Hillicon Valley: Lawmakers call for action after 'devastating' cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms

Hillicon Valley: Lawmakers call for action after 'devastating' cyberattack on federal government | US cyber agency issues emergency directive following hacks | FTC opens privacy study into major internet platforms
© Greg Nash

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.

Virtual Event Announcement: 1:00 ET Wednesday 12/16 -- COVID-19, Tech and Economic Resilience


Significant advances in communication and information technology have lifted many, and buffered others, during a crushing pandemic. As a new administration prepares to take charge, which technology shifts are here to stay? How can policymaking keep pace to ensure the American economy retains its competitive edge? In the first of three virtual events, The Hill discusses the role of technology in re-energizing the American economy. Sen. Tim ScottTimothy (Tim) Eugene ScottBass 'hopeful' on passing police reform: 'Republicans that I am working with are operating in good faith' The Hill's Morning Report - Presented by Tax March - CDC in limbo on J&J vax verdict; Rep. Brady retiring Tim Scott to participate in GOP event in Iowa MORE, Rep. Suzan Delbene, Janet Napolitano, Amb. Ron Kirk, FCC Commissioner Jessica Rosenworcel, Microsoft's Fred Humphries. RSVP for event reminders (https://techpolicyandresilience.splashthat.com/


BIPARTISAN ALARM OVER MASSIVE HACK: U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months. 

“The reported breach of our Federal networks is serious and disturbing,” House Homeland Security Committee Chairman Bennie ThompsonBennie Gordon Thompson10 Democrats join NAACP lawsuit against Trump Ambitious House lawmakers look for promotions Lawmakers roll out bill to protect critical infrastructure after Florida water hack MORE (D-Miss.) told The Hill in an emailed statement. “Congress must understand the scope of what happened and what resources Federal agencies will need to secure their networks.”

The cyberattack targeted Austin, Texas-based IT vendor SolarWinds. Hackers inserted a vulnerability into updates put out by the company between March and June of this year for its Orion software, according to a Monday filing with the Securities and Exchange Commission (SEC). 

Reuters first reported that the hackers had successfully hacked into the Treasury Department, the Department of Homeland Security, and the Commerce Department’s National Telecommunications and Information Administration (NTIA).

However, the attack was likely even more catastrophic.


According to a post on SolarWinds' website removed Monday, the company’s customers also include all five branches of the military, the Justice and State departments, the National Security Agency, the Postal Service, and 425 of the U.S. Fortune 500 companies. 

The Washington Post reported that a prolific Russian military intelligence unit known as “Cozy Bear” was behind the attack on SolarWinds. The group was previously tied to an attack on the State Department and groups doing research on COVID-19 vaccines and treatments. No federal agency had publicly confirmed that this group was responsible. 

“While many details are still unknown, the attack emphasizes the importance of strong cybersecurity protections and rapid incident responses across all federal agencies,” Senate Commerce Committee Chairman Roger WickerRoger Frederick WickerBiden looks to bolster long-term research and development McCarthy and Biden haven't spoken since election Instagram sparks new concerns over 'kidfluencer' culture MORE (R-Miss.) and Sens. John ThuneJohn Randolph ThuneGOP acknowledges struggle to bring down Biden Senate GOP to face off over earmarks next week Biden outreach on infrastructure met with Republican skepticism MORE (R-S.D.) and Jerry MoranGerald (Jerry) MoranTrump looms over Senate's anti-Asian hate crimes battle Anti-Asian hate crimes bill overcomes first Senate hurdle Senate GOP signal they won't filibuster debate of hate crimes bill MORE (R-Kan.) said in a joint statement Monday following a briefing on the attack from the Commerce Department. 

“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” they added.

Read more here. 


EMERGENCY DIRECTIVE FOLLOWING HACKS: The top U.S. cybersecurity agency late Sunday issued an emergency directive calling on all federal civilian agencies to review their networks and disconnect from any SolarWinds systems after it was revealed that foreign hackers breached the third-party software provider and accessed some government networks.

The Treasury Department and the Commerce Department’s National Telecommunications and Information Administration are said to have fallen victim to intrusions as a result of the breach of SolarWinds, an Austin, Texas-based IT provider.

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA).

“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation,” Wales continued.

The directive is only the fifth that CISA, an agency within the Department of Homeland Security, has issued since 2015. The agency said all federal agencies using SolarWinds products should report to CISA on the completion of the directive by noon Monday. 

Read more here


FTC OPENS PRIVACY STUDY: The Federal Trade Commission (FTC) on Monday voted to issue orders to nine major internet platforms requiring information about how they handle data for a new study.


The orders, which do not implicate any legal wrongdoing, were sent to Amazon, ByteDance (the parent company of TikTok), Discord, Facebook, Reddit, Snapchat, Twitter, WhatsApp and YouTube.

The agency is requesting information about how the platforms collect, use, track or estimate personal and demographic information.

The orders also ask about how the companies determine which ads and content to show users, whether they apply algorithms or data analysis to personal info and in what ways their privacy practices affect children and teens.

Commissioners Rohit Chopra (D), Rebecca Kelly Slaughter (D) and Christine Wilson (R) said in a statement Monday that the study “will lift the hood on the social media and video streaming firms to carefully study their engines.”

Read more here.


FACEBOOK FACES BREAKUP THREAT: The twin lawsuits filed against Facebook this week by the government and more than 40 attorneys general are the most serious effort to break the social media giant up to date.


