Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills).
FCC FINES TOP MOBILE CARRIERS: The Federal Communications Commission (FCC) is proposing more than $200 million in fines against the country’s top mobile carriers after a lengthy investigation concluded T-Mobile, AT&T, Sprint and Verizon improperly sold access to their customers’ precise location information.
The agency is alleging the companies broke the law by failing to protect information about the geolocation of their hundreds of millions of customers.
“The FCC has long had clear rules on the books requiring all phone companies to protect their customers’ personal information,” FCC Chairman Ajit Pai (R) said. “And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don’t.”
“Today, we do just that,” Pai said.
The proposed fines — which Verizon, AT&T, T-Mobile and Sprint are now allowed to contest — are some of the largest the FCC has proposed in decades. But since reports began emerging about the fines on Thursday night, consumer advocates and privacy hawks in Congress have accused the regulatory agency of holding back and letting the telecom companies off the hook with fines that amount to a “rounding error” compared to their significant bottom lines.
Sen. Ron Wyden (D-Ore.), who was one of the first to shed light on the companies’ unlawful information sharing, released a statement accusing Pai of going easy on the companies.
“It seems clear Chairman Pai has failed to protect American consumers at every stage of the game – this issue only came to light after my office and dedicated journalists discovered how wireless companies shared Americans’ locations willy nilly,” Wyden said. “He only investigated after public pressure mounted.”
“And now his response is a set of comically inadequate fines that won’t stop phone companies from abusing Americans’ privacy the next time they can make a quick buck,” Wyden said.
Verizon, for instance, boasted a total revenue of $31.4 billion in 2019 and is facing a fine of $48 million.
The FCC is proposing a fine of $91 million for T-Mobile, $57 million for AT&T, $48 million for Verizon and $12 million for Sprint.
T-Mobile, which is facing the largest fine by far, said in a statement Friday that it intends to dispute the FCC’s conclusions.
“We take the privacy and security of our customers’ data very seriously,” T-Mobile said. “While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine.”
Public Knowledge, a consumer rights group, said the FCC’s fines indicate the chairman is enforcing the law “to the barest degree possible.”
SPONSORED CONTENT — FACEBOOK
Elections have changed and so has Facebook
Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.
See how Facebook has prepared for 2020.
TURN IT IN: House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) on Friday raised concerns around the Department of Homeland Security’s failure to submit a congressionally mandated election security report on time.
DHS was required under the 2020 National Defense Authorization Act to submit a report to Congress on successful and attempted cyberattacks on U.S. election infrastructure during the 2016 elections, along with any future cyberattacks on elections that DHS anticipates.
The agency was required by the NDAA to submit the report within 60 days of the bill being signed into law. President Trump signed the NDAA on Dec. 20, with Feb. 18 marking the deadline for the report to be submitted to appropriate congressional committees.
Thompson, whose committee is among those that DHS is required to submit the report to, said Friday that the failure of DHS to submit the report “further obstructs Congress’ abilities to conduct proper oversight,” and noted this was “in direct violation of the law.”
“The threat to our democracy from foreign governments is real, and the Administration’s pattern of denial must stop,” Thompson added. “With President Trump in office, the American people cannot expect our elections to be secure and free from foreign interference or cyber-attacks with status quo measures in place.”
‘WALZ’-ING AROUND: Twitter earlier this month verified an account for a fake 2020 congressional candidate created by a teenager.
The account was for a fictional Republican congressional candidate from Rhode Island named Andrew Walz.
His Twitter bio claimed that Walz was a “proven business leader” and a “passionate advocate for students,” CNN Business first reported.
The owner of the account was a 17-year-old high schooler from upstate New York who, according to the network, made the account over the holidays because he was “bored.”
“During Christmas break I was kind of bored and I learned a lot from history class, but also on the news they were talking more about misinformation,” the high school student told CNN Business.
The teen said it took him about 20 minutes to make the website for his candidate and then another five minutes to create the Twitter account.
He got his profile picture from a website called This Person Does Not Exist, which computer generates realistic photos of fake people.
Then, he filled out a short survey with information about his fake candidate on Ballotpedia, the nonprofit “Encyclopedia for American Politics.” Twitter announced in December that it would be partnering with the nonprofit in an attempt to verify more congressional candidates.
However, according to the student, neither Twitter or Ballotpedia asked for any further kind of identification to confirm that Walz was, in fact, genuine.
The social media platform has received flak from candidates who say it has been slow to verify them.
Read more on the incident here.
REDDIT DINGS TIKTOK: TikTok is under scrutiny from Reddit CEO and co-founder Steve Huffman for practices he calls “fundamentally parasitic,” referring to serious privacy concerns surrounding the app.
The app is a video-sharing social networking service owned by ByteDance, a Beijing-based company established in 2012 by Zhang Yiming. TikTok launched in 2017 for iOS and Android in markets outside of China.
