Overnight Cybersecurity: Apple-FBI fight escalates

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...


--CELEBRITY DEATHMATCH: It was a big day for the Apple-FBI tiff. The two are feuding over a court order that directs the tech giant to unlock an iPhone used by one of the San Bernardino shooters. Things kicked off Thursday with FBI Director James Comey testifying before the House Intelligence Committee. The bureau head insisted the FBI is not seeking authority to unlock iPhones beyond the one used in the San Bernardino terrorist attack. "I've been very keen to keep the bureau out of the policy-making business," he said. Comey maintained that the FBI's request only applies to one phone in one case. "The FBI focuses on case and then case and then case," he said. "The San Bernardino litigation is not about us trying to send a message or establish some precedent, it really isn't. It's about trying to be competent in investigating something that is an active investigation." Hours later, Apple fired back with its official motion asking a judge to vacate the FBI's court order. "If this order is permitted to stand, it will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent," Apple said in its motion. The company also insisted that complying with the court order would mean creating software it described as a "back door" that hackers could use to crack other iPhones. The motion dubbed this software "GovtOS," after Apple's operating system. "Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote," said the motion. In a conference call with reporters Thursday afternoon, an Apple executive was quick to argue that Comey in his testimony conceded to Apple's argument that the case would influence other judges' decisions. "A decision by a judge will guide how other courts handle similar requests," Comey said. "How judges interpret that is not binding -- but will be important." The expected legal battle could go all the way to the Supreme Court. The Wall Street Journal reported that Google parent Alphabet, Facebook and Microsoft, all plan to file a joint motion supporting Apple in its court fight. To read more about Comey's testimony, click here and here. To read about Apple's motion to vacate, click here. To watch a classic Celebrity Deathmatch clip, click here.

--BILLS, BILLS, BILLS: Lawmakers, officials and industry leaders increasingly believe that Congress will be forced to resolve the FBI's controversial bid to compel Apple to help unlock Syed Rizwan Farook's iPhone. "This case has much broader policy implications, which is why ultimately the court decision won't decide this issue," Rep. Adam SchiffAdam Bennett SchiffTrump opens new line of impeachment attack for Democrats Yovanovitch impeachment testimony gives burst of momentum to Democrats Five takeaways from ex-ambassador's dramatic testimony MORE (D-Calif.), ranking member of the House Intelligence Committee, told CNN Thursday. "Ultimately, it's going to fall on us in Congress to try to draw the line, in terms of what the technology sector must or must not do." "The parties have to find common ground, and Congress needs to write it into law," Rep. Patrick Meehan (R-Pa.) wrote in a Wednesday op-ed. Apple is also arguing that Congress should decide whether it should comply with a court order demanding that it disable certain key security features on the phone. But the push comes from supporters of both Apple and the FBI. And despite the groundswell of support for action, it's not at all clear what legislation -- if any -- lawmakers would unite behind. "This is a huge issue which is very complex. It should not be decided by a single district judge in California, it should be decided right here," Sen. Angus KingAngus KingOvernight Energy: EPA watchdog slams agency chief after deputy fails to cooperate in probe | Justices wrestle with reach of Clean Water Act | Bipartisan Senate climate caucus grows Bipartisan Senate climate caucus grows by six members Senators fear Syria damage 'irreversible' after Esper, Milley briefing MORE (I-Maine) told The Hill. But, he added, "I don't think we're ready to articulate" what legislation is needed. "This is an interesting challenge to the balance that we've always had in our country since our founding, the balance between security and liberty," House Minority Leader Nancy Pelosi (D-Calif.) said Thursday. To read about the push for legislation, check back tomorrow morning. To read about Pelosi's comments, click here.

--THOU SHALL NOT PASS: Sen. David VitterDavid Bruce VitterRed-state governor races put both parties on edge Louisiana Republicans score big legislative wins Trump calls on Republicans to vote out Democratic Louisiana governor amid GOP infighting MORE (R-La.) on Thursday blocked the nomination of Beth Cobert to become the director of the Office of Personnel Management (OPM). Cobert has been leading the agency as its acting director since this summer, when former Director Katherine Archuleta resigned in the wake of far-reaching hacks at the agency. The resulting data breach, believed to be one of the largest in government history, exposed over 20 million people's sensitive information. Vitter's hold, however, is not related to the digital intrusions. Instead, the Louisiana lawmaker is seeking answers to a letter he sent Cobert earlier this month regarding an OPM rule that allows members of Congress and Capitol Hill employees to receive certain small-business subsidies to help pay for health insurance purchased through an ObamaCare exchange. Cobert's nomination was initially seen as relatively uncontroversial, but it has hit some bumps in recent weeks. Just hours after Vitter's statement, news of the hold spilled over into a House Oversight Committee hearing, where Cobert was testifying. Rep. Elijah Cummings (Md.), the committee's top Democrat, bashed Vitter's move, calling it "outrageous." Even Chaffetz, perhaps the OPM's most frequent congressional critic, came to Cobert's defense. To read our full piece, click here.




