Cybersecurity & Tech
What company? Microsoft
Which law? California’s Consumer Privacy Act
What is Microsoft saying in support?
Microsoft | Microsoft will honor California’s new privacy rights throughout the United States
WHO: Brennan Center for Justice
WHAT: A Framework for Election Vendor Oversight
WHY:
RECOMMENDATIONS:
Where do I see the proposal: Federal Register Request for Public Comments on a DRAFT NIH Policy for Data Management and Sharing and Supplemental DRAFT Guidance
The goals: improve the current data management and sharing policy for NIH funded or conducted research (Bonjour, to all your medical research and pharmaceutical research clients)
What best practices does NIH want to establish?
Comment deadline: January 10, 2020.
Health IT Security | NIH Seeks Input on Data Sharing Plan, Including Privacy, Security
WHO: The Chertoff Group + Dragos
WHAT: A policy intelligence & communication shop + a industrial control system shop
WHY: High Tech infrastructure is a data security target
WHAT ARE INFRASTRUCTURE OPERATORS SAYING?
$1.6 million cost of federal fine to the state health agency
6,617 people had their personal health information accessible
How did the data breach occur?
The state agency: Texas Department of Aging and Disability Services
Government Technology | Data Breach Costs Texas Health Agency $1.6 Million
Who is calling for standard reporting? Harvard Business Review
Why? The nature of attacks are borderless, fast moving and difficult to predict or manage
What reasons support standard cyberattack reporting?
Harvard Business Review | We Need a Global Standard for Reporting Cyber Attacks
Which regulatory agency is considering this? United States’ Department of Health and Human Services
What type of donations would be permitted? non-monetary exception to the regulatory Anti-Kickback Statute
What do the rules look like? DHHS proposed cybersecurity donation rules
Why is this critical? Interoperability and data sharing in healthcare makes an entire health care system vulnerable to one office with a cybersecurity weakness
InfoSecurity | US Proposes Legalizing Cybersecurity Tech Donations to Doctors
Where: Congress
What is the legislation: Klobuchar, Peters, Johnson, Lankford Introduce Bipartisan Bill to Strengthen Cybersecurity for Local Governments
What will it do?
The Hill | Senators introduce bill to strengthen cybersecurity of local governments
Where: Massachusetts
How much cybersecurity funding will Massachusetts offer schools? $250,000 to 94 municipalities and public school districts
What will the grants fund? training 42,000 employees
How does the funding flow? From the Governor’s Office, Executive Office of Technology Services and Security.
Center for Digital Education | Massachusetts Announces School Grants for Cyber Training
States Considering bills like the California Consumer Privacy Act legislation:
States where legislation fell apart because of stakeholder disagreements in 2019:
States where privacy legislation failed:
States studying how to proceed:
What private business entities are concerned by facial recognition regulation?
Why are these business interests concerned about facial recognition tech regulation?
US Chamber of Commerce | Coalition Letter on Facial Recognition Technology
Wall Street Journal | Business Groups Push Back Against Proposed Facial-Recognition Bans
Who is raising these points about biometric data? Silicon Valley Congressman Khanna
What should Government be asking about the collection of biometric data?
NextGov | Silicon Valley Rep Calls For Task Force, Legislation on Government Use of Biometrics
What is a Cyber Reserve? A special unit in the national guard but for cyber events
Where: Ohio
The legislation: SB 52 (2019 | OH)
The state funding to support the special unit: FY1 $100,000 & FY2 $550,000
Sandusky Register | DeWine signs cyber reserve law
Cincinnati Public Radio | DeWine Signs Bill Creating Ohio Cyber Reserve
What does zero data mean? Isn’t everything data and data is king, queen & court jester? companies that don’t store their own data
Where is the data being stored? 3rd party companies store the data for use by the company that originated the data
What’s the benefit to companies? The liability for the data goes to the 3rd party
Tech Crunch | Very Good Security raises $35M in Series B in ‘zero data’ push
Who is calling for a national cryptocurrency? Congressmen French Hill & Bill Foster
Who are the Congressmen asking to authorize a national cryptocurrency? Chairman of the Federal Reserve System
Why a national crypto currency?
Cryptocurrency Post | US Congress calls on Fed to consider creating “national digital currency”
Where: Congress
What: Senator Wyden’s Mind Your Own Business Act
How would the criminal penalties attach?
