WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) urged Federal Communications Commission (FCC) Chairman Ajit Pai to delay a planned December 14th vote to roll back net neutrality rules until an investigation can be completed into reports that internet “bots” – automated computer programs designed to pose as people – filed hundreds of thousands of comments to the FCC during the net neutrality policymaking process.
“A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding,” the Senators wrote in a letter to Chairman Pai. “In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.”
“Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017,” the Senators continued.
“The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding,” the Senators concluded.
In addition to Sens. Warner and Kaine, the letter was signed by Sens. Maggie Hassan (D-NH), Jeanne Shaheen (D-NH), Sherrod Brown (D-OH), Bernie Sanders (I-VT), Ed Markey (D-MA), Catherine Cortez Masto (D-NV), Sheldon Whitehouse (D-RI), Tammy Duckworth (D-IL), Michael Bennet (D-CO), Richard Blumenthal (D-CT), Elizabeth Warren (D-MA), Gary Peters (D-MI), Patty Murray (D-WA), Amy Klobuchar (D-MN), Ron Wyden (D-OR), Tammy Baldwin (D-WI), Mazie Hirono (D-HI), Chuck Schumer (D-NY), Jack Reed (D-RI), Ben Cardin (D-MD), Dianne Feinstein (D-CA), Jeff Merkley (D-OR), Kirsten Gillibrand (D-NY), Angus King (I-ME), Al Franken (D-MN), and Cory Booker (D-NJ).
The full text of the letter appears below. A copy of the letter is available here.
December 4, 2017
The Honorable Ajit Pai
Federal Communications Commission
445 12th Street Southwest
Washington, DC 20554
Dear Chairman Pai:
We are deeply concerned by your recently released proposal to roll back critical consumer protections by dismantling the Federal Communications Commission’s (FCC) current net neutrality rules. A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding. In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.
To this end, we request a thorough investigation by the FCC into reports that bots may have interfered with this proceeding by filing hundreds of thousands of comments. Furthermore, an additional 50,000 consumer complaints seem to have been excluded from the public record in this proceeding, according to Freedom of Information Act (FOIA) requests filed by the National Hispanic Media Coalition. Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017.
New York Attorney General Eric Schneiderman has spent the past six months conducting an investigation into the fraudulent comments, and found that “hundreds of thousands” of comments may have impersonated New York residents, a violation of state law. He further asserts that the FCC has not cooperated with requests for additional data and information. Data scientist Jeff Kao has also run an analysis of the public record, and estimates that over a million comments filed in support of repealing net neutrality may have been fake. These reports raise serious concerns as to whether the record the FCC is currently relying on has been tampered with and merits the full attention of, and investigation by, the FCC before votes on this item are cast.
A transparent and open process is vitally important to how the FCC functions. The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding. As a result, we are requesting that you delay your planned vote on this item until you can conduct a thorough review of the state of the record and provide Congress with greater assurance of its accuracy and completeness.
Thank you for your immediate attention to this matter.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the below statement on the Federal Communications Commission's plan to repeal net neutrality rules:
“The FCC Chairman has decided to move forward to repeal net neutrality rules without any plan in place to uphold longstanding open internet principles supported by both Democratic and Republican Administrations. I am deeply concerned that the FCC’s current plan would amount to a green light for potential anti-competitive practices by certain internet service providers, with the Chairman signaling the Commission’s unwillingness to protect consumers and small businesses from potential abuse.”
Nov 17 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Banking Committee, today joined Republicans and Democrats, including Senate Banking Committee Chairman Mike Crapo (R-ID) and Sen. Tim Kaine (D-VA), to introduce the Economic Growth, Regulatory Relief and Consumer Protection Act, bipartisan legislation to reduce regulatory burdens on community banks and credit unions and provide new protections to consumers.
The legislation is the result of bipartisan negotiations among Warner, Crapo, and Banking Committee members Sens. Joe Donnelly (D-IN), Heidi Heitkamp (D-ND) and Jon Tester (D-MT).
“This bipartisan bill is the result of years of tough negotiations among Democrats and Republicans,” said Sen. Warner. “The goal is simple: to help Main Street by rolling back unnecessary and burdensome regulations on credit unions and small community banks while ensuring that larger banks remain subject to the rules I helped put in place after the financial crisis to prevent another meltdown on Wall Street. This proposal makes targeted, commonsense fixes that will provide tangible relief to the community banks that are lifelines for smaller and rural communities. It also strengthens protections for veterans, the elderly and other consumers, and encourages community-based lending to boost economic growth and create jobs.”
