Are Governments Right to Ban Facial Recognition Technology? – Government Technology

Over the past year, a number of organizations have campaigned for policymakers to ban government use of facial recognition technology and for companies like Microsoft, Amazon and Google to not sell the technology to government. Their efforts have begun to bear fruit. In February, a lawmaker in San Francisco proposed a rule that would ban all city departments from using facial recognition technology, and state legislators in Massachusetts and Washington have since followed suit with their own proposal to ban government use of facial recognition. However, these proposals are based on inaccurate or misguided concerns, and following through on them would weaken the effectiveness and efficiency of law enforcement, make schools less safe, and hold back technological progress at other government agencies.

Much of the opposition to facial recognition is based on the false belief that the systems are not accurate. But many of the most high-profile critiques of facial recognition are based on shoddy research. For example, the American Civil Liberties Union (ACLU) has repeatedly claimed that Amazon’s facial recognition service had an error rate of 5 percent when used to compare Congressional photos to mugshots, but the error rate would have dropped to zero had the ACLU used the recommended confidence threshold of 99 percent.

Moreover, there is clear evidence that facial recognition technology is becoming increasingly accurate. In 2018, the Department of Commerce’s National Institute of Standards and Technology (NIST) tested how accurately the facial recognition software from major developers could match two photos of the same individual from a database of nearly 27 million photos. NIST found that only 0.2 percent of searches failed. And while several facial recognition systems perform less accurately for certain demographics, the private sector has been actively working to address this problem, such as by developing more diverse image data sets to train their systems.

Unfortunately these proposed bans would limit many beneficial applications of facial recognition technology, such as allowing police to more quickly identify potential suspects, witnesses and victims; ensuring only authorized personnel can access secure government buildings; and helping schools prevent sex offenders, disgruntled employees, or other potentially dangerous people from entering their facilities. Simply put, computers can search millions of photographs at a fraction of the time and expense of humans. Indeed, the technology has already proven its value on many occasions, including by finding missing children, catching people with false documents at airports, and combating human trafficking. Moreover, some of the proposed bans, such as the bill in Washington, would limit government from using other technologies, like tools to blur faces in surveillance footage before public release.

Policymakers can promote the responsible use of facial recognition technology by government without banning its use. For example, they can require that law enforcement only use facial recognition technology that meets certain performance benchmarks to ensure the technology is used effectively, and they can provide oversight to ensure accountability for the policies and practices that law enforcement develops to use the technology effectively. In many cases, this oversight will be an extension of existing accountability measures. Finally, government funding can support the development of better data sets, more accurate systems and best practices.

No rational person wants to live in the real-life version of society described in George Orwell’s novel 1984, but police adoption of facial recognition in democratic, rule-of-law nations does not equate to such a world. Instead of supporting the calls for bans, policymakers should create rules to prevent inappropriate uses of facial recognition technology by government and allow government to adopt the technology where it is useful.

Daniel CastroContributing Writer


Daniel Castro is the vice president of the Information Technology and Innovation Foundation (ITIF) and director of the Center for Data Innovation. Before joining ITIF, he worked at the Government Accountability Office where he audited IT security and management controls.

10th Gaidar Forum: Business Education has Entered the Era of Digital Transformation – New Kerala

MOSCOW: Business education has become one of the main topics of the 10th Anniversary Gaidar Forum Russia and the World: National Development Goals and Global Trends traditionally held within the walls of the Presidential Academy.

More than 15 plenary sessions and round tables devoted to training of managers and leaders of the digital economy were organized and held with the support of IBS-Moscow RANEPA, the leader of the Russian business education. It is worth noting that the 10th Gaidar Forum completed its work a month ago. However, the issues related to the development of national and global business education deserve to be considered and analyzed again.

The results of the National Accreditation Council for Business and Management Education (NASDOBR) Presidium meeting

On the first day of the Forum, an open meeting of the Presidium of NASDOBR was held under the chairmanship of Alexander Zhukov, First Deputy Chairman of the State Duma. It has become the most important and significant, as the discussion focused on the most pressing issues of the formation of a new paradigm of domestic business and management education.

In his report, Alexander Zhukov reminded that the Association was established during the Gaidar Forum, exactly 6 years ago. Its founders were all major employers of Russia: RSPP, CCI, Association of Russian Banks, Association of Managers, Business Russia, OPORA Russia, Russian Association of Business Education. It was then that the Memorandum on the need to create an independent Association of NASDOBR was signed at the plenary session on the initiative of the Russian Association of Business Education (RABE). Alexander Zhukov stressed that the Report on the activities of the Association for five years was discussed at the last meeting of the NASDOBR Presidium in the summer of 2018 and focused on the most important aspects of the Association activities in the second half of the year.

First, the most important event is the decision to confirm the authority and expand the range of programs and the levels of education in which NASDOBR will, for the next three years, act in the official status of expert organization for accreditation assessment. The corresponding meeting of the Accreditation Commission of ROSOBRNADZOR was held on December 7, 2018.

We appreciate the high confidence placed in NASDOBR assessment by the country’s leading state agency for quality control of education. Dear colleagues, we must justify this trust by our active and responsible work, new forms and formats of cooperation in the framework of PPP! the First Vice-Speaker of the State Duma said.

He further suggested to establish, under the umbrella of NADSOBR, an intersectoral Professional Qualifications Council (PQC) in the field of management.

As noted by the moderator of the discussion, Sergey Myasoedov, President of RABE, Vice-Rector of RANEPA, Director of the Institute of Business Studies (IBS-Moscow), the current system of sectorial PQCs breaks the system of training of senior and middle managers into patchwork of departmental interests, creating a kind of specific feudal principalities, which is unacceptable in an environment where the country’s leadership pays increasing attention to training of managers who use the best world practices of management and leadership.

According to him, the creation of PQC in management disciplines is designed to create a single national framework of requirements for managers of the upper and middle levels, reflecting the set of competencies required to manage enterprises and inter-sectoral complexes in the digital economy.

The proposal of Alexander Zhukov to establish an intersectoral PQC in management disciplines was eagerly welcomed and unanimously supported by all the founders, experts of NASDOBR, members of RABE, representatives of educational organizations, employers’ associations and mass media.

One of the most important events of the second half of 2018, according to Alexander Zhukov, is the completion of the work on the creation of a system of testing teachers of management disciplines for management programs and SMM at various levels. I am pleased to note that the results revealed a number of reserves, unexpected both for the tested and for the testing sides, in the field of professional and personal development of teaching staff of various age and qualification groups, Alexander Zhukov said.

He proposed to discuss the use of the system as one of the tools of independent quality assessment that complements the state accreditation. It seems to me that the Presidium of NASDOBR should offer our partners in ROSOBRNADZOR and National Accreditation Agency to create a joint working group that will work in this area: it will concretize the conditions of a competition or skills contest, its stages, etc., the Chairman of the Presidium said.

He also noted the close cooperation of NASDOBR with leading accreditation associations in the field of business education.

This allowed the working group of our Association, which worked with leading experts of the RANEPA and HSE, to use the best international accreditation practices in the creation of the updated standard of NASDOBR National criteria and requirements for the general content and conditions of implementation of programs of Master of public administration (MPA) level, the Chairman of NASDOBR Presidium said. He noted that this standard had been adapted and brought into full compliance with foreign requirements.

Sergei Kravtsov, Head of the Federal Service for Supervision in Education and Science, outlined the key areas of relations between NASDOBR and Rosobrnadzor, which, according to him, are an example of successful public-private cooperation.

It is very important to note the relevance of teaching evaluation, and we are moving in this direction. We support both the proposals and the work of NASDOBR, especially in view of the fact that in 2016 NASDOBR was accredited by Rosobrnadzor as one of the leading subjects of development of education in the field of management, the Head of Rosobrnadzor said.

Business education is a lifelong learning

On the first day of the Forum, participants of the discussion The future of business schools. Agile-transformation discussed the conditions for creating an ideal model of a business school in a 20-year perspective. According to AACSB President Thomas Robinson, Lifelong learning is becoming extremely relevant. He also noted that business schools should adapt to changes and not teach students non-existent professions.

According to social entrepreneur Ruben Vardanyan, business education has faced a number of challenges today. First of all, we are getting younger, today more and more young people go into business, and often they don’t have any education. The next point is narrow specialization which is characteristic of business education of the 20th century, and which has lost its relevance in the 21st century, the entrepreneur says. He specified that earlier the production society was narrowly specialized in the professional training and functioning: marketing, finance, management, etc.

Today, business education is much broader: it is about exchange, linking different industrial areas into one project, getting rid of stereotypes, it is about ambition and taking risks, Ruben Vardanyan says. There has been a transformation of business class, he continued. Business class is gone. And, if earlier business education was a pass to the middle class, now it is an opportunity to be different, to realize your dream with the help of breakthrough technologies, information and thinking.

Charles Iacovou, Dean of the Wake Forest University School of Business, drew attention to the growing gap between the scientific and industrial world, and the slow growth rate of business schools compared to the pace of companies. We train our student for the past, not for the future. Flexibility promotion and shifting the emphasis to what will be relevant in the future is essential.

Lectures are not fruitful now, on-the-job training becomes actual. Our school changes the company every few months, inviting their representatives to conduct classes and respond to the changing needs of the market, Mr. Iacovou said.

In response to foreign colleagues, Sergey Myasoedov, Director of the Institute of Business Studies (IBS-Moscow), Vice-Rector of RANEPA, said that the International Advisory Council of the Presidential Academy has made a number of recommendations for the development of a new strategy of development of business and management education in RANEPA, taking into account the rapidly changing priorities and requirements in this area. He argued that today education needs to conduct a continuous dialogue with business to get feedback and active participation in the development of joint educational programs. This is particularly important in connection with the dynamics of changes taking place in the economy. I have a feeling that, in order to remain competitive, business schools must be ready for rapid and radical changes, constant adaptation to new conditions and challenges of the digital economy, the Vice-Rector said.

The topic of lifelong learning was discussed at a separate session Three-L concept of learning, or lifelong learning. The discussion’s moderator Timothy Mescon, Senior Vice President of AACSB International, noted that lifelong learning is necessary for everyone. The formation of conditions for the development of continuing professional education is one of the important prerequisites for the education system modernization. According to the expert, people who stand at the origins of business education should keep perfecting themselves in order to speak the same language with the new generation.

Mikhail Andronov, President of Rusenergosbyt, has cited in his speech the words of 85-year-old Michelangelo: I’m still learning! He fully agreed with his colleagues, but stressed that the older generations of Russians were not willing to learn. The older people get, the less time they want to spend on self-education. Only 5-6% of the Russians are ready to improve themselves every day, the expert commented. The speaker cited the following data: to become a true expert in a particular issue, you have to spend 10,000 hours, which means that in 42 years one can master about seven professions.

According to Andrei Sharonov, President of the Moscow School of Management SKOLKOVO, an important factor in the education system is the interest in future knowledge. In his report, he paid attention to the technologies of the LifeLongLearning program. According to the expert, all the education criteria will rapidly lose their value, since the employer will have more reliable ways to check your level of competence. Thus, it is not necessary to strive for a high-status education.

Steve Harvey, Dean of School of Business at the American University of Beirut, noted that many professions would disappear over time, and technology would release a significant part of the working population, who would need to be retrained. According to experts, such training will require changes in existing educational programs and development of new ones. Also, the sphere of education itself can undergo significant changes, as people begin to learn new professions, and the desire for status education will disappear.

Stop getting the hype

Representatives of the banking and FinTech community also spoke about the need to change educational programs in universities during the discussion Digitization of Financial Services: a New Round in the Development of FinTech, organized by the Center for Design of Corporate Programs (IBS-Moscow). The experts discussed the prerequisites and trends of digitization, changing the role of banks, the introduction of FinTech innovations, as well as training of highly qualified personnel. It was noted that today, in terms of training specialists for the banking industry, there was a problem in universities, and therefore corporate universities occurred.

There are skills that cannot be levelled up in universities, Ruslan Vesterovskiy, Deputy Chairman of the Central Bank of the Russian Federation, said. It’s all about software things, team work, decision-making in situations of uncertainty, skills, feedback, planning etc. I would make a special focus on this block of issues. As for digital stories — digital skills and knowledge — we are now developing them very seriously at our corporate university. This is a large area: skills in programming, technology, this is what will help you become competitive and successful.

The expert also recommended universities to accelerate. Now the dynamics are so high that while you develop the program, it is already losing its relevance. Universities today need to add momentum. We need to move faster for 3-4 years, the Central Bank representative stressed.

Alexander Vedyakhin, First Deputy Chairman of the Executive Board of Sberbank, supported his colleague. A person comes to work and has to be retrained for two main reasons. First, it’s obviously soft-skills. Second, the banks have very specific knowledge, which have to be transferred to the graduate within the first six months. And he needs to be very flexible, adaptive, creative, and understand the corporate culture, Alexander Vedyakhin said.

Aleksey Zhdanov, Deputy Chairman of the Board of Rosselkhozbank, added that, among other things, now we need to pay attention to theoretical knowledge and science, which are at the junction of different professions, as, for example, in case of business analysts.

In confirmation of the topic, the moderator of the discussion, Sergey Myasoedov, Vice-Rector of RANEPA, addressed the audience with a question on the availability of basic higher education. It turned out that the FinTech section attracted students not only with financial or economic education, but also with technical and basic humanitarian education. Today, the disciplines are mixed — astrophysics, biochemistry. And now it goes to the management science and the financial sector, Sergey Myasoedov concluded.

Alexey Minin, Director of the Institute of Applied Data Analysis of Deloitte CIS, disagreed with the representatives of the banks. In his speech, he said that universities should not look to corporate universities. The human capital that universities are now producing, is of absolutely adequate quality, and higher education institutions do not need to convert into corporate universities! You produce basic education, and the quality of this education is sufficient. We just need to raise this bar, Alexey Minin said.

Paying attention to the banking industry itself, he called for the unification of human capital, resources and the focus set by the country’s policymakers. According to the Director of Deloitte, the main problem now is that banks have a large number of poison people — hipsters of science — who move from bank to bank and do nothing. You come to another bank – and here he is again! He had already done everything in the previous bank and now came here! How did you do all this, when I’m doing it all instead of you now?! If these people really do everything they had to, we would have lived in the 22nd century, while we are still in the 20th. I think this is the main reason — you need to stop getting the hype and start systematic work. And very carefully look towards open innovations, because closed innovations are a long story, it is expensive, it is difficult, Alexey Minin concluded.

The death of classical education

This verdict was made by the participants of the discussion Digital talents: how to train digital business leaders?. In particular, Grigory Avetov, Rector of Synergy Business School, put forward the thesis that the current education system is dying, and, based on the analysis of the development of foreign educational cases, it will not last more than 5-10 years. In the way of evidence the expert said that only 27% of people with higher education work in their specialty.

Today, the employer is no longer interested in the question what university the employee graduated from. Although this issue used to be a priority. And there are more and more companies that are ready to accept employees without higher education. Of course, if this activity is not related to the fundamental sciences, Synergy Rector said.

Evgueny Plaksenkov, representative of another business school, member of the Supervisory Board of RANEPA IBS-Moscow, noted that business is already digitized and business needs digital talents. Who are they? And what competencies should they have? He cited the WorldSkills research data on such skills in the future, as the concentration and control of attention, emotional literacy, creativity, cross-cultural approach, digital literacy, ecological thinking, ability to be trained (retrained).

Mikhail Zhukov, Director General of HeadHunter, presented a kind of digitalized bridge between employers and job seekers. He cited in figures the view of HR specialists on artificial intelligence. 69% of them believe that artificial intelligence will never defeat emotional intelligence, 23% believe that artificial intelligence will replace people, 11% believe that artificial intelligence is a threat to human life.

The Director of HeadHunter also cited the data of the research on the issue of what professions are likely to disappear and be replaced by artificial intelligence (robots, systems, etc.). The banking sector, finance, insurance, transport and logistics are primarily in the risk zone.

At the end of the discussion, moderator Anna Morozova, Director of RANEPA Centre for Corporate Programs, Academic Director of FinTech Master’s degree program, invited the speakers to express their views on who is a digital leader. A digital leader is a person who knows how to do what a robot cannot do, says Mikhail Zhukov. Igor Baranov, Vice Rector of the Sberbank Corporate University, said: A digital leader is a person who can lead a mixed team and sees the full range of technologies that can be used. Gregory Avetov is convinced that the digital leader is the company with the highest capitalization, which invests in what will become a monopoly in 20-30 years.

The leader is the master of predictive effect

The topic of leadership was deeply considered by the participants of the expert discussion How to Liberate the Brain to Achieve Effective Leadership? The discussion was moderated by Dzhangir Dzhangirov, Senior Vice President of Sberbank, Chief Risk Officer. Experts tried not just to talk about how a person of the future can meet the information challenges of the 21st century, but also tried to look into his brain. How will the highspeed response of the human brain change and how to make it work for leadership?

Steven Poelmans, professor of Neuroscience and Strategic Leadership at Antwerp Management School, saidthat leadership skills can only be developed in practice, facing obstacles through blood, sweat and tears, correcting your own mistakes until you succeed at last. Through a series of exercises, we put a manager in a real social context. Personally, I believe that management schools failed to solve the problem of leadership development — it is impossible to develop leadership skills, speaking about it in the classroom, the Professor said.

He cited the research data from the NeuroTrainingLab: We monitor the activity of the frontal part of the cerebral cortex to see how our leaders are able to control themselves, how they can focus their attention on the right moments and at different times. It was noted that leaders can quickly switch between different styles of paradoxical behavior, between opposite activities. This requires a metacognitive approach.

Speaking of leaders, who do I want to hire? The last person I want to take is a student who counts well, because there is a computer for that. I need some madman, who does not do everything as it should be – such concept of leadership was given by Tatiana Chernigovskaya, Professor in the field of neuroscience and psycholinguistics.

She spoke about the man of the future and his place in the world of digital technology and rapidly changing reality. Are we losing ground in this digital world? If we have plans for life, then we need to think about how to live. Can we tell which brain is smart or stupid, or ingenious? And what kind of artificial intelligence do we create? Smart?! What does that mean? Is an ingenious artificial intelligence possible? And what does that mean? – these words of Tatiana Chernigovskaya forced the audience to ponder.

According to her, artificial intelligence will never replace a person, and so, from an early age, we must learn to adapt to live in the digital world, in order to preserve humanity. We have to give an account of what we have in the skull and not to err about what we thoughtlessly call my brain. Who belongs to whom is still a question, the neuroscientist sums up.

Psychologist Alexander Asmolov, Director for Humanitarian Policy at RANEPA, believes that The leader is not the one who is authoritarian. A leader is someone who can determine the zone of the nearest development of his employees. The leader is the one who is the master of predictive effect, i.e the one who has no ready-made algorithms. A key characteristic of any educational system, as well as a key characteristic of leaders, is the greatest predictive effect.

In his opinion, in order to prepare such leaders, education should be a school of uncertainty – an education without ready-made algorithms. Today, education is a school of behavior in uncertain situations.

In conclusion, the psychologist urged the audience to read science fiction, citing the words of writer Neil Gaiman about why our future depends on reading. According to the writer, those people who became the leading developers in such high-tech corporations as Apple, Microsoft, Google, used to read good science fiction books in their childhood.

Transformation of MBA programs

The 10th Gaidar Forum hosted the discussion Transformation of MBA programs: overcoming the syndrome of traditions virginity. The meeting moderated by Andrew Main Wilson, CEO of AMBA&BGA, established the direction of the debate – the transformation of classical learning into the online MBA format. He also said that it is necessary to unite all MBA schools for the joint development of online programs, as this process requires serious investments.

Koen Vandenbempt, Academic Director, Executive MBA, Antwerp Management School, said that students studied at his school on the job. Accordingly, they are in dynamics with the changes taking place in the economy, and this imposes requirements on both teachers and the process of building the education. Teachers should take into account new trends affecting the digital economy. They have to keep up with the times, because the success of an MBA will depend on it, said the expert. He added that the transition of the economy into a digital one had an impact on business education. He called this process not just globalization, but global diversification.

Our students need skills that correspond to the new reality. The training itself should take place in conditions relevant to the modern economy, on the basis of digitization and globalization, so that education could meet modern challenges, the Director from Antwerp says.

Continuing the idea of his Belgian colleague, Andrey Kolyada, Rector at Eurasian Management and Administration School, called the current technological revolution the most significant of all those ever occurred, and said business education did not keep up with technological progress. He spoke about his business school, which had both full-time and online training. Online education cannot compete with on-campus education. There is no team feeling, it’s hard to get together online due to the time difference. There is no opportunity to come together and feel the emotional unity, solving common problems, Andrey Kolyada said.

He also noted that it was difficult to remotely control a process that had gone the wrong way, and that online programs required an outstanding engineering system of presentation.

Jean-Philippe Muller, Dean of the Monaco Business School, who has been participating in expert discussions at the Gaidar Forum for several years, said that people, who run companies, should be able to manage a new generation. Earlier, engineers were sent to business schools; today, on the contrary, we must send managers to technical institutes. These areas should be combined to get the maximum result, the expert said.

The trend is that the MBA schools tend to develop programs together with innovative companies and banks all over the world.

He also addressed the interaction of MBA and DBA programs. Jean-Philippe Muller expressed his opinion on this matter: The hybrid of MBA and DBA is the future of business schools.

Another opinion was expressed by Sergei Kalendzhyan, Dean of the Graduate School of Corporate Management, RANEPA. He believes that the MBA program is a breakfast, and the DBA program is a dinner, therefore they cannot be combined. During his speech, Sergei Kalendzhyan noted that ethical values are a criterion for the quality of education at his school. The dean expressed his support for the introduction of cultural studies and philosophy in the course of the disciplines studied, because students should think about the future. The expert is convinced that modern transformation should not lead to the complete loss of traditions. He came to this conclusion: MBA students should combine the spiritual, material, social and virtual worlds.

