GOVERNMENT IT REPORT

Congress Backs Billions for Tech R&D Though Enactment Uncertain

The U.S. technology industry is guardedly supporting a massive legislative package designed to address a range of issues affecting the sector, including a federal commitment to add billions of dollars to government technology research and development programs.

The legislation, dubbed the U.S. Innovation and Competition Act (USICA), was approved June 8 by a rare bipartisan vote of 68-32 in the U.S. Senate.

A major factor driving the legislation is the contention that the U.S. has fallen behind China in a national effort to support technology development, including information technology and the digital economy. Sen. Todd Young, R-Ind., characterized the legislation as “a landmark bill to out-compete China in key emerging technology areas critical to our national security.”

Specific areas of focus in the bill include artificial intelligence, machine learning and other software advances; high performance computing, semiconductors, and advanced computer hardware; quantum computing and information systems; biotechnology, medical technology, genomics, and synthetic biology; cybersecurity, and energy innovation including battery technology.

Multiple Amendments

The package started out as the Endless Frontier Act, co-sponsored by Sen. Chuck Schumer, D-N.Y., and Sen. Young, among others. That bill was ambitious enough as first introduced in April. The bill focused on boosting funding for the National Science Foundation (NSF) including creation of a new NSF “Directorate for Technology.”

However, the bill attracted additional provisions during the legislative process, including some which were really complete stand-alone bills that were rolled into the final package, resulting in a 2,300-page proposal.

The legislation even includes the CHIPS for America program to provide $52 billion in federal support for domestic semiconductor development and production.

For companies involved in IT and the digital economy, an important part of the USICA bill deals with significantly boosting federal investments in technology through the National Science Foundation. Both the proposed funding levels and the government’s approach to managing those investments are critical issues requiring close attention for the IT sector.

Under the Senate USICA bill, NSF’s annual budget would nearly double to an average of $16 billion per year over five years from 2022 to 2026. The current fiscal 2021 budget is $8.5 billion. This huge boost in investment is largely related to funding a new NSF Directorate for Technology and Innovation at an average of nearly $6 billion annually from 2022 to 2026.

Private Sector Partnerships

Private sector IT and digital economy entities will be major beneficiaries of the new NSF directorate. The purpose of the directorate is to “strengthen U.S. leadership in critical technologies,” and to “accelerate technology commercialization.”

The legislation further provides that the proposed directorate should “direct basic and applied research, advanced technology development, and commercialization support in the key technology focus areas” listed in the bill. Through the directorate NSF is expected to form partnerships with other federal agencies as well as with “academia, the private sector, and nonprofit entities.”

The move to establishing closer ties between NSF and the private sector has raised concerns about the foundation’s traditional role of engaging in “pure” or basic research unfettered by commercial considerations.

Robert Atkinson, president of the Information Technology Innovation Foundation (ITIF) said soon after the NSF directorate was proposed there was “pushback.” The scientific community, he noted “resisted the idea that government would be asking them to do work related to a critical national mission, and to hold them accountable for ensuring that their work helped accomplish that mission.”

While ITIF supports the provisions in USICA which create the new NSF technology directorate, Atkinson told the E-Commerce Times that “an even more effective approach would be to establish such a directorate as a free-standing agency.”

A separate umbrella entity tuned in to the full range of federal technology activities would avoid any conflicts with the traditional missions of NSF and other agencies, while creating a national effort to support both government and commercial private sector technology development, he contends.

Atkinson favors the creation of a National Advanced Industry and Technology Agency, at the same size as NSF, to “analyze U.S. industry strengths, weaknesses, opportunities, and threats, and to respond with well-resourced solutions ranging from support for domestic research and development to production partnerships and investment in advanced research facilities.”

More than 50 other countries have established such agencies, he noted.

“It is clear that NSF and the science community are uneasy” with taking on applied science with commercial connections versus NSF’s traditional mission, Atkinson said, adding that NSF would “vastly prefer” just getting much larger appropriations.

“But that would do little to help U.S. technology-based competitiveness,” he said. Establishing a separate agency would let NSF continue its mission while enabling applied and industry focused research to be funded elsewhere, he observed.

Advocates, Opponents Take Positions

Whether the USICA package represents a comprehensive approach to developing a national technology capability through government intervention — or a confusing legislative hodgepodge — is likely to be in the eye of the beholder. Differences related to NSF’s future mission aren’t the only potential stumbling blocks affecting eventual enactment of the USICA legislation.

For example, the Computer and Communications Industry Association (CCIA) approved the major USICA goal of supporting increased federal investments for technology research and development, but found other parts of the bill “worrisome.”

