Overnight Cybersecurity: NSA director endorses encryption

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry wrap their arms around cyberthreats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–GET OVER IT: National Security Agency Director Adm. Michael Rogers on Thursday insisted “encryption is foundational to the future.” “So spending time arguing about ‘Hey, encryption is bad and we ought to do away with it,’ that’s a waste of time to me,” Rogers added during remarks at the Atlantic Council, an international affairs think tank. The NSA chief’s comments come at a time of intense discussion over encryption standards. In the wake of the terror attacks in Paris and San Bernardino, Calif., law enforcement and some lawmakers have been pressing tech companies to give investigators guaranteed access to secure data. They say encryption has allowed terrorists and criminals to operate out of sight of investigators. But the tech and privacy community have resisted the push. They say any type of guaranteed access to data introduces vulnerabilities that weaken encryption and expose everyday Internet activity to hackers. Rogers did not directly back one argument over the other, but he did emphasize the importance of strong encryption. He stressed that encryption was a fact of modern life and agencies such as the NSA have to work on novel approaches to get at encrypted information that might not be accessible using traditional techniques. “So what we’ve got to ask ourselves is, given that foundation [of encryption], what’s the best way for us to deal with it?” he said. “And how do we meet those very legitimate concerns from multiple perspectives?” To read our full piece, click here.

{mosads}–THIS AGAIN?: Ukrainian power plants are still facing an onslaught of cyberattacks in the wake of a malware-caused blackout in December, according to a U.S. security firm. “[On January 19th], we discovered a new wave of these attacks, where a number of electricity distribution companies in Ukraine were targeted again following the power outages in December,” malware researcher Robert Lipovsky wrote in a post on the blog We Live Security. But the kind of malware used in this latest wave of attacks is not the same code that left 80,000 people in the western regions of Ukraine without power last month, Lipovsky notes. “What’s particularly interesting is that the malware that was used this time is not BlackEnergy, which poses further questions about the perpetrators behind the ongoing operation,” he wrote. “The malware is based on a freely-available open-source backdoor — something no one would expect from an alleged state-sponsored malware operator.” The incident in December, believed to be the first time a blackout was caused by a cyberattack, has been widely attributed to Russia. To read our full piece, click here.

–GETTING TOUGH: European Union privacy regulators are considering freezing any U.S.-EU data transfers under existing laws, putting more pressure on negotiators to reach a deal on transatlantic data transfers. EU data protection authorities have been deciding how to regulate transatlantic data transfers since the European Court of Justice last year struck down a Safe Harbor agreement, citing U.S. surveillance concerns. The ruling left the 4,400 companies — from travel firms to social media — that relied on Safe Harbor to handle European citizens’ data scrambling for legal alternatives that many say are cumbersome and expensive. Two of the most likely options, having companies set up corporate rules or contractual clauses that specify how to handle the data, are now in jeopardy. Even those firms that already have those legal mechanisms approved by regulators could be affected by a privacy complaint, sources said. Not all of the data protection authorities are in favor of restricting transfers. To read our full piece, click here.

AN UPDATE ON POLICY:

–CUTTING IT CLOSE. Legislation that would allow European citizens to defend their privacy in U.S. court is being delayed in the Senate, potentially putting a wrench in ongoing negotiations over a new data transfer pact with the European Union.

The so-called Judicial Redress Act is being held over from a scheduled vote on Thursday in the Senate Judiciary Committee, according to panel aides.

The bill would give citizens from approved EU countries the right to enforce their data protection rights in U.S. courts and is seen as critical to securing a new Safe Harbor agreement.

When the European high court struck down the original framework last fall, it specifically cited a lack of redress for EU citizens whose data is mishandled in the U.S.

To read our full piece, click here.

A LIGHTER CLICK:

–SERIOUSLY, DON’T DO THIS. This new cell phone case — currently in the Kickstarter phase of its development — lights up in time to music.

Please, please, please do not get this and hold it up at concerts. We’re begging you. Also, while we’re at it, stop being that guy that stands in the front and films LITERALLY THE ENTIRE THING on your phone. Stop doing that.

Read on, here.

WHO’S IN THE SPOTLIGHT:

–MATTHEW KEYS. The former Los Angeles Times journalist, who has been convicted of facilitating the defacement of a Times article by leaking a username and password, faces up to seven years in prison and “roughly $250,000” in restitution.

Sentencing has been delayed from January to March 23 due to a dispute over how much money LA Times owner Tribune Company lost due to the hack.

While the page was vandalized for 40 minutes, the loss estimates include incident response, an overhaul of the Times’ internal system and some company-wide panic. The estimates have ranged wildly in court documents — from around $3,500 to $1.5 million.

Read on, here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A California lawmaker has introduced a bill that would ban smartphones with unbreakable encryption. (The Hill)

Fast-growing U.S.-Israeli cybersecurity firm ForeScout Technologies said on Thursday it has secured $76 million in financing led by Wellington Management. (Reuters)

U.S. Commerce Secretary Penny Pritzker on Thursday urged her European counterparts to endorse a proposal for a new Safe Harbor, saying, “It’s time for us all to acknowledge that we’ve gone as far as we can go.” (The Wall Street Journal)

Around 250,000 broadband customers left TalkTalk following its major hack in October, according to research. (The Register)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A