A good conclusion to the discussion was the words of one of the experts: People will continue working with people, and we will find a way to deal with machines. In addition, the moderator of the meeting Andrew Main Wilson, Executive Director of AMBA&BGA, outlined the main points that are important for the topic of discussion: continuous learning, online learning transformation, global alliance and innovative learning.

The credibility of the rankings of business schools

The role of rankings and accreditations in the activities of business schools as well as approaches to assessing the quality of business education were discussed on the third day of the 10th Gaidar Forum. Over the past decade, there has appeared a paradoxical situation concerning the rankings of programs and schools. Focusing on quantitative indicators to the detriment of other objective criteria and the subjectivity of expert assessments reduce the credibility of rankings.

Moderator of the discussion Sergey Myasoedov, Director of the Institute of Business Studies (IBS-Moscow), Vice-Rector of RANEPA, explained to the audience why business education was often scolded in our country. The reason lies in the mixing the University type, pre-experienced Master of Science programs oriented to the young researchers and Dusiness school type, post experienced MBA programs focused for enrichment through sharing and market driven skills development. The result is the confusion of the customers and dissatisfaction of business.

The understanding that those programs have different customers and goals is often absent both at the Universities and at business communities.Is a Master of Science Degree owner a creative intellectual? Yes, he is. Does he have to be a manager? Or a manager with the talent of an entrepreneur? Sergey Myasoedov asks. The answer is NO.

It is different when we speak about MBA. The people who apply to MBA program of IBS-Moscow (the leading number one business school of today’s Russia) have to have at least 5-6 years of practical work experience. They have to prove at the enrollment tests, esse and interview that they have a talent for management and entrepreneurship, emotional intelligence for agile leadership. MBA programs do not exist for scientisits and researchers. They exist for the business practitioners and leaders. In our country, we still have a constant mix of genres. And because of this, business education is so often scolded. And in the national rankings the university education indicators are often used to evaluate business schools and MBA programs.

Andrew Jack, Global Education Editor at Financial Times, agrees with his Russian colleague. In his opinion, an MBA program should be aimed exclusively at the training of professionals in the field of business. Business schools should shape the image of a new leader, develop managerial, communication skills, soft skills, and motivate students, Andrew Jack said.

In continuation of the topic of leadership, George Iliev, Director of Development Markets at the Association of MBAs (AMBA International), explained that Rankings and organizations involved in the accreditation of business schools compete in one indicator – this is the time of business leaders. In his opinion, it is impossible to make a ranking on the basis of accreditation data, because too many factors are taken into account — 300-400 different quantitative and qualitative factors, criteria, indicators.

He compared the rankings with beauty pageants. If your business school is really strikingly different from others, you do not need to compete with other schools, because people will recognize you even without the beauty queen crown, the Director of Emerging Markets at AMBA said.

The most serious issue that arises in many rankings is the accuracy of the information, Yuri Tazov, President of the Russian MBA League and the co-creater of the independent, crowdsoucing-voting-based Russian MBA program ranking system, said.

He spoke about the Russian experience of creation of National ranking of business schools and MBA programs published annually at the web-site: www.mba.su How the team of Russian businessmen graduated from several best MBA programs of the country desided to create independent web-site, to provide balanced and objective information to the business community.

The ranking is based on the opinions of graduates and involves minimum participation of the estimated business schools.

Invitations are sent to business schools and there is only one request – to disseminate information about the ongoing online survey among its graduates. This ranking has no more contacts with schools, the Head of the Russian MBA League explained. The ranking is based on such criteria as income growth, career growth, level of professional connections, and personal and professional development of a graduate. The most important principle of the rankings is the openness of the data on the criteria: the consumer can rank business schools in accordance with the criterion that is the most important to him.

Marco De Novellis, Editor of BusinessBecause, said the credibility of the rankings was a key factor. In his opinion, when choosing a business school, in addition to its position in the ranking, people watch for other factors, such as accreditation, programs provided, recognition and local reputation, and the cost of education.

Sergey Ermak, Deputy Director of Expert RA, said that the agency did not use the word ranking any more and called their studies the maps of global visibility of schools. Facing the growing global academic mobility, we evaluated business schools from the perspective of foreign students who receive education in Russia, the expert says. He also noted that more and more Russian business schools are becoming popular on the international market, their publishing and partner activity is increasing.

At the end of the discussion, Danica Purg, President of CEEMAN Association, stressed the need to revise the criteria for assessing the quality of business education in the rankings according to the real needs of the market. The experts agreed that the focus on accreditation and rankings hinders the most important goal of business schools – the constant modernization of educational programs and their orientation towards real market needs, and called for the development of new methods for evaluation of the business education efficiency.

Do we need responsible managers?

On January 17, on the final day of the Gaidar Forum 2019, representatives of business education from Russia and other countries met at the Innovative Technologies and Social Responsibility of Business discussion platform. How business schools can implement PRME principles in life. As research shows, the Corporate Social Responsibility concept is differently interpreted and perceived in various cultures. In Russia, as in many other Eastern and Central European countries, the Corporate Social Responsibility concept is regarded by business representatives with mixed feelings. At that, in business schools the amount of academic hours allocated to the relevant courses is steadily growing.

The moderator of the event, Natalya Evtikhieva, Director General of RABE and National Accreditation Council for Business and Management Education (NASDOBR), added a new vector of the discussion saying that the global development trends of business corporations have led to a new focus on assessing the quality of management education with an emphasis on its effectiveness, practical orientation and compliance with the best international standards and practices.

Irina Sennikova, Rector of RISEBA business school (Latvia), UN Commissioner for the implementation of PRME principles in business schools in Eastern and Central Europe, addressed the audience with the question: How can responsible managers be trained? And do we need responsible managers? The scandals of the last few years make you think: there is a feeling that neither fines, nor a chance to go to prison for life or a death sentence – nothing frightens people! What can educational institutions do to improve this world?

She said that companies should draw a clear red line in this matter – should business schools help them? Is it possible to use a universal approach? Or you need to practice an individual approach in each case?

Jonas Haertle, Head of PRME Secretariat at United Nations Global Compact Office reminded the topics that were discussed at the Plenary Session at the opening of the Forum. Of course, we live in a global world, but there is a danger that the world will be split, there is a threat of climate change, there are geopolitical problems – all this should be taken into account by business schools in their programs in those aspects that relate to responsible management, says Jonas Haertle.

He cited the words of the head of BlackRock company that, for prosperity, a company should show results not only in financial terms, but also to prove how it helps society. Management issues should be linked to financial results, so school professors who deal with financial issues should take this into account.

Andrew Main Wilson, Executive Director of AMBA & BGA, said that, in terms of saving humanity and preserving natural resources, social responsibility of business is a central element in the development of new management strategies. We are gathered here as representatives of business schools, and we talk about training business leaders of the future. It is necessary to unite scientists, students, experts to solve these problems – seventeen sustainable development goals, the expert said.

It is worth reminding that, on September 25, 2015, the UN member states adopted the agenda for sustainable development until 2030. It contains a number of goals aimed at eradicating poverty, preserving the planet’s resources and ensuring well-being for all. Each of the 17 Goals contains a set of indicators to be achieved within 15 years. Joint efforts by governments, private sector, civil society and the people of the Earth are needed to achieve the sustainable development Goals.

Asylbek Kozhakhmetov, President of Almaty Management University, President of the Civil Alliance of Kazakhstan noted: We see that the role of universities in the system of innovative development of territories is gradually increasing. Today this issue is widely discussed both within the academic community and at a state level. A modern university should act as a leader in interaction with the state, business, and society.

Corporate Social Responsibility (CSR) is expressed in the readiness of a business corporation to voluntarily bear non-binding social expenditures beyond the limits established by tax, labor, environmental and other legislation, based not on the requirements of the law, but on moral and ethical considerations. Experts agreed that the introduction of CSR ensures the development and stabilization of the organization in the market: the growth of production volumes, the improvement of the company’s reputation, the formation of corporate identity.

Australia’s Legal Technology Scene Is Beginning to Make Waves | The American Lawyer – Law.com

Sydney, Australia.

When Jodie Baker moved from Kansas City, Missouri, back to Melbourne, Australia, in 2012, to join law firm Hive Legal, she began internally developing a technology that would become matter management platform Xakia. She took Xakia out on its own in mid-2016, only to find an undeveloped local legal technology market.

“When I started Xakia in 2016, I looked around and thought there wasn’t really any ecosystem for legal technology in Australia,” Baker says. “I was actually disappointed; I felt so out on a limb.”

Just three years later, the legal technology ecosystem in Australia has exploded. For starters, the Australian Legal Technology Association, of which Baker is deputy chair, was founded in 2017 and has created a central meeting place for both startups and established companies to convene and strategize with one distinct goal: to grow Australia’s legal technology provider community.

It’s not just vendors; there’s also a growing acceptance of legal technologies in the overall legal marketplace. The rise of corporate legal operations among some of Australia’s largest companies was on display when the Corporate Legal Operations Consortium held its first Australian event in late 2018. Australian firms have innovated in recent years with artificial intelligence, data analytics and other new technologies. Even courts and law schools are getting in the game.

Add it all up, and it’s clear that tech-savvy law firms and corporate legal departments are going to start hearing from their Aussie counterparts more and more as the country grows into an international legal tech player.

Australia’s Data Evolution

Just as in other countries, the focus on Australian legal technology has largely stemmed from an increase in data—both in the number of data sources and in the sheer amount of data collected by law firms and corporate legal departments alike.

But while the U.S. focus on data in the courtroom has been evident since rulings like 2012’s Da Silva Moore, the first ruling of its kind in Australia’s courts did not occur until 2017’s McConnell Dowell v. Santam, where a document set numbering around four million in total led Supreme Court of Victoria Justice Peter Vickery to order technology-assisted review in the case.

Vickery, now acting as an independent arbitrator and mediator, says litigants in Australian courts face “nothing less than a document tsunami upon us.”

“From my observations of trends in this area, the local marketplace in Australia appears to be growing to embrace the new technologies,” he says. “I would say there are two main drivers behind his development: First, the necessity spurred by the need to manage large and growing volumes of ESI [electronically stored information], and second, because of the growing availability of new technologies and efficient technologies, such as big data analytics, which are being developed to manage ESI.”

Necessity has been the principal catalyst for the development of technology-assisted review, he says.

“The wisdom enshrined in the English-language proverb ‘necessity is the mother of invention’ rings true,” Vickery says. “The primary driving force has been the sheer volume of documents generated by computers on a daily basis in large enterprises or in the course of large commercial or development projects. The volumes are unprecedented and in some cases are staggering.”

Indeed, data is the main reason legal technologies have exploded worldwide. Unlike the United States, though, many of Australia’s legal technology companies do not traffic in e-discovery, at least not directly. Instead, notes Julian Uebergang, the focus has been on data in a different way—through analytics insight and increased collaboration.

Today, Uebergang is the managing director of the Asia-Pacific region for artificial-intelligence-focused legal tech company Neota Logic, but he previously worked in the e-discovery industry. He sees a lot of similarities between the maturation of the early U.S. e-discovery market and newer Australian legal technologies—where the focus has been on new technology, but not the exchange of data.

“We hear a lot about AI and blockchain, and they’re the technologies, but ultimately it’s about accessing the data and providing solutions,” Uebergang explains. “When the focus changes from technologies to data, we’ll see some really sophisticated strategies around delivering our solutions.”

The evolution may already be underway, with law firms like Corrs Chambers Westgarth taking the lead. An international law firm of 600-plus attorneys based in Sydney, Corrs has been aggressive in recent years with implementing new technologies, including bringing in AI tool Luminance to assist with property due diligence and M&A transactions, developing internal platforms like CorrsEdge to assist document production, and creating a dedicated client technology solutions team.

But to hear Corrs director of technology Berys Amor tell it, the focus of all of these initiatives isn’t new technology for technology’s sake. It’s to apply data in a way that makes a distinct difference in the firm’s operations.

“These business applications are disrupting the legal marketplace by providing enormous value in the form of intelligent and efficient process automation for our clients,” she explains. “Our clients are using these solutions to take repetitive tasks away from their employees and members of their legal team, freeing them up to focus on more meaningful work.”

Corporate Catching Up

The explosion of data and development has expedited the need for a new innovation structure in Australia’s legal market. Uebergang says law firms like Corrs have taken charge by quickly developing sophisticated innovation arms.

“When I started three years ago, the idea of having an innovation manager didn’t exist,” he says. “Innovation was an annual discussion, or a lunchtime discussion, where now we’re seeing it with full-time roles, and at all levels.”

Notably absent, though, are corporate legal departments. The corporate legal ops segment is tangible, Uebergang notes, but still in its infancy. “We just haven’t hit that same level of maturity as the U.S., which is interesting,” he says, “because everything I see from a law firm and a technology perspective is pretty comparable to what’s happening elsewhere in the world, but for whatever reason the legal ops function just hasn’t evolved quite as quickly.”

The numbers back him up. The Australian Legal Department Operations Survey 2018 from Corporate Legal Operations Consortium, Gen2Law and HBR Consulting, found that of the 17 companies that participated, more than half had just one legal operations professional. The median for companies in a U.S.-based HBR Law Department survey, meanwhile, was four. And while Australian legal departments were advanced in cross-functional alignment in particular, 41 percent were deemed underdeveloped when it came to technology and process support.

Sheldon Renkema, general manager for legal in the corporate solicitor’s office at Australian conglomerate Wesfarmers, admits, “Australia is generally less mature in legal operations compared with the U.S.” But this trend is changing.

“It has been noticeable how many people have been appointed to dedicated legal ops roles in the last year, and I expect that trend to continue,” Renkema says.

One of the main issues facing increased maturity is simply dollars and cents. Renkema further notes, “The challenge with technology solutions is that many are expensive and it can be difficult to secure support for it at a time when there is significant pressure on the costs of the legal function.”

But legal ops will get there, he believes—even if not on the same level as the United States.

“In Australia, more people will be appointed to dedicated legal ops roles and the level of sophistication will increase,” Renkema says. “However, in the same way that the size of corporate legal teams in Australia is much smaller than it is in the U.S., I would not expect legal ops teams to reach anywhere near the size that they are in the U.S.”

From Oceania to the World

The relative size of the market in Australia doesn’t mean innovation will be stifled. Getting to the next level is simply a matter of education.

In his work surrounding technology-assisted review following McConnell Dowell, Vickery has seen firsthand the need to educate. He says a major barrier to innovation still lies in the need to educate clients—“after all, it is the client who is called upon to pay for legal services.”

“Even with the proven efficiency of TAR, the process still involves a significant upfront cost which must be paid for by the client,” Vickery says. “Like any commercial decision, a client will need to be satisfied of the cost/benefit of the process before making a decision to invest in the process. Tools need to be considered and developed to explain these processes to the lay client to reduce the barriers to acceptance.”

The driving force behind this education seems to be coming from new entrants to the legal market. While there are some established companies as part of the Australian Legal Technology Association, a large portion of the organization’s 40-plus members are startups. Uebergang, meanwhile, has been involved for four years with a legal technology project at Melbourne University and four other Australian law schools, where a group of 60 students use technology to solve various access-to-justice problems.

The result is an increasingly educated, tech-savvy workforce. Cross-functional skills, Uebergang says, are, “from a law firm perspective, especially here in Australia, really in demand. So students that have got experience in multiple disciplines or have had experience in a startup business, from a recruitment perspective that’s what law firms and corporate legal departments are looking for.”

At Corrs, Amor has helped put this new workforce into action: The firm has built a group of young lawyers from a variety of practice areas to develop ideas and design solutions, with an eye toward maximizing value for the firm. The group, she says, “is also the champion for new technologies and assists with ideas on engagement and adoption of technology across the business.” In her view, cultural change and freeing up lawyers’ time to experiment are the main keys toward overcoming barriers to innovation.

The entrepreneurial mindset and willingness to embrace new technologies could lead Australian legal technologies to continue their upward trajectory, even as more startup technology providers enter the space. Even with a population one-tenth of the U.S. and an overall legal market with smaller revenues, there still seems to be space for growth.

And that means U.S.-based legal technologists and others from across the world may be interacting more and more with their Australian counterparts.

“You can point to a number of hotspots around the world that are doing really exciting stuff, and I think that is going to be the case for Australia, that people recognize there is a quite strong ecosystem here,” Xakia’s Baker exclaims. “It’s not just a profile-raising exercise. It’s that there is quite a lot of strength here.”

Email: zwarren@alm.com

Will AI Destroy More Jobs Than It Creates Over the Next Decade? – The Wall Street Journal

Autonomous cars, cashier-less stores, chatbots. Artificial intelligence already is changing the way we live and work, and machine learning promises to transform the world in ways we can’t even imagine.

Businesses are racing to adopt AI technology, betting it will help them boost productivity and cut costs. A recent global survey of chief information officers by Gartner Inc. found that more than 90% plan to have deployed AI technology in their companies in some way within the next three years.

When neuroscience meets AI: What does the future of learning look like? – Modern Diplomacy

Authors: George Kamiya and JacobTeter*

Automated driving and shared mobility could dramatically reshape roadtransport over the coming decades, with major implications for vehicle electrification and the broader electricity system. But can we assume that shared and/or autonomous vehicles of the futurewill be electric?

While electric vehicles (EVs) tend to be more expensive to purchase,they have lower fuel and maintenance costs than conventional vehicles. As shared and/or autonomous fleets would typicallyhave heavier use patterns than with privately owned vehicles, the lower runningcosts could make EVs cheaper overall. But whether EVs could fulfil all theoperational and technical requirements of shared and/or autonomous vehicles isless certain.

Building upon our look at emerging mobility technologies andservices, we discuss the opportunities andchallenges of electrifying shared mobility car fleets today and examineprospects for electrifying autonomous vehicles in the future. We explore how we mightneed to begin to re-think EV-related policies and investments to capitalise onsynergies between the three revolutions – sharing, automation andelectrification.

Sharedand electric?

Car sharing services, which emerged in major cities in the early 2000s, allow members to borrow cars on a short-term basis. As car sharing fleetstend to have shorter trip distance profiles andhigher utilisation rates compared toprivately owned vehicles, EVs might be a good fit. In fact, several car sharingprograms already operate all-electric fleets, including Moov’in.Paris, BlueSG(Singapore), Carma (San Francisco), car2go (Stuttgart, Amsterdam, Madrid,Paris), and DriveNow (Copenhagen).

Most car sharing services operate in one of two ways: free-floatingsystems where cars can be parked anywhere, or hub/depot services where carsmust be left in designated parking spots. In recent years, smartphones andmobile connectivity have made free-floating systems (and by extension one-wayjourneys) easier to access and pay for.

But free-floating systems using EVs face operational challenges as they relyon a limited number of public fast chargers. Thesechallenges could be overcome through larger batteries, a better-designedcharging network (e.g. faster chargers, more stations), or user incentives. Incomparison, hub/depot car sharing systems can schedule slower and cheapercharging on their own chargers during vehicle downtimes.

Just as smartphones have changed the way car sharing services operate,they have fostered the rapid expansion of app-based ride-sourcing services provided byso-called transportation network companies (TNCs) such as Uber, Lyft, DidiChuxing and GrabTaxi. The adoption of EVs in TNC fleets has been slow, despitethe significant fuel and maintenancesavings potential of EVs for full-time drivers working withTNCs. EV shares on the major ride-sourcing platforms remain below 1% with the exceptionof Didi at 1.3%, which already has over 400 000 EVs on its network. In California, EVs represented about 1% of vehicle share and trip miles in 2017.

There are also several barriers to EV adoption in taxis and ride-sourcing fleets. First, EVs are generally more expensive to purchase, and few EV modelsavailable today meet all the operational requirements of taxis andride-sourcing services – notably long electric range, seat capacity and largetrunk space.

Second, the combination of limited driving range, long charge times,and/or limited access to fast charging can pose challenges – searching foravailable chargers and long charging times could mean foregone revenues fordrivers. Some taxi fleets are demonstrating the use of fuel cell electric vehicles (FCEVs) which couldaddress some of these operational challenges.

Third, TNCs have limited ability to influence purchase decisions oftheir drivers, including in most jurisdictions where they cannot specify theuse of particular vehicle models. But several TNCs are initiating programs toencourage usage of EVs on their platforms. Uber’s Clean Air Program in London provides financial incentives to drivers to switch to or drive more inEVs while Lyft ExpressDrive’s short-term lease options allow drivers to try EVs with little risk.Maven, GM’s car-sharing spin-off, offers a service of short-term rentals of the Chevrolet Bolt BEV to drivers working for TNCs and other sharedplatforms.

Shifting to EVs for car sharing and TNCs could lead to much largerper-vehicle reductions in GHG and local pollutant emissions compared toprivately owned EVs. High utilisation and faster fleet turnover could also helpto accelerate battery innovation cycles and more rapid adoption of increasinglyefficient vehicles. In addition, given the importance of EV awareness and experience ininfluencing purchase decisions, thepotential exposure of the benefits of electric drive to millions of potentialcar buyers could indirectly help to increase adoption of privately owned EVs.

Autonomousand electric?

Meanwhile, rapid advances in sensing technologies, connectivity, and AIare bringing highly automated vehicles – autonomousvehicles (AVs) – closer to market. Waymo recently launched their self-driving car service, Waymo One, while major automakers have announced plans to introduce AVs as early as 2020.

Just as with shared mobility and electrification, there are synergiesbetween automation and electrification. With high utilisation rates, commercialfleet applications (where early adoption of AVs seems likely) tend to favourpowertrains with lower operations and maintenance costs, including EVs.Well-coordinated fleets of electric AVs may be able to manage challenges aroundrange, access to charging infrastructure, and charging time management.Automated driving technologies may also be easier to implement in EVs due to the greater number of drive-by-wire components.

