A bill proposed by Sen. Ron Wyden (D-Ore.) would require vendors of online collaboration tools like Zoom and Slack to strengthen their security. This would require the National Institute of Standards and Technology to develop standards and the Department of Homeland Security to ensure that companies comply. For analysis, Tom Temin and Federal Drive We spoke with Miller and Chevalier's attorney, Ashley Powers, a former CIA attorney.
Interview transcript:
tom temin And this bill, in your estimation, what are they trying to accomplish here?
ashley powers Well, the bill itself does not explicitly state this. A press release accompanying the bill's announcement seemed to make it clear that the bill targeted Microsoft and the security breach it committed about a year ago. And at first glance, the proposed bill sounds like a great idea. This has the dual benefit of increasing competition, creating better products for the federal government, and making them more affordable. And another benefit is that they aim to strengthen the security of government data and communications sent through these platforms.
tom temin So how can we do that? I mean, how can you increase competition if you're going to hold everyone to the same standards and kind of commoditize your platform?
ashley powers So my initial concerns went beyond the superficial reaction of, “Okay, let's increase competition and increase security, which are both perfectly fine goals.” Will this increase competition or hinder companies' desire to do business with governments? And will these requirements make the technology more secure? Hence the first question and your question. On the other hand, the more we regulate these companies, the less likely they are to want to do business with the federal government. I think there are several reasons for that. One is obviously the higher costs of doing business with the government. And the stakes are high because in addition to this bill being proposed, as you all know, there are a lot of cybersecurity requirements coming out of Congress, the White House, and OMB. And that only creates a regulatory environment fraught with potential problems, including reporting requirements and litigation. I think the other purpose of this bill is not software engineers. But as far as this bill going to create these general standards and force interoperability between these platforms, I'm curious what that means for companies. Company Intellectual Property and Source Code. And another question that many companies face when considering doing business with the government is what happens to my intellectual property.
tom temin Well, I'm wondering what you mean by interoperability. So it just so happens that it's the Zoom platform that you and I are talking about right now. Sometimes people want a team platform. I can't imagine why it wouldn't be better than the other, but you're using one. I'm not sure what interoperability means in that context.
ashley powers Well, I might be reading it wrong, but the way I'm reading it, you should be able to use zoom, and your team should be able to use it if they feel like it. And these two platforms must be able to communicate with each other. So, for example, all agents should not be obliged to purchase the same platform. We need to allow different agencies to buy the platform they think is best for them. And that would theoretically create more competition. Now, of course, some say that the bargaining power of a government acting as a federal government can give it more power to negotiate better pricing. So will it be an undercut there? But from what I've read, the underlying idea is that we don't want people to just use zoom. And either the other party has to use Zoom, or one party has to use Teams, and the other party has to use Teams, and they have to lock in with each other that way.
tom temin I'm talking with Ashley Powers. She is a lawyer at Miller and Chevalier and a former senior adviser to the CIA. Again, from a practical standpoint, if you don't have that program, just open it in your browser. So if you're not using Teams, you have the Teams browser version and vice versa for Zoom. So I guess they're wondering rhetorically what that means. But what I'd like to hear is, in your experience from the government side, if a team, if it's part of a much larger enterprise, the government generally doesn't care about the security of platforms like this. Licensing agencies, many of whom are likely to use Office 365 as the standard for all collaboration. Because tools that use Microsoft Cloud happen to work really well.
ashley powers One of the big problems with this proposed bill is that it doesn't necessarily reflect the current commercial realities of these products, and Microsoft doesn't typically sell Teams on a one-off basis. I think it highlights that there is no such thing. As you said, this is part of the Microsoft product suite. So will Microsoft and other companies intend to dismantle and sell their product suites piece by piece in response to this bill? We don't know how government agencies view security. I'm not trying to speak for governments entirely, but each agency has different protocols for assessing the security of a system and asking for certain representations and certifications. And indeed, with the upcoming release of FAR Part 40, that is becoming increasingly true. And I think that's just part of the competitive environment.
tom temin But for example in an intelligence agency, again in general terms, if one of the IC agencies decides it's secure enough to use this to communicate from point A to point B, I would That's what you think. Interoperability with third-party types of software is probably not what they want. Because it introduces more vulnerabilities than just one platform can handle.
ashley powers Yes, that's certainly something I was concerned about too, but forcing companies to create platforms based on publicly available open standards and requiring interoperability. Will that actually defeat cybersecurity? Again, I'm not a software engineer. I can't, but logically speaking it seems like it makes sense to me.
tom temin And as you and your company have been watching the progress of this bill, from your perspective and from many people's perspective, does this bill look like it's benefiting you? Or is it just another bet?
ashley powers I haven't heard anything either way, but maybe it's gaining momentum. I haven't heard much about that. I talked to some colleagues on the government side or other law firms about this, and they didn't really know about it.
Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.
