Hillicon Valley: Dem bill would fine credit agencies for breaches | Facebook’s Sandberg meets senators on privacy | Baltimore hit with ransomware attack | Dems demand NSA update on surveillance program
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).
TWO YEARS LATER, TIME TO TAKE ON EQUIFAX: Congressional Democrats on Tuesday reintroduced legislation which would impose fines on credit reporting agencies for compromising customer data, a response to the massive Equifax breach.
The Data Breach Prevention and Compensation Act, unveiled ahead of a Senate Banking Committee hearing on data privacy, would require credit reporting agencies to pay $100 for each consumer whose personal data is compromised in a breach.
The bill was offered by Sens. Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) in the upper chamber, and House Oversight and Reform Committee Chairman Elijah Cummings (D-Md.) and Rep. Raja Krishnamoorthi (D-Ill.) in the lower chamber.{mosads}
Warren’s office estimated that if the bill was in place in 2017, credit reporting company Equifax would have been required to pay at least a $1.5 billion penalty.
The bill, which did not see action in the last Congress, would establish an Office of Cybersecurity at the Federal Trade Commission (FTC) to conduct regular inspections of the cyber practices at credit reporting agencies. It would also enhance the FTC’s enforcement capabilities against credit reporting agencies by giving the agency civil penalty authority under the Gramm-Leach-Bliley Act, a law that requires financial institutions to explain how they share and protect customer data.
The Democrats behind the bill also unveiled a new report which found that consumers have made over 52,000 complaints with the Consumer Financial Protection Bureau (CFPB) since the Equifax breach. The report found that the number of complaints filed against Equifax in the months after the breach nearly doubled from the amount reported in the same period prior to the incident.
The Equifax data breach resulted in hackers gaining access to the personal information of an estimated 143 million Americans, including Social Security numbers, passport numbers and birth dates.
Copies of the report were sent to both the both the FTC and the CFPB, with lawmakers asking both agencies to “hold Equifax accountable for the 2017 breach without delay.”
SANDBERG ON THE HILL: Facebook’s Chief Operating Officer Sheryl Sandberg met with senators on Capitol Hill on Tuesday as lawmakers in both chambers seek to hammer out the nation’s first comprehensive privacy law.
Sandberg’s appearance on the Hill, first reported by Bloomberg News, comes as Facebook circles a settlement with the Federal Trade Commission (FTC) over the company’s mishandling of user data, which could result a fine of up to $5 billion and a restructuring of Facebook’s privacy oversight.
Senate Commerce Committee Chairman Roger Wicker (R-Miss.) told Bloomberg News that he discussed federal privacy legislation during his meeting with Sandberg earlier in the day.
A spokeswoman for Sen. Mark Warner (D-Va.) said he is planning to bring up social media regulation at their sit-down. Warner last year released a white paper with 20 proposals to rein in Big Tech.
A Facebook spokesperson said Sandberg is in Washington, D.C. to discuss regulations with policymakers, as well as meet with civil rights groups. The spokesperson specified that the trip does not pertain to Facebook’s upcoming settlement with the FTC.
More on Sandberg’s meetings here.
DOESN’T SOUND GREAT: The city of Baltimore was hit by a ransomware attack on Tuesday and has shut down its servers, new Baltimore Mayor Bernard Young said on Twitter.
He said that the city’s “essential services” are still operational and that as of this afternoon, there is “no evidence” that any personal information has “left the system.”
“Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus,” Young tweeted. “City employees are working diligently to determine the source and extent of the infection.”
Young, the former City Council president who took over as mayor just last week after the resignation of former Mayor Catherine Pugh, said the city had “seen no evidence that any personal data has left the system.”
“Out of an abundance of precaution, the city has shut down the majority of its servers,” he added. “We will provide updates as information becomes available.”
The Baltimore Sun reported that City Hall staff were told to disconnect their computers from the internet. Democratic City Councilman Ryan Dorsey told the publication that the ransomware virus is “apparently spreading computer-to-computer.”
At least two city services were impacted as of Tuesday afternoon.
