Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users

Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).

 

ADVERTISEMENT

THE SENATE DID WHAT NOW: The Senate on Tuesday passed legislation intended to boost the federal government's ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents. 

The DHS Cyber Hunt and Incident Response Teams Act would require that the Department of Homeland Security (DHS) maintain permanent "teams" that could be deployed to assist in cases of cyberattacks or in order to identify vulnerabilities that could allow for a cyberattack to take place. 

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellRepublicans show little enthusiasm for impeachment witness swap Overnight Health Care — Presented by Philip Morris International — CDC, State Department warn against travel to China | Biden says Trump left US unprepared for epidemic | Justices allow Trump 'public charge' rule to move forward Progressive group targeting vulnerable GOP senators on impeachment witnesses MORE (R-Ky.) brought the bill up for unanimous consent on Tuesday, with the legislation passing shortly after. 

The House already passed its version in June, sponsored by Reps. Michael McCaulMichael Thomas McCaulRockets hit US Embassy compound in Baghdad Top Indian official canceled congressional meeting over inclusion of Jayapal: report Republican group asks 'what is Trump hiding' in Times Square billboard MORE (R-Texas), Jim LangevinJames (Jim) R. LangevinLawmakers push back at Pentagon's possible Africa drawdown Hillicon Valley: DHS warns of Iranian cyber threats | YouTube updates child content policy | California privacy law takes effect | Tech, cyber issues to watch in 2020 Lawmakers close to finalizing federal strategy to defend against cyberattacks MORE (D-R.I.), John KatkoJohn Michael KatkoDCCC to run ads tying 11 House Republicans to Trump remarks on entitlements Bezos phone breach escalates fears over Saudi hacking House Democrats request briefings on Iranian cyber threats from DHS, FCC MORE (R-N.Y.), Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerLawmakers toast Greta Van Susteren's new show Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users Senate approves bill to boost cyber assistance for federal agencies, private sector MORE (D-Md.), and John RatcliffeJohn Lee RatcliffeJordan says he thinks trial will be over by next week The Hill's Morning Report - Trump trial begins with clash over rules White House appoints GOP House members to advise Trump's impeachment team MORE (R-Texas). 

The Senate version of the bill was introduced in February and is sponsored by Sens. Maggie HassanMargaret (Maggie) HassanCyberattacks against North Dakota state government skyrocket to 15M per month Hillicon Valley: Biden calls for revoking tech legal shield | DHS chief 'fully expects' Russia to try to interfere in 2020 | Smaller companies testify against Big Tech 'monopoly power' Bipartisan group of senators introduces legislation to boost state cybersecurity leadership MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanSenate Republicans confident they'll win fight on witnesses Collins walks impeachment tightrope The Hill's Morning Report - Trump trial begins with clashes, concessions MORE (R-Ohio).

The legislation had also previously been approved by the House during the 115th Congress but failed to get a vote in the Senate. 

The bill was recently touted by Senate Minority Leader Charles SchumerCharles (Chuck) Ellis SchumerMeadows: Republicans who break with Trump could face political repercussions Bolton book alleges Trump tied Ukraine aid freeze to Biden investigations: NYT Trump legal team offers brisk opening defense of president MORE (D-N.Y.) as a way to respond to a rash of ransomware attacks that have hit government entities and other groups nationwide over the past few months. These attacks involve malicious actors locking a system and demanding a ransom before giving the user access again. 

ADVERTISEMENT

The Senate approved the bill by voice vote with a substitute amendment from Hassan included, meaning the House must approve the changed legislation before it can be sent to President TrumpDonald John TrumpWarren: Dershowitz presentation 'nonsensical,' 'could not follow it' Bolton told Barr he was concerned Trump did favors for autocrats: report Dershowitz: Bolton allegations would not constitute impeachable offense MORE's desk for his signature.

Read more on the bill here.  

 

 

MORE SECURITY PLEASE: A report released Wednesday by the Government Accountability Office (GAO) found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts, the same day a Senate committee approved legislation intended to bolster DOE's work on grid security.

GAO wrote in the report, originally finalized in August, that "the nation's electric grid is becoming more vulnerable to cyberattacks -- particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain."

GAO emphasized that DOE "plays a key role in helping address cybersecurity risks in each component of the electric grid's infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy."

The report also found that while the Federal Energy Regulatory Commission (FERC), which regulates the flow of electricity between states, has approved mandatory grid cybersecurity standards, these do not fully encompass current federal guidance on grid cybersecurity.

GAO noted that actors with the capabilities to interfere with the U.S. grid include foreign nations, criminal groups and terrorist organizations.

Recommendations: GAO recommended that DOE coordinate with other relevant federal agencies to develop a plan to implement a federal cybersecurity strategy for the electric grid. 

The report included a response from Karen Evans, the assistant secretary of DOE's Office of Cybersecurity, Energy Security, and Emergency Response. Evans wrote that she "concurs" with GAO's recommendation on the creation of a federal cybersecurity strategy and noted that "DOE's current actions meet the intent of GAO's recommendation."

Read more on the report here.

