FEATURED:

Hillicon Valley: Sweeping new data rules take effect | Facebook, Google already hit with complaints | Schumer slams reported ZTE deal | Senators look to save cyber post | Dem wants answers about Trump's phone security

Hillicon Valley: Sweeping new data rules take effect | Facebook, Google already hit with complaints | Schumer slams reported ZTE deal | Senators look to save cyber post | Dem wants answers about Trump's phone security
© Getty Images

The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team, Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and Memorial Day plans.

 

IT'S HERE!: The General Data Protection Regulation (GDPR) went into effect Friday morning, ushering in a new era of privacy rights for European internet users and establishing the European Union (EU) as the top watchdog over the internet's widespread data collection practices.

Internet companies have been scrambling for nearly two years to prepare for the GDPR, which is aimed at giving users more control over their sensitive information and forcing websites to be more transparent about their data collection practices. The new rules apply to virtually every company with a presence on the internet, but businesses that rely on collecting and selling data will be the hardest hit under the regime.

Companies will have an easier time complying "if your business model is not built around exploiting personal information and selling it on the open market," said Cynthia Cole, a lawyer at international law firm Baker Botts LLP, based in Silicon Valley.

Cole, who's advising firms on implementing GDPR reforms, explained that the new rules put a tremendous cost on businesses that collect a large amount of data and share it with third parties, forcing them to devote a large amount of back-end analysis to figure out where the data is going.

A few U.S. sites have already shut off access to European users out of concern that their operations don't fully comply with the new law. Pinterest's news-clipping service Instapaper announced this week that it is temporarily shutting down its European operations.

"I underestimated the scope of work required by the deadline, and this was the required alternative," Instapaper CEO Brian Donohue tweeted on Thursday.

And the media company Tronc, which owns The Los Angeles Times, The Chicago Tribune and The New York Daily News, is closing its sites to European users.

What we don't know: It's still unclear what new changes internet users on either side of the Atlantic will see as a result of the new laws. The data rule only applies to Europe, but a number of companies, including Facebook have promised to extend new changes beyond the EU's borders.

What we do know: The law has some serious teeth. Companies found to have committed major violations can be fined as much $23.5 million or 4 percent of their global turnover.

To read more, click here.

 

FACEBOOK, GOOGLE ALREADY FACING COMPLAINTS: The privacy group Noyb has already hit Google and Facebook with complaints that their services aren't letting users opt out of having their data collected. The group alleges that the companies are forcing their users to accept their data collection methods in violation of the new law.

"Many users do not know yet that this annoying way of pushing people to consent is actually forbidden under GDPR in most cases," Max Schrems, the chairman of Noyb, said in a statement.

The companies respond:

From Erin Egan, Facebook's chief privacy officer: "We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information. Our work to improve people's privacy doesn't stop on May 25."

From a Google spokesperson: "We build privacy and security into our products from the very earliest stages and are committed to complying with the EU General Data Protection Regulation. Over the last 18 months, we have taken steps to update our products, policies and processes to provide users with meaningful data transparency and control across all the services that we provide in the EU."

Read more here.

 

SCHUMER SLAMS REPORTED ZTE DEAL: Senate Minority Leader Charles SchumerCharles (Chuck) Ellis SchumerManchin wrestles with progressive backlash in West Virginia The Hill's Morning Report — Presented by the Coalition for Affordable Prescription Drugs — Health care a top policy message in fall campaigns McConnell says deficits 'not a Republican problem' MORE (D-N.Y.) came out against a reported deal to keep ZTE afloat on Friday.

"Simply a fine and changing board members would not protect America's economic or national security, and would be a huge victory for President Xi, and a dramatic retreat by President TrumpDonald John TrumpFive takeaways from Gillum and DeSantis’s first debate GOP warns economy will tank if Dems win Gorbachev calls Trump's withdrawal from arms treaty 'a mistake' MORE. Both parties in Congress should come together to stop this deal in its tracks," Schumer said in a statement.

"If the administration goes through with this reported deal, President Trump would be helping make China great again," the Senate Democratic leader added.

Background: Reuters, citing a senior congressional aide, reported that a deal has been reached to lift a ban that prevents ZTE from buying U.S. products.

The reported terms: As part of the agreement, according to Reuters, ZTE will have to pay a fine, place American compliance offers in its company and change its management team.

 

QUESTIONS ABOUT TRUMP'S PHONE: Sen. Tom CarperThomas (Tom) Richard CarperOvernight Energy: Trump administration doubles down on climate skepticism | Suspended EPA health official hits back | Military bases could host coal, gas exports Trump poised to sign bipartisan water infrastructure bill Overnight Health Care — Presented by the Coalition for Affordable Prescription Drugs — Senators face Wednesday vote on Trump health plans rule | Trump officials plan downtime for ObamaCare website | Lawmakers push for action on reducing maternal deaths MORE (D-Del.) on Friday issued a second request to the Pentagon for information on the extent of President Trump's cell phone security.

