Overnight Technology

Hillicon Valley: Intel chief calls ‘cyber war’ greatest threat | Report details persistent voting system vulnerabilities | Cities struggle with scooter revolution | DoorDash data breach affected 4.9 million | NY sues Dunkin’ Donuts over hack

Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.

Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Harper Neidig (@hneidig) and Emily Birnbaum (@birnbaum_e).

 

It was a dramatic day in Washington, with Acting Director of National Intelligence Joseph Maguire testifying before Congress on his handling of the whistleblower complaint against President Trump. His testimony came after the administration allowed a redacted version of the complaint to be released.

Click here for the live blog of Maguire’s testimony, five takeaways from the tense hearing, the five most serious charges in the whistleblower complaint. Also, more on the impeachment drama: Democrats are zeroing in on Ukraine, Trump is firing back after the hearing, and Biden’s campaign is calling Trump one of the most “unfit” individuals to ever be president.

 

But there is also plenty of tech and cyber news, including from today’s big hearing….

 

DNI ISSUES CYBER THREAT WARNING: Acting Director of National Intelligence Joseph Maguire on Thursday testified that cyber threats are the most significant risks the nation faces and noted that the protection of U.S. election systems is “the most important job” of the intelligence community.

“We do face significant threats, I’d say No. 1 is not necessarily kinetic, it’s cyber, this is a cyber war,” Maguire said while testifying before the House Intelligence Community about the whistleblower complaint regarding President Trump. “We talk about whether or not the great competition is taking place with Russia and China, and we are building ships and weapons to do that, but in my estimation the great competition with these countries is taking place right now and is doing that in the cyber realm.”

Maguire made these comments after being asked by Rep. Will Hurd (R-Texas) what he saw as the “greatest threats” to the country in his capacity as leader of the intelligence community, particularly as Thursday marked the first time for Maguire to testify before the House Intelligence Committee.

Maguire also zeroed in on threats to U.S. elections, and emphasized the importance of keeping the election process free from foreign interference.

“I think the greatest challenge that we do have is to make sure we maintain the integrity of our election system,” Maguire said. “We know right now that there are foreign powers that are trying to get us to question the validity of whether or not our elections are valid.”

He emphasized that “first and foremost, I think that protecting the sanctity of our elections within the United States, whether it be national, city, state, local is perhaps the most important job that we have with the intelligence community.”

Maguire’s remarks were made in the midst of a hearing focused on the disclosure by an anonymous whistleblower that Trump tried to enlist the help of Ukrainian President Volodymyr Zelensky during a July phone call to investigate former Vice President Joe Biden.

The whistleblower alleged in the complaint, declassified on Thursday morning, that they were concerned Trump’s actions “pose risks to U.S. national security and undermine the U.S. Government’s efforts to deter and counter foreign interference in U.S. elections.”

The phone call between Trump and Zelensky took place the day after former special counsel Robert Mueller testified before the House Intelligence and Judiciary committees on the findings of his report on Russian interference efforts in the 2016 elections.

During questioning by Hurd on Russian interference efforts, Mueller testified that the Russians were attempting to interfere “as we sit here,” and said that he expected Russia to interfere in the 2020 elections.

Read more on his comments here.

 

 

ELECTION INSECURITY: U.S. voting systems remain vulnerable to cyberattacks three years after documented efforts to penetrate election machines, according to a report released Thursday.

The report is based on the findings of the white-hat hacker DEFCON Voting Village, an annual gathering of hackers that uses election machines to find vulnerabilities that could allow someone to interfere with the voting process.

This year’s event allowed hackers to test voting equipment, including e-poll books, optical scan paper voting devices and direct recording electronic voting machines — all certified for use in at least one U.S. voting jurisdiction.

“Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines,” the report said.

Despite the “disturbing” findings of the report, the authors wrote that the findings were “not surprising,” particularly in light of the fact that many of the election equipment cyber vulnerabilities found were “reported almost a decade earlier.”

Equipment that was tested included those made by leading voting machines companies Election Systems and Software and Dominion Systems.

Neither company immediately responded to a request for comment.

The authors emphasized the need to secure the supply chain involved in building election equipment, noting the vulnerabilities posed by using components originating in foreign countries.

And they emphasized an “urgent need for paper-ballots and risk-limiting audits.”

Read more here. 

 

ANOTHER DAY, ANOTHER BREACH: The food-delivery platform DoorDash revealed on Thursday that 4.9 million of its users, vendors and delivery workers were exposed in a data breach to an “unauthorized third party.”

The company said in a blog post on Thursday that the exposed information included sensitive financial data like partial credit card and bank account numbers but not enough to make fraudulent purchases.

DoorDash said that the exposed information could include names, order history, email addresses, delivery addresses and phone numbers.

It’s unclear who accessed the data, which only covered people who had joined the platform before April 5, 2018. The breach, which was first discovered earlier this month, occurred on May 4 of this year.

“We took immediate steps to block further access by the unauthorized third party and to enhance security across our platform,” the blog post reads. “We are reaching out directly to affected users.”

