Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
—HOLD ON, I’M COMING: A major cybersecurity bill will likely be included in a sweeping omnibus spending deal expected late Tuesday night, according to multiple people with knowledge of the talks. “All indicators look positive, but we’ll find out when it gets filed later tonight,” House Homeland Security Committee Chairman Michael McCaul told The Hill just before a 6:30 p.m. vote. As of Tuesday afternoon, lawmakers had essentially completed the final compromise text of three cyber bills that encourage businesses to share more data on hackers with the government. For the last few weeks, negotiators have targeted the giant $1.1 trillion spending measure as a way to get their cyber bill on President Obama’s desk before the end of the year. But a last-minute debate over the bill’s privacy language has drawn out the final stages of the discussions, endangering plans to have the measure ready before the omnibus deal was revealed. Negotiators have been working on the cyber measure’s compromise language since the Senate passed a version from the Intelligence Committee in October. The House passed its two complementary bills in April: one from that chamber’s Intelligence panel and another from Homeland Security. To read our full piece, click here.
{mosads}–IT’S LIKE HOTH: U.S. business groups warn that a sweeping new data privacy deal struck Tuesday by the European Parliament will chill growth abroad. Critics say the proposed law, which follows years of negotiations, is part of a march toward privacy at the expense of firms operating on the far side of the Atlantic. “It’s not just tech companies — it’s manufacturers, airlines, financial companies — it’s everyone,” said Adam Schlosser, director of the U.S. Chamber of Commerce’s Center for Global Regulatory Cooperation. “Every time I see a headline that says, ‘U.S. tech giants brace for new law,’ I cringe a little bit.” The new regulations are intended to update a patchwork of rules written in the 1990s to give European citizens greater control over how their personal data is used and homogenize privacy regulations across the 28-member bloc. Although the exact language of the law hasn’t been publicly announced, businesses have had a chance to respond to a series of draft proposals and the contents are considered mostly solidified. A confirmation vote is expected Thursday, after which it will be put to a vote before the entire European Parliament in the new year. Perhaps the most significant difference between the old rules and the replacement regulations is their scope: The new law will apply to all firms that provide goods and services in the EU, even if they do not maintain a place of business there — including free services, such as an app. Also significant are the hefty fines allowed on companies that mishandle personal data. Under the new law, data protection authorities will be able to fine noncompliant companies up to 4 percent of the entire organization’s global revenue. For a company like Google, that could total billions of dollars. To read our full piece, check back tomorrow.
–STILL NOT THE MEL GIBSON MOVIE: Sen. Ron Wyden has joined a growing group of senators pressuring the administration to do more to tackle “ransomware,” a computer virus that renders files unobtainable until a ransom is paid. The Oregon Democrat on Tuesday sent the FBI a letter seeking information on the bureau’s plans to fight the growing presence of ransomware around the world, which authorities say has cost people tens of millions of dollars. “The FBI should explore all legal options for stopping the successful use of ransomware,” he said in the letter. “Not only should these efforts focus on cyber criminals conducting encryption attacks, they should also target the ransom payments from victims to cyber criminals.” Wyden’s memo builds on a pair of letters that Sens. Ron Johnson (R-Wis.) and Tom Carper (D-Del.) — the top two lawmakers on the Senate Homeland Security and Governmental Affairs Committee — recently sent to the Justice and Homeland Security Departments on the same issue. To read our full piece, click here.
AN UPDATE ON CYBER POLICY:
–I’VE GOT A BAD FEELING ABOUT THIS. A major cybersecurity bill will likely omit a clause that would require the government to assess the cyber defenses of the nation’s most critical infrastructure.
Lawmakers are on the cusp of merging three cyber bills that all aim to encourage businesses to share more data on hackers with the government. The completed text could pass with an omnibus spending bill in the coming days.
Sen. Susan Collins (R-Maine) has been lobbying for the inclusion of a clause that would direct the Department of Homeland Security (DHS) to evaluate the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.
It passed as part of the Senate’s version of the info-sharing bill.
But as suspected for days, the clause is unlikely to make it into the final text.
“I’ve heard that, but I have not been officially notified by the chairman that that is the case,” Collins told reporters on Tuesday. “I will be very disappointed if that proves to be the case. And I would not sign the conference report if it is not included.”
Several people with knowledge of the discussions said that Collins’s language is likely to get the axe because of pressure from the private sector.
Check out our full piece, here.
LIGHTER CLICK:
–MY LIFE, AS CHRONICLED BY THE ONION. “Man Brings Lunch From Home To Cut Down On Small Joys.” Read it, here.
–I’M NOT LISTENING. I’M NOT LISTENING. Worried about “Star Wars: The Force Awakens” spoilers, but not willing to brave the hoards of the faithful at this weekend’s premier?
Don’t worry. There’s an app for that.
There’s also an app to make your Android into a light saber, but the last time we checked the server was overloaded.
WHO’S IN THE SPOTLIGHT:
–FORMER NATIONAL SECURITY OFFICIALS. A number of former officials from the National Security Agency, the CIA, the Pentagon and the Office of the Director of National Intelligence have come out in support of strong encryption.
The position puts them at odds with the prevailing narrative at the FBI, where Director James Comey has urged tech companies to change their business model to provide some form of guaranteed access to encrypted devices for law enforcement.
Read on, here.
A FEATURE IN FOCUS:
–A CURIOUS CASE. Since the attacks on Paris last month, the hacktivist collective Anonymous has set its sights on undermining the Islamic State in Iraq and Syria (ISIS)’s widely-successful propaganda and recruitment campaigns on social media.
Yet the most well-known ISIS hacker, the now-deceased Junaid Hussain, was once affiliated with Anonymous.
Vanity Fair looks at what the “brief life and violent death of Junaid Hussain can teach us about the way we fight now.”
Read on, here.
A LOOK AHEAD:
WEDNESDAY:
–The Oversight and Investigations Subcommittee will hold a hearing at 10:30 a.m. to probe security and privacy concerns with the Consumer Financial Protection Bureau’s data collection program.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
The Senate’s top homeland security lawmaker is pressing the Department of Justice (DOJ) to turn over any evidence that the San Bernardino, Calif., shooters used encryption to cover up their plans. (The Hill)
British police have arrested a 21-year-old man in connection with the hacking of the digital toymaker VTech that exposed data on 6.4 million children. (The Hill)
Two crooked federal agents embedded inside the Silk Road investigation were sentenced to prison in the last month — but they may not have been alone. (Motherboard)
TalkTalk’s CEO said that the huge hack on the telecom could not have been prevented, even if the company had been accredited by a government cybersecurity program. (The Guardian)
How databases with personal information get accidentally left open to the public Web.
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A