WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and Chuck Grassley (R-IA) today formally requested an FBI briefing on its investigation into the fatal shooting of Bijan Ghaisar by U.S. Park Police in 2017. The FBI announced the conclusion to its lengthy investigation last week, but did not fully explain its findings, including why the two officers opened fire on Ghaisar.

The senators have long sought transparency into the circumstances surrounding the deadly use of force and the FBI’s review of the case, but the FBI largely declined to provide details at the time, citing an ongoing investigation. Now that the investigation has concluded, the senators are demanding greater clarity to provide needed transparency and preserve the public trust.

“Despite nearly two years of investigating this incident in which considerable FBI resources were used, the Ghaisar family, Congress, and the general public still do not have all the answers.  The FBI needs to provide a full and thorough account of the events that led to Mr. Ghaisar’s untimely death,” the Senators wrote.

In January of 2018, Warner, along with Sen. Tim Kaine (D-VA) and Rep. Don Beyer (D-VA), pushed the FBI for an update on the status of the FBI’s investigation into the fatal 2017 shooting. In October of that year, Warner sent a letter to the head of the National Park Service (NPS) regarding the circumstances under which U.S. Park Police officers engaged with Mr. Ghaisar.

Grassley, then chairman of the Senate Judiciary Committee, contacted the FBI about the investigation in December of 2018. The FBI responded in March with little information, provoking a follow-up letter from Grassley.

In June, Grassley and Warner decried the opaque and drawn-out nature of the review in letters to both the FBI and NPS. The FBI provided a brief response in August, leaving many questions unanswered. In October, NPS provided a partial response, which prompted a follow-up letter from the Senators seeking more information.

Following the recent conclusion of the FBI’s investigation, the senators pledged to seek greater transparency. Full text of the senators’ official request for a briefing follows. A copy of the letter is available here.

November 20, 2019

The Honorable Christopher Wray

Director

Federal Bureau of Investigations

Washington, D.C. 20535

Dear Director Wray:

We write today to request a briefing and a response to Senator Warner’s letter from January 30, 2018, Senator Grassley’s letters from December 17, 2018, and March 22, 2019, and the Senators’ joint letter from June 18, 2019, on the shooting of Bijan Ghaisar.  While the FBI has announced it has concluded its investigation into the shooting of Mr. Ghaisar, the FBI has continuously refused to answer several questions that were raised in the aforementioned letters because the investigation had yet to conclude.  Now that the investigation has concluded, we expect to receive answers to these questions and a briefing on the FBI’s investigative process and findings. 

Investigations into the use of deadly force must be handled in a way that reinforces public confidence in law enforcement.  Following completion of these types of investigations, it is necessary for investigators to be fully transparent to ensure that the public understands the circumstances of each incident.  This creates transparency and builds public trust in law enforcement.  Despite nearly two years of investigating this incident in which considerable FBI resources were used, the Ghaisar family, Congress, and the general public still do not have all the answers.  The FBI needs to provide a full and thorough account of the events that led to Mr. Ghaisar’s untimely death.

In order to shed light on this delicate situation, we ask that you respond to Senator Grassley’s and Warner’s letters and provide us with a briefing summarizing the findings of this investigation by no later than December 15, 2019.   Additionally, we ask that you please arrange a time to provide our staffs with a briefing no later than December 6, 2019.

Sincerely,

Charles E. Grassley

United States Senator

Mark Warner

United States Senator

###

WASHINGTON, DC – Today, U.S. Senators Rob Portman (R-OH), Mark Warner (D-VA), Lamar Alexander (R-TN), and Angus King (I-ME) announced the Senate Energy and Natural Resources Committee has approved their bipartisan Restore Our Parks Act, legislation that would address the nearly $12 billion deferred maintenance backlog at the National Park Service (NPS). The bill, which has been praised by key stakeholders, would establish the “National Park Service Legacy Restoration Fund” from existing unobligated revenues the government receives from on and offshore energy development to fund deferred maintenance projects at NPS sites across the country.  Congressman Rob Bishop (R-UT) and Derek Kilmer (D-WA) have led similar legislation in the House of Representatives. The legislation now awaits action on the Senate floor.

“If we want to protect our national treasures for our children and future generations, we must make important investments before it’s too late,” Warner said. “National parks are not only instrumental in telling America’s story, they also serve as important economic engines that support thousands of jobs in communities across the country. In fact, the 22.2 million visitors who explored Virginia’s national parks last year spent an estimated $1.1 billion, supporting more than 16,000 thousand jobs. Today’s committee passage of the Restore Our Parks Act is a big first step in investing in our communities and funding the critical renovations our parks require.”

“For more than a century, the National Park Service has been inspiring Americans to explore the natural beauty of our country,”Portman said. “But in order to keep that work going, we need to ensure that they have the necessary resources to maintain our national parks. This bill will create the Legacy Restoration Fund to provide the National Park Service with funds for deferred maintenance projects like the more than $100 million in maintenance backlog at Ohio’s eight national parks. I’d like to thank Senators Warner, Alexander, and King as well as the cosponsors of his legislation for their leadership on this issue and I look forward to working with my Senate colleagues to get this legislation signed into law so that the National Park Service can continue preserving American treasures.” 

“This legislation could do more to restore our national parks than anything that has happened in the last half century, and the reason we need to restore them is so Americans can enjoy the 419 sites – from the National Mall in Washington, D.C., to the Great Smoky Mountains National Park to the Grand Canyon – for generations to come,” said Alexander. 

“Today’s committee vote represents an important, bipartisan step towards establishing lasting protections for our National Parks, and preserving these treasures for our children and grandchildren,” said King. “From Acadia to Zion, the National Park System captures America’s diverse natural beauty and is a proud reminder of our country’s dedication to preserving public land for all its citizens. As President Theodore Roosevelt once said, ‘There are no words that can tell the hidden spirit of the wilderness, that can reveal its mystery, its melancholy, and its charm.’ We have a collective responsibility to maintain this spirit of the wilderness in our National Parks – and this starts with the $12 billion maintenance backlog. Stewardship of our public lands is not a partisan issue, which is why I’m pleased that the Restore Our Parks Act passed our committee with strong bipartisan support.” 

