Press Releases
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and John Thune (R-SD), ranking member of the Commerce Committee’s Subcommittee on Communications, Media and Broadband, announced six new bipartisan co-sponsors for the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, legislation that will comprehensively address the ongoing threat posed by technology from foreign adversaries by better empowering the Department of Commerce to review, prevent, and mitigate information communications and technology transactions that pose undue risk to our national security.
U.S. Sens. Ben Ray Lujan (D-NM), Shelley Moore Capito (R-WV), Tim Kaine (D-VA), Kevin Cramer (R-ND), Richard Blumenthal (D-CT), and Chuck Grassley (R-IA) have signed on to the bill in the last week. This announcement brings the total number of cosponsors to 18 – nine Democrats and nine Republicans. The legislation has also been endorsed by the White House.
“We are pleased by the growing support for our sensible, bipartisan bill to establish a comprehensive, risk-based approach to tackle technology threats from countries like China and Russia,” said Sens. Warner and Thune.
The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act would:
- Require the Secretary of Commerce to establish procedures to identify, deter, disrupt, prevent, prohibit, and mitigate transactions involving information and communications technology products in which any foreign adversary has any interest and poses undue or unacceptable risk to national security;
- Prioritize evaluation of information communications and technology products used in critical infrastructure, integral to telecommunications products, or pertaining to a range of defined emerging, foundational, and disruptive technologies with serious national security implications;
- Ensure comprehensive actions to address risks of untrusted foreign information communications and technology products by requiring the Secretary to take up consideration of concerning activity identified by other government entities;
- Educate the public and business community about the threat by requiring the Secretary of Commerce to coordinate with the Director of National Intelligence to provide declassified information on how transactions denied or otherwise mitigated posed undue or unacceptable risk.
“The technology challenges that we face require a strong approach to protect Americans online from our foreign adversaries,” said Sen. Luján. “I’m proud to co-sponsor the bipartisan RESTRICT Act to improve the federal government’s capabilities to address growing technology threats to our national security.”
“Beyond the piecemeal attempts we have seen in the past, the RESTRICT Act provides a holistic approach to dealing with current and emerging technologies emanating from our foreign adversaries that pose an undue risk to the national security of our country. I was proud to join my colleagues on Day One of this legislation, which establishes a clear plan to address these risks and threats,” Sen. Capito said.
“As a member of the Senate Armed Services and Foreign Relations Committees, America’s national security is one of my top priorities,” said Sen. Kaine. “That’s why I’m proud to cosponsor the RESTRICT Act. This comprehensive legislation would help address 21st century technological threats posed by foreign adversaries, who may seek to manipulate Americans’ personal data, or track U.S. military personnel, assets, or their families, among other dangerous steps. There is bipartisan agreement on the need to counter these threats and it’s time to turn that agreement into action.”
“Digital security is national security, and much like foreign purchases of land in the U.S., we ought to carefully scrutinize the technology products we use daily and store our personal data. This bill will establish a process to quickly identify and respond to foreign technology while making the public aware of the real threats they face,” said Sen. Cramer.
“The risks are unacceptable—foreign powers exploiting tech platforms like TikTok and Huawei to undercut our national security must be stopped,” said Sen. Blumenthal. “The reasons for passing the RESTRICT Act are real and urgent—preventing espionage and privacy invasion. This bipartisan measure should command broad support.”
A two-page summary of the bill is available here. A copy of the bill text is available here.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Intelligence Committee, released the following statement today after the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for health care organizations looking to bolster their cybersecurity:
“As cyber criminals continue to target health systems in order to steal or hold for ransom the sensitive medical data of American patients and jeopardize the daily operations of health care providers, I am pleased to see the Department of Health and Human Services issue new voluntary guidance to bolster health care cybersecurity. I applaud the Health Sector Coordinating Council Cybersecurity Working Group for working to translate cyber practices into appropriate standards for providers in the health care space. I look forward to continuing to work with cyber experts, health stakeholders, and officials in the Biden Administration to determine which voluntary measures we need to start requiring to ensure patient safety.”
Sen. Warner, co-chair of the Senate Cybersecurity Caucus and a former technology entrepreneur, has long sounded the alarm about the importance of safeguarding our nation’s critical infrastructure – including our health care systems. In November, he authored and published a policy options paper outlining current cybersecurity threats facing health care providers and systems and offering for discussion a series of policy solutions to improve cybersecurity across the industry.
###
Senators Introduce Bipartisan Bill to Tackle National Security Threats from Foreign Tech
Mar 07 2023
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and John Thune (R-SD), ranking member of the Commerce Committee’s Subcommittee on Communications, Media and Broadband, led a group of 12 bipartisan senators to introduce the Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act, legislation that will comprehensively address the ongoing threat posed by technology from foreign adversaries by better empowering the Department of Commerce to review, prevent, and mitigate information communications and technology transactions that pose undue risk to our national security.
“Today, the threat that everyone is talking about is TikTok, and how it could enable surveillance by the Chinese Communist Party, or facilitate the spread of malign influence campaigns in the U.S. Before TikTok, however, it was Huawei and ZTE, which threatened our nation’s telecommunications networks. And before that, it was Russia’s Kaspersky Lab, which threatened the security of government and corporate devices,” said Sen. Warner. “We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren’t playing Whac-A-Mole and scrambling to catch up once they’re already ubiquitous.”
