Hagel: Cybersecurity is a Big, Insidious Threat

Defense Secretary nominee and former Republican Senator Chuck Hagel said during his Senate confirmation hearing this morning that cybersecurity is as dangerous a threat to the nation's defense as any other threat given cyber's ability to wreak havoc quickly and across a variety of crucial systems.  "Cyber, I believe, presents as big a threat to our country as any one specific threat.  It’s an insidious, quiet kind of a threat that we’ve never quite seen before."

In an exchange with Senator Mark Udall (D-CO), Hagel said the potential damage of a cybersecurity attack could be very wide-scale.   "It can paralyze a nation in just a second.  Not just the power grid or a banking system.  It can knock out satellites, it can take down computers on all our carrier battle ships.  It can do tremendous damage to our national security apparatus."

But, he said, it's not an easily tackled issue.  "This is law enforcement, this is privacy, this is business, so a lot of complications that we’ve  really never ever had to face before on national defense threats to this country."

Cybersecurity will be a top priority for the Defense Department, Hagel suggested.  "Cyber will be an area that we will continue to focus on and an area that I will put a high priority on if I’m confirmed to be Secretary of Defense."

Worldwide Government Requests for Google Data Jumped 70% from 2009 to 2012

Google released its bi-annual Transparency Report yesterday, one part of which is aimed at documenting the number of worldwide government and court requests it receives to hand over user data, usually (although not always) in criminal investigations.  The bad news:  the number of reported requests keeps rising - from 12,539 during the second half of 2009 to 21,389 during the second half of 2012, an increase of 70%.

The good news:  the percentage of requests where Google actually hands over the data is on the downswing, from 76% in the second half of 2010 (the earliest that Google began reporting this data) to 66% in the second half of 2012.  It's possible that Google is just getting better at deflecting these requests or it's also possible that governments are basing their requests on fewer and fewer justifiable reasons. Or some combination of both.

The more interesting question is what's happening over time in individual countries, whether authorities in some countries are stepping up or decreasing their demands for user data.  Although Google hasn't produced quite enough data yet to get a truly good look at the trends, the company has released enough data to tentatively talk about year-to-year trends in about twenty-two countries.

I've pasted at the end of this post a full table that contains my 2011 to 2012 analysis for all of these countries.  Based on this analysis, here are the top five and lowest five countries in terms of percentage growth for the number of data requests, data produced and accounts specified.

As you can see based on this breakdown, South Korea tops the list for the fastest growth rate in data requests, while Chile tops the list in terms of growth in the frequency of actual data produced.  South Korea also had the fastest growth rate in the number of accounts specified - the authorities there accessed almost double the number of accounts in 2012 that they did in 2011.

Singapore earns the distinction of having the lowest growth rate in terms of requests - the government authorities in Singapore made 11% fewer requests in 2012 than they did in 2011.  Portugal experienced a 44% drop in terms of how often actual data was produced and Singapore rounded out the bottom of the list in terms of the number of accounts specified, with a 44% decline from 2011 to 2012 in the number of Google accounts to which the authorities there gained access.

It's not clear that these trends mean much of anything at this point; a whole host of factors, such as a drop in the overall crime rates in any given country, shifts in government control, increased or decreased usage of Google services and many other variables can drive year-to-year changes.  And data can be cut a lot of ways - I've chosen percentage growth in data demands, which, although it equalizes the disparities among nations, can make things look bigger or smaller than they really are (after all, a jump from 1 to 2 is a 100% change, the same as an increase from 100 to 200).  Finally, Google itself is continually refining how it reports this difficult data and methodology changes could cause some of the data to be incomplete or incomparable for the purpose of this kind of analysis.  But even with these limitations, it might be useful to keep track of the changes over time to determine if some governments, some political regimes, are stepping up or easing back on their efforts to gain access to Internet data.

Another interesting point:  Google has for the first time released for the U.S. the kinds of legal processes that the authorities use when requesting data.  Around 68% of the requests are subpoenas, 22% are search warrants with the remaining 10% mostly court orders or other processes.  As I mentioned in a blog post two days ago, Google and other Internet companies are pushing to change the law, primarily the Electronic Communications Privacy Act (ECPA), so that law enforcement and other government requests for data meet the more stringent legal requirements that warrants require.

Image Source:  Google.

