April 2015

Lightower Fiber Networks, a leading provider of custom, high-capacity network services that ensure optimal application and business performance, and Fibertech Networks, a leading provider of fiber-optic based network services throughout mid-size cities in the Eastern and Central regions of the United States, announced that they have entered into a definitive agreement to merge. The agreement is an all-cash transaction valued at $1.9 billion, which will be funded through a combination of equity and debt. The combined company will be led by current Lightower CEO, Rob Shanahan. The merger is pending regulatory approvals and is expected to close in the third quarter of 2015. The combined company will own and operate a high-performance, fiber-based network throughout the Northeast, Mid-Atlantic and Midwest. The company will offer customers over 30,000 route miles of fiber network providing access to nearly 5,000 wireless towers and almost 13,000 on-net service locations, including commercial buildings, data centers, financial exchanges, content hubs and other critical communications facilities.

The House of Representatives recently passed the Protecting Cyber Networks Act (HR 1560), which would establish new sharing guidelines and liability protections, and the Senate is expected to take up the bill in the coming weeks. At the same time, many see PCNA and other bills like it as an unprecedented intrusion into otherwise neutral networks -- what Sen Ron Wyden (D-OR) described as "a surveillance bill by another name." While most researchers still see themselves as engineers, there's a growing fear that these new measures will turn them into detectives. The result is one of the more puzzling privacy fights in recent memory, as Congress looks to legally authorize the information sharing that's already taking place, and privacy advocates say the bills in question aren't about sharing information at all. So what's wrong with the way data is shared, and how do the new bills plan to fix it? And more importantly, can they do it without turning network operators into spies?

For law enforcement agencies, the point of tracking a threat is to catch the criminals behind it, not just to fix the vulnerability that let them get in. If there's technical evidence in the wake of an attack like Target, agencies like the FBI want to use that evidence to find the parties responsible, and hopefully throw them in jail. That's a shift from the current research landscape, which generally sees attribution as secondary to patching vulnerabilities and identifying malicious code, but many in government see it as a necessary change. It's also a priority for President Barack Obama, who laid out the plan in his 2009 Cyberspace Policy Review, a document that insiders say is still guiding the White House's agenda in the area. "Key elements of the private sector have indicated a willingness to work toward a framework under which the government would pursue malicious actors," reads one passage from the review. At the same time, much of the security community sees the drive to catch criminals as a distraction from the more important work of securing system. It’s hard to say whether these measures will be enough, and it will be difficult for any info-sharing bill to split the difference between patching vulnerabilities and chasing criminals. Whatever happens in Congress, that larger split may be much harder to fix.

Major tech companies are joining with the US Chamber of Commerce to urge lawmakers to extend American privacy protections to foreigners in Europe. Nearly two years after National Security Agency whistleblower Edward Snowden’s leaks about US spying, Silicon Valley is still struggling from foreign distrust, companies wrote to congressional leaders. But extending data protections to citizens in other nations would go a long way to rebuilding that bridge and providing some security for American businesses. “This will help foster a robust relationship between the US and the EU and rebuild trust in US-EU data flows,” trade groups and individual companies wrote. “Transnational data flows serve as a key component of the digital trade that increasingly drives US economic growth.”

In particular, they urged support for the Judicial Redress Act, introduced by Reps. John Conyers (D-MI) and Jim Sensenbrenner (R-WI) earlier in 2015. The bill would extend to citizens of major US allies core provisions of the Privacy Act, which outline protections for Americans’ personally identifiable data. The letter was signed by individual companies such as Google, Microsoft and Facebook, as well as industry trade groups inducing the Information Technology Industry Council and the Computer and Communications Industry Association.

Attention, agency chief information officers: Guidance for implementing the Federal IT Acquisition Reform Act (FITARA) is coming by the end of week of April 27, the Office of Management and Budget announced. Congress approved the sweeping federal IT reform legislation in December as part of an annual Defense policy bill. Since being named the federal CIO in February, Tony Scott, a former industry executive, said recently his time has been “consumed” with mapping out the guidelines.

The thrust of the new legislation gives agency CIOs greater power over their agency’s IT purse strings, mandating CIOs have final sign-off on their annual IT budgets and sole final authority to sign IT contract and reprogram IT funds. In addition, some of the key initiatives the Obama Administration has piloted over the past few years to better budget and spend on IT were also codified into law by FITARA. That includes the PortfolioStat process, in which agency CIOs sit down with OMB to go over the performance of their IT investments, and efforts to close and optimize energy-guzzling data centers.