Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules

The subcommittee chair said the FCC has the ability to act now in response to Salt Typhoon targeting the 2024 presidential campaigns.

The post Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules appeared first on CyberScoop.

Continue reading Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules

FTC warns it will go after ed tech companies misusing children’s data

The crackdown comes as lawmakers look to update children’s privacy protections.

The post FTC warns it will go after ed tech companies misusing children’s data appeared first on CyberScoop.

Continue reading FTC warns it will go after ed tech companies misusing children’s data

Biden to push for strengthening children’s privacy in State of the Union address

President Biden will urge Congress to strengthen children’s privacy protections in his State of the Union address Tuesday, following growing concerns about the potential mental health impact online platforms cause children — an issue that Congress has repeatedly hauled in tech giants to address in hearings in recent months. A fact sheet released prior to the speech grouped the initiative into four distinct calls to action: banning targeted advertising for children, prioritizing safety design standards for online platforms, stopping discriminatory algorithmic decision-making and investing at least $5 million in fiscal year 2023 toward research on social media’s effects on mental health. “The President believes not only that we should have far stronger protections for children’s data and privacy, but that the platforms and other interactive digital service providers should be required to prioritize and ensure the health, safety and well-being of children and young people above profit and revenue in […]

The post Biden to push for strengthening children’s privacy in State of the Union address appeared first on CyberScoop.

Continue reading Biden to push for strengthening children’s privacy in State of the Union address

The new EARN IT Act poses an even greater threat to encryption, experts say

The Senate Judiciary Committee will consider legislation Thursday that privacy advocates are warning could pose a major threat to encrypted technologies. “Everyone who communicates with others on the internet should be able to do so privately,” a diverse group of civil society groups wrote in a letter Wednesday to the committee’s leaders. “But by opening the door to sweeping liability under state laws, the EARN IT Act would strongly disincentivize providers from providing strong encryption.” The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act), introduced for the first time in 2020 by Sens. Lindsey Graham, R-S.C., and Richard Blumenthal, D-Conn., would remove legal liability immunity from tech platforms found in violation of federal or state laws regarding child sexual abuse materials (CSAM). The pair reintroduced the bill last month and it drew immediate criticism from privacy and civil liberties advocates who say the bill could jeopardize […]

The post The new EARN IT Act poses an even greater threat to encryption, experts say appeared first on CyberScoop.

Continue reading The new EARN IT Act poses an even greater threat to encryption, experts say

Lawmakers want more transparency on SolarWinds breach from State, VA

Two Democratic senators are calling on the departments of State and Veterans Affairs to brief lawmakers on how their agencies have been impacted by the SolarWinds breach. The breach, in which suspected Russian government-backed hackers backdoored a network management product called SolarWinds Orion, could have infected thousands of federal government agencies and private sector entities with malware, according to SolarWinds. And although the State Department has reportedly been compromised during the course of the supply-chain espionage operation, the department has not been forthcoming about the extent of the damage, according to Sen. Bob Menendez, D-N.J. “While several other cabinet agencies that are victims of this cybersecurity breach have publicly acknowledged having been attacked, to date the Department of State has been silent on whether its computer, communication and information technology systems were compromised,” Menendez wrote in a letter he sent Wednesday to Secretary of State Mike Pompeo. The Department of […]

The post Lawmakers want more transparency on SolarWinds breach from State, VA appeared first on CyberScoop.

Continue reading Lawmakers want more transparency on SolarWinds breach from State, VA

Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic. The senators warned that if Gen. Paul Nakasone, the commander of U.S. Cyber Command, and Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA), don’t take more action to deter hackers, they will continue to pummel the U.S. healthcare sector will continue to get pummeled with coronavirus hacking campaigns. “Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” Sens. Richard Blumenthal, D-Conn.; Tom Cotton, R-Ark.; Mark Warner, D-Va.; David Perdue, R-Ga.; and Edward Markey, D-Mass. write. “The cybersecurity threat to our stretched and stressed medical and public health systems should […]

The post Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers appeared first on CyberScoop.

Continue reading Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

Senators question Pentagon over workforce’s use of data-leaking fitness app Strava

A bipartisan group of senators wants the Defense Department to explain how a popular fitness app apparently used by some U.S. military personnel, intelligence analysts and Pentagon officials led to the disclosure of secret bases and facilities around the world. Tom Cotton, R-Ark., and Richard Blumenthal, D-Conn., wrote a letter to Defense Secretary James Mattis, questioning the department’s policy for employees using wireless networks and devices on military sites after. The app, Strava, inadvertently shared a heat map that recently detailed its users’ activities, prompting a DoD-wide review of personal electronics at its installations. The heat map revealed the locations of several secret U.S. military bases when the data was dumped in November. Patrick Shanahan, deputy secretary of Defense, was wearing a Fitbit watch up until last week, potentially exposing himself to this breach. If Android users using the fitness app don’t enable the “nomap” feature — which disables a Wi-Fi network […]

The post Senators question Pentagon over workforce’s use of data-leaking fitness app Strava appeared first on Cyberscoop.

Continue reading Senators question Pentagon over workforce’s use of data-leaking fitness app Strava

Senators grill Uber CISO over 2016 breach, extortion incident

Senators rebuked Uber on Tuesday during a Senate Commerce subcommittee hearing over the company’s handling of the data breach it disclosed in November 2017, with one lawmaker calling the company’s decision to wait a year before publicly disclosing it “morally wrong and legally reprehensible.” Uber’s actions “violated not only the law but the norm of what should be expected,” said Sen. Richard Blumenthal, D-Conn., the subcommittee’s ranking member said. Uber revealed in November 2017 it paid $100,000 to delete data of 57 million users worldwide that was maliciously obtained by Florida-based hackers. The data included names, email addresses and phone numbers, and in some cases, encrypted passwords and driver’s license numbers. While Uber says that the hackers acted maliciously, the company paid them through HackerOne, which hosts Uber’s bug bounty program – a way for ethical hackers to receive payouts for informing companies about vulnerabilities. During the hearing, the lawmakers questioned Uber’s chief […]

The post Senators grill Uber CISO over 2016 breach, extortion incident appeared first on Cyberscoop.

Continue reading Senators grill Uber CISO over 2016 breach, extortion incident

National data breach notification law introduced by Senate Commerce Committee members

Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. “We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Sen. Bill Nelson, D-Fla., said in a statement. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal.  When it comes to doing what’s best for consumers, the choice is clear.” The scope of what kind of data […]

The post National data breach notification law introduced by Senate Commerce Committee members appeared first on Cyberscoop.

Continue reading National data breach notification law introduced by Senate Commerce Committee members