Google Exec: Data Privacy Laws Violate the Fourth Amendment

(Washington, DC) The main existing law that limits the scope of law enforcement electronic snooping violates the Fourth Amendment to the Constitution when it comes to Internet communications, a top Google expert said here today.  Speaking at the Congressional Internet Caucus' Annual State of the Internet Conference, Google's Director of Law Enforcement and Information Security Richard Salgado said that "our view is that the statute [the Electronic Communications Privacy Actor ECPA] is out of compliance with the Fourth Amendment because the government can call for the production of your data without a search warrant."  The Fourth Amendment guards against unreasonable searches and seizures by the government.

ECPA, drafted in the 1980s when telephones were the primary mode of electronic communications, does not extend to email or other forms of Internet communication.  Under ECPA, government authorities can and do request user information records with either commonplace, easy-to-issue subpoenas or with little more than written notices stating that the data are pertinent to an investigation.  Telephone wiretaps, on the other hand, are usually subject to more stringent requirements for search warrants, which are issued by courts and judges and are based on the legal standard of probable cause.

The failure of the law to keep pace with Internet privacy issues is the main reason Google backs the Digital Due Process Coalition and publishes a bi-annual transparency report, which documents the government data requests received by the Internet giant.  Although Google does not break down the kinds of law enforcement requests it receives -- warrants, subpoenas or just informal letters -- Salgado said that about 70% of the requests it receives are subpoenas. (Update:  On 1/23, Google released its latest transparency report which documents for the first time the kinds of government requests it receives.  Of the total requests received during the second half of 2012, 68% were subpoenas, 22% were search warrants and the remaining 10% were court orders or other or other processes that are difficult to categorize.)

"What we hear anecdotally is that the government asks [Internet companies] 'give us everything you can.'  The vast majority of that email is not going to be relevant," Kevin Bankston, Senior Counsel, Center for Democracy and Technology said.  "There is no minimization requirement when it comes to email."

The so-called scoping problem with Internet communications, namely that the government can request massive amounts of data without narrowing the scope of its requests, is likely the basis for the oft-reported allegation that Jill Kelley, a central figure in the Petraeus scandal, had exchanged 30,000 emails with General John Allen, the U.S. Commander in Afghanistan.  The true number of emails is likely in the hundreds, according to Kelley, but it's possible that the FBI did indeed examine 30,000 of her emails in their hunt for relevant communiques.

How the FBI got access to the email accounts in the Petraeus scandal is unclear, according to Julian Sanchez, Research Fellow at the Cato Institute.  "One site reported that the FBI used subpoenas.  That's a little weird if true because the FBI does not have administrative subpoena authority," he said. [Clarification: Julian was speaking about the FBI's administrative subpoena authority in cyberstalking investigations.]

No good remedies to this problem are on the horizon either.  To fix ECPA or enact new laws would require an act of Congress.  But, "realistically I don't think anything has a legislative solution anymore," Mike Vatis, a long-time government cyber security and digital data protection expert, now a partner at Steptoe & Johnston, said.  [Clarification:  Michael Vatis says he was speaking about the prospect of a legislation solution to the question of minimizing the scope of law enforcement requests because minimization becomes too complicated to address in legislation, with courts ending up deciding the matter on a case-by-case basis.  He later said that a legislative solution is possible through a simpler amendment to require a warrant to obtain the content of any communications].

The Sprawling Labyrinth of Critical Infrastructure Cybersecurity

The five-alarm warnings that the Obama Administration issued last fall regarding an impending cybersecurity Pearl Harbor, along with the threat of a cybersecurity executive order, seem to have receded into the background as the President continues to grapple with fiscal woes and a politically arduous gun control initiative.  When last we heard anything from reliable sources, that executive order was being readied for release in January (some press reports confirm this), although that seems highly unlikely given the political lay of the land and the hubbub over the inauguration.

But once the order does come out (or if Congress takes another crack at passing cybersecurity legislation), the gargantuan challenge of figuring out the existing cybersecurity landscape will become clear.  I’ve been working on my firm’s first public product (coming soon), a cybersecurity databook that promises to hit the highpoints on the complex issue. 

My first task in mapping out the book was to simply describe the cybersecurity environment today, highlighting the roles of the major players and how the ground rules get established.  That was no easy task. 