Is this about a specific tech company? “Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences,” the senator said this week. “A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government.”
NextGov | Privacy Bill Could Put Dishonest Tech Execs Behind Bars
Who said this? Apple CEO Tim Cook
Who did he say it to? Les Echos newspaper
What did he say?
Cryptocurrency News | Tim Cook Talks Cryptocurrencies: It’s a No for Tech Behemoth
What value is attributed to medical data? 50 times more valuable than a credit card number
Who is offering that valuation? ClearDATA Chief Privacy and Security Officer and Founder
Why is medical data valuable?
Healthcare Dallas CEO | Why Medical Data is 50 Times More Valuable Than a Credit Card
Where: Maryland
How did we get action from the Maryland’s Privacy Council?
Who serves on the privacy council?
EdScoop | Maryland privacy council tackles substandard student data protections
Who: Amazon
Where: Seattle
What does their local political contribution plan look like?
Seattle Times via Governing | Amazon Buys in Heavily to Seattle Council Races
Where: Baltimore
What happened to spark the $20M cyber insurance policy? The city experienced a ransomeware attack that cost the city $18M
How did the bidding process work?
Governing | Baltimore Authorizes Purchase of $20M Cyberinsurance Policy
Who is calling for international rules for cryptocurrency?
deputy governor of the Banque De France, the central bank of France
Where were the remarks made?
Forum of Monetary and Financial Institutions
Why now? Cryptocurrency isn’t that new? Facebook. Its proposed cryptocurrency “could become a threat to international stability due to its huge user base.”
IHODL | Deputy Governor of Bank of France: We Must Develop Standard Crypto Regulation
Where: California
What: AB 1130 (2019 | CA)
Which new pieces of data are protected and trigger breach notifications?
Bloomberg Law | California Extends Data Breach Law to Passports, Biometric Data
What are the benefits of facial recognition software in schools?
What are the harms of facial recognition software?
What schools are in the spotlight for using facial recognition software? Texas City High School, Putnam City Schools in Oklahoma, West Platte, Missouri, Spring Hill Independent School District in East Texas
Are there schools prohibited from using facial recognition software? Yes, San Francisco, Oakland
Wired | The Delicate Ethics of Using Facial Recognition in Schools
Who explained the situation? Texas CIO Todd Kimbriel
To whom was the situation explained? National Association of State Chief Information Officers annual conference in Nashville, Tennessee
How did the disaster plan work?
What agencies coordinated efforts?
What facilitated this coordination? 2017 legislation that expanded the Governor’s emergency declaration powers to cover cyber events
State Scoop | How Texas used its disaster playbook after a huge ransomware attack
Where: Michigan
What’s RFRA? Religious Freedom Restoration Act
Why are new state bills being filed? To keep tech companies like Google and Facebook content neutral
What’s the actual issue? Whether tech companies should monitor fake news and hate speech
What’s the legislation in Michigan? HB 4801 (2019 | MI)
Governing | Michigan Bill Aims to Stop Facebook, Google From Blocking Speech
Where: New York
The legislation: S4119 (2019 | NY) signed by Governor
Who can first responders sell patient information to under this bill?
Who cannot buy 1st responder patient data under this bill?
Health IT Security | New York Law Bans First Responders from Selling Patient Data
What are 4 ways public education can use blockchain technology?
How do you make companies report breaches?
How to do you make companies comply with reporting deadlines?
How do you make companies comply with data security assessment requirements?
How do you get companies to conduct privacy impact assessments to understand cyber vulnerabilities?
How do governments manage fine penalty revenue?
What is the unintended consequence? Public comments submitted by political operatives without permission or comments from a dead person
How many fake public comments are we talking about? The NY Attorney General estimates 9.6 million stolen identities submitted comments
Where is the image problem? The stolen identities have allegedly been traced to a political organization backed by the largest telecommunications companies
Who gathered the data? American Medical Association, IBM, Ponemon Assoc., American Dental Assoc.
What does the data say?
Reasons healthcare data is sought by hackers?
