Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).
THE SENATE DID WHAT NOW: The Senate on Tuesday passed legislation intended to boost the federal government’s ability to respond to and assist agencies and private sector companies in the event of debilitating cyber incidents.
The DHS Cyber Hunt and Incident Response Teams Act would require that the Department of Homeland Security (DHS) maintain permanent “teams” that could be deployed to assist in cases of cyberattacks or in order to identify vulnerabilities that could allow for a cyberattack to take place.
Senate Majority Leader Mitch McConnell (R-Ky.) brought the bill up for unanimous consent on Tuesday, with the legislation passing shortly after.
The House already passed its version in June, sponsored by Reps. Michael McCaul (R-Texas), Jim Langevin (D-R.I.), John Katko (R-N.Y.), Dutch Ruppersberger (D-Md.), and John Ratcliffe (R-Texas).
The Senate version of the bill was introduced in February and is sponsored by Sens. Maggie Hassan (D-N.H.) and Rob Portman (R-Ohio).
The legislation had also previously been approved by the House during the 115th Congress but failed to get a vote in the Senate.
The bill was recently touted by Senate Minority Leader Charles Schumer (D-N.Y.) as a way to respond to a rash of ransomware attacks that have hit government entities and other groups nationwide over the past few months. These attacks involve malicious actors locking a system and demanding a ransom before giving the user access again.
The Senate approved the bill by voice vote with a substitute amendment from Hassan included, meaning the House must approve the changed legislation before it can be sent to President Trump’s desk for his signature.
MORE SECURITY PLEASE: A report released Wednesday by the Government Accountability Office (GAO) found that the Department of Energy (DOE) has not done enough to protect the electrical grid against increasing cyber attack attempts, the same day a Senate committee approved legislation intended to bolster DOE’s work on grid security.
GAO wrote in the report, originally finalized in August, that “the nation’s electric grid is becoming more vulnerable to cyberattacks — particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain.”
GAO emphasized that DOE “plays a key role in helping address cybersecurity risks in each component of the electric grid’s infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy.”
The report also found that while the Federal Energy Regulatory Commission (FERC), which regulates the flow of electricity between states, has approved mandatory grid cybersecurity standards, these do not fully encompass current federal guidance on grid cybersecurity.
GAO noted that actors with the capabilities to interfere with the U.S. grid include foreign nations, criminal groups and terrorist organizations.
Recommendations: GAO recommended that DOE coordinate with other relevant federal agencies to develop a plan to implement a federal cybersecurity strategy for the electric grid.
The report included a response from Karen Evans, the assistant secretary of DOE’s Office of Cybersecurity, Energy Security, and Emergency Response. Evans wrote that she “concurs” with GAO’s recommendation on the creation of a federal cybersecurity strategy and noted that “DOE’s current actions meet the intent of GAO’s recommendation.”
ONLINE DATING HELLSCAPE: The Federal Trade Commission (FTC) on Wednesday sued online-dating service Match Group, alleging the owner of Match.com and other top dating apps used deceptive advertisements to trick hundreds of thousands of consumers into buying Match.com subscriptions.
Until last year, the company allegedly sent emails to Match.com users claiming their profiles were receiving engagement including likes, favorites, emails and instant messages. But the company did not tell customers that many of those notifications were likely from scammers, according to the FTC.
The “you caught his eye” emails from Match.com prompted hundreds of thousands of users to buy subscriptions with Match.com to see who had interacted with their account, according to the FTC, only for those users to find that they were being contacted by scammers.
Match Group, which has a firm hold on the online dating market, owns dating apps including Tinder, Hinge and OkCupid.
“We believe that Match.com conned people into paying for subscriptions via messages the company knew were from scammers,” Andrew Smith, director of the FTC’s consumer protection division, said in a statement. “Online dating services obviously shouldn’t be using romance scammers as a way to fatten their bottom line.”