“Congress needs to stop taking a piecemeal approach when it comes to technology from adversarial nations that pose national security risks,” said Sen. Thune. “Our country needs a process in place to address these risks, which is why I’m pleased to work with Senator Warner to establish a holistic, methodical approach to address the threats posed by technology platforms – like TikTok – from foreign adversaries. This bipartisan legislation would take a necessary step to ensure consumers’ information and our communications technology infrastructure is secure.”
The RESTRICT Act establishes a risk-based process, tailored to the rapidly changing technology and threat environment, by directing the Department of Commerce to identify and mitigate foreign threats to information and communications technology products and services.
In addition to Sens. Warner and Thune, the legislation is co-sponsored by Sens. Tammy Baldwin (D-WI), Deb Fischer (R-NE), Joe Manchin (D-WV), Jerry Moran (R-KS), Michael Bennet (D-CO), Dan Sullivan (R-AK), Kirsten Gillibrand (D-NY), Susan Collins (R-ME), Martin Heinrich (D-NM), and Mitt Romney (R-UT).
The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act would:
- Require the Secretary of Commerce to establish procedures to identify, deter, disrupt, prevent, prohibit, and mitigate transactions involving information and communications technology products in which any foreign adversary has any interest and poses undue or unacceptable risk to national security;
- Prioritize evaluation of information communications and technology products used in critical infrastructure, integral to telecommunications products, or pertaining to a range of defined emerging, foundational, and disruptive technologies with serious national security implications;
- Ensure comprehensive actions to address risks of untrusted foreign information communications and technology products by requiring the Secretary to take up consideration of concerning activity identified by other government entities;
- Educate the public and business community about the threat by requiring the Secretary of Commerce to coordinate with the Director of National Intelligence to provide declassified information on how transactions denied or otherwise mitigated posed undue or unacceptable risk.
“We need to protect Americans’ data and keep our country safe against today and tomorrow’s threats. While many of these foreign-owned technology products and social media platforms like TikTok are extremely popular, we also know these products can pose a grave danger to Wisconsin’s users and threaten our national security,” said Sen. Baldwin. “This bipartisan legislation will empower us to respond to our fast-changing environment – giving the United States the tools it needs to assess and act on current and future threats that foreign-owned technologies pose to Wisconsinites and our national security.”
“There are a host of dangerous technology platforms – including TikTok – that can be manipulated by China and other foreign adversaries to threaten U.S. national security and abuse Americans’ personal data. I’m proud to join Senator Warner in introducing bipartisan legislation that would put an end to disjointed interagency responses and strengthen the federal government’s ability to counter these digital threats,” said Sen. Fischer.
“Over the past several years, foreign adversaries of the United States have encroached on American markets through technology products that steal sensitive location and identifying information of U.S. citizens, including social media platforms like TikTok. This dangerous new internet infrastructure poses serious risks to our nation’s economic and national security,” said Sen. Manchin. “I’m proud to introduce the bipartisan RESTRICT ACT, which will empower the Department of Commerce to adopt a comprehensive approach to evaluating and mitigating these threats posed by technology products. As Chairman of the Senate Armed Services Subcommittee on Cybersecurity, I will continue working with my colleagues on both sides of the aisle to get this critical legislation across the finish line.”
“Foreign adversaries are increasingly using products and services to collect information on American citizens, posing a threat to our national security,” said Sen. Moran. “This legislation would give the Department of Commerce the authority to help prevent adversarial governments from introducing harmful products and services in the U.S., providing us the long-term tools necessary to combat the infiltration of our information and communications systems. The government needs to be vigilant against these threats, but a comprehensive data privacy law is needed to ensure Americans are able to control who accesses their data and for what purpose.”
“We shouldn’t let any company subject to the Chinese Communist Party’s dictates collect data on a third of our population – and while TikTok is just the latest example, it won’t be the last. The federal government can’t continue to address new foreign technology from adversarial nations in a one-off manner; we need a strategic, enduring mechanism to protect Americans and our national security. I look forward to working in a bipartisan way with my colleagues on the Senate Select Intelligence Committee to send this bill to the floor,” said Sen. Bennet.
“Our modern economy, communication networks, and military rely on a range of information communication technologies. Unfortunately, some of these technology products pose a serious risk to our national security,” said Sen. Gillibrand. “The RESTRICT Act will address this risk by empowering the Secretary of Commerce to carefully evaluate these products and ensure that they do not endanger our critical infrastructure or undermine our democratic processes.”
“China’s brazen incursion of our airspace with a sophisticated spy balloon was only the most recent and highly visible example of its aggressive surveillance that has targeted our country for years. Through hardware exports, malicious software, and other clandestine means, China has sought to steal information in an attempt to gain a military and economic edge,” said Sen. Collins. “Rather than taking a piecemeal approach to these hostile acts and reacting to each threat individually, our legislation would create a wholistic, government-wide response to proactively defend against surveillance attempts by China and other adversaries. This will directly improve our national security as well as safeguard Americans’ personal information and our nation’s vital intellectual property.”
