Hillicon Valley: Dem bill would fine credit agencies for breaches | Facebook's Sandberg meets senators on privacy | Baltimore hit with ransomware attack | Dems demand NSA update on surveillance program

Hillicon Valley: Dem bill would fine credit agencies for breaches | Facebook's Sandberg meets senators on privacy | Baltimore hit with ransomware attack | Dems demand NSA update on surveillance program
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).


TWO YEARS LATER, TIME TO TAKE ON EQUIFAX: Congressional Democrats on Tuesday reintroduced legislation which would impose fines on credit reporting agencies for compromising customer data, a response to the massive Equifax breach.

The Data Breach Prevention and Compensation Act, unveiled ahead of a Senate Banking Committee hearing on data privacy, would require credit reporting agencies to pay $100 for each consumer whose personal data is compromised in a breach.

The bill was offered by Sens. Elizabeth WarrenElizabeth WarrenThe Hill's Morning Report - Protesters' defiance met with calls to listen Biden wins DC primary Warren asks Pentagon IG to probe military role in Trump's protest response MORE (D-Mass.) and Mark WarnerMark Robert WarnerTrump asserts his power over Republicans Expanding tax credit for businesses retaining workers gains bipartisan support Senate Democrats pump brakes on new stimulus checks MORE (D-Va.) in the upper chamber, and House Oversight and Reform Committee Chairman Elijah CummingsElijah Eugene CummingsDemocrat Kweisi Mfume wins House primary in Maryland Key races to watch in Tuesday's primaries The Postal Service collapse that isn't happening MORE (D-Md.) and Rep. Raja KrishnamoorthiSubramanian (Raja) Raja KrishnamoorthiHouse subcommittee says Trump administration did not adequately screen travelers from Italy, South Korea for COVID-19 Lawmakers push for mental health funding for providers in next aid package FDA grants emergency approval to Swiss firm's coronavirus antibody test MORE (D-Ill.) in the lower chamber.


Warren's office estimated that if the bill was in place in 2017, credit reporting company Equifax would have been required to pay at least a $1.5 billion penalty.

The bill, which did not see action in the last Congress, would establish an Office of Cybersecurity at the Federal Trade Commission (FTC) to conduct regular inspections of the cyber practices at credit reporting agencies. It would also enhance the FTC's enforcement capabilities against credit reporting agencies by giving the agency civil penalty authority under the Gramm-Leach-Bliley Act, a law that requires financial institutions to explain how they share and protect customer data.

The Democrats behind the bill also unveiled a new report which found that consumers have made over 52,000 complaints with the Consumer Financial Protection Bureau (CFPB) since the Equifax breach. The report found that the number of complaints filed against Equifax in the months after the breach nearly doubled from the amount reported in the same period prior to the incident.

The Equifax data breach resulted in hackers gaining access to the personal information of an estimated 143 million Americans, including Social Security numbers, passport numbers and birth dates.

Copies of the report were sent to both the both the FTC and the CFPB, with lawmakers asking both agencies to "hold Equifax accountable for the 2017 breach without delay."

Read more here.


SANDBERG ON THE HILL: Facebook's Chief Operating Officer Sheryl Sandberg met with senators on Capitol Hill on Tuesday as lawmakers in both chambers seek to hammer out the nation's first comprehensive privacy law. 

Sandberg's appearance on the Hill, first reported by Bloomberg News, comes as Facebook circles a settlement with the Federal Trade Commission (FTC) over the company's mishandling of user data, which could result a fine of up to $5 billion and a restructuring of Facebook's privacy oversight.  

Senate Commerce Committee Chairman Roger WickerRoger Frederick WickerBottom line GOP faces internal conflicts on fifth coronavirus bill Senators weigh traveling amid coronavirus ahead of Memorial Day MORE (R-Miss.) told Bloomberg News that he discussed federal privacy legislation during his meeting with Sandberg earlier in the day.

A spokeswoman for Sen. Mark Warner (D-Va.) said he is planning to bring up social media regulation at their sit-down.  Warner last year released a white paper with 20 proposals to rein in Big Tech. 

A Facebook spokesperson said Sandberg is in Washington, D.C. to discuss regulations with policymakers, as well as meet with civil rights groups. The spokesperson specified that the trip does not pertain to Facebook's upcoming settlement with the FTC. 

More on Sandberg's meetings here.


DOESN'T SOUND GREAT: The city of Baltimore was hit by a ransomware attack on Tuesday and has shut down its servers, new Baltimore Mayor Bernard Young said on Twitter.

He said that the city's "essential services" are still operational and that as of this afternoon, there is "no evidence" that any personal information has "left the system."

"Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city's network has been infected with a ransomware virus," Young tweeted. "City employees are working diligently to determine the source and extent of the infection."

Young, the former City Council president who took over as mayor just last week after the resignation of former Mayor Catherine Pugh, said the city had "seen no evidence that any personal data has left the system."

"Out of an abundance of precaution, the city has shut down the majority of its servers," he added. "We will provide updates as information becomes available."

The Baltimore Sun reported that City Hall staff were told to disconnect their computers from the internet. Democratic City Councilman Ryan Dorsey told the publication that the ransomware virus is "apparently spreading computer-to-computer."

