A grassroots event to educate the IT industry on tech-related legislation brought out about two to three dozen entrepreneurs, educators and parents Monday morning to the downtown office of the Illinois Technology Association (ITA). The TechVoice Illinois briefing, hosted by ITA and CompTIA, and sponsored by Google, was an informal forum that touched on patent litigation reform, immigration, cybersecurity, taxes and STEM education.
The forum was moderated by Andrew Hoog, chief executive officer of viaForensics in Oak Park, Ill. The conversation highlighted the relationship and contrasting levels of activity between federal and state legislation, with states like Oregon, California, Vermont and Illinois frequently cited as leaders in IT reform. “The state level is a more immediate process, but Congress is more of the long game,” said Elizabeth Hyman, CompTIA’s vice president for public advocacy. “When we work together, we can marry up what’s working at the state level and use that to support and complement the work at the federal level.”
Trolling for Patent Reform
Patent legislation and the pressing issue of demand letters sent by patent assertion entities (PAEs) were first on the docket. “In the world of patents, it’s always been this mutually assured model: We’re not going to sue each other because we’re both trying to make things,” said Jonathan Williams, director of state government affairs for Intel Corp. “That breaks down when one company doesn’t want to make things; they simply want to sue.”
PAEs alert companies of patent infringement, usually by way of a demand letter. Industry advocates say these letters aren’t transparent and in some cases equate extortion.
“As an attorney I respect the model of [PAEs], but it’s gotten far out of hand,” said Jonathan Pasky, principal and chief executive officer of Pasky IP. “You can send a demand letter that doesn’t name the patent or the company suing you. It just says, ‘Send $5,000 to a bank in Ireland.’ That’s legal. That practice by itself needs to stop.”
Tech advocates working to reform laws regarding these so-called patent trolls say an important step is getting evidence in the hands of Congress. “Small businesses, please share the demand letters that you get. That is what’s going to make D.C. stand up and notice,” Williams said, echoing a call to action from Hyman, who led a related outreach at CompTIA’s recent TechVoice D.C. Fly-In 2014.
“States are not waiting,” Williams said, citing recent bills passed in Oregon and Vermont, and Attorney General Lisa Madigan’s similar fight in Illinois. “States can take a leadership position and use consumer protection statutes in the state to protect businesses from these practices.”
In February, adding to a slate of bills in the Senate on various aspects of the patent troll matter, U.S. Sen. Claire McCaskill (D-Mo.) introduced legislation addressing the transparency of demand letters as it relates to so-called patent trolls. The legislation is currently awaiting markup, Hyman said. “There are a lot of parties out there saying it’s too fast, it’s unprecedented,” she added. “Sorry, I don’t buy that. This is a call to action that’s really relevant right now. Let’s get the word out to the U.S. Senate that the demand letter issue is real and it’s relevant.”
STEM Education and Immigration Reform
Small businesses are always looking to retain quality talent, and the IT industry is suffering because of U.S. immigration policies, the panel agreed. Students come to the U.S. to attend universities, but many must leave the country once their education visas expire.
“We get these kids from Big 10 schools and we can’t staple a green card to a diploma like we should, so we send them back to their own countries,” Williams said. Intel’s been banging the drum on this for years, he said, but small business owners are the ones who need to speak up. “As a small business leader, when you say, ‘I don’t have access to the talent,’ that matters. We need you in the small business community to help us carry the flag on this issue and bring it across the finish line.”
While the IT industry’s desire for immigration reform isn’t a controversial position, it gets tied to other politicized issues, like border security and undocumented workers, so reform gets bogged down. IT advocates keep hammering away at Washington, though, including FWD.us, a lobbying group led by Facebook founder Mark Zuckerberg. A representative from the group sat in on the TechVoice forum.
“One of the things that’s neat about TechVoice is that if we collectively pool our voices, maybe we can proactively get that message out,” Hoog said.
The group touched also on science, technology, education and math (STEM) education, highlighting the need to expose students to more and better STEM programs. The discussion highlighted some positives: The White House just announced its inaugural Maker Faire, scheduled for this summer. CompTIA is supporting a growing movement where high school students can earn college credits while earning vendor-neutral certifications. Tech-savvy parents are introducing their kids to tech at home. “Whether it’s from Intel, CompTIA or as a parent, doing these kinds of things with kids will really help them in the future,” said Hoog, who spends time each week teaching his 9-year-old daughters about programming.
Cybersecurity Best Practices
The forum closed on the topic of cybersecurity, focused on data breach notification legislation. Most startups don’t start worrying about cybersecurity until it affects them, Pasky said. In his experience, many startups create a privacy policy by copying and pasting someone else’s, an unadvisable practice. “This used to be a state-by-state issue, but now you’re doing international business, even if you don’t realize it,” Pasky said. “You have the same problems as the bigger companies, but without the financing to help.”
California again came up as a state taking proactive measures, and Williams applauded state attorneys general who send out best practices regarding cybersecurity. “Voluntary best practices are good to know and adhere to because ultimately, that’s where the legislation will go,” Williams said.
State to state, it’s a patchwork of legislation, Hyman said. “Say you’re from Massachusetts and you travel down to Florida and purchase a latte using your iPhone. If there’s a breach in Florida, that company is obligated to follow the laws in Massachusetts, and they don’t even know it.”
Hyman noted that while states can take a leadership role in many instances, data breach notification is an area where federal legislation is needed. Legislators in Washington are considering various proposals, and businesses need to weigh in with their views on how to define what a breach entails, when a company has to report it and to whom. “There are a lot of nitty gritty pieces to the legislation,” she said.
The group also discussed the Framework for Improving Critical Infrastructure Cybersecurity, released in February by the National Institute of Standards and Technology (NIST). The framework is a voluntary compliance set of standards, guidelines and best practices for mitigating risk. Hyman said the framework has around 100 recommended components. Noting that might seem onerous to small businesses, she referenced the CompTIA Security Trustmark, which covers the major subsets of the framework. “It’s a great way for companies to distinguish themselves and show that they’ve taken these steps to comply,” she said.
TechVoice is powered by CompTIA and TECNA. For more information, visit www.techvoice.org .
Michelle Peterson is the specialist, communications editor for CompTIA.