“Today’s vote in the Senate Energy and Natural Resources Committee is yet another sign of the overwhelming public and congressional support to fix our parks. It’s now up to leadership in the Senate and House of Representatives to advance the bipartisan Restore Our Parks legislation,” said Marcia Argust, director of The Pew Charitable Trusts’ project to restore America’s parks. “Enacting this measure into law would be a historic end-of-the-year gift to our national parks, their millions of visitors, and local economies.” 

“From Acadia to Cuyahoga and the Great Smokies, America’s national parks protect some of America’s most iconic landscapes and most important history, and are beloved by millions. Yet as our parks face years of record-breaking visitation, they are falling into disrepair,” said Theresa Pierno, President and CEO for National Parks Conservation Association. “Billions of dollars are needed to fix parks’ crumbling roads, overgrown trails, broken water and sewer systems and outdated visitor centers. This isn’t the legacy we should be leaving for our children and grandchildren. After years of urging by communities and park advocates, today lawmakers are banding together, across the aisle, to fix our parks. We are grateful for the leadership of Senators Portman, Warner, Alexander and King, as we move one important step closer to providing our parks, rangers and local communities with the support they so desperately need and deserve.”

“The importance of our national parks extends way beyond their conservation and recreation value—they are also vital hubs if of economic activity, driving $40.1 billion in annual economic activity and 329,000 American jobs,” said U.S. Travel Association Executive Vice President, Tori Emerson Barnes.  “The Restore Our Parks Act is a critical step in securing our parks’ infrastructure so that they remain available both for the enjoyment of future generations and to sustain that economic legacy. We thank Senator Portman, for his key role in moving this legislation forward.” 

“America’s National Parks are often called our nation’s best idea, but after decades of inadequate funding and deferred maintenance,”said Thomas Cassidy, vice president for government relations and policy at the National Trust for Historic Preservation. “Our nation risks losing these incredible resources.  Our national parks are more than just places to experience natural beauty—they are places where our children and children’s children can experience the full American story. We applaud Senators Portman, Warner, Alexander and King for their leadership and commitment to our national parks and look forward to working with Congress and the Administration to secure passage of the Restore Our Parks Act.”

“The Restore Our Parks Act represents a significant investment in our national parks, which reflect all that we love and cherish as a nation,” said Will Shafroth, President and CEO, National Park Foundation. “As these places face increased visitation and aging infrastructure, this bill will help protect our parks' natural grandeur, expansive history, and rich cultural heritage. The National Park Foundation applauds bill champions Senator Lamar Alexander, Senator Angus King, Senator Rob Portman, and Senator Mark Warner for their unwavering support. We commend Senate Committee on Energy & Natural Resources Chairman Lisa Murkowski and Ranking Member Joe Manchin for holding today's markup and their shared commitment to addressing our parks’ deferred maintenance needs. As the Foundation continues to enhance the national park visitor experience through philanthropic support, we look forward to the legislation’s timely consideration on the Senate floor." 

“Our national parks are engines of economic growth for gateway communities across the country – and the Restore Our Parks Act is the key to ensuring proper funding to fix our aging and deteriorating national treasures,” said Patricia Rojas-Ungar, vice president of government affairs at Outdoor Industry Association. “OIA applauds the Senate Energy and Natural Resources Committee for working in a bipartisan manner to approve this critical legislation that will result in better infrastructure, healthier communities and a stronger economy. This day would not be possible without the dedication of Senators Portman, Warner, Alexander and King to propel the bill forward. We urge the full Senate to finish the job and pass this legislation as soon as possible.”

“National parks provide major economic opportunities for gateway counties. With National Park Service infrastructure in need of repair, surrounding communities often see declines in tourism,” said National Association of Counties Executive Director Matthew Chase. “The Restore Our Parks Act would help reduce the significant maintenance backlog and ensure positive experiences for visitors to our public lands. We thank the members of the U.S. Senate Committee on Energy and Natural Resources for supporting this legislation and urge the full Senate to act on it quickly.” 

NOTE: The Restore Our Parks Act would establish the “National Park Service Legacy Restoration Fund” to reduce the maintenance backlog by allocating existing revenues the government receives from on and offshore energy development. This funding would come from 50 percent of all revenues that are not otherwise allocated and deposited into the General Treasury not to exceed $1.3 billion each year for the next five years.

###

WASHINGTON, D.C. – U.S. Senators Mark R. Warner and Tim Kaine (both D-VA) joined Senators Ben Cardin (D-MD) and Lisa Murkowski (R-AK) in sponsoring a bipartisan Senate resolution (S.J. Res. 6) that would immediately remove the ratification deadline for the Equal Rights Amendment (ERA). Following this month’s elections in Virginia, the Commonwealth is poised to be the 38th and final state needed to ratify the ERA. If ratified, the ERA would finally guarantee full and equal protections to women in the Constitution.

“More than 96 years after the Equal Rights Amendment was first proposed, Virginia is about to take a giant step forward for women’s equality by becoming the 38th state to ratify the ERA,” Sen. Warner said. “This resolution will ensure that, even though this fight took decades, women’s equality will finally be fully and expressly recognized in our Constitution.” 

“This year marks the 100th anniversary of passage of the 19th amendment, yet women are still not explicitly recognized as equal under our Constitution,” said Sen. Kaine. “This resolution would ensure there’s still time to ratify the ERA, which will finally guarantee equal protections to women and strengthen our ability to fight gender discrimination. I hope Virginia will make history by becoming the 38th state to ratify the ERA.”

