Hillicon Valley: NSA warns of new security threats | Teen accused of Twitter hack pleads not guilty | Experts warn of mail-in voting misinformation

Hillicon Valley: NSA warns of new security threats | Teen accused of Twitter hack pleads not guilty | Experts warn of mail-in voting misinformation
© istock

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

ADVERSARIES (COULD BE) WATCHING YOU: The National Security Agency (NSA) on Tuesday rolled out guidance warning that location data from mobile and other internet-connected devices could pose a security threat for users if it were accessed by adversaries. 

ADVERTISEMENT

The guidance was rolled out as a warning for Defense Department personnel and others with access to sensitive federal systems, but the NSA noted that it could be “useful to a wide range of users.”

“Using a mobile device—even powering it on—exposes location data,” the NSA warned in the guidance. “Mobile devices inherently trust cellular networks and providers, and the cellular provider receives real-time location information for a mobile device every time it connects to the network.”

“This means a provider can track users across a wide area,” the agency noted. “In some scenarios, such as 911 calls, this capability saves lives, whereas for personnel with location sensitivities, it may incur risks. If an adversary can influence or control the provider in some way, this location data may be compromised.”

The NSA noted that location data could be tracked even if the GPS and cellular data are switched off, warning that a mobile device can track location through WiFi and Bluetooth connections, while websites and apps can also access or guess the location of the user. 

The agency warned that other internet-connected devices — such as fitness trackers, smart watches, medical devices and household smart devices — could also pose a security threat through their potential to collect and expose sensitive location data of any mobile device they are hooked up to. 

Read more about the warning here.

 

ADVERTISEMENT

FLORIDA TEEN PLEADS NOT GUILTY: The Florida teenager accused of being behind a major Twitter hack that resulted in several prominent accounts posting a bitcoin scam pleaded not guilty Tuesday on multiple counts of fraud, The Associated Press reported.

Graham Ivan Clark, 17, is facing 30 felony charges including organized fraud, communications fraud, identity theft and hacking. The charges carry potential penalties of more than $100,000.

Tuesday's hearing in Tampa reportedly took place via Zoom. Clark is scheduled for a bond hearing Wednesday, with bail set at $725,000. He was arrested last Friday.

Two others — U.K. resident Mason Shepard, 19, and Orlando, Fla., resident Nima Fazeli, 22, who go by the hacking aliases "Chaewon" and "Rolex" respectively — were also charged in helping carry out the hack. Both were charged in California.

The intrusion affected a number of prominent Twitter accounts, including those of former President Obama, former Vice President Joe BidenJoe BidenBiden says voters should choose who nominates Supreme Court justice Trump, Biden will not shake hands at first debate due to COVID-19 Joe Biden should enact critical government reforms if he wins MORE, Microsoft co-founder Bill Gates and Tesla CEO Elon MuskElon Reeve MuskTesla network outage leaves owners unable to connect to vehicles The pandemic showed states that businesses don't need special favors Would becoming one of the first people to settle Mars be worth dying for? MORE.

Read more about the case here.

 

ELECTION SECURITY WOES: Election security experts warned Tuesday that a major threat to elections this year is disinformation and misinformation around perceived threats from mail-in voting.

The warnings came on the heels of sustained criticism of mail-in voting by President TrumpDonald John TrumpBiden says voters should choose who nominates Supreme Court justice Trump, Biden will not shake hands at first debate due to COVID-19 Pelosi: Trump Supreme Court pick 'threatens' Affordable Care Act MORE, who last week suggested postponing the November election due to concerns over the expected influx of mail-in voting, though he does not have the power to do so. He has also raised mostly unsubstantiated concerns that mail-in voting could cause an increase in voter fraud.

“Regardless of how secure our elections are, many election experts and officials are concerned that some voters could dismiss November’s results as invalid or rigged because of mis- and/or disinformation,” David Levine, an elections integrity fellow at the Alliance for Securing Democracy within the German Marshall Fund, testified at a House Homeland Security Committee cybersecurity subcommittee election security hearing Tuesday.

