Hillicon Valley: Intel leaders push for breach notification law | Coinbase goes public
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.
Key U.S. intelligence leaders on Wednesday called on Congress to pass breach notification laws in the wake of major cybersecurity incidents. Meanwhile, Ireland’s privacy agency launched an investigation into a Facebook data leak, and two leading House Republicans raised concerns about new Chinese tech companies posing a threat to national security.
WORLDWIDE CYBER THREATS: The leaders of the nation’s intelligence agencies on Wednesday joined bipartisan members of the Senate Intelligence Committee in pushing for measures to encourage the private sector to report breaches and to deter malicious hackers from attacking critical infrastructure.
The discussion came as Congress is under increasing pressure to act after the discovery of both the SolarWinds hack, in which likely Russian hackers compromised nine federal agencies, and new vulnerabilities in a Microsoft email application exploited by a Chinese state-sponsored hacking group to breach thousands of companies.
Leaders ‘troubled’: “We are troubled in terms of being able to understand the depth and breadth of an intrusion based upon the fact that, for a number of good reasons, some of them obviously legal, that much of the private sector does not share this information readily,” Gen. Paul Nakasone, the director of the National Security Agency and commander of U.S. Cyber Command, testified during the Senate Intelligence Committee’s annual worldwide threats hearing.
Both Director of National Intelligence Avril Haines and FBI Director Christopher Wray also argued in favor of breach notification legislation, particularly following the SolarWinds hack. The breach was first discovered and reported publicly by cybersecurity group FireEye, not the federal government, something FireEye had no legal requirement to do.
Wray specifically zeroed in on concerns around the Chinese government’s nefarious efforts to compete with the United States, noting that his agency opens an investigation connected to China every 10 hours.
The intelligence leaders and lawmakers also discussed a wide array of threats at the annual hearing, including domestic terrorism and online disinformation. The House Intelligence Committee will host the same leaders during its worldwide threats hearing on Thursday.
NEW FACEBOOK INVESTIGATION: Ireland’s privacy agency is launching an investigation into a trove of information from roughly half a billion Facebook users that has been leaked and is circulating online.
“This dataset was reported to contain personal data relating to approximately 533 million Facebook users worldwide,” the country’s Data Protection Commission (DPC) said in a release Wednesday.
“The DPC engaged with Facebook Ireland in relation to this reported issue, raising queries in relation to GDPR compliance to which Facebook Ireland furnished a number of responses,” it added.
A spokesperson for Facebook told The Hill the company is fully cooperating with the inquiry.
The origin of the data, which includes profile names, email addresses and phone numbers, is unclear.
The information was posted on an amateur hacking forum earlier this month, but the data appears to be older.
Facebook has said that the data was reported on in 2019 and that it has already patched the vulnerability that allowed the information to be scraped.
NEW HUAWEI?: Two leading Republicans on the House Homeland Security Committee on Wednesday raised concerns about security and privacy threats posed by emerging Chinese tech companies, specifically zeroing in on electronics group Xiaomi.
Committee ranking member John Katko (R-N.Y.) and Rep. Andrew Garbarino (R-N.Y.), the top Republican on the panel’s cybersecurity subcommittee, sent a letter to Commerce Secretary Gina Raimondo and Homeland Security Secretary Alejandro Mayorkas highlighting concerns over the increasing Chinese threats in the information technology space.
“The security of our nation’s information and communications technology (ICT) supply chain is critical to nearly every aspect of our lives,” Katko and Garbarino wrote. “Over the past several years, we have seen an alarming increase in threats to our ICT supply chain from the Chinese Communist Party (CCP). They have been engaged in a multi-decade effort to lie, cheat, and steal their way to global dominance, in part by compromising our ICT backbone.”
COINBASE DAY: Shares of cryptocurrency exchange Coinbase hit the stock market for the first time Wednesday, opening at $381 to give the company a nearly $100 billion valuation.
Coinbase, a popular platform to buy and sell digital currencies such as Bitcoin, kicked off its initial public offering Wednesday on the Nasdaq composite and saw its share price skyrocket soon after launch.
Coinbase shares rose as high as $425 before settling near $400 shortly before 2 p.m., well above the reference price of $250 estimated Nasdaq before the stock offering.
Unlike typical IPOs, Coinbase directly listed shares of the company — which were held only by employees and private investors before Wednesday — allowing original shareholders to sell their stock instead of having a bank underwrite the offering.
BAN IT: A coalition of civil and human rights organizations on Wednesday called for officials on all levels of government to take action toward banning the private and corporate use of facial recognition technology.
More than 20 organizations signed the open letter urging a ban similar to one that went into effect in Portland, Ore., at the start of this year. The Portland ordinance bans private entities from using facial recognition technology in places of public accommodation.
“We believe this ordinance should be used as a template for more city, state, and federal legislation that bans private and corporate use of facial recognition surveillance,” the organizations wrote.
MASTERCARD WORRIES SEX WORKERS: Mastercard is updating requirements for banks that process payments for people and websites that sell adult content in an attempt to weed out illegal material.
Banks will now have to ensure that sellers have documented consent as well as age and identity verification for those involved in the content before being able to process payments, Mastercard said in a blog post Wednesday.
“In the past few years, the ability to upload content to the internet has become easier than ever,” wrote John Verdeschi, the company’s senior vice president of customer engagement and performance. “All someone needs is a smartphone and a Wi-Fi connection. Now, our requirements address the risks associated with this activity.”
Banks will also be required to ensure that sites have a review process and a system for complaints that addresses illegal or nonconsensual activity.
The downside: While the new requirements are aimed at combatting abuse, Mary Moody, a founding board member at the Adult Industry Laborers & Artists Association, said the new rules will likely end up making it more difficult for sex workers who have already been affected by the coronavirus pandemic to earn money online.
Lighter click: Well that’s a slide
An op-ed to chew on: As millions face eviction, the digital divide should not become a justice divide
NOTABLE LINKS FROM AROUND THE WEB:
The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm. (Washington Post / Ellen Nakashima and Reed Albergotti)
Can Clubhouse Keep The Party Going? (The Verge / Ashley Carman)
White Extremists Sought Murders of Politicians and Cops After Capitol Siege (Gizmodo / Dell Cameron and Tom McKay)