Overnight Cybersecurity: House to offer bill on government hacking powers

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you…

THE BIG STORIES:

–GAINING STEAM: Rep. Ted Poe (R-Texas) is set to offer the companion to a Senate bill blocking a Justice Department request to expand federal hacking powers. At issue is a proposed amendment to little-known criminal procedure rules that will take effect in December unless Congress acts. The Senate legislation, a one-page bill from a bipartisan group led by Sen. Ron Wyden (D-Ore.), would prevent those changes to what’s known as Rule 41. The changes would allow judges to grant a single warrant for multiple electronic searches in different locations — even when investigators don’t know the physical location of a device. The feds argue broader search powers are needed to keep pace with the rapidly progressing technology that criminals use to mask their identities online. But civil liberties advocates — and some tech companies — are horrified by the proposal. Allowing multi-district, multi-computer searches, they say, would allow the government to conduct bulk hacking with very little oversight. “When the public realizes what is at stake, I think there is going to be a massive outcry: Americans will look at Congress and say, ‘What were you thinking?'” Wyden wrote in a Medium post announcing his legislation. Poe is joined by Reps. Zoe Lofgren (D-Calif.) and Blake Farenthold (R-Texas), as well as House Judiciary Committee Ranking Member John Conyers (D-Mich.). The bill is expected to drop Tuesday night. To read our full piece, click here.

{mosads}–PUT ME IN, COACH: Apple has rehired the cryptography expert behind the secure communications platforms Silent Circle, PGP Corp and Blackphone to boost the security features on its devices. Jon Callas, who worked at Apple in the 1990s and again between 2009 and 2011, rejoined the tech giant in May, a spokesperson said. The company declined to elaborate on Callas’ role, but the move fits with repeated company assertions that it will continue to strengthen the security protections on its devices. Apple’s robust encryption algorithms have been at the heart of the high-profile dispute between the law enforcement community and Silicon Valley over the degree of access that authorities should have into secure communications. To read our full piece, click here.

–GOTCHA: A man linked to the 2014 leaks of nude celebrity photos — known as “Celebgate” — has pleaded guilty to felony computer hacking charges. Ryan Collins, of Lancaster, Pa., pleaded guilty to one count of unauthorized access to a protected computer for a phishing scheme that gave him entry to over 100 Apple and Google email accounts. But investigators have not uncovered any evidence linking Collins to the actual leaks or showing that Collins shared or uploaded the information he obtained, according to the Justice Department. The incident exposed personal images of more than 100 individuals, including nude photos of some female celebrities. A-listers Jennifer Lawrence, Kirsten Dunst, Kate Upton and others have verified the authenticity of the images. Collins admitted that beginning in 2012, he sent emails to victims disguised to appear to be from Apple or Google, asking that the recipients provide their usernames and passwords. Collins used the information he received to access victims’ email accounts and obtain personal information, including nude photos. In some cases, he would use a software program to download the entire contents of victims’ Apple iCloud backups. To read our full piece, click here.

 

UPDATE ON CYBER POLICY:

–KEEPING AN EYE ON THINGS. The House easily passed legislation on Tuesday to authorize intelligence agency activities for the next year with provisions to prevent officials from manipulating reports on combating terrorism.

The annual policy bill, which passed 371-35, with one lawmaker voting “present,” outlines directives across the 16 U.S. federal intelligence agencies.

The measure was drafted in the wake of allegations that officials within the Pentagon’s Central Command had manipulated analysis to present an overly rosy view of the U.S.’s fight against the Islamic State in Iraq and Syria (ISIS), which threatens to develop into a major controversy for the Obama administration.

As a result of those concerns, Tuesday’s bill aims to prevent meddling with intelligence reports, and makes it easier for whistleblowers to bring their concerns to Capitol Hill.

House Intelligence Committee Chairman Devin Nunes (R-Calif.) warned that more needs to be done to combat the terrorist group.

“Regrettably, we have not prevented ISIL from establishing a safe haven. And the group has become skilled at hiding from Western intelligence services,” Nunes said, using an alternate acronym for ISIS.

Among other things, the bill would also order the Department of Homeland Security (DHS) to coordinate with the Director of National Intelligence to submit a report to Congress on the threat of cyberattacks on U.S. seaports.

The proposal would delegate the undersecretary of Homeland Security for Intelligence and Analysis — currently Francis X. Taylor — to submit the report to congressional intelligence committees.

To read about the passage of the bill, click here. To read our full piece about the maritime cybersecurity provision, click here.

 

A LIGHTER CLICK:

–HERE’S WHAT WOULD HAPPEN…if Ted Cruz were your husband.

Gotta get while the gettin’s good on The Toast. If you’re as sad as we are, here’s the pitch meeting for Wishbone and some wise words about owl faces, ranked.

 

A LOOK AHEAD:

WEDNESDAY:

–The Senate Foreign Affairs Committee will question a State Department official on international cyber strategy, also at 10 a.m.

–The House Oversight Committee will examine federal agencies’ reliance on outdated technology, at 9 a.m.

–The House Energy and Commerce Committee will hold a hearing on cybersecurity responsibilities at the Department of Health and Human Services at 10 a.m.

 

A LETTER IN FOCUS:

–GETTING A LITTLE WORRIED HERE. Banking software used globally is drawing more scrutiny on Capitol Hill after the recent high-profile breach of Bangladesh’s central bank resulted in an $81-million cyberheist.

A leading Democrat on the House Financial Services Committee pressed bank regulators on their response to the apparent weaknesses in SWIFT’s networks.

“While none of the breaches reported to date have involved cyber criminals compromising a U.S. bank’s security environment to steal the U.S. bank’s SWIFT credentials, I remain deeply concerned about U.S. banks’ exposure to these new, sophisticated cyber attacks,” Rep. Carolyn Maloney (D-N.Y.) wrote in a letter to the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp on Monday.

Read the full letter, here.

 

WHAT’S IN THE SPOTLIGHT:

–ENCRYPTION. (AGAIN.) (SORRY.) An FTC commissioner on Tuesday came out firmly on “Team Encryption.”

“I think mandating backdoors is a terrible idea,” Commissioner Terrell McSweeny said at a briefing on Capitol Hill hosted by the tech trade group the Internet Association, citing security risks associated with the proliferating Internet of Things.

She called encryption “one of our best tools” and vital to the “future [of] privacy in a heavily digitized world.”

Read on, at The Daily Dot, here.

 

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

A top consumer protection regulator will consider the ways companies disclose information, including their privacy policies, to customers. (The Hill)

SWIFT said on Tuesday it plans to launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist. (Reuters)

The National Security Agency “usually gets what [it’s] after” when it chooses to keep a zero-day secret, NSA Deputy Director Rick Ledgett says. (U.S. News)

Surveying 4,000 adults in the U.S. and UK, Gigya found that 18- to 34-year-olds are more likely to use bad passwords and report their online accounts being compromised. (NextGov)

 

If you’d like to receive our newsletter in your inbox, please sign up here.