One section of the bill deals with “Country of Origin Labeling” (COOL) requirements associated with the internet marketing of internationally sourced products. While COOL especially impacts the U.S. retail marketing sector, digital economy entities have concerns as well.

Arthur Sidney, vice-president of CCIA noted that country of origin provisions in the bill present implementation challenges “given the volume of transactions and no consistent, uniform, and administrable definition” related to COO coverage. “Country of Origin in the international trade context is difficult to administer by customs and authorities, let alone a digital service,” he told the E-Commerce Times.

Sidney also expressed concern about the section of USICA aimed at curbing the use of censorship as a trade barrier tool. Language that would refer such activities to legal authorities for action was “scaled back” in the Senate bill, he contended. It was replaced by provisions which simply called for an annual report to Congress with a list of countries that use censorship as a barrier to digital trade and a description of the agencies efforts to address digital trade disruptions, he said.

While the U. S. Chamber of Commerce expressed general support for the bill in a June 9 statement, Neil Bradley, executive vice president and chief policy officer said the Chamber had “ongoing concerns,” about the bill. In a letter to the Senate in May, the Chamber advocated elimination of the Country of Origin section and expressed reservations about provisions that impact e-commerce such as “Cyber Shield, copyright, and information in the public domain.”

The Senate bill must now be considered by the House of Representatives where similar legislation was approved Monday. However, the House bill only focused on the research scope of NSF and the U.S. Department of Energy. The House bill also includes a new NSF technology solutions directorate but funded at a much lower level than the Senate version.

The ultimate outcome for USICA could take several paths. Since amendments to the Senate bill were added with relative ease, they could be scuttled just as easily, allowing the core NSF and national technology investment elements to be the focus for legislators. Or the collective controversies associated with the different versions of the legislation could stymie adoption.

Regarding chances for enactment of USICA, CCIA’s Sidney noted “We aren’t sanguine, but we are hopeful that this will see the light of day. While it’s not perfect, and we have some concerns, we are hopeful that it can help businesses, and serve as one of the building blocks to protect U.S. innovation and technology.”

John K. Higgins has been an ECT News Network reporter since 2009. His main areas of focus are U.S. government technology issues such as IT contracting, cybersecurity, privacy, cloud technology, big data and e-commerce regulation. As a freelance journalist and career business writer, he has written for numerous publications, includingThe Corps Report and Business Week.Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John K. Higgins
More in Government

LinuxInsider Channels

Russia’s REvil Takedown Sets Stage for Several Scenarios

Russian authorities on Friday reported that they shut down the REvil ransomware operations and arrested a dozen or more gang members.

The Federal Security Service (FSB) of the Russian Federation said it shut down the REvil ransomware gang after U.S. authorities reported on the leader.

Russian police conducted raids at 25 addresses owned by 14 suspected gang members located across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions, according to the Russian security agency’s press release.

Authorities reportedly seized more than 426 million Russian rubles, plus US$600,000 and €500,000 in cash, along with cryptocurrency wallets, computers, and 20 expensive cars.

The FSB is Russia’s internal intelligence agency. It conducted its operation at the request of US authorities, which were notified of their results, according to the press release.

The REvil group is a well-known ransomware gang that has caused havoc for many organizations around the world, noted Joseph Carson, chief security scientist and Advisory CISO at Thycotic. So, it is not surprising that they would be a target.

“Many hackers around the world are using their skills for good, and this includes government hackers who work vigorously to defend society from cybercrime. So, targeting REvil will likely be a statement that governments will work together to stop cybercriminals at the source,” he told TechNewsWorld.

Capture and Seize Details

The group had “ceased to exist,” according to FSB statements. The agency noted that it acted after receiving information about the REvil group from the U.S.

The raid follows repeated requests from U.S. authorities over the summer to take action against the Russian underground cybercrime ecosystem. Presumably in response, the REvil gang shut down its activities in July but resumed operations in September before U.S. authorities seized some of their dark web servers.

Besides the reported arrests in Russia, seven other REvil gang members were also arrested throughout 2021. Those arrests followed operations coordinated by the FBI and Europol.

“The detained members were charged with committing crimes under Part 2 of Art. 187 ‘Illegal circulation of means of payment’ of the Criminal Code of Russia,” the FSB said in its press release.

The REvil gang committed two major legal infractions, according to the TASS Russian News Agency. The cybercriminals developed malicious software and organized the theft of money from the bank accounts of foreign citizens.

Few IDs Released

Russian officials did not initially identify any of the detained suspects. Later, however, Russian news outlet RBC named one suspect as Roman Muromsky, and TASS identified a second member as Andrei Bessonov.

The Russian state-owned domestic news agency RIA Novosti released video footage from some of the raids.

