Hillicon Valley: NSA warns of new security threats | Teen accused of Twitter hack pleads not guilty | Experts warn of mail-in voting misinformation

Hillicon Valley: NSA warns of new security threats | Teen accused of Twitter hack pleads not guilty | Experts warn of mail-in voting misinformation
© istock

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

ADVERSARIES (COULD BE) WATCHING YOU: The National Security Agency (NSA) on Tuesday rolled out guidance warning that location data from mobile and other internet-connected devices could pose a security threat for users if it were accessed by adversaries. 


The guidance was rolled out as a warning for Defense Department personnel and others with access to sensitive federal systems, but the NSA noted that it could be “useful to a wide range of users.”

“Using a mobile device—even powering it on—exposes location data,” the NSA warned in the guidance. “Mobile devices inherently trust cellular networks and providers, and the cellular provider receives real-time location information for a mobile device every time it connects to the network.”

“This means a provider can track users across a wide area,” the agency noted. “In some scenarios, such as 911 calls, this capability saves lives, whereas for personnel with location sensitivities, it may incur risks. If an adversary can influence or control the provider in some way, this location data may be compromised.”

The NSA noted that location data could be tracked even if the GPS and cellular data are switched off, warning that a mobile device can track location through WiFi and Bluetooth connections, while websites and apps can also access or guess the location of the user. 

The agency warned that other internet-connected devices — such as fitness trackers, smart watches, medical devices and household smart devices — could also pose a security threat through their potential to collect and expose sensitive location data of any mobile device they are hooked up to. 

Read more about the warning here.



FLORIDA TEEN PLEADS NOT GUILTY: The Florida teenager accused of being behind a major Twitter hack that resulted in several prominent accounts posting a bitcoin scam pleaded not guilty Tuesday on multiple counts of fraud, The Associated Press reported.

Graham Ivan Clark, 17, is facing 30 felony charges including organized fraud, communications fraud, identity theft and hacking. The charges carry potential penalties of more than $100,000.

Tuesday's hearing in Tampa reportedly took place via Zoom. Clark is scheduled for a bond hearing Wednesday, with bail set at $725,000. He was arrested last Friday.

Two others — U.K. resident Mason Shepard, 19, and Orlando, Fla., resident Nima Fazeli, 22, who go by the hacking aliases "Chaewon" and "Rolex" respectively — were also charged in helping carry out the hack. Both were charged in California.

The intrusion affected a number of prominent Twitter accounts, including those of former President Obama, former Vice President Joe BidenJoe BidenKlain on Manchin's objection to Neera Tanden: He 'doesn't answer to us at the White House' Senators given no timeline on removal of National Guard, Capitol fence Overnight Defense: New Senate Armed Services chairman talks Pentagon policy nominee, Afghanistan, more | Biden reads report on Khashoggi killing | Austin stresses vaccine safety in new video MORE, Microsoft co-founder Bill Gates and Tesla CEO Elon MuskElon Reeve MuskThe four horsemen of US green energy development Cancer survivor to be the youngest American in space, first with prosthetic body part The UAE's Hope, China's Tainwen-1 and NASA's Perseverance arrive at Mars MORE.

Read more about the case here.


ELECTION SECURITY WOES: Election security experts warned Tuesday that a major threat to elections this year is disinformation and misinformation around perceived threats from mail-in voting.

The warnings came on the heels of sustained criticism of mail-in voting by President TrumpDonald TrumpSenators given no timeline on removal of National Guard, Capitol fence Democratic fury with GOP explodes in House Georgia secretary of state withholds support for 'reactionary' GOP voting bills MORE, who last week suggested postponing the November election due to concerns over the expected influx of mail-in voting, though he does not have the power to do so. He has also raised mostly unsubstantiated concerns that mail-in voting could cause an increase in voter fraud.

