Overnight Cybersecurity

Hillicon Valley: Justice Department announces superseding indictment against WikiLeaks’ Assange | Facebook ad boycott gains momentum | FBI sees spike in coronavirus-related cyber threats | Boston city government bans facial recognition technology

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.

NEW ASSANGE INDICTMENT: The Justice Department on Wednesday announced a superseding indictment in the case against WikiLeaks Founder Julian Assange, alleging that he intentionally worked with hackers affiliated with groups “LulzSec” and “Anonymous” to target and publish sensitive information. 

The new indictment, handed down by a federal grand jury in Alexandria, Va., did not add any charges to the existing 18 charges brought against Assange last year, but alleged that Assange and WikiLeaks actively recruited hackers to provide WikiLeaks with documents. 

Assange is alleged to have provided the leader of hacking group “LulzSec” with a list of groups to target in 2012 in order to obtain information to post to the WikiLeaks platform. 

The new indictment alleges that in one case, Assange gave the LulzSec leader specific documents and pdfs to target and sent to WikiLeaks, and WikiLeaks eventually published information obtained from an American intelligence company by a hacker associated with LulzSec and with Anonymous.

“To obtain information to release on the WikiLeaks website, Assange recruited sources and predicted the success of WikiLeaks in part upon the recruitment of sources to illegally circumvent legal safeguards on information, including classification restrictions and computer and network restrictions,” the indictment reads, noting this was done with the intent to publish the information online. 

The 18 charges unveiled last year alleged that Assange worked with former Army Intelligence Analyst Chelsea Manning in 2010 to obtain and disclose sensitive “national defense information” through conspiring to crack a password tied to a Department of Defense computer. 

WikiLeaks has published thousands of pages of material obtained from Manning, including details around Guantanamo Bay detainees and combat guidelines concerning the wars in Iraq and Afghanistan.

If convicted, Assange faces a maximum of 10 years in prison for each of the existing 18 charges brought against him except for alleged conspiracy to commit computer intrusion, for which Assange could face up to five years in prison.  

Read more here. 

 

FACEBOOK AD BOYCOTT: Facebook is coming under mounting pressure from major companies to rein in hateful content on the platform or risk further loss of ad revenue.

In the past week, companies like Patagonia, The North Face, Ben & Jerry’s and REI have joined the Stop Hate for Profit campaign organized by civil rights groups in the wake of the police killing of George Floyd.

Organizers of the Facebook boycott acknowledge that while previous efforts to change Facebook’s platform have fallen short, the national focus on racial injustice has put a spotlight on all aspects of life, including social media.

“I think the country is reckoning with this legacy of systemic racism in a way that it hadn’t before. You see this playing out in the public square [and] it seems to be playing out in the political arena,” Jonathan Greenblatt, the CEO of the Anti-Defamation League (ADL), told The Hill in an interview Tuesday. “That environment, I think, creates the conditions in which this advertising pause has so much appeal.”

The ADL, NAACP, Sleeping Giants, Color of Change, Free Press and Common Sense launched the Stop Hate for Profit campaign last week, calling on companies to pull their advertising dollars from Facebook for the month of July.

The groups have held private discussions with Facebook CEO Mark Zuckerberg for years about how to improve the way the platform deals with racist, bigoted, anti-Semitic, white supremacist and otherwise violent content. The decision to band together and seek support from advertisers was sparked by Facebook’s handling of the anti-police brutality protests following Floyd’s death.

“There’s been a lot of misinformation,” said James Steyer, founder and CEO of Common Sense.

He said that after Floyd’s death, “there’s been a ton of hate and white supremacist content on the platform, and they just ignore it.”

The campaign comes at a time when Facebook is under internal and external pressure over its handling of President Trump’s rhetoric, especially his posts that are seen as glorifying violence. Zuckerberg has defended the platform’s hands-off approach, but that position has come under increasing fire as other tech companies like Twitter have been more aggressive about attaching warning labels to the president’s comments.

The groups behind the current boycott are calling for Facebook to, among other things, create a threshold for harm where users facing harassment can speak directly with an employee, an internal mechanism for removing ads labeled as misinformation and a system for flagging content in private groups.

Although the campaign was just launched last week, it has already received more than a dozen corporate supporters.

Read more.

 

FACIAL RECOGNITION LEADS TO FALSE ARREST: A failed facial recognition match led to a wrongful arrest in Detroit, the American Civil Liberties Union (ACLU) alleged in a complaint Wednesday.

Robert Williams, a Black man, was held for more than a day in January after his driver’s license photo was matched to surveillance video of a shoplifter.

Officers released him after admitting “the computer must have gotten it wrong,” Williams said. The charge against him has been dismissed.

This case may be the first national example of facial recognition leading to a wrongful arrest, and highlights biases advocates have pointed to in the technology.

