Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow the cyber team, Maggie Miller (@magmill95), and the tech team, Emily Birnbaum (@birnbaum_e) and Chris Mills Rodrigo (@chrisismills).
TIKTOK ON THE CLOCK: Senate Minority Leader Charles Schumer (D-N.Y.) and Sen. Tom Cotton (R-Ark.) on Thursday asked U.S. intelligence officials to assess whether Chinese-owned social media platform TikTok poses “national security risks.”
“Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party,” the lawmakers wrote in a letter to acting Director of National Intelligence Joseph Maguire.
“Given these concerns, we ask that the Intelligence Community conduct an assessment of the national security risks posed by TikTok and other China-based content platforms operating in the U.S. and brief Congress on these findings.”
The senators also raised concerns that TikTok may be adhering to Chinese censorship rules to limit what users can see, including content related to pro-democracy protests in Hong Kong and the treatment of the minority Uighur population.
Schumer and Cotton also raised concerns that TikTok could be a “potential target of foreign influence campaigns like those carried out during the 2016 election on U.S.-based social media platforms.”
TikTok pushes back: The company – which recently hired two former lawmakers to bolster its U.S. presence – denied in a blog post that it has ever removed content or shared data at China’s request.
“TikTok does not remove content based on sensitivities related to China,” TikTok wrote. “We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period.”
THIRD TIME’S THE CHARM: The House on Wednesday evening passed a bill aimed at preventing foreign interference in U.S. elections, marking the latest attempt by Democrats to move election security legislation through Congress ahead of 2020.
The measure passed in a 227-181 vote, mostly along party lines. One Democrat joined Republicans in voting against the Strengthening Harmful Interference in Elections for a Lasting Democracy (SHIELD) Act, which focuses on paid online political advertisements.
The bill, sponsored by House Administration Committee Chairwoman Zoe Lofgren (D-Calif.), would require campaigns to report any illicit offers of assistance by foreign governments or agents and would take steps to ensure that online political advertisements are subject to the same rules as TV and radio ads.
“The 2020 federal elections are fast approaching. Public confidence and trust in our elections is of the utmost importance,” Lofgren said on the House floor before the vote. ” and fair elections are at the core of what it means to live in a democracy like ours. … It is our solemn duty to defend them.”
Republicans raised concerns the legislation would infringe on First Amendment rights.
Rep. Rodney Davis (Ill.), the top Republican on the House Administration Committee, said on the House floor that the bill had “no chance, zero chance of becoming law.”
The bill marks the third time this year the House has passed major legislation addressing various aspects of election security, with the For the People Act and the Securing America’s Federal Elections Act both also passing along party lines.
BREACH INVESTIGATION: Sens. Elizabeth Warren (D-Mass.) and Ron Wyden (D-Ore.) urged the Federal Trade Commission (FTC) on Thursday to investigate whether Amazon’s failure to secure its servers, which resulted in a breach that exposed the personal data of 100 million Americans, was a violation of federal law.
Warren and Wyden wrote in a letter to FTC Chairman Joseph Simons on Thursday that Amazon “knew, or should have known” that their Amazon Web Services (AWS) cloud server, which the company rented to Capital One to store data, was vulnerable to cyberattacks.
The massive data breach was revealed in July when Capital One announced that an individual was able to gain access to the data of both credit card customers and those who had applied for credit cards. The data of 6 million Canadians was also included in the breach, with some Social Security and credit card numbers among the compromised data.
Former Amazon employee Paige Thompson was subsequently arrested and indicted by a federal grand jury in August for allegedly breaching servers containing customer data from Capital One and approximately 30 other companies.
Thompson was arrested after she posted about her theft of the data on GitHub and another user reported her to Capital One, which then alerted the FBI.
Wyden, who serves as the top Democrat on the Senate Finance Committee, and Warren, who serves on the Senate Banking Committee, made the case that Amazon may have broken the law through its failure to secure its servers against server side request forgery (SSRF) attacks, the method allegedly used by Thompson to gain access to the data.
HANDLE WITH CARE: Sen. Maggie Hassan (D-N.H.) is asking the Government Accountability Office (GAO) to review Department of Homeland Security (DHS) policies for sharing Americans’ personal information with contractors, citing recent data breaches that exposed the information.
Hassan in a letter to Comptroller General Gene Dodaro zeroed in on the access contractors have to personally identifiable information, or PII, collected by DHS.
The senator, who serves on the Homeland Security and Governmental Affairs Committee, asked GAO to examine DHS requirements for contractors that have access to the information, along with any steps the agency takes if a data breach involving PII occurs.
“In many cases, DHS leverages the capabilities and expertise of contractors to assist it in its mission, and these contractors also have access to millions of Americans’ PII,” Hassan wrote. “While the department’s functions are essential, it is also essential that it protect the PII that is collected on the department’s behalf from improper access or use.”
