Overnight Cybersecurity: Clinton, tech at odds on encryption

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–WHAT WE GOT HERE IS A FAILURE TO COMMUNICATE: Hillary Clinton on Thursday called for Silicon Valley and the government to collaborate on resolving a roiling debate over law enforcement access to encrypted data. “We need Silicon Valley not to view government as its adversary,” the front-running Democratic presidential candidate said in a speech at the Council on Foreign Relations in New York. “We need our best minds in the private sector to work with our best minds in the public sector to develop solutions that will both keep us safe and protect our privacy.” At issue are devices made by Apple, Google and others that are equipped with encryption so strong that the manufacturers themselves can’t decode stored information, even with a warrant. Law enforcement and intelligence officials have long insisted that impenetrable encryption is a danger to public safety, an argument given new impetus in the wake of reports that the terrorists behind last week’s Paris attacks might have used encrypted devices to plan the strikes. But late on Thursday, a major technology industry group pushed back against the increasing pressure for its members to work more closely with government on some type of guaranteed entry point into their encryption. In its first comments since the attacks, the Information Technology Industry Council (ITI) argued that ensuring access to encrypted devices would be ruinous for global security. ITI represents dozens of major tech sector players, including Apple, Google and Microsoft. “Weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy,” said ITI CEO Dean Garfield in a statement. To read more about Clinton’s comments, click here. To read more about ITI’s remarks, click here.

{mosads}–SOMETIMES NOTHIN’ CAN BE A REAL COOL HAND: The hacking group Anonymous is going after Internet services firm CloudFlare for letting pro-Islamic State in Iraq and Syria (ISIS) sites use its tools to help them thwart cyberattacks. The loosely affiliated collective recently renewed its declaration of cyber war on ISIS in the wake of the group’s terrorist attacks in Paris last week. Anonymous hackers have since taken credit for removing thousands of ISIS-linked Twitter accounts, Facebook pages and websites. But Anonymous says CloudFlare is standing in the way of greater action. The group claims ISIS-affiliated sites are using the company’s services to help them thwart cyberattacks, such as distributed denial of service (DDoS) attacks that shut down a Web page by flooding it with traffic. “Anonymous demands @CloudFlare to remove their protection for pro #ISIS websites,” one of the major Anonymous Twitter accounts tweeted late Wednesday. “If you do not, we will do it for you.” CloudFlare hasn’t denied the allegations, instead pointing out that it doesn’t police the content its tools are protecting. In addition to its paid services, CloudFlare also offers free tools that anyone can download. If the company does receive notice of alleged terrorist sites using CloudFlare technology, “Our position is pretty simple,” Matthew Prince, the company’s CEO, told The Hill. “We reach out proactively to law enforcement and ask them what they want us to do.”

–HE GRINS LIKE A BABY BUT BITES LIKE A GATOR: The head of U.S. counterintelligence operations says he is skeptical China is upholding its end of an agreement to halt hacks on U.S. companies. National Counterintelligence Executive Bill Evanina told a briefing on Wednesday that he has seen “no indication” in the private sector “that anything has changed” pertaining to corporate espionage originating in Beijing, according to Reuters. He accused Beijing of stealing technology from industries ranging from wind and solar power generation and hydraulic and oil fracking to drone aircraft. Evanina’s comments come less than a month before U.S. and Chinese officials are scheduled to hold their first ministerial-level dialogue on cybersecurity since striking the anti-hacking pledge in September. That agreement stipulates that neither country shall conduct or support the online theft of intellectual property and other trade secrets. Skeptics have said the pact is toothless and will do nothing to curb widespread Chinese pilfering, which some estimate costs the U.S. economy hundreds of billions of dollars a year. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–MORE, PLEASE. Sen. John McCain is stepping up his campaign to get the Obama administration to take a more aggressive approach to America’s cyber adversaries.

The Arizona Republican, who chairs the Senate Armed Services Committee, sent two letters to top officials on Thursday. Both memos implored the administration to use more of the tools at their disposal to punish foreign hackers, and questioned why the administration was dragging its feet on developing a more complete cyber deterrence policy.

McCain has long leaned on the administration to move more swiftly on a specific strategy to thwart the cyberattacks that have hammered both the government and private sector in recent years.

Read on, here.

LIGHTER CLICK:

–WHY YOU GOTTA GO AND SAY 50 EGGS? Happy 30th birthday, Windows! You’ve come a long way. Check out a visual history of the operating system that started the PC revolution, beginning with Windows 1.0 on November 20, 1980.

See, here.

A LETTER IN FOCUS:

–WHAT’S YOUR DIRT DOIN’ IN BOSS KEAN’S DITCH? The Financial Services Roundtable is pressing lawmakers to remove a provision of a recently-passed cybersecurity bill that the group says would result in undue regulation of its industry.

The so-called Cybersecurity Information Sharing Act, passed in the Senate last month, includes a section requiring the Department of Homeland Security to assess the security of critical infrastructure entities to “ensure that, to the greatest extent feasible” a major cyber incident would not have catastrophic consequences.

“This has nothing to do with voluntary information sharing and, unfortunately, will result in additional regulation of our industry by DHS,” the group wrote in a Thursday letter. “We have strong concerns about Section 407 and urge you to remove it entirely from the final conference report.”

Lawmakers are expected to begin work to combine the Senate offering with two companion House bills soon, although the Paris attacks may delay conference negotiations.

WHO’S IN THE SPOTLIGHT:

–SILENT CIRCLE AND TELEGRAM. A pair of ISIS-endorsed encrypted communication apps have started banning accounts affiliated with the terrorist organization.

In a recently-revealed guide used by the Islamic State to train its followers to remain invisible on the Internet, Silent Circle and Telegram were given ratings of “safest” and “safe,” respectively.  

“We started to look and say, ‘Well, Christ, anybody could buy [Silent Circle services] with a Russian stolen credit card and, really, the address of Penn Station.’ That’s not good stewardship,” said Mike Janke, a former Navy SEAL and co-founded of Silent Circle.

“We were disturbed to learn that Telegram’s public channels were being used by ISIS to spread their propaganda,” read a notice on Telegram’s website. “… As a result, this week alone we blocked 78 ISIS-related channels across 12 languages.”

Earlier this year, Telegram founder Pavel Durov insisted that while he knew terrorists were using his app to communicate, he said the company “shouldn’t feel guilty about it” because in absence of Telegram, the militants would simply move on to another platform.

“I think that privacy, ultimately, and our right for privacy is more important than our fear of bad things happening, like terrorism,” Durov said.

Read on, here and here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

China is seeking to construct its own uncrackable smartphones in an attempt to evade U.S. surveillance programs. (The Hill)

Donald Trump this week said the United States would have to “take back the internet” from ISIS. (Yahoo News)

European Union countries plan a crackdown on virtual currencies and anonymous payments made online and via pre-paid cards in a bid to tackle terrorism financing after the Paris attacks. (Reuters)

NATO nations and allies are battling malware in tablets and infected devices this week in the alliance’s largest cyber drill to date aimed at improving members’ data privacy in crisis situations.

Why it’s hard to draw a line between the Edward Snowden revelations and the Paris attacks. (The Washington Post)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A