The Cybersecurity and Infrastructure Security Agency lacks funding for incident response and engagement with the critical infrastructure community, despite its $2 billion budget, the agency's former Director Chris Krebs told the House Homeland Security Committee Wednesday. “My biggest regret was that we were not able to plow additional resources into the ability to get out there into the field and engage critical infrastructure and engage state and local actors,” he said during a hearing on the SolarWinds attack (see 2102090076). Chairman Bennie Thompson, D-Miss., said the attack is “dominating the cyber conversation.” CISA is part of the Department of Homeland Security.
Karl Herchenroeder
Karl Herchenroeder, Associate Editor, is a technology policy journalist for publications including Communications Daily. Born in Rockville, Maryland, he joined the Warren Communications News staff in 2018. He began his journalism career in 2012 at the Aspen Times in Aspen, Colorado, where he covered city government. After that, he covered the nuclear industry for ExchangeMonitor in Washington. You can follow Herchenroeder on Twitter: @karlherk
The FTC’s indefinite suspension of granting early termination (ET) will “have a real-world impact,” and the policy justification isn’t sufficient, Commissioner Noah Phillips told us Monday. An aide for Commissioner Christine Wilson also criticized the suspension Monday. Acting Chair Rebecca Kelly Slaughter announced last week that the FTC and DOJ would temporarily suspend ETs for Hart-Scott-Rodino (HSR) merger and acquisition reviews (see 2102040025).
Three Senate Democrats introduced expected legislation Friday (see 2102030060) to weaken Communications Decency Act Section 230 immunity, so victims of discrimination, harassment, cyber-stalking and other behavior could sue online platforms. Introduced by Mark Warner, Va.; Mazie Hirono, Hawaii; and Amy Klobuchar, Minn.; the Safeguarding Against Fraud, Exploitation, Threats, Extremism and Consumer Harms (Safe Tech) Act would let consumers seek court orders “where misuse of a provider’s services is likely to cause irreparable harm” and hold platforms “accountable when they directly enable harmful activity.” Users could sue platforms when they directly contribute to loss of life. “Section 230 has provided a ‘Get Out of Jail Free’ card to the largest platform companies even as their sites are used by scam artists, harassers and violent extremists,” said Warner. The bill will hold platforms “accountable for harmful, often criminal behavior enabled by their platforms to which they have turned a blind eye for too long.” Sen. Ron Wyden, D-Ore., opposed the bill, saying it would effectively repeal the law he co-authored: “Creating liability for all commercial relationships would cause web hosts, cloud storage providers and even paid email services to purge their networks of any controversial speech.” The U.S. Chamber of Commerce urged Congress to be “mindful of the impact of changes in our antitrust laws and to focus on ensuring federal antitrust agencies have the resources to do their job consistent with the law.” Changing merger review legal standards, relying on fines over remedies and expanding private litigation “will not make America’s economy more vibrant and will have far-reaching implications impacting virtually every sector of our economy,” said Executive Vice President Neil Bradley.
Rep. Tony Cardenas, D-Calif., said Thursday he plans to introduce legislation to protect FTC Section 13(b) authority, which experts say the Supreme Court is threatening to weaken. It's the only provision that lets the agency seek an injunction against FTC Act violations and restitution for consumers simultaneously, ex-FTC Consumer Protection Bureau Director Jessica Rich, now at Georgetown Law Center, told a House Consumer Protection Subcommittee hearing Thursday.
Sens. Mark Warner, D-Va., and Mazie Hirono, D-Hawaii, plan to introduce legislation targeting Section 230 immunity, online housing discrimination and civil rights, they told us Tuesday (see 2101260066). “There are certain provisions, certain areas that we think that [online platforms] should not have immunity,” Hirono said, citing housing discrimination and civil rights. “This particular iteration has the support of a lot of groups because there’s concern, of course, on both sides, left and right.” There’s “a lot of interest” in making changes to Section 230 immunity, she added.
