Hillicon Valley: Intel officials warned lawmakers Russia interfering in 2020 | Pompeo condemns Russian cyberattack on country of Georgia | Tech activists see Kickstarter union as breakthrough | Pentagon agency suffers data breach
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills).
GUESS WHO’S BACK: Intelligence officials warned House lawmakers last week that Russia is interfering in the 2020 campaign to get President Trump reelected, The New York Times reported Thursday.
The Feb. 13 briefing by top election security officials at the Office of the Director of National Intelligence (DNI) to the House Intelligence Committee reportedly prompted Trump to berate now-former Acting DNI Joseph Maguire, accusing him of disloyalty over the briefing.
Trump reportedly worried Democrats would use the intelligence information against him, particularly citing concerns with House Intelligence Chairman Adam Schiff (Calif.), one of the Democrats who led the impeachment investigation against him, being present during the briefing.
Maguire is now set to step down as acting DNI. He will be replaced by U.S. Ambassador to Germany Richard Grenell. Trump thanked Maguire for his service on Wednesday in announcing the change, tweeting “we look forward to working with him closely, perhaps in another capacity within the Administration!”
The Office of the Director of National Intelligence (ODNI) and a spokesperson for Schiff did not immediately respond to requests for comment on Times report.
Senate Minority Leader Chuck Schumer (D-N.Y.) tweeted Thursday that “now we know why” Republicans in the Senate continue blocking election security bills, linking to the New York Times article.
“They’d rather let Putin win then stand up to President Trump,” he tweeted.
Senate Republicans have repeatedly blocked bills meant to bolster election security, citing concerns around federalizing elections, though Republicans did back $425 million being included in the most recent appropriations bill to help states boost election security efforts.
The Washington Post reported earlier Thursday that Shelby Pierson, the principal adviser at ODNI for election security and the intelligence community’s Election Threats Executive, led last week’s congressional briefing.
U.S. CONDEMNS RUSSIAN CYBERATTACK: Secretary of State Mike Pompeo, along with top foreign officials from almost a dozen other nations, on Thursday strongly condemned a major Russian cyberattack on the country of Georgia that significantly disrupted operations across government and media organizations.
The October attack by Russian intelligence officers disrupted and damaged servers within the Georgian president’s office, the country’s judicial system and multiple government municipalities, and interrupted the broadcasts of at least two major television stations.
Pompeo described the attack in a statement on Thursday as an effort by Russia to “sow division, create insecurity, and undermine democratic institutions,” and noted that it “contradicts” Russia’s claims that it is a responsible state actor in cyberspace.
“The United States calls on Russia to cease this behavior in Georgia and elsewhere. The stability of cyberspace depends on the responsible behavior of nations,” Pompeo said. “We, together with the international community, will continue our efforts to uphold an international framework of responsible state behavior in cyberspace.”
Global reaction: The United Kingdom’s National Cyber Security Centre publicly assessed Thursday with the “highest level of probability” that Russia carried out these attacks, and that the attacks were “part of Russia’s long-running campaign of hostile and destabilizing behavior towards Georgia.”
Georgia’s Ministry of Foreign Affairs said in a statement that the Russian attack represented a “breach of Georgia’s sovereignty,” emphasizing that the attack “disrupted society” along with endangering the Georgian population and national security.
“Georgia will continue to work closely with its partners to strengthen cyber security at the national level to minimize future risks and potential threats,” the ministry said. “We call on the international community to give due consideration to this fact.”
U.K. Foreign Secretary Dominic Raab said the attacks on Georgia were “totally unacceptable,” and vowed the British government would continue exposing Russian aggression in cyberspace.
NOT TOO SHABBY: The Democratic presidential candidates are all doing well on securing their campaigns against cyberattacks, new research released Thursday indicated, highlighting the turnaround on the issue following attacks on the Democratic National Committee (DNC) and the presidential campaign of Democratic presidential nominee Hillary Clinton in 2016.
IT security group SecurityScorecard detailed the cybersecurity improvements made by candidates in a new report, which found that the third-party groups used by campaigns to assist with cybersecurity also scored high in implementing cyber safeguards.
