Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.
ADVERSARIES (COULD BE) WATCHING YOU: The National Security Agency (NSA) on Tuesday rolled out guidance warning that location data from mobile and other internet-connected devices could pose a security threat for users if it were accessed by adversaries.
The guidance was rolled out as a warning for Defense Department personnel and others with access to sensitive federal systems, but the NSA noted that it could be “useful to a wide range of users.”
“Using a mobile device—even powering it on—exposes location data,” the NSA warned in the guidance. “Mobile devices inherently trust cellular networks and providers, and the cellular provider receives real-time location information for a mobile device every time it connects to the network.”
“This means a provider can track users across a wide area,” the agency noted. “In some scenarios, such as 911 calls, this capability saves lives, whereas for personnel with location sensitivities, it may incur risks. If an adversary can influence or control the provider in some way, this location data may be compromised.”
The NSA noted that location data could be tracked even if the GPS and cellular data are switched off, warning that a mobile device can track location through WiFi and Bluetooth connections, while websites and apps can also access or guess the location of the user.
The agency warned that other internet-connected devices — such as fitness trackers, smart watches, medical devices and household smart devices — could also pose a security threat through their potential to collect and expose sensitive location data of any mobile device they are hooked up to.
Read more about the warning here.
FLORIDA TEEN PLEADS NOT GUILTY: The Florida teenager accused of being behind a major Twitter hack that resulted in several prominent accounts posting a bitcoin scam pleaded not guilty Tuesday on multiple counts of fraud, The Associated Press reported.
Graham Ivan Clark, 17, is facing 30 felony charges including organized fraud, communications fraud, identity theft and hacking. The charges carry potential penalties of more than $100,000.
Tuesday’s hearing in Tampa reportedly took place via Zoom. Clark is scheduled for a bond hearing Wednesday, with bail set at $725,000. He was arrested last Friday.
Two others — U.K. resident Mason Shepard, 19, and Orlando, Fla., resident Nima Fazeli, 22, who go by the hacking aliases “Chaewon” and “Rolex” respectively — were also charged in helping carry out the hack. Both were charged in California.
The intrusion affected a number of prominent Twitter accounts, including those of former President Obama, former Vice President Joe BidenJoe BidenTrump campaign emails supporters encouraging mask-wearing: ‘We have nothing to lose’ Cuba spells trouble for Bass’s VP hopes Democrats want Biden to debate Trump despite risks MORE, Microsoft co-founder Bill Gates and Tesla CEO Elon MuskElon Reeve MuskHillicon Valley: Three arrested in Twitter hack | Trump pushes to break up TikTok | House approves 0M for election security Florida teenager, two others arrested over major Twitter hack Reforming environmental review to build a cleaner and brighter future MORE.
Read more about the case here.
ELECTION SECURITY WOES: Election security experts warned Tuesday that a major threat to elections this year is disinformation and misinformation around perceived threats from mail-in voting.
The warnings came on the heels of sustained criticism of mail-in voting by President TrumpDonald John TrumpWhite House sued over lack of sign language interpreters at coronavirus briefings Wife blames Trump, lack of masks for husband’s coronavirus death in obit: ‘May Karma find you all’ Trump authorizes reduced funding for National Guard coronavirus response through 2020 MORE, who last week suggested postponing the November election due to concerns over the expected influx of mail-in voting, though he does not have the power to do so. He has also raised mostly unsubstantiated concerns that mail-in voting could cause an increase in voter fraud.
“Regardless of how secure our elections are, many election experts and officials are concerned that some voters could dismiss November’s results as invalid or rigged because of mis- and/or disinformation,” David Levine, an elections integrity fellow at the Alliance for Securing Democracy within the German Marshall Fund, testified at a House Homeland Security Committee cybersecurity subcommittee election security hearing Tuesday.
“When I look at the risk that we have to the voting process, today I think that the potential for mis and disinformation having an impact on the voting is greater in many regards than the potential of cyber threats,” John Gilligan, the president and CEO of the Center for Internet Security, testified at the same hearing.
