Overnight Cybersecurity: EU dismayed by privacy bill changes

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...


--A SHOW OF STRENGTH?: The European Commission is dismayed by the final language of a key privacy bill that could influence already-tense negotiations over a new data flow agreement with the U.S., according to those familiar with the talks. The so-called Judicial Redress Act, passed out of a Senate committee on Thursday, includes a compromise offered in response to concerns from some Republicans that the bill was a "concession" to the EU. The amendment, circulated amid a flurry of eleventh-hour negotiations on Wednesday, would require the European countries covered by the bill to allow commercial data transfers with the U.S. In addition, it includes a provision stating that the bill cannot impede U.S. national security interests. Supporters have long hoped that passing the bill, which gives EU citizens the right to challenge misuse of their personal data in U.S. court, would help U.S. negotiators reach a deal on a new Safe Harbor agreement – with a deadline Sunday. Those familiar with the Safe Harbor talks say the European Commission, which is leading negotiations on the EU side, is weighing sending a letter to Congress expressing concerns over the last-minute addition to the legislation. But they say if the commission does take action, it will likely wait until after the Senate body votes on the bill. More realistically, the commission is expected to be pragmatic and accept the Senate compromise rather than derail the negotiations, several of those tracking the issue say. True pushback to the edit is more likely to come from Europe's more hard-line privacy regulators, set to meet in Brussels on Tuesday to set common guidelines on how U.S. companies can legally handle European citizens' data in the absence of Safe Harbor. To read about the committee vote, click here. To read about the European Commission's response, click here.

--THE BOY IS BACK IN TOWN: The first hacker arrested for allegedly helping the Islamic State in Iraq and Syria (ISIS) has been extradited to the U.S. Ardit Ferizi, a 20-year-old Kosovo citizen, made his initial appearance in court on Wednesday afternoon in the Eastern District of Virginia. Ferizi is accused of hacking an American company to steal sensitive data on over 1,300 U.S. military and government employees. Malaysian authorities arrested Ferizi in October on Justice Department charges of providing material support to ISIS. "This case is a first of its kind," assistant attorney general John Carlin said in a statement when Ferizi was arrested. According to the department, Ferizi waived extradition. If convicted, he could face up to 35 years in prison. Prosecutors say Ferizi is the source of one of the most high-profile ISIS hacking incidents of all time. To read our full piece, click here.

--THE OTHER NEIGHBOR TO THE NORTH: Top senators expect a quick path through the chamber for legislation cracking down on North Korea after the country said it tested a hydrogen bomb. The bill would also authorize sanctions for Pyongyang's increasingly aggressive cyber warfare efforts. Sens. Bob CorkerRobert (Bob) Phillips CorkerDem Iraq War vets renew AUMF push on 15th anniversary of war Senate sides with Trump on providing Saudi military support Senate, Trump clash over Saudi Arabia MORE (R-Tenn.) and Ben CardinBenjamin (Ben) Louis Cardin Senate Dem hoping Pompeo now has 'greater appreciation' for balancing national security, civil rights Time for the Pentagon to create a system to better track its spending Trump, lawmakers cautious on North Korea signal MORE (D-Md.), who oversee the Foreign Relations Committee, suggested that new sanctions legislation, which passed out of the committee earlier Thursday, could be on the Senate floor in a matter of weeks. Corker said he expects the Senate will take up the legislation during the second week of February. Senators are expected to go back to their home states the week of Feb. 15, giving them two weeks to bring up the legislation. To read our full piece, click here.



--PRIMUM NON NOCERE. Legislating encryption standards might "do more harm than good" in the fight against terrorism, Senate Homeland Security Committee Chairman Ron JohnsonRonald (Ron) Harold JohnsonSenate GOP shoots down bill blocking Trump tariffs Possible North Korea summit raises anxiety in Washington Wisconsin Republican would sign on to bill to nullify Trump tariffs MORE (R-Wis.) said on Thursday.

In the wake of the terrorist attacks in Paris and San Bernardino, Calif., lawmakers have been debating whether to move a bill that would force U.S. companies to decrypt data for law enforcement. Sens. Richard BurrRichard Mauze BurrOvernight Cybersecurity: Senate Intel releases election security findings | Facebook to meet with officials on Capitol Hill amid Cambridge Analytica fallout | Orbitz admits possible breach Senate Intel releases summary of election security report Overnight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinWhat’s genius for Obama is scandal when it comes to Trump Coalition presses Transportation Dept. for stricter oversight of driverless cars Saudi energy deal push sparks nuclear weapon concerns MORE (D-Calif.) are currently working on such a bill.

Johnson's comments seemed to indicate he will oppose the upcoming measure.

"Is it really going to solve any problems if we force our companies to do something here in the U.S.?" Johnson asked at the American Enterprise Institute, a conservative think tank. "It's just going to move offshore. Determined actors, terrorists, are still going to be able to find a service provider that will be able to encrypt accounts."

To read our full piece, click here.






--15 MINUTES OR LESS...: U.S. utility companies are investigating whether they can get insurance to cover what could be multi-billion dollar losses if hackers are able to crash the grid.

The recent hack of a Ukrainian power company, which left roughly 80,000 homes without power, has exposed long-standing ambiguities over what insurers will cover under various cyberattack scenarios, Reuters reports.

"People in the insurance industry never did a great job clarifying the scope of coverage," said Paul Ferrillo, an attorney with Weil, Gotshal & Manges who advises utilities.

Read on, here.



--ISIS' ENCRYPTION APPS(?). A widely-reported app allowing encrypted communications allegedly built by the Islamic State in Iraq and Syria (ISIS) may not exist.

"Basically, [it's] a lot of bullshit over nothing," one security researcher told The Daily Dot. "I think it is just a bad media mock-up to try and get some attention. There is nothing even remotely professional or functional about both these apps."

The alleged app, known as Alrawi, was originally reported by the self-proclaimed digital counterterrorism group Ghost Security Group.

Read on, here.



Links from our blog, The Hill, and around the Web.

A new fraud detection system that the Internal Revenue Service is developing needs to be refined to spot identity theft, a watchdog said in a report publicly released Thursday. (The Hill)

The head of the National Security Agency's elite hacking unit shed some light on how the nation's top cyber spies do their thing. (ABC News)

Are we crying wolf over non-existent critical infrastructure hackers? (Motherboard)

The Federal Trade Commission has upgraded a web site designed to guide victims of identity theft in their efforts to mitigate the damage, the agency said on Thursday. (Reuters)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A