“A strong and vibrant economy is important for American consumers, businesses, and the stability of the financial sector,” said Chairman Crapo. “The bipartisan proposals on which we have agreed will significantly improve our financial regulatory framework and foster economic growth by right-sizing regulation, particularly for smaller financial institutions and community banks.”
Following the 2008 financial meltdown, Sen. Warner helped write and pass into law the Dodd-Frank Wall Street Reform and Consumer Protection Act, and he continues to support the important reforms included in the law. The legislation introduced today is carefully written to provide needed regulatory relief to main street—community banks and credit unions—which were inadvertently burdened by rules and regulations intended to hold Wall Street accountable. This bill will promote economic growth by making commonsense reforms to increase consumer lending, while protecting consumers.
Among provisions in the regulatory relief package are several proposals to protect and deliver relief to Virginia consumers:
- Community Banks and Credit Unions: This package includes a number of provisions related to community banks and credit unions that would increase their ability to extend credit to Virginia small businesses and families, while maintaining important consumer protections.
- Free Annual Credit Freeze for Consumers: This provision would require credit bureaus to include one free credit freeze and a free credit unfreeze per year, which would help protect consumers after the massive Equifax data breach that may have compromised the personal information of approximately 145 million Americans.
- Protecting Veterans Credit: This provision would protect the credit ratings of veterans wrongly penalized by medical bill payment delays by the Department of Veterans Affairs (VA). This measure would prohibit medical debt from services received through the Choice Program and other VA community care programs from being reported to credit reporting agencies for one year. In addition it would establish a dispute process for veterans seeking to remove adverse actions already on their reports.
“I thank Virginia's Congressional Delegation for their support of this legislation. Virginia's more than 725,000 veterans have served and sacrificed for our Nation and our Commonwealth. This service can sometimes lead to wounds and injuries that require ongoing care - which is not always fully covered by their veterans benefits. When they must incur out of pocket expenses for themselves and their families’ medical care, we must ensure that this does not also come with a bad credit score that could affect them for years to come. This bill will help our veterans in addressing credit issues or preventing a small credit problem from escalating,” said Virginia Secretary of Veterans and Defense Affairs Carlos Hopkins.
Virginia Bankers Association (VBA) President and CEO Bruce Whitehurst stated, “This package represents an important first step toward better tailoring of regulation to allow banks to serve their customers and communities more effectively and efficiently, much to their benefit. This bipartisan compromise also underscores the fact that the Dodd-Frank Act of 2010 took the regulatory pendulum too far and created unintended consequences for borrowers. It is great to see movement toward a more balanced approach to financial regulation and we appreciate the leadership of Senators Warner and Kaine.”
“This is a major step forward. Our community bankers are eager to do more to build their local economies, but over-regulation holds them back. The best provisions in this bill make getting a mortgage less complicated and more possible, and other good provisions simplify rules and reports, freeing bankers to do more good work with their customers and their communities,” said Virginia Association of Community Banks (VACB) President Steve Yeakel. “In particular, we want to acknowledge the leadership of both Senator Warner, who helped to forge the compromise, and Senator Kaine, whose early support gives the bill a strong foundation and a real chance at success on the Senate floor.”
“ICBA strongly supports the bipartisan regulatory relief package announced today and thanks Senate Banking Committee Chairman Mike Crapo and Sens. Joe Donnelly, Heidi Heitkamp, Jon Tester and Mark Warner for driving this agreement,” Independent Community Bankers of America (ICBA) President and CEO Camden R. Fine said. “Community bank regulatory relief is needed to improve lending and strengthen economic growth at the local level. We are pleased to see many provisions of ICBA’s Plan for Prosperity included in the agreement and thank all senators from both sides of the aisle who have contributed to this important initiative.”
“NAFCU thanks Chairman Crapo and his Democratic partners in the Senate for including provisions in this package that would lead to regulatory relief for credit unions,” said National Association of Federally-Insured Credit Unions (NAFCU) President and CEO Dan Berger. “We look forward to working with members of the Senate Banking Committee, their staff and other senators as this package moves through the legislative process. This bill is a step in the right direction, and we will continue to push for more relief for the industry and its 110 million member-owners.”
