Cybersecurity is a jobs issue and thus deserves congressional attention, the House Republican Cybersecurity Task Force said in recommendations released Wednesday. “It is not just national security information that is being stolen from databases in the U.S.,” but intellectual property of all kinds, the report said: “Information stolen from U.S. databases equals jobs stolen from the U.S. economy,” including small businesses that are hacked and then find copies of their new products “flooding the market at cutrate prices from China within a few months.” That echoes accusations of Chinese hacking made at a House Intelligence Committee hearing Tuesday (WID Oct 5 p1). The task force, composed of members of nine House committees and led by House Intelligence member Rep. Mac Thornberry, R-Texas, recommended Congress provide “voluntary incentives” for companies to improve cybersecurity, such as rewards for participating in cybersecurity standards development. Rewards could include “varying degrees of liability protections afforded to companies that voluntarily implement the enhanced security practices.” Congress and the White House should give companies subject to information-security regulations in multiple sectors, such as financial services and healthcare, one standard to meet that covers them all. Congress should consider extending tax credits to cyber investments, require minimum cybersecurity protection for federal grant eligibility, and evaluate the cybersecurity insurance market. The government should work with each sector to identify the truly “critical functions or facilities” and not impose regulation on “entire organizations,” and grant liability protection when computers of companies that follow standards are breached, the report said. The Department of Homeland Security should work with other regulators to coordinate standards across and within sectors subject to multiple regulators. The report recommends that Congress “facilitate” an external organization to “act as a clearing house of information and intelligence sharing” between government and critical infrastructure, so as to “detect and mitigate cyber attacks in real time before they reach their target.” The organization would take the government’s knowledge of “classified threat signatures” and combine it with threats known to businesses, so ISPs and other networks could block attacks, and information would be scrubbed of individuals’ “sensitive personally identifiable information” before the government gets it back. Congress would have to change some laws, give “narrowly targeted exceptions” and add lawsuit-liability protection, and possibly give an antitrust exemption, to let carriers share and act on cyber information, the report said. The task force recommended several actions on existing laws: (1) The Federal Information Security Management Act (FISMA) should focus on “secure, continuous, automated monitoring of IT systems rather than the current checklist exercise.” (2) Extend the definition of “protected computers” in the Computer Fraud and Abuse Act to critical infrastructures, “with attached criminal penalties.” (3) Various electronic communications laws need exemptions for sharing cybersecurity information, as well as “some sort of anonymous reporting mechanism” for companies to use so a cyber insurance market can function. (4) Computer fraud should be added to the definition of racketeering in federal law, and criminal penalties instituted for “intentional failures” to provide breach notification for sensitive personally identifiable information. The government needs to answer “difficult questions,” such as its responsibility or authority to defend a private business from cyberattack, how to deter “bad actors” online, the parameters for using intelligence-community information, and the military’s role. The task force raised several other issues that don’t fit neatly into its mandate, including encouraging U.S. ISPs to create a voluntary code of conduct as ISPs in Australia have done with its national “icode.” The report drew applause from USTelecom, CTIA, the Software and Information Industry Association, Information Technology Industry Council and others. Larry Clinton, president of the Internet Security Alliance, called the report “the most detailed and pragmatic public policy blueprint on cybersecurity any government entity has produced,” and largely consistent with the White House’s own cyber proposal. House Republican proposals on data breach notification, FISMA reform, liability protection and information sharing “provide momentum for much-needed legislation that should happen this year,” said Liesyl Franz, TechAmerica vice president of cybersecurity and global public policy.

Supreme Court justices seemed reluctant during oral argument Wednesday in Golan v. Holder to let international copyright treaties trump the copyright clause of the U.S. Constitution. The case examines Section 514 of the Uruguay Round Agreement Act (URAA) of 1994, which restored copyright protection to foreign works that had been a part of the public domain for decades. At stake is the ability for people and companies like Google to make public domain works widely available over the Internet if Congress can retroactively extend exclusive rights to those materials.

The FTC’s proposed changes to Children’s Online Privacy Protection Act regulations got support from some legislators and witnesses Wednesday at a hearing before the House Commerce Manufacturing Subcommittee, but some expressed concerns about its exclusion of children 13 and older and the absence of a provision tailored specifically for children’s geolocation information. The FTC hit the sweet spot with its proposals, said Chairman Mary Bono Mack, R-Calif. She commended the commission’s proposal to revise the definition of personally identifiable information and to annually audit the information practices of companies. “While some privacy advocates would like to raise the COPPA age threshold because of an increase in use of social networking sites by teenagers,” the FTC should take a “go-slow” approach, she said.

