Hillicon Valley: States defy FCC on net neutrality | Facebook gave Chinese companies access to user data | Genealogy service hacked | 26 states get election cyber funds

Hillicon Valley: States defy FCC on net neutrality | Facebook gave Chinese companies access to user data | Genealogy service hacked | 26 states get election cyber funds
© Getty

The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and compliments.

 

STATES DEFY NET NEUTRALITY REPEAL: States are pushing their own net neutrality laws and rules in an attempt to fill the void left by the Federal Communications Commission's repeal of the Obama-era consumer protections. The nationwide effort could be laying the groundwork for another court battle over the popular regulations.

The numbers: Twenty-nine states are considering net neutrality legislation, two -- Oregon and Washington -- have already passed laws and five Democratic governors have signed executive orders banning their states from doing business with internet providers that violate net neutrality principles.

And California is currently considering a law that net neutrality supporters say would be the gold standard. The California Senate last week passed a bill from state Sen. Scott Wiener (D) that would revive all of the protections from the 2015 rules and even go a step further by banning most forms of "zero rating."

"The FCC's action left a huge void with real-life ramifications in terms of the [internet service providers] being able to pick winners and losers on the internet, which is exactly what net neutrality prohibits," Wiener said in a phone interview with The Hill.

The only way to avoid a patchwork of state laws would be for Congress to step in, but with Republicans in control, few net neutrality supporters think that it can come up with adequate protections.

"With this Congress and this president, my confidence level is not high," Wiener said. "I would love to have one uniform, robust federal standard protecting net neutrality, but given that the FCC has left a void, the states have to fill it."

To read more, click here.

 

FRUSTRATION WITH FACEBOOK: Lawmaker frustration over a new report detailing Facebook's "far reaching" data sharing program with device makers spilled over on Tuesday, with more senators calling for an explanation.

--Sens. John ThuneJohn Randolph ThuneSenate gets to work in August — but many don’t show up GOP leader criticizes Republican senators for not showing up to work Ex-Trump adviser: Shutdown 'not worst idea in the world' MORE (R-S.D.) and Bill NelsonClarence (Bill) William NelsonDem campaign chairman expresses confidence over path to Senate majority The Hill's Morning Report: Dems have a majority in the Senate (this week) Dems urge tech companies to remove 3D-gun blueprints MORE (D-Fla.), the chairman and ranking member of the Senate Commerce Committee, sent Facebook a series of questions pressing it on how it ensures compliance on user data (including such information as relationship status, religion and political leanings) and how it notified users that such information would be shared with hardware manufacturers.

The two took a more measured tone than in other letters, sticking questions and not casting the revelations in a negative light like other lawmaker letters and comments.

-- Sen. Mark WarnerMark Robert WarnerSenators demand answers on reported lead poisoning at Army bases Top Republican: Senate panel not ready to wrap up Russia probe The Memo: For Trump, this week has been anything but sleepy MORE (D-Va.), though, raised a critical question. Warner said he is concerned that companies like Huawei and ZTE, which government officials believe are a threat to national security, might have been able to get user data from Facebook after it was revealed the company had data-sharing partnerships with roughly 60 device makers.

"Does our personal info reside on a server in China? I think Facebook owes us that answer," Warner said during an event hosted by Axios.

 

FACEBOOK SHARED DATA WITH CHINESE COMPANIES: The New York Times reported late Tuesday that Facebook shared user data with Chinese device makers.

Who? The report says there were data sharing partnerships with Huawei, Lenovo, Oppo and TCL.

The problem for Facebook: U.S. officials have raised concerns about Huawei's close links with the Chinese government. Facebook, though, says any shared data was on its servers not Huawei's.

 

DEAL OR NO DEAL?: ZTE has reportedly reached an agreement in principle with the Trump administration to lift the Department of Commerce's ban on American companies selling equipment to the Chinese telecommunications giant.