“When I look at the risk that we have to the voting process, today I think that the potential for mis and disinformation having an impact on the voting is greater in many regards than the potential of cyber threats,” John Gilligan, the president and CEO of the Center for Internet Security, testified at the same hearing. 

Amber McReynolds, the CEO of the National Vote at Home Institute and the former Colorado elections director, testified that due to officials “casting doubt without evidence” on mail-in voting, “combatting disinformation and misinformation is a critical aspect of election officials’ work.” 

Both Levine and McReynolds pointed to an assessment on the potential security risks of mail-in voting released by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) late last week. 

The assessment found that while “all forms of voting” present some level of risk from interference, the risks stemming from mail-in voting can be “managed through various policies, procedures, and controls.”

CISA noted, however, that due to “partisan political voices” weighing in on mail-in voting, and because of potential delays in election results from an influx of mail-in ballots due to the pandemic, this form of voting could become a tempting target of disinformation and misinformation campaigns for those seeking to interfere in elections.

Read more about election concerns here.

 

TIKTOK IN THE SPOTLIGHT: The future of popular social media platform TikTok in the U.S. was upended these past few days by a series of comments from President Trump about banning the app, making the Chinese-owned company the latest target of Trump’s tech war with China.

The president said Monday he supported a potential deal involving Microsoft purchasing TikTok’s U.S. stake from Beijing-based ByteDance. He added that if the deal wasn’t completed by Sept. 15, the app would be “out of business in the United States.”

But this isn’t the first time the Trump administration has gone after a tech company with ownership ties to China, with officials citing concerns over espionage and national security threats.

The gay dating app Grindr was in a similar situation as TikTok just over a year ago, when a review by the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) concluded that ownership by Beijing Kunlun Tech posed a national security threat to the U.S.

ADVERTISEMENT

Beijing Kunlun Tech subsequently announced that it would sell Grindr. San Vicente Acquisition later purchased the app for more than $600 million, Reuters reported in June.

And in the most deep-seated area of concern, the Trump administration has taken multiple steps to cut Chinese telecommunications groups Huawei and ZTE out of 5G networks in the U.S. and in allied countries, also citing concerns around espionage risks following a 2017 Chinese intelligence law that requires companies and citizens to participate in state intelligence work.

Geoffrey Gertz, a fellow in the Brookings Institution’s Global Economy and Development Program, told The Hill that even without the intelligence law, “we would still see a lot of concerns” around Chinese-linked technology groups like TikTok.

“It’s clearly part of a much broader U.S.-China economic and technology competition,” he said.

Read more here.

 

PELOSI VIDEO: Rep. Anna EshooAnna Georges EshooHillicon Valley: Productivity, fatigue, cybersecurity emerge as top concerns amid pandemic | Facebook critics launch alternative oversight board | Google to temporarily bar election ads after polls close Lawmakers introduce legislation to boost cybersecurity of local governments, small businesses Democratic chairman says White House blocked FDA commissioner from testifying MORE (D-Calif.) is demanding Facebook remove a video of Speaker Nancy PelosiNancy PelosiPelosi: Trump Supreme Court pick 'threatens' Affordable Care Act Sunday shows preview: Lawmakers prepare for SCOTUS confirmation hearings before election Will Democrats attempt to pack the Supreme Court again? MORE (D-Calif.) edited to make her appear intoxicated.

ADVERTISEMENT

“I am extremely troubled that Facebook is once again refusing to remove a doctored video of Speaker Pelosi that makes her seem inebriated,” Eshoo, a Pelosi ally, said in a letter to the social media giant on Tuesday.

“The video is disinformation, and by leaving it up, Facebook is actively playing a role in disseminating political disinformation,” Eshoo added.

