Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Photo By Harold Hanka, The Westerly Sun
Sun staff writer

EXETER — After three years of work spanning two states and involving scores of officials and volunteers, the Wood-Pawcatuck Wild and Scenic Rivers Study has been completed and is now headed first to the towns for their approval and, ultimately, to the United States Congress.

The announcement Monday, at the Wood River canoe and kayak access in the Arcadia Management Area in Exeter, was made by study coordinator Denise Poyer of the Wood-Pawcatuck Watershed Association.

“We did it!” Poyer told the assembled guests, who clapped and cheered. “We documented that the seven rivers in the Wood-Pawcatuck watershed have outstandingly remarkable values that absolutely qualify for them for the national Wild and Scenic River system, and we developed a stewardship plan that will help protect these rivers for future generations.”

The 300-square-mile watershed is the sole-source drinking-water aquifer for thousands of people in southern Rhode Island and Connecticut.  The rivers under consideration for the Wild and Scenic designation are the Beaver, Chipuxet, Green Fall-Ashaway, Queen-Usquepaugh, Pawcatuck, Shunock, and Wood rivers.

Members of the Rhode Island and Connecticut Congressional delegations sponsored the Wood-Pawcatuck Watershed Protection Act in 2014, which paved the way for the formation of a study committee to document the special qualities of the rivers and determine how best to protect them.

U.S. Sen. Jack Reed, D-R.I., who has been credited with ensuring the passage of the Wood-Pawcatuck Watershed Protection Act by attaching it to a Defense Authorization Bill, said the designation of the watershed would be a fitting tribute to the national Wild and Scenic Rivers system, which will mark its 50th anniversary in October.

“We’re celebrating 50 years,” Reed said. “We have 12,000 miles of scenic river. We can use a few more and they can be located right here in Rhode Island.”

Recalling happy times spent on the Wood River with his children, U.S. Sen. Sheldon Whitehouse, D-R.I., said he was ready to do what he could to make sure the designation is passed.

“These steps that you have all taken will power us up and enable us to take the final step that will see to it that these rivers are protected for generations and generations,” he said.

U.S. Rep. James Langevin said it was time to add the Wood-Pawcatuck watershed to the federal system.

“There are some 208 rivers that have been given this (number) designation in 40 states, and I certainly look forward to seeing the Wood-Pawcatuck being designated 209,” he said.

Also present for the announcement was U.S. Rep. David Cicilline, D-R.I.

“We are really privileged to live in a state that has a citizenry that really understands our environmental responsibilities and what our waterways mean to our ecosystem and our quality of life,” he said.

U.S. Senators Richard Blumenthal and Chris Murphy and Congressman Joe Courtney, all Democrats from Connecticut, were the other co-sponsors of the Wood-Pawcatuck Watershed Protection Act.

Reading a written statement from Courtney was Emma King, deputy director of Conecticut’s Second Congressional District.

“I am proud to lend my continued support to this multi-state partnership to conserve and celebrate this ecological treasure in our own back yards,” Courtney wrote.

Eight Rhode Island towns and four in Connecticut took part in the Wild and Scenic study. Assisted by the National Park Service, the study committee included town-appointed representatives from Westerly, Charlestown, Hopkinton, Richmond, Exeter, North Kingstown, South Kingstown, and West Greenwich. Connecticut representatives were from the towns of North Stonington, Sterling, Stonington, and Voluntown.

Several state agencies and environmental-advocacy organizations also participated in the study: the Rhode Island Department of Environmental Management, the Connecticut Department of Energy and Environmental Protection, the Wood-Pawcatuck Watershed Association, Save the Bay, The Nature Conservancy, and the Audubon Society of Rhode Island.

Eric Thomas of the Connecticut Department of Energy and Environmental Protection said the two states had collaborated effectively on the study.

“It was natural for us to not only work at the agency levels, but work at the community level for the four communities in Connecticut, matching up with the Rhode Island communities to look at our shared resource within the watershed,” he said. “The study has really brought us all together for a number of years now, and today’s outcome is just another step in the whole process.

Representing the Town of Westerly was town council member Jean Gagnier, who did not serve on the study committee.