CAN YOU HEAR US NOW? A group of six Democratic senators on the Senate Intelligence Committee is asking the National Security Agency (NSA) to release a public update on its mass phone data collection program, following reports indicating the spy agency has shut it down.
“We write to urge that you provide a public description, consistent with protection of sources and methods, of the current status of the call detail record (CDR) program,” the senators wrote in a letter to Paul Nakasone, head of the NSA.
The group of senators includes the Intelligence Committee’s vice chairman, Sen. Mark Warner (D-Va.), Sen. Ron Wyden (D-Ore.), a privacy hawk, and 2020 contenders Sens. Kamala Harris (D-Calif.) and Michael Bennet (D-Colo.), among others.
The Wall Street Journal last month reported that the NSA was recommending the White House officially end the agency’s mass collection of U.S. phone data.
Sources told the Journal that the NSA has concluded that the program, which gathered metadata on domestic text messages and phone calls, was too burdensome to maintain.
“Since then, there have been no public updates from NSA,” the senators wrote. “A public status report will resolve the current confusion, demonstrate the NSA’s commitment to transparency, and inform Congress’s deliberations about the possible reauthorization of the program later this year.”
PUSHING FOR BROADBAND: Telecom and consumer groups are preparing to make a major push for including billions of dollars for rural broadband funding in any infrastructure deal, even as lawmakers and advocates struggle with tough questions ahead.
Democratic leaders signaled that broadband investment could be a major part of the $2 trillion infrastructure deal they are pursuing with President Trump. Industry groups quickly took notice at what could be the most significant government investment in broadband in years.
U.S. Telecom, which represents the country’s largest internet service providers, put out a statement immediately in support of a “muscular, serious infrastructure bill that narrows the digital divide, supports broadband deployment, modernizes networks and gets all American families.”
And the Telecommunications Industry Association (TIA) said it is eager to promote its vision for broadband funding.
“We’re in favor of any infrastructure package including any broadband funding,” Cinnamon Rogers, senior vice president of government affairs with TIA, told The Hill. “I would characterize TIA as ‘hopeful.’ We remain very hopeful that they can strike a deal.”
However, stakeholders told The Hill they’ve been burned before — the White House and Congress have circled a possible infrastructure deal for years and potential legislation has been sidelined many times.
“Right now, it’s just talk,” Gigi Sohn, a former adviser at the Federal Communications Commission (FCC) under the Obama administration told The Hill. “When it’s actually some numbers written down on paper and a deal, then come talk to me.”
We broke down the roadblocks and questions ahead here.
FTC SWIPES LEFT: Apple and Google this week removed a trio of dating apps after the Federal Trade Commission (FTC) said they could put children at risk of exposure to predators.
Apple’s App Store and the Google Play Store removed Meet24, FastMeet, and Meet4U after the FTC warned last week that they could be violating federal children’s privacy standards, the agency announced Monday.
Wildec LLC, the Ukrainian company that operates the three dating apps, said in a statement to The Hill that it immediately addressed the potential FTC violations after it was notified on May 1, and is hoping Google and Apple will return its apps to their stores.
“We immediately reacted on FTC requirements and fixed all the issues, including removing all data from under age accounts,” a spokesman for Wildec said, adding that “registration is not possible anymore” for underage users.
The FTC, prompted by the advocacy group Campaign for a Commercial-Free Childhood, said the apps allowed children under the age of 13 to sign up and participate, in violation of a law that requires companies to obtain parental consent before collecting personal information on children who aren’t teenagers.
The three apps collected personal data including birthdays, email addresses, photographs and real-time location, according to the FTC. The children were allowed to use the apps and receive communication from other users.
AN OP-ED TO CHEW ON: Russia’s attacks on our democratic systems call for diverse countermeasures.
A LIGHTER CLICK: Our approach to haters.
NOTABLE LINKS FROM AROUND THE WEB:
Start-ups hoping to fight climate change while other firms cash in. (The New York Times)
Charter squeezes more money out of Internet users with new cancellation policy. (Ars Technica)
Do Facebook’s fact-checking efforts even work? (Gizmodo)
Lyft to offer Waymo self-driving taxis in suburban Phoenix. (The Wall Street Journal)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
