Hillicon Valley: Officials detail potential cellphone surveillance in DC | Google to drop AI drone warfare contract | Facebook investors vent over data handling

The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill’s new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and compliments.

 

NEW DETAILS ABOUT ‘STINGRAY’ THREAT IN WASHINGTON: Officials with the Department of Homeland Security detected potential surveillance activity near “sensitive facilities” in Washington, including the White House, according to a study conducted last year.

Officials disclosed the activity, associated with devices commonly known as “Stingrays,” in a letter to Sen. Ron Wyden (D-Ore.), which was first reported by The Washington Post this week.

The revelation boosts long-held suspicions that foreign actors are using the technology to conduct spying in the nation’s capital.

Christopher Krebs, the acting head of the National Protection and Programs Directorate (NPPD), Homeland Security’s cybersecurity unit, explained in the May 22 letter that the department initiated a “limited pilot project” in the D.C. region last year to understand the activity of “Stingray” devices — formally known as International Mobile Subscriber Identity (IMSI) catcher technology.

So … what exactly do these devices do? An IMSI is a unique identification number that is used to recognize any one mobile device on a cellular network. IMSI catcher technology mimics legitimate cellphone towers in order to intercept cellular communications, allowing for eavesdropping.

The tracking devices are often referred to as “stingrays” after the StingRay brand widely used by state and local police officers.

In the letter, Krebs acknowledged that Homeland Security observed “anomalous activity that appeared consistent with IMSI catcher technology within the [U.S. Capitol Region], including locations in proximity to potentially sensitive facilities like the White House” when conducting the analysis between January and November of last year.

However, the official noted that NPPD “has neither validated nor attributed such activity to specific entities, devices, or purposes.”

Wait … there’s more: Separately, Krebs also acknowledged that the department has received reports of “nefarious actors” possibly exploiting security flaws in Signaling System Seven (SS7), an international system that connects mobile phone networks, in order to “target the communications of American citizens.” He did not expand further on those reports.

We’ve got it all here.

 

STILL TALKING CYBER, EVEN ON RECESS: House Homeland Security Chairman Michael McCaul (R-Texas) addressed the Texas-Israel Chamber of Commerce cybersecurity conference over the congressional break, warning that the United States’ adversaries are “are waging a silent war against us in cyberspace” and transforming “digital breakthroughs into digital bombs.” The Republican lawmaker, who is in his final months as chairman of the powerful committee, stressed his efforts to legislate on cybersecurity in recent years. And he made a point to emphasize the need for congressional action to secure U.S. assets from hackers, labeling cybersecurity a “team sport.”

“To keep America safe from cyber criminals, espionage and warfare we really need all hands on deck. That’s why events like this one are so important,” McCaul said. “Cybersecurity is really a team sport. All of us have a role to play.”

 

AN UPDATE: On Thursday, we published a story about the ACLU and other civil liberties organizations urging the Director of National Intelligence to disclose more details on the more than 500 million call records collected on Americans by the National Security Agency (NSA) last year. A spokesman for the Director of National Intelligence later told The Hill that the office had received the letter from the organizations and would respond.

 

ANNND IT’S BACK ON: President Trump announced Friday afternoon that his meeting with North Korean leader Kim Jong Un will take place as scheduled on June 12 in Singapore. Meanwhile, Pyongyang’s army of hackers continue to meddle in cyberspace. To recap our recent coverage of North Korean cyber operations, click herehere, and here.

 

INVESTOR COMPARES FACEBOOK DATA HANDLING TO ‘HUMAN RIGHTS VIOLATION’: Facebook investors reportedly vented frustrations about the company’s handling of user data during a shareholder meeting Thursday as the social networking site reels from months of scrutiny over its privacy policies.

“If privacy is a human right … then we contend that Facebook’s poor stewardship of user data is tantamount to a human rights violation,” Christine Jantz, an official with Facebook investor Northstar Asset Management, said during the meeting.

 

‘NAMING AND SHAMING’ ISN’T ENOUGH: A new policy report authored by the State Department’s former top cyber diplomat argues that naming and shaming adversaries in cyberspace isn’t enough to deter them.