When it comes to cybersecurity for the energy industry, for example, nearly one hundred government-related entities, standard-setting bodies, private coalitions, and trade associations, all have a hand in establishing or influencing the intricate rules, policies and procedures for how cybersecurity requirements and practices are formed, implemented, regulated and shared – and that’s just on the domestic level.   A massive set of groups and government organizations are busy establishing cybersecurity practices and policies on the international level.

I’ve pasted at the end of the article my list of government, standards-setting and information-sharing groups that are profiled in the report.  (If there are any noteworthy omissions in this list, email me.)

At least 36 different government arms, be they affiliated with the White House, Pentagon, independent regulatory agencies, full-fledged Departments, sponsored labs, working groups, or advisory panels, toil away on energy-related cybersecurity matters.  Some, of course, are more active on a day-to-day basis than others and some, particularly those whose primary jurisdiction is telecommunications, only tangentially but crucially overlap with energy.  Some, particularly military groups, may step in only periodically but when they do, their roles carry a tremendous amount of weight.  Some carry the force of law to get things done, while others are merely conduits for basic research, advice and study.

At least 18 different standards-setting body develop or codify the technical specifications for the engineering methods and techniques for how cybersecurity is implemented in practice.  Again, some are more important than others, with many primarily responsible for telecommunications standards – when it comes to energy, most of the networks that need cybersecurity protection the most are in fact nothing more than telecommunications or IP-based networks.

Finally, at least eight information-sharing or multi-organization groups play important roles in the energy cybersecurity arena. 

With all these groups, comprising hundreds of bureaucrats, military personnel, engineers, technologists and other specialists, trying to tackle the rarefied topic of cybersecurity, it’s hard to see how any single plan or program can come to grips with the issues.  Throw in nearly 10,000 energy creators, transmitters and distributors and it’s clear that energy cybersecurity is nothing short of an endless labyrinth

Government Entities Involved in Energy Cybersecurity
National Security Council
Department of Commerce
    DoC - National Institute of Standards and Technology (NIST)
    DoC (NIsT) National Cybersecurity Center of Excellence (NCCoE)
    DoC National Telecommunications and Information Administration (NTIA)
Department of Defense 
    DoD Cyber CrimeCenter (DC3)
    DoD US Cyber Command 
Department of Energy - Office of Electricity Delivery and Energy Reliability
    DOE Argonne National Laboratory
    DOE Idaho National Laboratory
    DOE Lawrence Berkeley National Laboratory
    DOE Lawrence Livermore National Laboratory
    DOE Los Alamos National Laboratory
    DOE New Brunswick Laboratory
    DOE Oak Ridge Institution for Science and Education
    DOE Pacific Northwest National Laboratory
    DOE Sandia National Laboratories
Department of Homeland Security
    DHS - Cross Sector Cyber Security WG
    DHS - Homeland Security Information Network (HSIN)(Private)
    DHS - Industrial Control System Joint Working Group (ICSJWG)
    DHS - US-Computer Emergency Readiness Team (US-CERT)
    DHS - Industrial Control Cyber Emergency Response Center (IS-CERT)
    DHS - National Communications System
    DHS - National Cybersecurity and Communications Integration Center (NCCIC)
    DHS - Sector Coordinating Councils: Electricity and Communications
Department of Justice
    FBI InfraGard 
Department of State
FCC Cybersecurity and Communications Reliability Division (CCR)
    FCC The Communications Security, Reliability And Interoperability Council (CSRIC)
Nuclear Regulatory Commission
United States Trade Representative
NARUC Committee on Critical Infrastructure
Standards Setting Organizations Involved in Energy Cybersecurity
Alliance for Telecommunications Industry Solutions (ATIS)
American National Standards Institute
Institute of Electrical and Electronic Engineers (IEEE)
International Electrotechnical Commission (IEC)
International Organization for Standardization
International Telecommunications Union (ITU)
National Electric Reliability Corporation(NERC)
North American Energy Standards Board (NAESB)
UCA Iug Open SG-Security 
Information Sharing and Other Multi-Organization Groups Involved in Energy Cybersecurity
Advanced Security Acceleration Project for the Smart Grid (ASAP-SG)
Electric Power Research Institute (EPRI)
International Society of Automation (ISA) ISA Information Sharing and Analysis Centers: Power 
Internet Engineering Task Force (IETF)
National Cybersecurity Council Administration
National Electric Cyber Security Organization (NESCO)
North America Transmission Forum 

Image Source:  Wikimedia Commons.

