Overnight Cybersecurity: House leadership reviewing cyber bill
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–ARE WE DONE? I’M HUNGRY: House leadership is reviewing the compromise text of a major cybersecurity bill, indicating lawmakers could be on the cusp of moving the final legislation. Negotiators have spent the last few weeks scrambling to merge three cyber bills that all encourage businesses to share more data on hackers with the government. House Intelligence Committee ranking member Adam Schiff (D-Calif.), who co-sponsored one of the bills, told The Hill a final deal could be reached Thursday night but that nothing is certain. “We’re very close on it,” he said. Unofficial discussions have been taking place since the Senate passed its Intelligence Committee-originated bill in October, six months after the House passed two complementary bills — one from the Intelligence panel, another from Homeland Security. Lawmakers from the House Intelligence and Homeland Security committees met Thursday afternoon to hammer out some outstanding details, before kicking the draft up to leadership. “I think it’s moving in a very positive direction,” House Homeland Security Committee Chairman Michael McCaul (R-Texas), who cosponsored his committee’s bill, told The Hill on his way to the meeting. According to those involved in the discussions, the final language has been almost ready for several days, but an ongoing debate over privacy provisions have drawn things out at the eleventh hour. Multiple people with knowledge of the talks said Thursday that some of these thorny privacy issues remained, suggesting that leadership might make the ultimate call. But lawmakers and several people involved in the negotiations insisted nearly all discrepancies surrounding the portal had been resolved. To read our full piece, click here.
–LOCK IT DOWN: Lawmakers on Thursday said there was no evidence yet the two suspected shooters used encryption to hide from authorities in the lead-up to last week’s San Bernardino, Calif., terror attack that killed 14 people. “We don’t know whether it played a part in this attack,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) told reporters following a closed-door briefing with federal officials on the shootings. But that hasn’t ruled out the possibility, Burr and others cautioned. “That’s obviously one issue were very interested in,” House Intelligence Committee ranking member Adam Schiff (D-Calif.) said. “To what degree were either encrypted devices or communications a part of the impediment of the investigation, either while the events were taking place or to our investigation now?” The recent terror attacks in San Bernardino and Paris have shed an intense spotlight on encryption. While no evidence has been uncovered that either plot was hatched via secure communications platforms, lawmakers and federal officials have used the incidents to resurface an argument that law enforcement should have guaranteed access to encrypted data. “We’ve still got a big problem out there that we’re going to have to deal with and it’s called encryption,” Burr said. To read our full piece, click here.
–NO TAKE-BACKS?: The European Union will have the right to call off a new data transfer agreement with the U.S. at any time if it believes the U.S. is not doing enough to protect citizens’ privacy, the EU Justice Commissioner said Thursday. “In the new Safe Harbour there will be a suspension clause, saying that under concrete conditions we are going to suspend [it],” Commissioner Vera Jourova said at a conference in Brussels. The original Safe Harbor agreement made it legal for U.S. firms to handle European citizens’ data by allowing them to “self-certify” that they met Europe’s stricter privacy controls. The EU high court struck down the pact in October, saying that because of its surveillance practices, the U.S. couldn’t be seen to adequately protect individuals’ privacy. Over 4,000 firms — from hospitality to social media companies — had relied on Safe Harbor to make their cross-Atlantic data transfers legal. Negotiators have been scrambling to update the agreement before Europe’s data protection authorities say they will begin taking enforcement action in January. Skeptics have warned that in the absence of strong enough privacy protections, a new Safe Harbor could be struck down as summarily as the original agreement. To read our full piece, click here.
UPDATE ON CYBER POLICY:
–NOT NOW CHIEF, I’M IN THE ZONE. The Senate Judiciary Committee has pushed consideration of a privacy rights bill that is pivotal to a pair of information-sharing agreements between the United States and the European Union.
The legislation would give European citizens the right to take legal action in the U.S. if their personal information is misused.
Its passage is a prerequisite to an “umbrella agreement” inked this fall that allows the two governments to exchange more information during terrorist and criminal investigations.
Its supporters also suggest that the legislation could have a positive impact on negotiations over a new commercial data transfer agreement between the U.S. and the EU.
The bill will be held over until the next business meeting of the committee, likely after Jan. 1, according to a staff member.
To read our full piece, click here.
LIGHTER CLICK:
–TIS THE SEASON. It’s not very cybery, but it’s Christmassy! After yet another year of waiting, The Hater’s Guide to The Williams-Sonoma Catalog is out!
A REPORT IN FOCUS:
–SHOE-LEATHER REPORTING. In its rush to award a $20-million contract for identity theft protection services in the wake of the first, smaller breach, the Office of Personnel Management ran afoul of several federal contracting rules, according to a now-public report from the agency’s inspector general.
The agency failed to get an independent cost estimate for the contract and mislaid paperwork, report said.
Inspector General Patrick McFarland said his office could not determine whether the mistakes were severe enough to affect the awarding of the contract, but that they were sufficient to “increase the risk of making an improper award.”
The vendor that received the contract, CSID, faced fierce criticism from federal workers and lawmakers.
Critics lambasted the firm for a Web site that crashed easily and interminable phone waits to speak to a representative. Affected individuals were also critical of notification emails that came from CSID addresses, which looked like phishing scams to some.
Read on, here.
WHO’S IN THE SPOTLIGHT:
–FRENCH WIFI. France does not have any plans to block either the dark Web browser Tor or public wifi, Prime Minister Manuel Valls said on Wednesday — despite lobbying from the French police.
An internal document leaked to the French newspaper Le Monde revealed that law enforcement wanted “to block or forbid communications of the Tor network” in the wake of last month’s terrorist strikes on Paris.
“Internet is a freedom, is an extraordinary means of communication between people, it is a benefit to the economy,” Valls said. “It is also a means for terrorists to communicate and spread their totalitarian ideology. The police must take in all of these aspects to improve their fight against terrorism, but the measures we take must be effective.”
Read on, here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
House Oversight Committee Chairman Jason Chaffetz (R-Utah) wants the Office of Personnel Management’s top technology official out of a job. (The Hill)
Republican presidential candidate Sen. Lindsey Graham (S.C.) has harsh words for tech companies claiming their encryption makes it impossible to comply with court orders seeking secured data. (The Hill)
The House on Thursday unanimously passed a bill to provide state and local governments with federal resources to fight cybercrime. (The Hill)
Lawyers for a Russian man charged with hacking into U.S. businesses to steal credit card information say federal agents who arrested him at a Maldives airport “turned a blind eye” to that country’s laws. (Associated Press)
A word of advice about homemade encryption. (Motherboard)
Voice and data records on ship “black boxes” are easily destroyed or altered by attackers — or crew. (Ars Technica)
On Thursday, Thai authorities told reporters that they plan on extraditing Roger Thomas Clark, the Canadian man accused of being a top adviser to Silk Road founder Ross Ulbricht. (Ars Technica)
The U.S. Securities and Exchange Commission plans to bring more cases against investment advisers who do not have policies to prevent hacking, the agency’s enforcement chief said on Thursday. (Reuters)
TransUnion is buying Trustev in $44-million deal to beef up its e-commerce fraud protection business. (Tech Crunch)
According to newly revealed statistics, some 77,000 Steam accounts are hacked every month. (CNET)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..