Amber McReynolds, the CEO of the National Vote at Home Institute and the former Colorado elections director, testified that due to officials “casting doubt without evidence” on mail-in voting, “combatting disinformation and misinformation is a critical aspect of election officials’ work.”
Both Levine and McReynolds pointed to an assessment on the potential security risks of mail-in voting released by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) late last week.
The assessment found that while “all forms of voting” present some level of risk from interference, the risks stemming from mail-in voting can be “managed through various policies, procedures, and controls.”
CISA noted, however, that due to “partisan political voices” weighing in on mail-in voting, and because of potential delays in election results from an influx of mail-in ballots due to the pandemic, this form of voting could become a tempting target of disinformation and misinformation campaigns for those seeking to interfere in elections.
Read more about election concerns here.
TIKTOK IN THE SPOTLIGHT: The future of popular social media platform TikTok in the U.S. was upended these past few days by a series of comments from President Trump about banning the app, making the Chinese-owned company the latest target of Trump’s tech war with China.
The president said Monday he supported a potential deal involving Microsoft purchasing TikTok’s U.S. stake from Beijing-based ByteDance. He added that if the deal wasn’t completed by Sept. 15, the app would be “out of business in the United States.”
But this isn’t the first time the Trump administration has gone after a tech company with ownership ties to China, with officials citing concerns over espionage and national security threats.
The gay dating app Grindr was in a similar situation as TikTok just over a year ago, when a review by the Treasury Department’s Committee on Foreign Investment in the United States (CFIUS) concluded that ownership by Beijing Kunlun Tech posed a national security threat to the U.S.
Beijing Kunlun Tech subsequently announced that it would sell Grindr. San Vicente Acquisition later purchased the app for more than $600 million, Reuters reported in June.
And in the most deep-seated area of concern, the Trump administration has taken multiple steps to cut Chinese telecommunications groups Huawei and ZTE out of 5G networks in the U.S. and in allied countries, also citing concerns around espionage risks following a 2017 Chinese intelligence law that requires companies and citizens to participate in state intelligence work.
Geoffrey Gertz, a fellow in the Brookings Institution’s Global Economy and Development Program, told The Hill that even without the intelligence law, “we would still see a lot of concerns” around Chinese-linked technology groups like TikTok.
“It’s clearly part of a much broader U.S.-China economic and technology competition,” he said.
Read more here.
PELOSI VIDEO: Rep. Anna EshooAnna Georges EshooThe Hill’s Coronavirus Report: GoDaddy CEO Aman Bhutani says DC policymakers need to do more to support ventures and ‘solo-preneurs’; Federal unemployment benefits expire as coronavirus deal-making deadlocks Democrats fear US already lost COVID-19 battle Why drug costs for older Americans should be capped in pandemic’s wake MORE (D-Calif.) is demanding Facebook remove a video of Speaker Nancy PelosiNancy PelosiHillicon Valley: Trump backs potential Microsoft, TikTok deal, sets September deadline | House Republicans request classified TikTok briefing | Facebook labels manipulated Pelosi video Trump says he’s considering executive action to suspend evictions, payroll tax Trump won’t say if he disagrees with Birx that virus is widespread MORE (D-Calif.) edited to make her appear intoxicated.
“I am extremely troubled that Facebook is once again refusing to remove a doctored video of Speaker Pelosi that makes her seem inebriated,” Eshoo, a Pelosi ally, said in a letter to the social media giant on Tuesday.
“The video is disinformation, and by leaving it up, Facebook is actively playing a role in disseminating political disinformation,” Eshoo added.