I Was Once Aaron Swartz: It’s Not the *Criminal* Justice System, It’s the Justice System

When I first read the news that Aaron Swartz, the Internet activist, had committed suicide, I was, of course, saddened that such a young talent took such a terrible route.  He had depression, which he had acknowledged publicly.  But the more I’ve read about what happened, the more it has become clear to me, with undeniable certainty, that. as his family and friends (and now his attorney) claim, his problems were fatally compounded by the legal woes he faced in a battle with the federal government, the mightiest of all possible foes in the world.

What crime did U.S. Attorneys Carmen Ortiz and Steve Heymann accuse him of committing?  Allegedly using the computer network at M.I.T. to download nearly five million articles from a fee-paying database of academic articles called JSTOR, owned by a non-profit group.  In an ironic twist, JSTOR long ago resolved all civil claims against him, publicly regretted its involvement in the case and last Wednesday, decided to make its archives available for free.

Swartz, who developed the RSS 1.0 specification when he was 14, helped co-found Reddit and campaigned for free access to information, was nonetheless charged with 13 felony counts and faced 35 years in prison and $1 million in fines if a jury found him guilty of the charges.  He was 26 years old.  To say that U.S.v.Swartz wasn’t a fair fight is a ludicrous understatement.  Aaron didn’t stand a chance. 

Few people can intimately understand, though, just how devastating Aaron’s situation was, but I think that I can.  Yes, his supporters and admirers spoke out, are speaking out now, regarding the unfairness of the situation, how harshly he was treated by prosecutors and how noble his free information cause was and is.  But when the litigation gun is cocked and aimed at a helpless person, that person stands alone with no support.  No matter how many people love you, agree with you, support you, the only thing that can provide any relief is for the gun to be lowered.

And by all press accounts, the U.S. Attorneys were unwavering in their aim, unwilling to lower their weapon by even an inch.  Ortiz said in a statement prior to Aaron’s death that “stealing is stealing, whether you use a computer command or a crowbar."  In other words, the law is the law is the law.  No shades of grey, no weighing of philosophical and technological shifts, no new issues to ponder, no compassion for the haphazard idealism of a young talented man.  Case closed.

This sense of isolation and hopelessness, when an all-powerful legal foe takes steadfast aim at you, is exquisitely more painful when the litigation itself is fundamentally crazy, and by that I mean, no one really gains anything from it (which is so often the case in any legal system) and it isn’t even clear anyone was harmed or how they were harmed.  It’s even more excruciating if the punishment – in Aaron’s case, impoverishment, felon status and prison time -- is grossly out-of-proportion to the crime, if indeed a crime occurred. 

I know a little bit, and just a little bit, about what was going through Aaron’s head and heart.    I once was at the end of that same gun, although the stakes for me were not as high and the case was a civil not criminal one.  And I was much more mature and in much better shape emotionally than Aaron was.  I felt strong and capable.  Yet the enormity of dealing with litigation nearly sunk even me.

What I was not prepared for was two brutal years of unexpected, nonsensical litigation in the federal courts brought by an adversary that had hundreds of millions more in annual revenue than I did.  I could write endlessly about what happened and when and how ridiculous it all was, although that would be boring and probably unwise.  But I spent a small fortune defending myself against a civil complaint (my adversary made a federal case of the matter -- and I now know the frightening meaning of that phrase, to make a federal case out of something) which was a buzzsaw of multiple and mind-boggling, unfounded allegations, some of which didn’t even seem possible to be violations of the law.

From my vantage point, my adversary threw the spaghetti on the wall in either the hopes that one of the allegations would stick or in the hopes I would be so scared by the fearsome legal document, I would agree to anything they wanted.  Which I would have done in a heartbeat, believe me, if their bottom-line wasn’t so consistently awful.   And by all reckonings, the case against me was unfathomable and unfair and unwinnable.

The point is not what happened to me or who was right or who was wrong in my case.  Every conflict has two sides and even in Aaron’s case, I could argue a rationale for upholding what is technically the law (stealing IS in fact stealing after all and moral relativism can be dangerous in legal thinking).  The point is how unspeakable it feels to be outgunned by a stalwart adversary with unlimited power with no clear upside for anybody. 