Reuters reported Tuesday that under the preliminary agreement, ZTE would pay a $1 billion fine in addition to another $400 million in an escrow in case it commits future sanctions violations.

An agreement in principle is not a final agreement but is a step toward it. Commerce Department spokesman James Rockas told Reuters that "no definitive agreement has been signed by both parties."

We've got more here.

 

TODAY'S HACKING NEWS: GENEALOGY SERVICE SAYS HACKERS STOLE DATA ON 92 MILLION USERS: MyHeritage, a web-based genealogy and DNA testing platform, revealed that hackers breached its system and stole emails and hashed passwords belonging to over 92 million users.

The company became aware of the breach, which occurred nearly two years ago, just this week. MyHeritage said that it has no evidence that other sensitive information was taken or that the stolen data was used for malicious purposes.

How they discovered it: In a blog post on Monday, the company's chief information security officer said that MyHeritage had been contacted by an independent security researcher about a file found on a private server that appeared to contain email addresses and hashed passwords from MyHeritage users.

The company investigated the report and confirmed that the file contained data on over 92 million users who had signed up for the genealogy service before October 26 2017 -- the date that the company says the breach occurred.

The file contained user email addresses and hashed passwords; hashing is a one-way encryption function that hides the actual password for the purpose of security, meaning that hackers would not be able to view the actual passwords corresponding to user accounts.

No evidence DNA data stolen: The company emphasized that it does not store sensitive information, like user DNA data or family information, on the same system where it stores user email addresses. Instead, this information is held on a separate system where there are more layers of security.

More on the breach here.

 

A RUSSIA PROBE UPDATE: MANAFORT ACCUSED OF ATTEMPTED WITNESS TAMPERING: Special Counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE said in a court filing on Monday that President TrumpDonald John TrumpWhite House counsel called Trump 'King Kong' behind his back: report Trump stays out of Arizona's ugly and costly GOP fight Trump claims he instructed White House counsel to cooperate with Mueller MORE's former campaign chairman Paul ManafortPaul John ManafortAccused Russian agent moved from DC to Virginia jail for undisclosed reasons Bannon: If Trump knew about Trump Tower meeting ‘you have to question it’ Manafort conviction will add little firepower to Mueller investigation MORE has attempted to tamper with potential witnesses while on pretrial release.

Mueller's team has asked the court to revoke or revise Manafort's release conditions, including his bond and house arrest, in the wake of the filing, which was first reported by Reuters.

FBI agent Brock Domin said in the filing that Manafort and a longtime associate linked to Russian intelligence attempted to contact via phone call, text and encrypted messages two people from the "Hapsburg group," which Manafort had worked with to lobby for Ukrainian interests.

Domin said that Manfort's attempts at contact were "in an effort to influence their testimony and to otherwise conceal evidence" and that the probe into the matter was still ongoing.

Read more here.

 

WORRIES ABOUT HHS IMPLEMENTING CYBER LAW: A bipartisan group of House and Senate lawmakers are raising concerns about how the Department of Health and Human Services (HHS) is implementing a cyber law that aims to boost security by providing digital threat data.

In a letter on Tuesday, the top lawmakers on the House Energy and Commerce Committee and the Senate Health, Education, Labor, and Pensions (HELP) Committee pressed HHS Secretary Alex Azar to provide more information about executing the Cybersecurity Information Sharing Act (CISA).

"As cyber threats to the health care sector increase in frequency and severity, it is imperative that HHS provide clear and consistent leadership and direction to the sector regarding cyber threats," the lawmakers wrote.

The lawmakers argued that the agency's cybersecurity strategy has continued to change since HHS delivered its Cyber Threat Preparedness Report (CTPR) to the committee last April, and even that "report omitted or lacked sufficient detail on many outstanding issues."

The lawmakers pointed to a series of information gaps that they said HHS needs to address, particularly the lack of information the report had on HHS's Healthcare Cybersecurity and the Department of Homeland Security's Communications Integration Center (HCCIC).

