Information about this member is not available yet.
Except where otherwise noted, all postings by Bruce Levinson on CircleID are licensed under a Creative Commons License.
Quantum computers are coming, and the American Bar Association's SciTech section is beginning to consider the legal implications. This raises the question, will the legal profession be able to adopt emerging quantum technologies on a tech-business as a usual basis? Or will the developments flowing from quantum mechanical theory present a categorical challenge to the legal-industrial complex? more
The promises of quantum computing, artificial intelligence, and other advancing technologies sound like magic. However, even magic is subject to the laws of economics. And even quantum computers are “legal things…technological tools that are bound to affect our lives in a tangible manner,” as Valentin Jeutner explains in The Quantum Imperative: Addressing the Legal Dimension of Quantum Computers. Analogous to Asimov’s Three Laws of Robotics, Professor Jeutner proposes a three-part “quantum imperative,” which “provides that regulators and developers must ensure that the development of quantum computers. more
The internet is under all kinds of attacks from all kinds of people for all kinds of reasons. It’s not just the internet’s infrastructure that is under attack, so too is the very concept of the internet as an open communications platform serving the commonweal. Constructing effective technical defenses of the internet will require that America’s students learn and develop the quantitative disciplines known as STEM; Science, Technology, Engineering, and Mathematics. Constructing effective, ethical defenses of the internet will require that students study art and philosophy. The two educational paths are symbiotic... more
The EB-5 Investor Visa Program was created by Congress in 1990 to "stimulate the U.S. economy through job creation and capital investment by foreign investors." The program, administered by the Department of Homeland Security's U.S. Citizenship and Immigration Services (USCIS), provides that entrepreneurs (and their spouses and unmarried children under 21) are eligible to apply for a green card (permanent residence) if they make the necessary investment in a commercial enterprise in the United States; and plan to create or preserve 10 permanent full-time jobs. more
Audacity by federal policy makers can be admirable, at least in some cases, but it can a bit more problematic in others. A case in point is the Food and Drug Administration's "deeming" of the internet to be a tobacco product. The FDA explained that it was exercising its authority under the Family Smoking Prevention and Tobacco Control Act which gave the agency an extensive set of duties, responsibilities and authorities over "tobacco products." more
In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more
Databases are the infrastructure of the modern administrative state and data is its lifeblood. When the data is contaminated with errors, federal agencies have difficulty performing even the most basic administrative functions such as managing its inventory of office space and protecting the personally identifiable information (PII) of social security number holders. The federal dissemination of unreliable data doesn't just waste money; it undermines public trust in government and leaves it unmanageable. more
Federal databases, such as those being compiled by the Consumer Financial Protection Bureau and the Federal Trade Commission, contain data about many people and businesses. Although some of this data may be protected personal information (PPI), there is also extensive information in federal databases that is publicly disseminated via the internet. If the information is wrong, it has the potential to be a vector of tortious mischief. more
Arthur C. Clarke said any sufficiently advanced technology is indistinguishable from magic. Milton Friedman said there's no such thing as a free lunch. The validity of the former statement does not invalidate the later. From this we can see that even magic has a price. Hence, its application is subject to cost-benefit analysis. There are many developing technologies that may eventually qualify as magic. more
Two quick facts about American industry's resilience against cyber-attack, (1) our critical infrastructure is inadequately protected and (2) federal regulation will be required to fix the problem, reliance on market forces alone will not be sufficient irrespective of whether or not Sony Pictures survives. Although regulation is needed, it needs to be coordinated and, above all, cost-effective. Which agency is charge of regulating cybersecurity? Right now, it's a free for all with agencies staking out turf and claims of authority. more
You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. more
The possibility of unauthorized access to EPA information raises an array of concerns since EPA-held data includes various types of Confidential Business Information, scientific research data, environmental databases, agency plans for responding to "incidents of national significance" and other security-related matters, and environmental monitoring data used in regulatory enforcement actions. more
Cybersecurity regulation is coming. Whether regulations intended to enhance critical infrastructure protection will be based on existing statutory authority, new legislation, an Executive Order or a combination of legal authorities, however, is still unknown. Other aspects of the coming federal oversight of critical infrastructure cybersecurity that remain undetermined include the extent to which governance system will include voluntary characteristics and the time frame for initiation of new cybersecurity regulation. more
