Overnight Cybersecurity: New 'Safe Harbor' data pact in danger?

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--I HAVE A VERY BAD FEELING ABOUT THIS: U.S. firms of all sizes are racing to find a way to keep handling foreign data after a European court struck down the international "Safe Harbor" legal framework over privacy worries. U.S. leaders are busy negotiating a pact dubbed Safe Harbor 2.0 in response to the European Court of Justice's October ruling. But experts say there is no reason for companies to believe that the new agreement won't be struck down as summarily as the old one. Absent new, stricter data security laws in the U.S., policy specialists warn a new Safe Harbor pact will immediately be under fire. "What we now know is that [Safe Harbor] can be attacked from day one," said Susan Foster, a privacy attorney at Mintz Levin who works in both the U.S. and the E.U. "And I expect it will be." Congress can help fend off these attacks by preemptively passing new data security laws, several lawmakers insisted in a hearing Tuesday held by two subcommittees of the House Energy and Commerce Committee. "If we fail to do that, the economic implications could be disastrous," said Rep. Jan Schakowsky (D-Ill.). To read our full piece, check back tomorrow.

--WILL SOMEBODY GET THIS WALKING CARPET OUT OF MY WAY: Three-quarters of the 21.5 million victims of the hack on the Office of Personnel Management (OPM) still have not been notified, six months after the breach was detected. The OPM began mailing notification letters in partnership with the Defense Department at the beginning of October, alerting victims that their data was compromised and describing the suite of identity protection services they will receive for three years. At the time, OPM acting Director Beth Cobert called for patience throughout the notification process, which she warned could take "considerable time." A notice on the Web site of the company tapped to provide the identity protection services notes that they "estimate that notifications will continue to be made over a period of 12 weeks through the beginning of December." The timeline of the notification process has been under intense scrutiny, in part because the protection services contract was not announced until two months after the breach was revealed. To read our full piece, click here.

--IT'S NOT MY FAULT: The hacking group Anonymous is denying involvement in the Monday leak of alleged Ku Klux Klan members that included several prominent U.S. senators and mayors. The anarchist hacktivist group has made waves recently with its vow to unmask 1,000 alleged KKK members on Nov. 5 as part of its ongoing cyber war against the white supremacist organization. On Sunday and Monday, initial data appeared on the text-sharing site Pastebin, which most took to be a preview of what was to come. The details included dozens of emails and phone numbers, but most notably the names of roughly a dozen prominent politicians. High-profile Anonymous-affiliated accounts started retweeting links to the Pastebin dump, as well as photos of the lawmakers, making it difficult to determine if Anonymous was taking credit for the information. Throughout the day, the politicians shot back on Twitter, with one senator calling the rumors "baseless Internet garbage of the worst kind." But by late Monday, the "Operation KKK" team, which has been leading Anonymous's digital assault against the Klan, was disavowing any involvement with the leaks. "#OpKKK was in no way involved with today's release of information that incorrectly outed several politicians," the group tweeted from its account. The early details were not the "official release" that Anonymous still plans to dump on Thursday at 11 a.m., another tweet clarified. To read our full piece, click here.




More cybersecurity bills in the House:

1 - Rep. Jan Schakowsky (D-Ill.) said in a Tuesday hearing that she was preparing a bill "that would require strong security standards for a wide array of personal data," such as geolocation data, health records, biometric details, and email and social media account.

The bill would also require companies hit by hackers to notify their consumers of the breach within 30 days of its discovery, she added.

Schakowsky's bill would join a slate of other offerings already floating around the House. But each has been mired for various reasons.

But Schakowsky hopes that a recent European Court of Justice ruling invalidating a U.S.-E.U. Safe Harbor data transfer agreement will spur Congress to action.

The ruling, Schakowsky said during a Tuesday hearing on the topic, "does rightly call into question the adequacy of U.S. data security practices."

To read more about the bill, click here.

2 - Rep. Will Hurd (R-Texas) is trying to get state and local governments the federal tools they sorely need to fight cyber crime.

Hurd's bill, known as the State and Local Cyber Protection Act, would direct the Department of Homeland Security's (DHS) cyber hub -- known as the National Cybersecurity and Communications Integration Center (NCCIC) -- to provide state and local governments the technical know-how and strategies they need to bolster their cyber defenses.