All the candidates were overall judged to be doing well in cybersecurity, with everyone except Sen. Elizabeth Warren (D-Mass.), Sen. Bernie Sanders (I-Vt.) and former New York City Mayor Michael Bloomberg scoring an A grade; those three all got a B.
The campaign of former Vice President Joe Biden scored the highest, receiving a 97 out of 100.
The company noted that a campaign given a B grade or higher was five times less likely to be breached by a cyberattack than campaigns with a C grade or lower.
SecurityScorecard also assessed presidential campaigns for those who have since dropped out of the race, with the only major concerns found in the campaign of tech entrepreneur Andrew Yang, where the company discovered an attack on a third-party event management vendor used by his campaign that could have led to cyber vulnerabilities.
SecurityScorecard cautioned that despite the improvements, no campaign should let down its guard and that some cyber hygiene problems were still an issue.
“Although all signs point to candidates heeding the call of security experts, the landscape of cybersecurity changes daily, if not by the minute,” the company wrote. “No security professional ever feels their defenses, processes, or threat intelligence systems are flawless. Instead, it is a balance of continual improvements and risk analysis.”
DOD BREACH: A Defense Department agency reportedly suffered a data breach last year that may have compromised personal information, including Social Security numbers, of victims involved.
Reuters reported Thursday that the Defense Information Systems Agency (DISA) sent out a letter last week to all individuals affected by the breach, which DISA wrote took place between May and July of 2019.
DISA told victims in the letter, which was also tweeted out by one of the potential victims earlier this week, that “some of your personal information, including your Social Security number, may have been compromised” due to a data breach of DISA’s systems.
DISA did not respond to The Hill’s request for comment on the data breach incident, and the letter did not identify any individuals or groups responsible for the breach.
The agency reportedly told the victims that while “there is no evidence” that suggests any of the personal information stolen has been misused, DISA “takes this potential data compromise very seriously.”
Read more on the incident here.
SPOTLIGHT ON ELECTION ACCESSIBILITY: Disability rights advocates on Thursday urged election officials to focus on accessibility alongside security for U.S. elections and pushed for more technological solutions that would allow all Americans to cast secure votes.
“For people with disabilities, our votes aren’t secure now,” Kelly Buckland, the executive director of the National Council for Independent Living, said at an election accessibility summit hosted by the Election Assistance Commission (EAC) on Thursday. “I believe we could make them more secure through technology that is available today.”
Election security experts have advocated for using more paper ballots to ensure no individual or group can hack the votes, and to ensure no glitch can occur.
However, disability groups on Thursday noted that moving to just paper could make it difficult to vote for blind or visually impaired people, those who have difficulty leaving their homes, or those for whom English is not their first language.
CAN YOU HEAR THE PEOPLE SING: The decision by employees at crowdfunding company Kickstarter to unionize is a historic first in the tech industry, highlighting the growing trend of worker activism in Silicon Valley.
Kickstarter staff on Tuesday became the first white-collar tech workers to unionize, the culmination of more than a year of organizing.
Workers in the tech industry have long sought to organize, but experts who spoke to The Hill cited Kickstarter, a prominent company in the industry, as a sign of a new shift as union efforts have ramped up in recent years and increasingly attracted white-collar workers.
Tech workers have stepped up their efforts to press companies to take strong stances on political issues like climate change while also demanding changes in labor practices such as hiring a more diverse workforce.
The start of the union organizing campaign at Kickstarter, which helps projects raise money, was tied to an internal debate in 2018 about a comic book called “Always Punch Nazis” on the company’s website that received negative coverage from right-wing outlet Breitbart News.
Employees said it did not violate Kickstarters policies, while management disagreed. The comic was ultimately allowed to stay up, but the disagreement itself reportedly led to the creation of Kickstarter United a year later.
That kind of collective action, primarily driven by disagreements over morals and ethics, is the theme of much of the upswell of tech organizing in recent years, according to experts.
“I think that it represents a really interesting shift … from a shareholder conception of capitalism to a stakeholder conception of capitalism,” said Nataliya Nedzhvetskaya, a doctoral student at the University of California, Berkeley and the co-creator of a database that tracks worker activity in the tech industry.
“Traditionally union organizing has been sort of a strategy employed by blue-collar workers. And it revolves around these sort of traditional issues, like higher wages, fighting for benefits, fighting for more flexible work hours. … This action seems to be motivated primarily by more moral issues.”
