Last week, we told you that President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The Act is the first of its kind at the federal level, aimed at protecting the security of IoT devices and services in the marketplace. The Act governs federal purchases of IoT devices and services but is intended to leverage the purchasing power of the federal government to affect the broader IoT market indirectly.  Thus, without (yet) setting standards for all IoT devices and services, the legislation nevertheless is significant whether or not a company sells its product to the government.

Continue Reading NIST Wastes No Time in Implementing the IoT Cybersecurity Act of 2020

On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The legislation, H.R. 1668, passed the House in September and the Senate in November.

The Internet of Things Cybersecurity Improvement Act of 2020 draws upon work that the National Institute of Standards and Technology (“NIST”) has been doing to address cybersecurity for IoT devices. Referencing work done over the Summer on IoT Device Cybersecurity, the Act directs NIST to issue standards for the “appropriate use and management” of IoT devices owned or controlled by federal agencies. NIST, which already was working on the federal profile of IoT uses, is directed to issue these guideline by March 4, 2021. Within 6 months of that date, the Office of Management and Budget is to review agency information security policies and principles based upon NIST’s guidelines. And, adding a hammer to the incentives, federal government acquisition standards are to be revised to implement these standards. In other words, federal contractors will be required to adhere to the NIST standards in IoT devices sold to the federal government.


Continue Reading President Signs IoT Cybersecurity Act of 2020

In a move spurred by Twitter’s decision to fact-check a pair of President Trump’s tweets, the president recently signed a multi-pronged “Executive Order on Preventing Online Censorship” with the claimed intention of stopping online platforms from making content moderation decisions that discriminate against particular viewpoints. The President, along with other conservative political figures and commentators, have frequently claimed that social media platforms have used content moderation practices to stifle conservative speech. The Executive Order (“EO”) evokes the First Amendment, calling online platforms the 21st century “public square,” where people go to express and debate different views, and saying the allegedly biased content moderation practices undermine that free expression.

The most controversial aspects of the order are its interpretation of Section 230 of the Communications Decency Act (“CDA”)—the statutory provision that shields online service providers from liability for user-generated content and the decisions they make about how to moderate that content—and its attempt to prompt the Federal Communications Commission (“FCC”) to adopt regulations further interpreting the law. Reform of Section 230 has been under consideration in Congress for years, with Republicans and Democrats both offering different—and mostly contrary—critiques about how online platforms have failed to act in accordance with the statute while also benefitting from the liability protections.

Other directives in the EO attempt to elicit other parts of the federal government to discipline online platforms for their content moderation practices. Absent Congressional action, the EO’s directives appear to stand on shaky legal ground and are likely to have limited legal impact.  However, the issuance of the EO alone may be unlawful, at least according to a complaint challenging the constitutionality of the EO filed with the U.S. District Court in D.C. by the Center for Democracy & Technology (“CDT”). According to the complaint, the EO violates the First Amendment, which strictly limits the government’s ability to abridge speech, by retaliating against Twitter for exercising its right to comment on the President’s statements and because it “seeks to curtail and chill the constitutionally protected speech of all online platforms and individuals” by demonstrating the government’s willingness to retaliate against those who criticize the government.


Continue Reading Section 230 Executive Order Strikes Back at Twitter, But Legal Impact Likely to be Limited