However, higher utilisation rates of commercial AVs will also meangreater travel distances per day, requiring larger and more expensive batterypacks or more frequent recharging (and downtime). AVs may also requiresignificant power consumption to power on-board electronics, though theefficiency of these chips is improving rapidly, from 3‑5 kW in the first generation to less than 1 kW today.

While there is considerable debate regarding how quickly (and if ever)AVs will enter the mainstream, there are specific use cases where thefeasibility and economics favour early adoption. For example, commercialapplications where labour costs are high or where automation could enablehigher vehicle utilisation (e.g. trucks, buses, taxis and ride-sourcing) havethe largest potential for cost-cutting through automation.

Pilots and trials are underway for these applications in over 80 cities around the world, and nearly all areusing some form of electrified vehicle. Notable examples include robotaxis fromWaymo and nuTonomy/Lyft, autonomous electric shuttles across cities in Europeand North America, and autonomous electric buses in Asia. In California, EVsnow account for around 70% of automated vehicle trial miles (mostly plug-in hybrids).

A growing number of trials of autonomous electric urban deliveryvehicles are also being undertaken in a number of cities in China and the United States. While testing of autonomous freight trucks has been limited to date,early models and concepts from Einride, Ford, and Volvo suggest a pushtowards all-electric. Tesla’s all-electric Semi is equipped with EnhancedAutopilot (equating to SAE Level 2automation), which allows for automatic lane-keeping, forward collisionwarning, and automatic emergency braking.

Shared,autonomous and electric vehicles… and the grid

Governments, utilities, and other companies are actively working tobuild out charging infrastructure to support the growing number of EVs. Recentresearch (here, here, and here) shows how public charging infrastructure in particular will becritical in catalysing further market uptake of personally owned electric cars.

For fleets, their intensive and distinct use patterns imply greater (anddifferent) needs for charging compared to private EVs. The availability and coverage of public and fast chargers could be a critical factor in how quicklythese fleets become electric, and how business models evolve around sharedand/or automated mobility.

EVs currently make up only about 1% of all passenger cars globally, but clustering effects in EV adoption at the local level,combined with uncoordinated charging, could cause problems for the distributiongrid, and eventually require greaterinvestments in power generation and transmission.

A combination of pricing incentives and digital technologies (including,eventually, coordinated discharging of EV batteries) could better coordinatefleet and private charging of EVs, minimising negative grid impacts, reducing CO2emissions, and providing ancillary services. A transition to shared,automated, and electric vehicle (SAEV) fleets could also yield significant system-wide benefits for the grid, assuming the necessary digital technologies and incentive structuresare in place.

Researchers are already looking at how different fleet compositions ofSAEVs and charger availability could impact costs, operations, and gridimpacts. For instance, fleet simulations in Austin, Texas (2016, 2018); Zurich, Switzerland (2016); Columbus, Ohio (2018); and Tokyo, Japan (2019) have investigated how varying fleet size, electric range, chargerspeed, and pooling could impact vehicle travel patterns and wait times. As theelectric fleets modelled in these simulations begin to roll out in the realworld, empirical data will lead to a far more robust and deep understanding ofthe opportunities and trade-offs of SAEVs.

In the near-term, appropriate data sharing between policy makers,utilities, and fleet operators could help anticipate needs for charginginfrastructure as mobility service fleets electrify. Over the long-term, shiftstowards SAEV fleets could improve the economics of charging infrastructure byincreasing utilisation, promoting faster returns on investments and reducingreliance on subsidies and indirect revenue streams through grid services.Utilities could also explore rate structures that maximise grid benefits. Volumetric energy rates based onhourly wholesale pricing, for instance, maybe a promising means of reducing peak loading and promoting charging at timeswhen variable renewables are at their peak.

Policiesand strategies to electrify a shared and/or automated future

National, regional, and municipal governments around the world areimplementing a range of policies to encourage EV adoption and use. Country (and city)-specificobjectives, constraints, and contexts will continue to shape the design ofappropriate policy mixes for each jurisdiction.

Purchase incentives have generallybeen effective in encouraging the purchase of EVs, inturn helping to stimulate investment and bring down costs of battery and EVproduction. Mandates that car manufacturers produce minimum volumes of EVs(i.e. ZEV mandates) have complemented these by providing supply-side certainty.

But with growing adoption of shared (and potentially autonomous)mobility, the importance of policies designed to more directly incentivise theuse of EVs over conventional vehicle travel will grow. These policies couldinclude fuel taxes, zero-emission zones, road pricing, HOV and transit laneaccess, incentives for electric mobility services, or even restrictions on the use ofconventional vehicles. Supporting the build-out of charginginfrastructure will continue to be crucial to further EV adoption and use,including fast-charging infrastructure in densely populated metropolises and a robust charging network to support atransition to all-electric fleets. Citieswhere taxi and bus fleets are already making the transition to electric drivemay be able to leverage fast-charging stations built for these fleets to spur atransition to electric shared mobility.

Researchers and policymakers are exploring alternative policy frameworks thatcould be effective in promoting electrification of shared and, eventually, autonomous fleets. California’s SB-1014 “California Clean MilesStandard and Incentive Program: zero-emission vehicles” approved in September 2018 aims to establish annual emission reductiontargets for TNCs per passenger-mile. London’s Ultra Low Emissions Zone encourages for all road users, including fleets, to switch to EVs.

Given the uncertainty in how emerging trends could reshape mobility,policymakers might look to more flexible and forward-lookingpolicies and strategies to get ready for differentfutures.

There may already be useful lessons learned on EV policy and infrastructureplanning from cities with high rates of electrified taxis and buses such as Shenzhen, Amsterdam and Santiago. Electric bus depots or other centralised charging hubs could alsoserve mobility service fleets of the future, supplementing or even servicingthe majority of charging needs. Such hubs could be located outside of cities,where property values (not to mention constraints on high voltageinstallations) are lower. But there may be systems-level repercussions torelying on such a strategy: it could lead to more traffic congestion and loweroperational service efficiency from increased “deadheading”.

Dynamics are likely to differ between cities and geographies, driven by differencesin power generation mixes and in mobility patterns. Simulations and casestudies can begin to illustrate the levers behind such differences, and toanticipate the potential transformations that might occur if, and when, carsand buses become fully autonomous.

To help inform the design of flexible and forward-looking policies, research needs to continue to improve our understanding of a few key questions:

How do the chargingneeds of fleets differ from those of privately owned cars and in differentgeographic contexts? How can publiccharging infrastructure work to support the electrification of fleets andpromote driving on electricity?

How might automatedfleets change investment decisions around charging infrastructure, including the economics of wireless charging or battery swapping? Whatbusiness models, data sharing, or policy is needed to balance charginginfrastructure needs to support mobility service fleet operations and gridoperations?

What are the energyand emissions implications of various market and regulatory designs of powermarkets? How can they facilitate the transition torenewable and low-carbon energy generation?

Electrifying vehicles can reduce some of the environmental impacts ofmobility, notably local air pollution and greenhouse gas emissions. But otheradverse effects on society could be exacerbated by emerging mobilitytechnologies and trends, including congestion, inequality, and mobility accessissues. Policy makers will need to implement comprehensive policy packages thatguard against these challenges. We will explore these and other critical issuesin upcoming commentaries.

*Jacob Teter, Transport Analyst

IEA

Australia brings in data centre certification with new government Hosting Strategy – ZDNet

The federal government has released a strategy on how best to host data within the Commonwealth, launching a new certification program for data centre providers.

The Hosting Certification Framework will be the responsibility of a new Digital Infrastructure Service set up within the Digital Transformation Agency (DTA). It will be responsible for: Assessing and measuring supply chain risks presented by hosting providers, and for determining standards, measures, and timelines to achieve the government’s desired hosting standards.

Special feature

The Cloud v. Data Center Decision

While companies used to have to justify everything they wanted to migrate to the cloud, that scenario has flipped in recent years. Here’s how to make the best decisions about cloud computing.

Read More

According to the DTA, the framework will be developed alongside government agencies to “ensure thorough consideration of Australia’s sovereign interests, including: Data sovereignty and facility ownership, hosting ecosystem architectures, cloud adoption, and pricing”.

“The immediate issues to be addressed by the strategy include the risks to data sovereignty, data centre ownership, and the supply chain. This strategy provides clear policy guidance for agencies and industry and aims to create whole-of-government efficiencies,” the DTA said.

“In the medium term, the strategy better positions government agencies and industry to adopt new technologies and services, fosters innovation, and reduces the barriers and cost created by legacy systems.”

Government agencies will be responsible for choosing either a certified sovereign or certified assured facility when going to market for hosting services.

See more: Microsoft helping Canberra to shift ‘legacy’ mindset for government IT procurement

A Certified Sovereign Data Centre, the DTA said, represents the highest level of assurance and is only available to providers that allow the government to specify ownership and control conditions.

Meanwhile, Certified Assured Data Centre arrangements aim to safeguard against a change of ownership or control of storage through financial penalties or incentives, aimed at minimising transition costs borne by the Commonwealth should a data centre provider alter their profile.

The certification forms part of the government’s Hosting Strategy, described by the DTA as a direction for the underlying digital infrastructure that supports digital transformation initiatives.

Under the Hosting Strategy, the new Digital Infrastructure Service will investigate the telecommunications networks connecting certified data centres, including security models in place.

In addition, the strategy has the aim of changing vendor relationships within government.

“Develop a genuine strategic relationship between government and the ICT industry that recognises government as a single customer,” the DTA lists as an action item.

Under this, the Digital Infrastructure Service will create IT procurement guidelines to “help agencies procure products and services appropriately”. The DTA said procuring IT services from the cloud will require a rethink of the existing capital-based funding and governance models.

“Decision-makers must understand the challenges agencies face in moving from capital expenditure for landed infrastructure to operational expenditure for cloud infrastructure,” it wrote.

The Digital Infrastructure Service will create risk and benefits frameworks for hosting and cloud services; it will also create a Maturity Assessment Framework for hosting services and practical reference architectures to guide government agencies in the implementation of hosting models, the DTA said.

The new arm will also be responsible for guiding agencies to assess their own risk appetite.

Read also: Government IT projects failing as DTA’s phone calls go unanswered

“As we are delivering on our vision to be a world-leading digital government, Australians need to be sure government data is subject to safeguards that meet the most stringent sovereignty and security requirements,” Minister for Human Services and Digital Transformation Michael Keenan said.

“Data plays a key role in our digital transformation efforts and we need to ensure that we host this critical resource in a sovereign, secure, and consistent manner across government.

“This Strategy will ensure that we have a trusted, secure hosting ecosystem, including data centre and network infrastructure, and our services can rely on data being safe and secure throughout the supply chain.”

The Hosting Strategy forms part of the government’s Digital Transformation Strategy that at launch, Keenan had called a “bold” vision for the future of Australia.

Strategies under this strategy, alongside the Hosting Strategy, include the Sourcing Strategy, Platforms Strategy, and Digital Capability Strategy, which the DTA said are underpinned by the digital continuity, information, and data strategies that set a whole-of-government approach to use and reuse of data.

The above also sit alongside the Secure Cloud Strategy, the 2016-released Cyber Security Strategy, the Australian Signals Directorate’s Information Security Manual, the DTA’s ICT Procurement Reform, the Australian Public Service Commission’s Building Digital Capability Program, and the Data sharing and release legislation.

MORE FROM CANBERRA

Australian government to bring all services online by 2025

The Coalition has labelled its own digital transformation strategy as a ‘bold’ plan that will make government accountable.

The Australian government and the loose definition of IT projects ‘working well’

Straight-faced, a Department of Human Services representative told a Senate committee its data-matching ‘robodebt’ project went well, because it produced savings.

Why Australia is quickly developing a technology-based human rights problem (TechRepublic)

Human rights advocates have called on the Australian government to protect the rights of all in an era of change, saying tech should serve humanity, not exclude the most vulnerable members of society.

Boston, Quincy, Among Finalists in IDC Government Insights’ 2nd Annual Smart Cities North America Awards – framinghamsource.com

FRAMINGHAM -IDC Government Insights named finalists this week in the second annual Smart Cities North America Awards.

The awards were designed to recognize the progress North American municipalities have made in executing Smart Cities projects, as well as provide a forum for sharing best practices to help accelerate Smart City development in the region.

Finalists include cities, states, counties, and universities, including Boston and Quincy in Massachusetts.


As a next step in the nomination process, IDC invites the public to vote on the named finalists at https://www.surveymonkey.com/r/IDCSCNA-2019Finalists through April 4th.

Winners will be announced April 9 and the awards will be presented at the Smart Cities New York event on May 14 in New York City.

Finalists in the SCNAA illustrate best practice examples of how forward-thinking municipalities are effectively leveraging technology and innovation to offer new services and economic opportunities and to meet the needs and expectations of citizens and residents.


Thirty five municipalities are recognized for unprecedented progress in creating and sustaining smart city projects across the following 12 categories:

  • Administration
  • Civic Engagement
  • Digital Equity and Accessibility
  • Economic Development, Tourism, Arts, Libraries, Culture, Open Spaces
  • Education
  • Public Safety
  • Smart Buildings
  • Smart Water
  • Sustainable Infrastructure
  • Transportation – Connected & Autonomous Vehicles, Public Transit, Ride-Hailing/Ride-Sharing
  • Transportation – Transportation Infrastructure
  • Urban Planning and Land Use

“We are overwhelmed by the progress North American cities have made in deploying and maintaining innovative smart city projects, designed to support economic growth and improve the lives of residents,” said Ruthbea Yesner, global lead, IDC Government Insights. “We are grateful to be able to shine a spotlight on these successful projects and to encourage continued innovation as these finalists set the standard for outstanding smart city project execution.”

The finalists are:

Administration (e.g. Back Office, Digital Legislating)

Wake County, NC – Wake County Property Valuation — Wake County needed to use technology to perform property reappraisals easier, faster, more accurately, and less subjectively. Using machine learning algorithms from SAS, Wake County uses a model that runs the information for every residential property that has sold, every day, for 40 factors. Clear graphics and reports provide easy interpretation of the information, and Wake County has a higher level of confidence in its appraisals as it now relies on objective information.

San Diego, CA – Get It Done Expansion — The City of San Diego has expanded its 311 “Get It Done” system to better engage with customers and employees. Get It Done launched a new mobile app, streamlined web interface, and an internal system for employees to process incoming reports using SalesForce’s CRM software platform and Deloitte Digital as the systems implementer. The mobile app has been downloaded over 55,000 times and we have received over 390,000 reports.

State of California – California Secretary of State Eureka Chatbot — The CA Secretary of State is the first state-level Agency to use Artificial Intelligence using the Microsoft Bot Framework to modernize services to customers. The Eureka Chatbot answers frequently asked business entity and trademark questions for 400,000 customers who contact the agency, and allows access to website resources 24/7. Eureka’s automated responses shortens time-to-information for the public, redirects staff time to more complex queries, and reduces the time to roll out new digital tools.


3. Civic Engagement (e.g Open Data, City Portals, 311 apps)

Baton Rouge, LA – Open Data BR — Open Data BR is an initiative that exists as part of a broader commitment to the residents of Baton Rouge focused on creating a more efficient, effective and responsive City-Parish government while developing Baton Rouge into a hub for digital growth and technological innovation. Open Data BR consists of open data, open checkbook, and open budget websites bringing a wealth of information and data on the parish to citizens.

Chicago, IL – Smart Living in the Windy City — The portal contains data sets including city employee salary, business licenses, crime, food inspection, water quality, etc. It’s free and provides user-friendly dashboards and downloadable, machine-readable data. Moving data between systems and the Data Portal is done through integration tools, automatically updating on a daily, hourly, or minute basis. It provides administrators with email alerts and it features an interface to allow technical and non-technical users to automatically publish data.

Chicago, IL – 311 Modernization — The new CHI 311 website and mobile app (the City’s first!) was launched in December 2018. The easy-to-use system works on nearly any smartphone, tablet or computer, and allows residents to create new service requests, upload pictures, track requests and the time it will take to resolve them, see a map of service requests in their community and across the city, provide feedback, and find helpful articles about city services.


4. Digital Equity and Accessibility (e.g. Public WiFi, Accessibility Services, ADA Compliance)

Brownsville & New York, NY – NYCx Co-Labs in Brownsville — NYCx Co-Labs are “neighborhood innovation labs” located in underserved neighborhoods to accelerate the deployment of smart city technologies with the New Yorkers whose employment, transportation, health and environmental circumstances are most affected by the rapidly evolving urban and civic technology landscape. The Co-Lab works to support The Brownsville Plan – a result of community-driven processes to identify neighborhood goals, form strategies to address local needs, and create more new affordable homes.

San Antonio, TX – IKE Smart City Deployment — Needing a widespread communications platform to drive discovery of area business and improve way finding and mobility in order to further growth and development, the project installed digital community kiosks throughout the city to increase engagement among residents and visitors in a new and innovative way. This drives discovery of area restaurants, shops, hotels, activities, attractions, points of interest, services, and resources. Listings are geo-located and updated in real time.

Birmingham, AL – Birmingham Public Safety Technology Initiative — To provide effective safety and security for citizens, Birmingham’s Public Safety Committee approved a program that will put cameras in high crime areas. Cameras include license plate recognition technology providing the police with data and pan-tilt-zoom functionality to get the best view of the street when incidents occur. The cameras will be deployed alongside a corresponding video management system that provides real-time updates for emergency responders, officials and employees.


5. Economic Development, Tourism, Arts, Libraries, Culture, Open Spaces (e.g Connected Museums, Kiosks, Event management)

Chula Vista, CA – Innovation Station — The Innovation Station provides 6th grade students with opportunities to engage in hands-on STEAM projects and career exploration, connecting students with the skills required in various jobs and encouraging the creative problem-solving that is central to success in California’s innovation-based economy. Students have an opportunity to explore their strengths, interests, and values and connect them with careers that they may be interested in pursuing in the future.

Las Vegas, NV – Economic, Mobility and Safety through Data Driven Operations Management — Innovating by taking data-driven approaches to managing public services and operations in order to create a community that makes life better by improving the customer/resident experience, increasing public safety and driving operational and organizational efficiency. With Hitachi Smart Spaces and Video Intelligence, officials have smart cameras, tools for data analysis, visualization and dashboards that enable real-time views of events taking place on the streets, and historical patterns that enhance planning.

Canton, OH – Canton Police Department’s Integrated Surveillance & Smart City Program — In order to maximize reductions in crime through integrated technology, Canton is implementing a platform that supports a variety of audio/video analytics and recognition via camera and microphone; use cases include gun-shot, accident detection, traffic analysis, pedestrian counts, crowd counts, environmental services, and software driven recognition including: LPR, facial, vehicle and object detection. These capabilities will supplement law enforcement officer’s presence, offering tactical and strategic advantages and ensuring added safety.

6. Education (e.g. Smart Campus, Smart Classroom)

Los Angeles, CA – Neighborhood Arts Profile — A smart city should have a smart cultural strategy, but neighborhood-level knowledge of arts and cultural service is a challenge. The Los Angeles Department of Cultural Affairs created its Neighborhood Arts Profile (NAP) data platform to identify opportunities to improve arts and cultural services. Using mapping tools such as ESRI ArcGIS Online and ArcGIS Web Apps, NAP aggregated more than 371,000 data points. The City, County, private sector partners, foundations and universities created “Arts Datathons” to raise awareness about arts and cultural access.

Chattanooga, TN – Smart Community Collaborative(CSCC) — The CSCC brings together City and County government, public hospital, University of Tennessee; and the municipal utility/fiber provider to coordinate initiatives that require a partnership ecosystem. The CSCC launched a Smart City Testbed initially to focus on data-driven approaches to pedestrian safety, test commercially available technologies, such as new traffic signal controllers, and research future innovations such as experimental vision processing algorithms that allow the detection of near miss events.

Arizona State University – ASU Mobile App — Today, students communicate via mobile devices and texting, not web-based portals and email. ASU Mobile App was designed to deepen digital engagement with students by providing personalized, timely and actionable content. The app was built on AWS for both Android and iOS devices. Students were engaged to create the app that provides real-time shuttle information, personalized class schedules, event tickets, etc. The app has 68,000 users who average two sessions per day.

7. Public Safety (e.g. Real-time Crime Centers, Officer Wearables, Video Analytics) and Emergency Management (e.g. Next Gen 911, Early Warning Systems)

Pierce County, WA – South Sound 911 — South Sound 911 consolidated five dispatch centers. Now responders receive detailed information from dispatch en route to a call. Using laptops, tablets, and smartphones connected to the CAD system, police from different jurisdictions see neighboring incidents and share data. “When we share the data, the infrastructure, and the people, it’s more efficient for all involved agencies. Having all the agencies under one CAD – it’s the best thing that’s ever happened.”

New Orleans, LA – New Orleans Real Time Crime Center — Created in 2017, and part of a $40 million citywide public safety improvement plan, the Real-time Crime Center uses cameras, license plate readers and software to integrate information from a variety of sources. Critical information is provided to first responders in the field to help assist with investigations of criminal activity or quality of life concerns. The situational awareness the RTCC provides is invaluable to coordinate responses to events.

Neptune City, NJ – Project VIC — Law enforcement’s challenges in the fight against child exploitation remain numerous and difficult. Project VIC’s technology and partner ecosystems rescue children by crowdsourcing image identification in a secure, open platform. The system flags each viewed image or video as being identified, so that any other investigator using the Project VIC workflow and network does not view the photo, increasing efficiencies across multiple jurisdictions and reducing examiner exposure to repeat images. This has led to huge gains child-rescues, as well as predator apprehension rates around the world.

Chicago, IL – Citigraf – Genetec Decision Support System — Genetec’s ‘Citigraf’ DSS delivers a common operating picture for all city agencies. Using a unified, tactical operations system with analytic tools, agencies can integrate multiple data sources to quickly gather intelligence, gain a big picture understanding of situations, and make better decisions. Using Citigraf, Chicago’s response times from dispatch to on-scene arrival have been reduced by 39% and 24% in two of their most at-risk districts.


