Overnight Cybersecurity: Fight over feds’ hacking powers moves to Congress

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–I SEE WHAT YOU’RE DOING THERE: Sen. Ron Wyden is trying to block the Justice Department’s request to expand its remote hacking powers, after the Supreme Court signed off on the proposal Thursday. “These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices,” warned the Oregon Democrat, a prominent digital privacy advocate and member of the Intelligence Committee, on Thursday. The proposed alteration to the little-known criminal procedure rules would allow judges to grant warrants for electronic searches in multiple locations or even when investigators don’t know the physical location of a device. The DOJ, which has been working for years on getting the change, insists the revision to what’s known as Rule 41 is a necessary update to match the realities of modern digital investigations. But tech companies such as Google, computer scientists and privacy advocates have decried the potential update, which they believe would give the FBI the authority to hack computers with little oversight. The Supreme Court on Thursday passed the request along to Congress for final approval. If lawmakers give the thumbs-up, or do nothing, the change would go into effect in six months. Wyden said he will soon introduce legislation that would block the revision. “Under the proposed rules,” Wyden said Thursday, “the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once.” To read our full piece, click here.

{mosads}–NEXT STOP, SKYNET: Four House members on Thursday established a new caucus focused on connected and self-driving cars. The House Smart Transportation Caucus comes as autonomous driving is quickly becoming a reality, with internet-enabled devices within vehicles sparking fears of remote hacking. The bipartisan group said it will focus on identifying policies that make sure these new technologies are safe for drivers and secure from digital intruders. “Connected and autonomous vehicle technology is one of the most competitive areas globally for manufacturing, and we need to show the world that we are leading the way in developing technology that will improve car safety and fuel efficiency, reduce congestion, and save lives,” said Rep. Debbie Dingell (D-Mich.), who represents the suburbs of auto-heavy Detroit. Other caucus members also come from areas that play a big role in auto manufacturing. Rep. Joe Barton (R-Texas) has a large General Motors plant in his district and Rep. Joe Wilson (R) hails from South Carolina, a leading American exporter of cars and tires. The final member, Rep. Ted Lieu (D-Calif.), has been a vocal cybersecurity advocate in his first term and recently co-sponsored with Wilson the Security and Privacy (SPY) Car Study Act, a bill that would launch a cross-sector investigation into vehicle cybersecurity. Together, the group will look at a wide range of new-age transportation tools, such as upcoming transit and parking technologies, alternative traffic and freight management systems, and “smart infrastructure,” or structures such as buildings and roads that are embedded with sensors to collect and analyze data. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–A HELPING HAND. The House Homeland Security Committee on Thursday approved a cybersecurity bill from Rep. Joaquin Castro (D-Texas) that aims to help state and local officials battle hackers.

The bill, known as the National Cybersecurity Preparedness Consortium Act, would allow nonprofits, such as universities, to work with the Department of Homeland Security (DHS) on better protecting state and local networks.  

“The cyber threat doesn’t just affect big corporations and the federal government — it affects folks at the local level too,” Castro said in a statement. “This bill will allow communities to learn from our nation’s best cyber experts as they ensure local first responders are equipped to defend against and respond to cyber attacks.”

Here’s the full release on the bill.

 

A LIGHTER CLICK:

–THIS COULD BE THE LAST TIME. Sadly, it likely is. So let’s watch Mick Jagger make sexy-time faces into the camera and look to see if Keith Richards changes expressions once during the entire song.

Check it out, here.

 

A REPORT IN FOCUS:

–LEARNING CURVE. Earlier this week, we reported on the United Cyber Caliphate (UCC), a newly formed hacking group supporting the Islamic State in Iraq and Syria (ISIS) that just released a “kill list” of U.S. government officials and claimed it had infiltrated the State Department.

Now, security firm Flashpoint is out with a research report on the UCC that also looks into the evolution of ISIS’s cyber capabilities.

It’s an interesting read, given the reports that the Pentagon has launched its first full-scale cyber offensive against ISIS in an attempt to disrupt its digital operations.

The House this week also overwhelmingly passed a bill intended to counter ISIS’s online recruitment efforts.

Read the report, here.

 

WHO’S IN THE SPOTLIGHT:

–CHINESE HACKERS. U.S. Steel Corp. is accusing Beijing-backed hackers of stealing proprietary methods for making lightweight steel and passing it to domestic producers seeking a bigger piece of the U.S. auto-making market.

The International Trade Commission has 30 days to determine whether to launch an investigation.

U.S. Steel says it expects any probe “to reveal that the Chinese government disseminated U.S. Steel’s trade secrets to” Chinese steelmakers, “enabling them to manufacture [lightweight steels] that [compete] with U.S. Steel’s products.”

Read on, at The Wall Street Journal, here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

The leaders of the Senate Intelligence Committee on Wednesday upped their push for a bill to ensure the growing availability of commercial encryption does not “undermine the justice system.” (The Hill)

A defense authorization bill that cleared a House committee early Thursday would elevate U.S. Cyber Command and launch a review into whether the agency should still be run by the National Security Agency head. (The Hill)

“Rainbow Six: Siege” players say the game makes their global IP address available to other players, putting those players at risk for DDoS attacks from bitter opponents. (Ars Technica)

Rep. Ted Lieu is working to get his fellow lawmakers to adopt end-to-end encryption to secure their communications. (TechCrunch)

Many developers are posting their Slack login credentials to GitHub and other public websites, a practice that could allow eavesdropping on their conversations. (Ars Technica)

The Sun will face a trial over its alleged phone hacking. (The Guardian)

Yahoo’s security chief on the encryption debate: What’s the greater good? (NPR)

Canada’s Goldcorp Inc on Thursday said its computer network had been compromised and the gold mining company was working to determine the scope of the data breach. (Reuters)

If you’d like to receive our newsletter in your inbox, please sign up here.