Hillicon Valley: Lawmakers angered over Border Patrol breach | Senate Dems press FBI over Russian hacking response | Emails reportedly show Zuckerberg knew of Facebook’s privacy issues | FCC looks to improve broadband mapping
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).
BORDER (DATA) BREACH: Lawmakers are expressing alarm and demanding answers over a recent data breach involving U.S. Customs and Border Protection (CBP), the latest in a series of incidents that is underlining the severity of cybersecurity threats to both agencies and businesses.
The CBP incident involved a subcontractor of the agency, who had stored photos from a CBP database, being breached by a malicious actor. The breach resulted in the exposure of images of as many as 100,000 people entering and exiting the U.S. over the period of a month and a half.{mosads}
CBP, which is not revealing the name of the subcontractor involved, told The Hill that it is working with Congress and with its own Office of Professional Responsibility to investigate the data breach.
The agency stressed that the subcontractor involved had transferred the photos to its own systems “in violation of CBP policies and without CBP’s authorization or knowledge.” And the agency said that no identifying information was included with the photos.
Lawmakers want to hear more: But those assurances did little to assuage lawmakers on Capitol Hill. Lawmakers from both parties have expressed dismay over the breach and committees in both the House and Senate with jurisdiction over the agency were considering further actions.
Sen. Gary Peters (D-Mich.), the ranking member of the Senate Homeland Security and Governmental Affairs Committee, told The Hill that while he is interested in looking into the CBP breach, he wants to make sure he has “all the facts” before moving forward.
“Right now it’s just about getting a better sense of exactly what happened, how it happened, and then we’ll figure out appropriate steps to take from that point forward,” Peters said. “We never like breaches, they should never happen, but it shows we have to harden our defenses.”
A spokesperson for Sen. Ron Johnson (R-Wis.), the chairman of the Senate Homeland Security Committee, declined to comment. But across the Capitol, lawmakers are looking more closely into the government’s collection of data on travelers.
House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) announced that his committee would hold hearings next month to examine the collection of biometric information by the Department of Homeland Security (DHS), which includes CBP.
Thompson also noted that he wants to ensure “we are not expanding the use of biometrics at the expense of the privacy of the American public.”
Homeland Security Committee ranking member Mike Rogers (R-Ala.), used the breach to criticize DHS’s handling of cybersecurity challenges, saying in a statement to The Hill that “the agency is ill-equipped to handle emerging cyberthreats.”
Read more on the breach and reaction here.
INVESTIGATING THE INVESTIGATOR: Sens. Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.) are demanding answers from the FBI on its response to Russia attempting to hack voting machine company VR Systems during the 2016 presidential election.
The incident was revealed in special counsel Robert Mueller’s report, which said Russia in August 2016 targeted employees of “a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.”
The company wasn’t mentioned in the report, but VR Systems has since been confirmed as the targeted company.
In a letter to FBI Director Christopher Wray on Wednesday, Klobuchar and Wyden asked the FBI what steps it took after VR Systems alerted the FBI in August 2016 that it had found suspicious IP addresses on its systems.
“VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests that the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced,” the senators wrote.
During the 2016 elections, several VR Systems voting machines failed in Durham County in North Carolina, leading to some voters being turned away from the polls.
The senators questioned the FBI on whether it had investigated those machines for attempted hacking, and also how the FBI is ensuring that local and state election officials “feel comfortable reporting potential cybersecurity incidents” to authorities.
The Department of Homeland Security agreed last week to conduct an investigation of voting equipment in Durham County.
Klobuchar and Wyden gave Wray until July 12 to respond to their questions.
IT’S ALWAYS THE EMAILS THAT GET YA: Facebook has turned over internal emails to regulators that appear to show that CEO Mark Zuckerberg was at least partially aware of third parties amassing user data from the social network, according to The Wall Street Journal.
The Journal, citing people familiar with the emails, said that documents handed over to the Federal Trade Commission (FTC) show Zuckerberg’s close involvement in addressing third-party data collection on Facebook’s platform.
In April 2012, Zuckerberg asked his employees about an app purported to have amassed a database of millions of Facebook users’ information gleaned from the platform. Facebook employees responded that it was possible the app had collected the data, but that it would be complicated for Facebook to intervene.
The Journal did not review the emails in question but rather relied on its sources’ characterization of the documents.
The report comes amid heightened scrutiny over Facebook and other tech giants’ handling of user data and privacy.
SWIPE FOR LESS SECURITY: Drivers of electric vehicles could become the target of cyber criminals if new state rules requiring the use of credit card readers at charging stations go into effect, according to a report from nonprofit Digital Citizens Alliance released on Tuesday.
