In a bold effort to ensure net neutrality, FCC Chairman Tom Wheeler has proposed a new set of rules that would treat the Internet as a public utility and prohibit pay-to-play fast lanes. Also in recent GRC news: Experts warn that Anthem’s breach could lead to more attacks on other healthcare organizations; and President Obama announced minor changes to private data collection rules that would still keep NSA bulk collection efforts intact.
FCC chairman proposes new net neutrality rules
Last week, Federal Communications Commission (FCC) Chairman Tom Wheeler proposed a new set of rules to ensure net neutrality. The proposal comes after President Obama’s recommendation last November that the FCC adopt “the strongest possible rules” to maintain net neutrality and to apply Title II of the Telecommunications Act to the Internet by reclassifying it as a telecommunications service.
Wheeler is urging the Title II approach in his proposal that, if passed, would give the FCC the legal authority to regulate the Internet as a public utility. This would ensure that no content is blocked and would prohibit Internet providers from providing “fast lanes” to customers who can afford it and slower speeds to everyone else.
Wheeler’s proposal will be voted on by the entire commission on Feb. 26 and, if approved, would likely be challenged in court by cable and telecommunications companies.
Anthem breach draws attention to healthcare data security
Anthem, the second-largest health insurance company in the U.S., last week suffered what security experts say is the industry’s largest cyberattack in history. Personal information of 80 million customers were exposed — including Social Security numbers, medical identification numbers and email addresses — that could be used for fraud.
Experts warn that more healthcare companies are likely to be targeted due to hackers’ success in breaching Anthems’ systems, as well as the high value of patient data on the black market. Medical records fetch higher prices than credit card records, especially due to the credit card black market being inundated after numerous data breaches at large retailers.
The Anthem breach and the fact that the data stolen from its database was not encrypted also raised questions about the lack of clear healthcare data security standards. The Health Insurance Portability and Accountability Act, for instance, encourages data encryption, but doesn’t require it. This could weaken public confidence, experts say, as greater numbers of medical records are digitized and the government increasingly promotes electronic data sharing. Encryption mandates remain controversial, however, because it can make daily operations more burdensome and potentially increase costs.
White House makes changes to data collection practices
Last Tuesday, the Obama administration announced changes to how private data is collected for intelligence purposes. The changes tighten rules that govern how intelligence agencies use foreigners’ Internet and phone communications collected by the National Security Agency (NSA) — although the agency’s bulk collection of data would be allowed to continue.
Under the new set of rules, data must fall under one of six threat categories to allow for its collection, and irrelevant data must be purged after five years. The new rules also place more scrutiny on how intelligence agencies use the data they acquire from American citizens without a warrant, and state that this type of data can only be used to prosecute someone for such serious crimes as kidnapping, murder or threats to national security.
Critics contend that the new policy still does not go far enough to protect Americans’ privacy against the NSA’s surveillance techniques. “The reforms are far from sufficient and they really do tinker around the edges. It’s clear the administration is going to continue to stand by a lot of the mass surveillance policies,” Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, told CBS News.