“Thank you to Senators Warner and Kaine for their strong support of the Equal Rights Amendment, which would prohibit discrimination based on sex.  Today I filed my first bill for the 2020 General Assembly Session, to make Virginia the 38th state to ratify the Equal Rights Amendment, guaranteeing women the same legal rights and protections as men under the law. Our Commonwealth stands poised to make history – and with champions like Senator Warner and Senator Kaine in Washington, we can finally make sure that the Equal Rights Amendment becomes a part of the U.S. Constitution,” said State Senator Jennifer McClellan, who filed a resolution in the Virginia Senate today to ratify the ERA. 

“Having worked with so many activists across the Commonwealth on two ERA bus tours, I know how important this issue is to women across Virginia. And as one of the first women to graduate from Virginia Military Institute, this fight is personal. It's time to enshrine women’s fundamental rights in the United States Constitution, and I thank Senators Warner and Kaine for being steadfast advocates for equality,” said State Delegate Jennifer Carroll Foy, who filed a resolution in the Virginia House of Delegates today to ratify the ERA.

Thirty-seven states, of the 38 needed, have already ratified the amendment, which Congress approved in 1972. Only one more state is needed among Virginia, Alabama, Arizona, Arkansas, Florida, Georgia, Louisiana, Mississippi, Missouri, North Carolina, Oklahoma, South Carolina, and Utah. The Virginia Senate passed a federal Equal Rights Amendment measure in January, but it was blocked by the then Republican-controlled Virginia House of Delegates. With both chambers now under Democratic control, Virginia is expected to soon become the 38th state to ratify the ERA.

The bipartisan U.S. Senate resolution (S.J. Res. 6) supported by Warner and Kaine would immediately remove the ratification deadline, paving the way for full and equal protections to women in the Constitution. Article V of the Constitution contains no time limits for ratification of amendments, and the states finally ratified the Twenty-Seventh Amendment in 1992 regarding Congressional pay raises more than 200 years after Congress proposed it in 1789 as part of the original Bill of Rights. The ERA time limit was contained in a joint resolution, not the actual text of the amendment, and Congress has already once voted to extend the ERA ratification deadline. The bipartisan resolution sponsored by Warner and Kaine would put to bed any potential ambiguity over adding the ERA to the Constitution once Virginia becomes the 38th state to ratify. 

The Equal Rights Amendment would finally give women full and equal protection under the Constitution. It reads as follows:

• Section 1.  Equality of rights under the law shall not be denied or abridged by the United States or by any State on account of sex.
• Section 2.  The Congress shall have the power to enforce, by appropriate legislation, the provisions of this article.
• Section 3.  This amendment shall take effect two years after the date of ratification.

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, wrote to the Department of Health and Human Services (HHS) regarding a proposed rule by the Centers for Medicare and Medicaid Services (CMS) that would require CMS-funded health plans (including ACA marketplace plans) to allow patients to access their personal health information electronically through third-party consumer applications. In his letter, Sen. Warner urged HHS to include clear standards and defined controls for accessing patient data in order to address the potential for misuse of these interoperability features.

“In just the last three years, technology providers and policymakers have been unable to anticipate – or preemptively address – the misuse of consumer technology which has had profound impacts across our society and economy. As I have stated repeatedly, third-party data stewardship is a critical component of information security, and a failure to ensure robust requirements and controls are in place is often the cause of the most devastating breaches of sensitive personal information,” wrote Sen. Warner. “It is critical that there are proper safeguards are in place to protect patient privacy and sensitive health information. Moreover, there should be more work done by HHS to facilitate greater access to, and transfer of, electronic health information that does not inadvertently enable dominant IT providers to leverage their control over user data outside of the health care context into nascent markets for personalized health products.”

“Across all sectors – including health care – innovative products and services, increasingly dependent upon machine learning, rely on user data as the single most important productive input to innovation and customization. Importantly, however, any approach must balance innovation and ease of access with privacy, security, and a commitment to robust competition. Further, any effort must ensure that such access redounds to the benefit of patients – and that data, once shared with new providers, is not commercialized in ways that benefit those providers without direct benefits or compensation to users,” he continued. “As CMS and HHS move forward with this needed rule – I urge you to include clear standards and defined controls for all stakeholders that ensure third party software applications accessing patient data through APIs are effectively protecting patient information and that patients are appropriately (and routinely) informed, in clear and particularized ways, how their data is used.”

Under the proposed Interoperability and Patient Access rule, CMS would require Medicare Advantage (MA) organizations, state Medicaid and Children’s Health Insurance Program (CHIP) Fee-for-Service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plans (QHPs) on the federally-facilitated exchanges (FFEs) to allow patients to access their personal health information electronically through open application programing interfaces (APIs). APIs would allow third-party software applications to connect to, process, and make the data available to patients.

In the letter, Sen. Warner emphasized the importance of allowing patients to easily access their health information. He also noted the similarities between the proposed rule and the ACCESS Act – bipartisan legislation introduced by Sen. Warner that would promote market-based competition among social media platforms by requiring the largest social media companies to make user data portable, and their services interoperable, with other platforms. The ACCESS Act would also allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose. Additionally, Sen. Warner urged that, at a minimum, the final rule include the following standards:

• Patient Access to Data – A guarantee that patients will have ready access to their personal health data and an ability to regularly monitor and ensure the accuracy of such information. Patients should be informed of all commercial uses of their data, including any third parties their data has been shared with (even if it has alleged to have been anonymized). Patients should also have the right to withhold consent for their data to be shared with third parties, or used in new ways without their consent. Patients should also reserve the right to have third party users dispose of their data upon request.
• Adequate Privacy and Security Safeguards – Ensure participating stakeholders can adequately safeguard patient information by using existing best practices for secure storage and complying with applicable breach notification requirements. Moreover, HHS must work with the FTC and state attorneys general to develop mechanisms to report, supervise, and prosecute privacy and security lapses.
• Documentation of the open API specifications and required security controls – Provide clear attestation of the open API specifications as defined for patient data, the security requirements and controls imposed on healthcare providers, and the third-party platform obligations in managing patient data. 
• Patient Consent and Terms of Use – CMS and HHS should work proactively with the patient, provider and payer community to ensure users have informed proactive consent when user data is shared with a third party. In addition – there should be clear protections in place to ensure third party vendors use patient data solely for purposes in which the patient has expressly given informed proactive consent, including cases where patient information may be sold, and that patients retain the right to direct any party that has acquired their data to delete it upon request. Further, those accessing patient data should be prohibited from conditioning continued access on agreement by the patient to share their data with third parties. 

