At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.

NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.


Continue Reading

On October 6, 2016, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler published a blog entry on the Commission’s website outlining proposed privacy rules for broadband Internet Service Providers (ISPs). The proposed rules are scheduled to be considered by the full Commission at its monthly meeting on October 27, 2016. These rules come after the Commission received substantial public comment on its March notice of proposed rulemaking (discussed in an earlier blog post) from stakeholders representing consumer, public interest, industry, academics, and other government entities including the Federal Trade Commission (FTC). The proposed rules appear to soften several elements of the Commission’s initial proposal, which received considerable industry criticism.

Continue Reading

On March 31, 2016 at its Open Meeting, the Federal Communications Commission (FCC or Commission) voted along party lines (3-2) to launch a notice of proposed rulemaking (NPRM) to establish privacy rules for broadband Internet Service Providers (ISPs). As we explained in our blog post in anticipation of this vote, this rulemaking stems from the

This entry was drafted by Telecom Partner John Heitmann

Yesterday, the FTC testified before a Senate Subcommittee and recommended that proposed data security legislation introduced by Senators Pryor (D., AR) and Rockefeller (D., WV) (The Data Security and Breach Notification Act of 2010, S.3742) be modified so that its requirements and the FTC’s enforcement authority thereunder be extended to telecommunications common carriers.  

The FTC’s testimony – available here – is the latest in a series of FTC actions signaling the agency’s concern regarding the amount of personal information telecom common carriers handle and the FTC’s ability – or inability – to take enforcement action against such carriers.


Continue Reading