Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).
PUTIN’ THE INTERNET IN A TIGHTER GRIP: Russia is taking steps to tighten its grip on the internet within its borders, as the nation’s legislature advanced legislation that would test temporarily disconnecting Russia from the global internet.
The first version of the bill was approved by the legislature on Tuesday. It still has two more steps to go before it gets final approval.
{mosads}The bill would require that all internet traffic move through servers physically based in Russia. And it will expand the state-run communications office to oversee that routing.
In a separate move, the Kremlin has also announced that it is planning to build its own version of the Domain Name System (DNS), the records systems used for the internet to direct users to specific domains for websites.
Both decisions are raising eyebrows on Capitol Hill.
“I think it’s rich that Russia is that concerned about” cyberattacks, said Rep. Mike Rogers (R-Ala.), the ranking member of the House Homeland Security Committee.
Others labeled it an attempt to crack down on Russian citizens’ internet access.
“The United States should condemn any action by Russia to tighten government control of the internet and prop up its authoritarian regime,” Senate Intelligence Committee member Sen. Ron Wyden (D-Ore.) said in a statement to The Hill.
“The Trump Administration needs a strategy for addressing barriers to free speech and commerce online, from China’s Great Firewall to the latest threat from Russia,” he added.
Russia has been a leading aggressor in cyberspace.
In a threat assessment released last month, the Office of Director of National Intelligence labeled Russia a “highly capable and effective adversary, integrating cyber espionage, attack, and influence operations to achieve its political and military objectives.”
Gen. Paul Nakasone, the director of U.S. Cyber Command, said in testimony before a Senate committee on Thursday that Russia “certainly provides a very sophisticated threat to our nation,” adding that they had been a threat for several years.
Russian media has described the policy as at least partly in response to the U.S.’s new cyber strategy, which was released last year. National security adviser John Bolton said at the time of the strategy’s launch that the United States would take on a more offensive posture in cyberspace.
More on Russia’s plans for the internet here.
ICYMI ON MONDAY: Iran and China have been carrying out increasingly more aggressive cyberattacks in recent months, The New York Times reported Monday.
Dozens of U.S. entities — including banks, businesses and government agencies — have been targeted in what experts have attributed as an Iranian hacking campaign, multiple sources told the Times.
The hostile attacks, which analysts at the National Security Agency and experts at the security firm FireEye linked back to Iran, pushed the Department of Homeland Security (DHS) to issue an emergency order last month in response, which took place during the record-long partial government shutdown, according to the report.
A spokesperson for FireEye declined to comment, and a spokesperson for DHS did not immediately respond to a request for comment.
Iranian hackers reportedly had become far less active after the Obama administration signed the landmark nuclear deal with Tehran in 2015. The new Iran-attributed cyber activity is believed to be linked to President Trump’s decision to pull out of the deal.
At the same time Iran is becoming more bold in its cyber operations against the U.S., so too is China as it seeks to steal trade and military secrets through cyber means, the Times reported, citing sources that include intelligence officials, lawyers and private security researchers.
News of their growing offensive efforts, which has been largely directed at technology companies and contractors for the Pentagon, comes four years after China had scaled back its cyber espionage efforts following an agreement between then-President Obama and Chinese President Xi Jinping to stop cyberattacks aimed at stealing trade secrets.
After the deal, China largely slowed its cyber espionage efforts for more than a year, but the Times reports that they are now amping up their hacking efforts as Beijing seeks to gain the leading edge in developing artificial intelligence and other sophisticated technologies, as laid out in China’s five-year plan.
Read more on the attacks here.
HARRIS FOR PAPER BALLOTS: Sen. Kamala Harris (D-Calif.) on Tuesday issued a call for states to focus on election security and possibly adopt paper ballot measures, telling a crowd of New Hampshire voters that paper ballots remain the securest way to cast votes.
Speaking at the “Politics & Eggs” breakfast in New Hampshire, the 2020 Democratic contender told attendees that her infrastructure plan as president would include investments in election security at the state level.
“We have proposed that part of the investment in infrastructure has to be upgrading the infrastructure of states around elections,” Harris said Tuesday. “Because guess what? As it turns out, for all that technology has brought us, good and bad, the best way to conduct secure elections? Paper ballots.”