At least two city services were impacted as of Tuesday afternoon.

Read more here.


CAN YOU HEAR US NOW? A group of six Democratic senators on the Senate Intelligence Committee is asking the National Security Agency (NSA) to release a public update on its mass phone data collection program, following reports indicating the spy agency has shut it down.

"We write to urge that you provide a public description, consistent with protection of sources and methods, of the current status of the call detail record (CDR) program," the senators wrote in a letter to Paul Nakasone, head of the NSA.

The group of senators includes the Intelligence Committee's vice chairman, Sen. Mark Warner (D-Va.), Sen. Ron WydenRonald (Ron) Lee WydenUSTR launches investigations into countries' digital taxes House Republican offers bill to create 'return to work bonus' On The Money: Senate Dems pump brakes on new stimulus checks | Trump officials sued over tax refunds | Fed to soon open small-business lending program MORE (D-Ore.), a privacy hawk, and 2020 contenders Sens. Kamala HarrisKamala Devi HarrisThe Hill's Morning Report - Protesters' defiance met with calls to listen Calls for police reform sparks divisions in Congress Harris: Trump 'just tear-gassed peaceful protesters for a photo op' MORE (D-Calif.) and Michael BennetMichael Farrand BennetWarren condemns 'horrific' Trump tweet on Minneapolis protests, other senators chime in Senate Democrat introduces bill to protect food supply Congress headed toward unemployment showdown MORE (D-Colo.), among others.

The Wall Street Journal last month reported that the NSA was recommending the White House officially end the agency's mass collection of U.S. phone data.

Sources told the Journal that the NSA has concluded that the program, which gathered metadata on domestic text messages and phone calls, was too burdensome to maintain.

"Since then, there have been no public updates from NSA," the senators wrote. "A public status report will resolve the current confusion, demonstrate the NSA's commitment to transparency, and inform Congress's deliberations about the possible reauthorization of the program later this year."

Read more here.


PUSHING FOR BROADBAND: Telecom and consumer groups are preparing to make a major push for including billions of dollars for rural broadband funding in any infrastructure deal, even as lawmakers and advocates struggle with tough questions ahead.

Democratic leaders signaled that broadband investment could be a major part of the $2 trillion infrastructure deal they are pursuing with President TrumpDonald John TrumpTrump says inviting Russia to G7 'a question of common sense' Pentagon chief does not support invoking Insurrection Act Dershowitz: Does President Trump have power to declare martial law? MORE. Industry groups quickly took notice at what could be the most significant government investment in broadband in years.

U.S. Telecom, which represents the country's largest internet service providers, put out a statement immediately in support of a "muscular, serious infrastructure bill that narrows the digital divide, supports broadband deployment, modernizes networks and gets all American families."

And the Telecommunications Industry Association (TIA) said it is eager to promote its vision for broadband funding.

"We're in favor of any infrastructure package including any broadband funding," Cinnamon Rogers, senior vice president of government affairs with TIA, told The Hill. "I would characterize TIA as 'hopeful.' We remain very hopeful that they can strike a deal."

However, stakeholders told The Hill they've been burned before -- the White House and Congress have circled a possible infrastructure deal for years and potential legislation has been sidelined many times.

"Right now, it's just talk," Gigi Sohn, a former adviser at the Federal Communications Commission (FCC) under the Obama administration told The Hill. "When it's actually some numbers written down on paper and a deal, then come talk to me."

We broke down the roadblocks and questions ahead here.


FTC SWIPES LEFT: Apple and Google this week removed a trio of dating apps after the Federal Trade Commission (FTC) said they could put children at risk of exposure to predators.

Apple's App Store and the Google Play Store removed Meet24, FastMeet, and Meet4U after the FTC warned last week that they could be violating federal children's privacy standards, the agency announced Monday.

Wildec LLC, the Ukrainian company that operates the three dating apps, said in a statement to The Hill that it immediately addressed the potential FTC violations after it was notified on May 1, and is hoping Google and Apple will return its apps to their stores.

"We immediately reacted on FTC requirements and fixed all the issues, including removing all data from under age accounts," a spokesman for Wildec said, adding that "registration is not possible anymore" for underage users.

The FTC, prompted by the advocacy group Campaign for a Commercial-Free Childhood, said the apps allowed children under the age of 13 to sign up and participate, in violation of a law that requires companies to obtain parental consent before collecting personal information on children who aren't teenagers.

The three apps collected personal data including birthdays, email addresses, photographs and real-time location, according to the FTC. The children were allowed to use the apps and receive communication from other users.

Read more here.


AN OP-ED TO CHEW ON: Russia's attacks on our democratic systems call for diverse countermeasures.


A LIGHTER CLICK: Our approach to haters.



Start-ups hoping to fight climate change while other firms cash in. (The New York Times)

Charter squeezes more money out of Internet users with new cancellation policy. (Ars Technica)

Do Facebook's fact-checking efforts even work? (Gizmodo)

Lyft to offer Waymo self-driving taxis in suburban Phoenix. (The Wall Street Journal)