"Cybersecurity is one of the most serious economic and national security challenges we face as a nation. The future of conflict is moving further away from the battlefield and closer to the devices and the networks everyone increasingly depends on. We need a systemic approach to addressing potential threats posed by technology from foreign adversaries. This bill provides that approach by authorizing the Administration to review and restrict apps and services that pose a risk to Americans’ data security. I will continue to push for technology defenses that the American people want and deserve to keep our country both safe and free,” said Sen. Heinrich.
“The Chinese Communist Party is engaged in a multi-generational, multi-faceted, and systematic campaign to replace the United States as the world’s superpower. One tool at its disposal—the ability to force social media companies headquartered in China, like TikTok’s parent company, to hand over the data it collects on users,” said Sen. Romney. “Our adversaries—countries like China, Russia, Iran—are increasingly using technology products to spy on Americans and discover vulnerabilities in our communications infrastructure, which can then be exploited. The United States must take stronger action to safeguard our national security against the threat technology products pose and this legislation is a strong step in that direction.”
A two-page summary of the bill is available here. A copy of the bill text is available here.
###
WASHINGTON – Today, Chairman of the Senate Select Committee on Intelligence U.S. Sen. Mark R. Warner (D-VA) appeared on FOX News Sunday to discuss the how the U.S. needs to tackle rising threats posed by the Communist Party of China.
On the how the United States needs to address the rise of the Chinese Communist Party on the world stage:
“We have never had a potential adversary like China. The Soviet Union, Russia, was military or ideological, China is investing in economic areas. They have $500 billion in intellectual property theft, and we are in a competition not just on a national security basis but on a technology basis. That's why national security now includes telecommunications, satellites, artificial intelligence, quantum computing. Each of these domains, we have got to make the kind of investments to stay ahead. I think we are starting that in a bipartisan way. We did the CHIPS bill to try to bring semiconductor manufacturing back, we have kicked out Huawei out of our telecom systems. This week, I have a broad bipartisan bill that I am launching with my friend John Thune, the Republican lead, where we are going to say, in terms of foreign technology coming into America, we’ve got to have a systemic approach to make sure we can ban or prohibit it when necessary.”
On the influence of TikTok:
“Listen, you have 100 million Americans on TikTok, 90 minutes a day…They are taking data from Americans, not keeping it safe, but what worries me more with TikTok is that this could be a propaganda tool. The kind of videos you see would promote ideological issues. If you look at what TikTok shows to the Chinese kids, which is all about science and engineering, versus what our kids see, there’s a radical difference.”
On China’s support for Putin’s war in Ukraine:
“…if China moves forward to support Russia in Ukraine, I can't understand some of my colleagues who are willing to say, ‘I don't really care about Ukraine, but I'm concerned about China.’ Well, China and Russia, these authoritarian regimes, are linked, and we have to make sure Putin is not successful in Ukraine and that Xi doesn't further his expansion plans around Taiwan.”
Video of Sen. Warner on FOX News Sunday can be found here. A transcript follows.
FOX News Sunday
SHANNON BREAM: Joining is now, Virginia Democratic Senator Mark Warner, Chairman of the Senate Intelligence Committee, welcome back. This week, you all have a hearing on worldwide threat assessments. You will have the DNI, the director of the CIA there. You have long been warning about China on multiple fronts. Do you think that we have lost valuable time in assessing the threat accurately? Will you talk about that this week?
SENATOR MARK WARNER: Well I think for a long time conventional wisdom was, the more you bring China into the world order, the more they’re going to change. That assumption was just plain wrong. China even changed their laws in 2016 to make it explicitly clear that every company in China, their first obligation is to the Communist Party. So we have never had a potential adversary like China. The Soviet Union, Russia, was military or ideological, China is investing in economic areas. They have $500 billion in intellectual property theft, and we are in a competition not just on a national security basis but on a technology basis. That's why national security now includes telecommunications, satellites, artificial intelligence, quantum computing. Each of these domains, we have got to make the kind of investments to stay ahead. I think we are starting that in a bipartisan way. We did the CHIPS bill to try to bring semiconductor manufacturing back, we have kicked out Huawei out of our telecom systems. This week, I have a broad bipartisan bill that I am launching with my friend John Thune, the Republican lead where we are going to say, in terms of foreign technology coming into America, we’ve got to have a systemic approach to make sure we can ban or prohibit it when necessary.
BREAM: Does that mean TikTok?
SEN. WARNER: That means TikTok is one of the potentials. Listen, you have 100 million Americans on TikTok, 90 minutes a day. Even you guys would like that kind of return, 90 minutes a day. They are taking data from Americans, not keeping it safe, but what worries me more with TikTok is that this could be a propaganda tool. The kind of videos you see would promote ideological issues. If you look at what TikTok shows to the Chinese kids, which is all about science and engineering, versus what our kids see, there’s a radical difference.
BREAM: We will watch that, because that's a bipartisan offering potentially this week. This past week we got information, it was revealed that both the Department of Energy and FBI believe that the origins of COVID were most likely a leak from the Wuhan Institute for Virology. This is something that early on this was called a conspiracy theory, you were racist if you talked about it. The Senate has actually unanimously passed a measure that would call on this administration to declassify information that we have about the origins. The White House won't say whether the president will veto it or not if it gets to his desk. Do Americans, worldwide, do people not have a right to see that information?
