Mark R. Warner

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) joined a group of more than 20 Democratic Senators in sending a letter sent to the Federal Aviation Administration (FAA) and Department of Justice (DOJ) urging them to strengthen airline requirements to ensure airline personnel protect women on board from sexual assault. The letter follows shocking media reports detailing firsthand experiences showing airlines are ill-equipped to handle accusations of sexual assault on airplanes. 

“As our country continues to combat the threat of violence against women, it is critical that no space be immune to the protections and support we afford survivors of sexual assault,” the Senators wrote. “We must do all we can to ensure passengers’ rights and health are protected, flight crews are fully trained and equipped to handle sexual assaults, and that pertinent information is being reported to law enforcement to ensure justice.”

Sen. Warner also co-authored the Stop Trafficking on Planes (STOP) Act with Sen. Amy Klobuchar (D-MN), which would require training for certain airline industry employees to recognize and report suspected human trafficking to law enforcement. Language from the STOP Act was included in the FAA Extension, Safety and Security Act of 2016, which was signed into law on July 15, 2016. 

The full text of the letter is below.

The Honorable Loretta Lynch

Attorney General

U.S. Department of Justice

950 Pennsylvania Avenue NW

Washington, D.C. 20530

The Honorable Michael Huerta

Federal Aviation Administration

U.S. Department of Transportation

800 Independence Avenue SW

Washington, D.C. 20591

Dear Attorney General Lynch and Administrator Huerta:

As our country continues the fight to end violence against women, it is critical that no space be exempt from protection or devoid of support for survivors of sexual assault. We write to express our deep concern that airplanes appear to be just such a place.  Specifically, we are concerned with the apparent lack of standards and support provided to airline personnel about how to address and respond to incidents of sexual harassment and assault aboard commercial aircraft. We urge you to review, clarify, and develop requirements for airlines to ensure flight attendants, crewmembers, and pilots who may have to respond to an incident while aboard the aircraft are prepared to support the survivor and take the steps necessary to hold the alleged perpetrator accountable.

Recently, one of our offices heard from an individual who was sexually assaulted on a long distance flight, and although she was provided a new seat for several hours, she was ultimately asked by the flight attendants to return to her original seat next to her attacker for landing. When she refused, they seated another male passenger next to him, offering airline miles for his inconvenience. Like many Americans, this passenger is often on long distance flights for work. Concerned with the response to her sexual assault, and under the impression that a report had been filed with the relevant authorities, she followed up with the airline. She was shocked to learn no report was filed. Unfortunately, the experience of this individual does not seem to be an isolated incident, as recent media reports have highlighted underreporting by airlines, apparent inadequacies in airline responses, and a lack of policy and guidance to address the issue.[1]

Federal law makes clear that sexual abuse offenses that are criminal under 18 U.S.C. are also criminal when committed in the special aircraft jurisdiction of the United States.[2] Additionally, the Federal Aviation Administration (FAA) is tasked with carrying out duties related to aviation safety, including sexual assault.[3] We believe the federal government has a role to play in the safety of passengers and crewmembers that experience sexual assault aboard commercial aircraft. The primary role of the flight attendants and crewmembers is safety, however, we understand many may not be sufficiently trained to recognize and respond appropriately to an in-flight case of sexual assault or harassment. Although the FAA has regulations that outline the required training programs for flight attendants and crewmembers, there are no explicit guidelines for handling sexual assault. 

We find this troubling and unacceptable. The National Crime Victimization Survey estimates that women experience approximately 270,000 sexual assaults each year, and more than 90 percent of sexual assaults recorded are committed against women.[4] The aftermath of a violent or sexual crime can be psychologically, physically, or financially devastating for a survivor. Long distance flights often occur overnight. There are extended periods where no flight attendants walk through the aircraft cabin, and many guests sleep before landing in a different time zone. Such characteristics could make long distance flights a particularly hazardous place for travelers by presenting a prime opportunity for these crimes to occur. All passengers should be able to travel without the worry of being sexually assaulted. We must support those with authority, like flight attendants, crewmembers, and pilots, to ensure that an incident of sexual assault is halted, prevent a repeated attack, support and help the survivor, and ensure the event is documented and reported to the proper authorities.