I can imagine how Aaron must have felt.  Here, based on my experience, is what I imagine he was feeling:

1.        Outrage and a Loss of Perspective

Not only must he have carried around a wordless sense of outrage and anger, but the legal system moves tortuously slow and can pulverize perspective.  The oft-quoted phrase “the wheels of justice turn slowly, but grind exceedingly fine” is an apt metaphor for what happens in the thick of litigation.   

You start with the big picture but soon enough your day-to-day life becomes consumed with horrifying minutiae that only lawyers love and that you would rather not spend any time at all, much less most of your waking hours, contemplating.  Procedures and debates over procedures soon occupy your thoughts.  Theories about jurisdiction; arguments for and against procedural delays; whether certain counts should be dismissed or dismissed with prejudice or ruled upon by summary judgment; whether precedents exist for this argument or that argument.

These kinds of intellectual exercises are crucial to a successful defense, to adequate legal representation and to managing your life in the best possible way you can but they kill your soul and make you feel lost in the woods of legal insanity where things get side-tracked into thickets of such arcane intricacy that you’re no longer sure about much of anything.

2.        Paranoia

Then there’s the paranoia, which, as the saying goes, is not paranoia at all if there is actually someone out to get you.  Someone, the world’s most powerful force, was indeed out to get Aaron.  In my case, my adversary hired a law firm whose mascot (yes, the firm proudly has a mascot) is a bulldog.  As the litigation progressed, their attorneys ramped up the pressure, raised the rhetoric and generally did everything they could to scare me.   

It is a litigator’s job to win; instilling fear in the opponent only helps.   As a consequence, my imagination sometimes ran wild.  Had they hired private detectives to follow me?  Was my phone tapped?  Was my child being watched?  Rationally I knew these things were probably not true, but the mere fact that these and other bizarre thoughts floated in my mind made me feel crazy.  I’m afraid to imagine what ran through Aaron’s mind in the wee hours of the morning when the party trying to instill fear in him was the U.S. Government. 

3.       Sense of Shame

Along with instilling fear, it is a litigator’s job to shame the opponent.  On its face, the case against Aaron alleged that he was a criminal, which couldn’t help but seep into his psyche somehow.  Beyond that, though, the U.S. prosecutors undoubtedly tried to make him feel like dirt by dredging up anything they could.  It’s not unreasonable to expect that they stretched controversial aspects of his life into damnable character flaws or skewed ordinary human weaknesses into punishable offenses or even (and it does happen) made things up out of thin air.

I don’t know, not really having the guts to read the full set of legal filings in his case and not being privy to the private conversations he had with his lawyers or that his lawyers had with the prosecutors.  I know that in my case, as time dragged on, the harshness and allegations grew stronger and stronger and my sense of shame over things I did not even do grew stronger too.

Then there is the financial aspect.  Press reports indicate that Aaron, who seemingly made his own way in the world from an astonishingly early age, was mortified at the prospect that he might have to borrow money from others to finance his upcoming trial.  That’s pure, unadulterated shame.  It is not an uncommon tactic to try to bankrupt your foe in an effort to get them to settle.

4.        Overwhelming Sense of Waste

Along with the shame comes the sense of waste.  Aaron was a young man, full of talent and promise and committed to social justice.  But in the end he was wasting his time on something that was destroying his perspective, making him paranoid, filling him with shame, searing him financially and doing nothing for society in the process.  Even at his tender age, he must have felt a higher sense of moral indignation about what was happening to him and impotent rage at how society’s resources were being wasted.

When the dust settled, I often thought about the amount of time and money both sides spent in my litigation and I genuinely mourned for the waste to humanity.  An ungodly amount of money went into my case, which could have gone toward so many other productive activities, business or otherwise.   Many, many families in developing nations could have lived for years on the amounts spent on my lawsuit.  Whole new lines of businesses could have been developed that might have ended up providing much needed jobs.  I often thought about that.

And I often thought:  why didn’t we just take the dollars spent in my case, pile them all in the street and light the pile with fire?   That would have been a far more efficient and better outcome for the world at large and I say that with complete seriousness.

