Overnight Cybersecurity: Comey reportedly staying on at FBI | Court blocks DOJ appeal in Microsoft email case

by Joe Uchill - 01/24/17 5:12 PM ET

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–President Trump has decided to keep James Comey on as director of the FBI, The New York Times reported Tuesday morning. Comey faced heavy criticism during the presidential campaign from both sides of the aisle for his handling of the investigation into Democratic nominee Hillary Clinton’s use of a private email server while secretary of State. FBI directors are appointed to 10-year terms to limit the political pressure on their position. Comey’s began in 2013 under President Obama, but Trump has the power to dismiss Comey if he wants. While presidents typically keep FBI directors for their full terms, Comey’s fate had been up in the air due to the turbulent campaign.

To read the rest of our piece, click here.

{mosads}

–WHAT COMEY MEANS TO CYBER: Comey may currently be best known for his role in the 2016 election cycle. He was a central figure to the public’s framing of the Clinton email fiasco – publicly explaining that he recommended no charges be filed (possibly against Department of Justice policy), while also alerting a leak-prone Congress when new, ultimately fruitless emails were found, and sitting on an investigation into the connections between the Trump campaign and Russia. But Comey’s role in cybersecurity runs much deeper. He is the top advocate for mandating backdoors in encrypted communications apps – something which President trump’s attorney general nominee, Sen. Jeff Sessions (R-Ala.), backed during his confirmation hearing last week. A House working group investigating encryption recently found that the security risks from introducing backdoors that hackers might exploit outweighed their investigative value.

A POLICY UPDATE:

THE INTERNET OF THINGS: Reps. Ted Lieu (D-Calif.) and Joe Wilson (R-S.C.) introduced the SPY Car Study Act, calling for stakeholders, academics and government agencies to do more research into frameworks to regulate internet connected cars. “Without good cyber hygiene, a hacker could easily turn a car into a weapon,” said Lieu in a statement.

But proposed internet of things research doesn’t stop there. Sens. Cory Booker (D-N.J.), Deb Fischer (R-Neb.) Cory Gardner (R-Colo.) and Brian Schatz (D-Hawaii) saw their Developing Innovation and Growing the Internet of Things (DIGIT) Act pass the Senate Commerce Committee today. The bill directs stakeholders and agencies to advise lawmakers how to proceed in improving the U.S. climate for security of all internet-connected devices. Click here for more on the bills which passed the Commerce committee on Tuesday.

WHO’S IN THE SPOTLIGHT:

MICROSOFT VS. THE DEPARTMENT OF JUSTICE

In a 4-4 split, the Second Circuit Court of Appeals declined Tuesday to reconsider a watershed decision limiting the ability of law enforcement to request data stored on foreign servers.

The earlier ruling had found Microsoft did not have to provide emails stored in Ireland in response to a domestic U.S. warrant. Microsoft had argued it was bound to abide by the law of Ireland and that the Department of Justice should have requested the evidence through the United States’s treaty with Ireland if they needed help on foreign soil To read the rest of our piece, click here.

A LIGHTER CLICK: SEAN SPICER’S GUM SWALLOWING is probably okay, says a doctor.

A REPORT IN FOCUS:

DDOS ATTACKS: Arbor Networks, which maintains international monitoring stations to amass just these kinds of statistics, reports that the average distributed denial of service attack is now perilously close to the 1 gigabit per second threshold that could potentially bring on additional costs for website owners.

Distributed denial of service (DDoS) try to flood a target server with requests to prevent it from properly functioning. It is the internet equivalent of having a bunch of people call a phone bank at the same time to tie up all the lines.

Arbor tracks the average speed of the attacks which have jumped from 760 megabits per second (Mbps) in 2015 to 931 Mbps last year. That’s a 23 percent increase year over year.

These are more than just arbitrary numbers getting bigger at an extraordinary rate. Companies often purchase DDoS protection by the gigabit (1000 mbps). As attacks get faster, the cost of defending against the attacks will get higher.

Massive attacks well over the average increased at a similarly frightening rate. The number of attacks over 100 Gbps a little more than doubled year over year, totaling 558. The number of attacks over 200 Gbps more than quintupled to 87. For more on their report, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Pompeo greets his CIA employees (The Hill)

Dems object to Trump’s choice to head the FCC. (The Hill)

Germany might use anti-botnet laws to fight against fake news in its upcoming election. (ZDNet)

If you own a thing, and Apple made that thing, it’s time to update whatever that thing is. (Quartz)

There is a Yelp for cybercrime. (Motherboard)

The Trump hiring freeze is killing jobs for nurses and engineers. (GovExec)

Evil machines can figure out your Android pattern password. (Phys)

Living in a world of ‘easy’ to lose AirPhones. (Daring Fireball)

Dems put broadband investment in their infrastructure proposal. (Morning Consult)

You shouldn’t have thrown away your Neo Geo. (New Yorker)