Overnight Cybersecurity: Apple lawyer to brief senators on FBI fight

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …

THE BIG STORIES:

–CAN’T ESCAPE IT: The standoff between Apple and the FBI over the locked iPhone used by one of the San Bernardino shooters ended weeks ago, but the feud is still casting a long shadow over Capitol Hill. On Tuesday, representatives from both parties testified before a House subcommittee, while Sen. Orrin Hatch (R-Utah) announced that the upper chamber would receive an off-the-record briefing on Wednesday from the lawyer that led Apple’s legal team during the court battle. Apple refused to obey a court order directing the tech giant to help the FBI unlock the phone. To read more about Wednesday’s briefing, click here. Read on for more details about what Apple and the FBI told Capitol Hill on Tuesday.

{mosads}–ANSWER ME THESE RIDDLES THREE: At Tuesday’s hearing, lawmakers covered a wide array of topics over three hours of testimony from a top FBI official, a senior Apple executive and representatives from law enforcement and the cybersecurity industry. Apple general counsel Bruce Sewell felt compelled to set the record straight regarding accusations that Apple has shared its proprietary source code with the Chinese government, even as it refuses to comply with U.S. government court orders. “I want to be very clear on this: We have not provided source code to the Chinese government,” Sewell told lawmakers. Sewell acknowledged the company was approached by the Chinese government in the last two years to disclose its source code. “We refused,” he said. Representing the FBI, Amy Hess, the agency’s executive assistant director for science and technology, insisted that law enforcement cannot solely rely on outside hackers to access data on locked phones. The bureau recently turned to third-party hackers to help access the iPhone in the San Bernardino case. “That certainly is one potential situation. But these solutions are very case-by-case specific,” said Amy Hess, the FBI’s executive assistant director for science and technology, during a House hearing. “They’re very dependent on the fragility of the system,” she added. “And also they’re very time intensive and resource intensive, which may not be scalable.” That said, the FBI has to tap outside hackers for now, as the agency does not have the internal hacking abilities to keep pace with major tech firms, Hess added. Elsewhere during the hearing, law enforcement officials called for Apple and Google to eliminate fully encrypted foreign communication apps from their app stores. And the New York City Police Department Chief of Intelligence said the department was locked out of 67 Apple devices during a six-month period from October 2015 through March of this year.

–WHAT’S IN THE BOX?!?!?! The government has discovered data on an iPhone used by one of the San Bernardino shooters that has helped rule out outside coordination with ISIS supporters. The information has made investigators more convinced that the two shooters — Syed Rizwan Farook and his wife, Tashfeen Malik — did not have outside help from friends and family, according to CNN, which cited unnamed U.S. law enforcement officials in a report. In particular, the phone showed that Farook did not contact anyone or use encrypted communications during an 18-minute window after the shootings. The FBI had said it is largely unsure what the attackers did during that time. The phone also displayed no evidence that Farook had been in touch with other supporters of the Islamic State in Iraq and Syria (ISIS), according to CNN. The FBI said the device has helped investigators discount several possibilities that it could not have ruled out otherwise. To read our full piece, click here.

UPDATE ON CYBER POLICY:

–FLY SAFELY. The Senate overwhelmingly passed a long-term reauthorization of the Federal Aviation Administration on Tuesday, kicking the measure over to the House, where similar efforts have stalled.

In a 95-3 vote, lawmakers approved an amended bill that would greenlight FAA programs through fiscal 2017. The agency’s current legal authority expires on July 15.

The bill includes cybersecurity provisions that proponents say will help secure an aviation industry under siege from hackers.

Buried in the roughly 300-page offering is a section directing the FAA to “foster a cybersecurity culture throughout the administration.”

Specifically, it would require the agency to identify cyber threats and develop guidelines for responding to a digital attack. The bill would also direct the FAA to integrate cybersecurity measures “at all levels” of the air traffic control system as it moves to NextGen programs. That technology will help guide flights more efficiently but also make it easier for hackers to rapidly infiltrate the entire network.

Read on about the bill’s cyber provisions, here.

LIGHTER CLICK:

–STOP BEING SUCH A CRY BABY. Guys. China is using those important bastions of educational messages Spider-Man and Mr. Bean to explain the importance of protecting state secrets. Spider-Man is crying, unsurprisingly.

Read on, here.

A LAWSUIT IN FOCUS:

–TELL ME MORE, TELL ME MORE. The Electronic Frontier Foundation (EFF) on Tuesday filed a Freedom of Information (FOIA) lawsuit against the Justice Department that seeks to uncover whether the government has ever used secret court orders to force technology companies to decrypt customers’ information.

The suit argues that DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties — like Apple or Google — to provide technical assistance to carry out surveillance, according to EFF.

Read on, from EFF, here.

THE WEEK AHEAD:

WEDNESDAY

–The House Oversight Subcommittee on Information Technology will hold a hearing on federal cybersecurity detection, response and mitigation at 9:30 a.m.

–The House Small Business Committee will hold a hearing on how cyberattacks threaten both small businesses and the federal government at 10 a.m.

WHAT’S IN THE SPOTLIGHT:

–SIGNALLING SYSTEM NUMBER 7. This is how hackers broke into Rep. Ted Lieu’s (D-Calif.) mobile phone — through a global system that connects cell phone networks. Normally, it allows users to roam on other carriers’ networks.

But once hackers have access to the SS7 system, they can access essentially the same amount of information and snooping capabilities as security services.

Read on, at The Guardian, here.

ArsTechnica also goes deep dive on how exactly the hack works, here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Apple received 4,000 requests for device data from American law enforcement in the second half of 2015, according to its most recent transparency report. (The Hill)

A top Republican lawmaker on tech issues said the House should look into whether mobile phone networks are vulnerable to hackers. (The Hill)

Dutch police and prosecutors took down an encrypted communications network Tuesday believed to have been used by criminals in the Netherlands and possibly overseas. (The Associated Press)

On Tuesday, an official from the National Crime Agency (NCA) said that under the proposed Investigatory Powers Bill, the agency could request Apple to remove encryption. (Motherboard)

Hacking team bashes ‘sensationalistic’ media and ‘vigilante’ hacker. (Motherboard)

Some more details have emerged about the backdoor in Juniper products. (Schneier on Security)

Guess how often the average iPhone user unlocks his or her phone every day. (ABC News)

A dark Web market has disappeared. (Motherboard)

If you’d like to receive our newsletter in your inbox, please sign up here: http://goo.gl/KZ0b4A