The President and Congress are deliberating how best to ensure appropriate cybersecurity protection for private sector critical infrastructure. Legislative action and Executive Order are both under consideration. It is possible, however, that the White House Office of Management and Budget (OMB) already has sufficient statutory authority to enact new cybersecurity regulations through the normal notice-and-comment rulemaking process. more
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more
Don't worry about the bad guys turning out the lights. Worry about everything they're stealing while the lights are still on. The theft of intellectual property ranging from Hollywood films to defense secrets is underway by cyber-criminals of various stripes. Maintaining control over intellectual property may be the single most important challenge to American economic security. Implementing a cyber-reliant infrastructure is a national challenge which crosses the traditional boundaries between economic sectors and between public and private domains. more
Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. What is not yet clear is what form the regulations will take. FISMA controls, performance standards, consensus standards and industry-specific consortia standards are all possible regulatory approaches. What is not likely is an extended continuation of the current situation in which federal authorities have only limited, informal oversight of private sector cyberdefenses (or lack thereof). more
Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm." more
In September 2009, the Obama Administration announced the Federal Cloud Computing Initiative. As the government's CIO explained, cloud computing "has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs." The Federal Risk and Authorization Management Program (FedRAMP) addresses the key elements of a cloud computing framework for federal agencies. more
NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011. more
The public is taking an increasing interest in ensuring that IT assets of federal agencies are protected from cybersecurity attacks. FISMA is addressing this concern, in part, by initiating a standard setting process for continuous monitoring. The actions taken by NIST for the federal sector could have a very significant impact on the private sector because pending legislation would provide the federal government with the authority to mandate cybesecurity measures on the private sector. more
NIST's release of their initial public draft of SP 800-137, Guide for Continuous Monitoring of Information Systems and Organizations will create a set of challenges for the federal cybersecurity community. Agencies and contractors will need to shape the document through the multi-stage revision process while continuing to implement their own continuous monitoring measures. more
It didn't take long for criticism of the Verizon/Google net neutrality proposal to start pouring in. "nterest groups, bloggers, and even Google fanboys [have started] discrediting the plan" according to one trade publication. Although most of the commentary simply echoes various groups' long-held positions, the Electronic Frontier Foundation, the nation's foremost cyber-rights watchdog, provided a crucial insight about the plan that goes to the core of the net neutrality issue. more
Should Google's provision of information services be regulated? Yes, if the decision is based on Google's own standards for determining whether to regulate tele-information companies. In recent comments to the FCC, Google described "broadband openness" rules, aka net neutrality, as a "fundamental necessity." Without such rules, the search engine giant, aka Big Search, fears that broadband providers would "promote only their own pecuniary interests over the far broader interests of Internet users..." As the Wall Street Journal noted last year, however, Google engages in the same type of discriminatory service practices they want the federal government to prohibit... more
United Nations Secretary General Kofi Annan, writing in The Washington Post, declared that it is a "mistaken notion" that the U.N. "wants to 'take over,' police or otherwise control the Internet." Unfortunately, neither the World Summit on the Information Society (WSIS), the WSIS' Working Group on Internet Governance (WGIG) or the Secretary General's column give comfort to those committed to cyber-freedom. more
The House Committee on Science recently held a hearing to "examine the extent of U.S. vulnerability to cyber attacks on critical infrastructure such as utility systems, and what the federal government and private sector are doing, and should be doing, to prevent and prepare for such attacks." Specific issues addressed at the hearing included whether: 1) the U.S. is able to detect, respond to, and recover from cyber-attacks on critical infrastructure; and 2) is there a clear line of responsibility within the federal government to deal with cybersecurity... more
Hurricane Katrina will lead the endless finger pointing about what should have been done to strengthen the levees before the storm. However, as a former senior FEMA official under the Clinton Administration explained, "There's only two kinds of levees. Ones that have failed and those that will fail." The same is true for cyber-levees. more
The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more
The Congressional Research Service (CRS) recently released a major new study examining cybersecurity. The report, "Creating a National Framework for Cybersecurity: An Analysis of Issues and Options" discusses a variety of significant public and private cybersecurity concerns. The CRS analysis lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards and certification to promulgating best practices and guidelines and use of audits among other measures. more