It is critical that we work together to immediately identify, understand, and address the issue of sexual harassment and assault aboard commercial aircraft. Given the broad scope of the issue, we request the FAA and U.S. Department of Justice work across the federal government and industry to:

•       Convene stakeholders and establish a working group with the relevant federal agencies; unions representing flight attendants, crewmembers, and pilots; airlines; Office of Victims of Crime; law enforcement; and sexual assault advocacy organizations to discuss and identify the issues and gaps, and develop policy solutions to support survivors of sexual assault;
•     Collect data to understand the prevalence of sexual assault aboard commercial aircraft among passengers, flight attendants, crewmembers, and pilots; and
•     Identify, collect, and develop federal rules, guidelines and best practices for responding to sexual assault aboard commercial aircraft, including guidance on timely reporting.

We must do all we can to ensure passengers’ rights and health are protected, flight crews are fully trained and equipped to handle sexual assaults, and that pertinent information is being reported to law enforcement to ensure justice.  We appreciate all the work you do to ensure our national airways are safe and reliable.  Thank you for your consideration of our views.

###

WASHINGTON – Today, U.S. Senators Mark R. Warner and Tim Kaine (both D-VA) announced that the U.S. Department of Agriculture (USDA) has awarded more than $70.4 million to help finance projects to increase reliability of rural electric utility systems in Virginia. These loans, which are part of the Electric Program of the Rural Utilities Service, are targeted to rural regions where capital is limited, and will help finance infrastructure upgrades, create jobs and improve operations for rural electric customers in Virginia.

“Infrastructure investments like these will promote job growth, and many rural communities in Virginia need help bringing their utility systems to 21^st century standards,” said Sen. Warner. “These low-interest loans will help improve reliability for rural residents and businesses, which in turn strengthens our entire economy.”

The $70.4 million in funding will be disbursed to the following electric cooperatives in Virginia:

• $28,162,000 in loans to the BARC Electric Cooperative in Millboro, VA to build and improve 63 miles of electrical line, fund smart grid projects, and make other system improvements. BARC Electric Cooperative will also use the funding to construct the first phase of a system-wide fiber-optic communication network.
  
  
• $23,800,000 ARC loan to Central Virginia Electric Cooperative in Arrington, VA to build and improve 307 miles of electrical line, fund smart grid projects and make other system improvements.

• $18,500,000 loan to Northern Neck Electrical Cooperative in Warsaw, VA to build and improve 89 miles of electrical line, fund smart grid projects and make other system improvements.

Additionally, under this announcement, USDA will award a $375,000,000 loan to the National Rural Utilities Finance Corporation, which is headquartered in Sterling, VA and serves electric cooperatives across the country.

###

WASHINGTON – Today, U.S. Senators Mark R. Warner and Tim Kaine (both D-VA) announced that the Appalachian Regional Commission (ARC) has awarded more than $6.6 million to promote cybersecurity readiness, unmanned aerial systems, and other workforce development programs in southwest Virginia. The funding comes as part of the Partnerships for Opportunity and Workforce and Economic Revitalization (POWER) Initiative, a multi-agency effort aligning and targeting federal economic and workforce development resources to communities and workers across the Appalachian region. These funds are expected to create or retain 520 direct and indirect jobs throughout the region.

“Wise County put itself on the map in the drone world over a year ago by successfully making the first medical package delivery by drone anywhere in the United States. Today’s grant, which I was proud to strongly support, further bolsters the region as a key hub for unmanned aerial systems,” said Sen. Warner, co-founder of the bipartisan Senate Cybersecurity Caucus. “We need to continue working together at the federal, state, regional and local levels to build a stronger and more diverse economy, and getting southwest Virginia into the game early-on with growing industries like unmanned systems and cyber will position it to compete in the 21st century economy.”

The $6.6 million in POWER grants will be disbursed to the following four projects:

• $2,220,000 ARC grant to the Industrial Development Authority in Wise, VA for the Virginia Emerging Drone Industry Cluster Project. ARC funds will be used to position five counties in Southwest Virginia as a national destination for the development of a drone-operator workforce to support the emerging unmanned aerial vehicle industry in the United States. The award will enable Mountain Empire Community College to offer courses that train students, including former coal industry workers, to operate drones and drone sensors to provide commercial and government services—including geospatial surveys, close-up inspections of fixed structures, and mapping. The award will train 64 new workers, leverage $15,000,000 in additional investment, and enable a private aerospace company in the region to perform work on a major contract, thereby creating 210 new direct and indirect jobs.
  
