FEATURED:

Hillicon Valley: States defy FCC on net neutrality | Facebook gave Chinese companies access to user data | Genealogy service hacked | 26 states get election cyber funds

Hillicon Valley: States defy FCC on net neutrality | Facebook gave Chinese companies access to user data | Genealogy service hacked | 26 states get election cyber funds
© Getty

The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill's new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.

Welcome! Follow the cyber team Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and compliments.

 

STATES DEFY NET NEUTRALITY REPEAL: States are pushing their own net neutrality laws and rules in an attempt to fill the void left by the Federal Communications Commission's repeal of the Obama-era consumer protections. The nationwide effort could be laying the groundwork for another court battle over the popular regulations.

The numbers: Twenty-nine states are considering net neutrality legislation, two -- Oregon and Washington -- have already passed laws and five Democratic governors have signed executive orders banning their states from doing business with internet providers that violate net neutrality principles.

And California is currently considering a law that net neutrality supporters say would be the gold standard. The California Senate last week passed a bill from state Sen. Scott Wiener (D) that would revive all of the protections from the 2015 rules and even go a step further by banning most forms of "zero rating."

"The FCC's action left a huge void with real-life ramifications in terms of the [internet service providers] being able to pick winners and losers on the internet, which is exactly what net neutrality prohibits," Wiener said in a phone interview with The Hill.

The only way to avoid a patchwork of state laws would be for Congress to step in, but with Republicans in control, few net neutrality supporters think that it can come up with adequate protections.

"With this Congress and this president, my confidence level is not high," Wiener said. "I would love to have one uniform, robust federal standard protecting net neutrality, but given that the FCC has left a void, the states have to fill it."

To read more, click here.

 

FRUSTRATION WITH FACEBOOK: Lawmaker frustration over a new report detailing Facebook's "far reaching" data sharing program with device makers spilled over on Tuesday, with more senators calling for an explanation.

--Sens. John ThuneJohn Randolph ThuneThrough a national commitment to youth sports, we can break the obesity cycle Florida politics play into disaster relief debate GOP chairman: FEMA has enough money for Hurricane Michael MORE (R-S.D.) and Bill NelsonClarence (Bill) William NelsonElection Countdown: Small-donor donations explode | Russian woman charged with midterm interference | Takeaways from North Dakota Senate debate | O'Rourke gives 'definitive no' to 2020 run | Dems hope Latino voters turn Arizona blue Election Countdown: Florida Senate fight resumes after hurricane | Cruz softens ObamaCare attacks | GOP worries Trump will lose suburban women | Latest Senate polls | Rep. Dave Brat gets Trump's 'total endorsement' | Dem candidates raise record B Florida extending early voting in counties hit by hurricane MORE (D-Fla.), the chairman and ranking member of the Senate Commerce Committee, sent Facebook a series of questions pressing it on how it ensures compliance on user data (including such information as relationship status, religion and political leanings) and how it notified users that such information would be shared with hardware manufacturers.

The two took a more measured tone than in other letters, sticking questions and not casting the revelations in a negative light like other lawmaker letters and comments.

-- Sen. Mark WarnerMark Robert WarnerDems can use subpoena power to reclaim the mantle of populism Is there a difference between good and bad online election targeting? Collusion judgment looms for key Senate panel MORE (D-Va.), though, raised a critical question. Warner said he is concerned that companies like Huawei and ZTE, which government officials believe are a threat to national security, might have been able to get user data from Facebook after it was revealed the company had data-sharing partnerships with roughly 60 device makers.

"Does our personal info reside on a server in China? I think Facebook owes us that answer," Warner said during an event hosted by Axios.

 

FACEBOOK SHARED DATA WITH CHINESE COMPANIES: The New York Times reported late Tuesday that Facebook shared user data with Chinese device makers.

Who? The report says there were data sharing partnerships with Huawei, Lenovo, Oppo and TCL.

The problem for Facebook: U.S. officials have raised concerns about Huawei's close links with the Chinese government. Facebook, though, says any shared data was on its servers not Huawei's.

