Hillicon Valley: Cambridge Analytica shutting down | Pentagon bars military stores from selling Chinese phones | Debate over ‘hacking back’ heats up
The Cyber and Tech overnights have joined forces to give you Hillicon Valley, The Hill’s new comprehensive newsletter detailing all you need to know about the tech and cyber news driving the day from Capitol Hill to Silicon Valley.
Welcome! Follow the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), and the cyber team, Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), on Twitter.
CAMBRIDGE ANALYTICA SHUTTING DOWN: Cambridge Analytica, the GOP political research firm that dragged Facebook into a massive data scandal, announced on Wednesday that it would be closing its doors and filing for bankruptcy in the U.S. and UK along with its parent company, the SCL Group.
“While this decision was extremely painful for Cambridge Analytica’s leaders, they recognize that it is all the more difficult for the Company’s dedicated employees who learned today that they likely would be losing their jobs as a result of the damage caused to the business by the unfairly negative media coverage,” Cambridge Analytica said in a statement.
{mosads}
“Despite the Company’s precarious financial condition, Cambridge Analytica intends to fully meet its obligations to its employees, including with respect to notice periods, severance terms, and redundancy entitlements.”
The company’s improper collection of the Facebook data of 87 million people touched off a firestorm that engulfed the social network and pushed regulators around the world to launch investigations into its data practices. Facebook has said it would be auditing the firm to determine whether it really had destroyed the trove of data like it promised two years ago.
Facebook’s response: “This doesn’t change our commitment and determination to understand exactly what happened and make sure it doesn’t happen again. We are continuing with our investigation in cooperation with the relevant authorities.”
–The controversy has prompted Facebook to roll out a series of privacy reforms, the latest of which came on Tuesday when it announced that users will be able to clear their browsing history.
According to The Wall Street Journal, which first reported the news about Cambridget Analytica closing on Wednesday, the company had been losing clients since news of the scandal broke in March.
And Gizmodo, which had the scoop on the firm closing its U.S. offices, reported that company morale was not great ahead of Wednesday’s announcement.
—From their story: “Screenshots from the company’s internal chat service obtained by Gizmodo show a darkly comic mood in anticipation of the call. One employee shared bleakly titled Spotify playlists in Slack featuring songs like ‘High and Dry’ by Radiohead, ‘The End’ by The Doors, and ‘Help!’ by The Beatles. Another employee posted a still from Titanic showing the ship’s band playing their instruments as the vessel sinks.”
In other Facebook news, the company’s PR/apology tour continued with the announcement that Facebook tapped outside auditors to review the platform for racial and anti-conservative bias.
MORE TROUBLE FOR CHINESE TELECOMS: The Defense Department is ordering retail stores on military bases to stop selling products made by Chinese telecom firms Huawei and ZTE, citing security concerns.
“Huawei and ZTE devices may pose an unacceptable risk to Department’s personnel, information and mission,” Major Dave Eastburn, a Pentagon spokesman, said in a statement. “In light of this information, it was not prudent for the Department’s exchanges to continue selling them to DoD personnel.”
Eastburn would not go into details about the nature of the security concerns, but cited public testimony from intelligence officials warning that the firms may be compromised by the Chinese government.
The order was given to military bases around the world on April 25, the spokesman said.
Why Pentagon is acting now: In February, intelligence leaders told Congress that they would advise against Americans purchasing products from the two firms, warning that their devices could be used to conduct espionage on behalf of Beijing.
The big picture: The government is increasingly going after Chinese tech firms hoping to gain a foothold in the U.S. Last month, the FCC voted to move forward with a proposal to ban such companies from subsidy programs for broadband and phone access.
To read more, click here.
DEBATE AROUND ‘ACTIVE CYBER DEFENSE’ HEATS UP: The debate around whether companies should be able to engage in “active cyber defense” is heating up.
Often described by critics as “hacking back,” the controversial concept involves organizations employing a variety of techniques to prevent breaches or track down the perpetrators in the event their systems are attacked.
Legislation awaiting the signature of Gov. Nathan Deal in Georgia would allow individuals to engage in active defense measures in the name of cybersecurity, potentially clearing the way for companies and private citizens to hack into other networks for the sake of protecting their own systems.