“We’ve got a a great representative, Jon Ericson, and we have Joe MacAndrew, who’s been appointed by the Town Council to serve on the committee,” he said.

(Harrison Gatch also represented Westerly on the committee as a council appointee.)

Jamie Fosburgh of the National Park Service’s Boston office said once the watershed receives a Wild and Scenic designation, its status at the federal level will undergo a significant change.

“The first thing is establishing the national priority for all federal agencies, so that becomes the policy of the United States, to recognize these values as of national significance,” he explained. “Directly, the Park Service, through Congressional appropriations, supports the stewardship committee that will be formed after designation to implement the stewardship plan.”

Study Committee Chairman and Hopkinton Planning Clerk Sean Henry said the study will now go back to the towns for approval.

“It’s collaborative with all the local towns,” he said. “Everyone on the committee was appointed by their town councils. We’re going to be going back to the towns when we have the stewardship plan ready, and hopefully, they’re going to approve it.”

Standard Times: Langevin addresses senior population and cyber security in South County

Standard Times: Langevin addresses senior population and cyber security in South County

Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, hosted an educational cybersecurity awareness forum with the Rhode Island State Police Computer Crimes Unit, the State Cybersecurity Officer, the Rhode Island American Association of Retired Persons (AARP), and local officials to provide attendees with steps for staying safe online.

The forum, which took place Monday at the South County Nursing and Rehabilitation Center, started off with Langevin explaining what exactly cybersecurity was, describing it as an effort to protect an individual against both foreign and domestic “bad actors” working online.

“Cybersecurity is the national security and economic security challenge of the 21st century and will be here for quite some time.  Cybersecurity isn’t only about foreign hackers or foreign individuals involved in the security,” Langevin said.

While Langevin went on to say that, while Russian interference in the 2016 elections was a topic of concern to remain vigilant about, the topic of cybersecurity goes beyond “nation state attacks on foreigners.”

“It runs the gamut from domestic individuals that run a criminal enterprise or just hackers in general that may try to prey on us, all bad actors,” Langevin said.  “Each of us can take steps in order to protect ourselves while we’re online.”

“There’s a number of stuff that you can do, such as strong passwords, changing passwords on a regular basis, making sure that you’re downloading the security patches,” he continued.

Security patches are general ways of protecting information by updating systems, such as upgrading to the latest version of Windows and updating security systems.

Following his introduction, the congressman invited the three guest speakers to come up one at a time. The speakers were RI cybersecurity officer Mike Steinmetz, RI AARP representative Daniel Liparini, and RI State Police computer crimes unit captain John Alfred.

Steinmetz started off by comparing cybersecurity to everyday protections, such as locking your car, and proceeded to describe a scenario where somebody leaves their car running in the Dunkin’ Donuts parking lot while grabbing a coffee, and how vulnerable that person would be to theft.

“Today, as the congressman mentioned about passwords and patching and backups, I want you to remember that analogy because if you’re not changing your passwords, if you’re not patching your system, your car is outside of Dunkin’ Donuts with the doors open, the keys in it, and the engine running,” he added.

Steinmetz then went on to explain the importance of creating an appropriate passing, and when he asked how many thought passwords were hard to remember, nearly every person in attendance raised their hand.

“Pick something that you like or something that you kind of remember.  Easy things like ‘purple,’ ‘clown,’ or ‘church,’” he said.  “Everybody will remember that, and then you just add in a couple of letters in between, or special characters in between, word or a capital letter in there, or a numeral somewhere.”

Speaking as the AARP representative, Liparini also described the importance of cybersecurity, specifically for senior citizens, and the dangers posed by hacking and phishing– the use of scams to gain access to a user’s sensitive information by appearing legitimate, whether it be passwords, security information, or date of birth.

“Most AARP members grew up in a time where we were playing with tinker toys, then we graduated to Monopoly.  We didn’t carry around devices that use more computing power than NASA used to send the first man on the moon,” he said. “So we’re subject to hacking and phishing, we really have never been trained how to cope with that.”

Phishing scams include IRS, medicare, technical support, lottery, veteran scam, and romance scams.

While Steinmetz and Liparini described the technical aspects of cybersecurity, Alfred said he was there to talk about the “human side of things,” such as how phishing and “social engineering” play a part in the theft of user’s private information.