“This bill includes credit union-specific provisions that provide meaningful regulatory relief, a sign that policymakers are paying close attention to the needs of credit union members,” Credit Union National Association (CUNA) President/CEO Jim Nussle said. “We thank Sen. Crapo and his colleagues for working across party lines to advance regulatory relief legislation, and we look forward to continuing to work closely with them as the bill moves through the legislative process.”
In addition to Sens. Warner and Kaine, the bill was introduced by Democratic Sens. Joe Donnelly (D-IN), Heidi Heitkamp (D-ND), Jon Tester (D-MT), Joe Manchin (D-WV), Claire McCaskill (D-MO), Gary Peters (D-MI) and Michael Bennet (D-CO). Republican sponsors of the bill are Sens. Mike Crapo (R-ID), Bob Corker (R-TN), Tim Scott (R-SC), Tom Cotton (R-AR), Mike Rounds (R-SD), David Perdue (R-GA), Thom Tillis (R-NC), John Kennedy (R-LA), Jerry Moran (R-KS) and Jim Risch (R-ID). The bipartisan bill was also sponsored by Sen. Angus King (I-ME).
Warner, Kaine Sponsor Bipartisan Sugar Reform Bill to Cut Costs and Protect Jobs In Stuarts Draft, Danville & Across Va
Nov 09 2017
WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined a bipartisan coalition of 16 Senators to introduce the Sugar Policy Modernization Act, which will make commonsense reforms to the federal sugar support program that will save money for a variety of manufacturers that support jobs in Virginia and across the nation.
The Sugar Policy Modernization Act would repeal domestic supply restrictions, reduce market distortions caused by sugar import quotas, and ensure taxpayers don’t foot the bill for bailouts of the sugar industry. The Sugar Policy Modernization Act has a broad coalition of support from consumer, business and environmental groups. Companion legislation has also been introduced in the House of Representatives.
Virginia is home to the U.S. headquarters of both Mars and Nestle and has manufacturing and distribution facilities across the state – such as the McKee Foods plant in Stuarts Draft, Nestle packaging plant in Danville, Purina pet food plant in King William County, Frito-Lay plant in Lynchburg, Gatorade bottling facility in Wytheville, Sabra plant in Colonial Heights, and others – comprising thousands of jobs in industries whose growth is determined in part by sugar prices.
“This bill would make reasonable, commonsense reforms to federal sugar policies that artificially raise costs for consumers and American taxpayers,” said Sen. Warner. “These changes will save taxpayers money and protect thousands of manufacturing jobs in Virginia.”
“Senators from the right, left, and everywhere in between support this bill because it’s good for the economy,” said Sen. Kaine. “Manufacturing is driven by a variety of input costs, and this is an opportunity to reduce one of those costs, which is not only good policy generally but will also make Virginia even more competitive in attracting these manufacturing plants and the jobs that go with them.”
Sugar is the only commodity whose federal support program was not reformed by the most recent five-year reauthorization of agricultural programs in 2014.
The Sugar Policy Modernization Act would repeal U.S. Department of Agriculture (USDA) sugar marketing allotments, which restrict the amount of sugar each domestic processing company can sell. No other U.S. commodity is under similar government supply controls. The bill would also repeal a program that requires the government to buy surplus sugar and sell it to ethanol companies at a loss.
The legislation would also direct the Secretary of Agriculture to manage the nation’s sugar program to ensure sugar is distributed in adequate amounts and reasonable prices, and it would repeal laws that arbitrarily restrict USDA’s authority to administer import quotas during certain times of the year. This bill would also express that it is the sense of Congress that U.S. trade policy goals should include elimination of sugar subsidies and pursuit of trade agreements that liberalize sugar trade.
In addition to Sens. Warner and Kaine, the bill is sponsored by Sens. Jeanne Shaheen (D-NH), Pat Toomey (R-PA), Maggie Hassan (D-NH), Lamar Alexander (R-TN), Bob Casey (D-PA), Susan Collins (R-ME), Chris Coons (D-DE), Dick Durbin (D-IL), Dianne Feinstein (D-CA), Dean Heller (R-NV), Ed Markey (D-MA), John McCain (R-AZ), Claire McCaskill (D-MO), Rob Portman (R-OH), and Elizabeth Warren (D-MA).
Sen. Warner Asks FTC to Probe Equifax Data, Security Practices & Customer Service Response After Recent Hack
Sep 13 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Banking, Budget and Finance committees and cofounder of the bipartisan Senate Cybersecurity Caucus, today asked the Federal Trade Commission to examine the recent cyber hack of credit reporting agency Equifax. Last week, Equifax publically disclosed a breach which exposed sensitive personal information of 143 million Americans.