  
• $1,420,219 ARC grant to Southwest Virginia Community College (SWCC) in Cedar Bluff, VA for the Southwest Virginia Regional Cybersecurity Initiative. The initiative brings together three colleges in Southwest Virginia—SWCC, Mountain Empire Community College (MECC), and University of Virginia’s College at Wise (UVa-Wise)—and aims to position this seven county southwestern Virginia area as a regional hub for the cybersecurity industry. Specific activities will include creating a certification/credential program aligned with industry needs and National Security Agency guidelines; providing support services to cybersecurity start-up companies that locate to the region; and expanding UVa-Wise’s existing bachelor’s degree program in cybersecurity through an accelerator space in which cybersecurity companies can co-locate research and development activities. Additional funding for the project is being provided by the Virginia Tobacco Region Revitalization Commission.   The project will train 161 new workers and retain 110 jobs.

• $3,000,000 ARC grant to Friends of Southwest Virginia in Abingdon, VA for the Building Appalachian Spring: Growing the Economy of Southwest Virginia project. This comprehensive project will significantly enhance the outdoor recreation industry as an economic driver in a four-county region in southwestern Virginia. ARC funds will be used to develop four access points to the New River that strategically link the river to nearby communities’ hospitality and tourism services; construct a 4,000 square foot Gateway Center to the High Knob Recreation Area – providing visitors with more centralized access to numerous nearby recreation assets; build an Appalachian Trail Center in downtown Damascus; and create a 30-mile, multi-use trail connecting Breaks Interstate Park directly to downtown Haysi’s business district.  The project will increase travel expenditures in project locations by $30 million over the next five years, help create 60 new businesses and 200 new jobs, and is supported by funding from the Virginia Tobacco Region Revitalization Commission.
• $11,108 ARC grant to Round the Mountain: Southwest Virginia’s Artisan Network in Abingdon, VA to provide grant writing assistance to raise funds for the creation of a regional brew cluster that will strengthen Virginia’s agriculture industry and tourism in the region. The project will build off of the extensive network cultivated by the Southwest Virginia Cultural Heritage Foundation.

In August, Sens. Warner and Kaine each contacted ARC to strongly urge support of the grant application by the Wise Industrial Development Authority.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, is asking three federal agencies for information on the tools available—and the additional tools which might be needed—to prevent cyber criminals from compromising consumer products, such as Internet of Things (IoT) devices. The market for IoT products—such as connected refrigerators, smart thermostats, and Internet-enabled cameras—is growing exponentially. Weak security features in many of these products can enable access to user data by hackers, create easy entry points to home or work networks, and allow hackers to hijack devices into enormous botnets used to send crippling amounts of data to specific Internet sites and servers.

Botnets are frequently referred to as ‘zombie computers,’ and Sen. Warner said the metaphor is appropriate: bad actors infect unsuspecting computers and network devices with malware, sending remote commands to hordes of compromised computers to maliciously cripple parts of the Internet. Experts say that is what occurred on Friday, temporarily affecting Twitter, Netflix, PayPal and other popular sites.

“The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic,” Sen. Warner said.  “I am interested in a range of expert opinions and meaningful action on new and improved tools to better protect American consumers, manufacturers, retailers, Internet sites and service providers.”

The text of Sen. Warner’s letter to the Federal Communications Commission (FCC) follows and can be found here. Similar inquiries were also sent to the Federal Trade Commission (FTC) and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC).

October 25, 2016

The Honorable Tom Wheeler

Chairman

Federal Communications Commission

445 12th Street S.W.

Washington, D.C. 20554

Dear Chairman Wheeler,

I have watched with growing concern over the past two months as an ever-larger network of infected devices has been leveraged to conduct the largest series of Distributed Denial of Service (DDoS) attacks ever recorded. According to global telecommunications provider Level 3 Communications, the ‘Mirai botnet’ has more than doubled since the source code was first made public on October 1st.  The Mirai botnet functions by taking control of highly insecure devices, such as ‘Internet of Things’ (IoT) products, and using them to send debilitating levels of network traffic from these compromised devices to particular sites, web-hosting servers, and internet infrastructure providers.  By infecting consumer devices with this malware, attackers can hijack the communications capabilities of users’ devices, using large numbers of them to flood sites and servers with overwhelming traffic. As the co-Chair of the Senate Cybersecurity Caucus, I invite your prompt response to a number of important questions raised by these incidents.