SEN. WARNER: Shannon, here is again an example of what we are dealing with, with the Communist Party in China. If this virus had originated virtually anywhere else, we would have had world scientists there. The Chinese Communist Party has been totally opaque about letting in outside scientists to figure this out. Now, you’ve still got of some parts of the intelligence community that think it originated in a wet market, others saying that it could have gotten out from a lab, although I would say that one entity says it came from one lab in Wuhan, another said from another. At the end of the day, we’ve got to keep looking and we've got to make sure, in terms of future pandemics, that we can have access to the source of where these diseases originate a lot earlier on in the system. We’re three and half later, we still don't have access to Wuhan.
BREAM: They're not going to cooperate with that, especially if they assess internally they were at fault. How do they pay for this? Now, billions probably trillions in damages and losses for people, millions and millions of lives. How do they pay?
SEN. WARNER: Well I think again, this is where we’ve got to have that united front of countries all around the world, that there has to be consequences. There has to be consequences potentially in terms of sanctions, it’s one of the reasons why, if China moves forward to support Russia in Ukraine, I can't understand some of my colleagues who are willing to say, “I don't really care about Ukraine, but I'm concerned about China.” Well, China and Russia, these authoritarian regimes, are linked, and we have to make sure Putin is not successful in Ukraine and that Xi doesn't further his expansion plans around Taiwan.
BREAM: Well, we know that even if they are not sending bullets over to Russia, they are buying up copious amounts of Russian oil. They are sending dual-use products that could actually be used on the battlefield. Xi doesn't seem very worried about the warnings from the U.S. at this point. They haven't even acknowledged or apologized for the balloon that went across America, we think capturing information as it went. It Xi afraid of this administration? To our warnings mean anything?
SEN. WARNER: Well I think Xi, as Putin thought, thought that with the invasion of the Ukraine, that the West would basically throw in the towel. The fact that we’ve not, the fact that you've got, for example, the German chancellor here just this past week, Germany’s dramatically increasing their defense budget. The fact that we've got nations like Finland and Sweden trying to join NATO. I think Putin made a major miscalculation and I do think Xi is watching the West stand up against Putin and is taking some lessons from that.
BREAM: You're just back from India, among many other countries you visited. They abstained from the U.N. vote that condemned Russia's invasion of Ukraine and called for an end to this. How important is it, a critical place like India, that they choose a side, and with the West?
SEN. WARNER: I think it’s time. Look, India is a great nation, as a matter of fact, I’m chair of the India Caucus, I'm a big supporter of India. India is now a major, major power. Fifth-largest economy in the world, and a place where remarkable things are happening. My message to the Indians has been, we understand that you have historic ties to Russia, and you still get a lot of your arms, but you cannot be a world leader, and attempt to be a moral world leader, without picking a side. And in this case, I think the younger Indians get that. Some of the older generation, I think we still have work to do.
BREAM: Okay, let's turn to continued funding for Ukraine. Another $400 million was announced on Friday. There are questions, there'll be more requests from Congress no doubt in the coming weeks about that. While there is strong support, here across the U.S. and across the West, the polls show that it's pulling back a little bit. Here's the reality from one analyst, “funding for the Ukrainian government has not demanded any tough bureaucratic trade-offs between funding priorities. It's not requiring bouncing needs for Ukraine against a domestic spending.” We’ve hit our ceiling, we have some kind of negotiation that’s got to happen very shortly. There are competing needs and they are very real, so where do we assess our financial commitment?
SEN. WARNER: Well Shannon, let's look at this. We have allocated $113 billion to Ukraine. We have actually only given them actually less than half of that, and on the military side, about $30 billion of roughly $60 billion. We’ve still got some runway to go there. But I think we need to keep that commitment, and the truth is the Russian army is being chewed up by the Ukrainians. We spent $800 billion a year on defense, in most of my lifetime to prevent Russia from exploiting that. We are having Ukrainians do that right now, in a sense, for us. I think we need to continue that. I think we will see the vast majority of members of Congress in both parties, there are some loudmouths on both sides that are pulling back, but if we are going to keep in this competition against Russia and China, Putin cannot be successful. At the same time, we have to realize as we look at China that national security is no longer simply tanks and trucks and guns and ships. It's also telecom and AI and quantum computing and advanced synthetic biology. We have to make investments in those domains, as well, which is both an economic investment and I believe, national security investment.
BREAM: Speaking of another national security interest, Iran, this report on their nuclear capabilities came out this week and it’s kind of getting lost in all the other foreign policy headlines, but basically what the International Atomic Energy Agency told us is that they have hit 84% as far as enriching uranium. They said that’s just short of the 90% that you would need for a weapon. Britain, France, and Germany say they want to censure Iran over this. The U.S. is kind of hesitant. The reporting is that the Biden administration doesn’t want to go there. Are we now then softer on Iran's new program then Europe?
SEN. WARNER: I do not believe that. We have made it explicitly clear – and I was just in Israel recently with a group of senators – that we agree with Israel. Iran cannot be a nuclear power. I think, that has been our policy it will continue to be our policy. There are two steps in this process, one is the enrichment issue, and I believe we will be tougher than the Europeans. We always historically always have been –
BREAM: So then why are we against censuring, reportedly?