Currently, many electric car charging stations accept online payments from a customer’s smart phone, eliminating the need for physical payments.
However, several states such as California, Vermont, Arizona and Nevada, are considering mandating that electric car charging stations include magnetic strip readers for credit cards.
Digital Citizens Alliance warned that using credit cards readers could significantly increase the chances of electric car drivers having their cards “skimmed” by hackers on devices illegally installed on the readers.
The skimmers referenced in the report are described as “easy-to-obtain devices engineered to steal credit card data.”
Skimmers have already been a problem at gas stations around the country, where cyber criminals can install them within seconds, with the devices difficult for customers to spot.
Stolen data from credit card readers costs Americans around $16 billion per year, according to the Digital Citizens Alliance.
PINTERESTING…: An anti-abortion group said Tuesday it was permanently banned from Pinterest for spreading “harmful misinformation.”
Live Action, one of the largest anti-abortion groups with a strong social media following, tweeted Tuesday it had been suspended and added to a list of “blocked pornography sites,” according to BuzzFeed.
“BREAKING: @Pinterest has permanently BANNED Live Action from the platform and marked all links to our website as ‘porn,'” Live Action tweeted.
Live Action shared a screenshot of an email from Pinterest stating the account was permanently suspended for content that goes against the social media platform’s policies.
“We don’t allow harmful misinformation on Pinterest. That includes medical misinformation and conspiracies that turn individuals and facilities into targets for harassment or violence,” according to the email shared by Live Action.
Pinterest did not immediately respond to comment from The Hill.
According to BuzzFeed, Pinterest said the group was suspended for “misinformation related to conspiracies and anti-vaccination advice, and not porn.”
“Sometimes our internal tools have legacy names for the technology that enforces some of our policies,” a Pinterest spokesperson told BuzzFeed. “This technology was named years ago to combat porn, and has since expanded to a variety of content despite retaining its original internal name. We are updating our internal labeling to make this clear.”
The move comes months after Pinterest acted to block vaccine-related searches on its website in an effort to crack down on the spread of misinformation related to the anti-vaccine movement.
BUT THE MAPS: The Federal Communications Commission (FCC) is planning to vote this summer on a proposal aimed at improving the agency’s data collection practices to gauge nationwide access to high-speed broadband.
FCC Chairman Ajit Pai said at a Senate hearing Wednesday that he will circulate an order and report that would “result in more granular and more accurate broadband maps.” The commission will vote on the proposal at its monthly meeting in August.
Pai said his proposal would require broadband providers to report where they currently offer service. Right now, broadband providers tell the FCC where they could provide service rather than where service already exists, which critics have said allows them to misrepresent the amount of people with access.
The current maps have been widely panned for overestimating how many people have access to high-speed internet. Because the FCC uses the maps to determine where to devote billions of dollars in broadband investment, the issue has drawn intense scrutiny from people who say they are being overlooked.
The Republican FCC chairman added that his proposal would ask providers to report data below the census block level, resulting in a more detailed picture of who has access.
At the Senate Commerce Committee hearing Wednesday, Commissioner Jessica Rosenworcel (D) said it is “wasteful and irresponsible” for the FCC to continue distributing billions of dollars each year to build broadband “without a truly accurate picture of where service is and is not.”
Unexpected announcement: Sen. Brian Schatz (D-Hawaii) asked Pai whether he had consulted with the Democratic commissioners before announcing his proposal.
“I don’t believe any of my colleagues knew,” Pai said.
Schatz criticized the chairman, saying, “You just sprung an announcement on your fellow commissioners. I could see in their face they went, ‘Huh, that’s interesting.'”
“I had my staff text to figure out if they were as surprised as they looked and in fact, they are,” Schatz said. “It is not enough to assign individual projects to members. They have to be in the loop so that you’re working together as a commission.”
Read more on the proposal here.
AN OP-ED TO CHEW ON: America can take more actions to cut tech supply chain risks
A LIGHTER CLICK: I don’t know who needs to hear this but…
NOTABLE LINKS FROM AROUND THE WEB:
As he blocks election security bills, McConnell takes checks from voting machine lobbyists (Sludge)
This picture featuring 15 tech men and 2 women looked doctored. The women were photoshopped in. (Buzzfeed News)
Alphabet-owned Jigsaw bought a Russian troll campaign as an experiment. (Wired)
We read 150 privacy policies. They were an incomprehensible disaster. (The New York Times)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
