Joseph Marks

The Justice Department is giving up on an encryption truce with Big Tech

The Justice Department has essentially given up hope that tech companies will voluntarily build into their products a special way for law enforcement to access encrypted communications to help track terrorists and criminals. Instead, the department is focusing on getting legislation that forces companies to cooperate –  and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the US, said John Demers, assistant attorney general for national security. “If there were a proposal from tech companies or a desire to talk about this issue t

China is poised to lead in 5G. That's partly Washington's fault, Sen. Warner says.

The US government has been too slow to respond to China’s technological rise and aggression in cyberspace — and it could pay a big price. That's according to Sen Mark Warner (D-VaA), who blasted congressional dysfunction and mismanagement by both the Trump and Obama administrations for a complacency that allowed Chinese companies to get ahead in next-generation 5G wireless networks. The risks are big: Intelligence officials fret Beijing could use that position to spy on Americans or sabotage US companies.

FEC approves free cybersecurity for campaigns despite influence concerns

The Federal Election Commission gave the go-ahead to a nonprofit organization seeking to offer free cybersecurity services to political campaigns, upending rules that typically consider such free services illegal campaign contributions. The FEC’s reasoning, in a nutshell, was that it ordinarily bans such services due to the possibility people might try to cash in on political favors later. But in this case, the risk of Russian and Chinese hackers running roughshod over the 2020 elections is far worse.

Federal agencies are spending millions to hack into locked phones

A $1.2 million tab for iPhone hacking technology at US Immigration and Customs Enforcement underscores how pervasively law enforcement is cracking into passcodes and other security features Americans use to keep their information private.

What do Kamala Harris, Elizabeth Warren and Kirsten Gillibrand have in common? Cybersecurity chops

With Sen Kamala Harris (D-CA) joining the field of 2020 hopefuls, all Democratic senators now running for president have pushed for major cyber policy reforms -- from cracking down on election interference to stemming the flood of data breaches. Sen Harris was a co-sponsor of the Secure Elections Act (S 2261) while Sen Kirsten Gillibrand (D-NY) backed a separate bill that would have launched a 9/11 Commission-style investigation into Russian interference in the 2016 election.

White House emails are highly vulnerable to hackers and spammers, new data shows

The White House, which has boasted of taking unprecedented actions to secure the nation’s digital infrastructure, isn’t doing enough to protect its own emails from being copycatted by hackers and spammers, according to data by the email security firm ValiMail. It isn't following its own administration's rules that require protections against the threat known as email spoofing, according to the company. That makes it comparatively easy for fraudsters posing as White House officials on email to deliver malware to citizens or to con them into giving up personal information.

Republicans and Democrats are feuding over the Equifax breach

Republican leaders of the House Oversight Committee released a scathing report about the Equifax data breach on Dec 10, detailing a series of security failures that preceded the 2017 compromise of 140 million Americans’ personal information. A few hours later, committee Democrats released a competing report about the consumer credit reporting agency, lashing out at their Republican colleagues for not demanding new cybersecurity laws to prevent the next major data breach.

The House is Shuttling Through Tech and Cyber Bills but the Senate's Behind

The House passed a slew of tech and cyber bills the week of Sept 3, ranging from imposing automatic sanctions on foreign hackers to creating a new chief data officer position at the Homeland Security Department. With a tight legislative calendar before this Congress turns into a pumpkin in January, however, the Senate will have to work fast if any of those bills are going to become law.

You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say

How concerned should Americans be about a White House shuffle that removed the cybersecurity coordinator position? Significantly concerned, according to a collection of top cybersecurity policy experts.  White House National Security Adviser John Bolton eliminated the cybersecurity coordinator position soon after taking office in May.

GAO Probing FCC Claims of Denial-of-Service Attack

The Government Accountability Office is investigating the Federal Communications Commission’s claim that its commenting system suffered a distributed denial-of-service attack during a controversial debate over repealing net neutrality rules in May 2017. The alleged DDoS attack, which slowed but did not completely disable the commenting site, came after comedian John Oliver urged his viewers to submit comments opposing the net neutrality rewrite favored by the Trump administration. The timing has led some critics to suggest the massive increase in traffic to the FCC commenting site may have

Huawei Slams FCC Efforts to Bar It From Federal Communications Program

The Federal Communications Commission’s efforts to block the Chinese company Huawei from US telecommunications contracts and supply chains is unconstitutional, misguided, “arbitrary and capricious,” Huawei said. The Chinese telecom giant devoted more than 100 pages to savaging the FCC proposal, which would deny money from the commission’s Universal Service Fund to companies that purchase equipment or services from companies that are deemed threats to national security. That list would include Huawei and ZTE, another Chinese telecom.

