Category Archives: Ted Lieu

Momentum builds on federal oversight of facial recognition tech after reported abuses

Posted on by

Lawmakers in the House and Senate are considering legislation that would halt the use of facial recognition and biometric data collection tools by federal law enforcement, signaling that the controversial technologies may soon be subject to oversight after years of debate and revelations about its role in discriminatory policing. The Facial Recognition and Biometric Technology Moratorium Act, reintroduced in June by Sen. Ed Markey (D-Mass.) and Rep. Pramila Jayapal (D-Wash.), would fully ban the use of facial recognition and biometric technology by federal agencies, barring a lift by Congress. It would also block funding to state and local law enforcement who do not cease use of the tech. The bill would allow cities and states to keep and make their own laws. More than 40 privacy and civil liberties groups have thrown their weight on the Hill and organizing power behind the Biometric Technology Moratorium Act, saying that cases in […]

The post Momentum builds on federal oversight of facial recognition tech after reported abuses appeared first on CyberScoop.

Continue reading Momentum builds on federal oversight of facial recognition tech after reported abuses

Senators Prod FCC to Act on SIM Swapping

Posted on by

Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via “SIM swapping,” a particularly invasive form of fraud that involves tricking a target’s mobile carrier into transferring someone’s wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of Senate lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping. Continue reading Senators Prod FCC to Act on SIM Swapping

4G is vulnerable to same types of attacks as 3G, researchers say

Posted on by

The 4G wireless telecommunications protocol is vulnerable to the same types of remote exploitation as its 3G predecessor, new research emphasizes. As with the flaw-ridden protocol underlying 3G, the 4G protocol is susceptible to attacks that disclose mobile users’ information or impose a denial of service, according to a report from mobile-security company Positive Technologies. Security researchers have long warned that spies or hackers could exploit the protocol supporting 3G — known as Signaling System No. 7 (SS7) — to intercept or track call data. The move from 3G to 4G, and the latter’s Diameter protocol, was supposed to mitigate some vulnerabilities, but security experts also have made clear that Diameter is no safeguard against hacking. While the new research indicates 4G is vulnerable to a smaller scope of attacks than 3G, it shows that attackers could shift a user’s device to 3G mode to exploit the less-secure SS7. Further, most mobile […]

The post 4G is vulnerable to same types of attacks as 3G, researchers say appeared first on Cyberscoop.

Continue reading 4G is vulnerable to same types of attacks as 3G, researchers say

Congress wants to prevent states from weakening encryption

Posted on by

A bipartisan group of House lawmakers has reintroduced legislation that would preempt any attempts by states to weaken encryption. The bill would bar states from compelling a tech company to “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service,” according to its text. Republican Reps. Mike Bishop of Michigan and Jim Jordan of Ohio and Democratic Reps. Ted Lieu of California and Suzan DelBene of Washington are the bill’s sponsors. The bill also would keep states from prohibiting the sale of products or services with strong encryption. Lieu introduced the legislation in 2016, but it stalled during that congressional session. Law enforcement officials have said strong encryption has hampered numerous investigations by thwarting access to a suspect’s communications. However, those claims were undercut after the FBI admitted in May it had vastly overstated the number of encrypted devices […]

The post Congress wants to prevent states from weakening encryption appeared first on Cyberscoop.

Continue reading Congress wants to prevent states from weakening encryption

Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it

Posted on by

House Democrats on Tuesday introduced legislation to codify a top cybersecurity position at the White House following National Security Adviser John Bolton’s decision to eliminate the role. The bill from Democratic Reps. Jim Langevin, R.I., and Ted Lieu, Calif., would establish a National Office for Cyberspace in the Executive Office of the President – and a Senate-confirmed head of that office. That official would synchronize cybersecurity policy across agencies in much the same way that White House cybersecurity coordinator Rob Joyce was doing until he stepped down last week. Against the backdrop of Joyce’s decision to leave the coordinator role and return to the National Security Agency, a power struggle over cybersecurity leadership at the National Security Council has ensued. Bolton ultimately decided to scrap the coordinator role. An aide to Bolton emailed NSC staff on Tuesday saying the move would help cut “another layer of bureaucracy.” Politico was first to report on Bolton’s […]

The post Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it appeared first on Cyberscoop.

Continue reading Lawmakers introduce bill to save top White House cyber job after Bolton eliminated it

Government would be barred from mandating crypto backdoors under House bill

Posted on by

A bipartisan group of House lawmakers on Thursday reintroduced legislation that would bar the government from mandating “backdoors” — configurations that enable surveillance — in commercial software and hardware products. The move is the latest salvo in a long-running legislative fight over law enforcement access to encrypted communications, and it comes after a Senate committee recently sought input from big technology firms on regulating encryption. Law enforcement officials say encryption has hampered investigations by preventing access to suspects’ communications, while cryptographers warn that weakening encryption could greatly undercut digital security for everyday people. “It is troubling that law enforcement agencies appear to be more interested in compelling U.S. companies to weaken their product security than using already available technological solutions to gain access to encrypted devices and services,” Rep. Zoe Lofgren, D-Calif., one of the bill’s sponsors, said in a statement. She introduced the bill in 2014 and has repeatedly sounded the alarm […]

The post Government would be barred from mandating crypto backdoors under House bill appeared first on Cyberscoop.

