Government Accountability Office

Virtual currencies are financial innovations that pose emerging challenges to federal financial regulatory and law enforcement agencies in carrying out their responsibilities, as the following examples illustrate:

• Virtual currency systems may provide greater anonymity than traditional payment systems and sometimes lack a central intermediary to maintain transaction information. As a result, financial regulators and law enforcement agencies may find it difficult to detect money laundering and other crimes involving virtual currencies.
• Many virtual currency systems can be accessed globally to make payments and transfer funds across borders. Consequently, law enforcement agencies investigating and prosecuting crimes that involve virtual currencies may have to rely upon cooperation from international partners who may operate under different regulatory and legal regimes.
• The emergence of virtual currencies has raised a number of consumer and investor protection issues. These include the reported loss of consumer funds maintained by bitcoin exchanges, volatility in bitcoin prices, and the development of virtual-currency-based investment products.

This report discusses (1) federal financial regulatory and law enforcement agency responsibilities related to the use of virtual currencies and associated challenges and (2) actions and collaborative efforts the agencies have undertaken regarding virtual currencies.

To address these objectives, Government Accountability Office (GAO) reviewed federal laws and regulations, academic and industry research, and agency documents; and interviewed federal agency officials, researchers, and industry groups. GAO recommends that Consumer Financial Protection Bureau (CFPB) take steps to identify and participate in pertinent interagency working groups addressing virtual currencies, in coordination with other participating agencies.

Twenty-four major federal agencies did not consistently demonstrate that they are effectively responding to cyber incidents (a security breach of a computerized system and information).

Based on a statistical sample of cyber incidents reported in fiscal year 2012, Government Accountability Office projects that these agencies did not completely document actions taken in response to detected incidents in about 65 percent of cases (with 95 percent confidence that the estimate falls between 58 and 72 percent).

The Department of Homeland Security and a component, the United States Computer Emergency Readiness Team (US-CERT), offer services that assist agencies in preparing to handle cyber incidents, maintain awareness of the current threat environment, and deal with ongoing incidents.

Officials from the 24 agencies GAO surveyed said that they were generally satisfied with the assistance provided, and made suggestions to make the services more useful, such as improving reporting requirements. Although US-CERT receives feedback from agencies to improve its services, it has not yet developed performance measures for evaluating the effectiveness of the assistance it provides to agencies.

Without results-oriented performance measures, US-CERT will face challenges in ensuring it is effectively assisting federal agencies with preparing for and responding to cyber incidents.

GAO conducted this study because the number of cyber incidents reported by federal agencies increased in fiscal year 2013 significantly over the prior 3 years. GAO was asked to review federal agencies' ability to respond to cyber incidents.

To do this, GAO reviewed the extent to which (1) federal agencies are effectively responding to cyber incidents and (2) DHS is providing cybersecurity incident assistance to agencies. GAO also examined DHS and US-CERT policies, procedures, and practices, and surveyed officials from the 24 federal agencies on their experience receiving incident assistance from DHS.

GAO is making recommendations to OMB and DHS to address incident response practices governmentwide, particularly in CyberStat meetings with agencies; to the heads of six agencies to strengthen their incident response policies, plans, and procedures; and to DHS to establish measures of effectiveness for the assistance US-CERT provides to agencies. The agencies generally concurred with GAO's recommendations.

Government Accountability Office (GAO) examined Federal Communications Commission (FCC) license data for five wireless services and found that buildout requirements were met for 75 percent of those licenses, and FCC generally terminated those that did not.

As part of enforcement, FCC also grants or dismisses licensees’ requests to extend the deadline for meeting a requirement. FCC may grant an extension if the licensee shows that it cannot meet a deadline due to causes beyond its control, like a lack of available equipment. For the five wireless services examined, GAO found that extensions were requested for 9 percent of licenses, and FCC granted 74 percent of these requests.

FCC officials said that the Commission seeks to be aggressive but pragmatic when enforcing buildout requirements, including being flexible on deadlines when needed. Some licensees and industry associations GAO interviewed said that extensions can provide needed flexibility when unexpected problems occur. Some concerns were raised, however, that granting extensions can undermine buildout requirements by creating an impression that they will not be strictly enforced.

Stakeholders GAO interviewed generally said that buildout requirements are effective in meeting two of four goals commonly cited in FCC documents and statute -- encouraging licensees to provide services in a timely manner and preventing the warehousing of spectrum. Stakeholders had mixed views on the effectiveness of buildout requirements in meeting two other goals -- promoting innovative services and promoting services to rural areas -- largely because they believed that other tools could better address these goals. Other tools stakeholders mentioned include greater use of spectrum licenses that allow a wider array of uses and providing licensees with subsidies to serve rural areas.

Nearly all the licensees and industry associations GAO interviewed said they support FCC having buildout requirements, while spectrum policy experts GAO interviewed were mixed in their support of the requirements. Experts who did not support buildout requirements said that the requirements are set too weak or that other tools could better meet FCC goals, among other reasons.

Increasingly, small businesses rely on Internet-based applications to improve efficiencies and expand market access. Although broadband Internet access is widely available to businesses, areas of the country remain that still have little or no access.

Since 2008, federal programs have provided over $15 billion in funding to help deploy broadband to these areas. Additionally, some municipal governments have begun to build and operate networks to provide broadband access to their communities. GAO was asked to describe issues related to broadband availability for small businesses.

This report addresses (1) the federal government's efforts to ensure the availability of broadband services for small businesses, and (2) the effect of selected federally funded and municipal networks on broadband service and small businesses. GAO reviewed documents and interviewed officials from five federal agencies that support broadband deployment and research on broadband availability. Federally funded programs to expand broadband access encompass but do not specifically target small businesses.

These programs -- the Broadband Initiatives Program (BIP), Broadband Technologies Opportunities Program, Community Connect Grants, Connect America Fund, Rural Broadband Access Loan and Loan Guarantee Program, and Telecommunications Infrastructure Loan Program -- have eligibility requirements based on the need of an area, as well as deployment requirements that can maximize the number of businesses served. Improvements to broadband service have resulted from federal funding and the existence of municipally operated networks. Service providers have used federal funding for expansions and upgrades, such as building out to previously unserved areas and replacing old copper lines with fiber optic cable, resulting in faster and more reliable broadband connections.

[March 10]