How the US Government Learned to Stop Worrying About The Global Internet and Kicked Russians Off Its Networks

The global internet is a lot less global than it was a few years ago. The US government, which used to be the loudest advocate for knocking down digital barriers, has begun to erect barriers of its own since the 2016 election and the Russian hacking and influence operation that upended it. US officials and lawmakers once merely condemned Russian and Chinese laws that forced tech companies to share their source code or to store citizens’ data within national borders.

A Homeland Security Department advisory group wants to help emergency responders control the social media conversation

State and federal emergency responders should have plans ready to go to counter rumors, misinformation and fake news in the wake of disasters, according to a new white paper from a Homeland Security Department advisory group. Those plans should include actively correcting misinformation on Facebook and Twitter with hashtags such as #rumor and #mythbuster, according to the draft report, which the Homeland Security Science and Technology Advisory Committee approved for final publication Feb 22.

Here's A Way To Boost Congress' Tech Savvy

Congress should legislate on technology like it’s 1995, according to a policy paper from R Street Institute, a right-leaning think tank. Specifically, Congress should reinstate the Office of Technology Assessment, an internal research organization that advised congressional committees on thorny questions about emerging technology and science.

Democratic Reps wants to commit $400 million to secure future elections from hackers

A panel of Democratic Reps wants to commit $400 million to secure future elections from hackers. That $400 million is what’s left over in appropriated funds from the 2002 Help America Vote Act, which focused on making voting easier for people with disabilities. The money could be used to replace outdated and unsecure voting machines that lack paper receipts for votes, the Democrats’ independent election security task force said in a Nov 20 letter to leaders of the House Appropriations Committee.

What President Trump's Skinny Budget Says About Cybersecurity

President Donald Trump’s 2018 budget blueprint touts major investments in cybersecurity, including a $61 million hike to help the FBI and the Justice Department combat criminals and terrorists’ use of encrypted communication tools. The document is light on specifics, however, and does not include a top line figure for cyber investments.

The budget proposal would give the Defense Department a boost of more than $50 billion, largely by ending the automatic budget cuts known as sequestration, for a total request of $639 billion. That money would be aimed at building a “more capable, and more lethal joint force” and at ensuring US superiority in major domains including cyberspace. That Pentagon budget would include $7.2 billion for operations and maintenance, including improving cyber capabilities, according to a White House memo. The blueprint lacks a specific figure, however, for all DOD cyber priorities at US Cyber Command and elsewhere.

WH Names Cyber Adviser to Economic Council

A former technology counsel for the House Commerce Committee will be heading up technology and cybersecurity policy for the National Economic Council, the White House announced. Grace Koh’s official title will be special assistant to the president for technology, telecom and cybersecurity policy. Koh was previously a policy counsel for the cable company Cox, where she focused on video, data and broadband issues and represented Cox before the Federal Communications Commission and other federal agencies. Koh was one of 13 National Economic Council officials named by Director Gary Cohn. Other officials will focus on energy, infrastructure, health care and other topics.

The Knowns and Unknowns of Trump's Cyber Plan

Donald Trump will be sworn in as the nation’s 45th president Jan 20 with cybersecurity looming larger than it has for any of his predecessors—and with many unknowns about how he’ll tackle the issue. Here’s a rundown of what we know and what we don’t.

‘Review on hacking’: Trump has promised a “major review on hacking” within his first 90 days in office, declaring, “we have no defense” and “we’re run by people that don’t know what they’re doing.”
The Giuliani Factor: The day after that press conference, Trump announced former New York City Mayor and Trump campaign supporter Rudy Giuliani would advise him on cybersecurity and help convene a rotating panel of private-sector leaders to discuss the issue. It’s unclear, however, what role that private-sector group will play in the 90-day review.
Who’s on First?: It’s also unclear if Trump will seek to rejigger the current governmental structure for cyber responsibilities and cyber incident response.
An Energized Cabinet but Few Details: Trump’s cabinet nominees have pledged to make cybersecurity a priority if confirmed, though they’ve made no hard promises and none have extensive backgrounds in the field.
An Attentive Congress: Whatever moves Trump and the executive branch make on cybersecurity, it’s clear Congress will be paying close attention and the battle over Russian sanctions will only be the starting line.

Trump Administration Highlights Offensive Cyber in First Moment

President Donald Trump’s administration Jan 20 highlighted offensive cyber actions among its first digital messages to the American people. Updates to the White House website’s issues page, posted moments after President Trump’s inauguration, included developing “defensive and offensive” capabilities at US Cyber Command and engaging in “cyber warfare” to disrupt recruiting and propaganda by the Islamic State.

The Defense Department was wary of discussing its offensive cyber capabilities during the Obama administration, acknowledging for the first time it might go on cyber offense when directed by the president in a 2015 cyber strategy update. Former Defense Secretary Ash Carter acknowledged in 2016 the military was using cyber tools to combat ISIL. Trump pledged to surge U.S. cybersecurity during his campaign and after his election, though numerous questions remain about how precisely he’ll attack the issue. Trump has signaled he may shift some domestic cyber responsibilities from the Homeland Security Department to the Defense Department, a move that would likely require the consent of Congress.