Alfred defined social engineering as leveraging and manipulating “human nature” to gain access to private information.

“I’m going to find a way or find something that you know about, and try to entice you by using what you know or what you like,” Alfred said, from the perspective of the social engineer.  “We’re all targets, whether you know it or not.  You have some type of information that they can a little bit of that information and pull it from you.  There’s something called the dark web where they’re able to sell this information.”

Wrapping up, Alfred’s central message to residents in attendance was to be more skeptical of what they come across online.

“Don’t be too trusting, be skeptical of any emails or phone numbers you don’t recognize, and don’t click hyperlinks. If it’s too good to be true, it’s too good to be true,” he said.

Transportation Today: House advances legislation to protect expiring FAA programs

Transportation Today: House advances legislation to protect expiring FAA programs

BY CHRIS GALFORD

By an overwhelming majority, the U.S. House voted this week in favor of keeping Federal Aviation Administration (FAA) programs at risk of expiration in September.

The FAA Reauthorization Act of 2018, or HR 4, is heavily focused on consumer protections and does much more than simply maintain the status quo. Rather, it sets a minimum size for aircraft seats, prohibits passengers from being removed once seated, demands airline transparency over compensation policies for unforeseen events like delays, lost luggage and overbooking, and establishes what is essentially a bill of rights for passengers with disabilities. It also, thanks to an amendment from U.S. Rep. Jim Langevin (D-RI), requires a review of airport and airline personnel training, if they are the ones assisting those with disabilities.

“I am proud that this bill makes substantial progress in expanding the rights of all Americans to travel with dignity,” Langevin said. “As someone who knows firsthand the challenges of flying with a disability, it is important that we have a modern framework to prevent discrimination. Air carriers have made substantial progress since the 1980s, but with over 30,000 complaints still being filed annually, we have a ways to go before we can achieve the goal of truly equal access to the skies.

Along with the new additions, the bill reauthorizes FAA programs to continue for another five years. It flat funds the Airport Improvement Program and requests better integration of drones into the U.S. airspace. Notably, it also drops a much-debated effort to privatize the air traffic control system.

“Rhode Islanders have seen the benefits of expanding service at TF Green Airport, and funding from the FAA has been an important part of our improvement projects,” Langevin said. “I also hope the Senate will take a more robust view toward drone regulation by including the bill Senator Whitehouse and I introduced to provide clear criminal penalties for recklessly operating drones in a way that endangers safety.”

The bill now heads to the full Senate floor for further consideration.

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

By Gant Team

WASHINGTON – U.S. Reps. Glenn ‘GT’ Thompson (R-PA) and Jim Langevin (D-RI) have introduced a bill to modernize the charter of the National FFA Organization (formerly Future Farmers of America) to better reflect agriculture education in the 21st Century.

H.R. 5595, the National FFA Organization’s Charter Amendments Act, makes updates to allow the National FFA to be a self-governing organization while maintaining its long-held relationship with the U.S. Department of Education.

As the charter currently reads, the Department of Education holds the majority of the seats on the National FFA’s Board of Directors.

“FFA is the cornerstone of our rural communities throughout the nation,” Thompson said.

“In its 90-year history, the FFA has been a leader in preparing American youth for careers in the agriculture industry. This bipartisan bill will modernize the charter to ensure FFA can take control of its own organization and it can continue to inspire generations of young agriculture leaders.

“I thank my friend Rep. Langevin for his leadership on this issue and look forward to moving the bill through the legislative process.”

“FFA plays a critical role in agricultural education and workforce development in Rhode Island and across the country by allowing young people to explore exciting careers,” Langevin said.

“I’m proud to work with my fellow Career and Technical Education Caucus co-chair, Congressman Thompson, on this bill to modernize FFA’s charter, providing it with the autonomy to be innovative and an increased focus on comprehensive CTE.

“With a new charter, FFA will better fulfill its mission of developing leadership and achievement in American agricultural education.”

“About 100 organizations have federal charters, but FFA is the only one where the government has a majority of seats on the board,” said U.S. Rep. David Young (R-IA), who is an original cosponsor of the bill.

“This bill will allow the FFA to self-govern and continue the important work of educating and empowering our young people to be successful in agriculture.”

