The Cyber and Tech Overnights are joining forces to give you Hillicon Valley, The Hill’s new comprehensive newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.
Welcome! Follow the cyber team Morgan Chalfant (@mchalfant16) and Olivia Beavers (@olivia_beavers), and the tech team, Ali Breland (@alibreland) and Harper Neidig (@hneidig), on Twitter. Send us your scoops, tips and compliments.
BIG DAY FOR ZTE: At first, things were looking up for the Chinese phone manufacturer.
In the morning: The Commerce Department announced that it had reached a deal to lift penalties on Chinese telecommunications firm ZTE.
The deal to revive ZTE, which violated U.S sanctions and is considered a national security threat by U.S. officials, came after President Trump pledged to loosen restrictions that had effectively shut down the company.
“The purpose of this settlement is to modify ZTE’s behavior while setting a new precedent for monitoring to assure compliance with U.S. law,” the Commerce Department said in a statement.
Commerce Secretary Wilbur Ross called the new sanctions “the largest penalty [the department’s Bureau of Industry and Security] has ever levied” and said they impose “unprecedented compliance measures” on ZTE.
–If you’re ZTE that sounds pretty nice, right? Well, don’t get cocky. Later in the day, things… got complicated
In the afternoon: A bipartisan group of senators said they would try to use the must-pass National Defense Authorization Act (NDAA) to target Chinese technology companies, including ZTE.
Sens. Tom Cotton (R-Ark.), Sen. Chris Van Hollen (D-Md.) and Senate Minority Leader Charles Schumer (D-N.Y.) introduced an amendment to the annual defense policy bill that would restore the Commerce Department’s penalties on ZTE for violating U.S. sanctions against Iran and North Korea.
The amendment would also ban government agencies from buying or leasing telecommunications equipment and services from Chinese telecom firms Huawei and ZTE and ban the government from providing loans to or subsidizing either company.
“Both parties in Congress must come together to bring the hammer down on these companies rather than offer them a second chance, and this new bipartisan amendment will do just that,” Schumer said.
–It’s rare that Cotton and Schumer team up on anything, so while the amendment is still just a proposal, it’s a signal that ZTE should take their threat seriously. Sen. Mark Warner (D-Va.) has already said that he’s confident that there will be a supermajority in Congress willing to reverse the Trump administration throwing a bone to ZTE.
More American companies facing scrutiny over China ties: Yesterday, Facebook’s relationship with Chinese companies was a chief concern for Congressional lawmakers. Today, they added Google and Twitter to the list.
Sen. Mark Warner (D-Va.) on Thursday sent letters to the CEOs of Twitter and Google’s parent company, Alphabet, seeking information on the companies’ partnerships with electronics makers including Huawei, ZTE and Lenovo.
Citing reports in the media, Warner addressed concerns from Americans and intelligence agencies about data-sharing between the tech companies and Chinese phone makers.
In his letters, Warner noted intelligence agencies’ warnings that certain phone-makers’ products have security vulnerabilities that could allow Chinese intelligence to access any data stored on or transmitted by them.
Congressional aides confirmed that other lawmakers, including Sen. Tom Cotton (R-Ark.), Rep. Mike Conaway (R-Texas) and Rep. Robert Pittenger (R-N.C.), also intend to criticize Google over its partnership with Huawei.
The congressmen intend to contrast Google’s partnership with Huawei with Google’s decision earlier this week not to renew a contract with the Department of Defense, according to The Wall Street Journal, which first reported the lawmakers’ concerns.
Some ZTE lobbying context for good measure: Chinese telecom firm ZTE is spending big on K Street as it looks to save its business and remove restrictions on its ability to buy from U.S. suppliers.
The company is leaning heavily on three firms and representation that includes ex-lawmakers, former federal regulators and individuals with ties to President Trump.
And with Thursday’s announcement of a deal, it appears to be paying off.
Read the full story here.
