new piece of legislation to help safeguard drivers. Representatives Ted Lieu (D-CA) and Joe Wilson (R-SC) have cosponsored the Security and Privacy in Your Car Study Act of 2017. Compared to the senate bill, the House bill would only perform a study of best practices.

While federal lawmakers debate the best path forward, some states have taken their own steps to improve cybersecurity in vehicles. In Michigan, home of the American auto industry, state lawmakers have decided to use deterrence as a weapon against car hacking. In August, the state senate unanimously passed a law that would increase the penalty to life in prison if the interference of a vehicle’s computer system resulted in death. According to state law, there’s a 10-year sentence and $50,000 fine for anyone who tampers with the computer system of a driverless vehicle that results in injury.

Virginia Governor Terry McAuliffe announced a public-private commission in May 2015 to help protect state troopers against cyberattacks. Just prior to the announcement, The Old Dominion became the first state to create its own information and analysis sharing organization to help prevent against cyber-attacks. As part of its public safety initiative, researchers hacked into two Virginia State Trooper vehicles; a 2012 Chevrolet Impala and a 2013 Ford Taurus. Researchers from the University of Virginia and a few private tech companies, hacked into the vehicles control system before meddling with the gear shift, instrument panel, car locks, trunk and accessing the vehicles Bluetooth and key fob. While the organized hack was an attempt to raise awareness about the seriousness of car hacking, Governor McAuliffe continued a call for voluntary partnership between private and public entities in an effort to prevent car hacks.

While Michigan and Virginia pursue preventative action against car hacking, many state legislative bodies have tabled the issue. Every state has some sort of law on computer hacking, but none (besides Michigan) have laws that specifically deal with hacking vehicles. Meanwhile, New York University, University of Nevada, North Dakota State University, and others, have taken steps in research and development to create cybersecurity systems for self-driving cars. Furthermore, The Oak Ridge National Laboratory in Tennessee has begun experimenting with electronic control systems to help protect the federal government’s automotive fleet.

“Car hacking remains a significant issue for automakers and regulators, but it hasn’t spurned the federal government into action, just yet” says Brett Goldman, DMGS Manager of Special Projects. He adds that “it’s safe to say that at some point in the future, car hacking will receive greater public scrutiny, but whether that comes as an issue of legislative and regulatory foresight or as a reactionary measure to the unthinkable remains to be seen.”

 

Industry Overview: Stem Cell Research

By Danny Restivo (3/17/17)

In 2016, Cell Stem Cell, a leading medical journal for regenerative medicine, released a study showing 570 stem cell treatment facilities in the United States. In their advertisements, many of these clinics lauded an ability to treat degenerative diseases with stem cells. Research suggests that stem cells might be useful in the treatment of certain diseases like Parkinson’s, ALS, or arthritis, among others. However, many scientists question the legitimacy of these claims, citing a need for more research and definitive trials. While the Food and Drug Administration allows clinics to inject patients with their own stem cells, they prohibit “manipulation” of these cells.

Stem cells became the center of controversy in 2001 after President George W. Bush banned federal funds from stem cell research using human embryos. In recent years, scientists have circumvented this ethical dilemma by culturing and rejuvenating stem cells from healthy adults.  Doctors can now take cells, such as a skin cell, and repurpose it back its early “pluripotent” stage where it can then turn into any cell, such as one that serves heart tissue. Whether these cells prove effective in treating degenerative conditions remains in question, but it hasn’t stymied enthusiasm from patients seeking treatment for chronic ailments.

The FDA allows clinics to inject patients with stem cells under certain criteria. However,many of these clinics flout 2000px-stem_cell_treatments-svgFDA regulations, including a stipulation on “minimal manipulation,” and a mandate that stem cells must come from a patient’s body. These clinics also sidestep guidelines by framing their work as experimental and research-driven. Furthermore, a recent study revealed many unregulated clinics use cells extracted from fat tissue, but the FDA says there’s no evidence they work. For example, some clinics advertise using cells from fat to help treat neurological disorders like Parkinson’s or Multiple Sclerosis. Unfortunately, fat cells do not normally control neurological movement. However, these clinics point to a number of personal stories that ultimately endorse stem cell treatment, including high profile athletes.