“The amendments set the stage for FFA in the 21st century and allows us to bring FFA and our operations into the future,” said Mark Poeschl, chief executive officer of National FFA.

“The one thing that has not changed is our commitment to the relevance that FFA and agricultural education continue to have in our nation’s education system. With its three integral components – classroom/laboratory instruction, supervised agricultural experiences and FFA – the agricultural education model continues to push students toward a thriving future thanks to the relevant skills learned and experience obtained. These amendments will strengthen our commitment.”

About FFA Charter

FFA was founded in 1928. Congress recognized the importance of FFA as an integrate part of vocational agriculture and in 1950 granted the organization a federal charter.

The charter also provides federal authority to create an inter-agency working agreement between the Department of Education and the Department of Agriculture that’s focused on strengthening the FFA and school-based agriculture education.

The role of education in securing a skilled, sustainable workforce in agriculture is underscored through the required involvement of the U.S. Department of Education on the National FFA Board of Directors.

Putting it in Perspective

Only about 100 organizations have charters with federal agencies.  Only six organizations require their respective government agency to select one member for the board of directors.

FFA is the only organization that requires a majority of its board of directors be chosen by its partner government agency.

About H.R. 5595

The legislation introduced by Thompson and Langevin seeks to modernize the National FFA Organization’s relationship with the Department of Education to reflect agriculture education in the 21st Century.

FFA will continue to work closely with the Department of Education as well as USDA to fulfill its mission to better match the innovative and hands-on approaches that many agriculture educators are implementing across the country.

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Photo By Scott Schiller

Written By Jeremy Kirk

The U.S. Securities and Exchange Commission says Yahoo has agreed to a $35 million civil fine to settle accusations that it failed to promptly notify investors about a December 2014 data breach.

The enforcement action puts public companies on notice that the SEC doesn’t look kindly upon efforts to conceal or downplay data breaches.

Yahoo, which has renamed itself Altaba, has neither admitted nor denied the allegations – as is typical in such enforcement actions, the SEC says.

But the SEC says that despite Yahoo learning within days of a December 2014 breach that it had been attacked by Russian hackers, the search giant waited nearly two years to disclose the breach to investors. The regulator’s probe into Yahoo’s breach notification speed reportedly launched in December 2016 (see SEC Reportedly Probing Yahoo’s Breach Notification Speed).

“Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”
—Jina Choi, director of SEC’s San Francisco office

“Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” says Jina Choi, director of the SEC’s San Francisco regional office. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Altaba couldn’t be immediately reached for comment.

The SEC’s enforcement action has been praised by some lawmakers. “Investors have a right to know whether companies are taking cybersecurity seriously,” says Rep. Jim Langevin, D-R.I. “[The] announcement of a $35 million fine in response to Yahoo’s failure to disclose its massive 2014 data breach is a long overdue first step toward providing real protections for investors. I agree that we should ‘not second-guess good faith exercises of judgment’ by executives, but the bias should be toward disclosing a breach, not burying it.”

Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned breach notification service, says that the $35 million fine will “surely cause organizations to think a bit more” about data security.

Many organizations publicly say that security is a top priority, but that often is not necessarily reflected in their IT spending, Hunt says. “There seems to be a degree of lip service [to security],” he says.

‘Crown Jewels’ Stolen

Yahoo disclosed the 2014 breach in September 2016 as it was negotiating its sale to Verizon. Due to the severity of the breach, Verizon closed its acquisition of Yahoo in June 2017 for $4.48 billion, around $350 million lower than the initial asking price.

Under the terms of the acquisition, Yahoo must pay half of all costs related to government investigations and third-party litigation. Yahoo did not carry cybersecurity insurance.

The December 2014 breach affected 500 million users. The SEC’s order says the stolen data included Yahoo’s “crown jewels,” including email addresses, user names, phone numbers, birthdates, hashed passwords as well as unencrypted security questions and answers.

“The bias should be toward disclosing a breach, not burying it.”
Rep. Jim Langevin

Following the breach, Yahoo filed regular SEC reports in which it only outlined the risks of a data breach without disclosing that it had been attacked. The SEC alleged that Yahoo did not share information about the breach with outside auditors or counsel “in order to assess the company’s disclosure obligations in its public filings.”