NEW LEGISLATION ON ENCRYPTION: A bipartisan group of lawmakers is renewing a push for legislation to block states from mandating that technology companies build “backdoors” into devices they produce in order to allow law enforcement access to them.
The measure is designed to preempt state and local governments from moving forward with their own laws governing encryption before the federal government acts on the issue.
Rep. Ted Lieu (D-Calif.), one of the bill’s sponsors, said that the measure “ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”
“Any discussion of encryption and law enforcement access to data needs to happen at the federal level,” Lieu said. “As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement.”
Reps. Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio) are co-sponsoring the legislation, which they are introducing on Thursday.
What exactly would the bill do? Specifically, the legislation would prohibit state and local governments from mandating that any tech company “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State or the United States,” according to a copy of the bill viewed by The Hill.
It would also block states and localities from requiring that tech companies maintain the ability to decrypt information stored on encrypted devices that they produce. Finally, states would also not be able to prohibit manufacturers from selling products to the public because they use encryption or a similar security function.
This isn’t the first attempt to pass this legislation. Lieu originally introduced the bill, called the Encrypt Act, along with a group of bipartisan co-sponsors in 2016, but it never reached the House floor for a vote.
We’ve got more on the bill and the broader encryption tug-of-war here.
SENATE DEMS WANT RYAN TO BRING NET NEUTRALITY BILL UP FOR A VOTE: All 49 Senate Democrats signed a letter to House Speaker Paul Ryan (R-Wis.) on Thursday urging him to schedule vote for a bill that would reverse the FCC’s decision to repeal the Obama-era net neutrality rules.
The bill passed the Senate last month with the help of a few Republicans.
“Now that the Senate has taken this critical step, it is incumbent on the House of Representatives to listen to the voices of consumers, including the millions of Americans who supported the FCC’s 2015 net neutrality order, and keep the internet free and open for all,” the letter reads.
Three Republicans — Sens. Susan Collins (Maine), Lisa Murkowski (Alaska) and John Kennedy (La.) — joined Democrats to put the bill over the top in a 52-47 vote in May.
But the House effort has a steeper hill to climb. Democrats will need 25 Republicans to cross the aisle in order to force a vote and pass the bill.
FACEBOOK REPORTS BUG THAT MADE SHARING PUBLIC BY DEFAULT: A Facebook bug that was live for four days in May set millions of users’ default sharing settings to public, the company revealed on Thursday.
Facebook said it would be notifying the 14 million users who had posted publicly between May 18 and 22.
“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts,” Erin Egan, Facebook’s chief privacy officer, said in a statement.
FIRST IS WORST: The United States is the most exposed nation in cyberspace, according to an annual report released by Rapid7 on Thursday.
The assessment, launched in 2016, aims to answer the “fundamental” question: “What is the nature of internet exposure–services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet–and where, physically, are these exposed services located?”
“The United States leads all other countries in the 2018 exposure rankings, scoring the highest in nearly every exposure metric we measure,” the report, called the National Exposure Index, says. “Following the U.S. is China, Canada, South Korea, and the United Kingdom, which together control over 61 million servers listening on at least one of the surveyed ports.”
TEXTING PRESIDENT TRUMP: Democratic senators are requesting that the intelligence community conduct a threat assessment on President Trump’s cell phone usage, asking if he’s compromised classified information.
Democratic Sens. Martin Heinrich (N.M.), Ron Wyden (Ore.), Dick Durbin (Ill.) and Dianne Feinstein (Calif.) sent a letter Thursday to Bill Evanina, Trump’s counterintelligence chief, asking if information has or could be stolen by foreign governments.
“We are especially concerned about recent reporting that President Trump has eschewed the advice of counterintelligence experts and opted to use unsecured commercial devices for telephone calls and internet use. We believe this conduct is reckless and could endanger sensitive U.S. national security interests,” the Democratic senators wrote.