Wall Street Journal | Smaller Medical Providers Get Burned by Ransomware
Where: Ohio
What: Ohio created a system to permit taxes to be paid by cryptocurrency
When did they suspend the bitcoin payments? less than a year after it was created
What entity suspended the system? A vote by a state panel that oversees the state’s banking and financial methods
What are the next steps? The State Attorney General will investigate if the bitcoin tax payment system was legally created
Are there non-cryptocurrency reasons behind this? Yes, a change in State Treasurer, the office that created the bitcoin payment system + a non-competitively bid contract to operate the bitcoin tax payment portal
Cleveland.com | Ohio suspends bitcoin tax-payment program. And it’s not clear if it’s coming back.
Which Governor said funding cyber security concerns supported line item vetos? Michigan’s Governor
What items were vetoed to protect the state’s cybersecurity?
Detroit News | Gov cuts GOP pet projects in bid to restart budget, road aid talks
Who authored the ransomware study? The security firm Emsisoft
What time period does the data cover? January 2019-September 2019
What is the impact of ransomware attacks?
Security Week | Ransomware Hits Hundreds of US Schools, Local Governments: Study
Where: Sephora stores in France
What protocols will be used to accept bitcoin/cryptocurrency? Global POS’ Easy2Play payment platform and EasyWallet app
Global Cosmetic News | SEPHORA TO ACCEPT CRYPTO CURRENCY IN STORE
Where is there pending legislation for cybersecurity of autonomous vehicles (AVs)? Congress
What is the legislation? S.1885 – AV START Act (115th Congress)
What are the policy issues for AVs?
Who are stakeholders in the legislation?
The Hill | Cyber rules for self-driving cars stall in Congress
Who is calling for Human Trafficking legislation to include a cryptocurrency angle? former director of the Office of Illicit Finance at the U.S. Department of Treasury
What is the link between human trafficking and cryptocurrency? human traffickers use anonymous, decentralized financial systems (bitcoin etc…) to shield payments of unlawful activities from police and regulators
How can this be regulated?
National Law Review | Former Director of Office of Illicit Finance Calls on U.S. Congress to Regulate Crypto Miners in Effort to Combat Human Trafficking
What are 3 ways Nebraska reduced spending by consolidating data centers?
How long did the process take? 18 months to consolidate 22 state agencies
State Tech | States Find Security and Savings in Private Clouds
Who led the switch to private data cloud in Ohio? Ohio Office of Information Technology
How did the process start? legislation? No, it was by Executive Order.
How much will Ohio save?
State Tech | States Find Security and Savings in Private Clouds
Where: Colorado
What are examples of state programs that lend themselves to blockchain?
How has Colorado adapted to state use of blockchain/distributed ledger technology?
State Tech | Data Security Emerges as Top Government Application for Blockchain
Where: Arizona
What is the funding request for the Arizona State Cyber Risk Fund? $22.5 Million
What would it fund? statewide insurance & response for data breaches to state agencies
AZ Mirror | Arizona agency wants $22 million for ‘cyber risk fund’
Who is recommending incentives for cyber insurance? Foundation for Defense of Democracies
Where did the Foundation for Defense of Democracies make this recommendation? In its report The Role of Cyber Insurance in Securing the Private Sector
What types of government incentives were recommended?
Why are government incentives necessary? Industry has failed to incentivize action
What commonalities do schools & libraries share that draws hackers to them?
2 most common hacks before ransomeware:
Where: Los Angeles
What is this non-profit public private partnership that L.A. created? LA Cyber Lab
Who is involved in LA CyberLab?
What are the goal os the LA Cyber Lab?
Where: Colorado
What: Colorado is the 1st state to ban bar codes (QR Codes) from paper ballots
How are QR Codes/bar Codes used on paper ballots? The bar codes/QR codes are a means to count paper ballots
What did the Colorado Secretary of State say? Voters had no way to verify the bar code or QR code and as such the codes did nothing to secure elections or instill voter confidence
Fox 31 | Colorado becomes first state to ban barcodes for counting votes over security concerns
What ticketing entity is tracking its ticket holders? University Alabama at football games
Why are student location tracked when they attend football games? Incentives are given to students who stay through the 4th quarter
Where: California
What: AB 1215 (2019 | CA)
How did the Legislature split the difference to approve cameras and disapprove facial recognition?
What arguments support prohibiting facial recognition?
