Overnight Cybersecurity: Lawmakers down to the wire on privacy bill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–TICK, TOCK. Lawmakers are coming down to the wire on privacy legislation some say is critical to securing a new deal to make legal transatlantic data transfers. The tight timeline worries some supporters of the bill, known as the Judicial Redress Act. The measure would grant European citizens a key Privacy Act right: the ability to sue in U.S. courts if their personal data is mishandled. Backers believe its passage will help Commerce Secretary Penny Pritzker and her European Commission counterparts hammer out the final details of a new transatlantic data transfer pact, known as the Safe Harbor deal. The U.S. and the European Union have been working to develop a new Safe Harbor framework since Europe’s high court invalidated the original pact over privacy concerns last October. EU privacy regulators have only given negotiators until the end of January before they will begin to take enforcement action against U.S. companies that do not meet European standards. “The clock is ticking on the Safe Harbor negotiations. And every day we delay [on Judicial Redress] is another day we’re closer to a potential catastrophe for U.S. tech companies,” Sen. Chris Murphy (D-Conn.) told The Hill. Murphy and Sen. Orrin Hatch (R-Utah) are co-sponsoring the bill, which passed unanimously in the House last year, but has languished in the Senate — despite being largely uncontroversial. Supporters have linked the measure to Safe Harbor, arguing that Europe’s concerns about privacy protections in the U.S. have been a roadblock in the negotiations. Swift action on Judicial Redress, they say, would help assuage those concerns before the Jan. 31 deadline. The bill remains on the agenda for a Thursday meeting. To read our full piece, click here.

{mosads}–GIT ‘R DONE: Negotiators from both sides of the Atlantic this weekend expressed urgency behind reaching a new Safe Harbor agreement before an end-of-the-month deadline. “I would like to say that we made progress, and we have to wrap up those negotiations and we have to deliver. Because time is running out, of course,” Andrus Ansip, vice president for the Digital Single Market on the European Commission, said Saturday during the World Economic Forum in Davos, Switzerland. Appearing on the same stage, Pritzker expressed similar sentiments. “It’s time for us to act and to stand together, and to demonstrate to companies and to the European Court of Justice and to all interested stakeholders that we’ve come a very long way,” Pritzker said. Under the terms of the original deal, negotiated in 2000, over 4,000 U.S. companies could “self-certify” that they met Europe’s more stringent privacy laws. Those companies are now in limbo, putting considerable pressure on negotiators to strike a new agreement. To read our full piece, click here.

–WHAT THEY’RE SAYING: The Islamic State in Iraq and Syria (ISIS) on Sunday published a video that indicates those behind the Paris massacre last year were using encryption to hide their communications. The 18-minute video, which was distributed via various ISIS official social media channels, features statements purportedly from the nine ISIS members behind the Paris assault, which left 130 dead. They are shown beheading hostages sometime prior to the attacks. “The following are the final messages of the nine lions of the Caliphate, who were mobilized from their dens to bring an entire country — France — to her knees,” reads a written statement that opens the video. The opening images also “suggest that ISIS fighters were using the data encryption software PGP for secure communications,” according to the Middle East Media Research Institute (MEMRI), which tracks ISIS’s online behavior. How the Paris attackers communicated in the lead-up to the Nov. 13 assault has been a hot topic for lawmakers in Europe and the U.S. Investigators have unofficially told several media outlets they believe the assailants used encrypted apps, such as Telegram, to help plan the strikes. Numerous policy makers in both Europe and the U.S. have jumped on these details. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–PUTTING A MAN ON THE CYBER MOON. Presidential candidate Ben Carson says the U.S. must unify its “disjointed and ineffective” approach to cybersecurity to win the “21st century cyberspace race.”

“When President Kennedy said he’d land an American on the moon, it brought together every part of America, from ordinary citizens to the highest levels of government,” says the Republican White House hopeful in a cybersecurity policy paper released Monday. “That is the kind of effort we need to drive American cyber leadership.”

Carson’s plan, unveiled just days before the Iowa caucuses, would consolidate federal cyber efforts under one new agency, the National Cyber Security Administration (NCSA), in the same way the government once coordinated its space exploration programs under NASA.

