House Panel Passes RANSOMWARE Act to Get FTC Reports on Cross-Border Work

Matt Anderson Photography/Getty Images

The Energy and Commerce subcommittee also forwarded a bipartisan privacy and data security bill to the full committee but—lacking support from Senate leadership—that legislation appears dead in the water.

Lawmakers on the House Energy and Commerce Committee want the Federal Trade Commission to share its insights and recommendations for securing the U.S. against ransomware and other cyberattacks by amending a law that facilitates the commission’s international law enforcement collaboration.

The committee’s panel on consumer protection and commerce unanimously cleared the RANSOMWARE—or Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies—Act in a legislative markup Thursday.

The US SAFE WEB—or Undertaking Spam, Spyware and Fraud Enforcement with Enforcers Beyond Borders—Act allows the FTC to share evidence with foreign law enforcement agencies and assist in investigations upon their request. The RANSOMWARE Act would require the FTC to report Congress on data from those requests, specifically categorizing those linked to China, Russia, North Korea and Iran.  

The FTC would be required to report, for example, on “the number and details of cross-border complaints received by the commission (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by individuals, companies or governments,” of those nations according to the bill. The data must be “broken down by each type of individual, type of company or government,” it adds.

In addition to reporting on trends the commission has observed, under the bill, the FTC must also share any legislative recommendations for improving its functions under the SAFE WEB Act and for securing the nation against ransomware and cyberattacks in general.

The American Data Privacy and Protection Act, which would require covered entities to implement data protection measures the FTC would deem “reasonable,” also cleared the subcommittee Thursday.

That bipartisan legislation would also require covered entities to report if they send any of Americans’ data to China, Russia, North Korea or Iran.

The bill has the support of Sen. Roger Wicker, R-Miss., the ranking member of the corresponding Senate Commerce Committee, but not its chairwoman, Sen. Maria Cantwell, D-Wash. And on Wednesday, reporting from the Washington Post indicated Senate Majority Leader Charles Schumer, D-N.Y., is unlikely to call the legislation up to the floor of the upper chamber without her backing.

Even within the House Energy and Commerce subcommittee, the bipartisan agreement was tenuous. Members proposed and withdrew amendments on contentious issues like state preemption and the right of individuals—as opposed to the Federal Trade Commission or state attorneys general—to sue violators as a way to bookmark them for further deliberation as the bill moves now to the full committee.