Sen. Warner requested an FTC investigation into the lapse in Equifax cybersecurity practices, and questioned the company’s widely-panned response to consumers potentially impacted by the breach. His letter asks the FTC to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.”
Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.
Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.
The text of the letter is below and can be found here.
September 13, 2017
The Honorable Maureen K. Ohlhausen
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580
Dear Acting Chairwoman Ohlhausen,
I write you in the wake of reports that one of the nation’s three major credit reporting agencies has suffered one of the largest, and potentially most impactful, breaches in recent history. According to reports, Equifax in May of this year experienced a breach affecting as many as 143 million consumers, with highly sensitive information such as Social Security numbers, driver’s license records, birthdates, addresses, and credit histories potentially at risk. This information – critical to opening a new bank account or taking out a loan – will expose Americans to identity theft, tax fraud, extortion, and other risks.
By streamlining and routinizing the collection of consumer reports and credit history, the Fair Credit Reporting Act in part enshrined the nation’s major credit reporting agencies’ role as arbiters of Americans’ access to credit, and even employment and residential opportunities. At the same time, Congress sought to ensure that these firms “exercise their grave responsibilities” with a “respect for the consumer’s right to privacy,” including through “reasonable procedures…with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information[.]” And Congress directed the Federal Trade Commission (“Commission” or “FTC”) to enforce key aspects of the law, including by treating violations of the FCRA as unfair or deceptive practices under the Commission’s Section 5 authority.
Today’s digital economy, in which data increasingly represents a key input, has only amplified the reach of these firms, and provided them with incentives to collect and centralize ever-growing amounts of sensitive personal information, and to commercialize this data in opaque ways. The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize.
As someone who has worked for several years with stakeholders and a bipartisan group of lawmakers on legislation to establish a comprehensive, nationwide and uniform data breach standard, I recognize Congress’s unfinished work in this area. I am hopeful that this recent development will help galvanize action among my colleagues in Congress to safeguard American consumers and our nation’s economic security.
At the same time, aspects of this breach raise questions about the data security practices of Equifax that implicate the Federal Trade Commission’s existing authority. In particular, press reports and cybersecurity experts have identified a number of security lapses, including in the days following Equifax’s disclosure of the breach, that potentially indicate a pattern of security failings.
While the precise details of the “website application vulnerability” exploited in the Equifax breach are not yet known, experts have pointed to a wide range of other lapses by Equifax – including in the wake of the breach – that indicate exceptionally poor cybersecurity practices. For instance, experts have pointed to an exceedingly broad attack surface, with thousands of domains and subdomains managed by Equifax across hundreds of network hosts. And security experts have identified a range of antiquated, unpatched, or otherwise vulnerable systems maintained by Equifax.
Equifax’s post-breach actions also raise serious concerns about the company’s data security practices. For instance, Equifax chose to register a new domain, Equifaxsecurity2017.com – but not in its own name. Reports also catalogued a litany of security mistakes, including use of potentially insecure content management software and improperly configured web encryption. These, and other lapses, resulted in a range of popular web browsers flagging Equifax’s site as a potential phishing or scam site.
Equally alarming have been Equifax’s procedures for handling customer inquiries. In order for a concerned consumer to determine if they may have been impacted, Equifax requires the consumer to submit their last name and six digits of their Social Security number. The security of this procedure is as questionable as its efficacy: researchers noted that entering the last name “Test” and the Social Security numbers “123456” returned a confirmed breach.
Similarly alarming, when concerned consumers elect to place a credit freeze with Equifax – something the Commission encourages them to do – the PIN that Equifax assigns to that consumer is a simple, non-unique timestamp (formatted as, for instance, “0910170930” for a user that submitted a request at 9:30AM on the 10th of September). Separately, experts have noted that Equifax’s central website, where American consumers go to set up credit account monitoring, features cross-site scripting vulnerabilities that would enable an attacker to execute malicious code to, for instance, redirect submitted form data (such as the Social Security number the Equifax site requests) to an attacker.
Taken as a whole, and given past breaches by other major credit bureaus, these lapses may potentially represent a systemic failure by firms currently incentivized to collect and store highly sensitive identification and financial data for Americans. The volume and sensitivity of the data involved – information critical to identity management and access to consumer credit – distinguishes this breach from many other breaches of consumer data. And in contrast to other breaches, where consumers might respond to the perceived lack of data security by taking their business elsewhere, those affected by last week’s breach in most cases do not have a direct consumer relationship with Equifax.