5.        Sense of Betrayal

Needless to say, once a deep-pocketed foe aimed its sites on me, some people I considered friends and allies became scarce or looked at me with a gimlet eye.  And friends and family members couldn’t always bear up under my woes, mostly out of a sense of helplessness that they could do nothing about the bulldog that had its teeth in my leg.  I forgive everybody for everything and did so long ago. But while I was going through this episode of my life, I learned a painful lesson or two about betrayal.

Aaron reportedly felt an even more painful sense of betrayal about those who did not stand up for him, particularly M.I.T., which violated its own open ethos in failing to help Aaron.  I don’t know the specific facts of why M.I.T. did what it did, but the university has agreed to conduct its own soul search and report the findings and that’s good.    Still, I understand why his parents condemn the supposed center of higher knowledge.

I was far luckier than Aaron all the way around, with as good an outcome for me as I could have expected given the flawed nature of the U.S. legal system.   But when I read the accounts of his life, his battle with the federal prosecutors, I think:  what if I hadn’t been as lucky as I was?  What if I had been younger or more fragile or less stubborn or less resilient?  What if the stakes were as high for me as they were for Aaron?

It’s too much to hope that those who use the justice system, be they private litigants or government prosecutors, pause to become more mindful of the consequences.    My attorneys warned me that it is well understood among litigators that the justice system is a honey pot for broken people with misdirected anger, who pursue litigation to bolster their shaky egos or cover their own inadequacies or score points that they can’t otherwise seem to earn.    For these people, the justice system will always serve as a means for filling their empty interior holes.

But for others, I hope that if there is anything to be learned from Aaron Swartz’s untimely end, it is this:  there are real human beings on the other side of the legal briefs.  Sometimes they’re brilliant, young idealists who meant no harm, caused no harm, have a lot to offer and can’t bear up under the strain.  Aaron was one of them.

Image courtesy of DemandProgress.org.

FCC Report on Derecho Telecom Failures: It's the Back-Up Power

As I mentioned in a post after Hurricane Sandy, the lack of back-up power, more than anything else, was a likely main culprit for communications failure after that natural disaster.  Today, the Federal Communications Commission (FCC) released a report about communications failures not surrounding Hurricane Sandy, but those that occurred during and after the earlier derecho events in June 2012, which hit the mid-Atlantic hard, causing days of power outages and communications failures during an extreme heat wave. Altogether, more than 1.2 million wireline users across twelve states experienced outages as a result of the derecho and 11% of cell sites were knocked off-line.

The FCC's report is surprisingly harsh on the seven communications providers examined in the investigation (I say surprisingly because the Commission's reports and opinions are usually over-lawyered and strive for a boring sense of balance and have in recent years rarely adopted a critical tone). The regulator raps the providers for failing to follow industry best practices established by the agency's Communications Security, Reliability and Interoperability Council (CSRIC), which is composed of industry representatives.  The report notes:
For reasons explained below, communications failures during the derecho revealed that many providers failed to implement crucial best practices developed by CSRIC that could have mitigated or prevented many of the storm’s most serious effects on communications networks,  including 9-1-1 service outages.  This failure, and the resulting damage, was costly.

Specifically, the chief reason for both wireline and wireless outages was the failure by the providers to ensure adequate back-up power.  Around 7% of Verizon's generators in central offices failed to operate properly when needed and the telco admits that generator failures in its Arlington and Fairfax, VA central offices directly resulted in the loss of 911 service to residents in northern Virginia .  Indeed, Verizon had suspended testing of the Arlington generators back in 2011 due to "a problem with the uninterruptible power supply in that  office."

The report, written by the FCC's Public Safety and Homeland Security Bureau, comes down hard on Verizon, the major communications provider in the affected area, citing shoddy maintenance procedures.  "The Bureau has serious concerns regarding Verizon’s actual repair practices and compliance with its own maintenance policies."

Verizon, however, is not alone in bearing the blame.  Another major area provider, Frontier Communications, gets its knuckles rapped too.  (Some Frontier Communications remote terminals weren't even equipped with back-up generators.)

