Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users

Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).



THE SENATE DID WHAT NOW: The Senate on Tuesday passed legislation intended to boost the federal government's ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents. 

The DHS Cyber Hunt and Incident Response Teams Act would require that the Department of Homeland Security (DHS) maintain permanent "teams" that could be deployed to assist in cases of cyberattacks or in order to identify vulnerabilities that could allow for a cyberattack to take place. 

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellBiden's climate plans can cut emissions and also be good politics Acting Defense secretary makes surprise trip to Somalia As Biden administration ramps up, Trump legal effort drags on MORE (R-Ky.) brought the bill up for unanimous consent on Tuesday, with the legislation passing shortly after. 

The House already passed its version in June, sponsored by Reps. Michael McCaulMichael Thomas McCaulOvernight Defense: Pentagon prepping for Trump order to draw down in Afghanistan, Iraq | Questions swirl after DOD purge | 10th service member killed by COVID-19 Former VOA producer sues US global media agency over termination Record number of women to serve in the next Congress MORE (R-Texas), Jim LangevinJames (Jim) R. LangevinCyberattack forces shutdown of Baltimore County schools for the day Pressure grows to reinstall White House cyber czar Hillicon Valley: Biden expected to take hard line on foreign interference | EU files antitrust charges against Amazon | Facebook takes down Bannon-linked network MORE (D-R.I.), John KatkoJohn Michael KatkoRundown of the House seats Democrats, GOP flipped on Election Day Republicans who could serve in a Biden government Fitzpatrick wins reelection in Pennsylvania MORE (R-N.Y.), Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerHillicon Valley: House panel says Intelligence Community not equipped to address Chinese threats | House approves bill to send cyber resources to state, local governments House approves legislation to send cybersecurity resources to state, local governments Hillicon Valley: 'Fortnite' owner sues Apple after game is removed from App Store | Federal agencies seize, dismantle cryptocurrency campaigns of major terrorist organizations MORE (D-Md.), and John RatcliffeJohn Lee RatcliffeProfiles in cowardice: Trump's Senate enablers Biden considering King for director of national intelligence: report Haspel not in attendance at latest Trump intelligence briefing: reports MORE (R-Texas). 

The Senate version of the bill was introduced in February and is sponsored by Sens. Maggie HassanMargaret (Maggie) HassanCut tariffs and open US economy to fight COVID-19 pandemic Senate passes bill to secure internet-connected devices against cyber vulnerabilities Overnight Defense: Trump campaign's use of military helicopter raises ethics concerns | Air Force jets intercept aircraft over Trump rally | Senators introduce bill to expand visa screenings MORE (D-N.H.) and Rob PortmanRobert (Rob) Jones PortmanBiden says transition outreach from Trump administration has been 'sincere' The Hill's 12:30 Report: Trump holds his last turkey pardon ceremony The Hill's Morning Report - Presented by the UAE Embassy in Washington, DC - Trump OKs transition; Biden taps Treasury, State experience MORE (R-Ohio).

The legislation had also previously been approved by the House during the 115th Congress but failed to get a vote in the Senate. 

The bill was recently touted by Senate Minority Leader Charles SchumerChuck SchumerUS national security policy in the 117th Congress and a new administration Voters say Biden should make coronavirus vaccine a priority: poll New York City subway service could be slashed 40 percent, officials warn MORE (D-N.Y.) as a way to respond to a rash of ransomware attacks that have hit government entities and other groups nationwide over the past few months. These attacks involve malicious actors locking a system and demanding a ransom before giving the user access again. 


The Senate approved the bill by voice vote with a substitute amendment from Hassan included, meaning the House must approve the changed legislation before it can be sent to President TrumpDonald John TrumpBiden adds to vote margin over Trump after Milwaukee County recount Krebs says allegations of foreign interference in 2020 election 'farcical'  Republicans ready to become deficit hawks again under a President Biden MORE's desk for his signature.

Read more on the bill here.  



MORE SECURITY PLEASE: A report released Wednesday by the Government Accountability Office (GAO) found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts, the same day a Senate committee approved legislation intended to bolster DOE's work on grid security.

GAO wrote in the report, originally finalized in August, that "the nation's electric grid is becoming more vulnerable to cyberattacks -- particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain."

GAO emphasized that DOE "plays a key role in helping address cybersecurity risks in each component of the electric grid's infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy."

The report also found that while the Federal Energy Regulatory Commission (FERC), which regulates the flow of electricity between states, has approved mandatory grid cybersecurity standards, these do not fully encompass current federal guidance on grid cybersecurity.

GAO noted that actors with the capabilities to interfere with the U.S. grid include foreign nations, criminal groups and terrorist organizations.

Recommendations: GAO recommended that DOE coordinate with other relevant federal agencies to develop a plan to implement a federal cybersecurity strategy for the electric grid. 

