U.S. federal policymakers continued to focus on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the fourth quarter of 2019, including by introducing substantive bills that would regulate the use of such technology and by supporting bills aimed at further study of how such technology may impact different sectors. In our fourth AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”).
This quarter, members of Congress introduced legislation addressing facial recognition and biometric recognition technologies.
- Sen. Chris Coons (D-DE) introduced the Facial Recognition Technology Warrant Act of 2019 (S.2878), which would prohibit government agencies from using facial recognition technology to engage in ongoing surveillance of an individual or group of individuals in a public space, unless the use is in support of a law enforcement activity and the agency obtains a court order or an exigent circumstance exists. Of note, the bill defines “ongoing surveillance” as “the utilization of facial recognition technology to engage in a sustained effort to track the physical movements of an identified individual through 1 or more public places where such movements occur over a period of time greater than 72 hours, whether in real time or through application of such technology to historical records.” The bill would also require a trained officer to examine the output or recommendation of any facial recognition system before the agency investigates or otherwise interacts with an individual identified by the system. Finally, the bill would require agencies, in consultation with the National Institute of Standards and Technology (“NIST”), to establish testing procedures regarding all facial recognition technology systems.
- Sen. Cory Booker (D-NJ) introduced the No Biometric Barriers to Housing Act of 2019 (S.2689), which would prohibit the use of biometric recognition technology and biometric analytics in certain federally assisted rental dwelling units, including the greater building or grounds containing the dwelling unit.
Internet of Things
In the IoT space, some members of Congress remained focused on establishing public-private working groups to study IoT. Shortly after the new year, on January 8, 2020, the Senate passed one of the bills it had been examining throughout the fourth quarter of 2019, the DIGIT Act (S.1611). The bill was introduced by Sen. Deb Fischer (R-NE). It would convene a working group of federal entities and private sector stakeholders tasked with providing a recommendation to Congress on how to facilitate the growth of IoT technologies. Although the House of Representatives does not have a current companion measure, a very similar bill was introduced in the last Congress by Rep. Erik Paulsen (R-MN), H.R.686.
Cybersecurity – Relating to AI and IoT
Congress maintained its focus on advancing familiar energy and infrastructure cybersecurity bills. After being reported from committee in the last quarter, bills in both chambers addressing energy and infrastructure cybersecurity have been placed on each chamber’s respective legislative calendar for further consideration—these bills include the Pipeline Security Act (H.R. 3699), the Enhancing Grid Security through Public-Private Partnerships Act (H.R.359), the Cybersecurity Preparedness Act (H.R.370), the Cyber Sense Act of 2019 (H.R.360), the Enhancing Grid Security through Public-Private Partnership Act (S.2095), and the PROTECT Act (S.2556). Near the end of this quarter, the following bills were also introduced in this same area:
- 21st Century Power Grid Act (H.R.5527): Introduced by Rep. John Sarbanes (D-MD), this bill would require the Secretary of Energy to establish a program to provide financial assistance for projects relating to the modernization of the electric grid. Each plan would be required to include development of a cybersecurity plan.
- Grid Modernization Research and Development Act of 2019 (H.R.5428): Introduced by Rep. Connor Lamb (D-PA), this bill would amend existing legislation to direct Federal research on grid modernization and security.
In addition to Congress’s continued focus on energy and infrastructure, the following measures were also introduced in this quarter:
- Cyber Shield Act (H.R.4792; S.2664): Introduced by Rep. Ted Lieu (D-CA) and Sen. Edward Markey (D-MA) in their respective chambers, this bill (which was first introduced in this last Congressional session) would establish a voluntary program to identify and promote internet-connected products meeting certain industry cybersecurity and data security standards.
- Internet of Things Cyber Security Training for Federal Employees Act (H.R.4774): Introduced by Rep. Ro Khanna (D-CA), this bill would amend existing law to include further responsibilities for relevant agencies related to cybersecurity training, and in particular security training related to internet-connected devices.
Connected and Autonomous Vehicles
Congress did not roll out comprehensive CAV legislation in 2019, but bipartisan, bicameral efforts to introduce such a bill are reportedly underway. In the fourth quarter of 2019, federal lawmakers continued seeking stakeholder input on the testing and deployment of CAVs, in an effort to introduce legislation that builds from and improves upon the SELF DRIVE Act (House) and AV START (Senate), both of which did not pass in 2018 amidst concerns around safety and security. On November 20, 2019, the Senate Committee on Commerce, Science, and Transportation held a hearing on deploying safety technology for highly automated vehicles. The hearing examined the perspectives of the Department of Transportation (“DOT”), National Transportation Safety Board (“NTSB”), and National Highway Traffic Safety Administration (“NHTSA”) on the testing and use of CAVs, balancing safety concerns with the promises of advanced technology to enhance mobility offerings. In the coming year, further efforts to introduce comprehensive federal CAV legislation will likely continue to focus on safety measures, as well as reconciling stakeholder perspectives on cybersecurity, data privacy, federal preemption, and arbitration clauses.
Federal agencies, including the safety and transportation agencies mentioned above, continue to play a role in steering the testing and deployment of CAV technologies. Of note, in the fourth quarter, the Federal Communications Commission (“FCC”) took action that may drive developments in the CAV industry. In December, the FCC issued a notice of proposed rulemaking seeking to reallocate the 5.9 GHz band for unlicensed operations and Cellular Vehicle to Everything (“C-V2X”) technologies, while potentially preserving portions of the band for existing dedicated short-range communications (“DSRC”) technologies. As we have previously discussed, the 5.9 GHz band has been a political issue subject to disagreements among the FCC, DOT, and members of Congress on both sides of the aisle, as they consider which technologies to pursue and whether enough spectrum exists to safely share among different use cases. Reallocation of the 5.9 GHz band for unlicensed operations or C-V2X technologies could have a significant impact on the deployment of CAVs that rely on such technologies, as well as the IoT ecosystem more generally, especially to the extent that such reallocation of spectrum facilitates the roll out of 5G.
At the state level, California ended the fourth quarter with a noteworthy regulatory development. In December, the California Department of Motor Vehicles (“DMV”) approved revised regulations allowing the testing and deployment of light-duty autonomous delivery vehicles weighing less than 10,001 pounds on California’s public roads. The permitting system now applies to midsized pickup trucks and cargo vans carrying goods such as pizza or groceries. The DMV’s regulations, however, continue to exclude the autonomous testing or deployment of vehicles weighing more than 10,001 pounds, such as trucks, buses, and heavy-duty construction vehicles.
This is the fourth installment of Covington’s quarterly update on AI and IoT legislative developments.
If you have any questions concerning the material discussed in this client alert, please contact the following:
Layth Elhassani +1 202 662 5063 firstname.lastname@example.org
Holly Fechner +1 202 662 5475 email@example.com
Jennifer Johnson +1 202 662 5552 firstname.lastname@example.org
Lee Tiedrich +1 202 662 5403 email@example.com
Lindsey Tonsager +1 415 591 7061 firstname.lastname@example.org
Muftiah McCartin +1 202 662 5510 email@example.com