Continue reading Government would be barred from mandating crypto backdoors under House bill

House panel advances State Department bug bounty bill

Posted on by

The House Foreign Affairs Committee on Wednesday advanced a bill that would establish a bug bounty program at the State Department, the latest effort by lawmakers and security gurus to encourage agencies to use ethical hackers to secure their networks. The Hack Your State Department Act would task the Secretary of State with setting up a vulnerability disclosure process for researchers to hunt for and disclose flaws in the department’s public-facing websites and applications. The program, which would emulate the Hack the Pentagon project the Defense Department carried out in 2016, would pay researchers for finding vulnerabilities of which State officials were unaware. “Any agency or private sector company should have an independent way of testing security,” Rep. Ted Lieu, D-Calif., the bill’s sponsor, told CyberScoop. “This is one of the ways to do it – get an independent check on the strength of the cybersecurity system.” “A lot of these […]

The post House panel advances State Department bug bounty bill appeared first on Cyberscoop.

Continue reading House panel advances State Department bug bounty bill

Congress wants answers on FBI’s ‘going dark’ problem in wake of DOJ IG report

Posted on by

A bipartisan group of House lawmakers wrote to FBI Director Christopher Wray Friday slamming the FBI’s handling of the San Bernardino shooter’s locked iPhone, adding that the bureau’s claim that it couldn’t bypass encryption on some 7,800 devices last year “seems highly questionable.” The lawmakers said a recent Justice Department inspector general report on the subject “undermines statements that the FBI made during the San Bernardino litigation and consistently since then, that only the device manufacturer could provide a solution.” The report found that some bureau officials didn’t want to find a solution because it could undercut FBI efforts to legally compel Apple to break the device’s encryption. The letter could further inflame the debate over the “going dark” issue, which posits that criminal investigations are often thwarted due to law enforcement’s inability to bypass encryption. CyberScoop recently reported that a Senate panel could be drawing up a new bill on the subject. Signatories of the letter include […]

The post Congress wants answers on FBI’s ‘going dark’ problem in wake of DOJ IG report appeared first on Cyberscoop.

Continue reading Congress wants answers on FBI’s ‘going dark’ problem in wake of DOJ IG report

Two lawmakers want to give consumers a way to know if their IoT devices are secure

Posted on by

The internet-connected devices that broke the internet in 2016 — what kid needs a Wi-Fi connected teddy bear? — sell like mad to consumers who have little idea if any security lies below the interfaces. One year after the Mirai botnet attacks brought some of the biggest tech companies to their knees, a new bill introduced on Friday aims to create a voluntary cybersecurity certification program to “independently identify, verify, and label compliant Internet-of-Things devices with strong cybersecurity standards.” The bill, known as the “Cyber Shield Act,” was introduced in the Senate by Sen. Edward Markey, D-Mass., and in the House of Representatives by Rep. Ted Lieu, D-Calif. The act would establish an advisory committee to evaluate devices like cameras, cellphones, laptops and baby monitors. Companies meeting the standards could display a label on their products that would better inform customers on security issues. “It is critical that we prioritize developing products with the security of […]

The post Two lawmakers want to give consumers a way to know if their IoT devices are secure appeared first on Cyberscoop.

Continue reading Two lawmakers want to give consumers a way to know if their IoT devices are secure

Researchers steal bitcoin by exploiting SS7 vulnerabilities

Posted on by

Hackers have exploited a security weakness in global telecom networks to break into a GMail account, take control of a bitcoin wallet and steal over $4,000 in the cryptocurrency. Researchers from the cybersecurity firm Positive Technologies demonstrated the technique exploiting flaws in Signalling System No. 7 (SS7), a nearly 50-year-old set of protocols used to perform most of the world’s telephone calls and text messages, among other functions. SS7 has long been a target for sophisticated hackers intent on eavesdropping and attacking targets around the world. The attackers only needed a victim’s full name and phone number in order to eventually hack a wallet at the popular Bitcoin exchange Coinbase and take the virtual currency for themselves. The research focuses in on the issue of multi-factor authentication relying on text messages that can be intercepted by exploiting flaws in SS7 as demonstrated by Positive Technologies. “The inherent security vulnerabilities within the SS7 network, […]

The post Researchers steal bitcoin by exploiting SS7 vulnerabilities appeared first on Cyberscoop.

Continue reading Researchers steal bitcoin by exploiting SS7 vulnerabilities