Overnight Cybersecurity: EU regulators' judgment on data deal coming soon

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you...

THE BIG STORIES:

--NAIL BITER: European privacy regulators are set to issue an opinion this week on a pending data transfer deal between the U.S. and the European Union. The so-called Privacy Shield is intended to keep commercial data flowing legally across the Atlantic. But leaks from the upcoming assessment suggest the working group of Europe's 28 data privacy authorities is likely to reject the agreement in its current form. Onlookers say the most likely course of events will see the European Commission take the nascent deal back to the negotiating table. "There's a real chance that it won't sail through, that there will be some significant comments to the point where the Commission might decide to go back to the U.S. and reopen the negotiations, which extends the period of uncertainty for businesses," said Susan Foster, a privacy attorney at Mintz Levin who works in both the EU and the U.S. Although the group's support is not a prerequisite to the deal's ultimate approval by the EU Commission and the U.S. -- where negotiations were led by the Department of Commerce -- it would be a blow to the fragile agreement. Even if the deal is finalized, the European high court will likely still weigh in on its validity. The Privacy Shield's predecessor, the 15-year-old Safe Harbor framework, was struck down when the court deemed that the U.S. could not be seen to adequately protect EU citizens' privacy because of its surveillance practices. Foster notes that the working party's opinion will be a barometer for the deal's ultimate survival. "The opinion is vital because it's an indicator of how well Privacy Shield will fare when it's attacked," Foster said. "If it's robust enough to satisfy the working party then it has a good chance of surviving scrutiny by the European Court of Justice." To read our full piece, click here.

ADVERTISEMENT
--STILL JUST THIS ONE PHONE: A federal judge in Boston ordered Apple to help the FBI access information on a suspect's locked iPhone earlier this year, according to recently unsealed court filings. U.S. Magistrate Judge Marianne Bowler said that the tech giant must provide "reasonable technical assistance" to law enforcement, including "extracting data from the device, copying the data from the device onto an external hard drive ... and/or providing the FBI with the suspect Personal Identification Number so that access can be gained." But Bowler stopped short of requiring that the company decrypt the information on the iPhone. The iPhone belongs to Desmond Crawford, an alleged gang member, whom the FBI is investigating. "To the extent that data on the device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data," Bowler wrote in her February order. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

--THE HITS KEEP COMING. The Obama administration is under increasing pressure from privacy activists to disavow legislation that would force companies to help investigators decrypt data upon request.

More than three-dozen activists, academics and advocacy groups sent the White House a letter on Monday urging it to oppose the bill, which they say "would threaten the safety of billions of internet users."

"This bill essentially asks device manufacturers, service providers, and application developers to do the impossible --­­ to somehow keep their users secure while facilitating third-­party access to information," the letter, signed by media freedom groups and digital rights groups, read.

A top industry organization, the Internet Association, also joined the chorus of tech and privacy groups outraged by a draft of the measure, currently under review by the White House.

"Mandating the weakening of encryption will put the United States' national security and global competitiveness at risk without corresponding benefits," Internet Association President Michael Beckerman said in a statement.

The legislation, from Intelligence Committee leaders Sens. Richard BurrRichard Mauze BurrGOP's Tillis comes under pressure for taking on Trump Warner says there are 'enormous amounts of evidence' suggesting Russia collusion McCarthy dismisses Democrat's plans: 'Show me where the president did anything to be impeached' MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinGOP rep to introduce constitutional amendment to limit Supreme Court seats to 9 Senate Dems petition Saudi king to release dissidents, US citizen Court-packing becomes new litmus test on left MORE (D-Calif.), is a response to concerns that criminals and terrorists are increasingly using encryption to hide from authorities.

The so-called "Compliance with Court Orders Act of 2016" would direct companies to offer "technical assistance" to help government officials access encrypted data, according to a discussion draft first obtained by The Hill last week.

To read about the Internet Association's statement, click here. To read about the pressure from privacy activists and others, click here.

 

LIGHTER CLICK:

--SARUUUHHHHHHH. The internet (formerly the "Internet") was a black hole today, so here's an old favorite.

 

A HACK IN FOCUS:

--TURNING THE TABLES. Last week, a hacking team going by the name Cyber Justice Team claimed to have pilfered 10 gigabytes of data from the Syrian government.

Cyber defense firm Risk Based Security has slogged through the data dump and found that some of the information is new and potentially constitutes one of the biggest leaks of Syrian government data ever.

The leak is also notable considering the Syrian government has allegedly been backing its own rogue hacking group, the Syrian Electronic Army (SEA), that has made waves by digitally defacing major news sites around the world.

The Obama administration recently indicted several alleged members of the SEA.

Read more analysis of the Syrian government leaked data here.

 

WHO'S IN THE SPOTLIGHT:

--ROBERT SILVERS. The former Department of Homeland Security (DHS) deputy chief of staff today became the first permanent Assistant Secretary for Cybersecurity at the agency.

He will be responsible for leading DHS's engagement with the private sector on cyber defense.

Silvers replaces Rosemary Wenchel, who had held the position on an acting basis and is retiring.

 

A LOOK AHEAD:

TUESDAY

--The Senate Finance Committee will hold a hearing on cybersecurity and protecting taxpayer information at 10 a.m.

THURSDAY

--The House Transportation Committee will look at whether the U.S. is prepared to handle the aftermath of a cyberattack on the electrical grid at 10 a.m.

--The Atlantic Council will host a discussion on the cyber dimension of the crisis in Ukraine at 4 p.m.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The federal government is moving to impose new cybersecurity requirements on nuclear facilities. (The Hill)

Sen. Barbara BoxerBarbara Levy BoxerHispanic civil rights icon endorses Harris for president California AG Becerra included in Bloomberg 50 list Climate debate comes full circle MORE (D-Calif.) is pressing the FBI for information on a string of cyberattacks at hospitals that have forced networks offline and, in some cases, led to ransom payments. (The Hill)

Data on roughly 44,000 Federal Deposit Insurance Corporation customers was recently breached accidentally by a departing employee. (The Hill)

Microsoft has endorsed the Privacy Shield, the first major corporate endorsement of the nascent deal.

An emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion. (Ars Technica)

A cybersecurity expert caught in the FBI mass hack of users of a child pornography site has been sentenced to two days of jail he has already served. (Motherboard)

If you'd like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A