While the precise form of Mirai’s attacks is not new, the scale of these volumetric attacks is unprecedented. The weak security of many IoT devices provides an attractive target for DDoS attackers, leveraging the bandwidth and processing resources of millions of connected devices. Botnets are frequently referred to as “zombie computers” and the metaphor is fitting: bad actors infect unsuspecting computers and network devices with malware, sending remote commands to hordes of compromised computers. Analysts have also noted the dynamic nature of Mirai Command and Control (C&C) servers (platforms used by attackers to send these remote commands to the botnets), with the malicious operator or operators switching C&C servers far more rapidly than in past botnet attacks. The United States Computer Emergency Readiness Team (US-CERT) notes in its alert that the release of the Mirai source code has increased the risk of similar botnets being created, acknowledging at least one new separate malware family leveraging IoT vulnerabilities in a manner similar to Mirai. 

Mirai’s efficacy depends, in large part, on the unacceptably low level of security inherent in a vast array of network devices. Attackers perform wide-ranging scans of IP addresses, searching for devices with poor security features such as factory default or hard-coded (i.e., unchangeable) passwords, publicly accessible remote administration ports (akin to open doors), and susceptibility to brute force attacks.  In my June 6th letter to the Federal Trade Commission (FTC), I raised serious concerns with the proliferation of these insecure connected consumer products, noting that the “ever-declining cost of digital storage and internet connectivity have made it possible to connect an unimaginable range of products and services to the Internet,” potentially without adequate market incentives to adopt appropriate privacy and security measures. Juniper Research has projected that by the end of 2020, the number of IoT devices will grow from 13.4 to 38.5 billion – yet there is no requirement that devices incorporate even minimal levels of security. The internet’s open architecture has been a catalyst for its growth, allowing an enormous range of devices and services to connect to a global, interoperable network. The lack of gating functions, however, has potentially created a systemic risk to the resiliency of the internet.

Additionally, the global nature of the supply chain for such devices requires attention not just to the final product integrator’s practices, but also to that of suppliers throughout the manufacturing process. In the recent Mirai botnet, researchers have identified a single software supplier as responsible for vulnerabilities in a wide range of manufacturers’ products, with Flashpoint concluding that over 500,000 connected devices were vulnerable to Mirai because of an exploitable component from a single vendor’s management software.  Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support. And buyers seem unable to make informed decisions between products based on their competing security features, in part because there are no clear metrics. Because the producers of these insecure IoT devices currently are insulated from any standards requirements, market feedback, or liability concerns, I am deeply concerned that we are witnessing a ‘tragedy of the commons’ threat to the continued functioning of the internet, as the security so vital to all internet users remains the responsibility of none.  Further, buyers have little recourse when, despite their best efforts, security failures occur.

Under the Federal Communications Commission’s (FCC’s) Open Internet rules, ISPs cannot prohibit the attachment of “non-harmful devices” to their networks. It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the “network” – whether the ISP’s own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area.

DDoS attacks can be powerful tools for censorship, criminal extortion, or nation-state aggression. Tools such as Mirai source code, amplified by an embedded base of insecure devices worldwide, accomplish more than isolated nuisance; these are capabilities – weapons even – that can debilitate entire ranges of economic activity.  While the internet was not designed with security in mind, its resiliency –which serves as its animating principle – is now being undermined.

I respectfully request that you respond to the following questions:

1.         What types of network management practices are available for internet service providers to respond to DDoS threats? In the FCC’s Open Internet Order, the Commission suggested that ISPs could take such steps only when addressing “traffic that constitutes a denial-of-service attack on specific network infrastructure elements.” Is it your agency’s opinion that the Mirai attack has targeted “specific network infrastructure elements” to warrant a response from ISPs?

2.         Would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses? Would such practices require refactoring of router software, and if so, does this complicate the feasibility of such an approach?

3.         What advisories to, or direct engagement with, retailers of IoT devices have you engaged in to alert them of the risks of certain devices they sell? Going forward, what attributes would help inform your determination that a particular device poses a risk warranting notice to retailers or consumers?