The implications of a breach of this magnitude are sobering, as this identifying data forms the basis for consumer credit and other financial transactions. Congress foresaw this threat in 1970, noting that failures of this industry could “undermine the public confidence which is essential to the continued functioning of the banking system.” In ways similar to the financial service industry’s systemic risk designation, I fear that firms like Equifax may illustrate a set of institutions whose activities, left unchecked, can significantly threaten the economic security of Americans.
I respectfully request that you respond to the following questions:
- 1. Equifax is currently under a consent decree with the Commission for violations of the Fair Credit Reporting Act related to improper handling of consumer information. Does that consent decree provide the Commission with additional remedies in the context of Equifax’s data security practices?
- 2. Given the current inability of consumers to cease doing business with a credit reporting agency which displays an arguably cavalier attitude toward cybersecurity, should the Fair Credit Reporting Act be amended to provide the Commission authority to issue rules requiring credit reporting agencies to establish a way for consumers to “opt out” of having their information stored by a particular credit reporting agency?
- 3. In many cases, Equifax collects and maintains sensitive information about consumers as a service to other businesses. Under state data breach notification statutes, a breached service provider need only inform the business it provides service to about the breaches it suffers, and has no obligation to provide public notice that it incurred the breach. In recent breach incidents involving third-party service providers, some companies (e.g., Heartland, Experian, Anthem, etc.) have provided public notice that their breach affected consumers. Would the FTC support legislation that requires all entities suffering a breach of security that creates a significant risk of financial harm, to make public notice of that breach in order to ensure a more timely and effective form of notice?
- 4. Do you interpret the Fair Credit Reporting Act to include heightened data security standards and/or requirements, given Congress’s unique concern about the “confidentiality, accuracy…and proper utilization” of this highly sensitive data?
- 5. The Commission has suggested that consumers place a credit freeze with the three major credit bureaus. Does the Commission consider a timestamp to be a sufficiently strong PIN for unfreezing a consumer’s account?
- a. Has the Commission issued guidance to credit reporting agencies on adequate security and data protection measures associated with credit freezes?
- b. Should this guidance be updated in light of security concerns with the site Equifax maintains to process credit monitoring and freeze requests?
- 6. Should Congress limit the ability of credit reporting agencies to sell data outside specific contexts, such as credit, banking, and employment inquiries?
- 7. Does the Commission hold lapses in data security practices in response to a breach to a higher standard than data security practices related to the breach itself?
- 8. Do adequate incentives to use reasonable data security practices, or penalties to deter unreasonable data security practices, exist to counter-balance the profit incentives to collect, centralize, and maintain large quantities of highly sensitive personal information of American consumers?
The American people deserve to know that their government is serious about learning from and responding to this truly concerning incident, and that it is taking all appropriate steps to help ensure it cannot happen again. Your response will be critical to this process, and I look forward to receiving that within the next two weeks. If you should have any questions or concerns, please contact my office.
As always, I appreciate your service in this important role. Thank you for your timely consideration of this matter.
MARK R. WARNER
United States Senator
WASHINGTON --The U.S. Senate unanimously passed bipartisan legislation introduced by Sens. Mark R. Warner (D-VA) and Pat Toomey (R-PA), members of the Senate Banking and Finance Committees, which would make it easier for private companies to award stock as part of an employee's compensation. The Encouraging Employee Ownership Act will entice private corporations to give their employees larger equity stakes in their companies and promote longer-term investing.
“Giving employees the opportunity to acquire stock provides them with a greater sense of ownership in their companies and has a positive impact in workplace culture,” said Sen. Warner, a former technology executive. “Allowing employees to have a stake in the success of where they work will help promote greater productivity and wealth creation and get this economy working better for more people.”
Established nearly two decades ago, current Securities and Exchange Commission rules force companies that wish to issue more than $5 million in stock to employees to comply with onerous reporting and disclosure requirements. For new and fast-growing companies, stock compensation is a valuable tool, but many privately-held companies are reluctant to cross this threshold due to the mandatory reporting requirement.
Under the Warner-Toomey bill, this threshold would increase to $10 million and would automatically index to account for inflation every five years.
The bill has been endorsed by the private supermarket chain Wegmans, and the company BIO.