Overnight Cybersecurity: Obama to review encryption bill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...


--GIVE ME JUST A LITTLE MORE TIME: A long-awaited bill to give law enforcement access to encrypted data will have to wait a few more days as the White House takes a second look. Sens. Richard BurrRichard Mauze BurrGOP senator wants to know whistleblower identity if there's an impeachment trial Senate Intel chair doesn't want whistleblower's identity disclosed Graham wants Senate panel to probe State Department over Bidens MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinHarris shares video addressing staffers the night Trump was elected: 'This is some s---' Centrist Democrats seize on state election wins to rail against Warren's agenda Senate talks on stalled Violence Against Women Act reauthorization unravel MORE (D-Calif.), the leaders of the Intelligence panel, told reporters Thursday that the latest draft of the bill had been sent back to the White House for review. "Yesterday, I sent a copy to [White House chief of staff Denis McDonoughDenis Richard McDonoughFormer Obama officials willing to testify on McCabe's behalf: report Trailer shows first look at Annette Bening as Dianne Feinstein 2020 Democrats fight to claim Obama's mantle on health care MORE]," said Feinstein, who is co-sponsoring the bill with Burr. "He indicated to me that the staff is going to look at it, discuss it with the president next week. So we'll see." The measure -- a response to concerns that criminals are increasingly using encrypted devices to hide from authorities -- would require firms to comply with court orders seeking access to locked data. While law enforcement has long pressed Congress for such legislation, the tech community and privacy advocates warn that it would undermine security and endanger online privacy. "It did get kicked over to the White House because I think the chief of staff wanted to brief the president on it," Burr said later, leaving an Intelligence panel meeting. Obama's briefing means the bill will not be released this week, as Burr hoped. Meanwhile, the White House on Thursday denied reports that it will not offer its support to the bill. "I saw that report and I don't know what it's based on," Deputy Press Secretary Eric Schultz told reporters on Air Force One. "The idea that we're going to withhold support for a bill that's not introduced yet is inaccurate." Schultz did not tip his hand on the administration's official response to the bill. "As it pertains to this particular piece of legislation, I am sure we will take a look at what they are proposing and be in touch," he said. To read about the delay in the bill's release, click here. To read about the White House comments, click here.

--JUST THIS ONE PHONE: The hacking tool the FBI bought to access the iPhone 5c of one of the San Bernardino, Calif., shooters won't work on newer phones, FBI Director James Comey said Wednesday. "It's a bit of a technological corner case because the world has moved on to [the iPhone 6]," Comey said during an appearance at Ohio's Kenyon College. "We have a tool that works in a narrow slice of phones." He said the hacking tool doesn't work on the latest iPhone 6 or on the iPhone 5s. The county-owned work phone that belonged to shooter Syed Rizwan Farook is a 5c model running Apple's iOS 9 operating system. The FBI's success in hacking into the device raised new questions about whether the government would use its newly uncovered hacking method to assist other law enforcement officials. Security specialists have pressed the government to tell Apple about the flaw it exploited instead of using it to access other locked phones. These researchers fear the flaw will leak to nefarious hackers, endangering millions of iPhone users. Comey said Wednesday there are conversations "within the government" about disclosing the technique to Apple, which could allow the company to patch the vulnerability that allows the agency to access the data. "That's an interesting conversation, because [if] we tell Apple, they're going to fix it, and then we're back where we started from," he said. "But, look, as silly as that may sound, we may end up there. We just haven't decided yet." On Capitol Hill on Thursday, Senate Intelligence Chairman Richard Burr (R-N.C.) told reporters that the FBI would eventually brief his full committee on its hacking tactic. Burr and Intelligence Committee ranking member Dianne Feinstein (D-Calif.) have both already been briefed on the method, they told reporters. To read our full piece, click here.



--SAFETY FIRST. Sen. Ed MarkeyEdward (Ed) John MarkeyDemocrats unifying against Joe Kennedy Senate bid States, green groups challenge rollback of Obama-era lightbulb rules Overnight Energy: Dems ask Trump UN ambassador to recuse from Paris climate dealings | Green group sues agencies for records on climate science | Dem wants answers on Keystone oil spill MORE (D-Mass.) on Thursday introduced a bill to create strict cybersecurity standards for the aviation industry as it increasingly becomes a target for hackers and cyber spies.

The legislation follows up on Markey's investigation into the security practices of airlines and airplane manufacturers, which he launched in December.

"As technology rapidly advances to keep passengers and planes connected, we must ensure that the airline industry is vigilant in protecting its aircraft and systems from cybersecurity breaches and attacks," said Markey, a Commerce Committee member.

Markey's bill, the Cyber AIR Act, would direct the Federal Aviation Administration (FAA) to establish digital security guidelines for the airline industry, while also ordering all airlines to disclose cyberattacks to the government.

"We know that terrorists and others that mean to do us harm will try to exploit any loophole or technological advance in our transportation systems," the Massachusetts Democrat said.

To read our full piece, click here.



--NEVER TRUST AN ALGORITHM. Here's what happens when Spotify tries to recommend a boyfriend.



--HERE'S TO THE SUNNY SLOPES OF LONG AGO. The roots of the current standoff between Apple and the FBI stretch back to a 2008 child sex abuse prosecution thought to be the first time a federal judge ordered Apple to assist in unlocking an iPhone.

Apple wanted a court order to hack into the suspect's phone, but it was otherwise cooperative -- it even drafted language for the Justice Department to use in its request.

Read on, at The Wall Street Journal, here.



--THE CYBER CALIPHATE. The Islamic State in Iraq and Syria (ISIS) hacker group made a swift return to the encrypted social media platform Telegram after being booted off over the weekend, according to the Middle East Media Research Institute (MEMRI).

The group also launched a collective with like-minded cyber jihadi groups to "expand operations," according to MEMRI.

Experts say one of the challenges of keeping extremists off of social media platforms is that they can simply create new accounts under different names.

The report, here.



Links from our blog, The Hill, and around the Web.

Civil liberties and government transparency groups are rallying to oppose a new plan that would allow the National Security Agency to share more of the information that it collects about people's communications and activity on the Internet with other federal agencies. (The Hill)

Comey said Wednesday night that he is confident the FBI can protect the tool it purchased to crack into the shooter's iPhone. (The Hill)

The long-term Federal Aviation Administration reauthorization bill includes cybersecurity provisions that proponents say will help secure an aviation industry under siege from hackers. (The Hill)

Journalists are increasingly being presented with opportunities to uncover significant stories using data that has been illegally pulled from databases or servers by hackers. (Motherboard)

The Department of Homeland Security is having trouble recruiting much-needed computer experts because it can't match private sector pay and lacks the allure of intelligence agencies. (The New York Times)

The FBI is warning about a "dramatic" increase in so-called CEO fraud, email scams in which attackers spoof a message from the boss and trick someone at the organization. (KrebsOnSecurity)

Anonymous' annual OpIsrael attack has been taking place on April 7 every year since 2013. (Re/Code)

The dark Web hacking forum "Hell" appears to have new owners. (Motherboard)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A