The upcoming congressional elections will determine who has clout in Washington, with important implications for IT policy in the United States.
Among the pieces of legislation topping the dockets are a major rewrite of the nation's telecommunications laws and potential new rules for how businesses and government agencies manage personal data. Also on the agenda are programs to protect the nation's critical IT and physical infrastructure, increased funding for education and R&D, and a contentious battle over H-1B visas.
With so many issues at hand for our representatives and senators, InformationWeek takes a close look at five key areas affected by IT policy: communications, data privacy, critical infrastructure, innovation, and jobs and education.
Major telecommunications bills covering the issue of network neutrality and many other issues have passed the House of Representatives and await a vote in the Senate. But the zeal to ensure that laws are equitable to consumers and service providers could leave businesses in the middle, coughing up cash. "The marketplace looks dangerous if you're an enterprise customer," says Colleen Boothby, a Washington attorney who represents a group of businesses on telecom issues.
Phone and cable companies want to be able to charge premiums to give preferential treatment to certain Internet traffic. Some businesses worry, however, that carriers will treat their own traffic better than their customers' and cut sweetheart deals with preferred buyers. The House recently passed a sweeping reform bill that would, in part, empower the FCC to enforce hazy neutrality principles but make no new rules, and the Senate is considering one, by Ted Stevens, R-Alaska, with even fewer provisions for net neutrality. Neither bill truly supports net neutrality, leaving decisions instead with the FCC, whose chairman has come out against the concept.
The issue has become a cross-party fight--free-market Republicans against net neutrality Democrats who want all traffic treated the same and are stonewalling the Stevens bill. Sen. Ron Wyden, D-Ore., has placed a procedural hold on the bill to get net neutrality worked in. Unfortunately, some think the issue has been so oversimplified by political ads as to confuse Congress. "It's been morphed by so many spin doctors it doesn't matter any more," Vonage co-founder Jeff Pulver says.
Stevens recently said he hopes to get a vote during the lame-duck session between Election Day and the new year, but a change of Congress could kill his bill altogether or push through a revised version with more protections for net neutrality.
Meanwhile, the FCC and Congress have been encouraging new broadband technologies. Witness last month's auctions of 3G wireless spectrum and a proposal from Sens. Mike DeWine, R-Ohio, and Herb Kohl, D-Wis., both up for re-election, that a combined AT&T-BellSouth divest some of its WiMax spectrum for competitors.
Businesses must watch telecom policy closely, especially as Congress could change hands. Though the legislators say they understand the need for reform and competition, replacement telecom legislation has remained incomplete for too long. A new Congress might act, but in whose best interest?
Despite myriad data breaches against businesses and government agencies, Congress isn't likely to pass legislation this year to mandate how data is to be secured or how companies must respond if customer or constituent data is lost or stolen. But that doesn't mean IT departments should relax.
Congress isn't ignoring the issue: Several breach-notification and data privacy bills have been winding their way through both houses over the past 12 months. But the proliferation of proposed measures, the complexity of data security, and the potential cost of breach notification have prevented Congress from reaching consensus.
One bill with promise is the Financial Data Protection Act of 2006, proposed by Rep. Cliff Stearns, R-Fla. The bill has cleared the House Energy and Commerce, Financial Services, and Judiciary committees since its introduction a year ago, and it's ready for a vote by the full House when it reconvenes after the November elections. Stearns' bill would then need to get through the Senate if it's to make its way to President Bush's desk.
The bill requires companies to implement policies and procedures to protect data containing personal information — names, addresses, birth dates, and Social Security numbers, for example — and to provide nationwide notice in the event of security breaches. Organizations that manage personal data would have to assign responsibility for securing it to someone, creating accountability.
Sen. Hillary Rodham Clinton, D-N.Y., who's in the midst of her first re-election campaign, promised in June to introduce a "privacy bill of rights," otherwise known as the Privacy Rights and Oversight for Electronic and Commercial Transactions Act of 2006. The proposed legislation would give consumers the right to sue when privacy rules have been violated, to protect their phone records, to freeze credit when their identities have been stolen, to know what businesses are doing with their credit reports, and to expect the government to exercise best practices in dealing with their personal information.
Clinton's bill would require businesses to have a greater understanding of what data they have in their systems, who has access to that data, and how it's used. Lawyers could have a field day if businesses mess up. Sen. Thomas Carper, D-Del., seeks similar protections in his Financial Data Protection Act, already in play before the Senate Banking, Housing, and Urban Affairs committees.
It's going to take fine-tuning to get federal data-protection legislation right. "The government can't be productively involved in the microlevel detail of how companies protect customer information," argues Dan Blum, senior VP and research director with the Burton Group. "It should create a consistent standard of due care that companies should follow."
A consistent set of federal rules may be what businesses need. It's that or the hodgepodge of state rules that apply now.
A project to improve security around the Potomac Basin near Washington, D.C., kicks into high gear this month with the goal of protecting key sites, including Ronald Reagan Washington National Airport and Navy and Air Force facilities. It's the latest in a series of regional projects funded by the Transportation Security Administration that combine access control, geospatial technology, video analytics, and other technologies to protect transportation facilities, utilities, and critical infrastructure.
Hey, government, get involved, Olzak says
Photo by Chris Lake The Potomac Basin initiative comes after years of stalled projects and a general lack of cooperation between the private sector and U.S. government agencies charged with protecting the nation's critical infrastructure. Businesses own about 85% of that critical infrastructure, yet the government must play a leading role in safeguarding it, says Tom Olzak, IT security director for HCR Manor Care, a $3 billion-a-year nursing home operator with locations in 32 states. "Not in an autocratic way," he says, "but in a way that moves us in the direction of a more secure infrastructure."