“‘Cause, the way I kind of say it, half joking, is ‘Russia can’t hack a piece of paper,’ ” Harris added.
CUE SHAGGY’S, ‘IT WASN’T ME’: The founder and CEO of Chinese telecom giant Huawei denies in a new interview that his company poses a security threat to the U.S. and has dismissed allegations of links to the Chinese government.
In his first interview with a U.S. outlet, Ren Zhengfei told CBS News that Huawei has never provided information to the Chinese government and never will, according to a clip that aired Tuesday on “CBS This Morning.” He also denied that Beijing could have backdoor access to the company’s technology.
“It is not possible,” Ren said. “Because across our entire organization, we’ve stressed once and again that we will never do that. If we did have that, with America’s advanced technology, they would [have] found that already. So that proves we do not have it.”
Ren’s comments come as President Trump is reportedly preparing to issue an executive order blocking companies like Huawei from next-generation wireless networks in the U.S. known as 5G.
In another interview with the BBC, the CEO also blasted the arrest of his daughter, Huawei CFO Meng Wanzhou, and the Justice Department’s indictments of her and the company. Late last month, the U.S. charged the company and its executives with violating sanctions against Iran and stealing intellectual property.
EXPOSED: A group of patients and health data experts is accusing Facebook of misleading users about how their personal health information can be manipulated and exposed without patients’ explicit permission.
In a Federal Trade Commission (FTC) complaint released publicly on Tuesday, the group alleges that Facebook prompts its users to join online medical support groups under the guise that they are “private” – but does not make clear that users could expose their health data when they join those groups.
“I think the highest-level deception is that they call [these medical support groups] safe,” Fred Trotter, a security researcher and one of the complainants, told The Hill. He pointed out that Facebook executives, including Facebook CEO Mark Zuckerberg, have touted the medical support groups as an opportunity for patients to support one another, while failing to disclose that the group members’ data could be mined for ad targeting and harassment.
Lawmakers want answers: House Energy and Commerce Chairman Frank Pallone, Jr. (D-N.J.) and Rep. Jan Schakowsky (D-Ill.), who chairs the commerce subcommittee, in response to the FTC complaint requested a staff briefing from Facebook.
Pallone and Schakowsky in a letter to Zuckerberg wrote that Facebook “potentially misled Facebook users” into sharing personal health information raises “concerns about Facebook’s privacy policies and practices.”
Facebook responds: A Facebook spokesperson in a statement to The Hill said the company looks forward to “briefing the committee about how these products work.”
“It’s intentionally clear to people that when they join any group on Facebook, other members of that group can see that they are a part of that community, and can see the posts they choose to share with that community,” the spokesperson said in a statement to The Hill.
More on Facebook’s handling of health data here.
COMING CLEAN: Twitter announced Tuesday it will launch tools in the European Union (EU) aimed at promoting transparency over who pays for political ads on its platform and how those ads are promoted on users’ feeds.
The social media giant said in a blog post that it will extend the strategies it used during the 2018 U.S. midterm elections to the EU, as well as to India and Australia ahead of elections in both of those countries.
The move comes shortly after the European Commission called on tech giants to step up their efforts in combatting fake news ahead of the European parliamentary elections in May.
The details: Twitter will now require political advertisers to go through a certification process before they are allowed to promote ads on the platform, and the social media company will offer users the option to explore details about the groups behind such ads.
The company said it will begin enforcing the new policies in the EU, India and Australia starting March 11.
“Only certified advertisers will be allowed to run political campaigning ads on our service [at that time],” Twitter wrote in the blog post. “Political advertisers must apply now for certification and go through the every step of the process.”
The tools will allow users to browse the billing information, demographic targeting and ad spending details behind each political advertisement.
It will also require political advertisers to prove that they are not a foreign entity seeking to interfere in regional elections.
Read more on Twitter’s changes here.
AND GOING GREENER: Major online retailer Amazon is making a push to halve the carbon footprint of its shipments by 2030.
The company, which relies largely on shipping packages across the globe, said Monday it ultimately aims to make all its shipments carbon neutral.