Other states did the same? Yes, Oregon
CNBC | California legislature bars facial recognition for police body cameras
Where can I find the list of 51 tech companies:
Their September 10, 2019 letter is here.
Did the tech companies work with a business group?
Yes, Business Roundtable
What are the top 3 arguments the 51 tech CEOS make:
What else do I need to think about? When Major US Auto Manufacturers asked for action on emissions and the federal government did not act, the major auto dealers negotiated a deal with California.
What states could the tech companies go to to negotiate a deal? States most active in data privacy: California, Washington State, New York
ZD NEt | 51 tech CEOs send open letter to Congress asking for a federal data privacy law
Who was hacked?
A law enforcement pension in Oklahoma
How much was stolen?
$4.2 Million
What happened?
What regulatory/legislative reaction is forthcoming?
Other pensions hacked:
InfoSecurity | Hackers Steal $4.2m from State Troopers’ Pension Fund
Where:
Illinois
What bill did the Illinois Governor sign?
Public Act 101-0514, also known as the Blockchain Technology Act
How does the bill embrace blockchain technology?
WHO called for the study on consumer expectations and data breaches?
Experian
WHAT did consumers say?
WHERE is blockchain voting happening?
HOW did Utah County test blockchain voting?
On military ballots
WHAT are 4 benefits of blockchain technology for elections?
Governing | Utah County Puts Blockchain Voting to Test in Live Audit
Hackermoon | Utah Becomes The Third U.S. Jurisdiction To Offer Blockchain-Based Mobile Voting
What triggered this new enterprise? enforcement of short term rental legislation
Where is their business? Local government contracts
Where: Massachusetts
What 3 Calls for Transparency:
Health IT Security | Healthcare Most Impacted by Data Breaches, Insiders Root Cause
Health IT | In light of MGH healthcare data breach, experts call for transparency
Where: E.U.
How are facial recognition software the GDPR interacting?
What is the policy stance of the EU’s incoming President? “a co-ordinated European approach on the human and ethical implications of artificial intelligence,”
Engadget | The EU may give citizens more control of their facial recognition data
Where: Georgia Supreme Court
What is the issue? Is actual financial harm required before a person can sue over a data breach?
Is this issue limited to Georgia? No
Decipher | GEORGIA SUPREME COURT CONSIDERS WHEN DATA BREACH VICTIMS CAN SUE
Where: Delaware
What legislation? HB 174 (2019 | DE)
What does HB 174 do?
Delaware Business Now | Insurance Data Security Act signed into law after wave of data breaches
Which state is the latest member of the Electronic Registration Information Center? Florida
What does the Electronic Registration Information Center provide states?
Government Technology | Florida Joins Electronic Registration Information Center
Who announced the Confidential Computing Consortium? Linux Foundation
What other tech companies are involved?
The goals of the consortium:
Where is a school district engaging in a partnership on cyberbullying? Harlingen CISD
Who is Harlingen CISD partnering with on cyberbullying? Department of Homeland Security
What are the goals of the partnership?
4Valley Central | Cyber bullying on the rise, local school partners with Homeland Security
Where: Georgia
What action did the Georgia Governor take by Executive Order?
Georgia Governor Executive Order 08.13.19.01
Where: North Carolina
How is North Carolina proposing to allocate cybersecurity training funds?
What is the higher education cybersecurity landscape in North Carolina?
Carolina Public Press | NC cybersecurity funds could bypass state schools, go to small college
How many states considered legislation? 24
How many states enacted legislation? 3: Nevada, Illinois, and Maine
How many states created a task force instead? 5: Texas, Hawaii, Louisiana, North Dakota and Connecticut
How many states enacted legislation in 2018? 1: california
How many states pushed cybersecurity legislation to 2020? 7: Massachusetts, Minnesota, New Hampshire, New Jersey, New York, Pennsylvania, and Washington
How many states saw cybersecurity legislation fail? 7: Arizona, Florida, Kentucky, Maryland, Mississippi, Montana, and New Mexico
Who is touting liability protection as integral to cybersecurity legislation? National Security Institute at George Mason Univeristy Antonin Scalia School of Law
Why is liability protection crucial?
Who is making the argument about HIPPA needing to adjust to modern data? Apixio Chief Technology Officer
What 3 reasons were given as HIPPA inability to meet modern data?