4.         What strategies would you pursue to take devices deemed harmful to the network out of the stream of commerce? Are there remediation procedures vendors can take, such as patching? What strategy would you pursue to deactivate or recall the embedded base of consumer devices?

5.         What consumer advisories have you issued to alert consumers to the risks of particular devices?

6.         Numerous reports have indicated that users often fail to install relevant updates, despite their availability.  To the extent that certain device security capabilities can be improved with software or firmware updates, how will you ensure that these updates are implemented?

7.         Do consumers have meaningful ability to distinguish between products based on their security features? Are formal, or third-party, metrics needed to establish a baseline for consumers to evaluate products? If so, has your agency taken steps to create or urge the creation of such a baseline?

8.         Should manufacturers have to abide by minimum technical security standards? Has your agency discussed the possibility of establishing meaningful security standards with the National Institute of Standards and Technology?

9.         What is the feasibility, including in terms of additional costs to manufacturers, of device security testing and certification, akin to current equipment testing and certification of technical standards conducted by the Federal Communications Commission under 47 CFR Part 2?

I look forward to your response. If you should have any questions or concerns, please contact Rafi Martina in my office at 202-224-2023.

Sincerely,

Mark R. Warner                                                         

United States Senator            

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Banking Committee, issued the following statement in response to a recent Congressional Budget Office (CBO) report which found that allowing Government Sponsored Enterprises (GSEs) like Fannie Mae and Freddie Mac to retain some of their profits and increase their equity capital could increase the risk to taxpayers by up to $100 billion over ten years:

“The report on recapitalizing Fannie and Freddie from the nonpartisan CBO reinforces how misguided the policy would be, adding another $100 billion to the debt without any concurrent benefits to taxpayers,” said Sen. Warner. “Congress must enact comprehensive housing finance reform that protects access to affordable housing without exposing taxpayers to inappropriate risk.”

Sen. Warner was the lead co-sponsor with U.S. Sen. Bob Corker (R-TN) of the bipartisan Housing Finance Reform and Taxpayer Protection Act, which would have created an explicit government guarantee and preserve the 30-year mortgage, while requiring private capital to stand in front of the government to minimize taxpayer risk.

# # #

WASHINGTON – Today, U.S. Senators Mark R. Warner and Tim Kaine (both D-VA) announced that the Office of National Drug Control Policy (ONDCP) has designated Pulaski County and Wythe County as Appalachia High Intensity Drug Trafficking Areas (HIDTA), as well as Frederick County as a Washington/Baltimore HIDTA. The designations will enable each county to receive federal resources and tools to improve drug control efforts and coordination among federal, state and local law enforcement.

“The devastating effects of drug addiction continue to deeply affect Virginia families and communities. Now—more than ever—we need to provide law enforcement with the necessary tools to fight drug abuse and expand recovery treatment to those who need it,” said Sen. Warner. “While I am glad that these three counties now join others in having this support, we still have a lot of work to do to help the entire Commonwealth fight this epidemic. I look forward to continue to work with ONDCP and other local partners to help us prevent drug use and overdose deaths.”

Created by Congress in 1988, the HIDTA program serves as a catalyst for coordination among federal, state, local and tribal law enforcement agencies operating in areas determined to be critical drug trafficking regions of the United States. Law enforcement organizations working within HIDTAs assess drug-trafficking issues and design specific initiatives to decrease the production, transportation, distribution and chronic use of drugs and money laundering.

Other counties and cities in Virginia that are a part of the HIDTA program include:

• Appalachia HIDTA: Carroll, Grayson, Dickenson, Lee, Scott and Wise;       
• Washington/Baltimore HIDTA: Alexandria, Arlington, Chesterfield, Fairfax County, Fairfax City, Falls Church, Hanover, Henrico, Hopewell, Loudoun, Manassas, Manassas Park, Petersburg, Prince George, Prince William and Richmond.

###

WASHINGTON – Today, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) announced that the Department of Justice (DOJ) has awarded $823,341 in grant funding to support community policing efforts and strategies throughout Virginia. The funding, awarded to state and national organizations headquartered in Virginia, was made available through DOJ’s Office of Community Oriented Policing Services’ (COPS) Community Policing Development Awards program.

