Overnight Cybersecurity

Hillicon Valley: Georgia officials launch investigation after election day chaos | Senate report finds Chinese telecom groups operated in US without proper oversight

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

ELECTION SECURITY CHAOS: Georgia Secretary of State Brad Raffensperger (R) vowed to launch an investigation into the chaos during Tuesday’s primary elections that saw long lines and confusion in parts of the state.

“The voting situation today in certain precincts in Fulton and Dekalb counties is unacceptable,” Raffensperger said in a statement. “My office has opened an investigation to determine what these counties need to do to resolve these issues before November’s election.”

New machines: Tuesday’s elections saw one of the first major tests for Georgia’s new voting systems, which were bought by the state following a federal ruling last year that required Georgia to phase out paperless voting machines by 2020. 

Many voting issues on Tuesday stemmed from these new machines, provided as part of a multimillion dollar contract with Dominion Voting Systems. 

“Obviously, the first time a new voting system is used there is going to be a learning curve, and voting in a pandemic only increased these difficulties,” Raffensperger acknowledged. “But every other county faced these same issues and were significantly better prepared to respond so that voters had every opportunity to vote.”

Kay Stimson, the vice president of Government Affairs at Dominion, told The Hill that the company had a “command center” in Georgia and had “teams deployed around the state” to respond to any reported issues with Dominion equipment. 

Many of the reported concerns were in Fulton County, which encompasses much of central Atlanta. Mayor Keisha Lance Bottoms (D) tweeted that at one point “none of the machines” in one precinct were working.

Stimson said that in Fulton County, one issue stemmed from the delivery of “poll pads” used to check voters in, and pointed to issues with “consolidating polling places last minute” due to changes from the COVID-19 pandemic.

Voter suppression concerns: Raffensperger announced the investigation in the midst of strong criticism from officials including former Democratic presidential candidate Sen. Kamala Harris (D-Calif.) that the confusion was leading to “voter suppression.”

Read more.

 

SENATE REPORT ON CHINESE TELECOM: Three Chinese telecommunications firms were allowed to operate for roughly 20 years in the U.S. without appropriate oversight, according to a bipartisan report released by the Senate Permanent Subcommittee on Investigations released early Tuesday.

The report focuses on China Telecom Americas, China Unicom Americas and ComNet USA, claiming that appropriate agencies have failed to respond to national security threats they pose.

The Federal Communications Commission (FCC) relied on “Team Telecom” — an informal group drawing from the departments of Justice, Homeland Security and Defense — for its national security oversight of foreign telecom companies, according to the report.

But the group allegedly lacked the statutory authority or resources to fill that role.

Team Telecom only visited China Telecom Americas and ComNet USA twice in a decade and never interacted with China Unicom Americas, according to the report.

The report calls on the FCC to conduct a full review of the three companies and establish a clear process for revoking authorizations if need be.

It also lays out a series of steps for Congress to take on the issue, including formalizing Team Telecom and giving it official authority while preserving its composition.

The members wrote in the report that the administration “recently issued an executive order establishing a formal committee to review the national security and law enforcement risks posed by foreign carriers operating in the United States.”

However, the members concluded that “the new committee’s authorities remain limited, and as a result, our country, our privacy, and our information remain at risk.”

Read more.

 

STEALING FROM THOSE IN NEED: A top official with the U.S. Secret Service said Tuesday that coronavirus-related fraud could lead to $30 billion in federal relief funds being stolen by criminals. 

“Congress has appropriated nearly $3 trillion to support the American economy, the largest-ever economic stimulus package in U.S. history,” Secret Service Assistant Director Michael D’Ambrosio testified during a Senate Judiciary Committee hearing on coronavirus-related fraud. 

He emphasized that “even if we assume a very low rate of fraud, of just 1 percent, we should still expect more than $30 billion will end up in the hands of criminals. And that is likely an underestimation of the risk, and just one portion of the full range of risks at play.”

D’Ambrosio noted that much of this theft is occurring online, such as through cyber criminals targeting Americans with malicious coronavirus-related phishing emails, or through targeting cyberattacks at the insecure networks of those working from home. 

The Secret Service has taken steps to counter these scams, with D’Ambrosio saying the agency had disrupted “hundreds” of scams and prevented around $1 billion from being lost to malicious actors. 

“Countering criminal schemes seeking to exploit the COVID-19 pandemic has become a primary investigative focus for the U.S. Secret Service, and will remain so over the coming years,” D’Ambrosio said. 

The COVID-19 pandemic has led to a spike in scams against Americans, including those targeting small business relief funds and stimulus checks from the government. 

Read more about the scams here.

 

IBM STOPS FACIAL RECOGNITION: IBM will no longer offer general purpose facial recognition or analysis software, the company’s CEO said in a letter to some members of Congress on Monday.

“IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency,” company CEO Arvind Krishna wrote to Sens. Cory Booker (D-N.J.) and Kamala Harris (D-Calif.) and Reps. Hakeem Jeffries (D-N.Y.), Jerrold Nadler (D-N.Y.) and Karen Bass (D-Calif.).

“We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”

IBM will no longer release software packages or develop, create, research or sell facial recognition software itself, according to the company. 

While facial recognition technology has improved substantially, concerns remain.

Civil rights groups have panned the technology as unwarranted surveillance, while multiple studies have found that it tends to misidentify women and people of color at comparatively higher rates than men and white people.

The National Institute of Standards and Technology, a federal agency within the Department of Commerce, released an expansive study in December finding that the majority of facial recognition systems have “demographic differentials” that can worsen their accuracy based on a person’s age, gender or race.

IBM has tried to address those concerns by releasing a public data set in an attempt to reduce bias in their software.

Krishna wrote in his letter Monday that while technology could be used to increase police transparency, facial recognition could also be misused.

Read more.

 

SENATORS FOLLOW UP TRUMP ORDER: A group of Republican senators on Tuesday asked the Federal Communications Commission (FCC) to “clearly” define when social media platforms should receive protections under Section 230 of the Communications Decency Act.

The letter from Republican Sens. Marco Rubio (Fla.), Josh Hawley (Mo.), Kelly Loeffler (Ga.) and Kevin Cramer (N.D.) comes on the heels of an executive order from President Trump aimed at that same law.

Section 230 gives companies operating online immunity for content posted on their platforms by third parties and allows them to make “good faith” efforts to moderate content.

Trump’s executive order, among other things, directs an agency within the Commerce Department to file a petition with the FCC to clarify the scope of Section 230.

The order implies that a reinterpretation of the rule could make social media platforms more liable for claims based on third-party content, as well as their efforts to moderate their platforms.

Tuesday’s letter focuses on what that review by the FCC could look like.

It says that it is time to “take a fresh look at” the portion of Section 230 that gives immunity for efforts to police platforms, calling the “good faith” standard vague in the statute.

Read more.

 

HONDA HIT BY CYBERATTACK: Japanese car manufacturer Honda was hit Monday night by a cyberattack that temporarily affected production, a spokesperson for the company told The Hill. 

The spokesperson said in a statement on Tuesday that Honda had “experienced a cyberattack that has affected production operations at some U.S. plants.”

The spokesperson added that the cyberattack had not caused a data breach, and that Honda had “resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.”

Honda further told BBC News that the incident had temporarily halted production at manufacturing plants in the United Kingdom, Italy, and Turkey, adding that the “virus had spread” throughout its network. 

According to the BBC, some experts have speculated that the attack may have involved ransomware, a common type of attack that involves hackers locking a network and demanding payment to give users access again. 

Read more.

 

NOTHING TO SEE HERE: Drones manufactured by Da Jiang Innovation that were previously used by the U.S. government have not transferred data to the Chinese company or China’s government, according to a report published Tuesday by consulting firm Booz Allen Hamilton.

The study is the latest to call into question allegations from several lawmakers who have pushed for federal agencies to stop using Chinese-made drones over worries that they share data with the Chinese Communist Party (CCP).

“That’s the allegation that we’ve seen the past two years or more repeated by policymakers and in some cases our competitors as a reason to enact policy that would take away the ability to choose which products to use in a mission,” Brendan Schulman, DJI’s vice president of policy, told The Hill in an interview.

“None of those have been accompanied by evidence or analysis demonstrating that there’s a factual basis behind the allegation.”

Booz Allen Hamilton, which has no business ties to DJI, said it found no evidence of unauthorized data transmissions in its analysis of three drone models used at one point by the U.S. government.

DJI, one of the world’s largest manufacturers of drones, has long held that no data is transferred from its drones to either the CCP or the company itself. Users have the option of storing the images and videos collected by the drones on DJI-run servers.

Read more here.

 

Lighter click: Go check out some books

An op-ed to chew on: Telehealth may finally shift health care to be patient-centered

 

NOTABLE LINKS FROM AROUND THE WEB: 

Some states have embraced internet voting. It’s a huge risk (Politico / Eric Geller) 

Tesla defied county orders so it could restart production. Days later, workers tested positive for the coronavirus. (The Washington Post / Faiz Siddiqui)

250 Microsoft Employees Call on CEO to Cancel Police Contracts and Support Defunding Seattle PD (OneZero / Dave Gershgorn)

Police body cameras at protests raise privacy concerns (CNET / Alfred Ng)

Vast hack-for-hire scheme against activists, corporate targets tied to Indian IT firm (CyberScoop / Jeff Stone)