Hillicon Valley: Hacker group targeted electric grid | House Democrats press CBP over facial recognition program | Senators offer bill to protect health data | Groups file FCC complaint over carriers' use of location data

Hillicon Valley: Hacker group targeted electric grid | House Democrats press CBP over facial recognition program | Senators offer bill to protect health data | Groups file FCC complaint over carriers' use of location data
© iStock

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).


SHOCK TO THE SYSTEM: Xenotime, a group of hackers that has previously targeted oil and gas companies, has been targeting the U.S. electric grid in recent months, according to new research released Friday by cybersecurity group Dragos.

Dragos reported that the Xenotime group began "probing" the networks of electric utilities in both the U.S. and countries in the Asia-Pacific region in late 2018.

The report noted that none of the probes resulted in the group gaining access to an electric utility's system, but wrote that "the persistent attempts, and expansion in scope is cause for definite concern."


Dragos added that while none of the probing has been successful, this type of activity could be evidence of the group preparing for future cyberattacks.

The company recommended that owners and operators of industrial control system companies, including U.S. electric, gas and oil utilities, should prepare for attempts to be hacked by the Xenotime group, and bolster their cybersecurity capabilities in response.

Read more here.


REINING IN THE FACIAL REC: Over 20 House Democrats in a letter on Friday pressed the Department of Homeland Security over Border Patrol's use of facial recognition technology on U.S. citizens in airports, arguing the rapidly expanding program has not been enabled by any congressional mandate.

Customs and Border Protection (CBP), which has been rolling out the face-scanning program in a growing number of airports across the U.S., has argued that it is operating under a congressional mandate and executive order from the president. But those orders ask CBP to roll out a biometrics program for "foreign nationals," not U.S. citizens, the lawmakers say.

"We write to express concerns about reports that the U.S. Customs and Border Protection (CBP) is using facial recognition technology to scan American citizens under the Biometric Exit Program," the group of progressive lawmakers, who sit on multiple committees, wrote, referring to CBP's facial recognition tech program.  

"This is an unprecedented and unauthorized expansion of the agency's authority," they wrote. "As such, we urge the agency to allow for public input and establish privacy safeguards."

A CBP spokeswoman confirmed to The Hill that it has received the letter.

The group of Democrats behind the letter are led by Reps. Susan WildSusan WildThe biggest political upsets of the decade The Hill's Morning Report - Vulnerable Dems are backing Trump impeachment Vulnerable Democrats signal support for impeachment articles this week MORE (D-Pa.), Emanuel Cleaver (D-Mo.) and Yvette ClarkeYvette Diane ClarkeSanders, Warren battle for progressive endorsements Hillicon Valley: FBI to now notify state officials of cyber breaches | Pelosi rips 'shameful' Facebook | 5G group beefs up lobby team | Spotify unveils playlists for pets Jewish advocates pressure social media platforms, Congress to regulate online anti-Semitic speech MORE (D-N.Y.). The group includes progressives such as Rep. Alexandria Ocasio-CortezAlexandria Ocasio-CortezSanders wants one-on-one fight with Biden Impeachment trial forces senators to scrap fundraisers Ocasio-Cortez knocks Biden: He 'helped sell the invasion of Iraq' and 'spent years working to cut Social Security' MORE (D-N.Y.), Rashida TlaibRashida Harbi TlaibSanders wants one-on-one fight with Biden Democrats press Trump administration to stop DNA collection from detained migrants Jayapal: 'We will end up with another Donald Trump' if the US doesn't elect a progressive MORE (D-Mich.) and Ilhan OmarIlhan OmarSanders wants one-on-one fight with Biden Jayapal: 'We will end up with another Donald Trump' if the US doesn't elect a progressive Media's selective outrage exposed in McSally-Raju kerfuffle MORE (D-Minn.).

Lawmakers on both sides of the aisle in recent weeks have dramatically intensified their scrutiny of facial recognition technology, particularly by CBP and the FBI, saying the technology poses privacy and civil rights issues that have not been resolved. At a pair of House Oversight and Reform Committee hearings over the past month, Republicans and Democrats raised concerns that the government has implemented programs around facial recognition tech without any congressional regulation or oversight.

Read more here.


IMPOSTERS!: U.S. Customs and Border Protection (CBP) said Friday it has processed more than 19 million travelers using facial recognition technology in airports and at borders, but has only identified a little over 100 "imposters" whose identities do not match their ID documents.

A CBP spokesperson told The Hill the agency has "successfully intercepted six imposters" at airports and "identified 135 imposters" at pedestrian border crossings in the past several years since it began implementing facial recognition scanning. The technology has been more successful at land borders than airports so far.

"With facial comparison biometrics, CBP is changing solving a security challenge while adding a convenience for travelers," the spokesperson said.

One of the top purposes of the facial recognition technology program, dubbed "Biometric Entry/Exit," is to identify people who are in the U.S. illegally, such as those who have overstayed their visa.

The agency previously said it has identified more than 7,000 people overstaying their visa through the program so far.

The statement from CBP came in response to the letter from 23 House Democrats on Friday.

Read more here.


PRIVACY FAIL: Public interest groups are alleging that major phone carriers violated privacy laws by sharing their customers' location data without their permission.

The groups filed a complaint with the Federal Communications Commission (FCC) against all four national wireless providers -- Verizon, AT&T, Sprint and T-Mobile -- over practices that had been detailed in media reports over the past year, and urged the agency to crack down.