Blogging is not only a well-established element of pop culture, it has become a tremendously influential communications mechanism. As early as March 2002, an article in Wired discussed the blogging "revolution" and declared that blogging "could be to words what Napster was to music - except this time, it'll really work." more
If anyone needs another reason why the UN should not be in charge of the internet, they need look no further than the upcoming UNESCO conference on "Freedom of Expression in Cyberspace." The United Nations Education Scientific and Cultural Organization conference will discuss "whether universal free expression standards should be applied to the Internet and how free expression can be protected while respecting individual privacy, national laws and cultural differences." The conference is being held in preparation for the second phase of the UN's World Summit on the Information Society (WSIS)." more
Ensuring federal cybersecurity is essential to protecting national security. According to some media reports, recommendations have been made to the Bush Administration to "create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry." However, before new bureaucracy is created, it is important to recognize the practical cybersecurity policies and projects that are already being undertaken by the Administration. more
Former CIA Director George Tenet recently gave a speech highlighting the need for federal action on internet management in order to protect national security. As reported by the online edition of Government Executive, Mr. Tenet explained that, "greater government regulation of the Internet and telecommunications networks is needed in order to guard against terrorist attacks." more
The MOU between the Department of Commerce and ICANN includes a series of specific milestones that the corporation is required to accomplish by certain specified dates. One of the specific requirements placed on ICANN by the agency is to define "a predictable strategy for selecting new TLDs using straightforward, transparent, and objective procedures that preserve the stability of the Internet...." The MOU goes on to state that "(strategy development to be completed by September 30, 2004 and implementation to commence by December 31, 2004)." more
A coalition of over 50 domain Registrars from around the world have recommended an alternative to ICANN's proposed 2004-2005 budget. The alternative proposal from the ICANNBudget.org Registrars would cap Registrar contributions at $11 million per year for the next three years. Although this proposal represents a significant expansion beyond ICANN's 2003-2004 budget of $8.6 million budget, it is still slim compared with ICANN's own $15.8 million budget proposal. Of potentially greater importance, the alternative budget differs significantly from ICANN's proposal in the structure of the Registrar fees. more
Is the internet on the verge of a meltdown? A non-profit organization, People For Internet Responsibility (PFIR), is concerned that there is the risk of "imminent disruption, degradation, unfair manipulation, and other negative impacts on critical Internet services..." PFIR believes that the "red flag" warning signs of a potential meltdown include "attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues... ever-increasing spam, virus, and related problems..." more
Despite the stated commitment to meeting their obligations to the government, ICANN's proposed budget may potentially breach the MoU. Specifically, the MoU commits ICANN to "perform as an organization founded on the principles of competition..." However, an alliance of at least 50 Registrars claims that the new Registrar fee structure contained in the proposed budget would significantly harm competition. more
A recent ICANNfocus article discussed the magnitude of ICANN's legal fees. Specifically, ICANNfocus questioned whether the extent of ICANN's legal fees, about 20% of their total revenues, was related to the organization functioning as a regulator instead of simply as a technical manager of the internet. more
Unlike ICANN, the National Telecommunications and Information Administration (NTIA) responded graciously, promptly and substantively to inquiries from the Center for Regulatory Effectiveness (CRE) regarding governance of the internet. CRE sent a letter to NTIA in mid-March asking about public access to documents prepared by ICANN under Memorandum of Understanding (MOU) with NTIA. NTIA provided a quick and clear response to CRE's questions. NTIA also reiterated its commitment to achieving transparency and accountability in ICANN's processes. NTIA's response to CRE, although clear and comprehensive, raised a number of important questions about ICANN and their governance of the internet. more
ICANN has made great strides in implementing steps to improve the organization's transparency, accountability, openness - according to their most recent Status Report [PDF]. The report describes the requirements of their MOU with the Department of Commerce and what the organization has done to toward achieving these goals. However, even though the Report makes it sound as if ICANN is on the right track, some troubling issues lay underneath the surface of the Report. more
National Telecommunications and Information Administration (NTIA) has made a long term commitment to taking the actions necessary to reform ICANN. Specifically, the Department of Commerce's Strategic Plan for FY 2004-2009 discusses the need for NTIA to take action to reform ICANN. The Strategic Plan details three Strategic Goals for the Department to achieve over the next five years. The second goal is to "Foster science and technological leadership by protecting intellectual property, enhancing technical standards, and advancing measurement science." more