After experiencing a ligament tear in his elbow that ended his 2016 season, Los Angeles Angels pitcher Garret Richards opted to receive stem cell treatment instead of the invasive Tommy John surgery. In the case of Richards, doctors extracted bone marrow from his pelvis before injecting the plasma into his injured elbow. In February, Richards was at spring training throwing a fastball at 98 mph. New York Mets Pitcher Bartolo Colon received similar treatment in 2011 to help repair his shoulder, and continues to pitch at 43-years-old. While he’s never publicly admitted it, reports have surfaced that quarterback Peyton Manning sought stem cell treatment in Europe after suffering a neck injury with the Indianapolis Colts in 2011.

While some believe stem cells have rejuvenated athletic careers, others point to regenerative medicine’s lifesaving potential. Sarah Hughes, a 25-year-old from Texas, was born with a rare form of juvenile arthritis. Because of immense pain, she was hospitalized for a significant portion of her youth, weighing only 83 pounds at one point. In 2014, she began seeking stem cell treatment. She had her own stem cells cultured in a Houston lab before traveling to Mexico to undergo treatment. FDA law does not allow a clinic to inject her with manipulated stem cells in the United States. A healthy Hughes attended President Donald Trump’s recent address to Congress as the guest of Rep. Pete Olson (R-TX). Trump referenced the plight of Hughes and Megan Crowley, a 20-year-old Notre Dame Sophomore, during his speech. Like Hughes, Crowley was born with a rare disease and did not expect to live past a few years, but sought regenerative treatment.

In his speech, Trump referenced a need to cut federal regulations on companies seeking to innovate new treatment methods.

“..our slow and burdensome approval process at the Food and Drug Administration keeps too many advances, like the one that saved Megan’s life, from reaching those in need. If we slash the restraints, not just at the FDA but across our Government, then we will be blessed with far more miracles like Megan.”

In September, Hughes spoke in Maryland during an FDA-hosted public hearing on potential stem cell regulations. While certain speakers urged for looser stem cell regulations, others suggested caution and cracking down on those flouting the law. The FDA’s rules are pending, but the agency has only cleared one stem cell therapy product, Hemacord, which helps to restore low blood counts with patients having certain blood disorders. Conversely, the FDA officials have only sent one warning letter to a stem cell clinic in California.

Although progress looms, troubling stories regarding unregulated stem cell clinics have surfaced. In some cases, patients seeking alternative treatment have traveled to Russia, 13982409504_61de86a0ec_bMexico or Europe only to return home and to have their conditions worsened with malignant tumors. Doctors and researchers say stem cells can divide rapidly, creating tumors and other mutations. While most of these cases have occurred overseas, doctors and researchers see it as cautionary tale for a treatment that needs further research and oversight.

In August, the National Institute of Health announced it would lift its ban on funding research that uses human stem cells and animal embryos. The ban’s removal comes after research offered potential for growing human tissue and organs in animals. In one case, a team of researchers found that putting rat stem cells into the embryo of a mouse ultimately lead to a rat pancreas in the mouse. The NIH is now interested in injecting human stem cells into pig embryos in an effort to create human kidneys or livers. However, the NIH would continue a ban on funding any research that mixes animal embryos with human egg or sperm. Many people have questioned the ethics surrounding the injection of human stem cells into animal embryos, but the research could prove invaluable for people in need of a life saving organ transplant.

In light of these research developments, analysts believe the stem cell market will significantly increase in the next five years. Predictions vary, but a March report from a French-based research firm says the stem cell therapy market will grow by 11 percent from 2016 to 2021, totaling $145.8 million. Another marketing research firm predicted the entire global stem cell market hitting $297 billion by 2022. Both reports cited an increase in private and public partnerships, the evolution of stem cell therapies and a belief that looser regulations in the United States will help accelerate the market.

While President Trump has not made definitive public statements on embryonic stem cell research, his Secretary of Health and Human Services, Tom Price, has long opposed federal funding from embryonic stem cell research. A view echoed by Vice President Mike Pence. Now that embryonic stem cell research has taken a back seat to pluripotent stem cell research, it’s unclear what the administration’s stance is on regenerative medicine.

Looking Ahead: The Intersection Between Cyber Security Regulation and the Financial Sector

By Danny Restivo

On September 13, The New York State Department of Financial Services (NYDFS) proposed a law calling for all regulated financial institutions in the Empire State to enact a list of cybersecurity measures.[1] The proposal requires banking, insurance, and financial services companies under the jurisdiction of the NYDFS to adopt and maintain a strong cybersecurity program.