1 - The House Oversight Committee held a hearing on the Obama administration's proposal to overhaul the security clearance process, which includes the Office of Personnel Management (OPM) handing over security of the network to the Defense Department.

Rep. Steve Russell (R-Okla.), one of the main lawmakers pressing for the switch, still had some words of caution:

"If the Department of Defense is going to clearly have the greatest level of responsibility to protect these documents then they, by golly, better have the authority to make it good and we ought not to be weakening and diminishing our land forces to pay for some data breach."

2 - The House Homeland Security's cybersecurity subcommittee held a hearing on emerging cyber threats to the U.S., during which lawmakers repeatedly warned that nation states, terrorists and online criminals are taking increasingly sophisticated action.

Committee leadership dinged the administration on its response to escalating incidents in their opening statements.

"The Administration's lack of proportional responses to these cyber attacks has demonstrated to the world that there are no real consequences for such actions," subcommittee chairman John Ratcliffe (R-Texas) said. "Without a comprehensive national cybersecurity strategy that addresses deterrence effectively, I worry that 2016 could bring an increasing number of those willing to push the boundaries."

"I still have questions about the overall strategy," committee chairman Michael McCaul (R-Texas) said. "The administration must release the National Cybersecurity Incident Response plan... The administration says the plan will be out this spring, and I urge them to get it done."




-Anthony Hopkins vs. Jodie Foster

-John Lennon vs. Paul McCartney vs. George Harrison vs, Ringo Starr

-Michael Jordan vs. Dennis Rodman



--THIS LOOKS SUSPICIOUS. An interagency team made up of the National Cybersecurity and Communications Integration Center, the Department of Energy, the FBI and others returned the results of their investigation into the cyberattack on a Ukrainian power plant in December.

"The cyber-attack was reportedly synchronized and coordinated, probably following extensive reconnaissance of the victim networks," according to the group's report.

But, the group writes, while all of the impacted companies reported that they had been infected with a certain kind of malware known as BlackEnergy, "we do not know whether the malware played a role in the cyberattacks."

Read on, here.



--MICROSOFT. The tech giant will file a legal brief next week supporting Apple in its encryption fight with the government, according to the company's president.

During a House Judiciary Committee hearing on Thursday, Brad Smith told lawmakers that the government should not use a century-old law to resolve questions about today's technology.

The company had been largely silent on the issue until Thursday.  

"In the Apple case, the Justice Department has asked a technology company to apply language in the All Writs Act that was passed by Congress and written in 1911. We do not believe that courts should seek to resolve issues of 21st century technology with law that was written in the era of the adding machine."

To read our full piece, click here.



Links from our blog, The Hill, and around the Web.

The Obama administration still can't assess whether China is adhering to a September pledge to stop hacking private American companies, Director of National Intelligence James Clapper told lawmakers on Thursday.

Apple CEO Tim Cook in an interview that will air on Thursday evening said the government is asking his tech company to make the "software equivalent of cancer" in order to combat terrorism.

Apple is also working on new ways to strengthen the encryption of customers' iCloud backups. (Financial Times)

A forum on the website of the United Nations World Tourism Organisation has been defaced and its database compromised by a hacking collective known as TeamPoison. (International Business Times)

The U.S. Department of Defense funded research into the development of Tor, court documents reveal. (The Guardian)

German police can now use spyware to monitor suspects. (Ars Technica)

Malware and skimmers, explosions and hammers: Here's how attackers go after ATMs. (Ars Technica)

Apple's refusal to help the FBI unlock Farook's iPhone 5c has prompted an Arizona county attorney's office to ban providing new iPhones to its staff. (CSO Online)

If you'd like to receive our newsletter in your inbox, please sign up here http://goo.gl/KZ0b4A