Read more on the tech worker movement here.
SCHOOLED: New Mexico Attorney General Hector Balderas (D) is suing Google over allegations that the tech giant is collecting reams of personal information about children without proper parental consent, violating a slew of federal and state laws and exploiting local school systems in the process.
After conducting an expansive investigation, Balderas says his office found Google is profiting off of sensitive information about children as New Mexico schools use Google’s free classroom software and computers.
“My investigation revealed that Google tracks children across the internet, across devices, in their homes and well outside the educational sphere, all without obtaining verifiable parental consent,” Balderas wrote in a public letter to Google CEO Sundar Pichai on Thursday.
Under-resourced school districts in New Mexico, and across the U.S. more broadly, use Google’s free educational tools under the premise that Google will not violate children’s privacy.
But according to Balderas, Google has been siphoning off children’s data, including their physical location and their personal contact lists, as the company’s educational tools become more prevalent in the classroom. More than 80 million teachers and students in the U.S. use Google’s free educational products.
“Because Google has used this access to collect massive quantities of data from young children, not to benefit the schools you have contracted with, but to benefit Google’s own commercial interests, I am forced to bring legal action to prohibit this dangerous conduct,” Balderas wrote.
The lawsuit, filed in the U.S. District Court for the District of New Mexico, is seeking penalties as well as an end to the business practices to which Balderas is pointing.
Read more on the lawsuit here.
NEW TWITTER TOOLS: Twitter is experimenting with using colorful labels and other tools to respond to misinformation from political and public figures on its platform, a company spokesperson confirmed to The Hill.
Among the test changes, incorrect or misleading tweets from public figures would be corrected by fact-checkers and journalists who are verified on the platform. The company is also weighing whether to give similar abilities to users who participate in a “community reports” feature.
“We’re exploring a number of ways to address misinformation and provide more context for Tweets on Twitter. This is a design mockup for one option that would involve community feedback,” the Twitter spokesperson told The Hill.
“Misinformation is a critical issue and we will be testing many different ways to address it,” the company rep added.
NBC News first reported on the new features being considered in a demo shared with the outlet.
The Twitter spokesperson said that these particular features are only in early stages of research and there is no date set for a potential rollout.
FTC COMPLAINT AGAINST YOUTUBE: The father of a journalist who was fatally shot on live television filed a complaint Thursday with the Federal Trade Commission against YouTube and its parent company, Google, claiming videos of his daughter’s killing have not been taken down despite numerous requests.
Parker’s daughter, Alison Parker, was killed by a former co-worker during a live broadcast when she was working for CBS affiliate WDBJ in Virginia. The shooter filmed the killing and posted it to YouTube before killing himself.
Andy Parker’s complaint, drafted by the Civil Rights Clinic of the Georgetown University Law Center, argues the videos uploaded on YouTube violate the platform’s own terms of service.
“YouTube claims that it polices its platform for these violent and disturbing videos, when in truth it requires victims and their families to do the policing–reliving their worst moments over and over in order to curb the proliferation of these videos,” the complaint said.
“In Mr. Parker’s case, even videos of his daughter’s murder that were uploaded on the day of her death–nearly five years ago–and have been reported repeatedly since then, remain on the site to this day,” it adds.
The video has been edited by users “in almost every case to increase their shock value” and used to harass Parker and his family, according to the complaint.
A YouTube spokesperson said it has removed “thousands of copies” of the video for violating its policies.
“Our Community Guidelines are designed to protect the YouTube community, including those affected by tragedies. We specifically prohibit videos that aim to shock with violence, or accuse victims of public violent events of being part of a hoax,” a YouTube spokesperson said in a statement.
A LIGHTER CLICK: They have good breakfast sandwiches
AN OP-ED TO CHEW ON: How to save America with artificial intelligence
NOTABLE LINKS FROM AROUND THE WEB:
New Orleans continues to recover from a cyberattack that is costing the city millions (Protocol / Adam Janofsky)
Lawmakers add staff to tech antitrust investigation (Axios / Margaret Harding McGill)
How conservatives learned to wield power inside Facebook (The Washington Post / Craig Timberg)
Bernie: Some of my angriest online bros may be Russian bots (The Daily Beast / Sam Stein)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