This is the sixth part of a multi-part series reported by ICANNfocus. This part focuses on ICANN's Strategic Plan. Read previous parts: Part I, Part II, Part III, Part IV, Part V. "The requirement that ICANN develop a Strategic Plan offers an important opportunity for achieving meaningful reform of the organization. The Strategic Plan is one of the key new ICANN duties contained in the most recent amendment to their Memorandum of Understanding (MOU) with the Department of Commerce. The MOU specifies in considerable detail the elements that ICANN is to include in the Plan including issues ranging from executive compensation to mechanisms for ICANN accountability..." more
This is the fifth part of a multi-part series reported by ICANNfocus. This part focuses on Securing the Quality of WHOIS Data. "Information for which ICANN has responsibility includes the WHOIS databases. ICANN has been given specific responsibilities for these databases under: 1) their contract with the U.S. government's Department of Commerce to perform the technical management of the Internet; and 2) their Memorandum of Understanding with the Department of Commerce." more
This is the fourth part of a multi-part series reported by ICANNfocus. This part focuses on the Information Correction Process. "The Data Quality Act provides affected persons the right "to seek and obtain correction of information maintained and disseminated by the agency that does not comply" with the Data Quality Act and implementing guidelines. ...The Department of Commerce's National Telecommunications and Information Administration (NTIA) provides detailed instructions on how to request correction of information not meeting their Data Quality guidelines. NTIA is the operating unit of the Department of Commerce that is responsible for ICANN." more
This is the third part of a multi-part series reported by ICANNfocus. In this part, the focus is on how ICANN implementation of the Data Quality Act would address congressional concerns. "Congress is deeply concerned by ICANN's management and is demanding meaningful change in how the organization governs the internet. Congressional concerns regarding ICANN and Congressional oversight activities were detailed in Part II of this series." more
This is the second part of a multi-part series reported by ICANNfocus. This part discusses the congressional concerns regarding ICANN's governance of the Internet. "Since 1999 Congress has repeatedly expressed serious concerns regarding ICANN's governance of the internet. Congress has substantial responsibility for overseeing the key aspects of internet governance. Among its specific responsibilities, Congress has the duty to oversee implementation of the Department of Commerce's Memorandum of Understanding (MOU) and contract with ICANN." more
The first part of a multi-part series report by ICANNfocus. This part discusses the history of the data quality act. "The Center for Regulatory Effectiveness (CRE) has determined that ICANN is subject to the Data Quality Act. Specifically, because ICANN carries out the technical management of the internet, including the IANA function and the implementation of new top level domains, under agreement with the U.S. Department of Commerce, ICANN's information disseminations are "sponsored" by the Department and thus subject to the Act." more
CRE notified Dr. Twomey, President and Chief Executive Officer of ICANN, of the applicability of the Data Quality Act to ICANN in a detailed letter of October 29th. CRE asked ICANN for a meeting to discuss the issue of the applicability of the Data Quality Act to ICANN since CRE received no communication in response to the letter. In mid-December ICANN agreed to a January 23rd meeting with CRE. Notwithstanding CRE's trip to ICANN's headquarters in California for the scheduled meeting, the organization refused at the last moment to meet with CRE. CRE now knows how Dr. Twomey felt when he was expelled from an ICANN-related planning meeting in Geneva. more
The National Academy of Sciences (NAS) has been studying the issue of Internet navigation and the DNS. The study was undertaken at the request of Congress to "provide analysis and advice for consideration by agencies of the U.S. Government, interested international institutions, and other stakeholders." In addition to examining technological issues, the study is also considering "relevant legal, economic, political, and social issues...because technologies related to the DNS and Internet navigation do not operate in isolation, but must be deployed within a complex and challenging national and international context." more
Harvard Law School's distinguished Berkman Center for Internet & Society has published a preliminary study, "Public Participation In ICANN." ...The problem with the preliminary study is that it fundamentally misunderstands the role of ICANN in Internet governance. Specifically, ICANN's duty is not and should not be to simply carry out the will of the "Internet user community." Instead, ICANN's duty is to carry out the responsibilities the organization agreed to in its Memorandum of Understanding (MOU) and contract with the Department of Commerce. This does not mean that ICANN should exclude stakeholder views. more
An organization which purports to be "the voice of world business" is proposing a de facto U.N. takeover of ICANN. The proposal by a senior official of the International Chamber of Commerce (ICC) would place ICANN under the U.N. umbrella and give a strong role to U.N. agencies and to various national governments, including those that suppress free speech and free enterprise. In a move of breathtaking arrogance, the ICC refused to even invite ICANN or U.S. government representatives to the meeting at which they are presenting their proposal. more