Overnight Cybersecurity: House looking into election hacks | FTC seeks input on data safeguards

by Joe Uchill - 09/12/16 6:38 PM ET

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–ELECTION HACKING: The House Science Committee in the coming week will hold a hearing on protecting the 2016 election from cyberattacks, amid growing concerns that Russia is attempting to interfere in U.S. politics. The committee will review current guidelines for protecting voting and election systems — and whether or not states are effectively implementing those safeguards leading into the Nov. 8 contest. Specifically, the committee is concerned about the security of electronic voting machines, online voting, voter registration databases and vote tally databases. Experts say the patchwork of voting systems across states are extremely vulnerable to attack. The Tuesday hearing comes as the Department of Homeland Security (DHS) is examining whether to designate certain electoral systems as critical infrastructure, bringing them under the agency’s mantle of protection. The agency in August offered to help states scan their voting systems ahead of the elections to thwart potential hacking attempts. The offer has gotten a mixed response. Georgia has already declined the offer, citing state sovereignty concerns. Meanwhile, Pennsylvania, a battleground state, has been in touch with DHS officials about possible protections. Concerns about the security of the election are at a high, after suspected Russian intelligence hackers infiltrated the Democratic National Committee (DNC) in what many see as an attempt to damage Democratic presidential candidate Hillary Clinton.

To read the rest of our piece, click here.

{mosads}–REPORTS HAVE BEEN GREATLY EXAGGERATED: The office of Sen. Dianne Feinstein (D-Calif.) is downplaying reports that it is working on a new encryption bill, saying it is merely an internal brainstorming file. Just Security, a blog run by the New York University School of Law, published a piece on Friday by Cato Institute fellow Julian Sanchez saying that a new draft of encryption legislation that stakeholders were circulating had been shared with him. A source within Feinstein’s office familiar with the document says it was actually an internal brainstorming file being compiled by Feinstein’s staffers as they met with stakeholders in the encryption debate. It is not, the source stressed, legislation the office or any office is currently considering. There is no new draft, the source continued.

To read the rest of our piece, click here.

A POLICY UPDATE:

–SEEKING INPUT: On Monday, the Federal Trade Commission requested public comment on the continuing relevance a decade-old data protection rule.

The Disposal Rule, part of the Fair and Accurate Credit Transactions Act (FACTA), requires businesses to render consumer reports including credit and background checks unreadable before disposing of them. That can mean shredding or burning documents, or using more thorough methods of deleting a digital document than dragging it to the trash icon.

The call for comments asks for perspectives on what needs to be strengthened, weakened or removed from the Disposal Rule, the costs of complying and whether greater specificity in disposal methods are needed.

The rule passed in 2003 and was implemented in 2005.

To read the rest of our piece, click here.

A LIGHTER CLICK:

I HAVE SEEN THE VULNERABILITY, AND HE IS US.

A TALK IN FOCUS:

–HOW TO WIN FRIENDS AND INFLUENCE CYBERSECURITY. At tomorrow’s Billington Cybersecurity Summit in Washington D.C., Ryan Gillis, Palo Alto Network’s vice president of cybersecurity strategy and global policy, will suggest a novel concept in information security: Successfully implementing cybersecurity policies in government and business might be less about technology or cost and more about being able to understand what other people are saying.

“If you go to a C-suite meeting to talk about compliance with ISO standards, you will talk past each other,” he said. “If you explain everything in terms of risk, you might get something done.”

Gillis will be a part of a panel on implementing the National Institute of Standards and Technology cybersecurity framework – the subject of more than a few conversations with people talking past each other. It’s one event in a packed conference schedule, including Federal Chief Information Officer Tony Scott, White House Cybersecurity Coordinator Michael Daniel, NSA chief Adm. Michael Rogers and high ranking cybersecurity officials from the military and law enforcement.

WHO’S IN THE SPOTLIGHT:

–SENIOR U.S. DISTRICT JUDGE DAVID ALAN EZRA. Judge Ezra of the San Antonio division of the Western District of Texas court ruled that the FBI needed a proper warrant when it hacked the computer of Jeffrey Jerry Torres, a man facing charges of receiving and possessing child pornography.

Torres and others were allegedly caught by the FBI for using the dark web child pornography site Playpen.

Ezra likened the hack to a search.

“[The contention that] Mr. Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes,” Ezra wrote.

In February 2015, the FBI seized and then ran Playpen for two weeks. In that time, they installed malware on users’ computers to identify suspects.

In a previous case, a judge had ruled that because users accessing Playpen, via the dark web browser Tor, made their IP address known to another computer in order to access Tor, they gave up any reasonable expectation of privacy for their IP address. Click here to read more.

A LOOK AHEAD:

TUESDAY

The Senate Armed Services committee tackles encryption at a 9:30 a.m. hearing featuring Under Secretary Of Defense for Intelligence Marcell J. Lettre II and Centcom / NSA head Adm. Michael S. Rogers.

The House Science Committee holds a hearing on how to protect elections from voting machine hacking at 10 a.m.

House Oversight looks into the Clinton State Department’s “failure to preserve federal records.” at 10 a.m.

The House Homeland Security Committee marks up bills ranging from U.S./ Israeli cybersecurity partnerships to first responder technologies to general defensive cybersecurity at 2 p.m.

The Senate Intelligence Committee has a closed door briefing at 2:30 p.m.

The Billington Cybersecurity Summit runs all day.

WEDNESDAY

The Senate Judiciary meets to discuss ICANN and internet oversight at 10 a.m.

House Energy and Commerce offers a presentation on advanced robotics at 10:30 a.m.

THURSDAY

The House Intelligence Committee discusses a report on Edward Snowden in a closed session at 9 a.m.

The Senate Intelligence Committee has a closed door briefing at 2 p.m.

FedScoop’s Federal Cybersecurity Summit runs all day.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The U.S. should be wary of Russia’s hacking capabilities, CIA Director John Brennan said Sunday, when asked about electoral interference. (The Hill)