Read more on the DoorDash breach here.

 

ALL ABOARD: Major automakers are moving full steam ahead with their plans to put self-driving cars on the road, even as lawmakers and regulators in Washington fall behind on creating a cybersecurity framework for those vehicles.

The issue of cybersecurity is becoming increasingly important as large car manufacturers ramp up their testing of the vehicles on the road and begin to float ambitious plans to eventually bring them to market.

However, those strides come as lawmakers have failed to make progress on federal cybersecurity standards to protect the vehicles from hacking operations and other malicious cyber incidents. 

Stalled efforts: On Capitol Hill, a bipartisan effort to pass legislation to set cybersecurity and other standards for autonomous vehicles failed during the previous Congress. Lawmakers expressed optimism they could revive those efforts this year, but objections from a group of Senate Democrats that language in the legislation, the AV START Act, did not do enough to address consumer safety and cybersecurity issues has scuttled those plans.

The American Vision for Safer Transportation through Advancement of Revolutionary Technologies Act, or AV START Act, was sponsored by Sens. John Thune (R-S.D.) and Gary Peters (D-Mich.), the chairman and ranking member of the Commerce, Science and Transportation Committee during the last Congress.

Thune told reporters in June he was looking to reintroduce the bill in the same form, but lawmakers have been sidetracked by a host of other issues and an impeachment inquiry is now threatening any bipartisan work.

Peters told The Hill on Tuesday there were “no updates” and that he is “still working on it,” adding that there is no timeline for the bill to be reintroduced.

Concerns mounting: Coalition of stakeholder groups noted in their August letter that a federal framework around autonomous vehicles in general, not simply focused on cybersecurity, is critical.

“Polls indicate that AV [autonomous vehicle] safety is of concern to the American people,” the groups wrote. “Any legislation must give the public confidence that this new technology will be safe and this can be accomplished through legislating needed safeguards.”

Read more here. 

 

SCOOT ON OVER: Two years into the scooter revolution and its promise of bringing inexpensive transportation to low-income neighborhoods, researchers and experts say vehicle providers are falling short.

Scooter companies and city officials have promoted the two-wheeled vehicles as an economical way to help communities that are often situated in transportation deserts.

It’s an enticing promise. Cities have long wrestled with how they can improve transportation for low-income residents, who often reside in neighborhoods isolated from areas with more job opportunities and food options.

But after two years of scooters on the road, and on the sidewalks, community advocates, researchers and experts say e-scooters are often concentrated in high-income, tourist-heavy areas of town, while disadvantaged communities are finding themselves left out of the latest high-tech transit innovation.

“It is not shaping out to be the equity solution that it’s painted as,” Salem Afangideh, a transportation justice advocate with Public Advocates, told The Hill. In San Francisco and Oakland, a coalition of transportation rights groups have been running focus groups with community members about so-called “mobility options” – meaning bikes, e-scooters and more – on the ground.

“A lot of scooters are concentrated in places that are not accessible to low-income communities,” Afangideh said. “They’re not populated in low-income neighborhoods. They’re populated in transit hubs.”

City governments scramble: Cities like Chicago, Los Angeles and Washington, D.C., are struggling to regulate the proliferation of e-scooters, which present safety and congestion issues along with accessibility concerns.

To confront the issue, municipalities are working up policies that require scooter companies to make their product equally accessible to low- and high-income neighborhoods. But the challenge there is finding out how they can force firms to put scooters in areas with potentially less demand.

Read more on the scooter struggle here.

 

SPONSORED CONTENT – AMAZON

Finding a scarce resource through Amazon stores

Time. It seems to be everyone’s scarcest resource. See how Amazon frees up this Wyoming rancher to focus on the work he loves.

 

A NEW LOOK: Facebook fulfilled a long-standing demand from policymakers and advocacy groups this week when Chief Operating Officer Sheryl Sandberg announced that a coalition of the country’s most powerful tech corporations will be formalizing its counterterrorism efforts into an independent organization with a dedicated staff.

In a public appearance alongside New Zealand Prime Minister Jacinda Ardern on Monday, Sandberg announced that Facebook, Microsoft, YouTube and Twitter will help form an organization tasked with confronting the deluge of violent and extremist content proliferating across their platforms.

Heidi Beirich, an extremism researcher with the Southern Poverty Law Center, called the development “significant.”

“It shows an acknowledgement on the part of the tech sector that their platforms are contributing to radicalization and to terrorist propaganda and that I think there’s a willingness to take on that propaganda of all stripes,” Beirich told The Hill.

The announcement comes months after the Christchurch, New Zealand, mass shooting, which reignited governmental and public scrutiny of how tech companies handle violent and white supremacist content.

Now, as the companies face ramped-up criticism from regulators and lawmakers worldwide, they are expanding the Global Internet Forum to Counter Terrorism (GIFCT), which they originally formed to deal with Islamic terrorism online in 2017. The founding members were Facebook, Twitter, YouTube and Microsoft.

For years, the GIFCT has mainly been an internal project centered around a database allowing companies to share digital fingerprints from terrorist or extremist content.

