Overnight Cybersecurity: Privacy concerns stall final cyber push

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--HASHTAG, EXCITEMENT: House Homeland Security Committee Chairman Michael McCaul (R-Texas) said Wednesday he is still negotiating the privacy language in a major cybersecurity bill, even as the White House reviews a near-final draft. "I think everything's been going in the right direction," he told reporters. "I think it's moved a long ways from the very beginning." Lawmakers are working to merge three cyber bills that all aim to encourage private companies to share more data on hackers with the government. Negotiators are hoping to move a compromise text through Congress in the coming days, and have the finished legislation on President Obama's desk by the end of the year. But a flurry of last-minute negotiations over privacy provisions have tightened lawmakers' timeline. Late Tuesday, committee staff gave the White House an almost-completed draft. The administration's approval is one of the remaining hurdles needed to speed passage. A final sticking point for negotiators is the language surrounding the "portal" through which companies would hand information on cyber threats over to the government, according to McCaul. "The goal is to have [the Department of Homeland Security] as the lead civilian portal," he said. "The president can designate other portals if he deems necessary or appropriate," McCaul added. "We just want to make sure that those are true civilian portals and not intelligence or law enforcement because, you know, you don't want to share information with somebody that can either prosecute or spy on you." To read more about the White House's review of the compromise text, click here. To read more about the status of the overall negotiations, click here.

--CAN YOU BELIEVE THE ZOO WOULDN'T LET ME BORROW THEIR WHITE TIGER?: FBI Director James Comey said Wednesday that strong encryption technology is stymieing the execution of court orders, insisting that companies should adjust their business models to accommodate law enforcement. "There are plenty of companies today that provide secure services to their customers and still comply with court orders," Comey told a Senate Judiciary Committee hearing. "This is not a technical issue, it is a business model question." In the wake of the deadly attacks on Paris and San Bernardino, pressure has been rising on Apple, Google and other technology companies to allow law enforcement and intelligence agencies some form of guaranteed access to encrypted devices. Supporters of such access argue that encryption technology that can't be unlocked even by the manufacturer allows terrorists and other criminals to "go dark," or communicate out of the reach of law enforcement. Comey said Wednesday there is "no doubt the use of encryption is part of terrorist tradecraft now" because "they understand the problems [law enforcement] has getting court orders." To read our full piece, click here.

--THERE ARE YOUTHS EVERYWHERE!: U.S. retailers are pushing back against legislation mandating tough new cybersecurity requirements, even as the industry braces itself for an onslaught of holiday season hacking attacks. Retailers' digital defenses have been under harsh public scrutiny since Target disclosed its massive 2013 holiday-season breach that exposed up to 40 million credit cards and compromised other personal information of as many as 70 million people. The threat is elevated each year when, beginning on Black Friday, companies face new waves of malware, phishing schemes and other attempts intended to exploit the huge numbers of transactions processed during the holiday season. Responding to the attacks, lawmakers from both chambers have put forth a series of bills aiming to shore up the industry's -- and by extension, consumers' -- online protection systems. On Wednesday, the House Financial Services Committee advanced a bill that would set nationwide data security standards and require businesses to notify customers following a breach. But the so-called Data Security Act of 2015, introduced by Rep. Randy NeugebauerRobert (Randy) Randolph NeugebauerCordray announces he's leaving consumer bureau, promotes aide to deputy director GOP eager for Trump shake-up at consumer bureau Lobbying World MORE (R-Texas), has faced fierce pushback from retailers, who warn it would be overly burdensome to some smaller businesses, while allowing other companies -- like third-party vendors and financial institutions -- to escape regulation altogether. "Politically speaking, we think the way to get a bill through Congress is not to have committees pick winners and losers, but recognize that everyone suffers data breaches and everyone should have the same obligations," said Paul Martino, senior policy counsel at the National Retail Federation. To read our full piece, check back tomorrow.



--HAVE YOU SEEN MY SHARKSKIN LAPTOP SLEEVE? Sen. Dianne FeinsteinDianne Emiel FeinsteinSenate opens Trump impeachment trial Democrats ask if US citizens were detained at border checkpoints due to Iranian national origin Pelosi set to send impeachment articles to the Senate next week MORE (D-Calif.) is vowing to lead the charge on legislation that would require companies to decrypt data under court order.