The SEC adds: “Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors.”

Repeatedly Breached

Yahoo has a complicated breach disclosure history. After Yahoo disclosed the 500 million breached accounts in September 2016, it revised that tally in December 2016 to 1 billion accounts. It also said at that time attackers had forged cookies, allowing them to directly access some accounts.

In March 2017, four men, including two Russian FSB agents, were indicted on charges related to intrusions into Yahoo, Google and other webmail providers (see Russian Spies, Two Others, Indicted in Yahoo Hack).

Former Yahoo CEO Marissa Mayer told a Congressional committee in November 2017 that it was tough for any corporation to defend against nation-state attackers. She testified that Russian intelligence officers and state-sponsored hackers were responsible for sophisticated attacks on the company’s systems (see Former Yahoo CEO: Stronger Defense Couldn’t Stop Breaches).

“Even robust defenses … aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent,” Mayer testified.

Just a month prior to Mayer’s testimony, Yahoo disclosed that a 2013 breach compromised virtually its entire user base, encompassing some 3 billion accounts (see Yahoo: 3 Billion Accounts Breached in 2013).

A class-action lawsuit against Yahoo is still winding its way through federal court in San Jose, California. Similar to the SEC’s allegations, the plaintiffs allege Yahoo waited too long to disclose breaches. Some of the plaintiffs allege the Yahoo breaches resulted in fraudulent charges on their cards and spam in their accounts (see Federal Judge: Yahoo Breach Victims Can Sue).

One of the four men who was charged, Alexsey Belan, has been accused of using his access to Yahoo to search for credit and gift card numbers. He has also been accused of using Yahoo account information to facilitate spam campaigns.

Executive Editor Mathew Schwartz also contributed to this report.

Federal Times: NIST publishes update to its cyber framework

Federal Times: NIST publishes update to its cyber framework

The new version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected in 2016 and 2017, includes updates to authentication and identity, self-assessing cyber risk, managing cybersecurity within the supply chain and vulnerability disclosure.

“This update refines, clarifies and enhances version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the internet of things.”

NIST also plans to release an updated Roadmap for Improving Critical Infrastructure Cybersecurity later this year as a companion to the framework.

The NIST Cybersecurity Framework has featured heavily in recent government IT and cybersecurity initiatives, and received a callout in the White House IT Modernization report released in December 2017.

In a news release, Rep. Jim Langevin, D-R.I., applauded the update for keeping the framework relevant in the face of a changing cyber landscape:

“In the four years since its release, countless organizations have used the NIST Cybersecurity Framework to voluntarily assess their cybersecurity risk posture, identify gaps, and prioritize security best practices. As demonstrated by the Russian government’s targeting of our election systems, however, the cybersecurity threats to our critical infrastructure continue to evolve. Today’s release marks an important evolution of the Framework that will ensure it remains relevant as risk management practices change to keep pace with the threat.”

Langevin added that, while the framework now has many positive additions, the update process did miss out on an opportunity to offer more concrete guidance on ways to quantify risk.

Industry, too, offered support for the new changes.

“There’s a lot to like in the new Framework, but one area where they made big strides is on supply chain risk management,” said David Damato, chief security officer at Tanium.

“2017 was the year of the supply chain attack, with attacks from NotPetya to CCleaner originating with a breach of a company’s third-party partner. The increasing attention NIST is bringing to this issue, and the standardized language they offer, will go a long way in helping organizations better understand the risks associated throughout their supply chain.”

NIST plans to host a webcast on the updated framework April 27, 2018, and the framework will also feature heavily at the agency’s Cybersecurity Risk Management Conference in November 2018.

Providence Journal: R.I.’s U.S. reps, senators call on Trump to work with Congress in wake of missile strike on Syria

Providence Journal: R.I.’s U.S. reps, senators call on Trump to work with Congress in wake of missile strike on Syria

By Paul Edward Parker

PROVIDENCE, R.I. — Rhode Island’s U.S. representatives and senators have weighed in on President Donald Trump’s decision to launch a missile strike on a Syrian air base Thursday in retaliation for a chemical weapons attack the administration was carried out by the Syrian government, cautioning the president to work with Congress in dealing with Syria.