Sen. Warner has been a longtime critic of poor cybersecurity practices that compromise Americans’ personal information. Last week, Sen. Warner raised concern with HSS’ failure to act, following a mass exposure of sensitive medical images and information by health organizations. In September, he wrote to TridentUSA Health Services to inquire about the company’s data security practices, following reports that a company affiliate exposed medical data belonging to millions of Americans. Earlier that month, Sen. Warner demanded answers from U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate incidents that affected both entities and exposed the personal, permanently identifiable data of many Americans. Sen. Warner has introduced legislation to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.

The letter text can be found below and a PDF is available here.

The Honorable Alex M. Azar II

Department of Health and Human Services

Office of the Secretary

200 Independence Avenue, S.W.

Washington, D.C. 20201

Dear Secretary Azar:

I am writing regarding the proposed rule from the Center for Medicare and Medicaid Services (CMS) on Interoperability and Patient Access that would enable third party consumer applications to access sensitive patient and health plan data through application programming interfaces (APIs) [1]. I share the goals of advancing interoperability in patient health information and believe that – implemented appropriately – this proposal could represent a significant step in that direction. However, I urge CMS to take additional steps to address the potential for misuse of these features in developing the rules around APIs. In just the last three years, technology providers and policymakers have been unable to anticipate – or preemptively address – the misuse of consumer technology which has had profound impacts across our society and economy. As I have stated repeatedly, third-party data stewardship is a critical component of information security, and a failure to ensure robust requirements and controls are in place is often the cause of the most devastating breaches of sensitive personal information.

Congress passed the 21st Century Cures Act (P.L. 114-255) with a key objective of improving the protected exchange of electronic health records across the care continuum. Notably, Section 4003 and 4004 included specific provisions to establish a trusted health information exchange framework and reduce information blocking; it stated that there should be regulation over unreasonable practices to interfere with, prevent, or materially discourage access, exchange, or use of a patient’s electronic health records. While your agency has taken substantial steps to implement fundamental aspects of this legislation, it is critical that there are proper safeguards are in place to protect patient privacy and sensitive health information. Moreover, there should be more work done by HHS to facilitate greater access to, and transfer of, electronic health information that does not inadvertently enable dominant IT providers to leverage their control over user data outside of the health care context into nascent markets for personalized health products.

In your proposed rule CMS would specifically require Medicare Advantage (MA) organizations, state Medicaid and Children’s Health Insurance Program (CHIP) Fee-for-Service (FFS) programs, Medicaid managed care plans, CHIP managed care entities, and qualified health plans (QHPs) on the federally-facilitated exchanges (FFEs) to allow patients to access their personal health information electronically through an open application programming interface (API). Data should be made available through an API so that third party software applications can connect to, process, and make the data available to patients.

I agree that patients should have an ability to easily acquire their health information. The rule is in many ways consistent with bipartisan legislation I have introduced in Congress – the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, which requires our nation’s largest social media companies to make user data portable, and make their services interoperable with other platforms.

Common to both my bill and the proposed rule is a recognition that consumers should have a right to possess their data – and share it with authorized third parties that will protect it. Both proposals also seek to address the control over consumer data that incumbents wield, often to the detriment of new, innovative providers. Across all sectors – including health care – innovative products and services, increasingly dependent upon machine learning, rely on user data as the single most important productive input to innovation and customization. Importantly, however, any approach must balance innovation and ease of access with privacy, security, and a commitment to robust competition. Further, any effort must ensure that such access redounds to the benefit of patients – and that data, once shared with new providers, is not commercialized in ways that benefit those providers without direct benefits or compensation to users.

 As CMS and HHS move forward with this needed rule – I urge you to include clear standards and defined controls for all stakeholders that ensure third party software applications accessing patient data through APIs are effectively protecting patient information and that patients are appropriately (and routinely) informed, in clear and particularized ways, how their data is used. Such standards in a final rule should include at a minimum:

• Patient Access to Data – A guarantee that patients will have ready access to their personal health data and an ability to regularly monitor and ensure the accuracy of such information. Patients should be informed of all commercial uses of their data, including any third parties their data has been shared with (even if it has alleged to have been anonymized). Patients should also have the right to withhold consent for their data to be shared with third parties, or used in new ways without their consent. Patients should also reserve the right to have third party users dispose of their data upon request.
• Adequate Privacy and Security Safeguards – Ensure participating stakeholders can adequately safeguard patient information by using existing best practices for secure storage and complying with applicable breach notification requirements. Moreover, HHS must work with the FTC and state attorneys general to develop mechanisms to report, supervise, and prosecute privacy and security lapses.
• Documentation of the open API specifications and required security controls – Provide clear attestation of the open API specifications as defined for patient data, the security requirements and controls imposed on healthcare providers, and the third-party platform obligations in managing patient data. 
• Patient Consent and Terms of Use – CMS and HHS should work proactively with the patient, provider and payer community to ensure users have informed proactive consent when user data is shared with a third party. In addition – there should be clear protections in place to ensure third party vendors use patient data solely for purposes in which the patient has expressly given informed proactive consent, including cases where patient information may be sold, and that patients retain the right to direct any party that has acquired their data to delete it upon request. Further, those accessing patient data should be prohibited from conditioning continued access on agreement by the patient to share their data with third parties. 