The cases, which differ slightly, focus on the allegation that Facebook made acquisitions in an effort to decrease competition in the social network marketplace and ultimately worsened the quality of options available to consumers.

The Federal Trade Commission and 48 state and territory attorneys general propose a solution to that issue: divestiture.

Specifically, they ask for judges to spin off the photo-sharing app Instagram and the messenger service Whatsapp, which were acquired in 2012 and 2014 respectively.

The complaints use internal communications to build a narrative around the intent behind the purchases.

Very early on in its suit, the FTC highlights a 2008 email from CEO Mark ZuckerbergMark Elliot ZuckerbergHillicon Valley: Biden administration sanctions Russia for SolarWinds hack, election interference Instagram sparks new concerns over 'kidfluencer' culture Mark Zuckerberg, meet Jean-Jacques Rousseau? MORE saying that “it is better to buy than compete.”

Similar correspondences are brought up relating to both major purchases. The states’ lawsuit highlights that before acquiring Instagram, Zuckerberg responded yes to an executive asking if a goal of purchasing the app was to “neutralize a potential competitor.”

Read more here



APPLE’S NEW APP LABELS: Apple on Monday said it is launching new privacy labels that will require all apps sold on Apple’s stores to disclose information about the data it tracks from users. 

The labels were first announced in June at the Worldwide Developers Conference, along with a broader set of changes Apple said aim to increase transparency regarding data collection. 

Apple started requiring developers to submit new privacy information to the App Store last week in order to update their apps. 

With the new labels, app product pages will show users the type of data an app may collect, whether the app will use that data to track a user, and whether it will be linked to the user. The data types will be collected in three categories, “data used to track you,” “data linked to you,” and “data not linked to you,” according to Apple. 

Read more here.


REDDIT BUYS TIKTOK RIVAL: Reddit said Sunday it is buying the video sharing app Dubsmash, a competitor to the widely popular app TikTok. 

Reddit will integrate Dubsmash’s video creation tools into its platform, but Dubsmash will also maintain its own platform and brand, Reddit said in a blog post announcing the deal. 

The acquisition builds on Reddit’s foray into video content. The forum-based platform launched native video in 2017, and Reddit said it has seen sharp growth in users using its video content since, including doubling the amount of videos posted on Reddit in 2020.

Dubsmash’s “entire team,” including its co-founders Suchit Dash, Jonas Drüppel and Tim Specht, will join Reddit, according to the announcement. 

A Reddit spokesperson said the company is not disclosing financial terms of the acquisition. 

Dubsmash was founded in 2013, three years before TikTok launched, and gained popularity as a video-sharing platform that allowed users to lip sync to different audio clips. The app has been downloaded close to 197 million times globally since its launch, according to data from analytics firm Sensor Tower. 

But Dubsmash trails TikTok in downloads. TikTok has been downloaded 2.6 billion times globally since its launch, according to the reported Sensor Tower data. 

Read more here


TEMPORARY OUTAGES: Google’s Gmail, YouTube and other services were temporarily unavailable Monday morning with widespread outages reported.

Users received the following error message when attempting to log into their Google accounts: “We’re sorry, but your account is temporarily unavailable. We apologize for the inconvenience and suggest trying again in a few minutes. You can view the G Suite Status Dashboard for the current status of the service.”

Outage maps on the website DownDetector indicated outages across the globe for Gmail and for YouTube.

Google search was not affected.

Read more here


ICYMI: TWITTER BRIEFLY LIMITS INTERACTION WITH TRUMP TWEET: Twitter on Saturday prevented users from liking and replying to a series of tweets from President TrumpDonald TrumpGraham: 'I could not disagree more' with Trump support of Afghanistan troop withdrawal GOP believes Democrats handing them winning 2022 campaign Former GOP operative installed as NSA top lawyer resigns MORE in which he repeated false claims that he won the election and that the race was “stolen” from him, though the company later reversed the move.

In three separate tweets Saturday morning, Trump responded to the Supreme Court’s decision to throw out a lawsuit from Texas aiming to nullify President-elect Joe BidenJoe BidenGraham: 'I could not disagree more' with Trump support of Afghanistan troop withdrawal Obama, Shaquille O'Neal, Charles Barkley team up to urge communities of color to get coronavirus vaccine Biden to hold second meeting with bipartisan lawmakers on infrastructure MORE’s win in Wisconsin, Michigan, Georgia and Pennsylvania. 

Trump cited the dissenting opinion from Justices Clarence ThomasClarence ThomasWe need a Herbert Hoover to reel in Big Tech Trump-era grievances could get second life at Supreme Court Joe Biden's surprising presidency MORE and Samuel AlitoSamuel AlitoTrump-era grievances could get second life at Supreme Court Supreme Court sides with Google in copyright fight against Oracle Supreme Court revives police shooting victim's suit against officers MORE expressing their view that the court is obligated to hear interstate disputes. 

Aside from this jurisdictional disagreement, however, the two more conservative justices indicated they joined the court’s seven other members in siding against Texas.

Read more here


Lighter click: Happy Chanukah!

An op-ed to chew on: America must have a technology ambassador for a digital world


Pornhub Just Purged All Unverified Content From the Platform (Motherboard / Samantha Cole)

Google Dominates Thanks to an Unrivaled View of the Web (New York Times / Daisuke Wakabayashi)

How right-wing websites are getting around Facebook’s political ad ban (Protocol / Issie Lapowsky)

Sen. Klobuchar, spooked by Amazon Halo, asks for new health-tracker privacy protections (Washington Post / Geoffrey A. Fowler)