Hassan cited three data breaches of DHS contractors over the past year that have exposed personal information, including a June incident involving a U.S. Customs and Border Protection contractor’s network that led to the theft of photos of travelers at the border.
NEW INTERNATIONAL PARTNERSHIP: The United States and South Korea on Thursday launched a bilateral partnership focused on deepening technological collaboration, aiming to find solutions for security issues, natural disasters and infectious diseases.
The agreement between the Department of Homeland Security (DHS) Science and Technology Directorate and South Korea’s Ministry of Science and Information Communication Technologies was confirmed in a memorandum of understanding.
“This is a great opportunity to discuss mutual challenges, shared priorities, and joint opportunities that will yield benefits and positive impact to our citizens,” William Bryan, a DHS senior official performing the duties of the under secretary for science and technology, said in a statement.
“Both of us bring a wealth of technical expertise and creative insights, which collectively can help achieve better informed decisions on where research and development investments can and should be made.”
HIDE AND SEEK: A senior Facebook official says Russian operatives trying to spread misinformation ahead of next year’s presidential election are adopting new tactics to try and remain undetected, according to a report in Reuters on Thursday.
Nathaniel Gleicher, Facebook’s head of cybersecurity policy, told Reuters that the company has taken steps that are leaving those with fake accounts struggling. In turn, Russian accounts are cutting back on their followers and being more careful in introducing new content to avoid detection.
“If you are very, very loud, if you go viral very, very fast that’s exactly the sort of thing that our automated systems will detect and flag,” Gleicher told the news source. “So when actors have really diligent, deliberate and effective operational security it weakens their ability to build an audience.”
Gleicher’s comments come after a network of Instagram accounts that was targeting U.S. users and was linked to Russia’s Internet Research Agency was disbanded by Facebook on Monday.
In total, the network of accounts had about 246,000 followers, with 60 percent of those followers being Americans. However, according to Facebook, that number is well short of the 126 million Americans who possibly saw Russian-made content regarding the 2016 election.
TAKING THE PLUNGE: Twitter shares plunged on Thursday after the company reported third-quarter sales that missed expectations and said fourth-quarter revenue would be lower than projected.
The social media giant reported that sales in latest quarter increased 8.6 percent to $823.7 million, below predictions of $876 million. It also said revenue for the three months ending in December would top out at $1.01 billion rather than the projected $1.06 billion.
Its shares fell 15 percent after the market opened.
“Greater-than-expected advertising seasonality” and “revenue product issues” were to blame for the disappointing results, the company said in a letter to shareholders.
Twitter earlier this year outlined settings issues that had allowed it to access users’ data without their permission to display targeted advertisements and measure their effectiveness for marketers. Its letter indicated that removing that data adversely affected the company.
I’LL BE WATCHING YOU: Google employees are reportedly accusing leaders at the company of creating a surveillance tool critics think will be used on worker attempts to organize or talk about labor rights.
Bloomberg News obtained a memo written by an employee that discussed workers’ concerns. Workers reportedly said they found a team at the company making a tool for workers’ Google Chrome browser that would search internal systems.
The tool would flag staffers who create calendar events with more than 10 rooms or 100 people, the memo said, according to Bloomberg.
It reportedly claimed that the most likely reason is that “this is an attempt of leadership to immediately learn about any workers organization attempts.”
Google denied the allegation in a tweet.
“These claims about the operation and purpose of this extension are categorically false. This is a pop-up reminder that asks people to be mindful before auto-adding a meeting to the calendars of large numbers of employees,” the company said.
CALLED OUT: CNN President Jeff Zucker on Thursday denounced Facebook for what he called its “absolutely ludicrous” policy that exempts political advertisements from fact-checking.
“[Facebook] took so much heat, rightly so, for what happened in 2016 and for the political advertising that aired on there,” Zucker said during a CNN Citizen conference. “And now they say that political advertising is just a tiny part of their business, but that they’re not going to fact-check anything and they’re going to take all political advertising whether it is true or not. I think that is absolutely ludicrous and I think that they should be called out.”
Zucker went on to cite his network’s policy surrounding advertisements, saying that CNN has already turned down two ads from President Trump‘s reelection campaign because they didn’t meet its standards.
“We have an obligation at CNN, if a political ad comes along and it’s not true, we’re not going to take it,” he said. “We’ve turned down I think two ads from the Trump campaign. We’ve taken two. We don’t have anything against taking those ads. But we’re only going to take them when they’re truthful.”
A LIGHTER CLICK: What’s his name again?
AN OP-ED TO CHEW ON: Congress must confront online extremism
NOTABLE LINKS FROM AROUND THE WEB:
Why scientists are so excited about “quantum supremacy.” (Vox)
FCC would auction satellite airwaves under bipartisan House bill. (Bloomberg Law)
Amazon profits pinched by speedy shipping push. (The Washington Post)