Health IT Security | Healthcare Needs More than HIPAA, Legislation to Improve Security
Where: Congress
What bill will require data broker registration? S2342 (116th Congress)
Which agency will oversee the registration? the FTC
How many requirements did the FTC want to place on data brokers? 3
Are states requiring registration of data brokers? Yes, Vermont already has
National Law Review | Bill Introduced to Require Data Brokers to Register With FTC
Where: Arizona
What legislation: HB 2418 (2019 | AZ) a bill about data security and motor vehicles
What arguments are tech companies making in opposition?
The policy tech companies do not like: Allowing 3rd parties to have access to private consumer information in the supply dealer management
Legal Newsline | Tech companies challenge Arizona’s new cybersecurity law
Want to track election data on paper ballots and new machinery? Look no further than here from Politico
69 of 254 Texas counties will remain paperless for the 2020 election
The U.S. Senate does.
The Senate Cybersecurity Caucus this week learned:
Mayor Pete Buttigieg campaign is the first to hire a Chief Information Security Officer to cover every internal strategic meeting and plan.
Where: City of Murfreesboro, TN
What did the hack look like? The city’s water department page was replaced with a photo of Guy Fawkes
The hack target: a payment portal
AP | Tennessee city website compromised by ‘Iranian Hackers’
Who & Where: Western Australian government
What: Data Security law that will create 2 parallel government oversights
What is the bifurcated approach?
Western Australia Privacy and Responsible Information Sharing
IT News | WA offers first glimpse at future data sharing laws
What: Professional Services Council Foundation created the Mark L. Cohn Research Fund
Why? ” promote innovation through research primarily focused on cybersecurity and other emerging technologies.”
Corporate Partner: Unisys
Why are providers concerned about writing cyber security insurance policies?
How much have policies increased since 2015? Total $2 billion last year, up 26% according to Moody’s Investors Service
3 Industries buying the most cyber policies: education, hospitality and retail industries
CyberScoop | Demand for cyber insurance grows as volatility scares off some providers
What is Data Protection at the Edge Resolution?
What lingo do I need to know?
Smart Cities World | US mayors approve resiliency resolution
San Francisco, CA , Somerville, MA, Oakland, CA & Berkeley, CA have all formally banned the use of facial recognition software
3 Reasons Cities are banning facial recognition software:
28 Congresspersons were misidentified as criminals in one case study use of facial recognition software
How many states tried to pass data security legislation in 2019? 24
How many succeeded? 3. Illinois, Maine, & Nevada
Why? Opposition from Tech Companies, The Internet Association, and Business Groups
Will there be more data security legislation? Yes, with record fines against Facebook and Equifax’s record breaking settlement in 2019
5 Opposition Arguments:
Governing | When It Comes to Data Privacy, States Are Battling Big Tech
Where: Cities will being using blockchain voting systems for citizens voting abroad
The cities: Denver, multiple cities in Utah, & the state of West Virginia
Policy goals:
How will ballots be verified? facial recognition has been selected as the default verification method
Route Fifty | Ready or Not, Blockchain-Based Mobile Voting Is Getting Closer
Where: New York
Who sits on New York’s Digital Currency Task Force?
What are the Task Force goals?
How did the Task Force come about? AB 8783 (2017 | NY)
Coin Desk | New York Legislature Names Initial Members to Crypto Task Force
Where: California
How many agencies had data security flaws? “high risk deficiencies” at 21 state agencies
What regulatory action was called for?
Where: Columbia (the country)
What happened? a data breach impacted 267,000 Columbians at a ride share company
How did regulators exercise enforcement powers?
Reuters | Colombia orders Uber to improve data security after 2016 breach
Where: Louisiana
What happened in Louisiana? Several school systems experienced cyberattacks
How did government respond?
CNN | Louisiana’s governor declares an emergency after cyberattacks on several school systems
AP | Cyberattacks inflict deep harm at technology-rich schools
What is happening? Electronic Frontier Foundation filed a class action lawsuit against AT&T + 2 data brokers over the sale of AT&T customers’ real-time location data
Is this common? Tech types say all the telecoms sell real time location data to location aggregators to bounty hunters and bail bondsman
What state laws are we talking about? A state’s deceptive trade practices act + data protection and privacy laws
Let’s look at how insulin machines can be hacked.