8. Smart Buildings

Hoover, AL – Smart Neighborhood — Smart Neighborhood is a community of 62 high-performance homes, built with enhanced energy efficiency measures that go beyond industry standards. Homes include programmable thermostats, improved insulation and high-efficiency heat pumps, water heaters and appliances. These homes are 35% more energy efficient than comparable newly built homes. Smart Neighborhood uses leading-edge microgrid technology to support the community’s energy needs.

Houston, TX – Houston Smart Buildings — In partnership with Microsoft, Houston is implementing a first-of-its-kind comprehensive smart city initiative, which takes the approach that the entirety of the city is a smart entity. With a focus on the city’s key priorities of disaster recovery and response, building and school safety, and more efficient, capable transportation, the initiative currently includes 22 planned engagements. Together, these 22 engagements make up the base of the broader smart city initiative, which will be expanded over time as new projects are added to leverage IoT solutions that create a connected foundation for Houston.

Alameda County, CA – Building 393 Modern Office Initiative — In November 2018, Alameda County opened a model modern government workplace for its Information Technology Department (ITD), featuring the latest collaboration technologies, which can be viewed here: https://www.youtube.com/watch?v=NuwvuOInHWg. All county users were upgraded to the latest click-to-run version of Office Pro Plus and Windows 10 for a truly modern work experience. The technology helps county employees increase productivity, attend meetings remotely, save travel time and enhance collaboration. The mobilization of the workforce has modernized services that the county provides its citizens.

9. Smart Water

Boston, MA – Smart Utilities Vision and Broadband Ready Buildings — The Smart Utilities Vision, a Boston Planning & Development Agency-led multi-departmental initiative, develops strategies for more equitable, sustainable, resilient, and innovative services across energy, water, transit, telecom. This allows us to promote policies that would not necessarily occur in silos, such as the call for private sector developers to develop more green infrastructure, as well as the raising of the stormwater mitigation requirement from 1 to 1.5 inches.

Albany, NY – Beaver Creek CSO Abatement and Flood Mitigation Program: Creating Smart Infrastructure for the Management of Wet Weather Flows — Urban stormwater management represents one of the most pervasive, significant environmental issues in the U.S. To address these issues, Beaver Creek implemented a smart infrastructure network that uses a continuous monitoring and adaptive control (CMAC) platform to proactively predict and manage wet weather flows. The program’s flow management practices serve to re-establish natural floodplain storage to address challenges within the urban CSO environment reconnecting communities on the water.

10. Sustainable Infrastructure (e.g. Smart Lighting, Waste Collection, Environmental Monitoring, Resiliency)

South Bend, IN – Combined Sewer Overflow Real-Time Decision Support System — Prior to the implementation of a real-time decision support system, the City of South Bend sewer system would overflow polluted water into the St. Joseph River. EmNet and the City developed a unified data platform and visualization dashboard, and the City has reduced overflow volumes by more than 70 percent (1 billion gallons annually). E.coli concentrations are down by more than 50 percent. People can enjoy rafting and sport fishing in the river again.

City and County of Los Angeles – ShakeAlertLA Mobile Application — The ShakeAlertLA app provides an earthquake early warning system to residents so they can get to safety. The mobile app characterizes an earthquake, calculates the intensity of ground shaking, and delivers warnings to people and infrastructure in harm’s way. The app allows the City to understand how the public responds when notified about an earthquake. Since its launch, the app has been downloaded over 400,00 times.

Brampton, Canada – Fleet Tracking – AVL/GPS Solution — The City of Brampton, Canada has developed a single system for its City fleets enabling both the city workers and citizens to track vehicles. The city measures vehicle use as they act as IoT sensors providing real-time information such as location, direction, speed, temperatures, plow position, etc. The system provides information to citizens and is used by contact center staff to dispatch by-law enforcement officers more quickly.

11. Transportation – Connected & Autonomous Vehicles, Public Transit, Ride-Hailing/Ride-Sharing

Houston, TX – Houston Connected Buses — Houston is implementing a comprehensive smart city initiative. One of its key efforts is a connected transit solution to provide internet access to bus and rail riders and increase onboard safety. In addition to Wi-Fi, the solution will provide fleet management services to provide information about the location, operation and efficiency of each bus and train. Buses will also be equipped with cameras to allow authorities real-time insights when disturbances are reported.

Quincy, MA – Changing Traffic – Adaptive Signalization — To better manage increasing traffic congestion in Quincy, MA, the city implemented an adaptive traffic signalization platform that adjusts dynamically to traffic patterns and congestion levels instead of relying on pre-determined timing patterns. The project upgraded communications and detection at 24 intersections and the system includes a traffic platform that uses algorithms with data sourced from cameras, radar, and video.

San Jose, CA – Accelerating Response for Safer Communities — The City of San Jose, CA has implemented a centralized Emergency Vehicle Pre-emption program. The system uses vehicle location technology to communicate with the city’s traffic control center to clear intersections of traffic and provide emergency vehicles with a green signal. This centralized approach provides faster response times, is significantly cheaper than installing equipment at each signalized intersection, and allows for a system-wide view and control.

12. Transportation Infrastructure (e.g. Parking, Transit Hubs; Traffic Management and Equipment for Connected and/or Autonomous Vehicles)

Louisville, KY – Open Government Coalition – Waze WARP — The city built the Waze Waze Analytics Relational-database Platform (“Waze WARP”) using traffic data from Waze and other data to build a traffic analysis module. Louisville then founded the Open Government Coalition, a network of government agencies working on open source projects. Waze WARP now gives 600+ government entities access to data to improve mobility, pedestrian and bike safety, road conditions, and emergency response. OGC has now embarked on additional projects to foster innovation.

Atlanta International Airport – Delta Air Launches First Curb-to-Gate Biometric Terminal in US — At Terminal F in Atlanta, Delta Air Lines launched the first curb-to-gate biometric terminal in the U.S.. For international flights, Delta uses facial recognition at 46 check-in kiosks, 54 bag drop counters, 6 TSA checkpoints, and 12 departure gates. Nearly all 25,000 passengers who travel through ATL Terminal F each week are choosing this optional process to check-in to flights. Faster throughput of passengers mitigates the need for larger terminal infrastructure and space.

Savannah, GA – Data-Driven Pavement Management Using AI-Based Road Assessments — To assess roadway conditions on a frequent, accurate, and cost-effective basis, the city is using artificial intelligence provided by RoadBotics which uses a smartphone to take images of city streets from a windshield every 10 feet. The images are analyzed or distresses such as potholes, cracks, and patching, then assigned a rating based on the type, severity, and extent of the distresses. The data helps prioritize maintenance and spending needs.


13. Urban Planning and Land Use (e.g. Permitting, Licensing, Inspection & Zoning; Digital Twins, Community Resiliency)

Boston, MA – StreetCaster — In Boston, 311 users are not a representative sample of the city’s residents. By focusing on requests, the city has inadvertently underspent in some neighborhoods for sidewalk maintenance. StreetCaster transforms how Boston makes capital investments in infrastructure by pairing 311 requests with measures of equity, usage, and asset condition. Boston is starting with sidewalks, traffic safety and roadway markings, but ultimately, StreetCaster is a toolkit for decision-making across all infrastructure investments.

Raleigh, NC – Emergency Operations Situational Analysis Smart Dashboard — The City of Raleigh developed a Situational Analysis Smart Dashboard for their Emergency Operations Center and refined it in real time as new types of data, such as current wind speed, were identified as critical to the safety of the public and city workers during an emergency. The dashboard is cross-departmental, with real-time progress tracking, covering a range of emergency management issues from debris in streets, flood monitoring, 911 call data, and resource management.

Cyber Quarterly – March 2019 – Lexology

EUROPE:

1. Impact of a no deal Brexit on digital service providers

As we edge ever closer to the UK’s impending departure from the EU, in December 2018, the Department for Digital, Culture, Media and Sport issued guidance for digital service providers in a no-deal EU exit scenario.

Background: the EU Network and Information Security Directive

The EU Network and Information Security Directive (“NISD”) was adopted by the European Parliament on 6 July 2016. For the first time, the NISD seeks to set out a harmonised approach to cyber security across the EU and provides legal measures to this end to enhance the EU’s cyber security legal and regulatory framework. Member States had until 9 May 2018 to transpose the NISD into domestic legislation and then apply the relevant measures from 10 May 2018. In the UK, the Network and Information Systems Regulations 2018 (“Regulations”) transposed the NISD into English law.

The Regulations require certain “operators of essential services” (“OES”) to adopt risk management practices and report major security incidents on their core services to the appropriate national authority. OES include companies in the electricity, oil and gas, air, water, road and rail transport, healthcare, water and digital infrastructure sectors. A competent authority is designated for each sector. The Regulations also place certain obligations on digital service providers (“DSPs”), which include operators of online search engines, online marketplaces and cloud computing providers. The ICO has been designated as the regulator for DSPs and more detailed descriptions of digital services can be found in the ICO Guide to NIS, the text of the NISD, the Regulations and the UK Government’s response to the targeted consultation for digital service providers.

Fines of up to £17m can be imposed to ensure compliance. Organisations covered will need to consider both their own cyber practices and those of businesses in their supply chains.

DSPs established in the EU

Under the NISD, a DSP that is not established in an EU Member State, but offers services within the EU (and has 50 or more staff or a turnover or balance sheet of more than €10m per year), must designate a representative in the EU. This representative must be established in one of the EU Member States where the DSP offers services, the DSP will then be deemed to be under the jurisdiction of the EU Member State where that representative is established.

Establishment in an EU Member State implies the effective and real exercise of activity through stable arrangements. In principle, the “main establishment” of a digital service provider corresponds to the place where the company has its head office. A digital provider “offers services in the EU” if it offers, or is planning to offer, digital services to persons in one or more EU Member States. The guidance suggests this to be the case if: the DSP uses a language generally used in one or more EU Member States; the DSP uses a currency generally used in one or more EU Member States; customers have the possibility to order services in a language generally used in one or more EU Member States; and the DSP mentions customers or users who are in the EU.

DSPs in a no-deal scenario

Currently, the UK is an EU Member State and so DSPs established in the UK do not need to designate an EU representative. However, in the event of a no-deal Brexit, the UK will become a third country. In this scenario, the guidance suggests that any relevant DSPs that are established in the UK and offer services in one or more EU Member States, may be required to designate a representative in one of the EU Member States where they offer services. It remains unknown as to whether this will be required and may depend on the future agreements with each Member State of the EU.

DSP no-deal planning

Therefore in the event of a no deal, relevant DSPs ought to consider taking the following steps as part of their no-deal Brexit planning:

  • decide where they are established by looking at whether their ‘main establishment’ is in the UK or in an EU Member State:

    • if a DSP is established in the UK then it must register with the ICO and comply with the Regulations; or

    • if it is established in an EU Member State, then it must comply with the law in that particular EU Member State.

  • If the DSP’s main establishment is in the UK and it offers services to one or more EU Member States, then that DSP may be required to designate a representative in an EU Member State in which it offers services;

    • this representative must be established in one of the Member States in which the DSP offers services;

    • as the representative will be acting on the DSP’s behalf, it must be possible for competent authorities and/or the computer security incident response teams of the relevant EU Member State to contact the representative; and

    • when designating a representative, DSPs must write to the relevant EU Member State authority in accordance with that authority’s formal process.

Importantly, if a DSP designates a representative in an EU Member State, it will be under the jurisdiction of the Member State in which that representative is established but the DSP will also be subject to English law if its main establishment in the UK.

DSPs will also need to inform the ICO if their main establishment is in an EU Member State, they have designated a representative in an EU Member State; or if their network and information systems are located in one or more EU Member States.

2. EU: Commission announces agreement on draft Cybersecurity Act

In December 2018, the European Parliament, the Council and the European Commission reached a political agreement on the EU Cybersecurity Act (the “Act”), which reinforces the mandate of the European Union Agency for Network and Information Security (“ENISA”) so as to better support Member States with tackling cybersecurity threats and incidents.

The Act was first proposed in 2017 as part of a set of measures to deal with cyber threats and to build cyber resilience across the EU. The Cybersecurity Act includes:

  • a permanent mandate for EU Cybersecurity Agency, ENISA, to replace its limited mandate that would have expired in 2020, as well as more resources allocated to the agency to enable it to fulfil its goals;

  • a stronger basis for ENISA in the new cybersecurity certification framework to assist Member States in effectively responding to cyber incidents with a greater role in cooperation and coordination at European Union level;

  • a right for ENISA to increase cybersecurity capabilities at EU level and support capacity building and preparedness; and

  • a framework for European Cybersecurity Certificates for products, processes and services that will be valid throughout the EU.

The framework for European Cybersecurity certificates will be the first internal market law that has the aim of enhancing the security of connected products, Internet of Things devices as well as critical infrastructure through certification. This will allow EU citizens to ascertain the level of security assurance and it will ensure that the security features are independently verified. The aim is to encourage manufacturers to invest in the cybersecurity of their products enabling them to have a competitive advantage.

The European Parliament approved the new regulation in March 2019. It will now need to be approved by the Council of the EU and subsequently published in the EU Official Journal entering into force immediately.

Further information can be found on the Europa website.

3. New cyber security standards for self-driving vehicles

On 19 December 2018, the British Standards Institute published a new cyber security standard for connected and autonomous vehicles and their platforms, which contains fundamental principles for the provision and maintenance of cyber security measures for increasingly connected transport ecosystems (which comprise vehicles, related infrastructure and human elements).

The standard is applicable throughout the entire automotive lifecycle – from design through operation to decommissioning – to ensure that the vehicles and related systems remain protected once they have been delivered into the market and are eventually safely retired. This guidance is intended to “set a marker” for those developing self-driving car technology; it is not mandatory nor is it intended to apply retroactively to existing vehicles and platforms.

The standard joins a growing body of legislation and guidance around connected and autonomous vehicles, including the government’s Key Principles of Cyber Security in Connected and Automated Vehicles (alongside which the new standard is intended to be read) and the Automated and Electric Vehicle Act 2018. Further legislation is expected once the Law Commission of England and Wales and the Scottish Law Commission conclude their current review into the legal framework required to support the use of autonomous vehicles into the UK. The ISO is currently at the committee stage in its development of a similar standard: ISO/SAE CD 21434 (Road Vehicles – Cybersecurity Engineering).

4. UK Government announces driverless cars to be on UK roads by end of 2021

On 6 February 2019, the UK Government announced plans to move forward on advanced trials for automated vehicles. Whilst only limited scale trials of fully driverless cars have taken place to date in Europe and the United States, more extensive testing is expected on public roads in the UK by the end of the year. The Department for Transport (DfT) issued a statement confirming it is “on track to meet its commitment to have fully self-driving vehicles on UK roads by 2021”. This was accompanied by plans to strengthen the code of practice for testing automation safety.

The DfT described its announcement as a “major boost” to the UK connected and autonomous vehicles market and estimates the industry will be worth £52 billion by 2035. However, a number of commentators in the industry remain sceptical about whether the Government’s time scale is practical given the number of outstanding issues and areas still to finalise before driverless cars will be commonplace on UK roads (including in respect of the self-driving technology itself).

Appropriate data protection and cyber security measures also remain a key priority. The recent announcement follows the British Standards Institute publishing a new cyber security standard for connected and autonomous vehicles and their platforms in December 2018 (see 3 above), which contains fundamental principles for the provision and maintenance of cyber security measures for increasingly connected transport ecosystems (i.e. comprising vehicles, related infrastructure and human elements).

The standard joins a growing body of legislation and guidance around connected and autonomous vehicles, including the government’s Key Principles of Cyber Security in Connected and Automated Vehicles (which the new standard is intended to be read alongside) and the Automated and Electric Vehicle Act 2018. Further legislation is expected once the Law Commission of England and Wales and the Scottish Law Commission conclude their current review into the legal framework required to support the use of autonomous vehicles into the UK. The ISO is currently at the committee stage in its development of a similar standard: ISO/SAE CD 21434 (Road Vehicles – Cybersecurity Engineering).

5. The UK Government’s Cyber Security Skills Strategy

On 21 December 2018, the UK Government launched a Call for Views on its Initial National Cyber Security Skills Strategy. The closing date for responses was 6 March 2019, with the final strategy document expected to be published late in 2019.

Published alongside this strategy is the government’s response to the consultation on Developing the UK Cyber Security Profession (which included a proposal to develop a new UK Cyber Security Council). This and the Call for Views both feed into the broader National Cyber Security Strategy, which aims to ensure that “the UK has a sustainable supply of home-grown cyber skilled professionals to meet the growing demands of an increasingly digital economy, in both the private and public sectors, and defence.”

A recent government-commissioned study reported that 54% of businesses and charities face a “cyber security skills gap”, with employers either unable to find recruits with the necessary skills, or being able to do so but at a premium that some organisations are unable to afford.

The Call for Views frames this challenge as not only one of ensuring that there are sufficient cyber security professionals in the UK, but also ensuring that these professionals possess the correct level and “blend” of expertise. The challenge is heightened by the acceleration of the rate of technological innovation and adoption, such as the growing importance of AI, machine learning and the Internet of Things.

The aim is to address the broader cyber security skills gap to ensure that the workforce has (and will continue to have) the requisite skilled professionals so that organisations and their staff can manage cyber security risks effectively, and to ensure that individuals are equipped with a basic understanding of the value of their personal data and how to practise basic “cyber hygiene” to keep themselves and their employers safe.

6. Cyber insurance: the impact of evolving legal and regulatory risk

Cyber insurance is still (just about) the new kid on the block. It is commonly thought of as a tool to mitigate exposure to ever-evolving cyber risks. That is right, up to a point; but the increasing exposure of business to losses potentially covered by cyber insurance is, in our view, in material part driven by changes in the legal and regulatory risk environment.

Please see our recent article here discussing the legal and regulatory risks involved with cyber insurance.

7. EU recalls children’s smartwatch over data fears

In February 2019, the EU Commission ordered a recall of a brand of a children’s smartwatch because it left children open to being contacted and located by malicious users and posed a serious safety risk. It is believed that this is the first recall issued for a product that does not protect user data.

The device, which comes fitted with a GPS, microphone and speaker, comes with a companion app that allows parents to oversee the location of the wearer and contact them. The EU Commission has said that the data the smartwatch holds, such as location history, phone numbers and serial numbers, can be easily retrieved and changed.

The alert to the EU Commission was submitted by Iceland. The manufacturers of the watch, Enox, have stated that the watch had passed tests carried out by German regulators in 2018 allowing it to be sold and that the company plans to lodge an appeal with the EU Commission.

8. Japan adequacy decision adopted by the EU Commission

On 23 January 2019, the EU Commission adopted a decision confirming the adequacy of Japanese data protection laws for the purpose of transferring personal data from the EU to Japan in compliance with the international data transfer restrictions set out in Chapter V of the GDPR.

For further information, please see our blog post here.

9. Russia to test cyber-war defences

In February 2019, Russia announced that it is considering whether to briefly disconnect from the global internet, as part of a test of its cyber defences. This is in reaction to a draft law introduced by the Russian parliament in 2018.

The draft law, the Digital Economy National Program, requires Russian internet service providers (“ISPs”) to ensure that they can operate in the event of a cyber-attack by a foreign power resulting in the country being isolated online.

Other measures introduced by the draft legislation include Russia building its own DNS system so it can operate if links to internationally located servers are cut. Currently, twelve organisations oversee the servers for DNS and all are located outside Russia.

The test is expected to involve ISPs demonstrating that they can direct data to government controlled routing points, allowing traffic to be filtered so that data sent between Russians reaches it destination but any traffic destined for foreign computers is discarded.

The Russian government is remunerating the ISPs to enable them to modify infrastructure so that redirection can be properly tested.

No date has been given for the test but it is believed to be taking place before 1 April 2019.

10. EBA publish revised Guidelines on outsourcing arrangements

In February 2019, the European Banking Authority (“EBA”) published revised Guidelines on outsourcing arrangements which aim to establish a harmonised framework for financial institutions, namely credit institutions and investment firms, as well as payment and electronic money institutions.

The Guidelines contain specific provisions relating to the security of data and systems of outsourcing providers. The Guidelines state that institutions and payment institutions should:

  • ensure that service providers comply with appropriate IT security standards;

  • define data and system security requirements within the outsourcing agreement and monitor compliance on an ongoing basis;

  • adopt a risk-based approach to data storage and data processing location and information security considerations when outsourcing to a cloud provider involves the handling of personal or confidential data; and

  • take into account differences in national provisions regarding the protection of data.

Please see the EBA Guidelines for further information.

ASIA:

1. New Law on Cybersecurity in Vietnam

Vietnam’s highly publicised Law on Cybersecurity became effective on 1 January 2019. The law prohibits the spread of ‘offending information’ (which includes anti-state information) and imposes a variety of obligations on businesses providing their services on a telecommunications network or on the Internet, including that they must:

  • verify users’ information;

  • disclose users’ information if requested by the Cybersecurity Task Force (“CTF”);

  • censor offending information within 24 hours and deregister the individuals responsible for the information; and

  • set up local offices in Vietnam.

While the law is drafted at quite a high-level, if it is implemented to the fullest extent, the Law on Cybersecurity stands to cause a significant burden for businesses. For example, the government has the power to inspect any IT system of a relevant entity and can also block or terminate the operation of any IT system. The Vietnamese government has signalled that it means business and will strictly enforce the new law, with a number of explanatory regulations apparently in the pipeline. Already, on 9 January 2019, the Vietnamese government accused Facebook of breaking the new Law on Cybersecurity by allowing Vietnamese citizens to post anti-government comments.