To read more of our report, click here.

 

26 STATES GET ELECTION CYBER FUNDING: The Election Assistance Commission (EAC) on Tuesday released a list of 26 states that have requested and received cybersecurity funding, money that aims to ensure state's voting systems are properly secured ahead of the 2018 midterm elections.

An EAC press release broke down which states have requested the cyber funds as well as how much they received. To date, these states have requested nearly $210 million in newly available funds, or about 55 percent of the total amount available. The funds were distributed under the Consolidated Appropriations Act of 2018, a bill passed by Congress that allocated $380 million in funds to the Help American Vote Act (HAVA).

"This steady stream of funding requests from the states demonstrates an undeniable recognition that this money can have a tangible and immediate impact on the efficiency, security and accessibility of our nation's elections systems," EAC Chairman Thomas Hicks said in a statement. "The Commission has diligently worked with states to distribute these new funds as quickly as possible. It is anticipated that all jurisdictions will submit funding requests by mid-July," he continued.

Texas received the largest funding grant at $23 million, followed by New York at almost $19.5 million, and Florida in a close third at roughly $19.2 million, according to the list.

To read more, click here.

 

SEC CHAIR INSISTS CYBER A 'PRIORITY': In testimony before a Senate Appropriations Subcommittee on Tuesday, Securities and Exchange Commission Chair Jay Clayton stressed his efforts to make cybersecurity a priority at the federal agency.

Since he took over at SEC, Clayton has shepherded an ongoing review of the agency's cyber risk profile. He outlined broader actions the agency has already taken to help improve its cybersecurity posture, such as creating a senior-level working group to focus on cybersecurity and establishing "incident response exercises" to prepare for threats.

"No organization can guarantee that it will be able to withstand all cyberattacks, particularly in an environment where threat actors may be backed by substantial resources. Nevertheless, we must continuously work to remain on top of evolving threats when it comes to securing our own networks and systems against intrusion," Clayton said Tuesday in opening testimony.  

"This is especially true when protecting mission critical systems as well as systems dealing with sensitive market and other data involving personally identifiable information."

Clayton faced a major test last year when he revealed that the SEC's EDGAR corporate filing system had suffered a breach in 2016--before he took the helm of the agency.

On Tuesday, he said the investigation is still ongoing, but the SEC has taken steps to boost security of the system "including conducting a detailed penetration test of the EDGAR environment, a security review of EDGAR's code to proactively identify and remediate vulnerabilities and additional security enhancements to the architecture of the EDGAR system."

Clayton said the SEC's proposed fiscal year 2019 budget would help the agency hire new staff and expand cybersecurity efforts.

Read his full written testimony here.

 

DOJ TO FIGHT RULING ON TRUMP'S TWITTER: The Department of Justice (DOJ) said Monday that it will appeal a federal judge's ruling that President Trump can't block Twitter users, Reuters reported.

The director of the Knight First Amendment Institute at Columbia University, which represented the seven people who sued Trump last year, told the news service that Trump's @realDonaldTrump account had unblocked them on Monday.

"We're pleased that the White House unblocked our clients from the President's Twitter account but disappointed that the government intends to appeal the district court's thoughtful and well-supported ruling," Jameel Jaffer said in an email.

 

HOUSE DEMS DEMAND FCC OVERSIGHT HEARING: Two of the top Democrats on the House Energy and Commerce Committee are calling on the panel's GOP leadership to hold oversight hearings on the Federal Communications Commission (FCC).

Reps. Frank Pallone Jr.Frank Joseph PalloneDem: Trump ‘placing politics over our national security’ by revoking Brennan’s clearance House Dems press FCC chairman for answers on false cyberattack claim House Dems call for new FCC probe into Sinclair MORE (D-N.J.) and Mike DoyleMichael (Mike) F. DoyleHouse Dems press FCC chairman for answers on false cyberattack claim House Dems call for new FCC probe into Sinclair FCC passes controversial rule changing how it handles consumer complaints MORE (D-Pa.) sent a letter to their Republican counterparts reminding them that a hearing previously set for February still has not been rescheduled.