“Regardless of how secure our elections are, many election experts and officials are concerned that some voters could dismiss November’s results as invalid or rigged because of mis- and/or disinformation,” David Levine, an elections integrity fellow at the Alliance for Securing Democracy within the German Marshall Fund, testified at a House Homeland Security Committee cybersecurity subcommittee election security hearing Tuesday.

“When I look at the risk that we have to the voting process, today I think that the potential for mis and disinformation having an impact on the voting is greater in many regards than the potential of cyber threats,” John Gilligan, the president and CEO of the Center for Internet Security, testified at the same hearing. 

Amber McReynolds, the CEO of the National Vote at Home Institute and the former Colorado elections director, testified that due to officials “casting doubt without evidence” on mail-in voting, “combatting disinformation and misinformation is a critical aspect of election officials’ work.” 

Both Levine and McReynolds pointed to an assessment on the potential security risks of mail-in voting released by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) late last week. 

The assessment found that while “all forms of voting” present some level of risk from interference, the risks stemming from mail-in voting can be “managed through various policies, procedures, and controls.”


CISA noted, however, that due to “partisan political voices” weighing in on mail-in voting, and because of potential delays in election results from an influx of mail-in ballots due to the pandemic, this form of voting could become a tempting target of disinformation and misinformation campaigns for those seeking to interfere in elections.

Read more about election concerns here.


TIKTOK IN THE SPOTLIGHT: The future of popular social media platform TikTok in the U.S. was upended these past few days by a series of comments from President Trump about banning the app, making the Chinese-owned company the latest target of Trump’s tech war with China.

The president said Monday he supported a potential deal involving Microsoft purchasing TikTok’s U.S. stake from Beijing-based ByteDance. He added that if the deal wasn’t completed by Sept. 15, the app would be “out of business in the United States.”

But this isn’t the first time the Trump administration has gone after a tech company with ownership ties to China, with officials citing concerns over espionage and national security threats.

The gay dating app Grindr was in a similar situation as TikTok just over a year ago, when a review by the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) concluded that ownership by Beijing Kunlun Tech posed a national security threat to the U.S.


Beijing Kunlun Tech subsequently announced that it would sell Grindr. San Vicente Acquisition later purchased the app for more than $600 million, Reuters reported in June.

And in the most deep-seated area of concern, the Trump administration has taken multiple steps to cut Chinese telecommunications groups Huawei and ZTE out of 5G networks in the U.S. and in allied countries, also citing concerns around espionage risks following a 2017 Chinese intelligence law that requires companies and citizens to participate in state intelligence work.

Geoffrey Gertz, a fellow in the Brookings Institution’s Global Economy and Development Program, told The Hill that even without the intelligence law, “we would still see a lot of concerns” around Chinese-linked technology groups like TikTok.

“It’s clearly part of a much broader U.S.-China economic and technology competition,” he said.

Read more here.


PELOSI VIDEO: Rep. Anna EshooAnna Georges EshooHillicon Valley: Biden signs order on chips | Hearing on media misinformation | Facebook's deal with Australia | CIA nominee on SolarWinds Democrats' letter targeting Fox, Newsmax for misinformation sparks clash during hearing West Virginia AG urges news providers to resist calls to 'censor' programming MORE (D-Calif.) is demanding Facebook remove a video of Speaker Nancy PelosiNancy PelosiSenators given no timeline on removal of National Guard, Capitol fence Democratic fury with GOP explodes in House House Republican attempts to appeal fine for bypassing metal detector outside chamber MORE (D-Calif.) edited to make her appear intoxicated.


“I am extremely troubled that Facebook is once again refusing to remove a doctored video of Speaker Pelosi that makes her seem inebriated,” Eshoo, a Pelosi ally, said in a letter to the social media giant on Tuesday.

“The video is disinformation, and by leaving it up, Facebook is actively playing a role in disseminating political disinformation,” Eshoo added.