“I am pleased that Virginia has received these grants to help advance public safety and foster police-community relationships,” said Sen. Warner. “These federal funds will help ensure police departments have the tools and training they need to increase police involvement in the communities they protect, and improve public trust in law enforcement.”

Under today’s announcement, the following organizations will receive funding:

• International Association of Chiefs of Police: $75,000
• Major Cities Chiefs Association: $75,000
• Major County Sheriffs’ Association: $74,996
• National Organization of Black Law Enforcement Executives: $73,733
• National Sheriffs’ Association: $74,760
• Richmond Police Department: $74,852
• Virginia Community Policing Institute: $375,000

The COPS Office is responsible for advancing community policing nationwide.  Since 1995, COPS has invested more than $14 billion to advance community policing, including grants awarded to more than 13,000 state, local and tribal law enforcement agencies. COPS grants fund the hiring and redeployment of more than 129,000 officers and provide a variety of knowledge resource products, including publications, training and technical assistance.  For additional information about COPS, please visit www.cops.usdoj.gov.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the following statement on the passing of Lynchburg civil rights leader Walter Fore:

“Walter Fore was a champion for working people and an advocate for social justice when those issues weren’t always popular. He was well-respected in Lynchburg, and Walter was someone I was proud to call a friend for more than two decades. I can say with confidence that there are very few people who I have met during my public service career that were as good and decent as he was, and he will be greatly missed.”

###

Sen. Mark Warner (D-VA) released the following statement after the Senate voted to override President Barack Obama’s veto of S. 2040, the Justice Against Sponsors of Terrorism Act (JASTA):

“Today I voted to override the President’s veto of S.2040, the Justice Against Sponsors of Terrorism Act (JASTA).  I chose to support the motion to override after hearing from supporters of this bill, including the families of the 9/11 victims, and considering the concerns that have been raised by the Administration about the bill’s potential unintended consequences on our national security and foreign policy.

Ultimately I believe that the families who lost loved ones on 9/11 should have their day in court. Although I supported passage of the bill, I have grave concerns about the dangerous precedent of opening foreign sovereign immunity. I believe our national security and foreign policy could be put in jeopardy if reciprocal laws are enacted in other countries, with the potential to open U.S. citizens, officials, and service members to foreign lawsuits in which they could be required to disclose classified or sensitive information as part of court proceedings in other countries.

I have joined 27 of my colleagues in sending a bipartisan letter to the bills authors, Sens Schumer and Cornyn laying out our concerns about the legislation and seeking their commitment to work with us to mitigate any potential consequences of enacting this legislation.”

###

WASHINGTON—Today, Sen. Mark R. Warner (D-VA), a member of the Senate Finance Committee, and Rep. Richard E. Neal (D-MA), a member of the House Ways and Means Committee, introduced legislation to close the affiliate reinsurance tax loophole, which currently allows foreign insurance groups to shift their U.S. reserves into low or no tax jurisdictions overseas through the use of related-party reinsurance transactions, thereby avoiding U.S. tax on their investment income. This provides an unfair competitive advantage over U.S.-based companies in attracting capital to write U.S. business.

“As we continue to face a growing budget deficit, I am increasingly worried about the erosion of our U.S. tax base. The Congressional Budget Office estimates that over the next 10 years, corporate income tax receipts will fall by roughly 5 percent – with half of that difference attributable to the shifting of additional income out of the United States. This legislation will help stem the flight of capital and tax revenue abroad, and put all insurers on a level playing field. I am proud to introduce this legislation with Congressman Neal, who has championed this issue for many years,” said Senator Warner.

“I am pleased to introduce legislation to close a loophole that allows foreign insurance groups to strip their U.S. income into tax havens to avoid U.S. tax and gain a competitive advantage over American companies. It is illogical that we continue to allow many foreign-based insurance companies to shift their U.S. income into tax havens to avoiding paying U.S. taxes. By closing this loophole, we not only preserve our US tax base, we will stop an unfair competitive advantage for our U.S.-based companies. I look forward to working with Senator Warner to get this bill enacted into law to which will help bring down the deficit, and restoring a level-playing field for U.S. businesses,” said Congressman Richard E. Neal.

