Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORY:
–ANOTHER DAY OF ZUCKERBERG: Facebook CEO Mark Zuckerberg appeared for another marathon hearing before House lawmakers on Wednesday, after holding his own before members of the Senate Commerce and Judiciary Committees Tuesday. Zuckerberg spent roughly five hours being grilled by the House Commerce Committee on Wednesday — bringing him to a grand total of 10 hours of congressional testimony (!) in just two days. Some of the key moments from the latest hearing:
–MORE CALLS FOR PRIVACY LEGISLATION: Wednesday’s hearing brought more calls for privacy legislation in the wake of the Cambridge Analytica data leak that impacted tens of millions of Facebook users. Rep. Frank Pallone Jr. (D-N.J.), the committee’s ranking member, came out swinging in his opening statement, saying Republican inaction is to blame for the stream of privacy breaches that have dominated the news recently. “By not doing its job, this Republican-controlled Congress has become complicit in this nonstop cycle of privacy by press release,” Pallone said, arguing that Facebook and the rest of the major internet platforms need to be regulated. “We need comprehensive privacy and data security legislation,” he added. “We need baseline protections that stretch from internet service providers to data brokers to app developers and to anyone else who makes a living off our data.” We heard a few senators voice support yesterday for new privacy laws, but Zuckerberg refused to endorse the idea, saying only that he supported greater privacy protections in theory.
–MORE DIAMOND AND SILK: Zuckerberg was forced to repeatedly address recent revelations that Trump supporters Diamond and Silk were blocked from Facebook after the company labeled their content “unsafe to the community.” “In that specific case, our team made an enforcement error, and we have already got in touch with them to reverse it,” Zuckerberg told Rep. Joe Barton (R-Texas) during one exchange. “You need to work with Congress and the community to ensure that it is a neutral, safe, and to the largest extent, private platform. Do you agree with that?” Barton asked. “I do agree that we should work to give people the fullest free expression possible. When I talk about giving people a voice, that’s what I care about,” Zuckerberg responded. Sen. Ted Cruz (R-Texas) similarly grilled Zuckerberg on the issue Tuesday.
–ZUCKERBERG COMMITS TO EXTENDING EU PRIVACY PROTECTIONS: Zuckerberg again promised to provide privacy protections for Facebook users around the world once a new European Union data law goes into effect next month. The law will only apply to European countries, but privacy advocates have been urging Facebook to extend the changes that will be required to rest of the world. Rep. Gene Green (D-Texas) asked the Facebook CEO to affirm the commitment he made last week. “Yes, congressman, all the same controls will be available around the world,” Zuckerberg said. “We’re going to put at the top of everyone’s app when they sign in, a tool that walks people through the settings, and gives people the choices and asks them to make decisions on how they want their settings set,” he added. The General Data Protection Regulation (GDPR) will go into effect on May 25 and will require internet firms to be more transparent about their data policies and give users more control over their own information.
–ZUCKERBERG DEFENDS AD TARGETING SYSTEM: Lawmakers of both parties have been voicing unease about Facebook’s targeted ad system and how it profits off of users’ aggregate data. Zuckerberg offered a defense of the system after being pressed by Rep. Brett Guthrie (R-Ky.) about what would happen if the company shifted away from using personal data to deliver tailored ads. “For people using the services, it would make the ads less relevant to them,” Zuckerberg said. “For businesses, like the small businesses using advertising, it would make advertising more expensive because now they would have to pay more to reach more people and efficiently because targeting helps small businesses be able to afford and reach people as effectively as big companies who typically have the ability to do for a long time. It would affect our revenue, too.” The Cambridge Analytica scandal has put the ad system in the spotlight in recent weeks.
Check out our full live blog here.
A LEGISLATIVE UPDATE:
SENATE PANEL TO TAKE UP BILL PROTECTING MUELLER: The Senate Judiciary Committee is punting a bill limiting President Trump’s ability to fire special counsel Robert Mueller into next week, instead of considering it on Thursday.
Sen. Dianne Feinstein (D-Calif.) said she and Sen. Chuck Grassley (R-Iowa), the committee chairman, had “agreed to not take action this week but instead place the bill on the committee’s markup calendar next week.”