Thank you for your consideration your commitment to advancing interoperability to improve patient care. I believe the outline I have shared would strengthen and ensure the rule achieves its intended purpose.  It is my hope and belief that we can achieve both a higher level of interoperability and patient access to their data, as well as, strong protections for that information. I look forward to continued work with you on this important issue and our shared goals.

Sincerely,

###

WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) today applauded the news that the Chinese government will lift the import ban on U.S. poultry products that has been in place since 2015, effective immediately.

“For years, we have raised concerns about China’s unfair ban on U.S. poultry products and today’s announcement that the ban will be lifted, effective immediately, is great news for Virginia poultry producers,” said the Senators. “While we’re pleased by today’s news that this unreasonable and arbitrary policy will be reversed, we remain deeply concerned that the Trump Administration still appears to lack a comprehensive strategy to deal with China’s unfair trade practices and the long-term threats to U.S. jobs and national security posed by China’s rampant intellectual property theft and economic espionage. We strongly urge the President not to lose sight of those important goals, or the pain the Administration’s tariffs continue to cause for many of Virginia’s businesses, workers and consumers.”

In July 2017, Sen. Warner and Sen. Kaine sent a letter to U.S. Secretary of Agriculture Sonny Perdue, urging the Trump Administration to push the Chinese government to end its ban on the sale of American poultry products. In February of this year, Sen. Warner and eight other bipartisan Senators sent a letter to U.S. Trade Representative Robert Lighthizer, calling on the Trump Administration to reach a trade agreement with China lifting the ban on U.S. poultry and other barriers to U.S. agriculture products while also addressing issues such as Chinese intellectual property theft, forced technology transfer, and unfair subsidies for state-owned enterprises.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) today applauded the inclusion of the Aeronautics Innovation Act – legislation he introduced to help boost aeronautics industry innovation, research and development – in the NASA Authorization Act that was approved today by the Senate Committee on Commerce, Science & Transportation. The NASA funding bill, led by Commerce Committee leaders Sens. Ted Cruz (R-TX), Kyrsten Sinema (D-AZ), Roger Wicker (R-MS), and Maria Cantwell (D-WA), would provide the National Aeronautics and Space Administration (NASA) the clear direction needed to advance the nation’s space initiatives and investments and assert the United States’ global leadership in the final frontier.

“If we want to lead the way in aeronautics innovation, we have to make decisive investments in long-term research and development,” said Sen. Warner. “I applaud my colleagues on the Commerce Committee for including key provisions of my Aeronautics Innovation Act into this year’s NASA funding bill and for their work in getting this through the committee. These provisions will help secure our nation’s standing as the leader in cutting-edge aeronautics innovation and technology.”

Earlier this year, Sens. Warner and Jerry Moran (R-KS), co-chairs of the Senate Aerospace Caucus, reintroduced the Aeronautics Innovation Act to provide a five-year funding commitment to advance innovation and supplement research in the aeronautics industry.

In 2017, the U.S. aerospace and defense industry produced approximately 2.4 million jobs and generated $865 billion in economic output. However, without the proper strategy and investment, the U.S. risks falling behind other industrialized nations in developing and advancing the next generation of aircraft. Forecasts estimate that the world’s demand for passenger aircraft fleet above 100 seats will double over the next 20 years, generating between 35,000 and 40,000 new plane orders, which will be worth more than $5 trillion by 2035.

In addition to advancing aeronautics industry innovation, research and development, the NASA Authorization Act of 2019 would:

• Authorize NASA to reimburse the Town of Chincoteague for the purchase and installation of new production wells to replace contaminated wells located on NASA Wallops Flight Facility property.
• Support NASA’s human spaceflight and exploration efforts to return American astronauts to the Moon and prepare for future journeys to Mars.
• Extend authorization for the International Space Station through 2030 and direct NASA to take steps to grow the “space economy.”
• Require the United States to maintain a continuous human presence in low-Earth orbit through and beyond the useful life of the International Space Station (ISS).
• Support NASA’s leadership in coordinating the development of next generation spacesuits.
• Leverage private sector investment to bolster human space exploration.
• Authorize NASA's Enhanced Use Leasing (EUL) authority. EUL allows companies to lease vacant or underutilized buildings owned by NASA with lease proceeds helping to fund capital improvements at the NASA centers.
• Provide rapid acquisition authorities similar to those that have proven successful at the Department of Defense and other agencies.
• Direct NASA to maintain and upgrade irreplaceable rocket launch and test infrastructure. 
• Support vital life and physical science research to ensure that humans can live in deep space safely.
• Direct NASA to improve upon its planetary defense measures in order to protect Earth from asteroids and other near-Earth objects.
• Affirm NASA’s commitment to aeronautics research by supporting a robust X-plane program as well as work on efficient propulsion concepts and advanced composites.
• Support NASA’s STEM education and workforce efforts.

Last week, the President signed into law a bill introduced by Sens. Warner and Tim Kaine (D-VA) to award the Congressional Gold Medical to four African-American women scientists for their work at NASA Langley.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, today raised concern with the U.S. Department of Health and Human Services (HHS)’s failure to act, following a mass exposure of sensitive medical images and information by health organizations. In a letter to the HHS Director of the Office for Civil Rights, Sen. Warner identified this exposure as damaging to individual and national security, as this kind of information can be used to target individuals and to spread malware across organizations.

“I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it,” wrote Sen. Warner. “As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.”

“These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization,” he continued. “In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected.”

On September 17^th, a report revealed that millions of Americans had their private medical images exposed online, due to unsecured picture archiving and communication servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM) protocol. Along with the medical images, these PACS also exposed the names and social security numbers of those affected, leaving this information open to anyone with basic computer expertise, as these required no authentication to access or download.

