Karl Herchenroeder

The Senate plans to vote Tuesday on final passage of the Endless Frontier Act (see 2105270082) and several potential amendments, an aide for Senate Majority Leader Chuck Schumer, D-N.Y., told us Friday. The Senate could consider a manager’s amendment, which might open the door to a host of additional provisions, per an aide for co-sponsor Sen. Todd Young, R-Ind. Some 30 senators are attempting to attach provisions to the manager’s package, lobbyists said.

An EU-U.S. trade and technology council could help Europeans learn from the U.S. about issues like 5G network deployment, said Thibaut Kleiner, European Commission policy strategy and international affairs director. EU Competition Commissioner Margrethe Vestager said Wednesday she hopes to announce such a council in mid-June, when President Joe Biden visits Brussels. The council could be a “good tool for delivery,” not just be a “talk shop,” Kleiner said during a German Marshall Fund livestream Thursday. The two sides will likely prioritize existential issues like climate change over marketplace issues, said ex-FCC Chairman Tom Wheeler, now a Brookings Institution visiting fellow.

The Supreme Court narrowed the scope of what's a computer crime under the Computer Fraud and Abuse Act, in Van Buren v. U.S., (see 2011300067). By 6-3 Thursday, the court overturned a 2017 conviction against former Georgia police officer Nathan Van Buren. He used his police computer to access a law enforcement database to obtain data about a license plate number owned by a potential undercover officer, in exchange for thousands of dollars. In an opinion delivered by Justice Amy Coney Barrett, the majority ruled Van Buren didn’t violate CFAA: “This provision covers those who obtain information from particular areas in the computer -- such as files, folders, or databases -- to which their computer access does not extend. It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.” Chief Justice John Roberts and Justices Clarence Thomas and Samuel Alito dissented. Van Buren “had permission to retrieve license-plate information from a government database, but only for law enforcement purposes,” Thomas wrote. Van Buren exceeded “authorized access” in violation of the statute, Thomas added. Van Buren’s attorney Jeffrey Fisher emailed: “We’re very pleased with the Court’s opinion and are happy that the CFAA is now restricted to its proper reach.” DOJ didn't comment. SCOTUS recognized "the terribly written CFAA crossed the line by criminalizing everyday activities like using your work computer to read the news or send personal emails,” said Sen. Ron Wyden, D-Ore., in a statement. “Today's ruling helps rectify the damage caused by that reactionary law.” The American Civil Liberties Union also backed the majority opinion.

The National Institute of Standards and Technology should tread lightly defining “critical software” and avoid disincentivizing innovation, officials from Microsoft, Linux, BSA|The Software Alliance and cloud providers told NIST Wednesday. President Joe Biden’s cybersecurity executive order directs NIST to publish a definition by June 26 (see 2105240072).

Congress should enact federal privacy legislation that would give internet users the right to access and delete personal information, FTC acting Chairwoman Rebecca Kelly Slaughter wrote in a recent letter to Sen. Amy Klobuchar, D-Minn. An aide for Klobuchar, who supports access and deletion rights, said Tuesday the Senate Antitrust Subcommittee chair will continue pushing for such legislation.

The Senate voted 68-30 Thursday to end debate on a substitute amendment for the Endless Frontier Act (S.1260) (see 2105130069), moving one step closer to final passage. Senators agreed to a defense spending amendment and appeared to be nearing agreement on a trade policy provision in a package that could far exceed the original $100 billion.

The House Consumer Protection Subcommittee passed by voice vote Thursday legislation to restore FTC Section 13(b) authority (see 2104280028), despite Republican opposition. The Consumer Protection and Relief Act (HR-2668), from Rep. Tony Cardenas, D-Calif., advanced to the full committee. House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., and subcommittee ranking member Gus Bilirakis, R-Fla., criticized a “rushed” legislative process. They cited lack of commissioner input at the bill’s legislative hearing and partial responses from DOJ (see 2105170040). Commerce Chairman Frank Pallone, D-N.J., claimed Republicans didn’t offer any potential changes until Thursday morning. Republicans’ core concern is the potential for lack of due process and proper analysis, said Rodgers. Republicans offered amendments that were ultimately withdrawn. Subcommittee Chair Jan Schakowsky, D-Ill., committed to working with Republicans on provisions including an amendment from Bilirakis that would alter the statute of limitations. Rushing the bill to committee reflects a “broken process,” McMorris Rodgers said. The legislation is “urgently needed,” said Schakowsky: Nothing in the FTC Act can replace authorities gutted by the Supreme Court. Bilirakis “sincerely” appreciates introduction of the bill because it attempts to address a gap in consumer protection, but he accused the majority of wanting to ram this through without bipartisan input. Congress needs to restore FTC authority, said Cardenas.

President Joe Biden’s cybersecurity executive order is a welcome step in improving federal cybersecurity (see 2105240072), and GAO’s December supply chain report shows agencies aren’t prepared, House Science Committee members said during a joint hearing Tuesday. The supply chain risk management audit is “truly alarming,” said Investigations Subcommittee ranking member Jay Obernolte, R-Calif. More than half the 23 agencies analyzed didn’t implement basic best practices, he noted, saying this points to a failure of governance. Subcommittee Chairman Bill Foster, D-Ill., questioned whether agencies are doing enough to enforce best practices. The EO calls for bold action, he said. It's a “sea change” in how the federal government approaches cybersecurity, said Research and Technology Subcommittee Chairwoman Haley Stevens, D-Mich. She highlighted the National Institute of Standards and Technology’s role. Research and Technology Subcommittee ranking member Michael Waltz, R-Fla., called the EO a good starting point, saying there’s much work ahead. The auditor report really is “alarming” and shows foundational practices and guidance aren’t being followed, he said. NIST is committed to develop standards, best practices and key guidance for securing critical software, said Information Technology Laboratory Computer Security Division Chief Matthew Scholl. GAO is examining unknowns about the SolarWinds cyberattack, which had unprecedented sophistication, said GAO Information Technology and Cybersecurity Director Vijay D’Souza: The attack wasn’t surprising given findings in December's study.

Regulators should immediately break up Facebook and act against its entities, protesters said outside the company’s lobbying headquarters in Washington on Tuesday. Participants told us the company hasn’t been responsive to specific demands, is incapable of self-correcting and has built a large U.S. corporate lobbying operation.

President Joe Biden’s cybersecurity executive order (see 2105130065) will boost the federal government’s reliance on cloud services and information sharing, experts told us. The EO directs federal civilian agencies to “accelerate movement to secure cloud services,” including software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS). Within 90 days, the OMB director will develop a federal cloud-security strategy with guidance to agencies, in consultation with the Cybersecurity and Infrastructure Security Agency and the General Services administrator through the Federal Risk and Authorization Management Program (FedRamp).