Huffman said one of the suspicious practices the company partakes in is fingerprinting, a method of tracking devices for each unique visitor, according to The Verge.
“Maybe I’m going to regret this, but I can’t even get to that level of thinking with [TikTok],” Huffman said at the Social 2030 venture capital conference. “I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone.”
Research by data protection expert Matthias Eberl highlights the fingerprinting Huffman refers to as an aggregate of audio and browser tracking, allowing the company to know the types of content each user is following. TikTok parent company ByteDance claims the fingerprinting methods are for recognizing malicious browser behavior, but Eberl offers his skepticism, as the platform seemingly works fine without the scripts enabled.
“I actively tell people, ‘Don’t install that spyware on your phone,’ ” Huffman said of TikTok’s software.
SPONSORED CONTENT — FACEBOOK
Elections have changed and so has Facebook
Facebook has made large investments to protect elections, including tripling the size of the teams working on safety and security to more than 35,000. But the work doesn’t stop there.
See how Facebook has prepared for 2020.
SCHEMING: Advocates are sounding the alarm over online scams that leave senior citizens particularly vulnerable, urging lawmakers and administration officials to take more steps to protect unsuspecting Americans.
Experts say that threat is heightened during tax season as online options for filing have grown in popularly, opening the door to more scams aimed at obtaining sensitive information or money from victims.
“Consumers should be especially vigilant as we approach tax season,” said Bill Versen, chief product officer at Transaction Network Services, a data services provider.
While there are a slew of scams at tax filing season, experts say that the elderly face a higher risk of being ensnared and experiencing financial hardship.
The most common kinds of tax scams are phishing and calls where a scammer impersonates an IRS official, according to Monique Becenti, a product specialist at cybersecurity firm SiteLock.
Phishing is a tactic used by hackers to get access to private information using fake emails, text messages and social media posts.
These communications are designed to bait unaware users, often the elderly, into giving up their personal information or clicking on links that can download dangerous malware onto computers and phones alike.
But the most common scam between 2014 and 2018 was fraudulent IRS calls, according to a yearly report released by the Senate Committee on Aging.
In those calls, the scammer impersonates an IRS official, demanding payment or sensitive information. In some cases, scammers have been known to threaten to suspend licenses, close businesses or even arrest individuals if they fail to pay fake bills.
“The overall goal is cyber criminals trying to file taxes on behalf of that person,” Becenti told The Hill. And once an individual falls victim, scammers can run further schemes. “Ultimately, they have their Social Security number. … Now they have the ability to open up fraudulent accounts on behalf of that individual.”
CHANGE OF PACE: Facebook sued a marketing company Thursday, alleging in federal court that the firm “improperly” collected data from users of the social media platform.
The lawsuit, filed in the Northern District Court of California, claimed oneAudience paid developers to use a malicious software development kit, or SDK, in their apps.
SDKs are tools that let developers make apps more quickly.
OneAudience’s SDK collected data in an improper fashion from Facebook users who opted to log in to certain apps, the lawsuit alleged.
Facebook claimed the data included names, email addresses and gender, in limited cases.
Facebook said it sent a cease-and-desist letter to oneAudience in November, but claimed the company did not cooperate with a requested audit.
OneAudience did not immediately respond to a request for comment.
In a blog post, Jessica Romero, Facebook’s director of platform enforcement and litigation, wrote that the lawsuit was filed to protect the platform’s users.
“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she wrote. “Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies.”
CAMEO: Former Illinois Gov. Rod Blagojevich (D) joined an app where people can pay for personalized video messages after President Trump commuted his sentence on corruption charges earlier this month.
Blagojevich is on the app Cameo offering personal messages for $100.
“Hey it’s Rob Blagojevich. I’m very excited to connect with you on Cameo. If you want a birthday greeting, an anniversary greeting, motivation or any other kind of shoutout, I can’t wait to hear from you,” the former lawmaker said on his account.
The app features a variety of celebrities and personalities that offer personalized messages for fans upon request.
Former Trump White House press secretary Sean Spicer also has an account on the app, as does former Trump administration communications director Anthony Scaramucci, former Trump aide Omarosa Manigault and former Trump campaign manager Corey Lewandowski.
Trump commuted Blagojevich’s sentence earlier this month. He called Blagojevich’s 14-year sentence “ridiculous”
“He served eight years in jail, a long time. He seems like a very nice person — don’t know him,” Trump said.
A LIGHTER CLICK: Hope y’all are happy
AN OP-ED TO CHEW ON: Indictment of Chinese hackers is wake-up call for better public-private cooperation
NOTABLE LINKS FROM AROUND THE WEB:
Vatican joins IBM, Microsoft to call for facial recognition regulation (Reuters / Philip Pullella, Jeffrey Dastin)
The World Health Organization has joined TikTok to fight coronavirus misinformation (Verge / Makena Kelly)
Walmart is quietly working on an Amazon Prime competitor called Walmart+ (Recode / Jason Del Rey)