In a letter penned to Defense Secretary Jim Mattis, Carper voiced concern about the lack of clarity regarding the security of Trump's smartphone usage.

"Despite prior reports suggesting that President Trump was using a 'secure encrypted device approved by the U.S. Secret Service,' subsequent reports indicated that the President was still using an 'old, unsecured Android phone,'" Carper wrote.

The senator sent a similar letter in February 2017 — a letter, Carper's office says, to which Mattis has yet to respond.

We break down the controversy here.

 

PAGING PRESIDENT TRUMP... SENATORS LOOK TO SAVE TOP CYBER POST: A bipartisan pair of senators wrote to President Trump this week to express concern over his decision to eliminate a top cybersecurity position at the White House.

The letter, sent Thursday by Sens. Susan CollinsSusan Margaret CollinsManchin wrestles with progressive backlash in West Virginia Conservatives bankrolled and dominated Kavanaugh confirmation media campaign The Hill's Morning Report — Presented by the Coalition for Affordable Prescription Drugs — Health care a top policy message in fall campaigns MORE (R-Maine) and Martin HeinrichMartin Trevor HeinrichDem senator calls for ban on Saudi Arabian oil imports Senate Dems ask Trump to disclose financial ties to Saudi Arabia For everyone’s safety, border agents must use body-worn cameras MORE (D-N.M.), represents the first instance of a Republican casting doubts publicly about the decision.

"We write today to express our concern regarding the decision to eliminate the White House Cybersecurity Coordinator position in the National Security Council," wrote Collins and Heinrich, both of whom sit on the Senate Intelligence Committee.

"We believe that the nature of the cyber threats facing our nation, their increasing number, and the difficult policy questions they raise lend themselves to a centralized Administration approach," they wrote.

A little context: The note comes roughly two weeks after the National Security Council (NSC) confirmed it was eliminating the position of cybersecurity coordinator in order to improve management operations.

What the cyber post entails: The cybersecurity coordinator, a post created under the Obama administration, was responsible for streamlining cyber policymaking efforts across the federal government

Rob Joyce, on loan from the National Security Agency (NSA), most recently served in the role under Trump. Joyce, however, elected to return to his position at the NSA in April, rather than continue in his job at the White House. The move came shortly after Trump appointed John Bolton as his new national security adviser. To read more about the letter from Collins and Heinrich, click here.

 

NEW SCRUTINY ON FACIAL RECOGNITION TECH: Reps. Keith EllisonKeith Maurice EllisonGOP lawmaker once belittled sexual harassment: 'How traumatizing was it?' Dershowitz: Obama, Ellison have 'special obligation' to condemn Farrakhan Ellison accuses ex-wife of physical abuse, divorce records show: report MORE (D-Minn.) and Emanuel Cleaver (D-Mo.) pushed Amazon for answers on their facial recognition technology on Friday, following reports the internet giant was providing the service to law enforcement agencies around the country.

"A series of studies have shown that face recognition technology is consistently less accurate in identifying the faces of African-Americans and women as compared to Caucasians and men," Ellison and Cleaver wrote in their letter.

"The disproportionally high arrest rates for members of the black community make the use of facial recognition technology by law enforcement problematic because it could serve to reinforce this trend," they continued. 

What to know:

-- The letter comes after the ACLU revealed Amazon's work with law enforcement through a series of public records request.

- The Congressional Black Caucus has also raised concerns about the implications of the technology being used by the police.

Read more here.

 

DEEP DIVE... CYBER IN THE DEFENSE BILL: The Senate Armed Services Committee's version of an annual defense policy bill includes several cybersecurity-related provisions.

--One would make it a policy of the U.S. government to use "all instruments of national power," including offensive military and digital operations, to counter cyberattacks that deliberately threaten American lives or critical infrastructure.

It would establish a policy that the U.S. "should employ all instruments of national power, including the use of offensive cyber capabilities, to deter if possible, and respond when necessary, to cyber attacks that target U.S. interests with the intent to cause casualties, significantly disrupt the normal functioning of our democratic society or government, threaten the Armed Forces or the critical infrastructure they rely upon, achieve an effect comparable to an armed attack, or imperil a U.S. vital interest," according to a bipartisan summary of the legislation released by the committee Thursday afternoon.