The new push, titled “Shipment Zero,” ultimately aims to make all of the retailer’s shipments have a carbon footprint of zero. The company says it plans to meet its 2030 goal by utilizing electric vans, using renewable energy sources such as solar power and pushing more retailers to reuse packaging. It also hopes the rise of aircraft biofuels will aid in its plan.
“It won’t be easy to achieve this goal, but it’s worth being focused and stubborn on this vision and we’re committed to seeing it through,” Amazon said in a statement.
NEED FOR SPEED: Russian threat actors are able to enter and then move through a targeted network significantly faster than actors from any other nation state, according to a new report released Tuesday.
Security firm CrowdStrike found that it takes Russian actors less than 19 minutes to move within a network that they’ve compromised. That’s a major gap between those countries’ actors and the next fastest-moving hackers out of North Korea, who generally take about two hours and 20 minutes to make their next move in a victim’s system.
Chinese actors were found to be the next fastest, making lateral movements in a network about 4 hours after having initially compromised it.
The CrowdStrike report states that there may be several unknown reasons why a hacker might not immediately move once they’ve accessed a victim’s network. But the researchers noted that cyber actors likely have to move faster to avoid being detected as technology improves.
QUITE TAXING: New Zealand’s government is considering a plan to tax multinational tech corporations at a higher rate, citing a disparity between the taxes paid by New Zealanders and large corporations such as Facebook and Google.
The Associated Press reports that the plan could tax tech companies 2 to 3 percent on the revenue they generate in the country, which Prime Minister Jacinda Ardern says is necessary to bring fairness to New Zealand’s tax code.
“Our current tax system is not fair in the way that it treats individual taxpayers and the way that it treats multinationals,” the prime minister said, according to the AP.
TECH TRIES TO LEARN FROM HQ2: Amazon’s decision to scrap its plans for a second headquarters in New York City, dubbed HQ2, stunned both the tech world and its critics this week, raising new questions about the industry’s ambitious expansion plans and their dealings with state and local governments.
Experts say Amazon’s plans for New York were disrupted by the public backlash against large tax breaks for corporate America. And they say the company’s case could draw new fault lines for other tech companies over the deals they strike and how they handle the publicity over their growth and wealth.
“Companies are going to be more cautious in how they go about negotiating these subsidy deals [after Amazon],” Carl Davis, research director of the Institute on Taxation and Economic Policy, told The Hill.
“I think it’s unrealistic to think they’re going to start turning down subsidies entirely,” Davis added. “But I think they’re going to know that if they push too hard and ask for too much and word gets out, the public may not view that favorably.”
Activists in New York City pushed against Amazon for a number of reasons. They took issue with the tech company’s business ties to Immigration and Customs Enforcement, which they said was an affront to Queens’ significant immigrant population. They said Amazon’s new offices would drive up rents and displace poor residents. The labor-friendly city also balked when an Amazon executive said the company would not remain neutral if workers tried to unionize.
But local lawmakers and advocates expressed the most outrage over the public nature of Amazon’s search for a second headquarters, which prompted New York City to offer $3 billion in state and city tax breaks to woo Amazon.
Predicting the fallout: But some tech watchers question how much of an impact the HQ2 debate will have.
{mossecondads}”Amazon said in its own statement that it’s going to continue to grow in New York and that it isn’t going to be looking for an HQ2,” Mitchell told The Hill. “They talked about these 25,000 jobs coming in over a 10-year timeline.”
“I wouldn’t be that surprised to find in 10 years that they had 25,000 jobs in New York,” Mitchell added.
A LIGHTER CLICK: It’s a double standard for sure.
AN OP-ED TO CHEW ON: Iran faces a long road before using blockchain to evade US sanctions.
NOTABLE LINKS FROM AROUND THE WEB:
A deep dive on the recent DNS hacking campaign. (Krebs on Security)
Partisan rift threatens federal data-privacy efforts. (The Wall Street Journal)
The Wired guide to your personal data (and who is using it). (Wired)
Facial recognition software regularly misgenders trans people. (Motherboard)
Cisco’s latest annual report on mobile data trends. (Cisco)