Joseph Marks

Congress should pass legislation to ensure that phony cellphone towers police use to locate criminals and fugitives are used consistently across the country, according to a bipartisan congressional report released Dec 19. In the absence of those laws, the Justice and Homeland Security departments should refuse to approve the sale of those devices, known as “cell-site simulators” or “stingrays,” to state and local law enforcement unless they agree to abide by current federal rules, according to the staff report from the House Oversight and Government Reform Committee.

The report is the result of a year-long staff investigation into stingrays, which federal law enforcement agencies frequently used to track criminals without warrants and using a standard lower than probable cause prior to policy shifts in September and October 2015. Those lower standards are still used by many states and localities, according to the report, which determined “the use of cell-site simulators by state and local law enforcement agencies was not governed by any uniform standards or policies.”

President-elect Donald Trump named a trio of congressional cyber leaders to his transition team, including House Intelligence Chairman Devin Nunes (R-CA). The appointments could give some indication of a serious cyber focus for the incoming Trump Administration, whose cyber positions have been largely opaque.

Rep Nunes, who co-sponsored the House version of cyber information sharing legislation that became law in 2016, has been floated as a possible successor to James Clapper as director of national intelligence. Rep Nunes has led the intelligence committee since the beginning of the current Congress. He will serve on the transition team’s executive committee. Rep Marsha Blackburn (R-TN) will serve as a vice chair of the transition team. Rep Blackburn is vice chairwoman of the House Commerce Committee and co-sponsor of a bill that would create a national standard securing customer data and a standard benchmark for when companies must notify customers about a breach. Also on the executive committee is Rep Tom Marino (R-PA) who serves on the House Homeland Security Committee panel with responsibility for cybersecurity.

As President-elect Donald Trump fills out national security and law enforcement posts in his new cabinet, the future of encryption may hang in the balance. On the campaign trail, the president-elect was a committed foe of cop-proof encryption systems that shield customer communications even from the communications provider. Most prominently, he urged supporters to boycott Apple over the company’s refusal to help the FBI bypass a security feature that prevented cracking into the encrypted iPhone used by San Bernardino shooter Syed Farook.

Supporters of strong encryption are also aware the president-elect has reined in some of his more controversial positions. They’re watching closely to see if his encryption stance may soften once he’s in the White House. “I think that’s going to be a prominent topic for a lot of the individuals engaged with the new administration, to make sure there’s a full understanding of the impact [of the encryption debate],” Ann Barron-DiCamillo, former director of the Homeland Security Department's Computer Emergency Response Team told Nextgov. “Understanding that impact and not just talking about it during a campaign is a very different place.”

Sens Ron Wyden (D-OR) and Chris Coons (D-DE) slammed the Justice Department for ducking lawmakers’ questions about an upcoming expansion of FBI hacking powers.

Sens Wyden and Coons were among 11 senators and 12 House members who queried DOJ about the hacking powers expansion in Oct. The department’s reply, which arrived Nov 22, should be “a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” Sen Wyden wrote. Sens Wyden and Coons are also cosponsors of a bipartisan bill that would put a nine-month hold on the powers expansion, which will go into effect Dec 1 unless Congress intervenes. The expansion is an update to Rule 41 of the Federal Rules of Criminal Procedure. Under the revised rule, a federal judge would be able to issue a warrant allowing police to hack into computers in multiple judicial districts rather than just the district in which that judge presides. Judges could also issue warrants to search a computer or device when the user has masked the device’s location.

President-elect Donald Trump will ask the Defense Department and the chairman of the Joint Chiefs of Staff “to develop a comprehensive plan to protect America’s vital infrastructure from cyberattacks and all other form of attacks,” according to a video posted Nov 21. President-elect Trump included the plan in a list of “executive actions we can take on day one to restore our laws and bring back our jobs.” Other items on the list included withdrawing from the Trans-Pacific Partnership trade deal, removing rules that limit energy exploration and ramping up visa fraud investigations. The cyber protection pledge may be a slight modification of a plan the incoming president posted to his campaign site in October. That plan called for an investigation of cyber vulnerabilities in critical infrastructure conducted by a “cyber review team” that would include members from the military, law enforcement and the private sector.