TSA stumbled badly over the past few years with a Secure Flight program that has yet to get off the ground because of data privacy and system integration problems, but it has had more success securing key pieces of local critical infrastructure. In 2003, TSA allocated $17 million for 19 projects, including the implementation of security systems at Helena Regional Airport in Montana and Tallahassee Regional Airport in Florida.
Tech providers for these projects and for the Potomac Basin security system, scheduled for completion in June, have formed the Strategic Infrastructure Protection Consortium with the goal of identifying the most appropriate technologies for protecting U.S. airports, power plants, ports, military bases, rail yards, and other infrastructure. The consortium's plan for the Potomac Basin is to establish a security infrastructure that uses physical measures, such as intelligent video that can detect when a truck is parked where it shouldn't be or if there's movement in an area that should be still. The system would automatically alert law enforcement and first responders via radio, cell phone, computer, or other communication device.
"Critical infrastructure protection isn't where it needs to be, and the government would agree with me," says Michael Borcherding, president of systems integrator Abeo and director of the consortium. "That's why they're funding these projects."
Still, airports and other businesses aren't obligated to buy enhanced security simply because it's available. The key to protecting critical infrastructure is for vendors like those in the consortium to provide affordable technology that can be integrated easily into existing physical and IT security infrastructures. Hey, government, get involved, Olzak says
Congress has demonstrated a willingness to reform the broken patent system and a desire to keep the United States among the world's leaders in high-tech innovation. Even if the political guard changes in the November elections, that won't.
Without fixes to the patent system, technology companies will continue to face court challenges and fines, businesses will be vulnerable to injunctions like the one that almost forced them to drop BlackBerrys, and patent-application backlogs will threaten inventors.
Led by Rep. Lamar Smith, R-Texas, legislators are on the verge of reforming the patent system. Smith's legislation, introduced last summer, would create a minitrial to determine the quality of a patent when it's challenged, among other things.
Changes ahead for the Patent Office Sens. Orrin Hatch, R-Utah, and Patrick Leahy, D-Vt., proposed a similar bill in August. This bill would give patents to those who are the first to file, as most other countries do, rather than relying on the current law's hard-to-prove "first to invent" standard. That would make the Patent Office much more efficient, creating less backlog.
Congress seems reform-minded, but how far will it go? The Congressional Research Service calls these bills "the most sweeping reforms to the U.S. patent system since the nineteenth century," but not everyone wants that. Pharmaceutical companies and some inventors oppose most of the measures. It's too early to tell how final legislation might look, says Rob Atkinson, president of the Information Technology and Innovation Foundation.
In this year's State of the Union address, President Bush outlined the American Competitiveness Initiative, which would double government R&D funding to $269 billion by 2016. (The initiative is funded for fiscal 2007, but spending has yet to be authorized.) The budget for the federal government's own IT R&D arm, Networking and IT Research and Development, is poised to increase to $3.1 billion in fiscal 2007.
An important catalyst for private-sector tech investment is the R&D tax credit. The credit offsets about 6% of the R&D spending of American companies. IT companies are big beneficiaries, but Congress let the credit expire last year for the 12th time since 1981. If the credit isn't put back in place, Congress risks eliminating an important incentive for IT vendors to innovate. A move to re-up the credit was struck down earlier this year because of its inclusion in a controversial estate tax and minimum wage bill, but observers hope something will be passed soon.
The government is putting its money where its mouth is and committing to patent reform. What more could the IT industry want? For Uncle Sam to move quicker.
America's children are falling behind the rest of the world in math and science. In a worldwide student assessment conducted in 2003, the United States ranked 28th in math and 24th in science literacy among 40 countries. Congress got the message — education and employment bills aimed at bolstering the technical workforce are flying around Capitol Hill.
"To maintain our growth and standard of living, we've got to be constantly moving to better education and high-tech jobs," says Phil Bond, president of the Information Technology Association of America. "It's not a red-state, blue-state issue."
Spurred by President Bush and others, Sen. John Ensign, R-Nev., this year introduced a spending bill that was followed up by an authorization bill sponsored by Senate Majority Leader Bill Frist, R-Tenn., and co-sponsored by Minority Leader Harry Reid, D-Nev. The bills would increase spending on several educational grant programs and initiatives, including grants to schools to create hands-on technology learning programs and increased funding for math and science education through the National Science Foundation.
Another route is to bring in outsiders to fill jobs the U.S. workforce can't. Foreigners hired for skilled positions have become talking points for congressional aspirants and fodder for Government Accountability Office reports to point out misuse of H-1B visas or call for raising caps. The number of H-1B visas that can be granted in a given year to bring in technology workers has been fluctuating; this year's 65,000 limit was met only two months after the government began accepting requests.
Generally speaking, the IT industry wants to raise H-1B visa caps and has support from several members of Congress, including separate bills from Sen. John Cornyn, R-Texas, Rep. John Shadegg, R-Ariz., and Sen. Arlen Specter, R-Pa. The rub is that immigration reform is controversial, with Democrats worried about union reaction and Republicans about national security. None of the proposed cap raises has been approved.
"There's support for increasing the number of H-1Bs, but it's all tied up in the big immigration packages," says Joe Tasker, ITAA's senior VP of government affairs, who's unconvinced there will be any movement on this front soon.
Although there's bipartisan support for technology education and H-1B reform legislation, they have yet to pass. Says Tasker, "Part of the problem is that it all sounds good, and then you try to figure out how to pay for it, and the numbers are pretty big."
Illustrations by Tadeusz Majewski