2. New cybersecurity guidelines for Singapore Banks

On 6 September 2018, the Monetary Authority of Singapore (“MAS”) issued a Consultation Paper which proposes requirements for Financial Institutions (“FIs”) in Singapore to implement certain minimum cyber security measures to protect their IT systems from malicious interference. The Consultation Paper encompasses a draft Notice on Cyber Hygiene (the “Draft Notice”) which prescribes a set of essential cyber security practices that FIs must put in place to manage cyber threats. While MAS has previously (in 2013) issued non-binding Technology Risk Management Guidelines and issued a Notice on technology risk management, the Draft Notice shows MAS’ renewed focus on strengthening FIs’ cyber resilience. Notably, MAS is also looking to make six of the measures from the Technology Risk Management Guidelines legally binding. The consultation period is closed.

In addition, the Association of Banks in Singapore, with support from the Monetary Authority of Singapore, has developed a set of cybersecurity guidelines titled the “Adversarial Attack Simulation Exercises (“AASE”) Guidelines” or “Red Teaming Guidelines” designed to strengthen the cyber resilience of the sector. The AASE guidelines provide FIs with best practices and guidance on planning and conducting simulated cyber-attacks to ensure they are testing for the most current threats.

3. New Thai cyber watchdog

Thailand’s junta has proposed a new cyber law regime that would grant the authorities the power to access any private sector computer system, a tool they say is needed to defend against hackers. The proposed legislation includes the creation of a National Cyber Security Committee (NCSC), which would be chaired by Prime Minister Prayut Chan-o-cha. The committee would oversee cyber defence capabilities and would be authorised to access any private company or citizen’s computer with a court order. While originally framed as a law which would stamp out Internet scams and fake news, some commentators and businesses are alarmed that the drafted law could have broader reach and consequences.

4. China cybersecurity and data protection: Update

Please click here to view our recent monthly update on Chinese cybersecurity and data protection.

US:

1. US Treasury designates Iran based financial facilitators of cyber activity and identifies associated digital currency addresses

In November 2018, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that they had taken action against two Iran based individuals, who had helped exchange Bitcoin ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme that had over 200 known victims in the US.

OFAC also identified the two digital currency addresses associated with the two individuals. Over 7000 transactions in bitcoin, worth millions of US dollars, were processed through the addresses. The digital currency addresses converted Bitcoin into Iranian rial and deposited the rial into Iranian banks.

To execute the SamSam ransomware attack, the individuals exploited computer network vulnerabilities to gain access and copy the SamSam ransomware into the network. Once in the network, the individuals were able to use the ransomware to gain administrator rights allowing them to take control of a victim’s servers and files, without the victim’s knowledge. The individuals would then demand a ransom be paid in Bitcoin in order for a victim to regain access and control of its own network.

2. FINRA Report: Cybersecurity Practices 2018

In December 2018, the US Financial Industry Regulatory Authority (“FINRA”) published its Report on Selected Cybersecurity Practices – 2018 (the “Report”). The Report is a detailed review of effective information controls at securities firms and represents the newest initiative in FINRA’s ongoing effort to help broker-dealers (including small firms) to further develop their cyber security programs. The Report references five main topics:

  • cyber security controls in branch offices;

  • methods of limiting phishing attacks;

  • identifying and mitigating insider threats;

  • elements of a strong penetration-testing program; and

  • establishing and maintaining controls on mobile devices.

3. Federal Data Care Act may impose heightened duties on tech companies

Legislation has been introduced in the US Senate that, if enacted, would hold tech companies responsible under federal law for the security of the personal data they store, and which ultimately may inch the US closer to a federal data protection law.

In December 2018, several US Senators introduced the Data Care Act, which would “establish duties for online service providers with respect to end user data that such providers collect and use.” The bill broadly defines “online service provider” (“OSP”) as an entity that does business “over the internet or any other digital network” and collects “individual identifying data” (“IID”) about end users (IID being data which is linked or reasonably linkable to a specific end user, or to a computing device associated with or routinely used by such end user).

The bill lacks many specifics, including as to the security standards OSPs would be expected to follow. Instead, the statute would impose three duties on OSPs, which are modelled on fiduciary duties imposed on bankers, attorneys and health professionals with respect to data protection:

  • Duty of care: OSPs must reasonably secure IID from unauthorized access, and must promptly inform an end user of any breach that involves sensitive consumer information.

  • Duty of loyalty: OSPs may not use IID or data derived from IID in any way that will benefit the OSP to the detriment of an end user, and which either will result in reasonably foreseeable and material physical or financial harm to an end user, or would be unexpected and highly offensive to a reasonable end user.

  • Duty of confidentiality: OSPs may not disclose, sell or share IID with a third party, except where such disclosure is consistent with the duties of care and loyalty, and only after that third party agrees to abide by the same duties toward the end user imposed on the OSP. OSPs also would be required to take reasonable steps (including via audit) to ensure third party compliance.

The bill contemplates enforcement by the US Federal Trade Commission (“FTC”), the most active consumer privacy regulator at the federal level, and would authorise the FTC to issue regulations expanding the duty to notify end users about breaches involving IID other than “sensitive data” if warranted. State attorneys general also may bring enforcement actions against OSPs on behalf of state residents.

The bill was referred to the Senate’s Committee on Commerce, Science, and Transportation, and at present no vote is scheduled. At this point, it is unclear whether the bill will gather significant support in the Senate. It is possible that the bill will be folded into more encompassing federal privacy legislation. Such legislation, long a goal of US privacy advocates as well as some tech companies, would replace the current patchwork of state-based privacy laws and reduce complexity and the cost of compliance to regulated businesses.

4. California Attorney General considers regulations to enforce state privacy law, as other states pay close attention

We previously reported on the enactment of the California Consumer Privacy Act of 2018 (“CCPA”), which expands the rights that California residents have with respect to their personal information. California’s Attorney General (“CA AG”) has since commenced a series of public hearings intended to inform regulations that the CA AG is expected to issue to implement various provisions of the CCPA and establish compliance regimens for regulated businesses.

Briefly, the CCPA (among other things) gives California residents the right to request a regulated business to disclose data collection and sharing practices, to request deletion of their personal information, and to opt out of the sale of their personal information by a business. Regulated businesses are also prohibited from selling personal information of residents under age 16 absent parental opt-in. As a practical matter, the CCPA will apply to businesses that do any significant online business with California customers, even if those businesses do not have a physical presence in the state.

The CA AG has scheduled a series of six public hearings, in January and February 2019, and has solicited public comments to inform the rulemaking process and the resulting regulation. The timing indicates that the CA AG intends to pursue regulations in short order, which is important since enforcement of the CCPA cannot begin until the earlier of 1 July 2020 or six months after the CCPA regulations are published. Among other comments, advertising industry organisations recently argued to the CA AG, in a 31 January 2019 submission, that while the CCPA enables consumers to opt out of the sale of their data or to delete their data, it does not permit a business to offer a consumer the choice to delete or opt out regarding some, but not all, of his/her data. Per the advertising groups, the CA AG should make clear that businesses may offer options to consumers to choose the types of sales they want to opt out of, the types of data they want deleted, or to completely opt out, and not impose what the advertising groups describe as an “all-or-nothing option.” These and other general contours of the CCPA will need to be addressed by the CA AG in the forthcoming regulations, and various stakeholders will be advocating their positions in the coming weeks.

California’s rulemaking process is also being watched by attorneys general and privacy regulators in other states, and some form of the CCPA and its attendant regulations may be adopted by other states frustrated by the slow pace of federal privacy regulation. The possibility of even more patchwork privacy regulation at the state level, in the view of most if not all businesses, further augurs for a uniform federal privacy standard.

5. NIST releases draft report on internet of things cybersecurity risks

As regulators, businesses and consumers continue to grapple with the proliferation of the devices, appliances and equipment that are connected in cyberspace, the US Department of Commerce’s National Institute of Standards and Technology (“NIST”) released a draft report which acknowledges the rapidly evolving and expanding collection of diverse technologies interacting with the physical world, along with stakeholders’ interest in reasonable but commercially practicable cybersecurity and data privacy measures for Internet of Things (“IoT”) devices.

The draft, formally known as Internal Report 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, leaves the term IoT broadly defined, given the wide variety of different IoT devices and applications across a broad range of business sectors. In addition, while the report calls for organisations to address relevant cybersecurity and privacy risks during the entire lifecycle of connected devices, its approach calls for businesses themselves to determine the particular security and privacy challenges presented by their respective devices using a device- and sector-specific approach.

The draft NIST report identifies three high-level considerations that may affect the management of cybersecurity and privacy risks for IoT devices as compared to conventional IT devices. The first is that “[m]any IoT devices interact with the physical world in ways conventional IT devices usually do not.” Thus, organisations need to assess and address cybersecurity and privacy concerns regarding those IoT devices that make changes to physical systems. Second, “[m]any IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can.” Having to undertake tasks manually for numerous IoT devices, expand familiarity and tools to address a broader range of IoT device software, and address risks with manufacturers and other third parties able to access or control IoT devices remotely, may be required. And third, “[t]he availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.” Thus, organisations may need to identify, implement, and manage additional controls, and decide an appropriate response to risk in the absence of sufficient controls for reducing risk.

The report additionally sets out three high-level risk mitigation goals in the context of cybersecurity and privacy risks, namely protecting device security, data security, and individuals’ privacy. In addition, the report notes that all IoT devices need to be prevented from being used to conduct attacks. Depending on the particular IoT devices and data at issue, in some cases, only device security may be required, while for others, data security may also be necessary, and in some cases privacy as well. The draft report, and the comments received in response to it, will likely result in further guidance documents and potential regulation to enable government agencies and other organisations to better understand and manage IoT device cybersecurity and privacy risks.

6. US Government report details risks of economic espionage in cyberspace

In its 2018 Foreign Economic Espionage in Cyberspace Report, the US National Counterintelligence and Security Center (“NCSC”) addressed current threats and future trends in state-sponsored espionage efforts to obtain US intellectual property, trade secrets, and proprietary information.

Per the NCSC report, international economic and industrial espionage continues to present a significant threat to both the US economy and global trade. The report identifies a broad range of threat actors operating in cyberspace, including adversarial nation-states, commercial enterprises under state influence, and sponsored activities by proxy hacker groups. It cautions that next generation technologies, such as artificial intelligence and IoT, will introduce new vulnerabilities “for which the cybersecurity community remains largely unprepared.”

The NCSC report singled out state intelligence services (and those working on their behalf) as representing the most persistent and pervasive cyber intelligence threat. In particular, it highlighted China, Russia and Iran as three of the most active cyber actors tied to economic espionage and the potential theft of US trade secrets and proprietary information, though the report noted that even countries with closer ties to the US have conducted cyber espionage seeking US technology.

Potentially disruptive threat trends, in NCSC’s view, include software supply chain infiltration, which per the report already threatens the critical infrastructure sector and may threaten other sectors, providing opportunities for cyber espionage and organisational disruption. In addition, the report advised that new laws and increased risks from non-US technology companies tied to local governments may pose new threats to US entities (citing to China’s 2017 cybersecurity law requiring foreign companies to submit their technology to the Chinese government for national security reviews, and Russia’s mandated source code reviews, overseen by Russian intelligence, to approve foreign technology to be sold there).

The NCSC Report highlighted energy, biotechnology, defence, environmental protection, high-end manufacturing, and information/communications technology as the US industrial sectors and technologies upon which non-US actors are likely to focus. In addition, US research institutions, universities, and corporations are regularly targeted in search of proprietary information.

As this report illustrates, the US perceives economic and industrial espionage threats from abroad, and that recognition may form the basis for further US government legislative, regulatory and intelligence action against state actors and others deemed responsible for such perceived threats.

7. US creates Cybersecurity and Infrastructure Security Agency

President Trump has signed into law the Cybersecurity and Infrastructure Security Agency Act, which established a new agency, the Cybersecurity and Infrastructure Security Agency (“CISA”), within the US Department of Homeland Security. CISA’s mission will be to protect US critical infrastructure from physical and cyber threats, and to promote effective coordination among a broad spectrum of government and private sector organisations.

The Act, enacted in November 2018, established three divisions in the new agency: Cybersecurity, Infrastructure Security and Emergency Communications. The Cybersecurity Division will work with government and private sector organisations to ensure US cyber infrastructure security and resilience. It includes the National Cybersecurity Communications Integration Center, the primary US cyber defence, incident response and operational integration centre. The Infrastructure Security Division will coordinate security and other efforts via partnerships across the private and public sectors, while providing training, technical assistance, and assessments to federal entities and infrastructure owners and operators nationwide. Through the Emergency Communications Division, CISA enhances governmental public safety communications at all levels, providing training, coordination, tools and guidance in developing emergency communications capabilities.

The creation of CISA, which includes the elevation and expansion of existing resources and capabilities, reflects recognition and acknowledgement of the priority to defend and secure core infrastructure and cyber platforms from evolving and anticipated threats.

8. Oath (formerly AOL) agrees to pay record Children’s Privacy settlement

In December 2018, the New York State Attorney General (“NY AG”) announced a “record settlement” with Oath, Inc., formerly known as AOL, in connection with alleged violations of the federal Children’s Online Privacy Protection Act (“COPPA”), in what was described as the largest-ever penalty in a COPPA enforcement matter.

COPPA was enacted in 1998 to protect children’s online safety and privacy. The law prohibits operators of certain websites from collecting, using, or disclosing personal information (such as first and last name or e-mail address) of those under age 13 without prior parental consent. Operators of websites and online services directed to those under 13, or that have actual knowledge they are collecting personal information from those under 13, are subject to COPPA. COPPA can be enforced by the US Federal Trade Commission and by state attorneys general.

Per the NY AG, AOL conducted billions of auctions for ad space on hundreds of websites the company knew were directed to those under 13. The NY AG alleged AOL thereby violated COPPA by collecting, using, and disclosing personal information from the websites’ users, enabling advertisers to track and deliver targeted ads to young children.

Oath Inc. agreed to pay US$4.95 million in penalties and to implement comprehensive reforms to its policies and procedures to protect children from improper tracking. The agreement requires that, among other things, the company establish and maintain a comprehensive COPPA compliance program including identification of risks that could result in violation of COPPA and design and implementation of reasonable controls to address such risks, as well as regular monitoring of the controls’ effectiveness; and development and taking of reasonable steps to select and retain service providers that can comply with COPPA. It also requires the company to retain an objective, third-party professional to assess the implemented privacy controls, and implement and maintain functionality to identify whether particular ad space is subject to COPPA. The agreement also requires destruction of all personal information collected from children in the company’s possession, custody, or control, unless such is required to be maintained by law, regulation, or court order.

The size of the penalty and the extent of the remedial measures imposed in this case reflect the prioritisation to protect children’s privacy in the face of allegedly improper targeting and tracking advertising.

9. US Securities regulator continues pursuit of cyber fraud by non-US actors

The US Securities and Exchange Commission (“SEC”) in January 2019 brought charges against several parties alleged to have participated in a scheme to infiltrate the SEC’s “EDGAR” database to extract non-public information to be used in illegal securities trading.

EDGAR (the Electronic Data Gathering, Analysis, and Retrieval system) performs certain automated functions with respect to the submissions filed by SEC regulated entities. Per the agency, nine defendants (two organisations, a Ukrainian hacker and securities traders operating in Ukraine, Russia and California) engaged in a scheme to bypass EDGAR controls that require user authentication, and thereafter obtained non-public test files, which securities issuers may submit in advance of making their official filings to help ensure that the EDGAR system will process the filings as intended. Test files can include confidential information as well as earnings results that have yet to be made public. The SEC asserts that after certain defendants illegally obtained the inside information, they passed it to various traders to buy and sell securities.

The SEC has charged the defendants with violations of US securities law, and among other things seeks restitution of the ill-gotten gains along with monetary penalties. Criminal charges also have been filed. The investigation shows the SEC’s continued emphasis on identifying and prosecuting securities violations originating in cyberspace, even where the actors are located outside the United States.

AUSTRALIA:

1. The Assistance and Access Act 2018

In December 2018, the Australian Federal Government passed the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) which received Royal Assent (the “Act”). The Act amends the Telecommunications Act 1997 (Cth), among other Acts. The features of the Act that have captured the most public attention relate to the frameworks established in the Act for law enforcement and intelligence agencies to make voluntary and mandatory requests for the provision of industry assistance, via what are referred to as ‘technical assistance requests’, ‘technical assistance notices’ and ‘technical capability notices’.

Cyber Security Quarterly Round-Up, March 2019 – Lexology

If the first quarter of 2019 is anything to go by, cyber security risk is still a high-ranking board agenda item with no sign of abating and the regulatory landscape is becoming ever more complex as we strive to respond and mitigate the risks of cyber incidents. We provide a summary of the key developments from Europe, Asia, the US and Australia to help you keep abreast of changes and plan for preventative compliance measures.

Europe

Impact of a no deal Brexit on digital services providers

As we edge ever closer to the UK’s impending departure from the EU, in December 2018, the Department for Digital, Culture, Media and Sport issued guidance for digital service providers in a no-deal EU exit scenario.

Background: the EU Network and Information Security Directive

The EU Network and Information Security Directive (“NISD”) was adopted by the European Parliament on 6 July 2016. For the first time, the NISD seeks to set out a harmonised approach to cyber security across the EU and provides legal measures to this end to enhance the EU’s cyber security legal and regulatory framework. Member States had until 9 May 2018 to transpose the NISD into domestic legislation and then apply the relevant measures from 10 May 2018. In the UK, the Network and Information Systems Regulations 2018 (“Regulations”) transposed the NISD into English law.

The Regulations require certain “operators of essential services” (“OES”) to adopt risk management practices and report major security incidents on their core services to the appropriate national authority. OES include companies in the electricity, oil and gas, air, water, road and rail transport, healthcare, water and digital infrastructure sectors. A competent authority is designated for each sector. The Regulations also place certain obligations on digital service providers (“DSPs”), which include operators of online search engines, online marketplaces and cloud computing providers. The ICO has been designated as the regulator for DSPs and more detailed descriptions of digital services can be found in the ICO Guide to NIS, the text of the NISD, the Regulations and the UK Government’s response to the targeted consultation for digital service providers.

Fines of up to £17m can be imposed to ensure compliance. Organisations covered will need to consider both their own cyber practices and those of businesses in their supply chains.

DSPs established in the EU

Under the NISD, a DSP that is not established in an EU Member State, but offers services within the EU (and has 50 or more staff or a turnover or balance sheet of more than €10m per year), must designate a representative in the EU. This representative must be established in one of the EU Member States where the DSP offers services, the DSP will then be deemed to be under the jurisdiction of the EU Member State where that representative is established.

Establishment in an EU Member State implies the effective and real exercise of activity through stable arrangements. In principle, the “main establishment” of a digital service provider corresponds to the place where the company has its head office. A digital provider “offers services in the EU” if it offers, or is planning to offer, digital services to persons in one or more EU Member States. The guidance suggests this to be the case if: the DSP uses a language generally used in one or more EU Member States; the DSP uses a currency generally used in one or more EU Member States; customers have the possibility to order services in a language generally used in one or more EU Member States; and the DSP mentions customers or users who are in the EU.

DSPs in a no-deal scenario

Currently, the UK is an EU Member State and so DSPs established in the UK do not need to designate an EU representative. However, in the event of a no-deal Brexit, the UK will become a third country. In this scenario, the guidance suggests that any relevant DSPs that are established in the UK and offer services in one or more EU Member States, may be required to designate a representative in one of the EU Member States where they offer services. It remains unknown as to whether this will be required and may depend on the future agreements with each Member State of the EU.

DSP no-deal planning

Therefore in the event of a no deal, relevant DSPs ought to consider taking the following steps as part of their no-deal Brexit planning:

  • decide where they are established by looking at whether their ‘main establishment’ is in the UK or in an EU Member State:

    • if a DSP is established in the UK then it must register with the ICO and comply with the Regulations; or

    • if it is established in an EU Member State, then it must comply with the law in that particular EU Member State.

  • If the DSP’s main establishment is in the UK and it offers services to one or more EU Member States, then that DSP may be required to designate a representative in an EU Member State in which it offers services;

    • this representative must be established in one of the Member States in which the DSP offers services;

    • as the representative will be acting on the DSP’s behalf, it must be possible for competent authorities and/or the computer security incident response teams of the relevant EU Member State to contact the representative; and

    • when designating a representative, DSPs must write to the relevant EU Member State authority in accordance with that authority’s formal process.

Importantly, if a DSP designates a representative in an EU Member State, it will be under the jurisdiction of the Member State in which that representative is established but the DSP will also be subject to English law if its main establishment in the UK.

DSPs will also need to inform the ICO if their main establishment is in an EU Member State, they have designated a representative in an EU Member State; or if their network and information systems are located in one or more EU Member States.

EU: Commission announces agreement on draft Cybersecurity Act

In December 2018, the European Parliament, the Council and the European Commission reached a political agreement on the EU Cybersecurity Act (the “Act”), which reinforces the mandate of the European Union Agency for Network and Information Security (“ENISA”) so as to better support Member States with tackling cybersecurity threats and incidents.

The Act was first proposed in 2017 as part of a set of measures to deal with cyber threats and to build cyber resilience across the EU. The Cybersecurity Act includes:

  • a permanent mandate for EU Cybersecurity Agency, ENISA, to replace its limited mandate that would have expired in 2020, as well as more resources allocated to the agency to enable it to fulfil its goals;

  • a stronger basis for ENISA in the new cybersecurity certification framework to assist Member States in effectively responding to cyber incidents with a greater role in cooperation and coordination at European Union level;

  • a right for ENISA to increase cybersecurity capabilities at EU level and support capacity building and preparedness; and

  • a framework for European Cybersecurity Certificates for products, processes and services that will be valid throughout the EU.