 

DEAL OR NO DEAL?: ZTE has reportedly reached an agreement in principle with the Trump administration to lift the Department of Commerce's ban on American companies selling equipment to the Chinese telecommunications giant.

Reuters reported Tuesday that under the preliminary agreement, ZTE would pay a $1 billion fine in addition to another $400 million in an escrow in case it commits future sanctions violations.

An agreement in principle is not a final agreement but is a step toward it. Commerce Department spokesman James Rockas told Reuters that "no definitive agreement has been signed by both parties."

We've got more here.

 

TODAY'S HACKING NEWS: GENEALOGY SERVICE SAYS HACKERS STOLE DATA ON 92 MILLION USERS: MyHeritage, a web-based genealogy and DNA testing platform, revealed that hackers breached its system and stole emails and hashed passwords belonging to over 92 million users.

The company became aware of the breach, which occurred nearly two years ago, just this week. MyHeritage said that it has no evidence that other sensitive information was taken or that the stolen data was used for malicious purposes.

How they discovered it: In a blog post on Monday, the company's chief information security officer said that MyHeritage had been contacted by an independent security researcher about a file found on a private server that appeared to contain email addresses and hashed passwords from MyHeritage users.

The company investigated the report and confirmed that the file contained data on over 92 million users who had signed up for the genealogy service before October 26 2017 -- the date that the company says the breach occurred.

The file contained user email addresses and hashed passwords; hashing is a one-way encryption function that hides the actual password for the purpose of security, meaning that hackers would not be able to view the actual passwords corresponding to user accounts.

No evidence DNA data stolen: The company emphasized that it does not store sensitive information, like user DNA data or family information, on the same system where it stores user email addresses. Instead, this information is held on a separate system where there are more layers of security.

More on the breach here.

 

A RUSSIA PROBE UPDATE: MANAFORT ACCUSED OF ATTEMPTED WITNESS TAMPERING: Special Counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE said in a court filing on Monday that President TrumpDonald John TrumpCorker: US must determine responsibility in Saudi journalist's death Five takeaways from testy Heller-Rosen debate in Nevada Dem senator calls for US action after 'preposterous' Saudi explanation MORE's former campaign chairman Paul ManafortPaul John ManafortManafort to be sentenced in Virginia in February Former FBI agent sentenced to 4 years in jail for leaking to reporter The Hill's 12:30 Report — Mnuchin won't attend Saudi conference | Pompeo advises giving Saudis 'few more days' to investigate | Trump threatens military action over caravan MORE has attempted to tamper with potential witnesses while on pretrial release.

Mueller's team has asked the court to revoke or revise Manafort's release conditions, including his bond and house arrest, in the wake of the filing, which was first reported by Reuters.

FBI agent Brock Domin said in the filing that Manafort and a longtime associate linked to Russian intelligence attempted to contact via phone call, text and encrypted messages two people from the "Hapsburg group," which Manafort had worked with to lobby for Ukrainian interests.

Domin said that Manfort's attempts at contact were "in an effort to influence their testimony and to otherwise conceal evidence" and that the probe into the matter was still ongoing.

Read more here.

 

WORRIES ABOUT HHS IMPLEMENTING CYBER LAW: A bipartisan group of House and Senate lawmakers are raising concerns about how the Department of Health and Human Services (HHS) is implementing a cyber law that aims to boost security by providing digital threat data.

In a letter on Tuesday, the top lawmakers on the House Energy and Commerce Committee and the Senate Health, Education, Labor, and Pensions (HELP) Committee pressed HHS Secretary Alex Azar to provide more information about executing the Cybersecurity Information Sharing Act (CISA).

"As cyber threats to the health care sector increase in frequency and severity, it is imperative that HHS provide clear and consistent leadership and direction to the sector regarding cyber threats," the lawmakers wrote.

The lawmakers argued that the agency's cybersecurity strategy has continued to change since HHS delivered its Cyber Threat Preparedness Report (CTPR) to the committee last April, and even that "report omitted or lacked sufficient detail on many outstanding issues."