"I'm going to seek legislation if nobody else is," she said during an FBI oversight hearing Wednesday

Senate Intelligence Chairman Richard BurrRichard Mauze BurrHillicon Valley: Apple, Barr clash over Pensacola shooter's phone | Senate bill would boost Huawei alternatives | DHS orders agencies to fix Microsoft vulnerability | Chrome to phase out tracking cookies Senators offer bill to create alternatives to Huawei in 5G tech Voting machine vendors to testify on election security MORE (R-N.C.) is also working with her on the bill, she added.

The recent terror attacks in Paris and San Bernardino, Calif., have resurrected a Capitol Hill push to compel companies like Apple and Google to hand over encrypted data to law enforcement officials.

"I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet... that encryption ought to be able to be pierced," Feinstein said.

To read our full piece, click here.



--THE ECONOMY STINKS, BEES ARE DYING. Ending a text message with a period basically brands you an unutterable monster, a new study from Binghamton University finds. Teens, it turns out, think the period is an abomination that marks the sender as insincere.

And here we thought all we had to do was avoid texting our loved ones "k" unless we really have an axe to grind. (But don't even get us started on those freaks who put noses in their smiley faces.)

Read on, here.



--I CRIED THE OTHER DAY LISTENING TO A TECHNO SONG. Meet the woman in charge of the FBI's most controversial high-tech tools.

In a profile of Amy Hess, the FBI's executive assistant director for science and technology, The Washington Post notes some of the agency's biggest cybersecurity challenges, including navigating the minefield between privacy and security.

Another challenge? Repairing a contentious relationship with Silicon Valley in the wake of the Edward Snowden revelations.

A more technical challenge? Updating a counter-terrorism platform called Insight that "chokes on large amounts of network data."

Read on, here.



--CHINA (AGAIN). China's internet czar on Wednesday defended the nation's extensive Web censorship, insisting that "order" leads to broader freedoms.

"Freedom is our goal. Order is our means," Lu Wei, head of the Cyberspace Administration of China, told reporters at a briefing on the country's upcoming World Internet Conference.

China's strict Internet policies, known as the Great Firewall, have intensified under Chinese President Xi Jinping's administration, coinciding with a crackdown on freedom of expression online. Western services such as Facebook and Google's email platform Gmail are prohibited from operating in China, while bloggers and online activists are regularly detained for "spreading rumors online" and "picking quarrels," the U.S. non-governmental organization Freedom House reports.

Lu claimed Wednesday that if China's policies were too restrictive, the online economy would not be growing so rapidly. But he insisted that Beijing would continue to determine what sites it allows to operate.

"We do not welcome those that make money off China, occupy China's market, even as they slander China's people," Lu said. "These kinds of websites I definitely will not allow in my house."

"I, indeed, may choose who comes into my house. They can come if they are friends," he said.

To read our full piece, click here.



Links from our blog, The Hill, and around the Web.

Attorney General Loretta Lynch on Wednesday warned European lawmakers that a privacy law under consideration could hamper efforts to combat terrorism by restricting the flow of information. (The Hill)

The Federal Trade Commission (FTC) on Wednesday settled a lawsuit with hotel chain Wyndham Worldwide that alleged the company's poor data security exposed customer data to hackers. (The Hill)

It's too early to tell whether new limits on federal surveillance powers are affecting the government's ability to track terrorists, the head of the FBI said Wednesday. (The Hill)

President Obama does not receive briefings about the FBI's investigation into the personal email setup Hillary ClintonHillary Diane Rodham ClintonNYT editorial board endorses Warren, Klobuchar for Democratic nomination for president Sanders v. Warren is just for insiders Alan Dershowitz: Argument president cannot be impeached for abusing power a 'strong one' MORE used as secretary of State, bureau Director James Comey said on Wednesday. (The Hill)

DARPA wants an early warning system for cyberattacks. (NextGov)

Companies are paying "white hat" hackers to probe their cybersecurity systems for weaknesses -- but some say that so far, they aren't paying enough. (The Atlantic)

Technology firms and those running critical services will have to report cyber-breaches, under new rules put forward in the European Parliament. (BBC)

The State Department says sensitive data might have been breached during multiple hack attacks over the past year. (NextGov)

A former U.S. official pleaded guilty Wednesday to charges he orchestrated an international cyber hacking operation to stalk hundreds of young women and threaten them if they did not share sexually explicit material, the Justice Department said. (Reuters)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A