The clip was first shared on the platform Saturday with the caption, “this is unbelievable, she is blowed out of her mind, I bet this gets took down!” The 55-second video comes from a May press conference in which Pelosi condemned comments President Trump made about MSNBC anchor Joe ScarboroughCharles (Joe) Joseph ScarboroughHillicon Valley: Trump backs potential Microsoft, TikTok deal, sets September deadline | House Republicans request classified TikTok briefing | Facebook labels manipulated Pelosi video Facebook places ‘partly false’ label on fake Pelosi video that went viral Trump Jr on Cheney: ‘We already have one Mitt Romney, we don’t need another’ MORE.
Facebook has elected not to remove the clip, which surpassed 3 million views on Tuesday, instead electing to place a “partly false” label on it. Twitter, YouTube and TikTok have removed the video.
A similarly edited clip of Pelosi — made to make her appear to be slurring words — was shared widely on Facebook last year.
Facebook has defended keeping the latest video up, saying it does not meet its grounds for removal.
Read more here.
NEW FACIAL RECOGNITION BILL: Sens. Jeff MerkleyJeffrey (Jeff) Alan MerkleyPortland protesters clash with law enforcement for first time since federal presence diminished New York police confirm arrest of protester in unmarked van Overnight Defense: Guardsman to testify Lafayette Square clearing was ‘unprovoked escalation’ | Dems push for controversial Pentagon nominee to withdraw | Watchdog says Pentagon not considering climate change risks to contractors MORE (D-Ore.) and Bernie SandersBernie SandersCuba spells trouble for Bass’s VP hopes Trump Spanish-language ad equates progressives, socialists Biden’s tax plan may not add up MORE (I-Vt.) introduced legislation Tuesday aimed at limiting the corporate use of facial recognition technology.
The National Biometric Information Privacy Act of 2020 would require private companies to receive written consent from consumers and employees before collecting biometric data such as eye scans or fingerprints.
In cases where consent was not obtained before collecting that personal data, consumers and state attorney generals would be able to sue.
“We can’t let companies scoop up or profit from people’s faces and fingerprints without their consent,” Merkley said in a statement. “We have to fight against a ‘big brother’ surveillance state that eradicates our privacy and our control of our own information, be it a threat from the government or from private companies.”
“We cannot allow Orwellian facial recognition technology to continue to violate the privacy and civil liberties of the American people,” Sanders added.
Read more about the legislation here.
CHINA CLAPS BACK: Chinese state media late Monday warned against what it called the U.S.’s “theft” of the social media app TikTok, cautioning that Beijing may retaliate.
The English-language China Daily newspaper published an editorial which highlighted China’s toughest protection of TikTok yet and cautioned that Beijing may block the sale of TikTok to American company Microsoft.
“China will by no means accept the ‘theft’ of a Chinese technology company, and it has plenty of ways to respond if the administration carries out its planned smash and grab,” it reads.
The state-run newspaper said it “might be preferable” for TikTok’s parent company ByteDance to sell the U.S. business, but the editorial called the U.S. effort to buy the app a “smash and grab.”
“With competitiveness now dependent on the ability to collect and use data, it offers an either-or choice of submission or mortal combat in the tech realm,” the China Daily said.
Read more here.
GOOD DAY FOR UBER: A federal judge has upheld an arbitration win for Uber after a customer asked the judge to overturn the ruling in a price-fixing case.
According to Reuters, the customer said that the arbitrator, Les Weinstein, ruled in favor of Uber because he was scared.
U.S. District Judge Jed Rakoff in Manhattan said, however, that the claim lacked merit, adding Weinstein was simply joking when he said he dismissed the lawsuit in February out of fear.
Read more about the case here.
Lighter click: He was a punk, she did ballet
An op-ed to chew on: Why bursting the tech salary bubble is a good thing
NOTABLE LINKS FROM AROUND THE WEB:
TikTok and the Evolution of Digital Blackface (Wired / Jason Parham)
Google’s secret home security superpower: Your smart speaker with its always-on mics (Protocol / Janko Roettgers)
The biggest problem with Microsoft’s fractured TikTok deal (The Verge / Russell Brandom)
Google Faces European Inquiry Into Fitbit Acquisition (New York Times / Adam Satariano)