Match’s side of the story: Match Group is pushing back aggressively against the allegations, which were filed in a Texas court on Wednesday.
“The issues the FTC is focusing on have either been taken grossly out of context or permanently eliminated by Match,” the company said in a statement. “Fraud is never good for business, which is why we spend so much time, money and emotional capital to fight it.”
Match says it catches and neutralizes 85 percent of “potentially improper accounts” in the first four hours, and it is disputing data cited by the FTC, including its claim that more than half of instant messages and favorites between 2013 emanated from fraudulent accounts.
The consumer protection agency claims Match.Com has employed “five deceptive or unfair practices” since 2013 to solicit subscribers.
Read more on the FTC lawsuit here.
SPONSORED CONTENT – AMAZON
Growing a business with support from Amazon
Two brothers started a pet supply company in their father’s house six years ago. Today, they have more than a half-million customers. See their story.
ICYMI: DEAF ACTIVISTS TAKE ON FCC: Activists are expressing concerns about the Federal Communications Commission’s (FCC) push to adopt a new phone system for people who are deaf or hard of hearing, saying the services may not meet their needs and are potentially biased.
Under the Americans with Disabilities Act (ADA), qualifying deaf or hard of hearing people have access to the Internet Protocol Captioned Telephone Service (IP CTS), which provides transcription for phone calls, similar to television closed captions, through a combination of technology and human interpreters.
However, the FCC has pushed to authorize allowing Automatic Speech Recognition (ASR) technology, which translates speech into text by computers, as a replacement for the IP CTS service. The FCC proposed a rule on the issue last year, which was adopted in February.
The FCC’s stance: When proposing the change, the FCC cited cost savings and argued the move would ensure the program “remains sustainable for those individuals who need it by reducing waste and thereby bringing under control the exponential growth of the program.”
The agency, which emphasizes that it requires minimum quality standards for the services, is now seeking comment on three applications from ASR-only providers by Wednesday.
Advocates push back: Meanwhile, advocates who expressed reservations during the rulemaking process are similarly voicing concerns ahead of the applications deadline.
Advocates say the technology removes the human element from the service and is not yet ready to replace the existing service wholesale, according to Emily Ladau, a consultant for Clear2Connect, a coalition that works to preserve captioning technology for disabled people.
“Imagine relying on Siri for your most important telephone calls or even a 911 call. Without additional testing and protections, ASR-only service risks unleashing services that are not ready for prime time onto a population of vulnerable users,” Ladau told The Hill.
Push-and-pull: In a statement to The Hill on Tuesday, a spokesperson for the FCC said the criticisms of the change “miss a number of key factors.”
“Automatic speech recognition has long been a part of IP-captioned phone service conversations. All but one of the IP-CTS providers have been using automatic speech recognition (ASR) for years–with a person also sitting in the middle of the call to ‘revoice’ the conversation,” the spokesperson told The Hill.
“We are currently reviewing applications from companies asking to provide these services. Regardless of the underlying technology being used for captioned phones, the FCC requires minimum quality standards. Any approved provider will be required to meet mandatory minimum standards, including verbatim transcription. And any approved provider must have already demonstrated an ability to meet this and other minimum standards,” the FCC added.
SPONSORED CONTENT – AMAZON
The real Amazon effect
Driving through the streets of her community, Audrey Reyes sees nothing but opportunity. See how a California town is flourishing since Amazon arrived.
LIGHTER CLICK: You may be wondering how I ended up here
AN OP-ED TO CHEW ON: Breaking up “Big Tech” is the latest “techlash,” but what would it actually do?
NOTABLE LINKS FROM AROUND THE WEB:
Why did President Trump mention CrowdStrike to the Ukranian president? (CyberScoop)
Privacy activist in California launches new ballot initiative for 2020 election. (The Washington Post)
Revealed: how TikTok censors videos that do not please Beijing. (The Guardian)
How Singapore is using technology to solve its water shortage (CNN)
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
