Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users

Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).

 

ADVERTISEMENT

THE SENATE DID WHAT NOW: The Senate on Tuesday passed legislation intended to boost the federal government's ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents. 

The DHS Cyber Hunt and Incident Response Teams Act would require that the Department of Homeland Security (DHS) maintain permanent "teams" that could be deployed to assist in cases of cyberattacks or in order to identify vulnerabilities that could allow for a cyberattack to take place. 

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellRepublicans consider skipping witnesses in Trump impeachment trial On The Money: Pelosi, Trump tout deal on new NAFTA | McConnell says no trade vote until impeachment trial wraps up | Lawmakers push spending deadline to Thursday McConnell: Senate impeachment trial will begin in January MORE (R-Ky.) brought the bill up for unanimous consent on Tuesday, with the legislation passing shortly after. 

The House already passed its version in June, sponsored by Reps. Michael McCaulMichael Thomas McCaulHouse GOP criticizes impeachment drive as distracting from national security issues Texas GOP congressman calls on governor to postpone execution of Rodney Reed House Republicans add Hunter Biden, whistleblower to impeachment hearing witness wish list MORE (R-Texas), Jim LangevinJames (Jim) R. LangevinHillicon Valley: Commerce extends Huawei waiver | Senate Dems unveil privacy bill priorities | House funding measure extends surveillance program | Trump to tour Apple factory | GOP bill would restrict US data going to China Trump makes social media a player in impeachment Bill introduced to give special immigrant visas to Kurds who helped US in Syria MORE (D-R.I.), John KatkoJohn Michael KatkoHouse GOP criticizes impeachment drive as distracting from national security issues Progressive group unveils first slate of 2020 congressional endorsements Democratic lawmakers call on Judiciary Committee to advance 'revenge porn' law MORE (R-N.Y.), Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerLawmakers toast Greta Van Susteren's new show Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users Senate approves bill to boost cyber assistance for federal agencies, private sector MORE (D-Md.), and John RatcliffeJohn Lee RatcliffeTrump, first lady take part in National Christmas Tree lighting Lawmakers to watch during Wednesday's impeachment hearing House Republicans on Judiciary strategize ahead of Wednesday's impeachment hearing MORE (R-Texas). 

The Senate version of the bill was introduced in February and is sponsored by Sens. Maggie HassanMargaret (Maggie) HassanObstacles remain for deal on surprise medical bills Key House and Senate health leaders reach deal to stop surprise medical bills Senators sound alarm on dangers of ransomware attacks after briefing MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanHere are the Senate Republicans who could vote to convict Trump Lawmakers call for investigation into program meant to help student loan borrowers with disabilities Senators sound alarm on dangers of ransomware attacks after briefing MORE (R-Ohio).

The legislation had also previously been approved by the House during the 115th Congress but failed to get a vote in the Senate. 

The bill was recently touted by Senate Minority Leader Charles SchumerCharles (Chuck) Ellis SchumerKrystal Ball: Is this how Bernie Sanders will break the establishment? TikTok chief cancels Capitol Hill meetings, inflaming tensions Overnight Health Care — Presented by That's Medicaid — Deal on surprise medical bills faces obstacles | House GOP unveils rival drug pricing measure ahead of Pelosi vote | Justices to hear case over billions in ObamaCare payments MORE (D-N.Y.) as a way to respond to a rash of ransomware attacks that have hit government entities and other groups nationwide over the past few months. These attacks involve malicious actors locking a system and demanding a ransom before giving the user access again. 

ADVERTISEMENT

The Senate approved the bill by voice vote with a substitute amendment from Hassan included, meaning the House must approve the changed legislation before it can be sent to President TrumpDonald John TrumpRepublicans consider skipping witnesses in Trump impeachment trial Bombshell Afghanistan report bolsters calls for end to 'forever wars' Lawmakers dismiss Chinese retaliatory threat to US tech MORE's desk for his signature.

Read more on the bill here.  

 

 

MORE SECURITY PLEASE: A report released Wednesday by the Government Accountability Office (GAO) found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts, the same day a Senate committee approved legislation intended to bolster DOE's work on grid security.

GAO wrote in the report, originally finalized in August, that "the nation's electric grid is becoming more vulnerable to cyberattacks -- particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain."

GAO emphasized that DOE "plays a key role in helping address cybersecurity risks in each component of the electric grid's infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy."

The report also found that while the Federal Energy Regulatory Commission (FERC), which regulates the flow of electricity between states, has approved mandatory grid cybersecurity standards, these do not fully encompass current federal guidance on grid cybersecurity.

GAO noted that actors with the capabilities to interfere with the U.S. grid include foreign nations, criminal groups and terrorist organizations.

Recommendations: GAO recommended that DOE coordinate with other relevant federal agencies to develop a plan to implement a federal cybersecurity strategy for the electric grid. 

The report included a response from Karen Evans, the assistant secretary of DOE's Office of Cybersecurity, Energy Security, and Emergency Response. Evans wrote that she "concurs" with GAO's recommendation on the creation of a federal cybersecurity strategy and noted that "DOE's current actions meet the intent of GAO's recommendation."