This exposure was uncovered by German researchers, who contacted the German Federal Office for Information Security (BSI). BSI then alerted the United States Computer Emergency Readiness Team (US-CERT), who confirmed the exposure and reached out to HHS. However, if they received this information, HHS has failed to act on it, even failing to list TridentUSA Health Services – one of the main companies responsible for the exposure – on its breach portal website.

In his letter to Director Roger Severino, Sen. Warner also raised alarm with the fact that TridentUSA Health Services successfully completed an HHS Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audit in March 2019, while patient images were actively accessible online.

Sen. Warner also posed the follow questions for HHS regarding the incident, and its current cybersecurity requirements and procedures:

1. Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?

     a. If so, what actions were taken to address the issue?

2. What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?

      a. Does OCR have information security experts on staff or does it rely on external consultants as part of these audits?

3. What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?

4. Please describe your information security audit process.

5. Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?

Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In September, Sen. Warner wrote to TridentUSA Health Services to inquire about the company’s data security practices, following reports that a company affiliate exposed medical data belonging to millions of Americans. Earlier that month, Sen. Warner demanded answers from U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate incidents that affected both entities and exposed the personal, permanently identifiable data of many Americans. Sen. Warner has introduced legislation to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.

The letter text can be found below and a PDF is available here.

Mr. Roger Severino
Director, Office for Civil Rights
Department of Health and Human Services
200 Independence Ave SW
Washington, DC 20201

Dear Director Severino,

As the health care industry increasingly harnesses internet connectivity and software, including machine learning systems, to improve patient care, a long overdue focus on data privacy and information security has come into sharper focus. This is particularly evident in light of reports that sensitive medical records of potentially millions of Americans were recently exposed online – and that your agency has done little to address this issue. Prompting even greater concern, one of the companies that left the data exposed online also successfully completed one of your Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audits in March. I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it. As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients, without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.

On September 17^th ProPublica published a shocking report that the sensitive medical images of millions of American patients were exposed online through unsecured picture and archiving and communications servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM), protocol. The publicly-accessible information that had been accessed from Germany included MRI’s, X-rays, and CT scans, as well as names and social security numbers of the patients. The 13.7 million images found on the internet required absolutely no authentication to access or download. As of writing this letter, there are 779 million image records attached to 21.6 million patient records, impacting an estimated 5 million patients in 22 states. The largest system accessed holds 61 million diagnostic images attached to 1.23 million exam records of American patients and remains available on the internet.

In late August, German researchers initiated an investigation to determine the global accessibility and remote access capabilities of PACS. On September 9^th, the researchers concluded their two week inquiry and submitted their findings to the German Federal Office for Information Security (BSI). By September 17^th, BSI had addressed the affected systems which were removed from the internet prior to the publishing of the ProPublica report.

After US-CERT was notified of the problem by BSI, US-CERT contacted the German researchers at Greenbone Networks, confirming they received the data on September 20^th. US-CERT stated the agency would convey the information to the U.S. Department of Health and Human Services (HHS). According to the researchers, however, there has been no further communication from US-CERT or HHS, even though data privacy authorities from other countries like France and the UK contacted Greenbone Networks following the publication of ProPublica’s report.

On September 23^rd, I wrote to TridentUSA Health Services expressing my concern regarding the issues raised in the ProPublica report, and pointed out that MobilexUSA, a TridentUSA Health Services affiliate, was identified as controlling one of the unsecured PACS. On October 15^th, the German researchers demonstrated to my office a number of US-based PACS have open ports, supporting unencrypted communications protocols, exposing images to the internet like chest X-rays and mammograms, and identifying details like names and social security numbers. Those images and medical records continue to be accessible.

These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected. The researchers who discovered the flaw in the DICOM protocol were able to use a polyglot file, which can contain more than one stream of data with different file formats, and hide the malicious code in the scan. In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization.

In their response to my letter, TridentUSA Health Services noted that they successfully completed the Department of Health and Human Services audits, confirming compliance with the HIPAA Security Rule, the last of which concluded in March 2019, while patient images were accessible online.

While the information security lapses by the medical companies using the PACS are clear, it is unclear how your agency has addressed this issue. As of the writing of this letter, TridentUSA Health Services is not included on your breach portal website, and I have seen no evidence that, once contacted by US-CERT, you acted on that information in any meaningful way.

To understand how such an enormous oversight in your organization has allowed medical companies to leave insecure ports open to the internet and accessed repeatedly by a German IP address, I ask that you answer the following questions:

1. Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?

     a. If so, what actions were taken to address the issue?

2. What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?

      a. Does OCR have information security experts on staff or does it rely on external consultants as part of these audits?

3. What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?

4. Please describe your information security audit process.

5. Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?

The American people deserve to have their sensitive private information protected and their government held accountable for enforcing the rules in place to keep that information private. I hope that you will share what immediate actions you are taking, along with answering the questions above. I look forward to hearing your response no later than November 18, 2019.

Sincerely,

###

WASHINGTON, D.C. – Today, U.S. Senators Mark R. Warner and Tim Kaine announced $391,400 in federal funding through the U.S. Department of Agriculture (USDA) for rural business development and public safety.

“We’re pleased to announce these grants to strengthen local businesses and public safety in the Commonwealth,” the Senators said. “This federal assistance will go directly towards supporting local entrepreneurs and law enforcement in Virginia.”

$277,200 in funding comes from USDA’s Rural Business Development Grants program, which seeks to support targeted technical assistance, training, and other activities leading to the development or expansion of small and emerging businesses in rural areas:

• In Bedford, $76,000 will go towards a revolving loan fund to support small and emerging businesses in the area. The fund aims to expand local businesses to create new jobs and stimulate the local economy.
• In Charlotte County, $126,200 will go towards the purchase of a refrigerated truck and a walk-in cooler for Southside Virginia Fruit and Vegetable Producers. The purchase would help distribute locally grown fresh produce to the community, while supporting the local farmers and assisting 12 businesses.
• In Roanoke, $75,000 will go towards a revolving loan fund at The Advancement Foundation to assist small and emerging businesses located in Alleghany, Botetourt, and Buchanan Counties. The fund aims to expand local businesses to create new jobs and stimulate the local economy.