The companies say they will now be investing money and resources to create an independent GIFCT run by an executive director and a full-time staff. The organization will include an advisory board stacked with government officials and working groups, including input from academics, according to Facebook’s announcement.

Haroro Ingram, a senior research fellow with George Washington University’s Program on Extremism, told The Hill that he believes the new GIFCT is “good for optics” amid the furor over how the companies have handled right-wing extremist content.

“There is no question that the discussion [around terrorist content online] has improved,” Ingram said. “It’s getting more and more nuanced.”

But, he said, the recent announcement is “relatively superficial.”

“What will be interesting is how independent the GIFCT becomes … the extent to which it actually shapes practice,” he said.

More on the reaction here.

 

TRUMP’S NEW WEAPON: The Justice Department’s antitrust investigation into four automakers who agreed to abide by stricter emission standards being rolled out in California is reviving concerns that the Trump administration is weaponizing its competition enforcers against political rivals.

California reached the agreement with BMW, Ford, Honda and Volkswagen in July in an effort to counter the administration’s plans to ease restrictions on greenhouse gas emissions and to set the pace for other manufacturers.

“I now call on the rest of the auto industry to join us, and for the Trump administration to adopt this pragmatic compromise instead of pursuing its regressive rule change,” California Gov. Gavin Newsom (D) said at the time. “It’s the right thing for our economy, our people and our planet.”

But in September, The Wall Street Journal reported that the Department of Justice’s (DOJ) Antitrust Division was investigating whether the agreement violated the nation’s competition laws against collusion. The Journal’s sources said that the deal could potentially limit the types of cars consumers are able to purchase.

The move outraged Democratic lawmakers, who suspect that the investigation is politically motivated. The probe was also revealed as the administration intensified a long-running legal and political battle against California and just before the Environmental Protection Agency (EPA) announced that it would revoke the state’s authority to set its own emissions standards.

On Sept. 6, the same day that the Journal reported on the DOJ investigation, the Trump EPA and Transportation Department sent a joint letter to California regulators warning of “legal consequences” over the agreement with automakers.

The escalating battle is creating regulatory uncertainty for the transportation economy, which accounts for a third of greenhouse gas emissions in the U.S., at a time when there is increasing global concern about climate change.

But the automaker investigation is raising more questions, even from critics who have pushed for the DOJ to take a tougher stance against corporate consolidation.

Sandeep Vaheesan, the legal director for the Open Markets Institute, says that the investigation raises concerns both about the Justice Department’s priorities and what he sees as antitrust enforcers’ inability to distinguish between harmful and beneficial “collusion” among industry players. Vaheesan also questioned Delrahim’s legal reasoning behind the investigation.

“I think the conduct at issue here appears to be protected petitioning and for them to probe into the automakers’ agreement in spite of that is very revealing,” he said. “It does suggest that the antitrust division is picking to use its powers to advance the White House’s agenda on environmental policy.”

Read more here.

 

THE CASE FOR NOT BANNING STUFF: A coalition of tech groups on Thursday sent a letter to Congress urging lawmakers to reject calls to ban facial recognition technology, arguing the sensitive software can help law enforcement “keep communities safe.” 

The groups — led by tech-backed think tank, the Information Technology and Innovation Foundation — wrote the industry “disagree[s] that a ban is the best option to move forward.”

“We are writing to encourage you to consider many of the viable alternatives to bans so that law enforcement can use facial recognition technology safely, accurately, and effectively,” the letter reads. “These alternatives may include expanding testing and performance standards, the development of best practices and guidance for law enforcement, and additional training for different uses of the technology.”

Other signatories include the Computing Technology Industry Association, Consumer Technology Association and NetChoice as well as the National Police Foundation.

House Oversight Chairman Elijah Cummings (D-Md.) told reporters earlier this month that Democrats and Republicans on the committee are continuing to work on facial recognition legislation.

“Republicans, as you probably know, this is one of the few things we agree on,” Cummings said. “I think we’re working on a bill and [will] hopefully get it out before the end of September.”

The tech groups on Thursday said they’re in support of legislation that could expand “testing and performance standards” or lay out “best practices and guidance for law enforcement, and additional training for different uses of the technology.”

Read more on the battle here.

 

SPONSORED CONTENT – AMAZON

Your company, powered by Amazon

Amazon’s Delivery Service Partner program puts entrepreneurs in the driver’s seat of their own businesses. Find out how.

 

LIGHTER CLICK: Dance like it’s Sunday.

 

AN OP-ED TO CHEW ON: How Congress can step up on innovative technology issues. 

 

NOTABLE LINKS FROM AROUND THE WEB: 

Attorney General Barr seeks DOJ Facebook antitrust probe. (Bloomberg) 

Jeff Bezos says Amazon is writing its own facial recognition laws to pitch to lawmakers. (Recode) 

Texas signs ex-Microsoft lawyer, others to aid in Google antitrust probe. (Reuters) 

The fight to keep Congress from embarrassing itself on tech. (National Journal)