SEN. WARNER: We have already sanctioned and censured more Iranian companies by far than our European friends. But there is also a question around delivery systems. Again, I think we and our Israeli friends are following this very closely. Again, we will not allow Iran to become a nuclear power.
BREAM: I've got to hit this, Havana Syndrome. The reporting out this week, an assessment from several intelligence agencies that they don't think – that it's unlikely there was a foreign adversary carrying out these attacks, whatever they were, where our people, diplomats or Intel officers around the world in U.S. missions have suffered really debilitating symptoms from this. Senator Rubio, your colleague tweeted this: “The CIA took the investigation of Havana syndrome seriously. But when you read about the devastating injuries it's hard to except that it was by AC units and loud cicadas. Something happened here and just because we don’t have all the answers doesn’t mean it didn’t happen.” Will you continue trying to pursue answers?
SEN. WARNER: Absolutely. First of all, the most important thing is anyone who got sick, whatever the source was, whether they are CIA, DoD, State Department officials, we owe them the world's best health care and I think we are providing that now. Initially frankly, under the last administration, this whole issue was attempted to be swept under the rug. We are now making sure that health care is provided. I know how, particularly the CIA, how extensive the investigation has been. And I've made very clear to them, if they need to continue that investigation, if new facts come to light, they ought to pursue that. But at this moment in time, I know how thorough they have been, and they have not found the evidence that I think perhaps they thought they would have found. We've got to follow the facts. At the end of the day that's what we owe the members of this intel community, who protect our nation, and that means giving them the health care. If it ends up sensing some other source then what has been discovered so far, we have to pursue it.
BREAM: Senator, Chairman, thanks for coming back to Fox News Sunday.
###
Statement of Senate Intel Chairman Mark R. Warner on the Release of the President's National Cyber Strategy
Mar 02 2023
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Intelligence Committee, released the following statement on the President’s National Cyber Strategy:
“I’m pleased to see the Biden Administration advocating for the kind of best practices that I’ve long called for, such as building and reinforcing strong partnerships with the private sector, investing in the long-term protection of our nation’s critical infrastructure, being proactive about establishing strong cybersecurity foundations and meeting critical standards. I’m particularly pleased to see the Administration prioritize the coordination of cyber incident reporting requirements, as required by the cyber reporting law I was proud to author. I’m also glad to see the Administration’s renewed focus on protecting the sensitive medical data and safety of Americans as cyber attacks on our health care systems become more frequent and aggressive.”
###
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) and Rep. Elissa Slotkin (D-MI) wrote to Sundar Pichai – the CEO of Alphabet Inc. and its subsidiary Google – urging him to curb deceptive advertisements and ensure that users receive accurate information when searching for abortion services on the platform. This letter comes on the heels of an investigation that reveals how Google regularly fails to apply disclaimer labels to misleading ads by anti-abortion clinics. It also follows a successful effort by Sen. Warner and Rep. Slotkin who previously urged Google to take action to prevent misleading search results for anti-abortion clinics. This push ultimately led Google to clearly label facilities that provide abortions and prevent users from being misled by fake clinics or crisis pregnancy centers.
“We are encouraged by and appreciative of the recent steps Google has taken to protect those searching for abortion services from being mistakenly directed to clinics that do not offer comprehensive reproductive health services. However, we ask you to address issues with misrepresentation in advertising on Google’s site and take a more expansive, proactive approach to addressing violations of Google’s stated policy,” wrote the lawmakers.
“According to an investigation by Bloomberg News and the Center for Countering Digital Hate (CCDH), depending on the search term used, Google does not consistently apply disclaimer labels to ads by anti-abortion clinics. CCDH recently conducted searches that returned 132 misleading ads for such clinics that lacked disclaimers. Specifically, researchers found that queries for terms such as ‘Plan C pills,’ ‘pregnancy help,’ and ‘Planned Parenthood’ often returned results with ads that are not labeled accurately,” they continued. “Furthermore, the Tech Transparency Project found that some ads from ‘crisis pregnancy centers,’ even when they were properly labeled, the ads themselves included deliberately deceptive verbiage aimed at tricking users into believing that they offer abortion services. For example, ads for ‘crisis pregnancy centers’ were found to contain language such as ‘Free Abortion Pill’ and ‘First Trimester Abortion.’ Such deceptive advertising likely reduces the effectiveness of labels and may lead to detrimental health outcomes for users who receive delayed treatment.”
In addition to urging Google to rectify these issues, the lawmakers also requested answers to the following questions:
- What specific search terms does Google consider related to “getting an abortion”?
- What criteria does Google use to determine whether specific queries are related to “getting an abortion”?
- What additional steps will Google take to identify and remove ads with misleading verbiage that violates Google’s policies against misrepresentation?
A copy of the letter is available here and full text of the letter can be found below:
Dear Mr. Pichai,
We write today regarding the responsibility that Google has to ensure users receive accurate information when searching for abortion services on your platform. We are encouraged by and appreciative of the recent steps Google has taken to protect those searching for abortion services from being mistakenly directed to clinics that do not offer comprehensive reproductive health services. However, we ask you to address issues with misrepresentation in advertising on Google’s site and take a more expansive, proactive approach to addressing violations of Google’s stated policy.