It is not likely that the suspects will face charges in the U.S. The Russian government does not have a legal mechanism to extradite its own citizens, suggested some reports.

Russian officials informed U.S. representatives about the results of the operation, according to the FSB. The agency described the event as a rare collaboration with U.S. authorities.

Russia acting on any cybercrime report, especially ransomware, is especially rare, observed John Bambenek, principal threat hunter at Netenrich. Unless it involves child exploitation or Chechens, cooperation with the FSB just does not happen.

“It is doubtful that this represents a major change in Russia’s stance to criminal activity within their borders … If this time in three months there is not another major arrest, it is safe to assume no real change has happened with Russia’s approach,” he told TechNewsWorld.

“Nevertheless, it is a big arrest and will have a significant short-term impact to reduce ransomware,” he added.

Part of a Pattern

Traditional ransomware techniques did not need to be advanced to be effective, according to Adam Gavish, co-founder and CEO at DoControl. It is a simple rinse and repeat process.

“The human element remains to be a major issue. People make mistakes. They can easily become subject to a social engineering campaign, increasing the likelihood of the employee clicking on a phishing email. Their endpoint becomes compromised, the malicious code replicates and spreads through the IT estate. Simple,” he told TechNewsWorld in explaining why ransomware attacks are successful.

With the surge of cloud adoption, attackers have put SaaS applications in the crosshairs, he added. Weaponizing the many vulnerabilities that exist with SaaS applications is the next phase of advanced Ransomware attacks. Attackers recognize that a company’s crown jewels — its data — are stored, manipulated, and shared across these critical cloud-hosted business applications.

“Just like with the cloud, securing SaaS is a shared responsibility between the provider and the consumer of the service,” Gavish added.

Modern businesses have an obligation to better protect the files and data within SaaS through a defense-in-depth approach, he suggested. If an endpoint becomes compromised, there needs to be a way to prevent malicious files from being accessed by employees or external collaborators.

International Overtones

The specific dialogue between the United States and Russia on this operation remains unclear. But the FSB’s confirmation could represent a backhanded message highlighting that Russian authorities can be used to stop ransomware activity, but only under certain circumstances, suggested Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows.

“The law enforcement operation coincided with several defacement attacks that were conducted against Ukrainian government websites. These have not been publicly attributed with confidence yet, but are widely suspected as having been conducted by Russian-aligned threat actors,” he told TechNewsWorld.

It is likely that the arrests against REvil members were politically motivated, with Russia looking to use the event as leverage, noted Morgan. This may relate to sanctions against Russia recently proposed in the U.S., or the developing situation on Ukraine’s border, he offered.

Ulterior Motives

The FSB targeted REvil, who has not been publicly active in conducting attacks since October 2021, is also significant, continued Morgan. Chatter on Russian cybercriminal forums identified this sentiment, suggesting that REvil were “pawns in a big political game,” he said.

Another forum participant suggested that Russia deliberately made the arrests so the United States would calm down, Morgan added. It is possible that the FSB raided REvil knowing that the group was high on the priority list for the U.S., while considering that their removal would have a small impact on the current ransomware landscape.

In discussing the cybercriminal forum chatter, Morgan reiterated that these arrests could also have served a secondary purpose. For instance, they could be a warning to other ransomware groups.

“REvil made international news last year in its targeting of organizations such as JBS and Kaseya, which were high profile and impactful attacks. A very public series of raids could be interpreted by some as a message to be mindful of their targeting,” he said.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Jack M. Germain
More in Government

Report Argues Antitrust Bill Would Hurt Consumers, Stymie Innovation

A proposed law barring high-tech companies from favoring their own products over those of their competitors would harm consumers, competition and innovation, according to a report released Monday by a science and technology think tank.

The bipartisan legislation filed by Sens. Amy Klobuchar, D-Minn., and Chuck Grassley, R-Iowa, prohibits “self-preferencing” for a handful of high-tech companies.

Self-preferencing can take a number of forms, including promoting products made by a platform, such as Amazon Basics, over competing products.

“Mimicking the European Commission’s Digital Markets Act prohibiting self-preferencing, Senate and the House bills would degrade consumers’ experience and undermine competition, since self-preferencing often benefits consumers and constitutes an integral part, rather than an abnormality, of the process of competition,” maintained the report written by Aurelien Portuese, director of The Schumpeter Project on Competition Policy at the Information Technology & Innovation Foundation in Washington, D.C.

It noted that while antitrust literature acknowledges the proconsumer, procompetitive effects of self-preferencing, and despite the overwhelmingly positive effects of self-preferencing on strengthening competition, antitrust populists aim to weaponize self-preferencing to target only a few companies, while allowing self-preferencing for the rest of the economy.