The framework for European Cybersecurity certificates will be the first internal market law that has the aim of enhancing the security of connected products, Internet of Things devices as well as critical infrastructure through certification. This will allow EU citizens to ascertain the level of security assurance and it will ensure that the security features are independently verified. The aim is to encourage manufacturers to invest in the cybersecurity of their products enabling them to have a competitive advantage.

The European Parliament approved the new regulation in March 2019. It will now need to be approved by the Council of the EU and subsequently published in the EU Official Journal entering into force immediately.

Further information can be found on the Europa website.

New cyber security standards for self-driving vehicles

On 19 December 2018, the British Standards Institute published a new cyber security standard for connected and autonomous vehicles and their platforms, which contains fundamental principles for the provision and maintenance of cyber security measures for increasingly connected transport ecosystems (which comprise vehicles, related infrastructure and human elements).

The standard is applicable throughout the entire automotive lifecycle – from design through operation to decommissioning – to ensure that the vehicles and related systems remain protected once they have been delivered into the market and are eventually safely retired. This guidance is intended to “set a marker” for those developing self-driving car technology; it is not mandatory nor is it intended to apply retroactively to existing vehicles and platforms.

The standard joins a growing body of legislation and guidance around connected and autonomous vehicles, including the government’s Key Principles of Cyber Security in Connected and Automated Vehicles (alongside which the new standard is intended to be read) and the Automated and Electric Vehicle Act 2018. Further legislation is expected once the Law Commission of England and Wales and the Scottish Law Commission conclude their current review into the legal framework required to support the use of autonomous vehicles into the UK. The ISO is currently at the committee stage in its development of a similar standard: ISO/SAE CD 21434 (Road Vehicles – Cybersecurity Engineering).

UK Government announces driverless cars to be on UK roads by end of 2021

On 6 February 2019, the UK Government announced plans to move forward on advanced trials for automated vehicles. Whilst only limited scale trials of fully driverless cars have taken place to date in Europe and the United States, more extensive testing is expected on public roads in the UK by the end of the year. The Department for Transport (DfT) issued a statement confirming it is “on track to meet its commitment to have fully self-driving vehicles on UK roads by 2021”. This was accompanied by plans to strengthen the code of practice for testing automation safety.

The DfT described its announcement as a “major boost” to the UK connected and autonomous vehicles market and estimates the industry will be worth £52 billion by 2035. However, a number of commentators in the industry remain sceptical about whether the Government’s time scale is practical given the number of outstanding issues and areas still to finalise before driverless cars will be commonplace on UK roads (including in respect of the self-driving technology itself).

Appropriate data protection and cyber security measures also remain a key priority. The recent announcement follows the British Standards Institute publishing a new cyber security standard for connected and autonomous vehicles and their platforms in December 2018 (see 3 above), which contains fundamental principles for the provision and maintenance of cyber security measures for increasingly connected transport ecosystems (i.e. comprising vehicles, related infrastructure and human elements).

The standard joins a growing body of legislation and guidance around connected and autonomous vehicles, including the government’s Key Principles of Cyber Security in Connected and Automated Vehicles (which the new standard is intended to be read alongside) and the Automated and Electric Vehicle Act 2018. Further legislation is expected once the Law Commission of England and Wales and the Scottish Law Commission conclude their current review into the legal framework required to support the use of autonomous vehicles into the UK. The ISO is currently at the committee stage in its development of a similar standard: ISO/SAE CD 21434 (Road Vehicles – Cybersecurity Engineering).

The UK Government’s Cyber Security Skills Strategy

On 21 December 2018, the UK Government launched a Call for Views on its Initial National Cyber Security Skills Strategy. The closing date for responses was 6 March 2019, with the final strategy document expected to be published late in 2019.

Published alongside this strategy is the government’s response to the consultation on Developing the UK Cyber Security Profession (which included a proposal to develop a new UK Cyber Security Council). This and the Call for Views both feed into the broader National Cyber Security Strategy, which aims to ensure that “the UK has a sustainable supply of home-grown cyber skilled professionals to meet the growing demands of an increasingly digital economy, in both the private and public sectors, and defence.”

A recent government-commissioned study reported that 54% of businesses and charities face a “cyber security skills gap”, with employers either unable to find recruits with the necessary skills, or being able to do so but at a premium that some organisations are unable to afford.

The Call for Views frames this challenge as not only one of ensuring that there are sufficient cyber security professionals in the UK, but also ensuring that these professionals possess the correct level and “blend” of expertise. The challenge is heightened by the acceleration of the rate of technological innovation and adoption, such as the growing importance of AI, machine learning and the Internet of Things.

The aim is to address the broader cyber security skills gap to ensure that the workforce has (and will continue to have) the requisite skilled professionals so that organisations and their staff can manage cyber security risks effectively, and to ensure that individuals are equipped with a basic understanding of the value of their personal data and how to practise basic “cyber hygiene” to keep themselves and their employers safe.

Cyber insurance: the impact of evolving legal and regulatory risk

Cyber insurance is still (just about) the new kid on the block. It is commonly thought of as a tool to mitigate exposure to ever-evolving cyber risks. That is right, up to a point; but the increasing exposure of business to losses potentially covered by cyber insurance is, in our view, in material part driven by changes in the legal and regulatory risk environment.

Please see our recent article here discussing the legal and regulatory risks involved with cyber insurance.

EU recalls children’s smartwatch over data fears

In February 2019, the EU Commission ordered a recall of a brand of a children’s smartwatch because it left children open to being contacted and located by malicious users and posed a serious safety risk. It is believed that this is the first recall issued for a product that does not protect user data.

The device, which comes fitted with a GPS, microphone and speaker, comes with a companion app that allows parents to oversee the location of the wearer and contact them. The EU Commission has said that the data the smartwatch holds, such as location history, phone numbers and serial numbers, can be easily retrieved and changed.

The alert to the EU Commission was submitted by Iceland. The manufacturers of the watch, Enox, have stated that the watch had passed tests carried out by German regulators in 2018 allowing it to be sold and that the company plans to lodge an appeal with the EU Commission.

Japan adequacy decision adopted by the EU Commission

On 23 January 2019, the EU Commission adopted a decision confirming the adequacy of Japanese data protection laws for the purpose of transferring personal data from the EU to Japan in compliance with the international data transfer restrictions set out in Chapter V of the GDPR.

For further information, please see our blog post here.

Russia to test cyber-war defences

In October 2018, the UK Government published new measures to assist manufacturers to boost the security of internet-connected devices such as home alarm systems, fridges and toys.

Within the next three years, there is expected to be more than 420 million internet-connected devices in use throughout the UK and poorly secured devices can leave people exposed to security issues and large-scale cyber-attacks.

To deal with this, the Department for Digital, Culture, Media and Sport, working in collaboration with the National Cyber Security Centre, have published plans in a “Secure by Design” review to embed security in the design process rather than seeing it as an afterthought.

The new Code of Practice was developed with industry to improve cyber security, encourage innovation and keep consumers safe. It outlines thirteen guidelines that manufacturers of consumer devices should implement into their product’s design to enhance safety. This includes secure storage of personal data; regular software updates to make sure devices are protected against emerging security threats; no default passwords; and making it easier for users to delete their personal data from the product.

Technology companies HP Inc. and Centrica Hive Limited are the first companies to sign up to commit to the code. The Government has also published a mapping document to make it easier for other manufacturers to follow in their footsteps and further work is underway to develop regulations that will strengthen the security of internet-connected consumer products.

EBA publish revised Guidelines on outsourcing arrangements

In February 2019, the European Banking Authority (“EBA”) published revised Guidelines on outsourcing arrangements which aim to establish a harmonised framework for financial institutions, namely credit institutions and investment firms, as well as payment and electronic money institutions.

The Guidelines contain specific provisions relating to the security of data and systems of outsourcing providers. The Guidelines state that institutions and payment institutions should:

  • ensure that service providers comply with appropriate IT security standards;

  • define data and system security requirements within the outsourcing agreement and monitor compliance on an ongoing basis;

  • adopt a risk-based approach to data storage and data processing location and information security considerations when outsourcing to a cloud provider involves the handling of personal or confidential data; and

  • take into account differences in national provisions regarding the protection of data.

Please see the EBA Guidelines for further information.

ASIA

NEW LAW ON CYBERSECURITY IN VIETNAM

Vietnam’s highly publicised Law on Cybersecurity became effective on 1 January 2019. The law prohibits the spread of ‘offending information’ (which includes anti-state information) and imposes a variety of obligations on businesses providing their services on a telecommunications network or on the Internet, including that they must:

  • verify users’ information;

  • disclose users’ information if requested by the Cybersecurity Task Force (“CTF”);

  • censor offending information within 24 hours and deregister the individuals responsible for the information; and

  • set up local offices in Vietnam.

While the law is drafted at quite a high-level, if it is implemented to the fullest extent, the Law on Cybersecurity stands to cause a significant burden for businesses. For example, the government has the power to inspect any IT system of a relevant entity and can also block or terminate the operation of any IT system. The Vietnamese government has signalled that it means business and will strictly enforce the new law, with a number of explanatory regulations apparently in the pipeline. Already, on 9 January 2019, the Vietnamese government accused Facebook of breaking the new Law on Cybersecurity by allowing Vietnamese citizens to post anti-government comments.

NEW CYBERSECURITY GUIDELINES FOR SINGAPORE BANKS

On 6 September 2018, the Monetary Authority of Singapore (“MAS”) issued a Consultation Paper which proposes requirements for Financial Institutions (“FIs”) in Singapore to implement certain minimum cyber security measures to protect their IT systems from malicious interference. The Consultation Paper encompasses a draft Notice on Cyber Hygiene (the “Draft Notice”) which prescribes a set of essential cyber security practices that FIs must put in place to manage cyber threats. While MAS has previously (in 2013) issued non-binding Technology Risk Management Guidelines and issued a Notice on technology risk management, the Draft Notice shows MAS’ renewed focus on strengthening FIs’ cyber resilience. Notably, MAS is also looking to make six of the measures from the Technology Risk Management Guidelines legally binding. The consultation period is closed.

In addition, the Association of Banks in Singapore, with support from the Monetary Authority of Singapore, has developed a set of cybersecurity guidelines titled the “Adversarial Attack Simulation Exercises (“AASE”) Guidelines” or “Red Teaming Guidelines” designed to strengthen the cyber resilience of the sector. The AASE guidelines provide FIs with best practices and guidance on planning and conducting simulated cyber-attacks to ensure they are testing for the most current threats.

NEW THAI CYBER WATCHDOG

Thailand’s junta has proposed a new cyber law regime that would grant the authorities the power to access any private sector computer system, a tool they say is needed to defend against hackers. The proposed legislation includes the creation of a National Cyber Security Committee (NCSC), which would be chaired by Prime Minister Prayut Chan-o-cha. The committee would oversee cyber defence capabilities and would be authorised to access any private company or citizen’s computer with a court order. While originally framed as a law which would stamp out Internet scams and fake news, some commentators and businesses are alarmed that the drafted law could have broader reach and consequences.

CHINA CYBERSECURITY AND DATA PROTECTION: UPDATE

Please click here to view our recent monthly update on Chinese cybersecurity and data protection.

US

US TREASURY DESIGNATES IRAN BASED FINANCIAL FACILITATORS OF CYBER ACTIVITY AND IDENTIFIES ASSOCIATED DIGITAL CURRENCY ADDRESSES

In November 2018, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced that they had taken action against two Iran based individuals, who had helped exchange Bitcoin ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme that had over 200 known victims in the US.

OFAC also identified the two digital currency addresses associated with the two individuals. Over 7000 transactions in bitcoin, worth millions of US dollars, were processed through the addresses. The digital currency addresses converted Bitcoin into Iranian rial and deposited the rial into Iranian banks.

To execute the SamSam ransomware attack, the individuals exploited computer network vulnerabilities to gain access and copy the SamSam ransomware into the network. Once in the network, the individuals were able to use the ransomware to gain administrator rights allowing them to take control of a victim’s servers and files, without the victim’s knowledge. The individuals would then demand a ransom be paid in Bitcoin in order for a victim to regain access and control of its own network.

FINRA REPORT: CYBERSECURITY PRACTICES 2018

In December 2018, the US Financial Industry Regulatory Authority (“FINRA”) published its Report on Selected Cybersecurity Practices – 2018 (the “Report”). The Report is a detailed review of effective information controls at securities firms and represents the newest initiative in FINRA’s ongoing effort to help broker-dealers (including small firms) to further develop their cyber security programs. The Report references five main topics:

  • cyber security controls in branch offices;

  • methods of limiting phishing attacks;

  • identifying and mitigating insider threats;

  • elements of a strong penetration-testing program; and

  • establishing and maintaining controls on mobile devices.

FEDERAL DATA CARE ACT MAY IMPOSE HEIGHTENED DUTIES ON TECH COMPANIES

Legislation has been introduced in the US Senate that, if enacted, would hold tech companies responsible under federal law for the security of the personal data they store, and which ultimately may inch the US closer to a federal data protection law.

In December 2018, several US Senators introduced the Data Care Act, which would “establish duties for online service providers with respect to end user data that such providers collect and use.” The bill broadly defines “online service provider” (“OSP”) as an entity that does business “over the internet or any other digital network” and collects “individual identifying data” (“IID”) about end users (IID being data which is linked or reasonably linkable to a specific end user, or to a computing device associated with or routinely used by such end user).

The bill lacks many specifics, including as to the security standards OSPs would be expected to follow. Instead, the statute would impose three duties on OSPs, which are modelled on fiduciary duties imposed on bankers, attorneys and health professionals with respect to data protection:

  • Duty of care: OSPs must reasonably secure IID from unauthorized access, and must promptly inform an end user of any breach that involves sensitive consumer information.

  • Duty of loyalty: OSPs may not use IID or data derived from IID in any way that will benefit the OSP to the detriment of an end user, and which either will result in reasonably foreseeable and material physical or financial harm to an end user, or would be unexpected and highly offensive to a reasonable end user.

  • Duty of confidentiality: OSPs may not disclose, sell or share IID with a third party, except where such disclosure is consistent with the duties of care and loyalty, and only after that third party agrees to abide by the same duties toward the end user imposed on the OSP. OSPs also would be required to take reasonable steps (including via audit) to ensure third party compliance.

The bill contemplates enforcement by the US Federal Trade Commission (“FTC”), the most active consumer privacy regulator at the federal level, and would authorise the FTC to issue regulations expanding the duty to notify end users about breaches involving IID other than “sensitive data” if warranted. State attorneys general also may bring enforcement actions against OSPs on behalf of state residents.

The bill was referred to the Senate’s Committee on Commerce, Science, and Transportation, and at present no vote is scheduled. At this point, it is unclear whether the bill will gather significant support in the Senate. It is possible that the bill will be folded into more encompassing federal privacy legislation. Such legislation, long a goal of US privacy advocates as well as some tech companies, would replace the current patchwork of state-based privacy laws and reduce complexity and the cost of compliance to regulated businesses.

CALIFORNIA ATTORNEY GENERAL CONSIDERS REGULATIONS TO ENFORCE STATE PRIVACY LAW, AS OTHER STATES PAY CLOSE ATTENTION

We previously reported on the enactment of the California Consumer Privacy Act of 2018 (“CCPA”), which expands the rights that California residents have with respect to their personal information. California’s Attorney General (“CA AG”) has since commenced a series of public hearings intended to inform regulations that the CA AG is expected to issue to implement various provisions of the CCPA and establish compliance regimens for regulated businesses.

Briefly, the CCPA (among other things) gives California residents the right to request a regulated business to disclose data collection and sharing practices, to request deletion of their personal information, and to opt out of the sale of their personal information by a business. Regulated businesses are also prohibited from selling personal information of residents under age 16 absent parental opt-in. As a practical matter, the CCPA will apply to businesses that do any significant online business with California customers, even if those businesses do not have a physical presence in the state.

The CA AG has scheduled a series of six public hearings, in January and February 2019, and has solicited public comments to inform the rulemaking process and the resulting regulation. The timing indicates that the CA AG intends to pursue regulations in short order, which is important since enforcement of the CCPA cannot begin until the earlier of 1 July 2020 or six months after the CCPA regulations are published. Among other comments, advertising industry organisations recently argued to the CA AG, in a 31 January 2019 submission, that while the CCPA enables consumers to opt out of the sale of their data or to delete their data, it does not permit a business to offer a consumer the choice to delete or opt out regarding some, but not all, of his/her data. Per the advertising groups, the CA AG should make clear that businesses may offer options to consumers to choose the types of sales they want to opt out of, the types of data they want deleted, or to completely opt out, and not impose what the advertising groups describe as an “all-or-nothing option.” These and other general contours of the CCPA will need to be addressed by the CA AG in the forthcoming regulations, and various stakeholders will be advocating their positions in the coming weeks.

California’s rulemaking process is also being watched by attorneys general and privacy regulators in other states, and some form of the CCPA and its attendant regulations may be adopted by other states frustrated by the slow pace of federal privacy regulation. The possibility of even more patchwork privacy regulation at the state level, in the view of most if not all businesses, further augurs for a uniform federal privacy standard.

NIST RELEASES DRAFT REPORT ON INTERNET OF THINGS CYBERSECURITY RISKS

As regulators, businesses and consumers continue to grapple with the proliferation of the devices, appliances and equipment that are connected in cyberspace, the US Department of Commerce’s National Institute of Standards and Technology (“NIST”) released a draft report which acknowledges the rapidly evolving and expanding collection of diverse technologies interacting with the physical world, along with stakeholders’ interest in reasonable but commercially practicable cybersecurity and data privacy measures for Internet of Things (“IoT”) devices.

The draft, formally known as Internal Report 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, leaves the term IoT broadly defined, given the wide variety of different IoT devices and applications across a broad range of business sectors. In addition, while the report calls for organisations to address relevant cybersecurity and privacy risks during the entire lifecycle of connected devices, its approach calls for businesses themselves to determine the particular security and privacy challenges presented by their respective devices using a device- and sector-specific approach.

The draft NIST report identifies three high-level considerations that may affect the management of cybersecurity and privacy risks for IoT devices as compared to conventional IT devices. The first is that “[m]any IoT devices interact with the physical world in ways conventional IT devices usually do not.” Thus, organisations need to assess and address cybersecurity and privacy concerns regarding those IoT devices that make changes to physical systems. Second, “[m]any IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can.” Having to undertake tasks manually for numerous IoT devices, expand familiarity and tools to address a broader range of IoT device software, and address risks with manufacturers and other third parties able to access or control IoT devices remotely, may be required. And third, “[t]he availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.” Thus, organisations may need to identify, implement, and manage additional controls, and decide an appropriate response to risk in the absence of sufficient controls for reducing risk.

The report additionally sets out three high-level risk mitigation goals in the context of cybersecurity and privacy risks, namely protecting device security, data security, and individuals’ privacy. In addition, the report notes that all IoT devices need to be prevented from being used to conduct attacks. Depending on the particular IoT devices and data at issue, in some cases, only device security may be required, while for others, data security may also be necessary, and in some cases privacy as well. The draft report, and the comments received in response to it, will likely result in further guidance documents and potential regulation to enable government agencies and other organisations to better understand and manage IoT device cybersecurity and privacy risks.

US GOVERNMENT REPORT DETAILS RISKS OF ECONOMIC ESPIONAGE IN CYBERSPACE

In its 2018 Foreign Economic Espionage in Cyberspace Report, the US National Counterintelligence and Security Center (“NCSC”) addressed current threats and future trends in state-sponsored espionage efforts to obtain US intellectual property, trade secrets, and proprietary information.

Per the NCSC report, international economic and industrial espionage continues to present a significant threat to both the US economy and global trade. The report identifies a broad range of threat actors operating in cyberspace, including adversarial nation-states, commercial enterprises under state influence, and sponsored activities by proxy hacker groups. It cautions that next generation technologies, such as artificial intelligence and IoT, will introduce new vulnerabilities “for which the cybersecurity community remains largely unprepared.”

The NCSC report singled out state intelligence services (and those working on their behalf) as representing the most persistent and pervasive cyber intelligence threat. In particular, it highlighted China, Russia and Iran as three of the most active cyber actors tied to economic espionage and the potential theft of US trade secrets and proprietary information, though the report noted that even countries with closer ties to the US have conducted cyber espionage seeking US technology.

Potentially disruptive threat trends, in NCSC’s view, include software supply chain infiltration, which per the report already threatens the critical infrastructure sector and may threaten other sectors, providing opportunities for cyber espionage and organisational disruption. In addition, the report advised that new laws and increased risks from non-US technology companies tied to local governments may pose new threats to US entities (citing to China’s 2017 cybersecurity law requiring foreign companies to submit their technology to the Chinese government for national security reviews, and Russia’s mandated source code reviews, overseen by Russian intelligence, to approve foreign technology to be sold there).

The NCSC Report highlighted energy, biotechnology, defence, environmental protection, high-end manufacturing, and information/communications technology as the US industrial sectors and technologies upon which non-US actors are likely to focus. In addition, US research institutions, universities, and corporations are regularly targeted in search of proprietary information.

As this report illustrates, the US perceives economic and industrial espionage threats from abroad, and that recognition may form the basis for further US government legislative, regulatory and intelligence action against state actors and others deemed responsible for such perceived threats.

US CREATES CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

President Trump has signed into law the Cybersecurity and Infrastructure Security Agency Act, which established a new agency, the Cybersecurity and Infrastructure Security Agency (“CISA”), within the US Department of Homeland Security. CISA’s mission will be to protect US critical infrastructure from physical and cyber threats, and to promote effective coordination among a broad spectrum of government and private sector organisations.

The Act, enacted in November 2018, established three divisions in the new agency: Cybersecurity, Infrastructure Security and Emergency Communications. The Cybersecurity Division will work with government and private sector organisations to ensure US cyber infrastructure security and resilience. It includes the National Cybersecurity Communications Integration Center, the primary US cyber defence, incident response and operational integration centre. The Infrastructure Security Division will coordinate security and other efforts via partnerships across the private and public sectors, while providing training, technical assistance, and assessments to federal entities and infrastructure owners and operators nationwide. Through the Emergency Communications Division, CISA enhances governmental public safety communications at all levels, providing training, coordination, tools and guidance in developing emergency communications capabilities.

