Overnight Cybersecurity: Senate panel unveils long-awaited encryption bill

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–AS ETTA JAMES SAYS…: At last, the official draft of the long-awaited Senate Intelligence Committee encryption bill has arrived. The measure, from Chairman Richard Burr (R-N.C.) and ranking member Dianne Feinstein (D-Calif.), would force companies to provide “technical assistance” to government investigators seeking locked data. Little has changed in the bill since an initial discussion draft was first made public by The Hill last week. The measure still states that a company must provide “information or data” to the government “in an intelligible format” when served with a court order. If the company cannot meet this standard, it must offer “technical assistance as is necessary to obtain such information or data,” according to the language. One significant addition since last week’s leaked draft is a section specifying exactly when the government can seek a court order compelling companies to provide technical help. The measure lists crimes resulting in death or “serious bodily harm,” federal crimes against a minor, serious violent felonies and federal drug crimes. The measure would also apply to foreign intelligence, espionage and terrorism cases. “No entity or individual is above the law,” said Feinstein. Within minutes, there was already a filibuster threat on the bill from Sen. Ron Wyden (D-Ore.). “Americans who value their security and liberty must join together to oppose this dangerous proposal,” the tech-focused lawmaker said. “I intend to oppose this bill in committee and if it reaches the Senate floor, I will filibuster it.” Overall, the measure faces an uphill slog on Capitol Hill. To read more about the bill, click here. To read more about Wyden’s comments, click here.

{mosads}–YOU’VE GOT SOME WORK TO DO: Europe’s privacy regulators on Wednesday urged the European Commission to resolve concerns that the scope of U.S. surveillance allowed under a pending U.S.-European Union data transfer deal is too broad. “The possibility that is left in the [Privacy] Shield for bulk collection which if massive and indiscriminate is not acceptable,” said Isabelle Falque-Pierrotin, chairwoman of the group of 28 data protection authorities. The so-called Privacy Shield is intended to replace a 2000 agreement that allowed U.S. firms to legally handle European citizens’ data. It was struck down in October over privacy concerns, leaving negotiators racing to craft the new arrangement. Falque-Pierrotin also expressed concern that a U.S. privacy ombudsman at the State Department, established by the deal to handle complaints that national security agencies have violated privacy rights, would be ineffective. “We don’t have enough security guarantees in the status of the ombudsperson,” Falque-Pierrotin said. The working party’s nonbinding opinion has been tensely awaited as a barometer for the deal’s ultimate viability — and quickly came under fire from tech groups. “We are disappointed that the Article 29 Working Party has not affirmed the adequacy of the EU-US Privacy Shield Framework,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation, a technology think tank. “Given the crucial importance of transatlantic data flows to the global digital economy, the national data protection authorities should not try to hold the digital economy hostage to extract further tweaks to the agreement.” To read about the opinion, click here. To read about tech’s reaction, click here.

UPDATE ON CYBER POLICY:

–PILING ON. The tech community already expressed concerns about the draft version of the Burr-Feinstein encryption bill that was leaked last week. But the mobile application industry in particular came out strongly against the measure on Wednesday.

Here’s two examples:

“Data is either encrypted or it is not, and the technical assistance that this legislation mandates is not feasible nor is it in the country’s best interest.” — Application Developers Alliance CEO Jake Ward.

“The Burr-Feinstein bill makes broad, worrisome presumptions about the tech industry. The proposed legislation would be ineffective in reaching its goals, and instead turn app distribution platforms into choke points for the successful mobile app ecosystem that Americans depend on every day.” — ACT | The App Association Executive Director Morgan Reed.

LIGHTER CLICK:

–YEP. From The Onion: “Bold Intern Giving Parents Tour Of Office”

“Brazenly strolling through the rows of desks while pointing out the firm’s various departments to his two guests, Lodestone Media intern Nate Kapper, 19, made the incredibly bold move of giving his parents a tour of the company’s offices Wednesday, sources reported.”

Some pretty good nuggets in this one, including “the cavalier 15-hour-a-week employee” and “the teenager who earns a $350 monthly stipend.”

Read on, here.

A MEMO IN FOCUS:

–The Obama administration is considering a proposal to kill off the lowest tier of classification amid escalating scrutiny on top government officials’ ability to safeguard sensitive information.

In a memo circulated to intelligence agency leaders last month, Director of National Intelligence James Clapper asked for feedback about getting rid of the “confidential” level of classification.

“This action could promote transparency,” Clapper wrote to the heads of the CIA, Defense Intelligence Agency and three other federal intelligence offices in his three-page memo.

In addition to “confidential,” the government also marks sensitive information as “secret” and “top secret.”

Eliminating the lowest level of classification would have a dramatic effect on the number of classified documents created by the government.

It also could have beneficial effects for Democratic presidential candidate and former Secretary of State Hillary Clinton, whose private email server contained thousands of messages now considered classified. The vast majority of the roughly 2,000 documents on Clinton’s machine are considered confidential.

To read our full piece, click here.

THE WEEK AHEAD:

THURSDAY

–The House Transportation Committee will look at whether the U.S. is prepared to handle the aftermath of a cyberattack on the electrical grid at 10 a.m.

–The Atlantic Council will host a discussion on the cyber dimension of the Ukraine crisis at 4 p.m.

–The House Subcommittee on Research and Technology will hold a hearing on the IRS’s cybersecurity measures at 10 a.m.

WHO’S IN THE SPOTLIGHT:

–GRAY HAT HACKERS. The Washington Post reported that the FBI paid professional hackers “a one-time flat fee” for discovering the previously unknown software flaw that let investigators crack into one of the San Bernardino shooter’s iPhone without Apple’s help.

According to The Post, at least one of the researchers is considered a so-called “gray hat” hacker, or a security researcher who discovers and sells software defects to governments or companies to help them make surveillance tools.

These researchers are controversial in the tech community. Many security specialists believe any previously undiscovered flaw should be flagged for the company, so it can close the gap and block nefarious hackers and spies from using that entry point.

To read our full piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Capitol Hill is stepping up pressure on the Obama administration to detail how it is combating the rise of digital extortion. (The Hill)

The House will take up a popular email privacy bill during the last week of April, House Majority Leader Kevin McCarthy (R-Calif.) said Wednesday. (The Hill)

Twitter and the Islamic State in Iraq and Syria (ISIS) are in a deadlock on a social media battlefield. (The Wall Street Journal)

The FBI may be sitting on a Firefox vulnerability. (Motherboard)

A well-known social media journalist is set for sentencing after he was convicted of conspiring with the hacking group Anonymous to break into the Los Angeles Times’ website and alter a story. (CBS)

During the second half of last year, Uber said it processed 415 requests from law enforcement agencies and provided at least some data in 85 percent of the cases. (ABC News)

The U.S. military confirmed it is using cyber capabilities against ISIS. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A