The clip was first shared on the platform Saturday with the caption, "this is unbelievable, she is blowed out of her mind, I bet this gets took down!" The 55-second video comes from a May press conference in which Pelosi condemned comments President Trump made about MSNBC anchor Joe ScarboroughCharles (Joe) Joseph ScarboroughScarborough calls on Cuomo to walk back statement he made about Trump: 'Out of bounds' Mika Brzezinski: 'Super grossed out' by Trump speech attendees 'who put their lives at risk' Democrats tear into Trump's 'deep state' tweet: His 'lies and recklessness' have 'killed people' MORE.

Facebook has elected not to remove the clip, which surpassed 3 million views on Tuesday, instead electing to place a "partly false" label on it. Twitter, YouTube and TikTok have removed the video.

A similarly edited clip of Pelosi — made to make her appear to be slurring words — was shared widely on Facebook last year.

Facebook has defended keeping the latest video up, saying it does not meet its grounds for removal.

Read more here.

 

NEW FACIAL RECOGNITION BILL: Sens. Jeff MerkleyJeffrey (Jeff) Alan MerkleyThe Hill's Morning Report - Sponsored by The Air Line Pilots Association - Trump, Biden renew push for Latino support Sunday shows - Trump team defends coronavirus response Oregon senator says Trump's blame on 'forest management' for wildfires is 'just a big and devastating lie' MORE (D-Ore.) and Bernie SandersBernie SandersTrump, Biden will not shake hands at first debate due to COVID-19 Sanders tells Maher 'there will be a number of plans' to remove Trump if he loses Sirota reacts to report of harassment, doxing by Harris supporters MORE (I-Vt.) introduced legislation Tuesday aimed at limiting the corporate use of facial recognition technology.

The National Biometric Information Privacy Act of 2020 would require private companies to receive written consent from consumers and employees before collecting biometric data such as eye scans or fingerprints.

In cases where consent was not obtained before collecting that personal data, consumers and state attorney generals would be able to sue.

“We can’t let companies scoop up or profit from people’s faces and fingerprints without their consent,” Merkley said in a statement. “We have to fight against a ‘big brother’ surveillance state that eradicates our privacy and our control of our own information, be it a threat from the government or from private companies.”

"We cannot allow Orwellian facial recognition technology to continue to violate the privacy and civil liberties of the American people," Sanders added.

Read more about the legislation here.

 

CHINA CLAPS BACK: Chinese state media late Monday warned against what it called the U.S.’s “theft” of the social media app TikTok, cautioning that Beijing may retaliate.

The English-language China Daily newspaper published an editorial which highlighted China’s toughest protection of TikTok yet and cautioned that Beijing may block the sale of TikTok to American company Microsoft.

“China will by no means accept the ‘theft’ of a Chinese technology company, and it has plenty of ways to respond if the administration carries out its planned smash and grab,” it reads.

The state-run newspaper said it “might be preferable” for TikTok’s parent company ByteDance to sell the U.S. business, but the editorial called the U.S. effort to buy the app a “smash and grab.”

“With competitiveness now dependent on the ability to collect and use data, it offers an either-or choice of submission or mortal combat in the tech realm,” the China Daily said.

Read more here.

 

GOOD DAY FOR UBER: A federal judge has upheld an arbitration win for Uber after a customer asked the judge to overturn the ruling in a price-fixing case.

According to Reuters, the customer said that the arbitrator, Les Weinstein, ruled in favor of Uber because he was scared. 

U.S. District Judge Jed Rakoff in Manhattan said, however, that the claim lacked merit, adding Weinstein was simply joking when he said he dismissed the lawsuit in February out of fear.

Read more about the case here.



Lighter click: He was a punk, she did ballet

An op-ed to chew on: Why bursting the tech salary bubble is a good thing

 

NOTABLE LINKS FROM AROUND THE WEB: 

TikTok and the Evolution of Digital Blackface (Wired / Jason Parham)

Google's secret home security superpower: Your smart speaker with its always-on mics (Protocol / Janko Roettgers)

The biggest problem with Microsoft’s fractured TikTok deal (The Verge / Russell Brandom)

Google Faces European Inquiry Into Fitbit Acquisition (New York Times / Adam Satariano)