"The wireless carriers have been engaging in serious violations of their customers' privacy. But the law is clear on this issue: wireless carriers need consent from their customers before they can disclose customer location data to third parties," Eric Null, a senior counsel for New America's Open Technology Institute, said in a statement. "The carriers' practices have been public for over a year now, and the FCC has been asleep at the wheel. The wireless carriers have violated the law, it's time to hold them accountable."

The Open Technology Institute was joined by Free Press and the Center on Privacy and Technology at Georgetown Law in filing the complaint, which was first reported by Motherboard.

Motherboard and The New York Times have both published stories in the past year detailing how third-party aggregators traffic in customer location data obtained from the wireless industry that can often wind up in the wrong hands.

A story from Motherboard earlier this year showed how easy it was for bounty hunters to obtain someone's precise location using only a phone number.

All four wireless companies named in the complaint either declined to comment or didn't respond when contacted by The Hill.

Read more here.


AN APPLE A DAY: Sens. Amy KlobucharAmy Jean KlobucharBiden leads Sanders by 7 in new national poll Sanders joins Biden atop 2020 Democratic field: poll The Hill's Morning Report - Trump trial begins with clashes, concessions MORE (D-Minn.) and Lisa MurkowskiLisa Ann MurkowskiTensions between McConnell and Schumer run high as trial gains momentum No. 2 GOP leader eyes Wednesday of next week for possible votes on witnesses Collins walks impeachment tightrope MORE (R-Alaska) on Friday introduced legislation aimed at safeguarding the privacy of consumer health data, specifically the data involved in DNA testing kits and health tracking apps.

The Protecting Personal Health Data Act would require the secretary of Health and Human Services to create regulations for health data tracking apps, wearable devices such as FitBits and genetic testing kits. The regulations would include a clause to enable consumers to review, change and delete any health data collected by companies.

The legislation would also create a National Task Force on Health Data Protection to evaluate and provide input on any potential cybersecurity and privacy risks of consumer products that use customer health data.

The bill is being introduced in the wake of reports of health data being shared in ways that could violate consumers' privacy. This includes a report in February that various apps are sharing sensitive health data with Facebook, and reports from The Washington Post that a pregnancy tracking app was selling data about users to their employers and that health apps focused on depression and addiction were selling this data to Google and Facebook.

"New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight," Klobuchar, who is seeking the 2020 Democratic presidential nomination, said in a statement on the legislation.

Read more here.


ICYMI, DEEPFAKES EDITION: The House Intelligence Committee heard alarming testimony Thursday that deepfake videos could be weaponized by foreign adversaries to sow divisions in the United States.

Clint Watts, a former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund, warned lawmakers that Russia and China will likely both work to develop "synthetic media capabilities" for use against the U.S. and other adversaries.

"China's artificial intelligence capabilities rival the U.S., are powered by enormous data troves to include vast amounts of information stolen from the U.S., and the country has already shown a propensity to employ synthetic media in television broadcast journalism," he said.

Chairman Adam SchiffAdam Bennett SchiffThe Hill's Morning Report - House prosecutes Trump as 'lawless,' 'corrupt' What to watch for on Day 3 of Senate impeachment trial Democrats' impeachment case lands with a thud with GOP — but real audience is voters MORE (D-Calif.) described the videos as a "nightmarish scenario" to legislate.

He also called on social media companies to take action, adding that waiting until after the 2020 elections would be too late.

Republicans also voiced concerns about deepfake videos during the hearing but expressed fears that filters to control the videos could treat conservatives unfairly.

Rep. Devin NunesDevin Gerald NunesDemocratic lawmaker dismisses GOP lawsuit threat: 'Take your letter and shove it' House Democrats release second batch of Parnas materials Democratic lawmaker says Nunes threatened to sue him over criticism MORE (Calif.), the top Republican on the committee, said the filters, if left in the hands of tech companies, would be created by left-wing partisans.

"How do you put in filters to these tech oligarch companies?" Nunes asked at one point in the hearing. "There are only a few of them ... that are not developed by [the] partisan left-wing," he continued

Nunes added that "most of the time it is conservatives who get banned and not Democrats."

Rep. Will HurdWilliam Ballard HurdThe Hill's Morning Report - House prosecutes Trump as 'lawless,' 'corrupt' House Democrats launch effort to register minority voters in key districts Hurd says Democrats, media are being manipulated by Iran MORE (R-Texas), a former CIA officer, told reporters the government should do "basic research" on how to combat deepfakes that can be shared with both agencies and the private sector.

He said social media companies should work on their ability to identify the creators of deepfakes, while the State Department or FBI should focus on prosecuting actors linked to foreign countries.

Rep. Jim HimesJames (Jim) Andres HimesTwitter users invoke Merrick Garland after McConnell, Graham comments on impeachment trial Pelosi faces tough choices on impeachment managers This week: Impeachment inquiry moves to Judiciary Committee MORE (D-Conn.) cautioned that the government will have to avoid over-reaching when it comes to policing deepfake videos, warning parody or satiric videos should not be censored.

"I think it's a really hard question, but I would really urge and will urge the Congress to proceed very, very carefully, because as scary as deepfake technology is, the prospect of damaging our rights to free expression, the right to satirize politicians is also pretty scary," Himes told reporters.

Read more on the eventful hearing here.


AN OP-ED TO CHEW ON: NASA plans to open the International Space Station for business.


A LIGHTER CLICK: Congressional outreach.



In court, Facebook blames users for destroying their own right to privacy. (The Intercept)

Amazon hires Washington, D.C. official who participated in HQ2 talks. (The Verge)

Facebook's new cryptocurrency, Libra, gets big backers. (The Wall Street Journal)

Big tech's antitrust argument: we need to be big to beat China. (Bloomberg News)