“Today it is time for a new ‘moon shot,'” the paper says. “We are in a cyberspace race, and we need a leader to present a bold vision to drive American innovation.”

Carson promises his plan would not create a “new federal bureaucracy.”

“On the contrary, it is a consolidation and unification of the countless and often redundant programs, initiatives and offices which operate disjointedly throughout the government,” the plan says.

Check out our full piece for more details on Carson’s NCSA proposal.

 

LIGHTER CLICK:

–THE NEW VQR. There’s now a literary journal on the dark Web! The Torist, edited by an associate professor at the University of Utah’s Department of Communication, launched this weekend.

Submissions for fiction, poetry and nonfiction are accepted year-round.

As long as it’s better than Nick Sparks, we’ll support it.

Read on, here.

 

A REPORT IN FOCUS:

–CAN’T WE ALL JUST GET ALONG? Tech industry groups on Monday were trumpeting a report they commissioned from law firm Sidley Austin that concludes U.S. and EU privacy and data protection laws are actually “essentially equivalent.”

The groups are using the report’s findings as evidence that the U.S. and EU should be able to come together on a new Safe Harbor agreement, which tech groups strongly support.

“As we enter the final days of the negotiations we need as many bridges to success as possible,” said Dean Garfield, CEO of the Information Technology Industry Council, a top tech trade group. “This report affirms that there are strong and viable pathways that lead to a robust framework for enabling transatlantic data flows.”

ITI commissioned the report, along with Microsoft, the U.S. Chamber of Commerce, BSA | The Software Alliance and the Computer & Communications Industry Association (CCIA).

See the full report here.

 

A LOOK AHEAD:

TUESDAY

–The Senate Homeland Security Committee has postponed its hearing to consider Office of Personnel Management Acting Director Beth Cobert’s nomination to become the permanent director of the agency. The new nomination hearing will now take place on Feb. 4 at 10 a.m.

–The Senate Intelligence Committee open hearing featuring testimony from CIA Director John Brennan has been postponed until further notice.

THURSDAY

–Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson (R-WI) will deliver a keynote at an American Enterprise Institute event on the upcoming year in cybersecurity at 9 a.m.

–The Senate Judiciary Committee is scheduled to mark up the Judicial Redress Act and the Defend Trade Secrets Act at 10 a.m.

 

WHO’S IN THE SPOTLIGHT:

–ENCRYPTION. (AGAIN.) (SORRY.) Assistant Attorney General Leslie Caldwell on Monday insisted that law enforcement must have a way to legally read encrypted communications as a solution to the so-called “going dark” problem.

“From gang activity to child abductions to national security threats, the ability to access electronic evidence in a timely manner is often essential to successfully conducting lawful investigations and preventing harm to potential victims,” Caldwell said at the annual State of the Net Internet Policy Conference in Washington, D.C.

Although the Justice Department is “completely committed to seeking and obtaining judicial authorization for electronic evidence collection in all appropriate circumstances,” Caldwell said, the agency must “be able to act on it if we are to keep our communities safe and our country secure.”

She invoked a recent anecdote from FBI Director James Comey, in which he recounted that one of the shooters who attacked a May contest to draw the Prophet Mohammed in Garland, Texas, exchanged 109 encrypted messages with overseas terrorists.

Caldwell quoted Comey’s remark that: “We have no idea what he said, because those messages were encrypted.”

She insisted Monday that online security and “the legal process that protects our values and our safety” are “complementary, not competing priorities,” urging the tech community to cooperate to “meet this public need together.”

To read our full piece, click here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A coalition of libertarian, civil liberties and digital privacy groups sent House members a letter on Monday urging them to support a bill that would undo the Cybersecurity Act of 2015. (The Hill)

The Pentagon’s advanced research wing is looking for ways to safeguard America’s most critical assets from attacks on the Internet. (CSM Passcode)

Shodan, a search engine for the Internet of Things, recently launched a new section that lets users easily browse vulnerable webcams. (Ars Technica)

An independent security researcher found several “serious” flaws in a bunch of military websites. (Motherboard)

A key House committee is probing the use, across the U.S. government, of Juniper Networks firewalls now known to have been hacked. (NextGov)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A