Read more on the report here.

 

ONLINE DATING HELLSCAPE: The Federal Trade Commission (FTC) on Wednesday sued online-dating service Match Group, alleging the owner of Match.com and other top dating apps used deceptive advertisements to trick hundreds of thousands of consumers into buying Match.com subscriptions.  

ADVERTISEMENT

Until last year, the company allegedly sent emails to Match.com users claiming their profiles were receiving engagement including likes, favorites, emails and instant messages. But the company did not tell customers that many of those notifications were likely from scammers, according to the FTC. 

The "you caught his eye" emails from Match.com prompted hundreds of thousands of users to buy subscriptions with Match.com to see who had interacted with their account, according to the FTC, only for those users to find that they were being contacted by scammers.

Match Group, which has a firm hold on the online dating market, owns dating apps including Tinder, Hinge and OkCupid. 

"We believe that Match.com conned people into paying for subscriptions via messages the company knew were from scammers," Andrew Smith, director of the FTC's consumer protection division, said in a statement. "Online dating services obviously shouldn't be using romance scammers as a way to fatten their bottom line."

Match's side of the story: Match Group is pushing back aggressively against the allegations, which were filed in a Texas court on Wednesday.

"The issues the FTC is focusing on have either been taken grossly out of context or permanently eliminated by Match," the company said in a statement. "Fraud is never good for business, which is why we spend so much time, money and emotional capital to fight it." 

Match says it catches and neutralizes 85 percent of "potentially improper accounts" in the first four hours, and it is disputing data cited by the FTC, including its claim that more than half of instant messages and favorites between 2013 emanated from fraudulent accounts. 

ADVERTISEMENT

The consumer protection agency claims Match.Com has employed "five deceptive or unfair practices" since 2013 to solicit subscribers.

Read more on the FTC lawsuit here.

 

SPONSORED CONTENT - AMAZON

Growing a business with support from Amazon

Two brothers started a pet supply company in their father’s house six years ago. Today, they have more than a half-million customers. See their story.

 

ADVERTISEMENT

ICYMI: DEAF ACTIVISTS TAKE ON FCC: Activists are expressing concerns about the Federal Communications Commission's (FCC) push to adopt a new phone system for people who are deaf or hard of hearing, saying the services may not meet their needs and are potentially biased.

Under the Americans with Disabilities Act (ADA), qualifying deaf or hard of hearing people have access to the Internet Protocol Captioned Telephone Service (IP CTS), which provides transcription for phone calls, similar to television closed captions, through a combination of technology and human interpreters.

However, the FCC has pushed to authorize allowing Automatic Speech Recognition (ASR) technology, which translates speech into text by computers, as a replacement for the IP CTS service. The FCC proposed a rule on the issue last year, which was adopted in February.

The FCC's stance: When proposing the change, the FCC cited cost savings and argued the move would ensure the program "remains sustainable for those individuals who need it by reducing waste and thereby bringing under control the exponential growth of the program."

The agency, which emphasizes that it requires minimum quality standards for the services, is now seeking comment on three applications from ASR-only providers by Wednesday. 

Advocates push back: Meanwhile, advocates who expressed reservations during the rulemaking process are similarly voicing concerns ahead of the applications deadline.

Advocates say the technology removes the human element from the service and is not yet ready to replace the existing service wholesale, according to Emily Ladau, a consultant for Clear2Connect, a coalition that works to preserve captioning technology for disabled people.

"Imagine relying on Siri for your most important telephone calls or even a 911 call. Without additional testing and protections, ASR-only service risks unleashing services that are not ready for prime time onto a population of vulnerable users," Ladau told The Hill.

Push-and-pull: In a statement to The Hill on Tuesday, a spokesperson for the FCC said the criticisms of the change "miss a number of key factors."

"Automatic speech recognition has long been a part of IP-captioned phone service conversations. All but one of the IP-CTS providers have been using automatic speech recognition (ASR) for years--with a person also sitting in the middle of the call to 'revoice' the conversation," the spokesperson told The Hill. 

"We are currently reviewing applications from companies asking to provide these services. Regardless of the underlying technology being used for captioned phones, the FCC requires minimum quality standards. Any approved provider will be required to meet mandatory minimum standards, including verbatim transcription. And any approved provider must have already demonstrated an ability to meet this and other minimum standards," the FCC added.

Read more on the push here. 

 

SPONSORED CONTENT - AMAZON

The real Amazon effect

Driving through the streets of her community, Audrey Reyes sees nothing but opportunity. See how a California town is flourishing since Amazon arrived.

 

LIGHTER CLICK: You may be wondering how I ended up here

 

AN OP-ED TO CHEW ON: Breaking up "Big Tech" is the latest "techlash," but what would it actually do?

 

NOTABLE LINKS FROM AROUND THE WEB: 

Why did President Trump mention CrowdStrike to the Ukranian president? (CyberScoop)

Privacy activist in California launches new ballot initiative for 2020 election. (The Washington Post)  

Revealed: how TikTok censors videos that do not please Beijing. (The Guardian) 

How Singapore is using technology to solve its water shortage (CNN)