What they’re talking about: Politico reported last month that Trump was going “rogue” on his phone security by using a White House cell phone to tweet, a phone it said that does not have the same level of security as his predecessors.
GOP CHAIR PRESSING FOR OBAMA-RELATED DOCS ON RUSSIAN INTERFERENCE: The Republican chairman of the Senate Homeland Security Committee is pressing officials to unearth Obama-era documents used to brief Congress in September 2016 on Russian attempts to interfere in the presidential election.
Sen. Ron Johnson (R-Wis.) is asking the Department of Homeland Security for documents used to prepare officials for the 2016 briefing, during which he says that Obama administration officials assured lawmakers that they “had the matter under control.”
The documents requested by Johnson include communications among then-Homeland Security Secretary Jeh Johnson, then-FBI Director James Comey, President Obama’s Homeland Security Advisor Lisa Monaco, and other U.S. officials, according to a letter sent to Nielsen Wednesday and obtained by The Hill.
All three individuals participated in the September 2016 briefing referenced by Johnson.
“The briefers … assured Members that the Administration had the matter under control and asked for Congress’ help in reinforcing public confidence in the election,” Johnson wrote, adding that he is requesting the documents in order “to understand the threat as it existed at the time of the briefing.”
Read more.
A BILL THAT AIMS TO PREVENT ANYMORE TRUMP TOWER MEETINGS: A House Democrat introduced a bill on Thursday that would make it a crime if federal candidates and associates of their campaign fail to notify the FBI if a foreign power approaches them with information about another candidate.
A press release about the legislation notes how Trump campaign associates failed to report episodes when foreign entities were offering them dirt on Hillary Clinton’s campaign.
“Russia clearly tried to help a Republican campaign in 2016, but that nation or some other could just as easily try to swing a future election some other way, so this is not a partisan issue,” said Rep. Eric Swalwell (D-Calif.), a member of the House Intelligence Committee, who introduced “The Duty to Report Act.”
“We must make it clear that no foreign attempts to influence our elections will be tolerated.”
The press release notes two examples when Trump campaign associates should’ve reported offers for dirt from Russians: The controversial June 2016 Trump Tower meeting as well as the comments made by former Trump campaign aide George Papadopoulos, who told a diplomat that Russia had “dirt” on Clinton in the form of “thousands of emails.”
Over a dozen other Democrats signed in support of the bill.
EU EXPECTED TO HIT GOOGLE WITH NEW FINES WITHIN WEEKS: The European Union is expected to hit Google with another antitrust fine in the coming weeks for using its Android mobile platform to suppress competitors.
The Times, citing people familiar with the process, reported that Margrethe Vestager, the EU’s competition chief, is preparing to make the announcement within weeks, capping off a two-year investigation into Google’s mobile practices.
GOOGLE UNVEILS AI PRINCIPLES: Google said Thursday that it would not let its artificial intelligence (A.I.) tools be used for deadly weapons or surveillance.
The tech giant made the pronouncement while unveiling its new A.I. principles, while saying that it would continue to contract with the government and military.
“These are not theoretical concepts; they are concrete standards that will actively govern our research and product development and will impact our business decisions,” Google CEO Sundar Pichai wrote in a post.
“We recognize that such powerful technology raises equally powerful questions about its use. As a leader in AI, we feel a deep responsibility to get this right,” he continued.
Read more here.
A LIGHTER TWITTER CLICK: If you would do it for your dog, why wouldn’t you do it for your drone?
NOTABLE LINKS FROM AROUND THE WEB:
The new price tag of the Atlanta cyberattack? $9.5 million. (Engadget)
The FTC lost an appeals court fight with LabMD over data security. (Reuters)
Here is how to secure WhatsApp Message Backups. (Buzzfeed)
The rise of smartphone malware. (The Wall Street Journal)
FireEye released additional details on malware that caused an industrial plant in the Middle East to shut down last year.