Nearly identical language was included in the House version of the annual bill, formally known as the National Defense Authorization Act (NDAA), approved by the committee last year, but it didn't make it into the final copy. Instead, the 2018 legislation instructed President Trump to submit a cyber warfare strategy to Congress – which he did last month. That strategy is classified.

--Another measure in the Senate NDAA would affirm Defense Secretary James MattisJames Norman MattisLawmakers press Trump to keep Mattis US mulls sending warships through Taiwan Strait amid China tensions Overnight Defense: US, South Korea cancel another military exercise | Dozen sailors injured in chopper crash on aircraft carrier | Navy vet charged with sending toxic letters MORE' authority to conduct military activities and operations in cyberspace, including those that are secret, by designating them as traditional military activities.

--A third measure, successfully added by Sen. Jeanne ShaheenCynthia (Jeanne) Jeanne ShaheenBrunson release spotlights the rot in Turkish politics and judiciary Overnight Defense — Presented by The Embassy of the United Arab Emirates — Missing journalist strains US-Saudi ties | Senators push Trump to open investigation | Trump speaks with Saudi officials | New questions over support for Saudi coalition in Yemen Senators demand answers on Trump administration backing of Saudi coalition in Yemen MORE (D-N.H.), would require that companies contracting with the Pentagon disclose when they allow foreign governments of concern to review source code or software, Reuters first reported. A committee aide confirmed the provision's inclusion in the bill. Shaheen has increasingly raised alarm over revelations that some companies have allowed Russia to review software details in order to gain access to the Russian market.

Timeline: Committee lawmakers hammered out the details of the bill behind closed doors this week. It passed the committee in a 25-2 vote on Thursday. The Senate panel released the summary of the annual legislation the same day that the full House easily passed its version of the bill. Once the full Senate approves its version, both chambers will go to conference to negotiate a compromise bill.

 

AMAZON 'EVALUATING OPTIONS' AFTER WOMAN'S PRIVATE CONVERSATION LEAKED: Amazon said it was looking into an incident where an unnamed woman's private conversation was reportedly leaked to a contact by her Echo device.

"As unlikely as this string of events is, we are evaluating options to make this case even less likely," an Amazon spokesperson told Buzzfeed.

 

RUSSIAN FACEBOOK ADS HIGHLIGHTED IMMIGRATION DIVIDE: Russian operatives bought and promoted thousands of Facebook ads after the 2016 election targeting Hispanics and immigration policy, according to a new analysis of data gathered by congressional investigators.

A USA Today review showed that the thousands of ads released by Democrats on the House Intelligence Committee earlier this month show a concerted effort to inflame racial tensions over controversial immigration-related topics.

 

A NEW FINANCIAL HACKING SCAM: The Internal Revenue service is raising alarm about a new hacking scam targeting tax practitioners. According to a bulletin from the IRS, officials this week received reports from tax professionals in multiple states that received phishing emails purporting to come from state accounting and professional associations.

The messages seek to lure would-be victims into disclosing their email usernames and passwords. Individuals in Iowa, Illinois, New Jersey and North Carolina have reported receiving the fraudulent messages.

More on the scam here.

 

FBI ISSUES FORMAL WARNING ON RUSSIAN BOTS: The FBI on Friday issued a formal warning that a sophisticated Russia-linked hacking campaign is compromising hundreds of thousands of home network devices worldwide and it is advising owners to reboot these devices in an attempt to disrupt the malicious software.

The law enforcement agency said foreign cyber actors are targeting routers in small or home offices with a botnet -- or a network of infected devices -- known as VPNFilter.

The scope of the problem: Cybersecurity experts and officials say VPNFilter has infected an estimated 500,000 devices worldwide.

"The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices," the bureau's cyber division wrote in a public alert.

More here -- and for our full coverage, click here and here.

 

A LIGHTER CLICK: Literally.

 

NOTABLE LINKS FROM AROUND THE WEB:

Senate panel rebuffs Mattis request on Russia sanctions waivers. (The Hill)

New York Magazine profiled the Wall Street Journal reporter who took down Theranos. (New York Magazine)

Ireland's abortion referendum is another test for Facebook and Twitter. (New York Times)

Tesla admitted that media coverage has helped the company. (Business Insider)

Motherboard obtained internal documents on Facebook's efforts to educate moderators on hate speech. (Vice)

Poll: Most U.S. adults unwilling to give up personal data in order to keep web services free. (Morning Consult)

Rick Scott intervenes to request federal money to help secure Florida's election systems. (Tampa Bay Times)

Traveling this summer? The Department of Homeland Security has some advice for you. (US-CERT)

A former DHS cybersecurity official argues that John Bolton has weakened U.S. cyber defenses. (Washington Post)