The creation of CISA, which includes the elevation and expansion of existing resources and capabilities, reflects recognition and acknowledgement of the priority to defend and secure core infrastructure and cyber platforms from evolving and anticipated threats.

OATH (FORMERLY AOL) AGREES TO PAY RECORD CHILDREN’S PRIVACY SETTLEMENT

In December 2018, the New York State Attorney General (“NY AG”) announced a “record settlement” with Oath, Inc., formerly known as AOL, in connection with alleged violations of the federal Children’s Online Privacy Protection Act (“COPPA”), in what was described as the largest-ever penalty in a COPPA enforcement matter.

COPPA was enacted in 1998 to protect children’s online safety and privacy. The law prohibits operators of certain websites from collecting, using, or disclosing personal information (such as first and last name or e-mail address) of those under age 13 without prior parental consent. Operators of websites and online services directed to those under 13, or that have actual knowledge they are collecting personal information from those under 13, are subject to COPPA. COPPA can be enforced by the US Federal Trade Commission and by state attorneys general.

Per the NY AG, AOL conducted billions of auctions for ad space on hundreds of websites the company knew were directed to those under 13. The NY AG alleged AOL thereby violated COPPA by collecting, using, and disclosing personal information from the websites’ users, enabling advertisers to track and deliver targeted ads to young children.

Oath Inc. agreed to pay US$4.95 million in penalties and to implement comprehensive reforms to its policies and procedures to protect children from improper tracking. The agreement requires that, among other things, the company establish and maintain a comprehensive COPPA compliance program including identification of risks that could result in violation of COPPA and design and implementation of reasonable controls to address such risks, as well as regular monitoring of the controls’ effectiveness; and development and taking of reasonable steps to select and retain service providers that can comply with COPPA. It also requires the company to retain an objective, third-party professional to assess the implemented privacy controls, and implement and maintain functionality to identify whether particular ad space is subject to COPPA. The agreement also requires destruction of all personal information collected from children in the company’s possession, custody, or control, unless such is required to be maintained by law, regulation, or court order.

The size of the penalty and the extent of the remedial measures imposed in this case reflect the prioritisation to protect children’s privacy in the face of allegedly improper targeting and tracking advertising.

US SECURITIES REGULATOR CONTINUES ITS PURSUIT OF CYBER FRAUD BY NON-US ACTORS

The US Securities and Exchange Commission (“SEC”) in January 2019 brought charges against several parties alleged to have participated in a scheme to infiltrate the SEC’s “EDGAR” database to extract non-public information to be used in illegal securities trading.

EDGAR (the Electronic Data Gathering, Analysis, and Retrieval system) performs certain automated functions with respect to the submissions filed by SEC regulated entities. Per the agency, nine defendants (two organisations, a Ukrainian hacker and securities traders operating in Ukraine, Russia and California) engaged in a scheme to bypass EDGAR controls that require user authentication, and thereafter obtained non-public test files, which securities issuers may submit in advance of making their official filings to help ensure that the EDGAR system will process the filings as intended. Test files can include confidential information as well as earnings results that have yet to be made public. The SEC asserts that after certain defendants illegally obtained the inside information, they passed it to various traders to buy and sell securities.

The SEC has charged the defendants with violations of US securities law, and among other things seeks restitution of the ill-gotten gains along with monetary penalties. Criminal charges also have been filed. The investigation shows the SEC’s continued emphasis on identifying and prosecuting securities violations originating in cyberspace, even where the actors are located outside the United States.

Australia

THE ASSISTANCE AND ACCESS ACT 2018

In December 2018, the Australian Federal Government passed the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) which received Royal Assent (the “Act”). The Act amends the Telecommunications Act 1997 (Cth), among other Acts. The features of the Act that have captured the most public attention relate to the frameworks established in the Act for law enforcement and intelligence agencies to make voluntary and mandatory requests for the provision of industry assistance, via what are referred to as ‘technical assistance requests’, ‘technical assistance notices’ and ‘technical capability notices’.

Sunburn — The morning read of what’s hot in Florida politics — 3.27.19 – Florida Politics

Congratulations to the, um, architects of an extraordinary 20-year marriage, Kelly and Marc — the Marchitect — Reichelderfer.

You wanted it; we deliver: Announcing the return of TallyMadness — an online voting competition to determine who is the “best” lobbyist in Florida.

And yes, “best” is of course subjective.

Brace yourself: TallyMadness 2019 has arrived.

How it works: Like college basketball fans who fill out their brackets as part of “March Madness,” participants in The Process vote on a series of bracketed match-ups pitting Florida’s top lobbyists against each other.

How did we decide who made the Big Dance? A select, anonymous committee ‘seeded’ the lobbyists, 1 through 64.

You the voters will pick the winner of each match-up, with first-round voting beginning today and lasting through 11:59 p.m. March 31.

Those who visit the website TallyMadness.com are asked to email any suggestions they have to improve the site — and later-round voting — to peter@floridapolitics.com.

… Let the TallyMadness begin.

Call El Al: Gov. Ron DeSantis and the Florida Cabinet may soon need a flight to the Holy Land.

It’s in the “very early” stages and details are sparse, but Cabinet aides confirm there’s been an “active discussion” to hold a Florida Cabinet meeting in Jerusalem in late May.

It’s no secret that the state’s relationship with Israel is important to the new Governor.

For instance, he championed the move by the State Board of Administration (SBA) to blacklist Airbnb, the vacation rental website, as a “Scrutinized Company that Boycotts Israel” for purposes of the state’s investments.

Its transgression was removing listings of rentals in the contentious West Bank region east of Israel, fought over by Palestinians and Israelis.

Please listen to the next episode of ‘He Said, She Said’ Michelle and I mark #NoCollusionDay with one of the most influential guests to date, U.S. Rep. Matt Gaetz, who talks apologies owed to Donald Trump, and vindication over those accusing the President of Russian collusion. Then, we tackle the somber and tough questions following the Parkland massacre, discussing both sides of Florida’s controversial Guardian program with Pinellas Sheriff Bob Gualtieri, chair of the Marjory Stoneman Douglas Statewide Commission, and state Rep. Shevrin Jones, a former teacher in a Title 1 school. This week’s hot takes also include the story of Theranos — the health tech firm founded by Elizabeth Holmes — as well as Michelle’s 20-year high school reunion, and the madness of ‘March Madness.’

‘He Said, She Said’ is now available on iTunes, Google Play and Stitcher.

— SITUATIONAL AWARENESS —

@RealDonaldTrump: The Mainstream Media is under fire and being scorned all over the World as being corrupt and FAKE. For two years they pushed the Russian Collusion Delusion when they always knew there was No Collusion. They truly are the Enemy of the People and the Real Opposition Party!

@GBennettPost: FAA notice suggests a @realDonaldTrump visit to Canal Point on Lake Okeechobee on Friday.

@SenRickScott: The Senate is preparing to vote on the Green New Deal. Supporting this plan means being an enemy of the American economy and the American worker. We love our environment but we can’t take care of it if we destroy our economy like socialism would.

@RepRutherfordFL: Let me see if I understand this. Democrats say passing the Green New Deal is the only way to avoid the impending downfall of society as we know it. Yet today when given the chance, not one Senate Democrat voted in favor of it.

@BillGalvano: Seconds matter when stopping an active shooter. Pleased to see an expansion of the Coach AaronFeis Guardian program, recommended by the MSD Commission, pass as one component of our comprehensive school safety and security legislation.

@SenJanetCruz: Who are we listening to? I have hundreds and hundreds of emails and phone calls from Floridians across the state who are opposed to SB 7030. They do not want teachers carrying weapons in school and I agree.

@CarlosGSmith: I’m not gonna debate HB 839 in committee again, so I’m just gonna say this here. Students in FL’s state universities are not being indoctrinated by liberal professors and we don’t need a costly “intellectual diversity” study to prove that. That’s all.

@AnaCeballos_: Sen. [Bill] Montford, a former school principal, says his job included spanking unruly students. “I can spank you or call your mom or dad,” Montford would ask students. More times than not, Montford said students would tell him: “I’d rather take the spanking.”

@Daniel_Sweeney: Plastic straw bans? Preemption. Plastic bag bans? Preemption. Minimum wage ordinances? Preemption. Smacking kids around in school? Well, now, let’s not get crazy.

@GrayRohrer: Idea: short term rentals of chairs in packed committee rooms

@MDixon55: You win, children of the Capitol. Just give them what they want

— DAYS UNTIL —

Scott Maddox corruption trial begins (maybe) — 1; Major League Baseball opening day — 2; Final season of ‘Veep’ begins — 4; Masters Tournament begins — 15; Final season of ‘Game of Thrones’ begins — 18; Easter — 25; Tampa mayoral runoff election — 27; 2019 Legislative Session ends (maybe) — 37; Mother’s Day — 46; Memorial Day — 61; 2020 Democratic presidential primary debates start — 72; 2019 General Election — 226; Iowa Caucuses — 313; Florida’s presidential primary — 356; 2020 General Election — 587.

— TOP STORY —

Arming teachers bill clears Senate committee” via Scott Powers of Florida Politics — SB 7030 contains a long list of school safety proposals, particularly to allow full-time teachers to volunteer as guardians and keep guns in their classrooms if the county school board approves. That issue brought the bill a party-line vote 5-3 vote at the committee, just as it had in the Senate Education Committee. Democrats declared there was a lot of good within the bill, but they could never vote to arm teachers. The House version, PCB EDC 19-02, is seeing similar splits. “I have hundreds and hundreds of emails and phone calls from parents and teachers and instructional resource folks that don’t want teachers to be armed. Who are we listening to?” demanded state Sen. Janet Cruz, a Tampa Democrat.

‘Who are we listening to?’ State Sen. Janet Cruz was among the Democrats adamant against arming teachers, despite a school safety bill advancing through its Senate committee. Image visa Colin Hackley.

— THE ADMINISTRATION —

Could Florida save flying Ron DeSantis by Aero charter than buying a plane?” via Jacob Ogles of Florida Politics — One Pensacola company said it could provide DeSantis a better ride at a lower price with contracted service. “If they want to base their decision on financial, then Aero is the clear choice,” said Michael Carro, a partner at Aero Capital Flight Services. The charter service said the state should hire a company to provide flights for DeSantis, as well as whoever else the state authorizes to use the plane. Carro said that type of public service work fits in well with the company’s long-standing commitment to the community. Whether it’s transporting public officials or ensuring speedy organ transplants, Aero pilots fly for more than a beautiful view.

Cheaper than buying: The Ron DeSantis administration could have a first-class flight service at his disposal, saving the state money at the same time. Image via Colin Hackley.

DeSantis, Cabinet weigh large land buy” via the News Service of Florida — DeSantis and the Cabinet are slated to consider buying 5,534 acres in Hendry County through the Florida Forever conservation program. Under the proposal, which is on the agenda for a Cabinet meeting, the state would pay $14.775 million to Alico, Inc. for the land, which is part of what is known as the broader Devil’s Garden Florida Forever project. The Cabinet agenda said the targeted land includes 3,233 acres of uplands and 2,301 acres of wetlands.

FL civil rights leader statue will replace Confederate general statue” via Florida Phoenix — Gov. DeSantis will soon sign a letter to federal authorities requesting that they approve Florida’s plan to replace a statue of Confederate General Edmund Kirby Smith in the nation’s Statuary Hall collection with a new statue of civil rights leader and educator Dr. Mary McLeod Bethune … Even though now-former Gov. RickScott signed the bill authorizing the Bethune statue into law, he failed to submit the letter to the office in charge of the statues — the Architect of the Capitol. “It was a strange thing,” (Democratic Congresswoman Kathy) Castor said. “It’s just a ministerial step … to send a simple short letter that says the law has passed. And that was left undone.”

Halsey Beshears confirmation — again — falls short of unanimous vote” via Ryan Nicol of Florida Politics — When it comes to Beshears, voting against him once just isn’t enough for state Sen. José Javier Rodríguez. The Miami-Dade Democrat again voted against confirming Beshears, DeSantis’ nominee for Secretary of the Department of Business and Professional Regulation (DBPR). Rodríguez voted ‘no’ on Beshears at an Ethics and Elections Committee meeting, just as he had previously at an Appropriations Subcommittee on Agriculture, Environment, and General Government. Rodríguez’s issue stems from DBPR’s inaction on condominium complaints, a problem that the Senator says has hit his South Florida constituents particularly hard.

— 2019 SESSION —

Lawmakers consider allowing guns at churches on school property” via the News Service of Florida — Voting 4-2 along party lines, the Senate Judiciary Committee backed a measure (Senate Bill 1238) that would allow individuals with concealed-weapons permits to carry guns at churches and other religious institutions that share a property with schools. Florida law allows religious facilities to be open to people who have concealed-weapons licenses and are armed. However, state law does not automatically allow people with concealed-weapons licenses to possess firearms on private or public-school campuses. Opponents of the measure argue that the proposal seeks to make any religious institution exempt from state firearms laws. The proposal, backed by the National Rifle Association, comes as lawmakers consider allowing teachers to serve as armed “guardians” at schools.

House panel unanimously approves human trafficking bill” via Ryan Nicol of Florida Politics — Training hotel workers to spot and help potential victims of human trafficking is part of a bill (HB 851) unanimously approved by the Criminal Justice Subcommittee. The legislation, put forth by Rep. Heather Fitzenhagen, is a companion bill to a similar measure filed by Sen. Lauren Book (SB 540). “We are very serious about this important component of training, raising awareness and letting people know where they can go for more information,” Fitzenhagen said. Book’s version already has been approved by the Senate Criminal Justice Committee and the Senate Community Affairs Committee.

Toby Overdorf talks bill to beef up mandatory minimum for soliciting sex” via Ryan Nicol of Florida Politics — “Today the Legislature took another step to limit the demand for sex trafficking victims.” Those were the words of Rep. Overdorf at a news conference in the Capitol Tuesday morning. Overdorf, a Stuart Republican, was speaking on his bill (HB 219) to ramp up punishment against those charged with soliciting prostitution involving victims of human trafficking. The legislation was also approved Tuesday morning by the House Criminal Justice Subcommittee. Under the proposal, solicitation would carry mandatory 10-day incarceration. Overdorf’s bill would tack on an additional 30 days if “the person solicited, induced, enticed, or procured is a victim of human trafficking.”

House felony-theft bill advances — despite key differences with Senate version” via Danny McAuliffe of Florida Politics — The House Justice Appropriations Subcommittee on Tuesday unanimously backed a proposal (HB 589) to raise the dollar amount of a stolen good that triggers a third-degree felony. That threshold is currently at $300. The bill, sponsored by Naples Republican Rep. ByronDonalds, would make it $1,000. The general concept is gaining traction in the Republican-led Legislature. Earlier this month in the Senate, the Appropriations Committee — a key panel — backed a threshold change. The problem: The Senate’s version (SPB 7072) would increase the new felony floor to $750 — $250 short of the House plan. But a lower threshold could mean more influential support.

Raising Florida’s smoking age from 18 to 21 gains support in Senate” via the News Service of Florida — The proposal (Senate Bill 1618), filed by Sen. David Simmons, would increase the minimum age to possess tobacco products legally and would include electronic smoking devices in the definition of tobacco. The inclusion of electronic smoking devices caused some members of the public to trek to Tallahassee to publicly oppose the bill. While smoking rates have declined in the United States, e-cigarette use has dramatically increased since 2014. U.S. Food and Drug Administration Commissioner Scott Gottlieb has called youth use of e-cigarettes an epidemic and indicated that youth e-cigarette use is up 77 percent from last year.

Thank you for not smoking: FDA Commissioner Scott Gottlieb had called the use of e-cigarettes ‘an epidemic,’ giving Florida the justification to raise the smoking age to 21.

Scooter bills roll through committee” via Drew Wilson of Florida Politics — House and Senate bills that would change scooter regulations cleared committees Tuesday. HB 453 and SB 542 each change the definition of “motorized scooter” and create a definition for “micro-mobility device” in state law, allowing them to be used on the road rather than sidewalks. The bills are different tracks, however, on how much of a role local government can play in regulating scooter rentals. The House bill still requires local government to license any vendor that meets basic insurance requirements. The Senate version was amended to let cities and counties to control of scooter rentals in their jurisdictions or to opt out of allowing them altogether.

Texting while driving bill passes first House committee” via Florida Politics — The bill that would make texting while driving a primary offense in Florida passed its first committee stop in the House Tuesday. The bill (HB 107) passed 13-0 after passionate testimony from parents who lost children to distracted driving. The legislation, filed by Tampa Republican Jackie Toledo and Boca Raton Democrat Emily Slosberg, would apply only to texting and would strengthen existing laws that make texting a secondary offense.

Texting can wait: Jackie Toledo’s House bill making texting while driving a primary offense cruised through unanimously in its first committee stop.

Legislature advances two measures to stop local governments from banning plastic straws” via Mitch Perry of Florida Phoenix — Two different proposals introduced in the House Business & Professions Subcommittee would block cities and county governments from ever banning straws. One bill would fine any local government that banned straws $25,000, and the city or county would have to pay the attorney fees and costs for any entity that successfully sued over a local ordinance. The bill also calls for the Department of Environmental Protection to study the environmental impact of single-use plastic straws. Another bill, sponsored by state Rep. Spencer Roach would prohibit local governments from creating ordinances on many issues, including regulating plastic straws. Environmental groups oppose it. The two bills received bipartisan support.

House targets Airbnb as it moves to pre-empt local rules on home rentals” via Gray Rohrer of the Orlando Sentinel — A House committee also voted to keep Airbnb, the most popular of the services, from getting the benefit of having statewide rules because of its West Bank policies. The panel passed a bill (HB 987) that pre-empts all local regulations of vacation rentals. Ordinances adopted by local governments to restrict their use or impose standards would not apply. The measure passed on a 10-5 vote, but only after it was changed to prevent Airbnb from benefiting from it because of its policy of not offering its services to Jewish settlers in the West Bank. The policy led DeSantis to place Airbnb on Florida’s Scrutinized Companies List because he saw the policy as a boycott of Israel.

Hands off our genes” via Florida Politics — Legislation aimed at stopping genetic testing from being used by life insurance companies against customers cleared the House Insurance and Banking Subcommittee Tuesday. Rep. Jayer Williamson’s bill would stop life insurers from yanking, lifting or denying coverage based on test results … Health insurers are already prohibited … this bill would add life insurance and long-term care insurers to the mix. Major objections from the industry were aired, then dismissed, as Republican votes carried the measure against Democratic opposition.

House bill bans 2 of 3 forms of oil, gas fracking in Florida” via Curt Anderson of The Associated Press — The House Appropriations Subcommittee on Agriculture and Natural Resources voted 10-2 for the bill, which would permit a rock-dissolving technique called matrix acidizing but ban two other common forms of fracking. Environmental groups call that a loophole, putting underground aquifers at risk of contamination from potentially dangerous chemicals. The petroleum industry also opposes the bill because it would halt the use of other fracking techniques. But legislators called the measure a major step forward in curbing the practice in Florida. “Is it completely perfect? Is it everything we want? No, it’s not,” said Democratic Rep. Kristin Jacobs. “We have to do something. The idea that we’re not going to act because it isn’t perfect, I reject.”

House panel approves professional deregulation bill” via Scott Powers of Florida Politics — A bill eliminating licensing of such professions as talent agents and interior designers and scaling back licensing requirements for fields ranging from barbering to geology won approval from a House committee. The Government Operations and Technology Appropriations Subcommittee approved the measure (HB 27) by a split vote. The sponsor, Republican state Rep. Blaise Ingoglia, said it strips away regulations and licenses that do not protect the public. And he declared that in too many fields, Florida’s licensing requirements long ago went beyond just protecting health, safety and consumer interests, and began protecting job security for those already in the field, and income at training schools that provide the education needed to meet the state’s increasing requirements.

Deregulation rules: Blaise Ingoglia’s proposal to scale back licensing requirements for fields like barbering and geology passed its House committee with a split vote.

Needle exchange bill clears first committee hurdle — Bipartisan legislation that would allow for the expansion of Miami-Dade County’s needle exchange program throughout the rest of the state was approved in its first review committee. State Reps. ShevrinJones, a West Park Democrat, and Rene “Coach P” Plasencia, an Orlando Republican, back the bill (HB 171). The goal is to give the state’s other 66 counties the option to create a program similar to 2016’s Infectious Disease Elimination Act (IDEA) needle exchange program at the University of Miami. In a statement, Jones said his fellow lawmakers “took a much-needed step … now we’re closer to putting facts and science ahead of the stigma.”

Bill on ‘autonomous practice’ for state’s APRNs advances — The House Health Care Appropriations Subcommittee approved a bill (HB 821) by Sebring Republican CaryPigman to let Advanced Practice Registered Nurses (APRNs) provide more care without direct physician supervision. The Florida Association of Nurse Anesthetists (FANA) said the measure “would modernize Florida’s laws to allow highly-qualified APRNs, including Certified Registered Nurse Anesthetists, to practice to the full extent of their education and training … (they) provide patients, particularly those in rural and other underserved communities who may not otherwise have access to vital services, with high-quality care at a much lower cost.”

FDOT changes cruise through committee — Legislation filed by Rep. Alex Andrade, a Pensacola Republican, blasted through The House Transportation and Tourism Appropriations Subcommittee. The bill (HB 905) requires the state Transportation Secretary to be a professional engineer, hold an advanced degree and have five years of transportation experience, or to hold a full decade of relevant experience. It also allows for specific innovative transportation projects and techniques. Andrade’s committee passed through two subcommittees with few obstacles, earning unanimous support so far. It now heads to Staff Affairs before it’s ready for a floor vote.