The lawmakers pointed to a series of information gaps that they said HHS needs to address, particularly the lack of information the report had on HHS's Healthcare Cybersecurity and the Department of Homeland Security's Communications Integration Center (HCCIC).

To read more of our report, click here.

 

26 STATES GET ELECTION CYBER FUNDING: The Election Assistance Commission (EAC) on Tuesday released a list of 26 states that have requested and received cybersecurity funding, money that aims to ensure state's voting systems are properly secured ahead of the 2018 midterm elections.

An EAC press release broke down which states have requested the cyber funds as well as how much they received. To date, these states have requested nearly $210 million in newly available funds, or about 55 percent of the total amount available. The funds were distributed under the Consolidated Appropriations Act of 2018, a bill passed by Congress that allocated $380 million in funds to the Help American Vote Act (HAVA).

"This steady stream of funding requests from the states demonstrates an undeniable recognition that this money can have a tangible and immediate impact on the efficiency, security and accessibility of our nation's elections systems," EAC Chairman Thomas Hicks said in a statement. "The Commission has diligently worked with states to distribute these new funds as quickly as possible. It is anticipated that all jurisdictions will submit funding requests by mid-July," he continued.

Texas received the largest funding grant at $23 million, followed by New York at almost $19.5 million, and Florida in a close third at roughly $19.2 million, according to the list.

To read more, click here.

 

SEC CHAIR INSISTS CYBER A 'PRIORITY': In testimony before a Senate Appropriations Subcommittee on Tuesday, Securities and Exchange Commission Chair Jay Clayton stressed his efforts to make cybersecurity a priority at the federal agency.

Since he took over at SEC, Clayton has shepherded an ongoing review of the agency's cyber risk profile. He outlined broader actions the agency has already taken to help improve its cybersecurity posture, such as creating a senior-level working group to focus on cybersecurity and establishing "incident response exercises" to prepare for threats.

"No organization can guarantee that it will be able to withstand all cyberattacks, particularly in an environment where threat actors may be backed by substantial resources. Nevertheless, we must continuously work to remain on top of evolving threats when it comes to securing our own networks and systems against intrusion," Clayton said Tuesday in opening testimony.  

"This is especially true when protecting mission critical systems as well as systems dealing with sensitive market and other data involving personally identifiable information."

Clayton faced a major test last year when he revealed that the SEC's EDGAR corporate filing system had suffered a breach in 2016--before he took the helm of the agency.

On Tuesday, he said the investigation is still ongoing, but the SEC has taken steps to boost security of the system "including conducting a detailed penetration test of the EDGAR environment, a security review of EDGAR's code to proactively identify and remediate vulnerabilities and additional security enhancements to the architecture of the EDGAR system."

Clayton said the SEC's proposed fiscal year 2019 budget would help the agency hire new staff and expand cybersecurity efforts.

Read his full written testimony here.

 

DOJ TO FIGHT RULING ON TRUMP'S TWITTER: The Department of Justice (DOJ) said Monday that it will appeal a federal judge's ruling that President Trump can't block Twitter users, Reuters reported.

The director of the Knight First Amendment Institute at Columbia University, which represented the seven people who sued Trump last year, told the news service that Trump's @realDonaldTrump account had unblocked them on Monday.

"We're pleased that the White House unblocked our clients from the President's Twitter account but disappointed that the government intends to appeal the district court's thoughtful and well-supported ruling," Jameel Jaffer said in an email.

 

HOUSE DEMS DEMAND FCC OVERSIGHT HEARING: Two of the top Democrats on the House Energy and Commerce Committee are calling on the panel's GOP leadership to hold oversight hearings on the Federal Communications Commission (FCC).

Reps. Frank Pallone Jr.Frank Joseph PalloneDems eye ambitious agenda if House flips Hillicon Valley: Facebook rift over exec's support for Kavanaugh | Dem worried about Russian trolls jumping into Kavanaugh debate | China pushes back on Pence House Democrat questions big tech on possible foreign influence in Kavanaugh debate MORE (D-N.J.) and Mike DoyleMichael (Mike) F. DoyleTwitter chief faces GOP anger over bias at hearing Live coverage: Social media execs face grilling on Capitol Hill House Dems press FCC chairman for answers on false cyberattack claim MORE (D-Pa.) sent a letter to their Republican counterparts reminding them that a hearing previously set for February still has not been rescheduled.