Although this report offers a series of recommendations to fix the problems, when it comes to back-up power, the recommendations echo those of a similar report by an FCC task force issued in 2006 to assess the communications outages that occurred in the wake of Hurricane Katrina.  Namely, the FCC asks the industry to follow its own self-devised best practices.
The CSRIC best practices have been developed on the basis of widespread industry participation.  This creates a strong presumption that providers would be inclined to implement them—particularly those recommendations that are deemed most vital.  Still, many providers failed to implement crucial  best practices throughout the area affected by the derecho, which includes the densely populated National Capital Region.  We call on providers again to review and implement CSRIC and other best practices and emphasize the importance of doing so.  The proper implementation of CSRIC best practices could have prevented many of the derecho’s most serious effects on communications networks, including 9-1-1 service outages.

The earlier report also asked the communications industry to follow industry best practices. If the industry fails to pay attention to what, in essence, is a very minor task, certainly in comparison to running massive, global digital broadband networks, the third such report out of the unexpectedly irritated FCC may well go beyond simply urging the industry to follow best practices.

Image from FCC report.  NORS stands for network outage reporting system.

Jim Mooney: The Man Who Got Congress to Deregulate a Monopoly

Over the holidays, I received the very sad news that a former boss of mine, James P. Mooney, had died too soon.  Although he was long gone from the Washington scene, Jim was considered one of the most powerful lobbyists, if not the most powerful lobbyist, in Washington during the 1980s , when he was the CEO of the National Cable Television Association (NCTA).

And he earned this status for a very good reason.  He performed an act of what then seemed to be impossible magic and what now is no longer even remotely possible in the divided, partisan, grid-locked legislative arm of the government:  He persuaded the Congress of the United States to pass a piece of legislation. 

Not just any ordinary piece of legislation either.  A statute that deregulated what in effect many, if not most, people considered to be a natural monopoly, your local cable television operator.

A case study of how Jim accomplished this miracle should be mandatory reading for all students of government and is far too detailed for a blog post.  But suffice it to say (a Mooney-esque expression I think) that Jim was extremely smart and a master strategist, having learned which buttons to push and which levers to pull during his time as Chief of Staff to House Majority Whip John Brademas (D-IN).

He once told me that getting anything accomplished in Washington is like trying to dig a big hole with a teaspoon – it takes that much relentless and repeated effort and so few people are willing to do it.   In Hedrick Smith’s marvelous book about Washington, The Power Game, Jim summarized the labor that went into making any kind of headway with the Congress.  “What’s changed is there are so many more groups now and simultaneously a diminution of power in the power centers of Congress.  You’ve got to persuade members one by one.”

He was also always one step ahead, out-thinking and outsmarting potential foes and always willing to negotiate in a way that left everyone satisfied but somehow resulted in a comparative advantage for the cable industry.  And what an advantage the industry gained. 

After the passage of the Cable Communications Policy Act of 1984, and particularly after cable rates were deregulated in 1986, a new industry was born, one flush with billions in new cash that went into building massive broadband infrastructure across the country and into creating hundreds of new television channels.  It is also true that some of those billions created a new class of media mogul, cable chieftains who became richer and more powerful than anyone had dreamed possible.   Jim Mooney certainly helped with that.

No one is perfect though.  Jim was also an irascible and demanding man, who did not suffer fools gladly and I think he viewed more than a few people as fools.  He gruffly demanded greatness from those who worked for him and he usually got it.  The staff he created at NCTA was like no other in Washington – talented, smart, eager, hard-working and superb. 

I was very, very young when I started working at NCTA but he quickly placed demands on me that, in retrospect, would have been difficult for even an old accomplished hand to fulfill.  I did not want to disappoint him because Jim, a military and history buff, told me I was “the real navy,” meaning that he thought I could do what he asked.  And I did.  We all did.

In almost Shakespearean terms, Jim learned, the industry learned, that what Congress giveth, Congress can taketh away.  The billions in new wealth created by the 1984 Cable Act ultimately spawned resentment and backlash, paving the way for a 1992 Act that re-regulated the industry and ended an era of unbridled…something.  Pendulums swing, nature abhors a vacuum and Jim gave up the power game.

In recent years, Jim talked to me mostly about his son Jimmy (also named James).  How he loved doing nothing more than hanging with Jimmy, whom he considered to be his best friend.  Louise, his wife, a whirling dervish of a woman who was a loyal cheerleader to them both, rounded out a good life.

So cheers to the man who achieved the impossible.

Twitter Delicious Facebook Digg Stumbleupon Favorites More