On June 17, 2022, we wrote to you, along with 19 other senators and representatives, regarding research that showed Google results for searches such as “abortion services near me” often included links to clinics that are anti-abortion, sometimes called “crisis pregnancy centers.” We were extremely concerned with this practice of directing users toward “crisis pregnancy centers” without any disclaimer indicating those businesses do not provide abortions.
We were pleased to see the changes you have made in response to our letter, such as the new refinement tool that allows users to only see facilities verified to offer abortion services, while still preserving the option to see a broader range of search results. The steps you have taken will help prevent users from mistakenly being sent to organizations that attempt to deceive individuals into thinking they provide comprehensive health services and instead, regularly provide users with disinformation regarding the risks of abortion. As many states are increasingly narrowing the window between getting a positive pregnancy test and when you can terminate a pregnancy, every day counts.
But we find ourselves again asking that Google live up to its promises with regards to preventing misleading ads on its platform. According to an investigation by Bloomberg News and the Center for Countering Digital Hate (CCDH), depending on the search term used, Google does not consistently apply disclaimer labels to ads by anti-abortion clinics. CCDH recently conducted searches that returned 132 misleading ads for such clinics that lacked disclaimers. Specifically, researchers found that queries for terms such as “Plan C pills,” “pregnancy help,” and “Planned Parenthood” often returned results with ads that are not labeled accurately. We believe Google’s failure to apply disclaimer labels to these common searches appears to be a violation of your June 2019 policy that requires “advertisers who want to run ads using keywords related to getting an abortion” to go through a verification process and be labeled as a provider that “Provides abortions” or “Does not provide abortions.”
Furthermore, the Tech Transparency Project found that some ads from “crisis pregnancy centers,” even when they were properly labeled, the ads themselves included deliberately deceptive verbiage aimed at tricking users into believing that they offer abortion services. For example, ads for “crisis pregnancy centers” were found to contain language such as “Free Abortion Pill” and “First Trimester Abortion.” Such deceptive advertising likely reduces the effectiveness of labels and may lead to detrimental health outcomes for users who receive delayed treatment. These ads appear to violate Google’s policy on misrepresentation, which prohibits ads that “deceive users.” Your responsiveness to our first letter gives us hope that you are willing to see this issue through. We, therefore, would appreciate answers to the following questions:
- What specific search terms does Google consider related to “getting an abortion”?
- What criteria does Google use to determine whether specific queries are related to “getting an abortion”?
- What additional steps will Google take to identify and remove ads with misleading verbiage that violates Google’s policies against misrepresentation?
We urge you to take proactive action to rectify these and any additional issues surrounding misleading ads, and help ensure users receive search results that accurately address their queries and are relevant to their intentions.
Thanks for your consideration, and we look forward to your timely response.
###
WASHINGTON – Today, Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) published “Cybersecurity is Patient Safety,” a policy options paper, outlining current cybersecurity threats facing health care providers and systems and offering for discussion a series of policy solutions to improve cybersecurity across the industry.
Over the last decade cyberattacks in the health care sector have risen exponentially, with attacks on providers reaching an all-time high in 2021. The white paper, assembled by Sen. Warner’s staff, drawing on input from health care and cybersecurity experts, argues that improving cybersecurity in the health care sector will require collaboration from both the public and private sectors, and calls for improving federal leadership, strengthening health care providers’ cybersecurity capabilities, and building a robust response system in order to efficiently recover from attacks.
“Unfortunately, the health care sector is uniquely vulnerable to cyberattacks and the transition to better cybersecurity has been painfully slow and inadequate. The federal government and the health sector must find a balanced approach to meet the dire threats, as partners with shared responsibilities,” wrote Sen. Warner.
Divided in three parts, the white paper is organized as follows:
- Chapter one covers areas that the federal government needs to address to improve our national risk posture when it comes to cybersecurity in the health care sector. Specifically, it notes seven key challenges facing federal government agencies with jurisdiction over health care providers and cybersecurity, details the current state of play regarding cybersecurity threats, and outlines policy options for shoring up existing vulnerabilities.
- Chapter two covers ways that the federal government can help the private sector meet this threat through a combination of potential mandates and voluntary incentives to adopt best practices.
- Chapter three covers policies that could help health care providers respond to attacks in the event of a cybersecurity failure. Specifically, it notes ways institutions can recover following successful cyberattacks, and how to limit the resulting impact on patients and systems.
Sen. Warner has been a leader in the cybersecurity realm throughout his time in the Senate, crafting numerous pieces of legislation aimed at addressing these threats facing our nation. Recognizing that cybersecurity is an increasingly complex issue that affects the health, economic prosperity, national security, and democratic institutions of the United States, Sen. Warner cofounded the bipartisan Senate Cybersecurity Caucus with former Sen. Cory Gardner (R-CO) in 2016. A year later, in 2017, he authored the Internet of Things (IoT) Cybersecurity Improvement Act with Sen. Gardner. This legislation, signed into law by President Donald Trump in December 2020, requires that any IoT device purchased with federal funds meet minimum security standards. As Chairman of the Senate Select Committee on Intelligence, Sen. Warner co-authored legislation that requires companies responsible for U.S. critical infrastructure report cybersecurity incidents to the government. This legislation was signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March 2022.