The National Institute of Standards and Technology, a federal agency within the Commerce Department, released an expansive study in December finding that the majority of facial recognition systems have “demographic differentials” that can worsen their accuracy based on a person’s age, gender or race. 

The ACLU of Michigan’s complaint calls on the Detroit Police Department to halt its use of facial recognition.

Read more.

 

AND BOSTON BANS: Boston City Council on Wednesday unanimously voted to ban city government from using facial recognition technology.

The new ordinance comes amid refocused scrutiny on facial recognition driven by anti-police brutality protests following the death of George Floyd. The law makes it illegal for city officials to “obtain, retain, possess, access, or use” the controversial software.

Boston is the sixth city in Massachusetts to ban government use of facial recognition, and the largest on the East Coast to do so.

San Francisco and Oakland, Calif., have both passed similar bans.

Boston’s ordinance points to racial and gender biases that plague the technology.

Read more.

 

CYBER SPIKE: A top official at the FBI on Wednesday said that the FBI’s Internet Crime Complaint Center (IC3) has received 20,000 coronavirus-related cyber threat reports this year, as officials sounded the alarm on growing cyber threats to COVID-19 vaccine research.

Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said during a virtual conference hosted by cybersecurity group CrowdStrike that the IC3 was tracking a massive spike in hackers using the COVID-19 crisis to target Americans.

“Already, here we are in the first or second week of June, the IC3 has already had as many complaints up to this point as they did for all of 2019, and that is for all types of internet fraud,” Ugoretz said.

She noted that for just coronavirus-related activity — such as scams, malicious emails, or fraud — the FBI IC3 has received “at least 20,000 complaints.”

The new data revealed Wednesday is a continuation of a trend in increasing cyberattacks and targeting during both the COVID-19 pandemic and the ongoing protests around the death of George Floyd. Major agencies including the World Health Organization and the Department of Health and Human Services have been targeted, while coronavirus-related scams have targeted federal relief funds. 

Ugoretz said in April that the IC3 was receiving between 3,000 and 4,000 cybersecurity complaints per day, an increase from the typical 1,000 complaints per day the IC3 saw prior to the pandemic. 

Read more.

 

NEW SECTION 230 BILL: Sens. Brian Schatz (D-Hawaii) and John Thune (R-S.D.) introduced legislation Wednesday to update legal protections for online platforms.

The Platform Accountability and Consumer Transparency (PACT) Act would create a new method for holding the companies accountable by clarifying Section 230 of the Communications Decency Act to require companies to give consumers more information about their content moderation policies and let users appeal decisions.

Section 230 gives internet companies immunity from lawsuits for content posted on their sites by third parties and allows them to make “good faith” efforts to moderate content.

The bill would also require tech platforms to release quarterly reports on what content has been removed, demonetized or otherwise limited.

It would amend Section 230 to require companies to remove court-ordered illegal content within 24 hours and remove liability protection from civil lawsuits by federal regulators.

The two lawmakers, the ranking member and chairman of Senate Commerce’s subcommittee that oversees the internet, described their bipartisan initiative as way to amend the provision without tearing it apart.

“Our bill updates Section 230 by making platforms more accountable for their content moderation policies and providing more tools to protect consumers,” Schatz said in a statement.

“The internet has thrived because of the light touch approach by which it’s been governed in its relatively short history,” Thune added. “By using that same approach when it comes to Section 230 reform, we can ensure platform users are protected, while also holding companies accountable.”

Read more about the legislation here. 

 

TWITTER BANS TRUMP MEMBER: Twitter has suspended a pro-Trump account after it said the account committed “repeated violations” of copyright policies.

In a post on the platform Locals, the owner of the suspended Twitter account, Carpe Donktum, said that he was suspended for sharing a doctored video that President Trump also shared last week. 

The video, which was taken down by Twitter on Friday, shows two children running toward each other and embracing. The tweet shared by Trump and Donktum featured an edited video with menacing background music and a manipulated CNN headline and appeared to show the children running from each other.

“I received a DMCA [Digital Millennium Copyright Act] takedown order this morning for that video, and a few hours later a suspension letter,” Donktum said in the post. 

Donktum’s account was also suspended for eight days last July over a video depicting Trump as a cowboy attacking CNN journalist Jim Acosta.

He said that Twitter did not give him an avenue to get his account back, so he assumes the move is “final and permanent.”

Read more.

 

Lighter click: Everything is fine, everything is good

An op-ed to chew on: Who can own the Moon?

NOTABLE LINKS FROM AROUND THE WEB: 

Amazon Workers Urge Bezos to Match His Words on Race With Actions (New York Times / Karen Weise)

Andrew Yang’s Data Dividend Isn’t Radical, It’s Useless (Motherboard / Edward Ongweso Jr.)

Segway stops production, marking the end of a scooter era (Washington Post / Rachel Lerman)

Why are Black and Latino people still kept out of the tech industry? (The Los Angeles Times / Sam Dean and Johana Bhuiyan)