Hillicon Valley: Pelosi works to remove legal protections for tech companies from USMCA | Treasury sanctions Russian group over $100 million hack | Facebook sues Chinese individuals for ad fraud | Huawei takes legal action against FCC

Hillicon Valley: Pelosi works to remove legal protections for tech companies from USMCA | Treasury sanctions Russian group over $100 million hack | Facebook sues Chinese individuals for ad fraud | Huawei takes legal action against FCC
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills)

USMCA UPDATE: House Speaker Nancy PelosiNancy PelosiPelosi preparing for House to decide presidency if neither Trump or Biden win electoral college: report Trump seeks boost from seniors with 0 drug discount coupons GOP senators confident Trump pick to be confirmed by November MORE (D-Calif.) is working to remove legal protections for technology companies from the United States-Mexico-Canada Agreement (USMCA) in the eleventh hour as lawmakers push to complete the deal before the end of the calendar year.


Lawmakers from both sides of the aisle have previously raised concerns about including language from Section 230 of the Communications Decency Act in trade deals, which gives platforms legal immunity for content posted by third-party users while also giving them legal cover to take good-faith efforts to moderate their platforms. 

However, Pelosi’s decision to raise the issue significantly elevates its importance. 

Section 230 has recently received increased scrutiny from lawmakers as Silicon Valley has fallen out of favor in Washington. Interest in amending or even gutting Section 230 has clashed with the inclusion of similar language in the USMCA and a trade deal with Japan, which Tokyo formally approved Wednesday. 

Lawmakers have expressed concern that its inclusion could lock in the law and make it more difficult to alter domestically.

“There are concerns in the House about enshrining the increasingly controversial Section 230 liability shield in our trade agreements, particularly at a time when Congress is considering whether changes need to be made in U.S. law,” a spokesperson for Pelosi told The Hill Thursday.

Read more here. 



DON’T CLICK ON ANYTHING: Multiple federal agencies on Thursday, including the departments of Justice, State and Treasury, took action against Russians involved in the theft of millions of dollars from bank accounts worldwide through cyber hacking operations.

The Treasury Department’s Office of Foreign Assets Control issued sanctions against a group known as Evil Corp, which is a Russian-based cybercriminal group responsible for the Dridex malware. Officials say this malware has been used to infect computers and steal more than $100 million from hundreds of banks and financial institutions in over 40 countries.  

The sanctions targeted 17 individuals and seven entities associated with Evil Corp, including Evil Corp’s leader, Maksim Yakubets.

In conjunction with the sanctions, the State Department announced a reward of up to $5 million for information that could lead to the capture and conviction of Yakubets, which represents the largest potential reward for a cyber criminal ever issued by the department.

“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations,” Treasury Secretary Steven MnuchinSteven Terner MnuchinHouseholds, businesses fall into financial holes as COVID aid dries up Centrist Democrats got their COVID bill, now they want a vote The Hill's Morning Report - Sponsored by Facebook - Republicans lawmakers rebuke Trump on election MORE said in a statement on Thursday. “This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group."

Mnuchin noted that “our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”

The malware virus has been spread mostly through the use of phishing emails that encourage individuals to click on malicious links or attachments that lead to Dridex being downloaded. Officials say that Evil Corp was able to steal credentials, and then funds from victims’ bank accounts, after the virus was on a system.

In addition to the State and Treasury actions, the Justice Department joined with multiple other U.S. and British agencies in unsealing indictments against both Yakubets and another Russian national, Igor Turashev.

Read more here. 


DON’T CLICK ON ANYTHING PART TWO: Facebook filed suit on Thursday against two Chinese individuals and one company for tricking internet users into downloading malware that enabled them to run deceptive ads on Facebook.

Facebook alleged in the suit filed in the U.S. District Court of the Northern District of California that between 2016 and August of this year, Hong Kong-based ILikeAd Media International Company Ltd., along with Chinese software developer Chen Xiao Cong and Chinese marketing director Huang Tao, tricked internet users into downloading malicious software.

According to the suit, this software then allowed the defendants to access the victims’ Facebook accounts and to takeover their ad accounts to run malicious ads on Facebook without the victims’ consent or knowledge.

The defendants used a practice known as “cloaking” to enable the malicious ads to slip past Facebook’s review, with the defendants showing Facebook a different landing page clicking on the ad would lead to as opposed to the landing page the victims would see.

Facebook is seeking “injunctive relief” to stop the defendants from “misusing” Facebook in this way, and to obtain damages.

In an online post about the case on Thursday, Jessica Romero, Facebook’s director of Platform Enforcement and Litigation, and Rob Leathern, director of Product Management and Business Integrity at Facebook, wrote that the company had worked with victims of the malware scheme to secure their accounts, and had refunded them money used to run the malicious ads.

Read more here. 


STOP RIGHT THERE: The Trump administration was sued on Thursday over a controversial new policy requiring foreigners to share their social media accounts when they apply for U.S. visas. 

The lawsuit, filed by civil liberties advocates representing two U.S.-based documentary filmmaking groups, alleges the administration is violating constitutional free speech rights and stripping away any semblance of online privacy in the name of vetting new entrants to the country, some of which already have strong ties to the U.S. 

The plaintiffs are alleging the rule, which requires visa applicants to submit their social media handles across 20 online services to the U.S. government, has created a "far-reaching digital surveillance regime that enables the U.S. government to monitor visa applicants’ constitutionally protected speech and associations not just at the time they apply for visas, but even after they enter the United States." 