"State and local governments often do not have access to adequate personnel or technical cybersecurity resources," Hurd said.

To read more about the bill, click here.



--LUKE, I AM YOUR FATHER. Apparently, in some academic circles, there is a Freudian explanation for hacking that "conceptualises hacking in Freudian terms as a cyber-sexual urge to penetrate." At least, that's according to Mary Aiken, the cyberpsychology expert whose work inspired the latest CSI oeuvre, CSI: Cyber. Read on, here.

--ALSO, YOU GUYS, THERE'S A DEATH STAR WAFFLE IRON NOW. Feel the dark side flowing through you, here.



--YOU DON'T NEED TO SEE HIS IDENTIFICATION. More voters say Hillary ClintonHillary Diane Rodham ClintonSantorum: Dems have a chance in 2020 if they pick someone ‘unexpected’ Trump should heed a 1974 warning penned by Bush NRCC breach exposes gaps 2 years after Russia hacks MORE's email controversy won't be a factor in their 2016 vote following the former secretary of State's appearance before a high profile congressional hearing, a new poll finds.

According to a Wall Street Journal/NBC News poll released late on Monday, 48 percent of the public now believes the presidential candidate's use of a private email server while secretary of State "is not an important factor" in determining whether or not to vote for her, compared to 44 percent just before her appearance in the House Select Committee on Benghazi.

Meanwhile, 42 percent of the public believes Clinton's email issue is important, a 5-point dip from before the hearing.

In all, the polling amounts to a 9-point swing in opinion about Clinton's controversial email practices from before and after her Oct. 22 appearance before the Benghazi Committee.

To read our full piece, click here.



--CHELSEA MANNING. The imprisoned government leaker spent months behind bars writing draft legislation to overhaul the nation's spying powers, she revealed on Tuesday. The sweeping legislation -- which would almost certainly go nowhere were it to be introduced in Congress -- would "abolish" the Foreign Intelligence Surveillance Act (FISA) Court, which provides a check on intelligence programs but is largely shrouded in secrecy. The court conducts its business behind closed doors, and makes determinations based largely on one-sided arguments from the government. Abolishing the court and putting all of its business in U.S. district courts would place U.S. intelligence powers "in a tried and true, real and historically viable court system," Manning wrote in an op-ed for The Guardian. To read our full piece, click here.




--A technology-focused subcommittee of the House Oversight Committee will hold a hearing at 2 p.m. on government technology acquisition.


--The Hill will host an event at 8 a.m. on securing future payment technologies. Sens. Gary Peters (D-Mich.) and Mike Rounds (R-S.D.) will speak, as will Rep. Ed Perlmutter (D-Colo.).

--The American Bar Association will host the first day of its national security conference. Government officials from the White House, intelligence agencies and Defense Department will speak.

--The U.S. Chamber of Commerce will host the first day of its conference on intellectual property. Sen. Thom Tillis (R-N.C.) will speak.

--The Council on Foreign Relations will host a cybersecurity conference. Homeland Security Secretary Jeh Johnson will speak.


--The American Bar Association will host the second day of its national security conference.

--The U.S. Chamber of Commerce will host the second day of its conference on intellectual property. Sen. Orrin HatchOrrin Grant HatchNew Congress, same issues for Puerto Rico Internet gambling addiction is a looming crisis Trump runs into GOP opposition with NAFTA threat MORE (R-Utah) will speak.



Links from our blog, The Hill, and around the Web.

Police have made a fourth arrest, of a 16-year-old boy, in connection with the investigation into an alleged data theft from TalkTalk. (BBC)

The CIA did not pull officers out of the U.S. Embassy in Beijing following the hack of the Office of Personnel Management (OPM), the nation's top intelligence official said Monday. (The Hill)

The world's top tech companies are failing when it comes to privacy and freedom of expression, according to a think tank survey of user agreement policies. (The Guardian)  

Why aren't presidential candidates talking about cybersecurity? (NBC News)

Cloud-based security platform iboss has raised $35 million in Series A funding from Goldman Sachs' Private Capital Investing group. (Tech Crunch)

NSO Group Ltd, a company that helps governments spy on mobile phones and is so secretive that it regularly changes its name, is exploring a sale that could value it at close to $1 billion. (Reuters)


If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A