$114,200 in assistance comes from USDA’s Economic Impact Initiative Grant, which seeks to help further the development of essential community facilities in rural areas with extreme unemployment or severe economic depression:

• In Craig County, $25,000 will go towards the purchase of a sheriff's vehicle and equipment. Craig County currently has a patrol car that is no longer deemed be safe or reliable. This purchase will benefit 1,016 people.
• In Clintwood, $21,000 will go towards the purchase of 10 sets of new turnout gear and related equipment to meet the safety requirements for the fire department. The department’s current equipment no longer meets safety requirement and needs to be replaced to ensure the safety of volunteers. This purchase will benefit 1,414 people.
• In Grayson County, $19,200 will go towards the purchase of a new properly equipped sheriff's vehicle. Several of the county’s current vehicles are no longer deemed to be safe or reliable. This purchase will benefit 15,533 people.
• In Lebanon, $25,000 will go towards the purchase of a new properly equipped police vehicle. A number of the county’s current vehicles are no longer deemed to be safe or reliable. This purchase will benefit 3,424 people.
• In Tazewell, $24,000 will go towards the purchase of a police vehicle. The current vehicles are no longer deemed to be safe or reliable. This purchase will benefit 4,627 people.

###

WASHINGTON – Today the U.S. Senate unanimously approved a resolution introduced by U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) and Sens. Ben Cardin and Chris Van Hollen (both D-MD) officially congratulating the Washington Nationals on winning the World Series for the first time in franchise history.

“The Washington Nationals worked hard, played with heart and had fun while they were at it. What a great example for us all,” said the four Senators. “Congratulations to all the players, coaches, staff and fans on an incredible season and a victory that will be remembered for a long time.”

Text of the resolution is available here. Del. Eleanor Holmes Norton (D-DC) is introducing an identical resolution in the House of Representatives.

###

WASHINGTON – Today U.S. Sen. Mark R. Warner (D-VA), a member of the Congressional Bipartisan Historically Black Colleges & Universities (HBCU) Caucus, joined Senate colleagues and leaders from HBCUs – including a student from Virginia Union University in Richmond – in calling on the Senate to pass the bipartisan FUTURE Act, which would restore $255 million in federal funding for HBCUs and Minority Serving Institutions (MSIs) that expired on September 30. While the House of Representatives overwhelmingly passed the FUTURE Act in September, Senate Republicans have blocked this critical legislation from coming to the Senate floor for a vote.

Virginia is home to Virginia Union University, Norfolk State University, Virginia State University, Hampton University, and Virginia University of Lynchburg – all of which stand to lose funding if the Senate fails to act.

“In Virginia, we’re talking about nearly $4 million in funding last year that is at risk unless we pass the FUTURE Act,” said Sen. Warner during today’s press conference. “This is an investment in our students. It’s an investment in the middle class. And it’s time for the federal government to live up its commitment.”

Sen. Warner was also joined today by Jalynn Hodges, a biology major currently serving as the first-ever elected student representative for the Board of Trustees at Virginia Union University (VUU), who underscored how renewing this funding would enable the Virginia Union community to continue to support students who pursue a career in science, technology, engineering and mathematics (STEM) fields.

“When I arrived at my prestigious HBCU in fall of 2017, I entered the gateway into my future. During my first year, I conducted research in our neuroscience and chemistry laboratory where I learned technical and analytical skills that are essential to my long-term academic and professional goals,” said Jalynn Hodges, biology major at VUU.  “With continued mandatory funding, students and faculty will be afforded access to ever changing equipment and laboratories that are consistent with industry standards. It is because of VUU that I am a better version of myself - one who is confident and assured that resources that have been afforded to me have prepared me for my graduate studies in medicine.”

Earlier this week, Sen. Warner joined more than three dozen Senators in a letter to Senate leaders calling for passage of the bipartisan FUTURE Act legislation to renew this vital funding for Virginia’s HBCUs.

“As Virginia’s most affordable 4-year public university, Norfolk State provides access to a quality higher education in a culturally diverse and supportive learning environment. Failure to restore Title III Part F mandatory funding for HBCUs will represent more than a $5.8 million loss for NSU. Without this funding, Norfolk State’s educational programs in both teacher preparation and the STEM fields will be put at risk at a time when we are working to increase diversity in the front of our classrooms, and grow the pipeline of diverse STEM graduates to fill the jobs of the new economy. Norfolk State University expresses appreciation to Senators Warner and Kaine for their leadership on this critical issue, and urges all Senators to join them in securing the future of America’s HBCUs and the students they serve by passing the FUTURE Act,” said Dr. Javaune Adams-Gaston, President of Norfolk State University.

“Failure to pass the FUTURE Act will have serious consequences for America’s HBCUs, their students, and my peers. Norfolk State University’s supportive and culturally aware learning environment has helped me to grow as a leader and put me on the path to success. I would likely not have had these opportunities at other schools. All students regardless of their socio-economic background deserve access to a quality higher education and the opportunity to realize their full potential. It is time for Congress to stand with the students of America’s HBCUs by voting to pass the FUTURE Act,” said Linei Woodson, President of Norfolk State University’s Student Government Association.  

In the mid-1990s, as a successful tech entrepreneur, Warner – who is also a former member of the Board of Trustees at Virginia Union – helped to create the Virginia High-Tech Partnership (VHTP) to connect students attending Virginia’s five HBCUs with internship opportunities in tech firms across the Commonwealth.