Free speech advocates filed the lawsuit on behalf of two documentary filmmaking groups, Doc Society and the International Documentary Association (IDA), which have close ties to documentarians and journalists in other countries. Doc Society and the IDA say their partners in other countries are no longer willing to share their opinions or sensitive information online, for fear that "a U.S. official will misinterpret their speech on social media." 

The State Department first announced the new rule in 2018 and it went into effect earlier this year, raising a litany of concerns around whether the government should be allowed to collect social media information as it vets potential new entrants to the country. 

Read more here. 


HUAWEI TAKES US TO COURT: The Chinese tech giant Huawei is planning to sue the U.S. government over a Federal Communications Commission (FCC) order, the company said Wednesday.

The FCC barred Huawei from a federal subsidies program last month due to the Trump administration’s security concerns about the company’s connections to the Chinese government. This will probably make its products more expensive for U.S telecom carriers. 

Huawei denies it is a security risk and is arguing that this removal violates its right to due process and says the move is based on arbitrary evidence. The company said the FCC "ignored" Huawei comments on the negative effects of the order on access in remote areas.


The FCC order rose from “unsound, unreliable, and inadmissible accusations and innuendo, not evidence,” said Glen Nager, a U.S. lawyer who represents Huawei, in a statement obtained by The Hill. “The designation is simply shameful prejudgment of the worst kind.”

FCC Chairman Ajit Pai said last month after the order was ruled that FBI Director Christopher Wray and Attorney General William BarrBill BarrFederal prosecutor speaks out, says Barr 'has brought shame' on Justice Dept. Why a backdoor to encrypted data is detrimental to cybersecurity and data integrity FBI official who worked with Mueller raised doubts about Russia investigation MORE recommended the move. 

The case would head to a federal appeals court in New Orleans. 

Read more here. 


IT’S NOT THAT BAD: Sens. Christopher CoonsChristopher (Chris) Andrew CoonsCoons: 'Defies comprehension' why Trump continues push to 'strip away' protections for pre-existing conditions Two Judiciary Democrats say they will not meet with Trump's Supreme Court pick Sunday shows preview: Lawmakers prepare for SCOTUS confirmation hearings before election MORE (D-Del.) and Mike LeeMichael (Mike) Shumway LeeSunday Shows: Trump's court pick dominates Senate Republican says lawmakers can't 'boil down' what a Court nominee would do in one case like Roe v. Wade Sunday shows preview: Lawmakers prepare for SCOTUS confirmation hearings before election MORE (R-Utah) on Thursday defended their proposal to require that law enforcement obtain court orders to use facial recognition software for extended surveillance as a balanced first step amid local pushes to suspend the technology entirely.

“The United States … has long had to strike a balance between civil liberties and public safety,” Coons said during an event at the Brookings Institution. “While advances are making our lives markedly easier, it's also critical that we understand the real costs that come with these increases and advances in technology today.”

“We decided that it was important to find a reasonable approach to balancing the interests that we have at stake here,” Lee said. “The obvious civil liberties concerns that Americans have and what it provides to law enforcement.”

The two senators, both members of the powerful Judiciary Committee, introduced the Facial Recognition Technology Warrant Act last month in a rare show of bipartisan interest in addressing the controversial technology.

The bill would limit long-term surveillance warrants for the technology to 30 days and set rules to minimize the collection of information about individuals outside of the warrant's scope.

Read more here. 


SUBPOENA TIME: A coalition of 31 health, privacy and children's advocacy groups is pressing the government to subpoena tech companies for extensive information about how they monetize and amass personal information about children. 

The groups, including the Campaign for a Commercial-Free Childhood and the American Academy of Pediatrics, say the Federal Trade Commission (FTC) needs to use its subpoena authority as it considers updating a decades-old children's privacy law.

"Children are being subjected to a purposefully opaque ‘Big Data’ digital marketing system that continually gathers their information when they are online," Katharina Kopp, director of policy at the Center for Digital Democracy, said in a statement. "The FTC must use its authority to understand how new and evolving advertising practices targeting kids really work, and whether these data practices are having a discriminatory, or other harmful impact, on their lives." 

In a letter sent released Thursday, the groups commended the FTC for recently opening a review into whether it's necessary to amend the Children's Online Privacy Protection Act (COPPA), a federal law written in 1998 that offers privacy safeguards for children online. But they said it wouldn't be useful for the FTC to update children's privacy rules without fully understanding how tech companies surveil children today.

The letter does not name particular companies, but any review would likely include firms like TikTok, Google's YouTube and Facebook's Instagram, which are all known for having young users. 

Read more on the letter here. 


BIG BROTHER: An FBI field office is warning consumers that smart TVs can be hacked and used for spying. 

"Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home," the bureau's office in Portland, Ore., said in a report on Tuesday.

"A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router," the FBI added.

The report also gives consumers several ways to protect against such attacks. 

"Know exactly what features your TV has and how to control those features," the FBI suggests. "Do a basic Internet search with your model number and the words 'microphone,' 'camera,' and 'privacy.' " 

Smart TVs are able to directly connect to the internet, allowing consumers to stream their favorite shows and movies through apps like Netflix, Hulu and Disney Plus.

Read more here. 


Lighter click: Go Nats!

An op-ed to chew on: Enhancing protections for sensitive information in congressional investigations


Narrow bipartisan path emerges on privacy (National Journal)

Amazon suit claims Trump bias tainted cloud bid, judge says (Bloomberg News)

EU agrees tough line on digital currencies like Facebook's Libra (Reuters) 

Uber office has nice port-a-potties for ‘employees only,’ inferior ones for drivers (Motherboard)