Google, Microsoft and others in the technology industry have mounted a campaign against the bill, warning of the potential for grave ramifications. They have urged Deal to veto it before the May 8 deadline.
Why it’s important: The fight in Georgia is being closely watched in Washington, where Reps. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.) have introduced legislation that would allow companies and private citizens to engage in some active defense measure” against hackers.
So … what is it? The defensive actions could include techniques like using beaconing technology to determine the location of a hacker, deploying honeypots to fool adversaries or leaving one’s network to track down stolen data.
The proponents of active cyber defense say these methods would help companies protect their networks from attacks and identify hackers who have breached their systems to steal information or conduct other nefarious activity.
But what about the critics? When it comes to the bill in Georgia, executives from Microsoft and Google warn that the provision “broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity.”
“Network operators should indeed have the right and permission to defend themselves from attack, but, before Georgia endorses ‘hack back’ authority in ‘defense’ or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy,” they wrote in a letter to Deal.
To read more, click here.
WHAT’S HILL-HAPPENING:
REMEMBER ME? Al Franken hammered major technology companies in one of his first public speeches since resigning from the Senate over allegations of sexual misconduct.
Franken criticized Silicon Valley firms, in particular Facebook, for what he viewed as their careless handling of user data.
“Facebook doesn’t have to care about the privacy and security of their users’ online information because there’s no mass exodus when it violates those rules,” Franken said during a cybersecurity conference in Lisbon, Portugal, on Tuesday.
He called instances like Facebook’s data scandal with Cambridge Analytica and Russian election interference “not surprising” given “tech companies’ failure to protect users, and the U.S. government’s failure to hold them accountable.”
Franken argued that the threat of Russians attempting to manipulate tech platforms is still present.
“They’ll be back. They never left,” he said.
A familiar issue for Franken. In November, before being pressured to leave Congress, Franken gave a scathing speech lambasting tech firms and arguing that they should be more tightly regulated.
LIGHTER TWITTER CLICK:
The ACLU has some thoughts on Facebook’s dating service.
A CRITICAL FLAW:
Researchers have discovered a new vulnerability in technology widely used to operate critical services such as oil and electric systems that they warn hackers could exploit.
The vulnerability, disclosed Wednesday by cybersecurity firm Tenable, impacts two applications used to program industrial control systems powering critical infrastructure in the United States and elsewhere.
Tenable publicly disclosed the vulnerability after reporting it to Schneider Electric, an international energy management company headquartered in France that produced the applications.
Schneider Electric has already issued patches for the affected systems.
Researchers say that exploiting the vulnerability successfully could give hackers complete control of the underlying system and allow them to move laterally through the network.
A hacker could theoretically gain access to the human-machine interface (HMI) –technology used by an individual to control the industrial system — and potentially shut down or disrupt operations.
“An attacker can completely take over the machine that is being used to program the component of the industrial control system,” said Dave Cole, chief product officer at Tenable. “There’s any of a number of ways that this could be used for industrial espionage or even destruction.”
Why you should care: The revelation comes amid heightened scrutiny of vulnerabilities that could impact critical infrastructure, after U.S. officials divulged efforts by Russian hackers to target the U.S. energy sector.
To read more, click here.
IN WITH THE OLD, OUT WITH THE NEW: Ty Cobb, White House lawyer and Trump’s point man on the Russia investigation, is out. Who’s in? Emmet Flood, who represented former President Bill Clinton during his impeachment proceedings.
Speaking of the president’s legal team … it’s lacking security clearances, reports Bloomberg.
TODAY’S OPINION:
The legal framework for counter-drone operations is critical to the future.
NOTABLE LINKS FROM AROUND THE WEB:
The Trump administration is considering scrapping a directive governing offensive cyber activities. (CyberSccop)
A cyberattack hit Knox County’s election commission. (WBIR)
The TSA is looking for ‘innovative solutions’ from tech startups to help bolster security screenings (Department of Homeland Security)
Digital rights groups wrote a letter to Facebook’s shareholders about the company’s record on human rights
Mark Zuckerberg doesn’t understand journalism, says writer Adrienne LaFrance (The Atlantic)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.