In separate statements issued Friday, Rep. Jim Langevin and Sen. Sheldon Whitehouse explicitly supported the decision, while Rep. David N. Cicilline and Sen. Jack Reed were more circumspect. They are all Democrats; Trump is a Republican.

“I believe the response taken tonight by the United States in launching an air strike in Syria following the morally reprehensible war crimes committed by Bashar al-Assad when he deployed chemical weapons, killing innocent children and civilians, is justifiable, and I support this decision,” Langevin said in his statement.

“Moving forward, the President must consult with Congress to determine how the United States will deal with Assad’s regime and determine what our strategic objectives will be,” Langevin said. “No nation has the right to use chemical weapons against innocent civilians and the world must speak with one voice condemning the actions of President Assad.”

Whitehouse said: “We have witnessed yet another atrocious act by the Assad regime against its own people, and we are called to conscience. Last night’s military action in Syria met my standards for responding to atrocity: a limited action; with a clear objective; that is not the beginning of American ‘boots on the ground’ military operations.”

The Hill: Facebook case demonstrates gaps in data ownership laws

The Hill: Facebook case demonstrates gaps in data ownership laws

Op-Ed Written By Congressman Jim Langevin

A recent survey indicated that users have little trust in Facebook to follow privacy laws. Trust is the operative word. Privacy policies, account settings, and terms of use play a larger role than any federal law in limiting the use of personal data beyond health or financial information. We extend a great deal of trust to a company when we give them our personal information – trust that they will take care of our data and abide by the contracts that govern our relationship. But after three decades of explosive growth in data harvesting, recent events make it clear that trust may be misplaced.

Facebook’s conduct with the underhanded campaign consultancy firm, Cambridge Analytica, has laid bare the limits of data protection law. Facebook users are the victims in this case – yet the company may only be liable under federal law if it also violated one of its written contracts with users. The innovations of the Information Age have outstripped the U.S. legal system’s protections for individual control over how our personal information is shared and used. It is time for that to change.

As the complexity of data sharing increases, so does the possibility that our information will be used in ways we never intended or authorized. Take the Facebook case. I challenge anyone to find a single one of the millions of affected users who provided information to Facebook with the expectation that Cambridge Analytica would use it to develop “psychographic” voting profiles for targeted political ads.I fully expect the players in the Cambridge Analytica case to come before Congress to testify, which CEO Mark Zurckerberg is scheduled to do next week, and which I called for following news reports in The New York Times and The Sunday Observer. More transparency is essential for policymakers to fully grasp the implications of this incident, and Facebook owes its users and shareholders – both of which I am – a full accounting of its actions. However, the available reporting is enough to provide a framework to explore policy options for strengthening controls on data usage.

Facebook reportedly learned that Cambridge Analytica had acquired millions of users’ profiles two years ago. At the time, Facebook sent letters to Cambridge Analytica and an associated researcher insisting that they delete the information. However, two important things did not happen: Facebook did not positively verify disposal of the data through an audit, and no individuals were notified that their private information had been used in a way they had not authorized. There were no federal requirements that either happen, just trust in the parties involved. Having seen that trust doubly betrayed, we may need new law to impose rigorous notification and disposal requirements when users’ data is shared improperly.

Facebook has stated that it was a violation of their agreements with Aleksandr Kogan, the Cambridge University researcher who initially collected the data, for him to sell or license it to Cambridge Analytica. This defense misses the point that granting unfettered access to raw data makes it technically and legally difficult to enforce limitations on data usage and sharing. Facebook extended trust to the researcher, on behalf of its users and without their knowledge, that the data would be used and protected in accordance with its terms. Those terms also allowed apps like the researcher used to collect data not only about users who explicitly authorized the app to do so, but also about their friends. While Facebook revoked that policy in 2014, there remains no legal requirement that users directly consent to sharing.

Finally, central to this case is the data that the affected users gave to Facebook in the first place. As a condition of joining the social network, users were required to agree to a privacy policy – whether or not they read and understood it – and could only modify the privacy settings Facebook chose to make available. As remarkable as it may sound, this is standard practice. The companies we do business with decide what they can do with our data and what control over those uses they offer to us; we don’t get to choose. Our only alternative is not to use a service at all, and that is less and less of an option in our Internet-enabled economy. Congress could change the law to require that companies give users granular control of their data and codify the right to know how, when and with whom that data is shared.