 

ONLINE DATING HELLSCAPE: The Federal Trade Commission (FTC) on Wednesday sued online-dating service Match Group, alleging the owner of Match.com and other top dating apps used deceptive advertisements to trick hundreds of thousands of consumers into buying Match.com subscriptions.  

ADVERTISEMENT

Until last year, the company allegedly sent emails to Match.com users claiming their profiles were receiving engagement including likes, favorites, emails and instant messages. But the company did not tell customers that many of those notifications were likely from scammers, according to the FTC. 

The "you caught his eye" emails from Match.com prompted hundreds of thousands of users to buy subscriptions with Match.com to see who had interacted with their account, according to the FTC, only for those users to find that they were being contacted by scammers.

Match Group, which has a firm hold on the online dating market, owns dating apps including Tinder, Hinge and OkCupid. 

"We believe that Match.com conned people into paying for subscriptions via messages the company knew were from scammers," Andrew Smith, director of the FTC's consumer protection division, said in a statement. "Online dating services obviously shouldn't be using romance scammers as a way to fatten their bottom line."

Match's side of the story: Match Group is pushing back aggressively against the allegations, which were filed in a Texas court on Wednesday.

"The issues the FTC is focusing on have either been taken grossly out of context or permanently eliminated by Match," the company said in a statement. "Fraud is never good for business, which is why we spend so much time, money and emotional capital to fight it." 

Match says it catches and neutralizes 85 percent of "potentially improper accounts" in the first four hours, and it is disputing data cited by the FTC, including its claim that more than half of instant messages and favorites between 2013 emanated from fraudulent accounts. 

ADVERTISEMENT

The consumer protection agency claims Match.Com has employed "five deceptive or unfair practices" since 2013 to solicit subscribers.

Read more on the FTC lawsuit here.

 

SPONSORED CONTENT - AMAZON

Growing a business with support from Amazon

Two brothers started a pet supply company in their father’s house six years ago. Today, they have more than a half-million customers. See their story.

 

ADVERTISEMENT

ICYMI: DEAF ACTIVISTS TAKE ON FCC: Activists are expressing concerns about the Federal Communications Commission's (FCC) push to adopt a new phone system for people who are deaf or hard of hearing, saying the services may not meet their needs and are potentially biased.

Under the Americans with Disabilities Act (ADA), qualifying deaf or hard of hearing people have access to the Internet Protocol Captioned Telephone Service (IP CTS), which provides transcription for phone calls, similar to television closed captions, through a combination of technology and human interpreters.

However, the FCC has pushed to authorize allowing Automatic Speech Recognition (ASR) technology, which translates speech into text by computers, as a replacement for the IP CTS service. The FCC proposed a rule on the issue last year, which was adopted in February.

The FCC's stance: When proposing the change, the FCC cited cost savings and argued the move would ensure the program "remains sustainable for those individuals who need it by reducing waste and thereby bringing under control the exponential growth of the program."

The agency, which emphasizes that it requires minimum quality standards for the services, is now seeking comment on three applications from ASR-only providers by Wednesday. 

Advocates push back: Meanwhile, advocates who expressed reservations during the rulemaking process are similarly voicing concerns ahead of the applications deadline.

Advocates say the technology removes the human element from the service and is not yet ready to replace the existing service wholesale, according to Emily Ladau, a consultant for Clear2Connect, a coalition that works to preserve captioning technology for disabled people.

"Imagine relying on Siri for your most important telephone calls or even a 911 call. Without additional testing and protections, ASR-only service risks unleashing services that are not ready for prime time onto a population of vulnerable users," Ladau told The Hill.

Push-and-pull: In a statement to The Hill on Tuesday, a spokesperson for the FCC said the criticisms of the change "miss a number of key factors."

"Automatic speech recognition has long been a part of IP-captioned phone service conversations. All but one of the IP-CTS providers have been using automatic speech recognition (ASR) for years--with a person also sitting in the middle of the call to 'revoice' the conversation," the spokesperson told The Hill. 

"We are currently reviewing applications from companies asking to provide these services. Regardless of the underlying technology being used for captioned phones, the FCC requires minimum quality standards. Any approved provider will be required to meet mandatory minimum standards, including verbatim transcription. And any approved provider must have already demonstrated an ability to meet this and other minimum standards," the FCC added.

Read more on the push here. 

 

SPONSORED CONTENT - AMAZON

The real Amazon effect

Driving through the streets of her community, Audrey Reyes sees nothing but opportunity. See how a California town is flourishing since Amazon arrived.

 

LIGHTER CLICK: You may be wondering how I ended up here

 

AN OP-ED TO CHEW ON: Breaking up "Big Tech" is the latest "techlash," but what would it actually do?

 

NOTABLE LINKS FROM AROUND THE WEB: 

Why did President Trump mention CrowdStrike to the Ukranian president? (CyberScoop)

Privacy activist in California launches new ballot initiative for 2020 election. (The Washington Post)  

Revealed: how TikTok censors videos that do not please Beijing. (The Guardian) 

How Singapore is using technology to solve its water shortage (CNN)