The clip was first shared on the platform Saturday with the caption, "this is unbelievable, she is blowed out of her mind, I bet this gets took down!" The 55-second video comes from a May press conference in which Pelosi condemned comments President Trump made about MSNBC anchor Joe ScarboroughCharles (Joe) Joseph ScarboroughScarborough says comparisons of Capitol riot to summer protests irrelevant Scarborough: 'Pence is in fear for his life because of Donald J. Trump' Can the media regain credibility under Biden? MORE.

Facebook has elected not to remove the clip, which surpassed 3 million views on Tuesday, instead electing to place a "partly false" label on it. Twitter, YouTube and TikTok have removed the video.

A similarly edited clip of Pelosi — made to make her appear to be slurring words — was shared widely on Facebook last year.

Facebook has defended keeping the latest video up, saying it does not meet its grounds for removal.

Read more here.


NEW FACIAL RECOGNITION BILL: Sens. Jeff MerkleyJeff MerkleyEx-Capitol Police chief did not get FBI report warning of violence on Jan. 6 Democrats want businesses to help get LGBT bill across finish line Democrats revive debate over calling impeachment witnesses MORE (D-Ore.) and Bernie SandersBernie SandersKlain says Harris would not overrule parliamentarian on minimum wage increase Romney-Cotton, a Cancun cabbie and the minimum wage debate On The Money: Senate panels postpone Tanden meetings in negative sign | Biden signs supply chain order after 'positive' meeting with lawmakers MORE (I-Vt.) introduced legislation Tuesday aimed at limiting the corporate use of facial recognition technology.

The National Biometric Information Privacy Act of 2020 would require private companies to receive written consent from consumers and employees before collecting biometric data such as eye scans or fingerprints.

In cases where consent was not obtained before collecting that personal data, consumers and state attorney generals would be able to sue.

“We can’t let companies scoop up or profit from people’s faces and fingerprints without their consent,” Merkley said in a statement. “We have to fight against a ‘big brother’ surveillance state that eradicates our privacy and our control of our own information, be it a threat from the government or from private companies.”

"We cannot allow Orwellian facial recognition technology to continue to violate the privacy and civil liberties of the American people," Sanders added.

Read more about the legislation here.


CHINA CLAPS BACK: Chinese state media late Monday warned against what it called the U.S.’s “theft” of the social media app TikTok, cautioning that Beijing may retaliate.

The English-language China Daily newspaper published an editorial which highlighted China’s toughest protection of TikTok yet and cautioned that Beijing may block the sale of TikTok to American company Microsoft.

“China will by no means accept the ‘theft’ of a Chinese technology company, and it has plenty of ways to respond if the administration carries out its planned smash and grab,” it reads.

The state-run newspaper said it “might be preferable” for TikTok’s parent company ByteDance to sell the U.S. business, but the editorial called the U.S. effort to buy the app a “smash and grab.”

“With competitiveness now dependent on the ability to collect and use data, it offers an either-or choice of submission or mortal combat in the tech realm,” the China Daily said.

Read more here.


GOOD DAY FOR UBER: A federal judge has upheld an arbitration win for Uber after a customer asked the judge to overturn the ruling in a price-fixing case.

According to Reuters, the customer said that the arbitrator, Les Weinstein, ruled in favor of Uber because he was scared. 

U.S. District Judge Jed Rakoff in Manhattan said, however, that the claim lacked merit, adding Weinstein was simply joking when he said he dismissed the lawsuit in February out of fear.

Read more about the case here.

Lighter click: He was a punk, she did ballet

An op-ed to chew on: Why bursting the tech salary bubble is a good thing



TikTok and the Evolution of Digital Blackface (Wired / Jason Parham)

Google's secret home security superpower: Your smart speaker with its always-on mics (Protocol / Janko Roettgers)

The biggest problem with Microsoft’s fractured TikTok deal (The Verge / Russell Brandom)

Google Faces European Inquiry Into Fitbit Acquisition (New York Times / Adam Satariano)