— MORE SESSION —

She owes $59 million. Should she be allowed to vote under Amendment 4?” via Lawrence Mower of the Tampa Bay Times — Karen Leicht cannot vote — and likely never will — if a bill in Tallahassee gets signed into law. That’s because Leicht owes $59 million in restitution after pleading guilty to various federal insurance fraud charges in 2010. Under Republican lawmakers’ interpretation of Amendment 4, ostensibly restoring the right to vote to more than a million Floridians, Leicht would have to pay every penny back before getting back on the voter roll. She and other former felons told a Senate committee that this interpretation would mean a lifetime ban from voting, although they’ve finished prison and probation and have worked hard to live an honest life since. “I’m like a citizen again,” Leicht said, “except for I still can’t vote.”

Travis Cummings sees education funding as budget skirmish” via Danny McAuliffe of Florida Politics — Expect money for education to be heavily contested during budget conferencing and negotiations of the later days of Session. That’s according to House Appropriations Chair Cummings, who spoke to Florida Politics about the spending plan he believes his committee will forward on Wednesday to the House floor next week. The House and Senate late last week released initial budgets that differ by about $400 million, with each chamber spending more and less in different areas. Believe it or not, that’s “not a tremendous variance coming out of the gate,” the Orange Park Republican said.

House memorial on ‘Space Force’ OK’d by first panel unanimously — The measure (HM 1281) by Rep. TylerSirois, a Cocoa Republican, cleared the first of its two review committees this week. It asks Congress to approve the creation of the U.S. Space Force and the establishment of a U.S. Space Command in Florida. The memorial follows a recent White House proposal by President DonaldTrump, and DeSantis’ call for the Space Force and Command to be based in Florida. “With Florida’s spaceport infrastructure, deep-water seaports, and partnerships with NASA, the 45th Space Wing and the other three combatant commands located in Florida, we are the best choice for the headquarters of U.S. Space Command,” Sirois said.

Space forces: Tyler Sirois’ request for Congress to approve a U.S. Space Command based in Florida cleared the first of its House committees.

Hundreds rally at Capitol to advocate for immigrants” via Tori Schneider of the Tallahassee Democrat — Chalco Lopez has lived most of her life afraid her parents would be deported. She came to the Capitol with the group “United We Dream” in support of a so-called “driver’s license bill” and several other immigration-related proposals being considered by lawmakers. HB 969/SB 1538 would allow immigrants to apply for driver’s licenses and state IDs regardless of their immigration status. It was among the issues advocates came to discuss with legislators after their news conference. Because Chalco Lopez’s parents aren’t citizens, her college experience also has been difficult. Filing for financial aid requires a parents’ Social Security number, something her parents don’t have.

Hundreds of city officials visit Capitol to advocate for home rule — This week, more than 200 municipal officials traveled to Tallahassee for the Florida League of Cities’ annual Legislative Action Days. As they descended on The Capitol, the group’s mission was to protect the right to local self-government. From CRAs to short term rentals to e-scooters — League members feel local issues require local solutions. Municipal officials met face-to-face with legislators and testified in multiple committees to share examples of local impacts of proposed legislation. “There are a lot of new faces at The Capitol this year which gives us the opportunity to provide education on the importance of local self-government,” said FLC President Leo Longworth. “We live local, so we should decide local.”

Home rules: Hundreds of local officials descend on Tallahassee for the Florida League of Cities Legislative Action Days, each looking to protect the right to self-govern.

Today’s legislative committee hearings:

The House Appropriations Committee is expected to consider an $89.9 billion budget proposal for the 2019-2020 fiscal year, 9 a.m., 212 Knott Building.

The Senate will hold a floor Session and could approve a measure that seeks to prevent the Florida Constitution Revision Commission from “bundling” multiple issues into single constitutional amendments, 10 a.m., Senate Chamber.

The Senate Appropriations Committee will take up a proposed $90.3 billion budget for the 2019-2020 fiscal year. After the committee approves, the proposed budget will go to the full Senate, 1 p.m., 412 Knott Building.

The House will hold a floor Session and take up numerous bills, including a proposal that would seek to provide more information to patients about issues such as hospital infection rates and readmission rates, 3 p.m., House Chamber.

The Senate Special Order Calendar Group will set a special-order calendar, which lists bills that will be heard on the Senate floor, 15 minutes after the Appropriations Committee meeting, 401 Senate Office Building.

— GOV. CLUB MENU —

Tortilla soup; mix garden salad with dressing; egg salad; garbanzo bean salad; deli board, cheeses, lettuce, tomato and breads; chicken salsa Verde; Cuban style pork; seafood Vera Cruz style; black beans; steamed white rice; sweet plantains; tres leche cake for dessert.

— STATEWIDE —

FDOT secrecy still clouds SunPass saga, 299 days into tolling nightmare” via Noah Pransky of Florida Politics — Ever since a SunPass system upgrade went horribly wrong in June 2018, the state has chosen to communicate about the crisis primarily through news releases and by ignoring reporter questions. The state has compounded its customer service nightmare with concerted efforts to downplay the problems and sweep others under the rug. In addition to surprise, backlogged bills, often more than hundreds of dollars, dozens of stories have recently surfaced about inaccurate statements that FDOT and its contractor, Conduent, are not correcting promptly. FDOT has also not indicated any discipline for the contractors, HNTB and Atkins, both paid to supervise the awarding of the Conduent contract and its execution.

Court ponders abortion waiting period” via Dara Kam of the News Service of Florida — A three-judge 1st District Court of Appeal panel heard arguments in a long-running dispute over a 24-hour waiting period for abortions. Attorneys for the state, who are asking the appellate court to order a trial in the case, argued that the Florida law is aimed at preventing what they claim are dangerous side-effects caused by abortions, such as depression and suicide. But Judge James Wolf grilled Deputy Solicitor General James Percival about whether the state has the authority to “require somebody to delay the exercise of their constitutional right,” setting aside the issue of waiting periods for gun purchases.

Signafide promises to funnel out suspect signatures” via Jacob Ogles of Florida Politics — Kory Langhofer, the co-founder of Signafide, says the best time to fight a ballot measure may be while petitions come in. The company uses cutting-edge technology to flag bad signatures and fraudulent gathering. It’s a way to make the process of verifying signatures faster and more accurate. It starts with basics, like checking gathered names against voter registration databases to ensure petitions are valid. The program also translates longhand. But Signafide’s software also looks for similarities in signatures and cross-references those to individual petition gatherers. It will raise flags if a person turns in many signatures that appear to be in the same handwriting.

SpottedJohn Stemberger on TBN’s “Huckabee” — The Orlando-based conservative Christian activist discusses his founding of “Trail Life USA” as an alternative to Scouting. Stemberger describes the new group as “a critical Christian alternative for boys and young men today.” He opposes the Boy Scouts of America decision to allow openly gay and bisexual adult leaders and employees.

To view the clip, click on the image below:

Here’s where the next Brightline stations may one day open in South Florida” via David Lyons of the South Florida Sun-Sentinel — Brightline may add a pair of stations at Fort Lauderdale-Hollywood International Airport and PortMiami. The new stations at the airport and seaport would cost between $20 and $30 million and take 18 months to build, according to a proposed $1.5 billion bond offering now being circulated by the company among would-be investors. Already considered in the airport’s improvement plans is an elevated people-mover circling the airport’s terminals and connecting to a transportation center above U.S. 1. The Florida East Coast Railway line, which is used by Brightline, passes the airport on its east side. Currently, a station serving the Tri-Rail commuter system is located a short distance from the airport west of I-95.

Duke plans three more solar projects” via the News Service of Florida — Duke Energy Florida filed a proposal with the state Public Service Commission seeking to pass along costs to customers for three solar-power projects in Gilchrist, Highlands and Volusia counties. The filing is an outgrowth of a 2017 base-rate settlement that allows Duke to recover solar-project costs. Duke plans to build a 74.9-megawatt facility in Gilchrist County, a 45-megawatt facility in Highlands County and a 74.5-megawatt facility in Volusia County, with an overall cost of $252 million. The Gilchrist and Highland facilities would start operating in December, while the Volusia facility would begin running during the first quarter of 2020. The effect on customers’ bills would be relatively small.

Florida entries honored as finalists for News Leaders Association 2019 Awards — The Awards honors the best in print, digital, photo and video content in 11 categories. The contest drew 526 entries, from which 49 finalists from news outlets of various sizes and platforms were named. Winners will be announced April 2 … Florida entries include Staff of The Palm Beach Post, South Florida Sun-Sentinel, The Miami Herald and WLRN Public Radio for “The Invading Sea: Can South Florida be saved?” Also, Staff of the Miami Herald for “The Fall of the Florida International University Bridge.” And, Staff of the South Florida Sun-Sentinel for “Public officials after Parkland: Hide, deny, spin.” The News Leaders Association comprises the American Society of News Editors and The Associated Press Media Editors.

— LOCAL —

County appeals constitutional amendment ruling” via the News Service of Florida — Volusia County has appealed a circuit judge’s ruling in a challenge to a voter-approved constitutional amendment that involves sheriffs and other types of county officials across Florida. A notice of appeal was filed in the 1st District Court of Appeal after Leon County Circuit Judge John Cooper ruled against the county. The case involves Amendment 10, which requires the election of county sheriffs, tax collectors, property appraisers, elections supervisors and clerks of court. Volusia County has contended that the constitutional amendment does not apply to it because of a decades-old local charter that revamped the structure of the county’s government.

Robert Kraft now wants jury trial on prostitution charge” via The Associated Press — Kraft’s attorneys filed a court notice also waiving his arraignment scheduled for Thursday. His lawyers also reiterated his not guilty plea, which he made last month. Kraft and 24 other men were charged in Palm Beach County as part of a multicounty crackdown on massage parlor prostitution. About 300 men are charged overall. Prosecutors say Kraft was videotaped by police twice in January paying for sex with a woman at a Jupiter massage parlor. If convicted, Kraft would face 100 hours of community service and a $5,000 fine. He could also get a year in jail, although that is unlikely.

Let a jury decide: Robert Kraft is now seeking a jury trial on his prostitution charges in Jupiter.

Palm Beach County sheriff tells senators ‘red flag’ law and trained teams could have prevented Parkland shooting” via Anthony Man of the South Florida Sun-Sentinel — Sheriff Ric Bradshaw testified about red flag laws before the Senate Judiciary Committee, which may advance legislation encouraging states to implement their own versions of the laws that allow courts to order removal of guns from people who pose a threat to themselves or others. The sheriff cautioned, however, that red flag laws authorizing what is formally known as “risk protection orders” aren’t a panacea. He touted the Behavioral Services Unit teams in place at his agency, in which deputies work with mental health professionals to interact with people who might have difficulties. Bradshaw emphasized that it’s not an easy area to assess. Not every person who has mental health issues becomes violent.

Trulieve dispensary is selling smokable medical marijuana in Orlando” via Kyle Arnold of the Orlando Sentinel — Trulieve has a medical marijuana treatment center in Orlando at 4544 North Orange Blossom Trail. The two Curaleaf dispensaries also started smokable medical marijuana sales in Orlando on Monday. Smokable medical marijuana became legal in Florida last week when DeSantis signed a new bill into law, two years after voters approved a constitutional amendment legalizing medical marijuana.

The secrets (and lies) of Miami Beach” via Tara Isabella Burton of the Wall Street Journal — James Cubby has seen a lot. Moments into the historical walking excursion he leads for Art Deco Tours, Cubby disclosed — with a raised eyebrow underneath his brown fedora — his own history in the city. After decades as a nightlife writer in Miami Beach, he knows everything worth knowing, he implied, about the city’s strange, seedy past. What we have to understand about Miami Beach, he told us, is that everything is fake. “Even the grass,” he noted. Each of the Art Deco hotel bars I visited — and a few more contemporary ones — felt like an elaborate stage set. Even better, the cocktail venues seemed designed for Miami Beach’s greatest pleasure: people-watching.

UCF administrator facing termination over misspending saga will be allowed to stay” via Annie Martin of the Orlando Sentinel — Former President Dale Whittaker told trustees he had started the termination process for the four employees after the release of a report by a law firm hired by the University of Central Florida to investigate the budgeting of $38 million in operating cash to build Trevor Colbourn Hall, a violation of state rules. One of those employees, Christy Tant, will be able to keep her former salary of $198,855 in her new position and department, which have yet to be determined. Tant, who has worked for UCF since 2010, was formerly assistant vice president and university controller.

Rick Kriseman to replace two agency board members as city seeks greater oversight of Housing Authority” via Christopher O’Donnell of the Tampa Bay Times — Board members Basha Jordan Jr., and Jo Ann Nesbitt will not be reappointed to second terms. In their place, Kriseman has named Stephanie Owens, who worked on federal housing and health care policy in the White House during the administrations of Barack Obama and Bill Clinton, and Jerri Evans, a legal assistant. The move comes as the Housing Authority has been hit by a spate of controversies over the renovation of the Jordan Park public housing complex and the leadership of CEO Tony Love.

Not dead yet: Inside David Straz’s $1.1 million Tampa mausoleum” via Janelle Irwin Taylor of Florida Politics — Straz owns a $1.1 million mausoleum in Tampa’s Myrtle Cemetery. That mausoleum is a spectacular display of ostentatious living that marks the Straz way of life. If Straz’s choice of imagery in his final resting place is meant as an homage to the things he holds dear. Then there’s a Rolls-Royce grille. Straz owns one of those. It’s red and shiny and very fancy. Straz recently claimed that while he does indeed own a Rolls, he prefers driving his American-made Cadillac or Dodge Charger. There’s not a grille for either one of those in his mausoleum. The fourth image in the panel is a private jet. Straz has one of those, too.

Just a regular guy: David Straz’s family mausoleum is filled with the trappings of opulent lifestyle, not exactly what would you expect from the average Joe.

— D.C. MATTERS —

Trump opposes further disaster aid for battered Puerto Rico” via Andrew Taylor of the Associated Press — Trump’s opposition to further disaster aid for hurricane-devastated Puerto Rico hardened as he told GOP allies at a Capitol Hill meeting that the U.S. island territory has gotten too much rebuilding money compared with mainland states like Florida and Texas. Trump’s ardent opposition to additional Puerto Rico funding sets up a showdown with House Democrats, who insist that a $13 billion to $14 billion disaster aid package that’s a top priority for southern Republicans won’t advance without further aid for the island. Sen. Marco Rubio said Trump told Republicans at a closed-door luncheon that aid for Puerto Rico “is way out of proportion to what Texas and Florida and others have gotten.”

Not another dime: Behind closed doors, Donald Trump is refusing to send any more money for Puerto Rico hurricane recovery

Marco Rubio and Rick Scott rejected the Green New Deal but now acknowledge climate change. What’s their plan?” via Steve Contorno of the Tampa Bay Times — Despite their newfound recognition for this threat, the Green New Deal was a bridge too far for Rubio and Scott. The resolution calls for the United States to reach net-zero greenhouse gas emissions in the next 10 years — a goal that even environmental advocates acknowledge would require drastic action. The plan is based on federal and international studies that say the world has about 12 years to significantly reduce carbon emissions to prevent the earth from warming to a level that could destabilize the planet. But the Green New Deal would also establish universal higher-education, health care, and housing, which Rubio described as “a grab bag of their radical agenda to transform America into the kind of socialist utopia that only exists in fiction.”

Assignment editors — U.S. Sens. Rubio and Mitt Romney join U.S. Reps. Ann Wagner and Dan Crenshaw for a news conference to unveil their paid family leave legislation, 11:15 a.m. Eastern time, Senate Small Business Committee, 428A Russell Senate Office Building, Washington D.C.

— 2020 —

Pete Buttigieg gains with crowds, TV spots and campaign cash” via Sara Burnett of The Associated Press — South Bend, Indiana Mayor Buttigieg, a veteran and Rhodes scholar, was the longest of long shots in January. No mayor has ever been elected president, much less one from a community of roughly 100,000 people in the middle of America. But his underdog bid is gaining momentum, and the clean-cut guy known to most people as “Mayor Pete” can feel it. Now he has to figure out how to turn one of the first surprises of the nascent race for the Democratic nomination into a full-fledged presidential campaign — and one that isn’t remembered as a mere quirk. “The buzz helps,” Buttigieg says.

Making headway: presidential candidate Pete Buttigieg is beginning to gain traction, drawing crowds and campaign cash. Image via NBC News.

— OPINIONS & ANALYSIS —

Joe Henderson: Lawmakers need to deal with distracted drivers” via Florida Politics — Police can’t stop a driver and issue a ticket when they catch that person is texting or otherwise distracted. Our lukewarm anti-texting/driving law won’t let cops make that a primary offense. Too many drivers don’t pay attention, and only one thing will stop that. Pull them over, write a ticket, take their money. Get three tickets, and you lose your license for six months. I’m for personal freedom as much as the next person. I draw the line if someone winds up in a body cast over a text though. If hamburger is a distraction for drivers, pull them over. Florida lawmakers need to stop pretending that distracted driving is a complicated issue. It isn’t.

E-prescription laws key in opioid fight” via Florida Politics — When it comes to the opioid crisis — the one thing all policymakers and citizens agree has become a national epidemic — we still prefer old fashioned pen and paper. As part of a multipronged approach to attacking this crisis, New York state adopted mandatory use of e-prescribing for controlled substances (EPCS) and access to a comprehensive medication history provided through a Prescription Drug Monitoring Program in 2016. Passing the mandatory use of e-prescribing for a controlled substance has a chance to make a real and immediate impact on the access to opioids. I encourage the Legislature to use every tool in the toolbox to reverse this trend and make e-prescribing of controlled substances the law in our state.

Florida’s latest assault on transparency: sealing names of foster parents” via Carol Marbin Miller of the Miami Herald — A bill before the Florida Legislature that is supported by the chronically troubled — and notoriously silent — DCF is designed to intensify secrecy. The bill would exempt from public disclosure the names of all foster parents. Even the ones like Jorge and Carmen Barahona, the Miami couple accused of unspeakable abuse to their twin foster children, Nubia and Victor, before the couple adopted them. DCF says the bill is necessary to protect foster parents from violent and vindictive parents he. As evidence, the agency points to Candi Johnson, who, according to police, shot a Northwest Miami-Dade foster mother last year while snatching her children. Such a story is fiction. Johnson never asked for public records relating to where her children were living.

UCF’s search for a president should avoid USF’s transparency games” via the Orlando Sentinel editorial board — As UCF gears up to start looking for a new president later this year, it has another chance to school USF. This time by showing it’s possible to choose an excellent university president without playing games designed to keep the public in the dark. University leaders worry Florida’s public records law makes it hard to find people who want to apply knowing their names will be made public. They want to find people who would rather keep their bosses in the dark about applying for a job instead of being open and honest about pursuing what may be the opportunity of a lifetime. We’re not convinced that’s a desirable quality in a job candidate.

— MOVEMENTS —

New and renewed lobbying registrations:

Charles Cliburn, New Capitol IT: Controltec

Chris Hart: Florida Association of Court Clerks & Comptrollers

Thomas Hobbs, Ramba Consulting Group: Florida Water Quality Association

Nick Iarossi, Andrew Ketchel, Christopher Schoonover, Capital City Consulting: Florida Pet Retailers

Danny Jordan, Nicola Powell, Jeanette Yaeger, One Eighty Consulting: SecureWorks

Jeff Kottkamp, Sunshine State Consultants: Antonel Second Corp, Triangle Capital

William Prater, Cooperative Strategies: DISH Network, DraftKings, FanDuel

Teye Reeves, Smith Bryan & Myers: College of Central Florida Foundation, CoreCivic

Daniel Russell, Jones Walker: Scientific Games International

Drew Smith, Smith & Smith Consulting: Home Care Association of America — Florida Chapter

John Ward: Automotive Aftermarket Association Southeast

Deadline to apply to Board of Bar Examiners extended — Application will now be accepted till 5 p.m. Thursday for two lawyer vacancies on the Florida Board of Bar Examiners. A joint screening committee of The Florida Bar Board of Governors and Board of Bar Examiners will recommend six nominees for the two spots at a May 24 meeting. The nominations will then be forwarded to the Supreme Court to fill two five-year terms starting Nov. 1 and ending Oct. 31, 2024. Those interested in applying should call (850) 561-5757 to get the application form.

— ALOE —

Lego Movie World to debut as latest salvo in attractions war” via Marco Santana of the Orlando Sentinel — Step past the carousel at Legoland and you will soon find yourself face-to-face with dastardly pirates using your boat for water-cannon target practice. The rides are key features of the new 80,000-square-foot Lego Movie World, the newest attraction that Legoland leaders hope will boost efforts to compete in the high-stakes world of Central Florida theme parks. “This is very important for our park,” Legoland Florida General Manager Rex Jackson said. “When you look at the addition of Lego Movie World, along with our accommodations, we believe we have finally solidified ourselves as a multi-day destination.”

The latest salvo: Lego Movie World opens in Legoland Florida, a major expansion that ‘solidifies it as a multi-day destination.’

Sesame Street comes alive at SeaWorld Orlando’s expansion set to open” via Dewayne Bevil and Gabrielle Russon of the Orlando Sentinel — The 18-month design and construction project will be complete when the 6-acre land debuts to the public. There are buttons to press, interactive screens to touch and Oscar the Grouch’s garbage can to pound on — all part of a set designed to feel like the Muppets really live here. SeaWorld Orlando’s grand opening comes during what is expected to be a blockbuster year in the theme park industry.

— HAPPY BIRTHDAY —

Today would have been Bob Levy‘s birthday. We miss you, my friend.

Today’s Sunburn was written by Peter Schorsch, Phil Ammann, Daniel McAuliffe, Jim Rosica, and Drew Wilson.

WP Facebook Auto Publish Powered By : XYZScripts.com