“Self-preferencing is common because most of the time it’s beneficial to consumers. It provides lower prices and higher quality,” Portuese told TechNewsWorld.

“Self-preferencing is pro-competition because you’re providing the customer with more choice,” added Bilal Sayyed, senior competition counsel at TechFreedom, a technology advocacy group, Washington, D.C.

Curtailed Choice

While consumers benefit from the lower prices self-preferencing can offer them, it can hurt competition, observed Charles King, the principal analyst with Pund-IT, a technology advisory firm in Hayward, Calif.

“Most of the companies targeted by the American Innovation and Choice Online Act are massive conglomerates that are using self-branded generics to pad their own profit margins,” he told TechNewsWorld.

“They have the scale and resources to substantially undercut competitors or to use that threat to sell ‘sponsored’ ads that place other companies’ products ahead of their own,” he said.

King maintained that rather than expand choice, self-preferencing can restrict it.

“It’s mainly a matter of curtailed choice,” he said.

“One of the most powerful aspects of online retail is seamless comparative shopping — lining up similar products side by side to more easily choose which item best suits your needs,” he explained.

“But in the case of common or generic products, it usually comes down to the lowest price,” he continued. “Are Amazon Basics products really better than Company XYZ? That’s hard to say but in the world of online product ranking, Amazon Basic cables will be at or near the top of the dozens of the options you see.”

Blanket Ban

Portuese acknowledged that there’s a fear that large companies will leverage market power to move into new lines of business, eliminate competition with low prices, then raise prices after monopolizing the market.

In reality, though, that hasn’t been the case, he asserted. “In practice, we see lower prices followed by even lower prices. We haven’t seen monopolistic prices being charged yet,” he said.

“Even if Amazon began charging monopolistic prices, that would be good for competition because consumers would stop shopping at Amazon and go to other platforms — Alibaba, Google Shopping, Etsy,” he argued.

The report was also critical of provisions in the proposed law that would impose a blanket ban on self-preferencing. It maintained that a blanket ban on self-preferencing for a few companies would harm consumers, deter innovation, and distort the competitive process.

It advocated that regulators adopt a clear taxonomy to distinguish between the pro-competitive effects of self-preferencing as a legitimate self-promotion tool and the anticompetitive effects of self-preferencing as an unjustified exclusionary tool.

Rule of Reason

Sayyed explained that some activities are considered bad per se under antitrust, for example, price-fixing.

Other activities are subject to the rule of reason, he added. Rule of reason analysis, in its best form, analyzes the effects of a conduct. What are the benefits? What are the harms? Then it weighs the benefits against the harms.

“The feeling of the folks on the Hill is that self-preferencing is bad per se, and since the courts haven’t found it bad per se, they’re going to tell them it’s bad per se,” he told TechNewsWorld.

Portuese predicted that a blanket prohibition would lead to a more siloed, crystalized market where an online platform would not be able to enter into a new line of business, even if such entry would benefit consumers.

“That’s problematic if we care about consumer welfare,” he said. “The main beneficiaries of that kind of prohibition would be the entrenched incumbents in those lines of business. That makes it detrimental to not only consumers but to innovation.”

“Why innovation?” he asked. “Because we create barriers to entry that protect existing players from competition so they will innovate less. There’s less incentive to innovate because their market position is secure.”

“Innovation is often misunderstood,” he added. “Organizational innovation is still innovation. You can offer a cheaper price by having innovative logistics. There might not be innovation on the end product. There might be innovation on the process. That’s something that’s completely overlooked.”

War on Disrupters

While a blanket ban might cost consumers a few dollars a year in higher prices, the cost to businesses without such a ban could be much higher, King noted.

“In terms of scale over thousands or millions of transactions, the harm to competing businesses is massive,” he estimated.

He agreed, however, that regulators should take a subtle approach to governing self-preferencing.

“There are few examples where companies’ behavior is absolutely black and white so regulators would do well to create and enforce policies that account for nuanced situations,” he said.

“At the same time,” he continued, “for decades the notion that businesses, especially very large companies, are capable of policing themselves has reduced regulation enforcement with often deleterious effects.”

“If companies, like Amazon, Apple, Facebook and Google can’t restrain themselves from anticompetitive behavior,” he observed, “regulators should rightfully step in.”

The battle to use antitrust laws against technology companies is one between change and the status quo, maintained Sayyed.

“Google and Facebook have disrupted the advertising business. Amazon has disrupted the retail business. Apple disrupted the music distribution business,” he said.

“That makes them targets, targets of anyone who has been disrupted from their perch,” he continued. “It’s old technology angry at new technology and asking Congress to help hinder the new technology.”

John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Government