Sen. Warner has also examined cybersecurity in the health care sector specifically. In 2019, Sen. Warner sent a letter to several health care providers and industry trade associations – from large hospital networks to trade associations representing rural providers and medical technology vendors – asking a series of questions related to the steps their organizations and/or members had taken to improve their cybersecurity posture. Sen. Warner received a number of thoughtful responses to those questions that revealed a wide-range of cybersecurity capabilities and depth of understanding of the problems health care providers are facing.
Sen. Warner is releasing this policy options document with the intent of soliciting feedback from stake-holders on the potential options described within. Any individuals, researchers, businesses, organizations, or advocacy groups that are interested in submitting comments – specific to the content and questions outlined in this document or additional ideas or language for inclusion in eventual legislation – should send a letter or an email to cyber@warner.senate.gov.
A copy of full policy options paper can be found here.
###
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) wrote to Meta CEO Mark Zuckerberg expressing concern and requesting more information regarding Meta’s practice of collecting user’s health information through tracking applications.
In the letter, Sen. Warner highlighted the need for user privacy and increased transparency around how user data is collected online, which has become increasingly important as the use of telehealth appointments, online appointment booking, and electronic record keeping have risen exponentially over the course of the pandemic.
“As we increasingly move health care online, we must ensure there are strong safeguards in place surrounding the use of these technologies to protect sensitive health information,” wrote Sen. Warner.
Specifically, Sen. Warner called attention to Meta Pixel, a tracking tool that sends Meta a packet of data whenever a user clicks a button to schedule a doctor’s appointment – without the knowledge of the individual making the appointment.
He continued, “I am troubled by the recent revelation that the Meta Pixel was installed on a number of hospital websites – including password-protected patient portals – and sending sensitive health information to Meta when a patient scheduled an appointment online. This data included highly personal health data, including patients’ medical conditions, appointment topics, physician names, email addresses, phone numbers, IP addresses, and other details about patients’ medical appointments.”
Sen. Warner also noted allegations that this practice of data harvesting and collection has been used by Meta to target advertisements across their platforms. In August of this year, two lawsuits were filed against the company over the alleged unlawful collection and sharing of health data without consent.
To address these concerns, Sen. Warner requested Meta respond to the following questions:
- What information does Meta have access to or receive directly from the Meta Pixel, either currently or previously?
- How does Meta store information received through the Meta Pixel?
- Has information Meta received from the Meta Pixel ever been used to inform targeted advertisements on Meta’s platforms?
- How does Meta handle sensitive information that it receives from third parties that violate its business guidelines?
- What steps is Meta taking to safeguard sensitive health information, particularly with third-party vendors? Since the release of The Markup’s report in June, what additional steps have been taken?
- According to the report released by the New York State Department of Financial Services last year, Meta stated that the filtering system was “not yet operating with complete accuracy.” What improvements have been made to make the filtering system more effective? How is Meta testing and evaluating the filtering system’s ability to identify sensitive health information?
- Where required by law, does Meta always comply with any and all notification requirements when the Meta Pixel handles or transmits protected information, in the manner and time required by such laws?
Sen. Warner has been a leader in Congress pushing for increased transparency and protections surrounding user data and privacy. He introduced the DASHBOARD Act, which works to increase transparency around data collection; the DETOUR Act, which would prohibit companies like Meta from using deceptive dark patterns to manipulate users into handing over their data; and the Public Health Emergency Privacy Act, which would set strong and enforceable privacy and data security rights for health information.
A copy of the letter can be found here and below.
October 20, 2022
Dear Mr. Zuckerberg:
I write to you today to express my concern regarding Meta’s collection of sensitive health information through the Meta Pixel tracking tool without user consent.
As you know, I have long worked to protect user privacy and increase transparency around how user data is collected and shared. This mission is more urgent than ever as the last two years have shown us the importance of health care technology, with many relying on electronic health records, online appointment booking, and virtual patient portals to receive care during the pandemic. As we increasingly move health care online, we must ensure there are strong safeguards in place surrounding the use of these technologies to protect sensitive health information.
I am troubled by the recent revelation that the Meta Pixel was installed on a number of hospital websites – including password-protected patient portals – and sending sensitive health information to Meta when a patient scheduled an appointment online. This data included highly personal health data, including patients’ medical conditions, appointment topics, physician names, email addresses, phone numbers, IP addresses, and other details about patients’ medical appointments. Additionally, of particular concern are the recent allegations that Meta has used Meta Pixel data to inform targeted advertisements on Meta’s platforms. The use of the Meta Pixel is widespread, as the tool was installed in the systems of 33 of the top 100 hospitals in the country and inside the patient portals of seven health systems at the time of the investigation.
