Overnight Technology

Hillicon Valley: Telecom industry to fundraise for Senate chair ahead of privacy hearing | Report finds apps sharing personal data with Facebook | DNC offers campaigns cybersecurity tips

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).

 

MORE LIKE TELE-SWAMP: The telecom industry will be hosting a fundraiser for Sen. Roger Wicker (R-Miss.) next week, the night before he will preside over a hearing on data privacy, according to an invitation obtained by The Hill.

Wicker, the chairman of the Senate Commerce Committee, is slated to attend the Tuesday fundraiser at the Capital Grille restaurant. The event is being hosted by the political action committees for AT&T and the trade group USTelecom.

According to the invitation for Tuesday's fundraiser, which will be supporting a group backing Wicker's reelection called RFW PAC, it costs $1,500 to attend the event as a guest, $2,500 to attend as a sponsor and $5,000 to co-host.

The next day Wicker's committee will hold its first hearing of the new Congress on crafting comprehensive data privacy legislation -- a key issue for the telecom industry.

Among those testifying is Jon Leibowitz, a former Federal Trade Commission chairman under the Obama administration. Leibowitz is the co-chair of the 21st Century Privacy Coalition, a lobbying group funded by the telecom industry that in 2017 helped lead a lobbying push to get Congress to overturn a set of Obama-era privacy regulations governing internet providers.

The hearing's witnesses will also include representatives from Silicon Valley and the advertising industry, but no privacy or consumer advocates. Read more here.

 

FREE HEALTH DATA ANYONE?: Several popular apps have been sharing sensitive health data from their users with Facebook, including the timing of their ovulation periods and their blood pressure, according to a Wall Street Journal analysis published Friday.

The Journal found 11 apps with tens of millions of users among them that were sharing the information with the social network, with little or no disclosure to its users.

Instant Heart Rate: HR Monitor, which the Journal says is the most downloaded heart-rate app on Apple's mobile platform, would send users' heart rates to Facebook immediately after recording it.

The Flo Period & Ovulation Tracker gave Facebook data on users trying to become pregnant or tracking their periods.

Flo told the Journal it intended to conduct a privacy audit and would limit its data-sharing in the meantime.

The 11 apps the outlet discovered engaging in the practice were from a sample of 70 of the most popular apps in Google's and Apple's app stores.

Facebook told the Journal that some of the instances it uncovered were in violation of its terms of service and would tell some of the apps to stop sharing sensitive information.

"Sharing information across apps on your iPhone or Android device is how mobile advertising works and is industry standard practice," a Facebook spokesperson said in a statement to The Hill.

"The issue is how apps use information for online advertising," the spokesperson said. "We require app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data. We also take steps to detect and remove data that should not be shared with us." Read more here.

 

HERE COMES THE BACKLASH: New York Gov. Andrew Cuomo (D) announced Friday that he would direct two state agencies to convene an investigation into Facebook's data practices after it was reported that the company receives private medical information from several popular apps without users' knowledge or consent.

In a statement Friday afternoon the governor said that if a Wall Street Journal report that the company receives sensitive data about users such as their blood pressure and timing of their ovulation periods without consent, the practice would clearly violate Facebook's own stated business practices.

"The recent report that Facebook is accessing far more personal information of smartphone users than previously reported, including health and other sensitive data, represents an invasion of privacy and breach of consumer trust," Cuomo said.

"According to the report, a wide range of apps are sending highly personal data to the social media giant apparently without users' consent and even when users are not logged in through Facebook. This practice, which in some cases clearly violates Facebook's own business terms, is an outrageous abuse of privacy," the governor added.

The state's Department of Financial Services and Department of State will lead an investigation into the reports, Cuomo said, while calling on federal authorities to investigate the matter as well.

"I also call on relevant federal regulators to step up and help us put an end to this practice and protect the rights of consumers," he said. Read more here.

 

THE C IN DNC IS FOR CYBER: The Democratic National Committee on Friday unveiled an updated security checklist aimed at helping campaigns protect themselves from cyberattacks.

The list -- the second version released by the DNC in recent months -- calls for staff to keep their devices up-to-date to prevent hackers from exploiting any exposed vulnerabilities, have long, random and unique passwords for their accounts and use password managers to track those passwords.

People are also encouraged to have multi-factor authentication set up for their accounts, which requires users to confirm their identities before being able to access their data.

Bob Lord, the DNC's chief security officer, said these basic steps will help protect the campaigns -- including their staffers -- from falling victim to cyberattacks.

"Our adversaries are already at work, whether a candidate has announced or not," Lord said in a statement.

"At the DNC, we've put together a checklist of steps we are encouraging everyone to take - from presidential candidates down to field staff and volunteers - that will dramatically improve their security posture. We are also here to assist campaigns in the creation of an overall security program that is tailored to their current landscape and challenges," he continued.  

This new version of the checklist comes as political groups gear up for the 2020 presidential election, where campaigns are believed to be a top target for US adversaries. Read more here.

 

NATO SAYS NEVER TWEET: A research group affiliated with the North Atlantic Treaty Organization (NATO) found it was able to "instill undesirable behavior" in soldiers and gain "very detailed" personal information about them.

A study published in January by NATO's Strategic Communications Center of Excellence and first reported by Wired this week explored "what kind of user data is available in the digital environment and demonstrates how a malicious actor can exploit this data in the context of a military exercise," according to its abstract.

It found that someone looking to target soldiers for a real military exercise would be able to influence them.

"The results... suggest that in the current digital arena an adversary would be able to collect enough personal data on soldiers to create targeted messages with precision, successfully influencing their chosen target audience to carry out desired behaviors," according to the abstract.

Researchers said they attempted to influence soldiers by creating fake accounts, befriending the troops on social platforms and creating fake pages and groups where they could advertise to them. They could not disclose their exact methods "due to operation security." Read more here.

 

A LIGHTER CLICK: Time is a flat circle.

 

NOTABLE LINKS FROM AROUND THE WEB:

It started with a jolt: How New York became a tech town. (The New York Times)

Virgin Galactic spaceplane reaches space with first passenger on board. (The Verge)

U.S. campaign against Huawei runs aground in exploding tech market. (The Wall Street Journal)

Colossal Marriott breach inspires new California bill that would require more of companies that get pwned. (Gizmodo)

Outbrain