"We believe it is long past time to reschedule this important oversight hearing to follow through on a commitment from the Republican leadership of this Committee that it would hold quarterly Federal Communications Commission oversight hearings," they wrote to Reps. Greg WaldenGregory (Greg) Paul WaldenHouse committee considering subpoena for Twitter CEO: report Top Republicans concerned over impact of potential Trump drug rule Apple jabs ‘other companies’ in defending customer data policies to lawmakers MORE (R-Ore.) and Marsha BlackburnMarsha BlackburnElection Countdown: Takeaways from too-close-to-call Ohio special election | Trump endorsements cement power but come with risks | GOP leader's race now rated as 'toss-up' | Record numbers of women nominated | Latino candidates get prominent role in 2020 Top Koch official fires back at critics: We are not an 'appendage' of the GOP The Hill's Morning Report: Trump tries to rescue Ohio House seat as GOP midterm fears grow MORE (R-Tenn.).

 

FTC SUES ROBOCALLING OPERATION: The Federal Trade Commission (FTC) on Tuesday sued a pair of companies that the agency says conducted more than 1 billion illegal robocalls.

The FTC alleged in a federal court filing that James Christiano facilitated the illegal calls through his companies that operate a software called TelWeb, which allows users to send a mass volume of calls in a short period of time.

Christiano's business partner, Andrew Salisbury, is also named in the lawsuit, as well as their businesses, NetDotSolutions and World Connection.

 

LONGREAD OF THE DAY: Facebook and WhatsApp always seemed like an unlikely pair. To tech industry experts it was unclear how an app that prided itself on heavy encryption and privacy would mesh with a social media giant whose business model is predicated on collecting and then monetizing as much of its users' information as possible.

After four years, Facebook's tension with the messaging app that it purchased for $19 billion finally came to a head. Late last year, WhatsApp cofounder Brian Acton left the company. A few months later fellow cofounder Jan Koum left as well, in part because of concerns of Facebook impinging on WhatsApp's tight security.

The Wall Street Journal looks at the tension between Facebook and WhatsApp.

 

A LIGHTER TWITTER CLICK: iHob?

 

ON TAP FOR TOMORROW:

The House Homeland Security Committee is marking up several bills, including one from Rep. Don Bacon (R-Neb.) designed to help DHS protect industrial control systems (ICS) from cyber threats, as well as a resolution offered by ranking member Rep. Bennie ThompsonBennie Gordon ThompsonClyburn: I'll run for Speaker if Pelosi doesn't have enough votes to win TSA needs to answer important questions on 'Quiet Skies' program Dems demand Trump admin officials testify on election security MORE (D-Miss.) directing DHS to submit documents to Congress on cyber threats posed by Chinese telecom firm ZTE.

The Senate Homeland Security will hold a hearing on countering drone threats.

The advocacy group, Public Knowledge is hosting an event on the Comcast/NBCUniversal consent decree.

 

NOTABLE LINKS FROM AROUND THE WEB:

Dutch lawyer sentenced in Mueller probe deported to the Netherlands. (The Hill)

A former Defense Intelligence Agency case officer has been charged with trying to spy for China. (New York Times)

Gizmodo obtained a trove of emails on the FCC's response to that cyberattack last year. (Gizmodo)

Tesla faces a challenge from investors (New York Times)

Russia, China are spying on South Korea. (CyberScoop)

The new Uber CEO has introduced an awkward new phrase into the company's meetings. (Business Insider)

The Trump administration has put on hold an effort to appoint a no. 3 at the Justice Department. (Wall Street Journal)

Tim Cook: We never requested data from Facebook. (The Hill)