The report included a response from Karen Evans, the assistant secretary of DOE's Office of Cybersecurity, Energy Security, and Emergency Response. Evans wrote that she "concurs" with GAO's recommendation on the creation of a federal cybersecurity strategy and noted that "DOE's current actions meet the intent of GAO's recommendation."

Read more on the report here.


ONLINE DATING HELLSCAPE: The Federal Trade Commission (FTC) on Wednesday sued online-dating service Match Group, alleging the owner of Match.com and other top dating apps used deceptive advertisements to trick hundreds of thousands of consumers into buying Match.com subscriptions.  


Until last year, the company allegedly sent emails to Match.com users claiming their profiles were receiving engagement including likes, favorites, emails and instant messages. But the company did not tell customers that many of those notifications were likely from scammers, according to the FTC. 

The "you caught his eye" emails from Match.com prompted hundreds of thousands of users to buy subscriptions with Match.com to see who had interacted with their account, according to the FTC, only for those users to find that they were being contacted by scammers.

Match Group, which has a firm hold on the online dating market, owns dating apps including Tinder, Hinge and OkCupid. 

"We believe that Match.com conned people into paying for subscriptions via messages the company knew were from scammers," Andrew Smith, director of the FTC's consumer protection division, said in a statement. "Online dating services obviously shouldn't be using romance scammers as a way to fatten their bottom line."

Match's side of the story: Match Group is pushing back aggressively against the allegations, which were filed in a Texas court on Wednesday.

"The issues the FTC is focusing on have either been taken grossly out of context or permanently eliminated by Match," the company said in a statement. "Fraud is never good for business, which is why we spend so much time, money and emotional capital to fight it." 

Match says it catches and neutralizes 85 percent of "potentially improper accounts" in the first four hours, and it is disputing data cited by the FTC, including its claim that more than half of instant messages and favorites between 2013 emanated from fraudulent accounts. 


The consumer protection agency claims Match.Com has employed "five deceptive or unfair practices" since 2013 to solicit subscribers.

Read more on the FTC lawsuit here.



Growing a business with support from Amazon

Two brothers started a pet supply company in their father’s house six years ago. Today, they have more than a half-million customers. See their story.



ICYMI: DEAF ACTIVISTS TAKE ON FCC: Activists are expressing concerns about the Federal Communications Commission's (FCC) push to adopt a new phone system for people who are deaf or hard of hearing, saying the services may not meet their needs and are potentially biased.

Under the Americans with Disabilities Act (ADA), qualifying deaf or hard of hearing people have access to the Internet Protocol Captioned Telephone Service (IP CTS), which provides transcription for phone calls, similar to television closed captions, through a combination of technology and human interpreters.

However, the FCC has pushed to authorize allowing Automatic Speech Recognition (ASR) technology, which translates speech into text by computers, as a replacement for the IP CTS service. The FCC proposed a rule on the issue last year, which was adopted in February.

The FCC's stance: When proposing the change, the FCC cited cost savings and argued the move would ensure the program "remains sustainable for those individuals who need it by reducing waste and thereby bringing under control the exponential growth of the program."

The agency, which emphasizes that it requires minimum quality standards for the services, is now seeking comment on three applications from ASR-only providers by Wednesday. 

Advocates push back: Meanwhile, advocates who expressed reservations during the rulemaking process are similarly voicing concerns ahead of the applications deadline.

Advocates say the technology removes the human element from the service and is not yet ready to replace the existing service wholesale, according to Emily Ladau, a consultant for Clear2Connect, a coalition that works to preserve captioning technology for disabled people.

"Imagine relying on Siri for your most important telephone calls or even a 911 call. Without additional testing and protections, ASR-only service risks unleashing services that are not ready for prime time onto a population of vulnerable users," Ladau told The Hill.

Push-and-pull: In a statement to The Hill on Tuesday, a spokesperson for the FCC said the criticisms of the change "miss a number of key factors."

"Automatic speech recognition has long been a part of IP-captioned phone service conversations. All but one of the IP-CTS providers have been using automatic speech recognition (ASR) for years--with a person also sitting in the middle of the call to 'revoice' the conversation," the spokesperson told The Hill. 

"We are currently reviewing applications from companies asking to provide these services. Regardless of the underlying technology being used for captioned phones, the FCC requires minimum quality standards. Any approved provider will be required to meet mandatory minimum standards, including verbatim transcription. And any approved provider must have already demonstrated an ability to meet this and other minimum standards," the FCC added.

Read more on the push here. 



The real Amazon effect

Driving through the streets of her community, Audrey Reyes sees nothing but opportunity. See how a California town is flourishing since Amazon arrived.


LIGHTER CLICK: You may be wondering how I ended up here


AN OP-ED TO CHEW ON: Breaking up "Big Tech" is the latest "techlash," but what would it actually do?



Why did President Trump mention CrowdStrike to the Ukranian president? (CyberScoop)

Privacy activist in California launches new ballot initiative for 2020 election. (The Washington Post)  

Revealed: how TikTok censors videos that do not please Beijing. (The Guardian) 

How Singapore is using technology to solve its water shortage (CNN)