Derek Hawkins

It took just three days for Facebook to notify authorities and the public that hackers had compromised as many as 50 million user accounts on the social media platform. A swift response. But the flip side: Facebook leaders did not have enough information to paint a clear picture of the hack and the risk to its users during the announcement. They didn’t offer details about who the attackers were, or what motivated them. Nor could they say where the affected users were located or how many users of Facebook-linked third-party applications were affected.

Executives from major technology companies including Apple and Google expressed broad support for a national consumer privacy law in a hearing Sept 26, but offered few concrete specifics for how such a law might be best crafted. Lawmakers are no longer questioning whether technology companies should be regulated -- the conversation on Capitol Hill has shifted to how they can design a consumer privacy law that would span a broad swath of US tech and telecommunications companies with divergent data-collection practices.

After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority.  The Cybersecurity and Infrastructure Security Agency Act (HR 3359), which has been in the works since the Obama administration, would give the department a stand-alone cybersecurity agency with the same stature as other DHS units, such as the Federal Emergency Management Agency.

The FBI is asking a federal judge in CA to force Facebook to break the encryption on its Messenger app so investigators can listen in on an alleged MS-13 gang member's voice conversations. The case, which remains under seal, raises some of the same privacy concerns as the FBI’s unsuccessful effort to force Apple to engineer a way into the encrypted iPhone of one of the San Bernardino (CA) mass shooters. But the FBI’s request in the Facebook case could have a broader impact, since the bureau reportedly wants to intercept communications in real time.

Google is drawing fire from the privacy community for quietly tracking the location of smartphone users -- even when they took specific steps to prevent the tech giant from doing so. Google services on Android devices and iPhones stored users’ location data even if they turned off the setting known as “Location History.”  The move could bring the company new attention from lawmakers. Sen Richard Blumenthal (D-CT) has already spoken out, saying on Twitter, "Google’s relentless obsession with following our every movement is encroaching  & creepy.

Sen Ben Sasse (R-NE) says the Trump Administration needs to get serious about cyberdefense. And he’s taking some cues from history with the hope of kicking the administration into action. Tucked in a massive defense policy bill Congress appears poised to pass in the coming weeks is a measure from Sen Sasse that would create a commission of top national security officials, lawmakers and experts to draw up a comprehensive cyberdefense strategy for the country. The proposal is based on the Project Solarium Commission, a Cold War effort President Dwight D.

The Justice Department has had some setbacks lately in its push for access to encrypted devices. But now it’s doubling down. In a highly anticipated cyber task force report commissioned by Attorney General Jeff Sessions, DOJ outlines a 7-point plan to tackle what it calls the "going dark" problem posed by the spread of strong encryption. Among them: Considering whether to pursue legislation to give law enforcement a guaranteed way in to encrypted devices and software in criminal investigations.

Lawmakers are turning up the pressure on Google and Amazon to reconsider their ban on a powerful anti-censorship technique used by millions of people worldwide to bypass restrictions on Internet access.

The Supreme Court’s recent ruling that police must get a warrant to access the vast trove of location information wireless carriers collect on their customers marks a breakthrough for privacy rights. But the majority in Carpenter v. United States sidestepped key issues about whether police can still access location data in real time or for short periods without a warrant. These gaps will likely give rise to a flurry of new legal challenges --- and are already sparking calls for Congress to step in to fix potential loopholes.

Legislation to rein in Facebook’s practices — and even stiff penalties from the Federal Trade Commission — are starting to look like a real possibility, even in a Congress typically slow to move on tech issues.  Lawmakers are pointing to two main vehicles emerging in Congress.  One is the Consent Act, a bill sponsored by Sen Ed Markey (D-MA) that would require Facebook and other tech companies such as Google to get explicit permission from users before doing anything with their personal information.