President Obama's Cyber Legacy

The Obama Administration made an unprecedented all-fronts effort to secure cyberspace. So, why are we less secure? For eight years, cyberspace proved the Obama Administration’s most unpredictable adversary, always twisting in new directions and delivering body blows where least expected. The administration took the cyber threat seriously from day one, launching reviews, promulgating policy, raising defenses and punishing cyberspace’s most dangerous actors. That included imposing sanctions against Russia and North Korea and indicting government-linked hackers from China and Iran.

But, in the end, cyberspace won. President Barack Obama will leave office this week following an election in which digital breaches ordered by Russian President Vladimir Putin helped undermine the losing candidate Hillary Clinton, sowed doubts about the winner Donald Trump’s legitimacy and damaged faith in the nation’s democratic institutions. If there is one fundamental reason for the Obama Administration’s inability to claim victory over cybersecurity, experts and former officials say it is this: The threat grew and mutated faster than the administration’s ability to deal with it.

Police Use of Phony Cellphone Towers Needs to be Reined In, Lawmakers warn

Congress should pass legislation to ensure that phony cellphone towers police use to locate criminals and fugitives are used consistently across the country, according to a bipartisan congressional report released Dec 19. In the absence of those laws, the Justice and Homeland Security departments should refuse to approve the sale of those devices, known as “cell-site simulators” or “stingrays,” to state and local law enforcement unless they agree to abide by current federal rules, according to the staff report from the House Oversight and Government Reform Committee.

The report is the result of a year-long staff investigation into stingrays, which federal law enforcement agencies frequently used to track criminals without warrants and using a standard lower than probable cause prior to policy shifts in September and October 2015. Those lower standards are still used by many states and localities, according to the report, which determined “the use of cell-site simulators by state and local law enforcement agencies was not governed by any uniform standards or policies.”

President-elect Trump Appoints Legislative Cyber Leaders to Transition Team

President-elect Donald Trump named a trio of congressional cyber leaders to his transition team, including House Intelligence Chairman Devin Nunes (R-CA). The appointments could give some indication of a serious cyber focus for the incoming Trump Administration, whose cyber positions have been largely opaque.

Rep Nunes, who co-sponsored the House version of cyber information sharing legislation that became law in 2016, has been floated as a possible successor to James Clapper as director of national intelligence. Rep Nunes has led the intelligence committee since the beginning of the current Congress. He will serve on the transition team’s executive committee. Rep Marsha Blackburn (R-TN) will serve as a vice chair of the transition team. Rep Blackburn is vice chairwoman of the House Commerce Committee and co-sponsor of a bill that would create a national standard securing customer data and a standard benchmark for when companies must notify customers about a breach. Also on the executive committee is Rep Tom Marino (R-PA) who serves on the House Homeland Security Committee panel with responsibility for cybersecurity.

Tech, Security Sectors Fear Renewed Crypto Fights Under Trump

As President-elect Donald Trump fills out national security and law enforcement posts in his new cabinet, the future of encryption may hang in the balance. On the campaign trail, the president-elect was a committed foe of cop-proof encryption systems that shield customer communications even from the communications provider. Most prominently, he urged supporters to boycott Apple over the company’s refusal to help the FBI bypass a security feature that prevented cracking into the encrypted iPhone used by San Bernardino shooter Syed Farook.

Supporters of strong encryption are also aware the president-elect has reined in some of his more controversial positions. They’re watching closely to see if his encryption stance may soften once he’s in the White House. “I think that’s going to be a prominent topic for a lot of the individuals engaged with the new administration, to make sure there’s a full understanding of the impact [of the encryption debate],” Ann Barron-DiCamillo, former director of the Homeland Security Department's Computer Emergency Response Team told Nextgov. “Understanding that impact and not just talking about it during a campaign is a very different place.”

Sens Wyden, Coons Slam DOJ Reply on FBI Hacking Power Expansion

Sens Ron Wyden (D-OR) and Chris Coons (D-DE) slammed the Justice Department for ducking lawmakers’ questions about an upcoming expansion of FBI hacking powers.

Sens Wyden and Coons were among 11 senators and 12 House members who queried DOJ about the hacking powers expansion in Oct. The department’s reply, which arrived Nov 22, should be “a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” Sen Wyden wrote. Sens Wyden and Coons are also cosponsors of a bipartisan bill that would put a nine-month hold on the powers expansion, which will go into effect Dec 1 unless Congress intervenes. The expansion is an update to Rule 41 of the Federal Rules of Criminal Procedure. Under the revised rule, a federal judge would be able to issue a warrant allowing police to hack into computers in multiple judicial districts rather than just the district in which that judge presides. Judges could also issue warrants to search a computer or device when the user has masked the device’s location.