When a medical devices manufacturer would correct known flaws, researchers built the system that would kill people by hacking the devices.
Were regulators involved? yes, but slow to act, hence why researchers built an app that would kill people if it were deployed to the insulin device
Wired | THESE HACKERS MADE AN APP THAT KILLS TO PROVE A POINT
WHAT? Amazon protests
WHY? Protestors do not support the use of Amazon technology by ICE
WHERE does this business trend get interesting? In the company’s response (emphasis added):
An Amazon representative said in an emailed statement: “There is clearly a need for more clarity from governments on what is acceptable use of [artificial intelligence] and ramifications for its misuse, and we’ve provided a proposed legislative framework for this. We remain eager for the government to provide this additional clarity and legislation.”
Wall Street Journal | Protesters Disrupt Amazon Event Over Its Ties With ICE
The study: Authenticity Gap report by FleishmanHillard Fishburn
What did consumers say for this 7th annual Authenticity Gap report?
What did it say about how this message should be conveyed?
The Holmes Report | Study: Consumer Expect Brands To Take A Stand On Climate Change & Data Security
Where: Connecticut
How: CT’s state budget contains a provision requiring:
What does this mean? Employee training, Record retention program, Risk assessment process, Incident response process, and annual assessments
National Law Review | Connecticut’s Insurance Data Security Law
Why is clothing storing data? smart fabrics
What data is gathered and stored? Biometrics
Does HIPPA apply? NO
How are legislatures handling it? An Amendment to California’s Consumer Privacy Act is leading the way
Retail Dive | Wear it out: How smart tech and data collection will impact retail
When does the issue arise legislatively? When states implement new titling software
Do dealers want to leave it up to the courts? NO
Where are the data breaches? Maryland Department of Labor & Oregon’s Department of Human Services
How does blockchain help prevent this?
Would this really work? Support inthis paper from NASA
CCN | Cybersecurity Breach at Maryland Agency Spotlights Need for Blockchain
Which businesses?
What do they want protected? software source codes, algorithms and encryption keys
Why do they want this protected? Critical corporate information
What regulations/laws do they fear? Anything that requires the disclosure thereof
What these businesses are asking for is part of Japanese Prime Minister Shinzo Abe’s initiative for “data free flow with trust”
Nikkei Asian Review | Toyota, IBM and more push for global data security ahead of G-20
Where: Sommerville, Mass.
What: City Council unanimously banned the use of facial recognition software
Why is this a legislative issue?
How is the issue being messaged?
What concerns do researchers find?
State: Maine
The legislation: LD 946 (2019 | ME)
What does Maine’s LD 946 do?
What do opponents say? The bill does not go far enough because many other companies like Google and Facebook collect mountains of data that should also be protected.
Central Maine | Maine Compass: Privacy bill doesn’t go far enough
Laredo Texas suffered a cyber attack.
Where is the hacked license plate reading software used? it is being used by US government near the border with Mexico
What data was hacked?
Motherboard | Hackers Breach Company That Makes License Plate Readers for U.S. Government
The legislation: Congress’ Achieving Lasting Electoral Reforms on Transparency and Security Act (ALERTS Act)
The government disclosure requirement:
How quickly does notice need to occur?
State Scoop | U.S. House bill would require feds to notify public of election hacking
A loot box is an incentive for gamers that “give users a nominal advantage for a fee or loot boxes which allow users to essentially play a slot machine for gaining rare or important items
What’s wrong with this? Gateway drug for gambling
Who is first out of the gate with legislation? US Senator Hawley (MO)
Senator Hawley | Frequently Asked Questions Regarding Legislation on Pay-to-Win and Loot Boxes
Where: Arkansas
The legislation: Senate Bill 632 (2019 | AR)
What does SB632 do?
Partners include:
Government Technology | Aggressive Initiative to Shore Up Cybersecurity in Arkansas
Active Cyber Defense uses private sector cyber bounty hunters and hackers to protect critical infrastructure.
Who is behind this concept?
How would this private sector system work? the private sector hackser would be deputized “certified active defenders” to assist with the creation of an active cyber defense strategy
Thank you for subscribing to our newsletter.
Great things are just around the corner!