All VoIP calls look and feel like traditional phone calls and as a result, the FCC needs to protect the public by imposing 911 location-accuracy requirements on outgoing only VoIP calls, the Association for Public-Safety Communications Officials told the agency in comments on a July further notice of proposed rulemaking. But the VON Coalition said imposing the mandate on outgoing only services is a step too far. The Alliance for Telecommunications Industry Solutions said requirements should be based on the way a device is physically attached to the access network, not on the nature of the voice technology. ATIS said industry will need some time to develop technology needed for any mandate.

The Labor Department's Bureau of International Labor Affairs announced the publication of an updated list of goods, along with countries of origin, that it has reason to believe are produced by child labor or forced labor in violation of international standards. Changes include adding incense (agarbatti¹) from India, the country of Mauritania, and listing cotton for Mali.

If small-time musicians and even major labels can’t properly identify their compositions and recordings, efforts to create a global music database or series of interoperable databases to improve digital licensing will continue to flop, music and tech executives told the Future of Music Coalition summit in Washington Tuesday. Performing rights organizations (PRO) have been working for nearly two decades on data exchange standards, said CEO Eric Baptiste of the Society of Composers, Authors and Music Publishers of Canada (SOCAN). But OneHouse Managing Director Jim Griffin, who is leading the World Intellectual Property Organization’s effort to create an “international music registry” or IMR (WID June 29 p1), said the elephant in the room remains the Berne Convention’s allowance for copyright protection without mandatory registration.

The FCC might not adopt any existing plan to revamp the Universal Service Fund in its entirety, state officials said at a webinar by the National Regulatory Research Institute Monday. Even if the commission is to adopt an order for the Oct. 27 meeting, it might not be a final order, said James Cawley, chair of the state member of the Federal/State USF Joint Board.

An FTC official and a former Myspace officer will testify at the House Commerce Manufacturing Subcommittee hearing Wednesday at 9 a.m. in Room 2123 of the Rayburn House Office Building, reviewing the Children’s Online Privacy Protection Act, the subcommittee said Monday. The witness list includes Mary Koelbel Engle, associate director of the FTC Division of Advertising Practices; Hemanshu Nigam, CEO of SSP Blue and former chief security officer for News Corp. and Myspace; Morgan Reed, executive director of the Association for Competitive Technology; Stephen Balkam, CEO of the Family Online Safety Institute; Kathryn Montgomery, director of the Ph.D. program at American University’s School of Communications, who helped draft COPPA; and Amy Guggenheim Shenkan, president of Common Sense Media. The subcommittee memo said “issues for discussion” would include what tools are available for parents to protect their children’s privacy online; whether Congress needs to revisit the 13-year-old law in light of “technological advances”; whether the under-13 threshold is still “appropriate” and the “constitutional and technological implications” of raising the age threshold; “to what extent” are the privacy protections appropriate for all ages; whether the proposed expansion of factors that determine if a website is “targeted” at COPPA-applicable users would constitute a “de facto increase” in the age threshold; whether the COPPA safe harbor regime is effective and could it be used in other privacy contexts; and could the expanded definition of “personal information” in the FTC’s COPPA rule become a “precedent in the broader online privacy context."

State regulators are taking their case against preemption in intercarrier compensation regime reform to the Hill, telecom lobbyists and a NARUC official told us Monday. The FCC is weighing reform proposals from incumbents that would preempt state rates and lower them to $0.0007 per minute -- the so-called “triple-zero” option -- within five years for price cap companies and eight years for rate-of-return companies. State officials, having endorsed the FCC’s reform process, are now meeting with legislators, hoping to stall preemption, said telecom lobbyists and NARUC Legislative Director Brian O'Hara.

The FCC is looking at changing some broadcast regulations, leading to less oversight of how noncommercial stations raise money and possible rules for all types of stations to make disclosures online, not just on paper. Chairman Julius Genachowski has asked the Media Bureau to work on those areas, he told an FCC hearing in Phoenix about a June report by commission staffer Steve Waldman on the future of the new and old media industry. Those were the two concrete steps the commission said it’s taking to deliver on the recommendations of the report (CD Oct 3 p6).