Amazon will pay about $62 million to settle allegations that it deceived Amazon Flex drivers about promised tips 2016-19, the FTC announced with a 4-0 vote Tuesday. The company allegedly withheld about $62 million from drivers and started delivering all promised tips only when it learned of an agency investigation in 2019. Amazon stopped paying drivers the “promised rate of $18-25 per hour plus the full amount of customer tips" and started giving them "a lower hourly rate,” the agency alleged. The platform didn’t tell drivers about the change, despite promises they would earn 100% of tips, the agency said: “Amazon used the customer tips to make up the difference between the new lower hourly rate and the promised rate.” Acting Chair Rebecca Kelly Slaughter and Commissioner Noah Phillips were pleased that drivers will get “every dollar” back, saying agency authority can be improved: “Congress can give us direct penalty authority to deter deception aimed at workers in the internet-enabled gig economy and rulemaking authority under the Administrative Procedure Act to address systemic and unfair practices that harm those workers.” The threat of civil penalties will deter wrongdoing, they said. Commissioner Rohit Chopra said he agrees with them that “preying on workers justifies punitive measures far beyond the restitution provided here, and I believe the FTC should act now to deploy dormant authorities to trigger civil penalties and other relief in cases like this one.” Amazon fielded hundreds of complaints after the change “as drivers became suspicious when their overall earnings decreased,” the FTC said. Complainants received Amazon responses falsely claiming they were still making 100% of tips, the agency said. Amazon returned to paying drivers the full amount in August 2019, the agency said. The company is barred from making such changes again without receiving the driver’s informed consent. "While we disagree that the historical way we reported pay to drivers was unclear, we added additional clarity in 2019 and are pleased to put this matter behind us," a company spokesperson said. "Amazon Flex delivery partners play an important role in serving customers every day, which is why they earn among the best in the industry at over $25 per hour on average.”
The Senate Homeland Security Committee is investigating the SolarWinds cyberattack and exploring a potential hearing, Chairman Gary Peters, D-Mich., told us: “We’re going to do an investigation, look into that and look at a potential hearing.” Microsoft, Google, FireEye and several federal agencies were potentially exposed in the Russia-linked attack (see 2101190067).
Zoom must implement a “comprehensive security program” and adhere to biennial independent third-party privacy assessments, the FTC announced Monday in a finalized deal (see 2011100024). The company must “review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features,” the agency said. Commissioners voted 3-2, with the two Democrats dissenting, as they did in the initial vote. Acting Chair Rebecca Kelly Slaughter noted “widespread opposition” comments. The decision is “particularly troubling in light of" DOJ recently charging a “Zoom employee with allegedly participating in a scheme to surveil, disclose, and censor political and religious speech of individuals” worldwide at the direction of Chinese leadership, she said. The agency “must think beyond its status quo approach of simply requiring more paperwork, rather than real accountability relying on a thorough investigation,” said Commissioner Rohit Chopra. Commissioner Christine Wilson noted the inclusion of “targeted fencing in relief that provides privacy protections to consumers.” Provisions address the type of conduct seen with the DOJ charges, she said. “Advancements we have made to our platform are well-documented, and we are continuously improving our privacy and security programs,” a company spokesperson emailed. “We remain committed to fulfilling the expectations of the millions of people who trust and rely on our platform.”
John Kennedy, R-La., plans legislation that could require social media users use legal identities, he told us Thursday. He and several other senators offered differing reactions about Facebook’s oversight board, which released its first content moderation decisions Thursday, overturning four of five Facebook post removals.
Expect increased agency oversight and a concerted effort to update antitrust laws in 2021, said Senate Antitrust Subcommittee Chair Amy Klobuchar, D-Minn., Wednesday at a Public Knowledge virtual event. Facebook Oversight Board Member Jamal Greene said to expect the board’s first content moderation decisions “within days,” on a panel at the State of the Net (SoTN) virtual conference.