Among the guidelines, the proposed regulation requires organizations (termed as “covered entities”) to designate a Chief Information Security Officer (CISO) to oversee cyber security programs and procedures. The mandates also include oversight measures for information shared by or with third parties, including law firms, accounting services, and marketing groups.[2]

“New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises,” said Governor Andrew M. Cuomo in a statement from the New York State Department of Financial Services. “This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.”[3]

Currently, the proposed regulation is open to a 45-day public commenting period after it was published on September 28 in the New York State Register. If the proposal is adopted, covered entities will have 180 days from January 1, 2017 to comply with its requirements.
The proposal aims to protect consumers, as well as financial institutions from an increase in cyber-attacks. In 2015, large banks in the Philippines, Vietnam, Bangladesh and Ecuador experienced major hacks that netted millions for cybercriminals.[4]  In light of these high-profile incidents, a number of large financial institutions have invested in secure digital infrastructures. As a result, many organizations already fall in-line with New York’s proposal. However, many smaller covered entities have not made the same investments, and if the law is approved, they will be forced to make costly upgrades.[5]
Critics opposed to the regulation say the new guidelines overlap with mandates set forth by the Federal Financial Institutions Examination Council (FFIEC), an interagency that includes the Federal Deposit Insurance Corporation, the Federal Reserve Board of Governors and the Consumer Financial Protection Bureau.[6] Although the FFIEC proposal has many of the same requirements, the NYDFS goes further in calling for cyber security assessments, notification of authorities within 72 hours of a breach and the appointment of a CISO.

While Cuomo dubbed the legislation a “first-in-the-nation,” other states have enacted similar regulation and guidance regarding cybersecurity. The Massachusetts’ Standards for the Protection of Personal Information of Residents of the Commonwealth requires every business holding personal information on residents to comply with certain security safeguards.[7] Moreover, state authorities around the country have provided organizations with similar instructions for the adoption of cybersecurity standards. In California, the Attorney General’s office publishes an annual report that includes specific practices for “reasonable security measures” that align with the states information security statutes. These recommendations are not requirements, allowing organizations the flexibility to craft a cybersecurity program that best responds to their industry-specific vulnerabilities.[8]

Eric Martins and Brett Goldman of DMGS agree: “Ultimately, the NYDFS is far more prescriptive than any current state-authored regulation,”  said Martins. While organizations outside the Empire State may want to ignore the NYDFS proposal, other governmental agencies have recognized the need to establish “minimum standards” for the protection of consumer-sensitive information.[9] If approved, New York’s cyber security regulation will be the first and it will serve as an important model for other the efforts of other states’ that pursue comparable legislation. “I think the bigger question here” adds Goldman, “is how quickly other states will take notice and make sure that their financial institutions and other businesses are proactive in protecting themselves from Cyber vulnerabilities”

[1] “Governor Cuomo Announces Proposal of First-In-the-Nation Cybersecurity Regulation to Protect Consumers and Financial Institutions.” New York Department of Financial Services, Sept 13, 2016. https://www.governor.ny.gov/news/governor-cuomo-announces-proposal-first-nation-cybersecurity-regulation-protect-consumers-and

[2] Bucsescu, Marle and Waxman, Matthew. “NY State Cyber Regulations for Banks.” Lawfareblog.com, Sept. 19, 2016. https://www.lawfareblog.com/ny-state-cyber-regulation-banks-model.

[3]Cuomo

[4] Pagliery, Jose. “Global Banking System: What you need to Know” CNN Money. May 28, 2016. http://money.cnn.com/2016/05/27/technology/swift-bank-hack/

[5] Taylor, Harriet. “Critics are Skeptical of New York’s Proposed Financial Security Laws.” CNBC. September 26, 2016. http://www.cnbc.com/2016/09/26/critics-are-skeptical-of-new-yorks-proposed-financial-cybersecurity-rules.html

[6] Jacob, C. Reade; Mao, Mark C.; Raether, I. Ronald Jr., and Taylor, Ashley L. “NY Proposes Regulations Requiring Financial Services Companies to Implement Cyber Security Measures.” Consumer Financial Services Law Monitor. September 26, 2016. http://www.consumerfinancialserviceslawmonitor.com/2016/09/ny-proposes-regulations-requiring-financial-services-companies-to-implement-cyber-security-measures/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original

[7] Jacob, C. Reade; Mao, Mark C.; Raether, I. Ronald Jr., and Taylor, Ashley L

[8] Harris, Kamala.  “California Data Breach Report: February 2016.” California Department of Justice.
https://oag.ca.gov/breachreport2016

[9] Roberts, Jeff John. “Look Out Companies, Here Comes the Cyber Regulations.” Fortune, September 25, 2016.
http://fortune.com/2016/09/25/cyber-regulations/

Brett Goldman edited this report