As long as data sharing adheres to published terms of use, the law does not prohibit most companies from selling or licensing access to your data, for virtually any purpose or duration, without notice to you. They have no obligation to verify that recipients of your data are not abusing it. Without laws to the contrary, we are left to trust service providers that our data will not be misused, misplaced, or misappropriated. Facebook violated that trust, and Congress must take action to update the law to put control of digital identities in more trusted hands – our own.

Langevin represents Rhode Island’s 2nd District. He is co-chair of the Congressional Cybersecurity Caucus.

 

Portsmouth Daily Times: Joint letter urges forgiveness of loans

Portsmouth Daily Times: Joint letter urges forgiveness of loans

By Staff Writers

WASHINGTON, D.C. – If Congressional lawmakers are able to persuade U.S. Department of Education Secretary Betsy DeVos to see things their way, parents of students who borrow money and then become totally and permanently disabled may have their loan debt erased.

U.S. Senator Rob Portman (R-OH) and Rep. Jim Langevin (D-RI) have sent a letter to U.S. Department of Education Secretary Betsy DeVos requesting the discharge of Parent PLUS Loans taken out on behalf of students who become totally and permanently disabled. They were joined by Sen. Chris Coons (D-DE) and Congressmen Peter Roskam (R-IL), Ron Kind (D-WI) and Raja Krishnamoorthi (D-IL).

“Federal law already recognizes that the difficulties that befall someone who sustains a total and permanent disability necessitate a pathway to student loan forgiveness. Parents also deserve access to this debt relief,” the lawmakers wrote. “When a child becomes totally and permanently disabled, parents should not be forced to continue bearing the burden of student loan debt.”

When a student borrower becomes totally and permanently disabled, they are discharged from having to repay most federal loans. Parents who borrow funds on their child’s behalf, however, remain liable for the debt even when their child sustains a total and permanent disability. The average Parent PLUS loan in 2016-2017 was $15,880, an immense cost for parents to bear while also caring for their disabled child.

Last December, Portman introduced Domenic’s Law (S. 2258), legislation to allow a parent whose child develops a total and permanent disability to qualify for student loan discharge. In May 2017, Langevin introduced the bipartisan PLUS Loan Disability Forgiveness Act (H.R. 2270), a similar bill in the House.

Homeland Preparedness News: Congressional Task Force on Election Security releases 10 recommendations to secure elections

Homeland Preparedness News: Congressional Task Force on Election Security releases 10 recommendations to secure elections

By Aaron Martin

The Congressional Task Force on Election Security released a report on Wednesday that outlines 10 recommendations to protect state election systems for cyberattacks, including allocating funds, more training, minimum requirements for voting machines, and threat assessments.

The task force was established in June 2017 in response to Russian hackers targeting 21 states’ voting systems and voter databases during the 2016 election. Members of the task force also introduced legislation that incorporates the recommendations of the report.

Wednesday’s report recommends that Congress appropriate $400 million in remain funds under the Help America Vote Act to help states update and secure voting machines, provide ongoing funding to secure state IT systems and voter databases, adequately fund the Department of Homeland Security (DHS) and Election Assistance Commission, and require manufacturers of voting machines to adhere to minimum cybersecurity standards and require notification in the event of breaches.

U.S. Rep. Jim Langevin (D-RI), co-chairman of the Congressional Cybersecurity Caucus, said he was pleased with the task force’s work and recommendations.

“With the 2018 elections just months away, Congress must act now to bolster our election cyber security especially as intelligence leaders are confident that Russian interference will not stop,” Langevin said. “The report recommendations and corresponding legislation are important first steps in restoring the American people’s trust in our democratic system and securing our elections for years to come.”

The task force also called for the development of a National Strategy to Counter Efforts to Undermine Democratic Institutions, for the intelligence community to conduct election security assessments six months before elections, for DHS to maintain the “critical infrastructure” designation for election infrastructure and to expedite security clearance for the top election official in each state.

The report also called for states to conduct risk-limiting assessments, to prioritize training for state election officials and IT staff.