Five Sens introduced legislation to delay a controversial change to criminal search procedures that could allow the FBI to drastically increase its hacking operations. The legislation, proposed by Senate Judiciary Committee members Sens Chris Coons (D-DE), Mike Lee (R-UT), and Al Franken (D-MN), among others, would put a nearly nine-month pause on the new rule, which would allow a single judge to issue a warrant allowing police to hack into computers in multiple judicial districts rather than just the district in which that judge presides. Judges could also issue warrants to search a computer or device when the user has masked the device’s location under the new rule, an update to Rule 41 of the Federal Rules of Criminal Procedure. Companion legislation was introduced in the House by Judiciary Committee Ranking Member John Conyers (D-MI) and committee member Rep Ted Poe (R-TX)

The next US president will face a cyber landscape of unparalleled complexity with little time or flexibility to bring it under control. Here are five high-level priorities that experts and former federal officials say should guide the next president.

Build a Real Cyber Strategy: Ideally, the next president should develop a series of big-picture cyber priorities clear enough the average citizen could predict his or her responses to some new challenge as reliably as she could to a new environmental challenge.
Create Playbooks: Even the best policy won’t provide perfect guidance for every situation, especially because cybersecurity, by its very nature, is bound up in numerous other issues ranging from national security and economic security to personal privacy and online innovation.
Build Cyber Norms: The government has endorsed a handful of norms for how nations ought to act in cyberspace, including several promulgated by a United Nations group of government experts. The scope of cyber threats has shifted so rapidly, however, the U.S. often seems to be left deciding what’s out of bounds after it’s happened rather than before.
Choose Priorities: One thing that’s delayed progress in defensive cybersecurity has been taking on too much at once.
Shift Focus to the Private Sector: Finally, the next president should figure out ways to better incentivize the private sector to improve its own security.

Many of the biggest players tasked with protecting the country after Sept 11 have a new mission, and one that pays: securing all of the data the corporate world collects on its customers.

Ex-Cabinet chiefs Tom Ridge and Michael Chertoff count Fortune 500 companies among their clients anxious to secure computer systems and avoid the fate of Target, the victim of an epic data breach last fall.

Former Capitol Hill lawmakers and senior staff central to the last decade’s battles over privacy and security have traded their top-secret government clearances for lucrative jobs as consultants and lobbyists. Retired Gen Keith Alexander, the former National Security Agency director tarred by Edward Snowden’s leaks, launched his own firm this spring, just weeks after leaving government.

Lobbying on cybersecurity, privacy and other data issues has skyrocketed over the past decade, with a more recent hiring spree driven by the Snowden scandal and major security breaches at some of the country’s largest companies. Dozens of boutique firms and established K Street players are entering the red-hot market and touting their top recruits from the executive and legislative branches.

Some Energy Department divisions were too liberal with stipends they paid contract employees under contractor-operated bring-your-own-device plans, an auditor has found.

As a result, the department sometimes compensated those contract employees more for supplying their own smartphones and tablets -- which were often loaded up with unlimited voice and data plans -- than it would have paid to give them government devices, Energy’s inspector general found.

Overall, Energy could save at least $2.3 million over three years by better handling how it buys and manages mobile devices, according to the IG report. In addition to not being strict enough about BYOD [bring your own device] policies, Energy spent $325,000 at eight separate locations on devices that were not used at all during the 2012 fiscal year, the report found.

Numerous other devices were underutilized during that time, according to the report. The department also failed to consolidate contracts with mobile carriers in order to benefit from economies of scale, the report found. The White House’s Office of Management and Budget has urged agencies to consolidate mobile contracts whenever possible as part of a government-wide digital strategy.

One useful definition for the unstructured data that underlies most existing and theoretical big data projects is that it was often collected for some purpose other than what the researchers are using it for.

This definition points to the potential of big data analysis as more and more information is gathered online and elsewhere, but it also points to some challenges as outlined by Duncan Watts, a principal researcher at Microsoft’s research division.

First off, a large portion of the data that might be valuable to social scientists, policymakers, urban planners and others is held by private companies that release only portions of it to researchers. Facebook, Amazon, Google, email providers and ratings companies all know certain things about you and about society, in other words, but there’s no way to aggregate that data to draw global insights.

“Many of the questions that are of interest to social science really require us being able to join these different modes of data and to see who are your friends what are they thinking and what does that mean about what you end up doing,” Watts said. “You cannot answer these questions in any but the most limited way with the data that’s currently assembled.”

Second, even if social scientists were able to draw on that aggregated data, it would raise significant privacy concerns among the public.

Finally, because much of the data that’s useful to social scientists was gathered for other purposes, there’s often some bias in the data itself, Watts said.

“When you go to Facebook, you’re not seeing some kind of unfiltered representation of what your friends are interested in,” he said. “What you’re seeing is what Facebook’s news ranking algorithm thinks that you'll find interesting. So when you click on something and the social scientist sees you do that and makes some inference about what you’re sharing and why, it’s hopelessly confounded.”