“I’m worried about an amendment we haven’t been able to review that could undermine the investigation,” she said.
Asked what amendment Feinstein, the top Democrat on the committee, was referring to, her spokesman pointed toward a recent New York Times article.
GOP committee aides told the Times that Grassley wants to offer an amendment that would require the Justice Department to give a report to Congress when there is a change in the scope of a special counsel investigation or if the special counsel is fired.
Pushing the legislation into next week is a delay from Grassley’s request to put it under the committee’s agenda for a business meeting on Thursday.
Grassley aides noted earlier Wednesday that the GOP senator needed Feinstein to sign off on changing Thursday’s agenda because it was within 72 hours of the meeting.
The legislation, from Sens. Christopher Coons (D-Del.), Cory Booker (D-N.J.), Thom Tillis (R-N.C.) and Lindsey Graham (R-S.C.), would let Mueller, or any other special counsel, receive an “expedited judicial review” within 10 days of being fired to determine if it was for a “good cause.”
If it wasn’t, the special counsel would be reinstated. The measure would also codify existing regulations that only a senior Justice Department official can fire a special counsel and that they must provide the reason in writing.
To read more from our piece, click here.
A FEW NOMINATIONS IN FOCUS:
This slipped under our radar yesterday amid all the news: The Senate Intelligence Committee advanced the nomination of Lt. Gen. Paul Nakasone to serve as the next director of the National Security Agency and the chief of U.S. Cyber Command. The Senate Armed Services Committee, which also has jurisdiction over the nomination, approved him last month. Now, his nomination will be considered by the full Senate. If confirmed, Nakasone will replace outgoing NSA Director Adm. Mike Rogers.
And tomorrow, CIA Director Mike Pompeo is slated to appear before the Senate Foreign Relations Committee for his confirmation hearing to serve as President Trump’s secretary of state. Expect him to face questions on Russian interference in the election, his positions on North Korea and Iran, and former secretary of State Rex Tillerson’s plans to reorganize the department.
A LIGHTER CLICK:
Cryptocurrency for kids? (Motherboard)
WHAT’S IN THE SPOTLIGHT:
CYBER COMMAND: A top Department of Defense official on Wednesday said the law enforcement agency expects to have a national cyber posture approach by the time the White House rolls out their cyber strategy in August.
“It should be forthcoming in the near future. We are looking to then enhance our cyber posture approach, which we will be providing by August to sync with that national strategy,” said Kenneth Rapuano, who oversees the DOD’s Defense for Homeland Defense and Global Security.
Tom Bossert, who resigned as the White House Homeland Security Adviser on Tuesday, had played a key role in the efforts to develop a national cybersecurity strategy while serving in the Trump administration.
The White House national approach is expected to focus on boosting the security of federal government computer networks, coming up with a framework that establishes what is good or bad behavior in cyberspace, and directing more federal resources towards improving critical infrastructure.
Rapuano testified alongside Adm. Michael Rogers, the head of the National Security Agency and U.S. Cyber Command, before the House Armed Services Committee about the status of the government’s cyber strategy.
In what could be his last congressional testimony before he retires, Rogers emphasized there is room to grow in cyber but there are improvements already being made.
He highlighted how the government has made a handful of accomplishments this year in addition to touting that the CYBERCOM teams are expected to have full operating capability ahead of schedule.
The NSA chief also highlighted how Joint Task Force Ares, a Cyber Command unit, has a grown in its ability to disrupt ISIS and other extremists groups from using the internet for their means as well as broader military campaigns through cyber.
Rogers identified Russia and China as some of the country’s biggest rivals in cyberspace, while expressing concern that “rogue nations” like Iran and North Korea have “growing capabilities and are using these aggressive methods for cyber.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Paul Ryan is retiring as speaker in January. (The Hill)
Reddit identifies nearly 1,000 accounts linked to Russian troll farm. (The Hill)
Cambridge Analytica acting CEO steps down. (The Hill)
An ousted NSC staffer is joining the Department of Justice. (The Hill)
OP-ED: It’s not just Facebook’s problem. (The Hill)
The Election Assistance Commission is hosting a public forum on election security in Miami next week. (EAC)
States are participating in Homeland Security’s ‘Cyber Storm‘ exercise this week. (CyberStorm)