###

WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA), members of the Congressional Bipartisan Historically Black Colleges & Universities (HBCU) Caucus, today joined 36 of their colleagues in a new push to pass funding for HBCUs and other minority-serving institutions (MSIs). In a letter to Senate Majority Leader Mitch McConnell (R-KY) and Minority Leader Chuck Schumer (D-NY), the Senators called for the immediate passage of the bipartisan FUTURE Act, which would reauthorize $255 million in mandatory federal funding for these institutions, which expired on September 30, 2019. The House of Representatives approved the legislation unanimously in September.

“HBCUs, TCUs, and MSIs are an essential component of America’s higher education and workforce development system,” the Senators wrote. “Given the importance of this funding to hundreds of institutions and millions of students, we request that the Senate delay no longer and take up the bipartisan FUTURE Act immediately to avoid permanent damage to our nation’s historic colleges.”

Virginia is home to five HBCUs whose funding would be preserved by the FUTURE Act. Virginia State University, Norfolk State University, Hampton University, Virginia Union University, and Virginia University of Lynchburg received nearly $4 million in funding last year, which is now at risk unless Congress passes the FUTURE Act.

Sens. Warner and Kaine continue to be longtime advocates of HBCUs. Earlier this year, both Senators supported the permanent reauthorization of the Land Water Conservation Fund (LWCF), which also includes a provision to support the preservation of HBCU campuses that are listed in the National Register of Historic Places. Last year, Virginia Union, Hampton University, Virginia State, and Virginia University of Lynchburg received grants totaling $2.27 million under the HBCU grant program.

In addition to Sens. Warner and Kaine, the letter was led by Sens. Doug Jones (D-AL) and Jon Tester (D-MT) and signed by Sens. Patty Murray (D-Wash.), Chris Coons (D-DE), Chris Van Hollen (D-MD), Kamala Harris (D-CA), Michael Bennet (D-CO), Tom Udall (D-NM), Dick Durbin (D-IL), Elizabeth Warren (D-MA), Cory Booker (D-NJ), Sherrod Brown (D-OH), Catherine Cortez Masto (D-NV), Dianne Feinstein (D-CA), Jacky Rosen (D-NV), Tina Smith (D-MN), Tammy Baldwin (D-WI), Kyrsten Sinema (D-AZ), Bob Casey (D-PA), Ben Cardin (D-MD), Amy Klobuchar (D-MN), Chris Murphy (D-CT), Brian Schatz (D-HI), Joe Manchin (D-WV), Tom Carper (D-DE), Tammy Duckworth (D-IL), Kirsten Gillibrand (D-NY), Bernie Sanders (I-VT), Mazie Hirono (D-HI), Gary Peters (D-MI), Maria Cantwell (D-WA), Richard Blumenthal (D-CT), Martin Heinrich (D-NM), Ed Markey (D-MA), Robert Menendez (D-NJ), and Debbie Stabenow (D-MI).

A copy of the letter can be found below.

November 4, 2019

Dear Leader McConnell and Leader Schumer:

We write today to respectfully request immediate Senate consideration of the Fostering Undergraduate Talent by Unlocking Resources for Education (FUTURE) Act. This important bipartisan legislation would reauthorize funding for Title III, Part F of the Higher Education Act of 1965, which provides mandatory funds for Historically Black Colleges and Universities (HBCUs), Tribal Colleges and Universities (TCUs), Hispanic-Serving Institutions (HSIs), and other minority serving-institutions (MSIs). Mandatory funding benefiting these institutions lapsed on September 30, 2019.

HBCUs, TCUs, and MSIs are an essential component of America’s higher education and workforce development system. MSIs serve nearly 6 million students, accounting for more than one-quarter of all undergraduates across the nation. These institutions enroll a significant share of all students of color. For example, HSIs account for nearly 15 percent of all non-profit colleges and universities, but enroll two-thirds of all Hispanic students. Also, while HBCUs only comprise 8.5 percent of all four-year institutions, they enroll, on average, 24 percent of all black undergraduates pursuing a bachelor’s degree, graduate 26 percent of all black bachelor’s degrees, and graduate 32 percent of STEM degrees earned by black students. The student population across all TCUs is 78 percent American Indian and Alaska Native. Similarly, these schools disproportionately enroll low-income students – more than 75 percent of students at HBCUs and 90 percent of students at TCUs receive Pell Grants, compared to only 32 percent of all students.

Title III, Part F funding is critical to ensuring these institutions are able to best serve their students. This funding is used for an array of purposes across campuses. Many schools use these funds to improve student services and academic programs like counseling, tutoring, mentoring, and STEM and career training programs. Numerous institutions use the funding to perform technology maintenance and expansion in order to provide students with up-to-date technology and vital learning opportunities such as computer labs, research institutes, and educational experiences. Others put the investment toward capital improvements like constructing affordable housing, renovating facilities, and creating learning spaces for students. All told, the Title III, Part F funding is a lifeline for these institutions to strengthen their academic, administrative, and fiscal capacities.

The bipartisan FUTURE Act will allow HBCUs, TCUs, and MSIs across the country to keep their doors open and continue to generate more opportunities for their students, disproportionate percentages of whom are for the low-income students and students of color. This funding stream plays a vital role in increasing institutional capacity at MSIs and in generating more opportunities for students of color to attain degrees in STEM fields and secure good-paying jobs, generating a strong economic impact. HBCUs, for example, have created over 134,000 jobs and have produced over $10 billion in gross regional product and a total annual economic impact of nearly $15 billion. 

Unfortunately, funding for this program lapsed due to Senate inaction last month. The House of Representatives passed the FUTURE Act by a voice vote last month. Given the importance of this funding to hundreds of institutions and millions of students, we request that the Senate delay no longer and take up the bipartisan FUTURE Act immediately to avoid permanent damage to our nation’s historic colleges.

Sincerely,

###