Lawmakers Question FBI’s Push for Backdoors in Encrypted Devices

Ivan C/Shutterstock.com

They also push a wave of privacy bills post-Facebook’s Hill visit.

A bipartisan crew of 10 House lawmakers took FBI Director Christopher Wray to task Friday following an inspector general report that found the bureau rushed to court to force Apple to help it break into the encrypted iPhone used by San Bernardino shooter Syed Farook in 2015 without exploring other options.

Ultimately, the FBI withdrew its case against Apple when an unnamed third party offered to sell the bureau a tool to break into the phone without Apple’s help—a tool that a separate FBI division knew was nearly complete when the FBI first brought the Apple case, the IG found.

The rush to litigation, detailed in the IG report, suggests the FBI hasn’t been completely honest about the threat that warrant-proof encryption systems pose to national security, the lawmakers write.

Wray and his predecessor James Comey have warned that such end-to-end encryption systems allow criminals and terrorists to “go dark” online. The FBI has said it encountered 7,800 locked mobile devices that it could not access last year.

The lawmakers, including Rep. Zoe Lofgren, D-Calif., and Darrell Issa, R-Calif., ask whether the FBI has worked with companies that might be able to help it hack into the 7,800 locked devices the bureau says it was stymied by last year. The lawmakers also want to know if the FBI has explored other options, such as accessing the same data in the cloud.

Lawmakers Poke at Zuckerberg

Mark Zuckerberg’s marathon testimony this week before two congressional appeared to raise more questions than it answered regarding data privacy, online politicking and the tech industry’s influence on society. The hearings renewed calls to regulate the social media giant, and lawmakers grilled the Facebook CEO on a handful of bills that would scale back the company’s power over personal information and address close some of the online loopholes that allowed Russian actors to meddle in the 2016 election.

Among the potential legislation are two bills that would create mandatory opt-in policies for companies collecting user data, a measure that would require companies to notify customers of data breaches within 30 days, and an amendment that would force web platforms to disclose who paid for political ads on their site.

Three Cyber Threat Indicators and a Pickle Jar as Big as Your Head, Please

The Homeland Security Department is urging large and cyber-savvy companies that might not necessarily benefit from the department’s automated indicator sharing program for cyber threat data to sign up anyway, Secretary Kirstjen Nielsen told House appropriators Wednesday.

The department’s expectation is that smaller companies will benefit from information those larger companies share, Nielsen said, describing it as the Costco model: “The more people who join this program, the better information that we can give out.”

House Approps Getting in on the Cyber Game

During that same hearing, Rep. Dutch Ruppersberger, D-Md., announced he’s prepping a report for the House Appropriations Committee about Homeland Security’s cyber authorities. Major topics for the report will include the department efforts to counter leaks of cyber tools, threats to industrial control systems and information sharing between government and the private sector, Ruppersberger said.

Ruppersberger also urged a subcommittee hearing focused on cybersecurity, an idea Nielsen said she supported.  

From the Department of Weights and Measures

Three top former cyber officials endorsed in principle, a bill from Rep. Joe Wilson, R-S.C., Wednesday that would create a measuring system for the severity of digital attacks. Wilson’s goal is to develop a common language that will help government prioritize cyber threats and gauge the appropriate responses, a goal that appealed to Former Homeland Security Secretaries Jeh Johnson and Michael Chertoff and former National Security Agency Director Keith Alexander.

Johnson warned, however, that cyberattacks vary widely and it would be difficult to clearly measure them across targets.

Bill Aims to Boost Defense Manufacturer Cyber Protections

A consortium of public-private partnership groups that help manufacturers meet federal guidelines would receive broader authority to help defense manufacturers amp up their cyber protections, under a bill introduced Friday by House and Senate lawmakers.

The bill would authorize Manufacturing Extension Partnerships to conduct voluntary assessments of small defense manufacturers’ cyber protections and to help those manufacturers implement fixes for cyber vulnerabilities.

Sponsors include Rep. Jimmy Panetta, D-Calif., and Sen. Chris Coons, D-Del.

Anti-Sex Trafficking Act Signed into Law

Days after federal authorities on April 7 seized Backpage.com, a classifieds website often accused of enabling prostitution and child trafficking, President Donald Trump signed the Allow States and Victims to Fight Online Sex Trafficking Act into law. The signing followed a months-long debate over whether the bill aimed at curbing internet sex trafficking would stifle internet freedom and stunt the growth of small tech companies. The legislation will arm state and local prosecutors with a new set of legal tools to take action against web platforms that “knowingly” facilitate sex trafficking or prostitution.

“The political people around the desk, every one of them—Democrat and Republican—have worked very hard,” Trump said before signing the bill Wednesday.  “It was surprisingly difficult—you would think it would be easy, but it was much more difficult than any of us would have assumed because people have reasons. This should not have been as hard and it shouldn't have taken as long.”

COMING UP

Congress has a blockbuster week for tech and cyber issues this week. Here’s a rundown.

On Monday at 5 p.m., the House Rules Committee will consider bills including one aimed at boosting technology and cybersecurity at the IRS and another protecting children from identity theft.

On Tuesday at 10 a.m., the House Armed Services Committee will hear from the Pentagon’s Defense Innovation Board and its undersecretary of Defense for research and engineering.

At that same time, a House Appropriations panel will hold a budget hearing for the General Services Administration.

At 10:15 a.m., the House Energy Committee will convene a hearing on internet prioritization.

On Wednesday at 10 a.m., the Senate Commerce Committee will examine how to end abusive robocalls.

At the same time, the Senate Judiciary Committee will conduct an oversight hearing of the U.S. Patent and Trademark Office, and the House Oversight Committee will hold a hearing on top management and performance challenges identified by inspectors general across the government.

At 10:30, a House Appropriations Committee will delve into challenges, technical and otherwise, facing the 2020 census.

At 2 p.m., a House Oversight panel will hold its third hearing on game changers in artificial intelligence.

At 2:30, a Senate Armed Services panel will study new technologies and emerging threats in the Defense Department.