Overnight Cybersecurity: Last-minute deal lets US-EU data flow

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–NO TAKEBACKS: The United States and the European Union have reached an eleventh-hour agreement that will permit Facebook, Google and thousands of other companies to continue handling Europeans’ personal data. Both Commerce Department and European Commission leaders insisted the new legal framework — which replaces a recently-invalidated agreement known as Safe Harbor — will stand up to court scrutiny. “There will be complainants and new court rulings, but I am pretty confident this will stand,” Justice Commissioner Vera Jourova said in a press conference unveiling the pact. The European high court struck down the original arrangement in October, claiming that the U.S. could not be seen to adequately protect privacy thanks to its mass surveillance practices. The two sides had been rushing to craft a replacement, with Europe’s data privacy regulators vowing to begin enforcement action this week. Supporters say the new deal, known as the EU-U.S. Privacy Shield, will prevent a potentially catastrophic disruption to transatlantic trade by providing regulatory certainty to the over 4,000 firms that had relied on Safe Harbor. But onlookers have long been skeptical that a replacement agreement will satisfy the high court’s ruling. Max Schrems, the privacy advocate who brought down a 15-year-old data transfer agreement between the U.S. and the EU was already questioning the validity of its replacement on Tuesday afternoon. To read about the new deal, click here. To read about Schrems opposition, click here.

{mosads}–GOING ONCE, GOING TWICE…: Sen. Orrin Hatch (R-Utah) has moved to speed passage of a key privacy bill that is linked to several transatlantic data sharing agreements. The so-called Judicial Redress Act would give EU citizens the right to challenge misuse of their personal data in a U.S. court, a right U.S. citizens already enjoy in Europe. “Our legislation rights an inequity — a reciprocal benefit that has been withheld from our European allies with little justification,” Hatch said Tuesday on the Senate floor. “It is the right and fair thing to do,” he added. Monday night, Hatch moved to hotline the bill, meaning it could bypass normal floor procedure and pass swiftly if no senator objects. The bill’s approval is required to finalize an “umbrella agreement” between the U.S. and EU that would allow the two sides to exchange more data during criminal and terrorism investigations. In recent weeks, the Judicial Redress Act was also drawn into the tense negotiations over another transatlantic data sharing agreement, the Safe Harbor agreement. Hatch’s move to hotline his bill came hours before U.S. and EU officials revealed they had struck a deal to resurrect the legal framework. To read our full piece, click here.

–NEXT TIME, JUST FAX: Personal email use was yet again a big topic on Capitol Hill on Tuesday. At a breakfast hosted by the Christian Science Monitor, the top Democrat on the House Intelligence Committee bemoaned leaks about emails on Hillary Clinton’s personal server and downplayed revelations that 22 of the messages were classified at the highest level. Rep. Adam Schiff (D-Calif.) told reporters on Tuesday that leaks about the emails linked to the FBI or Justice Department were from “people pushing a narrative.” He added: “I’m just urging people not to leap to conclusions, not to try to politicize this.” Later on Tuesday, Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa) pressed for more details about the personal email use of a current top Obama administration official, Defense Secretary Ash Carter. “The use of private email in this context exposes information to possible hacks and intrusions by foreign intelligence agencies,” Grassley, chairman of the Senate Judiciary Committee, wrote to Carter in a letter released on Tuesday. “As the Secretary of Defense, you are inevitably a prime target for foreign hackers. As such, the threat is real and compliance with the law is essential.” The letter comes after The New York Times reported late last year that Carter used a personal email during his first months in the Pentagon’s top spot, including after it was revealed that Hillary Clinton had exclusively used a private email server during her time as secretary of State. To read more about Schiff’s comments, click here. To read more about Grassley’s inquiry, click here.

AN UPDATE ON CYBER POLICY:

–PRAISE BE. Lawmakers on Tuesday commended negotiators for striking the new Safe Harbor pact, now known as the EU-U.S. Privacy Shield.

Senate Commerce Committee Chairman John Thune (R-S.D.): “American and European businesses and consumers increasingly rely on transatlantic data exchanges as part of a longstanding and mutually-beneficial trade relationship. This agreement is a needed victory for job creation efforts in an already turbulent global economic situation.”

Senate Finance Committee Chairman Orrin Hatch (R-Utah): “I applaud the European Union and United States negotiators in reaching this important agreement, which is crucial to American business interests.”

A LIGHTER CLICK:

–No fun today.

A FEATURE IN FOCUS:

–A CHANGE IS GONNA COME. The Washington Post takes a look at the upcoming “major reorganization” at the National Security Agency (NSA), which is poised to merge “its offensive and defensive organizations in the hope of making them more adept at facing the digital threats of the 21st century.”

Per The Post: “In place of the Signals Intelligence and Information Assurance directorates, the organizations that historically have spied on foreign targets and defended classified networks against spying, the NSA is creating a Directorate of Operations that combines the operational elements of each.”

Read on, here.

WHO’S IN THE SPOTLIGHT:

–THE EDUCATION DEPARTMENT. The Education Department’s chief information officer is putting the personal information of hundreds of millions of people at risk, lawmakers said during a contentious hearing Tuesday.

“After what we’ve learned this morning,” said Rep. John Mica (R-Fla.), the American people must think CIO stands for “chaos, ineptness and outrage.”

Danny Harris, the CIO in question, repeatedly fended off criticism from lawmakers on both sides of the aisle during his House Oversight Committee testimony.

In recent years, Harris has been under investigation for ethics violations at the same time that watchdog reports have found his department’s cyber defenses are dramatically lagging, leaving Social Security numbers and student loan data vulnerable to hackers.

“Mr. Harris has served as the chief information officer since 2008, and by virtually every metric he is failing to adequately secure the department’s systems,” said Rep. Jason Chaffetz (R-Utah), who chairs the Oversight panel.

Harris acknowledged the agency’s cybersecurity shortcomings, but pointed to a renewed focus on the issue.

To read our full piece, click here.

A LOOK AHEAD:

THURSDAY:

–The Senate Homeland Security and Governmental Affairs Committee at 10 a.m. will hold a hearing to vet the nomination of Office of Personnel Management acting director Beth Cobert to hold the position permanently.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A former government employee on Tuesday pleaded guilty to attempting to hack dozens of employee emails at the Department of Energy. (The Hill)

A hacker attempted to crash a $222-million NASA drone into the Pacific Ocean. (The Hacker News)

Landry’s and Golden Nugget Casinos will begin notifying potential victims of payment card data breaches at its venues during three periods between May 2014 and December. (Houston Chronicle)

This year’s high-tech Super Bowl stadium could be a target for hackers. (The Atlantic)

A commonly used networking tool contains a cryptographic weakness so severe that it may have been intentionally created to give hackers a way to eavesdrop, its developer said Monday. (Ars Technica)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A