Since 1996, the amount of reinsurance sent to offshore affiliates has grown more than ten-fold from a total of $4 billion ceded in 1996 to nearly $42 billion in 2014, over 90 percent of which went to Bermuda, Swiss and Cayman affiliates.

Under this bill, the deduction for premiums paid to the offshore affiliate is deferred until the insured event occurs. By deferring this deduction, any tax benefit from shifting reserves and associated investment income overseas is effectively recaptured. This is another way of addressing inversions and base erosion, as several U.S. companies have “inverted” into tax havens and numerous other companies have been formed—or been acquired and taken—offshore to take advantage of this tax-avoidance strategy.

The bill allows foreign groups to avoid the deduction disallowance by electing to be subject to U.S. tax with respect to the premiums and net investment income from affiliate reinsurance of U.S. risk. Special rules are provided to allow for foreign tax credits to avoid double taxation. Both the deferral disallowance, and this election would ensure a level-playing field, treating U.S. insurers and foreign-based insurers alike.

For more information on this bill, click here. The full text of this legislation can also be found here.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) today joined a bipartisan group of senators in releasing a letter to Senators John Cornyn (R-Texas) and Chuck Schumer (D-N.Y.) after the Senate voted to override President Barack Obama’s veto of S. 2040, the Justice Against Sponsors of Terrorism Act (JASTA).

Full text of the letter is included below and available online here.

Dear Senators Cornyn and Schumer:

We are writing regarding the anticipated override of the president’s veto of S. 2040, the Justice Against Sponsors of Terrorism Act (JASTA). 

We appreciate the efforts that you have undertaken to allow the families who lost loved ones on September 11, 2001 to have additional recourse. 

We have a great deal of compassion for the families and respect their desire for justice.  We understand your purpose in drafting this legislation is to remove obstacles so those who commit or support terrorist acts in the United States face the full range of consequences of the U.S. legal system.  However, concerns have been raised regarding potential unintended consequences that may result from this legislation for the national security and foreign policy of the United States.  If other nations respond to this bill by weakening U.S. sovereign immunity protections, then the United States could face private lawsuits in foreign courts as a result of important military or intelligence activities.

We would hope to work with you in a constructive manner to appropriately mitigate those unintended consequences.

Sincerely,

###

WASHINGTON—U.S. Sen. Mark R. Warner (D-VA) issued this statement following today’s 72-26 Senate vote on an interim spending proposal that would prevent a federal government shutdown and support critical funding priorities:

“I welcome the Senate’s efforts to avert a government shutdown on October 1, and expect the House to quickly pass this compromise spending proposal. Subsequently, I expect House Republicans to abide by their promise to advance emergency funding for the residents of Flint, Michigan. This legislation contains essential funding not just to keep the federal government operating – something crucial to the Virginia economy – but also to support critical, and overdue, response to the Zika epidemic, support our military operations in Afghanistan, and take steps to combat the opioid epidemic plaguing communities across the U.S.  Nonetheless, it’s unfortunate that political dysfunction has brought us to the point where we celebrate Congress doing the barest minimum of its obligations. As I’ve long-maintained, this is not a responsible way to conduct our nation’s business. Nor is it appropriate for must-pass legislation to be exploited for political advantage, such as with the inclusion of a prohibition on the SEC adopting important transparency requirements on political contributions.”

###

###

WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) applauded today the House’s unanimous passage of the Treatment of Certain Payments in Eugenics Compensation Act (S. 1698), which would exclude eugenics victims’ compensation payments from being used in determining eligibility for, or the amount of, federal public benefits. Without this legislation, eugenics victims who receive compensation payments could see their federal benefits reduced or even have their eligibility eliminated.

The bipartisan legislation, which would protect access to federal safety net programs such as Medicaid, Supplemental Nutritional Assistance Program, Supplemental Security Income, and Social Security Disability Insurance, unanimously passed the Senate last year and now heads to President Obama’s desk to be signed into law.

“This was one of the darkest, most shameful periods in Virginia’s history. We should be doing everything in our power to ensure that the victims of this injustice have unimpeded access to the federal assistance to which they are entitled.” said Sen. Warner. “I look forward to seeing the President sign this important piece of legislation into law.”

State-run eugenics and compulsory sterilization laws victimized more than 60,000 Americans in 33 states from the 1920s to the 1970s. State governments often targeted specific groups for sterilization, including unmarried women, African-Americans, and children from poor families. Victims were often sterilized without their consent or knowledge.