Chris Painter, the former official, writes that nation states who wage offensive cyber operations deserve a tougher response than they’ve seen so far.

“Individually as countries and as a global community, we haven’t done a very effective job of punishing and thereby deterring bad state actors in cyberspace,” Painter writes in a paper for the Australian Strategic Policy Institute. “Part of an effective deterrence strategy is a timely and a credible response that has the effect of changing the behaviour of an adversary who commits unacceptable actions.”

“Although there are some recent signs of change, in the vast majority of cases the response to malicious state actions has been neither timely nor particularly effective,” he writes. “This serves only to embolden bad actors, not deter them. We must do better if we’re to achieve a more stable and safe cyber environment.”

While he describes public attribution — such as the decision by the U.K. and U.S. to blame Russia for the massive “notPetya” malware attack — as one possible tool of deterrence, Painter laments that “public attribution has its limits.”

“Naming and shaming has little effect on states that don’t care if they’re publicly outed and has the opposite effect if the actor thinks their power is enhanced by having actions attributed to them,” he writes.

“Action speaks louder than attribution alone, and they must be closely coupled to be effective,” Painter later adds. Imposing consequences could involve diplomatic, law enforcement, economic, or kinetic actions.

 

APPLE SAYS NO THANKS: Apple has declined an invitation to attend a European Union parliamentary hearing on Friday about tax evasion, saying it does not want to prejudice its appeal of an EU order to pay millions in back taxes.

“It is important to ensure public commentary does not prejudice those proceedings,” Apple’s senior director of European government affairs wrote in a letter to the European Parliament committee presiding over the hearing.

 

PROJECT MAVEN IS NO MORE: Google will not seek another contract with the Department of Defense to provide artificial intelligence for drone warfare, according to a Gizmodo report.

Google Cloud CEO Diane Greene reportedly announced the decision on Friday during a weekly internal meeting.

Greene said that the contract is set to expire in 2019 and that Google will not pursue a follow-up bid, according to Gizmodo.

She said the decision was the result of backlash the company has faced since details of its drone warfare A.I., Project Maven, were reported. Earlier this month, thousands of Google employees signed a letter asking the company to drop its contract with the government over Project Maven, and a dozen quit in protest as well.

 

POLICE SAY UBER DRIVER SHOT AND KILLED PASSENGER: Police in Denver, Colo., say a driver for the ride-sharing company Uber shot and killed a passenger early Friday morning.

The two men reportedly got into a conflict while inside the vehicle, culminating in the driver’s fatal shooting of the unnamed passenger. Police are treating the case as a homicide, Fox 31 Denver reported.

Police spokesman Sonny Jackson said the passenger was taken immediately to the hospital where he was pronounced dead.

 

A LIGHTER CLICK: Good tip to get a handle to combat your phone addiction.

 

ON TAP FOR NEXT WEEK:

The FCC will host its monthly open meeting on Thursday at 11:30 a.m. Key areas to be addressed include 5G and Universal Service Fund policies regarding rural broadband providers.

The House Committee on Small Business will hold a hearing on the gig economy and millennials on Wednesday.

Public Knowledge will host an event about the Comcast-NBCU consent decree on Wednesday, featuring remarks from Sen. Richard Blumenthal (D-Conn.)

 

NOTABLE LINKS FROM AROUND THE WEB:

Solving more murders with 23 and me? (Wired.)

California is now testing digital license plates. (NPR)

A former Pentagon official discusses how the U.S. could respond to North Korean cyberattacks. (Recode)

Under the hood of Instagram’s feed algorithm. (TechCrunch)

GDPR is benefitting Google. (Fast Company)

Amazon’s cloud computing business makes some companies worry about the giant’s expansion model. (The Wall Street Journal)

Americans think tech makes their own lives better but society worse. (Survey)

Tags Donald Trump Michael McCaul Ron Wyden

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..

Main Area Top ↴

Testing Homepage Widget

 

Main Area Middle ↴
Main Area Bottom ↴

Most Popular

Load more

Video

See all Video