Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…
THE BIG STORIES:
–THE SHADOW: Hacking tensions will shadow Chinese President Xi Jinping’s first state visit to Washington beginning Thursday night. It’s an historic trip for Xi, a new generation-leader of China who assumed office in November 2012. He wants to use this week’s visit, capped by a Friday night state dinner, to show the world that China is on a level playing field with the United States. The visit is also important for the Obama administration, which hopes to make headway on climate change, military cooperation, human rights and various trade discrepancies. Yet it is the charges that Beijing was behind the theft of the personal data of more than 20 million federal workers that will dominate news coverage of the Obama-Xi discussions. But it’s not expected that the two sides will make much progress on the issue of hacking, despite outrage in the U.S. over what’s seen as a campaign by Beijing to pilfer U.S. corporate secrets. To read our full piece, check back Thursday morning.
{mosads}–THIS AGAIN?: Lawmakers are in an uproar after the Office of Personnel Management (OPM) revealed Wednesday that it underestimated by approximately 4 million the number of individuals whose fingerprints were stolen in the massive breach revealed this spring. OPM revised its original estimate of 1.1 million to 5.6 million after it discovered archived records not previously analyzed. Legislators hit OPM with the criticism that its inability to get the numbers right is a sign of ineptitude, with House Oversight Chairman Jason Chaffetz (R-Utah) claiming that he has “zero confidence in OPM’s competence and ability to manage this crisis.” Sen. Mark Warner (D-Va.) called the new number “shocking,” and called for action on legislation that would extend lifetime free identity protection services to victims. Under a current contract awarded earlier this month, individuals who were impacted by the hack are entitled to three years of protection services. The agency says that the new estimate does not impact the overall number of individuals whose data was exposed by the hack — that number still stands at as many as 22.1 million former, current and prospective federal employees, contractors and others. To read our full piece, click here.
–NOT IN MY HOUSE: For the second day in a row, Commerce Secretary Penny Pritzker urged Chinese leaders to reform a slate of economic practices she described as discriminatory and unfair to outside businesses. Speaking at a China-organized tech forum in Seattle with Chinese President Xi Jinping and many of America’s top chief executives, Pritzker praised the Asian power’s booming economic growth over the past few decades, but warned that some of its business practices are not sustainable. “American CEOs also frequently share serious concerns about Chinese policies and practices,” she said of her conversations with industry leaders. Those same concerned CEOs and industry leaders were in the room Wednesday with Xi and other top Chinese Internet regulators. “We are encouraged by many of the reforms that are being advanced in China by President Xi and many of his comments most recently about allowing the market to work in China as well,” said Dean Garfield, CEO of the Information Technology Industry Council, which counts Apple, Facebook, Google, Microsoft, Twitter and Yahoo as members. “If those reforms do move forward, then the opportunity for collective growth is high,” Garfield added. “But, there is a big ‘if.'” To read our full piece, click here.
UPDATE ON CYBER POLICY:
–ABORT. ABORT. The key framework that companies use to legally funnel private data between the U.S. and the E.U. should be overturned in the face of ongoing American surveillance, a top advisor to the European Union’s high court said Wednesday. Under the 2000 Safe Harbor agreement, U.S. companies can “self-certify” that their data privacy practices are equivalent to the more stringent E.U. regulations, but in a non-binding opinion issued on Wednesday, an advocate general for the European Court of Justice said the U.S. intelligence practices revealed by Edward Snowden render the protections of the Safe Harbor program invalid. “Because the surveillance carried out by the U.S. is mass, indiscriminate surveillance … in those circumstances, a third country cannot in any event be regarded as ensuring an adequate level of protection,” AG Yves Bot wrote. If the court opinion is confirmed, the 4,000 U.S. companies that now rely on Safe Harbor to legally transfer data across the Atlantic — companies like Facebook, Google and Twitter — will be left scrambling for alternatives. To read our full piece, click here.
LIGHTER CLICK:
–PLANET LOOK AT ME, LOOK AT ME. President Xi is competing for D.C.’s attention with His Holiness Pope Francis, who is in town through Thursday. Some Washingtonians are taking the opportunity to ask for papal favors, such as a blessing for the city’s wildly inefficient metro system. (Absolutely no editorializing here at all.) Read on, here.
WHO’S IN THE SPOTLIGHT:
–THE INDIAN PRIME MINISTER. Amidst public uproar, India has withdrawn a controversial information security proposal that would have, among other things, required social media companies to share unencrypted copies of messaging data with law enforcement and forced consumers to store a plain-text version of their data for 90 days from the date of transaction. Critics lambasted the draft law as draconian and unfeasible, and the outcry threatened to put a blight on Prime Minister Narendra Modi’s visit to Silicon Valley this weekend. Modi’s administration has claimed that it never intended to release the proposal in the first place. The “draft encryption policy is not the final view of the government,” IT Minister Ravi Shankar Prasad told reporters on Tuesday. “It will be redrawn to specify who it will apply to.” The New York Times has the story, here.
A LOOK AHEAD:
THURSDAY
–The Senate Intelligence Committee will hold an open hearing at 2:30 p.m. with testimony from National Security Agency (NSA) Director Adm. Michael Rogers.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Hillary Clinton is doubling down on the assertion that her private email server was secure during her time as secretary of State. (The Hill)
The American Civil Liberties Union thinks Capitol Hill staffers should be able to make encrypted calls and send secure text messages. (The Hill)
The story of a Chinese military staffer’s alleged involvement in hacking. (The Wall Street Journal)
Zscaler, a cloud security company that raised $25 million from Google Capital, just closed a $110-million round of funding. (Reuters)
A professor at Fundan University in Shanghai calls for the U.S. to get over its “Cold War mentality” when it comes to cybersecurity. (Huffington Post)
The recent Apple hack puts the spotlight on how the tech giant supports its developers in China. (Reuters)
Fraudsters in China are hacking Uber to get free rides. (Motherboard)
If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A