Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–GIVE ME JUST A LITTLE MORE TIME: A long-awaited bill to give law enforcement access to encrypted data will have to wait a few more days as the White House takes a second look. Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the leaders of the Intelligence panel, told reporters Thursday that the latest draft of the bill had been sent back to the White House for review. “Yesterday, I sent a copy to [White House chief of staff Denis McDonough],” said Feinstein, who is co-sponsoring the bill with Burr. “He indicated to me that the staff is going to look at it, discuss it with the president next week. So we’ll see.” The measure — a response to concerns that criminals are increasingly using encrypted devices to hide from authorities — would require firms to comply with court orders seeking access to locked data. While law enforcement has long pressed Congress for such legislation, the tech community and privacy advocates warn that it would undermine security and endanger online privacy. “It did get kicked over to the White House because I think the chief of staff wanted to brief the president on it,” Burr said later, leaving an Intelligence panel meeting. Obama’s briefing means the bill will not be released this week, as Burr hoped. Meanwhile, the White House on Thursday denied reports that it will not offer its support to the bill. “I saw that report and I don’t know what it’s based on,” Deputy Press Secretary Eric Schultz told reporters on Air Force One. “The idea that we’re going to withhold support for a bill that’s not introduced yet is inaccurate.” Schultz did not tip his hand on the administration’s official response to the bill. “As it pertains to this particular piece of legislation, I am sure we will take a look at what they are proposing and be in touch,” he said. To read about the delay in the bill’s release, click here. To read about the White House comments, click here.
{mosads}–JUST THIS ONE PHONE: The hacking tool the FBI bought to access the iPhone 5c of one of the San Bernardino, Calif., shooters won’t work on newer phones, FBI Director James Comey said Wednesday. “It’s a bit of a technological corner case because the world has moved on to [the iPhone 6],” Comey said during an appearance at Ohio’s Kenyon College. “We have a tool that works in a narrow slice of phones.” He said the hacking tool doesn’t work on the latest iPhone 6 or on the iPhone 5s. The county-owned work phone that belonged to shooter Syed Rizwan Farook is a 5c model running Apple’s iOS 9 operating system. The FBI’s success in hacking into the device raised new questions about whether the government would use its newly uncovered hacking method to assist other law enforcement officials. Security specialists have pressed the government to tell Apple about the flaw it exploited instead of using it to access other locked phones. These researchers fear the flaw will leak to nefarious hackers, endangering millions of iPhone users. Comey said Wednesday there are conversations “within the government” about disclosing the technique to Apple, which could allow the company to patch the vulnerability that allows the agency to access the data. “That’s an interesting conversation, because [if] we tell Apple, they’re going to fix it, and then we’re back where we started from,” he said. “But, look, as silly as that may sound, we may end up there. We just haven’t decided yet.” On Capitol Hill on Thursday, Senate Intelligence Chairman Richard Burr (R-N.C.) told reporters that the FBI would eventually brief his full committee on its hacking tactic. Burr and Intelligence Committee ranking member Dianne Feinstein (D-Calif.) have both already been briefed on the method, they told reporters. To read our full piece, click here.
UPDATE ON CYBER POLICY:
–SAFETY FIRST. Sen. Ed Markey (D-Mass.) on Thursday introduced a bill to create strict cybersecurity standards for the aviation industry as it increasingly becomes a target for hackers and cyber spies.
The legislation follows up on Markey’s investigation into the security practices of airlines and airplane manufacturers, which he launched in December.
“As technology rapidly advances to keep passengers and planes connected, we must ensure that the airline industry is vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks,” said Markey, a Commerce Committee member.
Markey’s bill, the Cyber AIR Act, would direct the Federal Aviation Administration (FAA) to establish digital security guidelines for the airline industry, while also ordering all airlines to disclose cyberattacks to the government.
“We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems,” the Massachusetts Democrat said.
To read our full piece, click here.
LIGHTER CLICK:
–NEVER TRUST AN ALGORITHM. Here’s what happens when Spotify tries to recommend a boyfriend.
A FEATURE IN FOCUS:
–HERE’S TO THE SUNNY SLOPES OF LONG AGO. The roots of the current standoff between Apple and the FBI stretch back to a 2008 child sex abuse prosecution thought to be the first time a federal judge ordered Apple to assist in unlocking an iPhone.
Apple wanted a court order to hack into the suspect’s phone, but it was otherwise cooperative — it even drafted language for the Justice Department to use in its request.
Read on, at The Wall Street Journal, here.
WHO’S IN THE SPOTLIGHT:
–THE CYBER CALIPHATE. The Islamic State in Iraq and Syria (ISIS) hacker group made a swift return to the encrypted social media platform Telegram after being booted off over the weekend, according to the Middle East Media Research Institute (MEMRI).
The group also launched a collective with like-minded cyber jihadi groups to “expand operations,” according to MEMRI.
Experts say one of the challenges of keeping extremists off of social media platforms is that they can simply create new accounts under different names.
The report, here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Civil liberties and government transparency groups are rallying to oppose a new plan that would allow the National Security Agency to share more of the information that it collects about people’s communications and activity on the Internet with other federal agencies. (The Hill)
Comey said Wednesday night that he is confident the FBI can protect the tool it purchased to crack into the shooter’s iPhone. (The Hill)
The long-term Federal Aviation Administration reauthorization bill includes cybersecurity provisions that proponents say will help secure an aviation industry under siege from hackers. (The Hill)
Journalists are increasingly being presented with opportunities to uncover significant stories using data that has been illegally pulled from databases or servers by hackers. (Motherboard)
The Department of Homeland Security is having trouble recruiting much-needed computer experts because it can’t match private sector pay and lacks the allure of intelligence agencies. (The New York Times)
The FBI is warning about a “dramatic” increase in so-called CEO fraud, email scams in which attackers spoof a message from the boss and trick someone at the organization. (KrebsOnSecurity)
Anonymous’ annual OpIsrael attack has been taking place on April 7 every year since 2013. (Re/Code)
The dark Web hacking forum “Hell” appears to have new owners. (Motherboard)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A