"We believe it is long past time to reschedule this important oversight hearing to follow through on a commitment from the Republican leadership of this Committee that it would hold quarterly Federal Communications Commission oversight hearings," they wrote to Reps. Greg WaldenGregory (Greg) Paul WaldenVulnerable Republicans throw ‘Hail Mary’ on pre-existing conditions GOP senator wants Apple, Amazon to give briefing on reported Super Micro hack Overnight Health Care: Bill banning 'gag clauses' on drugs heads to Trump's desk | Romney opposes Utah Medicaid expansion | GOP candidate under fire over ad on pre-existing conditions MORE (R-Ore.) and Marsha BlackburnMarsha BlackburnKaty Perry praises Taylor Swift for diving into politics Celebrity endorsements aren't kingmakers, but they may be tiebreakers Election Countdown: Florida Senate fight resumes after hurricane | Cruz softens ObamaCare attacks | GOP worries Trump will lose suburban women | Latest Senate polls | Rep. Dave Brat gets Trump's 'total endorsement' | Dem candidates raise record B MORE (R-Tenn.).

 

FTC SUES ROBOCALLING OPERATION: The Federal Trade Commission (FTC) on Tuesday sued a pair of companies that the agency says conducted more than 1 billion illegal robocalls.

The FTC alleged in a federal court filing that James Christiano facilitated the illegal calls through his companies that operate a software called TelWeb, which allows users to send a mass volume of calls in a short period of time.

Christiano's business partner, Andrew Salisbury, is also named in the lawsuit, as well as their businesses, NetDotSolutions and World Connection.

 

LONGREAD OF THE DAY: Facebook and WhatsApp always seemed like an unlikely pair. To tech industry experts it was unclear how an app that prided itself on heavy encryption and privacy would mesh with a social media giant whose business model is predicated on collecting and then monetizing as much of its users' information as possible.

After four years, Facebook's tension with the messaging app that it purchased for $19 billion finally came to a head. Late last year, WhatsApp cofounder Brian Acton left the company. A few months later fellow cofounder Jan Koum left as well, in part because of concerns of Facebook impinging on WhatsApp's tight security.

The Wall Street Journal looks at the tension between Facebook and WhatsApp.

 

A LIGHTER TWITTER CLICK: iHob?

 

ON TAP FOR TOMORROW:

The House Homeland Security Committee is marking up several bills, including one from Rep. Don Bacon (R-Neb.) designed to help DHS protect industrial control systems (ICS) from cyber threats, as well as a resolution offered by ranking member Rep. Bennie ThompsonBennie Gordon ThompsonHillicon Valley: Russia-linked hackers hit Eastern European companies | Twitter shares data on influence campaigns | Dems blast Trump over China interference claims | Saudi crisis tests Silicon Valley | Apple to let customers download their data Dems blast Trump for 'conflating' Chinese, Russian election interference claims Dems eye ambitious agenda if House flips MORE (D-Miss.) directing DHS to submit documents to Congress on cyber threats posed by Chinese telecom firm ZTE.

The Senate Homeland Security will hold a hearing on countering drone threats.

The advocacy group, Public Knowledge is hosting an event on the Comcast/NBCUniversal consent decree.

 

NOTABLE LINKS FROM AROUND THE WEB:

Dutch lawyer sentenced in Mueller probe deported to the Netherlands. (The Hill)

A former Defense Intelligence Agency case officer has been charged with trying to spy for China. (New York Times)

Gizmodo obtained a trove of emails on the FCC's response to that cyberattack last year. (Gizmodo)

Tesla faces a challenge from investors (New York Times)

Russia, China are spying on South Korea. (CyberScoop)

The new Uber CEO has introduced an awkward new phrase into the company's meetings. (Business Insider)

The Trump administration has put on hold an effort to appoint a no. 3 at the Justice Department. (Wall Street Journal)

Tim Cook: We never requested data from Facebook. (The Hill)