In 2002, then-Governor Warner formally apologized for Virginia’s decision to forcibly sterilize nearly 7,500 Virginians between 1924 and 1979. His apology was the first by the governor of any of the more than 30 states that conducted eugenics sterilizations on a combined 60,000 citizens. Gov. Warner’s act coincided with the 75th anniversary of the U.S. Supreme Court’s Buck v. Bell decision upholding Virginia's eugenics sterilization law.

Last year, Virginia became the second state to pass legislation compensating the victims of a state-run eugenics program. Virginia will award $25,000 to each individual who was involuntarily sterilized and is still alive as of February 1, 2015.

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Intelligence and Banking Committees and cofounder of the bipartisan Senate Cybersecurity Caucus, sent a letter to the U.S. Securities and Exchange Commission (SEC) calling on the agency to investigate whether Yahoo, Inc. fulfilled its obligations under federal securities laws to keep the public and investors informed about the nature of a security breach that has affected more than 500 million accounts.

“Data security increasingly represents an issue of vital importance to management, customers, and shareholders, with major corporate liability, business continuity, and governance implications,” wrote Sen. Warner, a former technology executive. “Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public.  The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.” 

While Yahoo announced last week that it suffered a major breach in 2014, press reports seem to indicate the company may have been aware of the hack as early as July of this year. Under federal law, public companies are required to disclose material events to shareholders within four business days.

“I encourage you to investigate whether Yahoo and its senior executives fulfilled their obligations to keep investors and the public informed, and whether the company made complete and accurate representations about the security of its IT systems. Additionally, since published reports indicate fewer than 100 of approximately 9,000 publicly listed companies have reported a material data breach since 2010, I encourage you to evaluate the adequacy of current SEC thresholds for disclosing events of this nature,” added Sen. Warner.

Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches. Sen. Warner currently is working on bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.

A full copy of the letter can be found below. A PDF is available here.

The Honorable Mary Jo White

Chair

U.S. Securities & Exchange Commission

100 F Street, NE

Washington, D.C. 20549

Dear Chair White:

I write to you about important federal securities matters pertaining to the Yahoo breach that may have affected 500 million accounts, and the associated lack of disclosure by the company to the public.

Last week, it was reported that Yahoo suffered a major breach in 2014, compromising more than 500 million accounts.  Press reports indicate Yahoo’s CEO, Marissa Mayer, knew of the breach as early as July of this year.  Despite the historic scale of the breach, however, the company failed to file a Form 8-K disclosing the breach to the public.

Furthermore, Yahoo has been engaged in an effort to sell its Internet business, including the unit affected by the breach, to Verizon since at least July 25, 2016, yet Yahoo reportedly did not inform Verizon of the breach until September 20, 2016.  More puzzlingly, the company noted in a proxy statement as recently as September 9, 2016 that, “To the knowledge of Seller, there have not been any incidents of, or third party claims alleging, (i) Security Breaches, unauthorized access or unauthorized use of any of Seller’s or the Business Subsidiaries’ information technology systems.”

Disclosure is the foundation of federal securities laws, and public companies are required to disclose material events that shareholders should know about via Form 8-K within four business days.  Data security increasingly represents an issue of vital importance to management, customers, and shareholders, with major corporate liability, business continuity, and governance implications.  A breach of the magnitude that Yahoo and its users suffered seems to fit squarely within the definition of a material event.  Additionally, Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public.  The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it. 

I encourage you to investigate whether Yahoo and its senior executives fulfilled their obligations to keep investors and the public informed, and whether the company made complete and accurate representations about the security of its IT systems.  Additionally, since published reports indicate fewer than 100 of approximately 9,000 publicly listed companies have reported a material data breach since 2010,[3] I encourage you to evaluate the adequacy of current SEC thresholds for disclosing events of this nature.  I would also appreciate answers to the following questions:

1. What steps are you taking to ensure investors are receiving timely and accurate information in compliance with federal securities laws with respect to cybersecurity?
2. What is your plan to address what appear to be deficiencies in disclosure with respect to cyber events?

As always, I appreciate your service in this important role.  Thank you for your timely consideration of this matter.

Sincerely,

Mark R. Warner

United States Senator

###