Unfortunately, privacy issues involving the Meta Pixel are not new, as there has been previous scrutiny of the Meta Pixel outside of the health care context. Reports published earlier this year found that the Pixel sent personal information to Meta that was collected from the Free Application for Federal Student Aid (FAFSA) on the website of the Federal Student Aid (FSA) office within the U.S. Department of Education. Data sent to Meta includes applicant first and last name, email addresses, and zip codes. Additionally, this is not the first time that your company has been involved in the wrongful collection of sensitive health information. In 2021, an investigation by the New York State Department of Financial Services found that Meta (then Facebook) collected user data from several health and wellness apps, including results from blood pressure and heart rate readings, menstruation and fertility tracking, pregnancy status, and other deeply personal information.
Meta’s own business guidelines state that the company “[doesn’t] want websites or apps sending [Meta] sensitive information about people,” including sensitive health information, which Meta identifies as medical conditions, sexual and reproductive health, mental health, details regarding medical devices and trackers, treatments, test results, body specifications or cycles, locations of treatment, and other health-related data. Yet, in this most recent case and as we have seen previously, Meta is continuing to access this highly sensitive information.
It is critical that technology companies like Meta take seriously their role in protecting user health data. Without meaningful action, I fear that these continuing privacy violations and harmful uses of health data could become the new status quo in health care and public health.
To address the concerns raised in this letter, I request that you provide responses to the following questions by November 3, 2022:
- What information does Meta have access to or receive directly from the Meta Pixel, either currently or previously?
- How does Meta store information received through the Meta Pixel?
- Has information Meta received from the Meta Pixel ever been used to inform targeted advertisements on Meta’s platforms?
- How does Meta handle sensitive information that it receives from third parties that violate its business guidelines?
- What steps is Meta taking to safeguard sensitive health information, particularly with third-party vendors? Since the release of The Markup’s report in June, what additional steps have been taken?
- According to the report released by the New York State Department of Financial Services last year, Meta stated that the filtering system was “not yet operating with complete accuracy.” What improvements have been made to make the filtering system more effective? How is Meta testing and evaluating the filtering system’s ability to identify sensitive health information?
- Where required by law, does Meta always comply with any and all notification requirements when the Meta Pixel handles or transmits protected information, in the manner and time required by such laws?
I look forward to your prompt responses.
Sincerely,
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) issued the following statement in response to the Federal Communications Commission (FCC) plan to ban new sales of Chinese-based Huawei and ZTE technologies on the bases of national security:
“Several years ago a bipartisan group of senators on the Senate Select Committee on Intelligence began raising the alarm about the threat that Huawei and ZTE posed to our national security. I’m proud of the steps that Congress has since taken to confront this challenge, including passing Secure and Trusted Communications Networks Act of 2019 – which I co-wrote to incentivize carriers to replace Huawei and ZTE equipment in their networks. I’m glad to see the Federal Communications Commission finally take this step to protect our networks and national security.”
Sen. Warner, a former telecommunications entrepreneur, has long been outspoken about the dangers of allowing the use of Huawei equipment in U.S. telecommunications infrastructure and that of U.S. allies.
Last year, Sen. Warner, joined by Sen. Tom Cotton (R-AR), introduced legislation to prohibit federal funding from the American Rescue Plan Act from being used to purchase Chinese telecommunications equipment, including from Huawei and ZTE. In 2020, Sen. Warner and a bipartisan group of leading national security Senators introduced legislation to encourage and support U.S. innovation in the race for 5G, providing over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE.
###
WASHINGTON — This week, U.S. Sens. Mark R. Warner (D-VA), Jon Ossoff (D-GA), and Cynthia Lummis (R-WY) introduced the bipartisan Improving Cybersecurity of Credit Unions Act to protect credit union members from cybersecurity threats that could jeopardize their identities, privacy, and security.
The bill will empower the National Credit Union Administration (NCUA) to assess cybersecurity risks posed by service providers and take action to protect credit union members.
The bill also restores previous NCUA authority to examine credit union service providers and mirrors the provisions of the Bank Service Company Act.
“Credit unions serve communities all across Virginia,” said Sen. Warner. “I’m proud to join Senator Ossoff and Senator Lummis in offering this bipartisan proposal to improve cybersecurity for credit union customers.”
“Georgians should not have to fear that their identity or data could be stolen by hackers who target their bank or credit union,” Sen. Ossoff said. “This bipartisan bill will strengthen protections against hacking and identity theft. I thank Senators Lummis and Warner for joining me in this bipartisan effort.”
“Many people in Wyoming choose to keep their money or get a loan at their local credit union, and unfortunately, all too often, their sensitive information is targeted by cyber hackers,” said Sen. Lummis. “I’m proud to join my colleagues, Senators Ossoff and Warner, in introducing the Improving Cybersecurity of Credit Unions Act to help safeguard data at credit unions.”
Full text of the legislation is available here.
# # #
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Pat Toomey (R-PA), Cynthia Lummis (R-WY), Kyrsten Sinema (D-AZ), and Rob Portman (R-OH) today introduced legislation to clarify the digital asset reporting requirements signed into law as part of last year’s Infrastructure Investment and Jobs Act.
Last August, the senators announced an agreement with the Department of the Treasury (Treasury) on an amendment to the infrastructure package that would have clarified the definition of “broker” with respect to who must report to the government information about a digital asset transaction. The amendment specifically excluded from reporting requirements services like mining and wallet providers who do not take custody of other individuals’ cryptocurrency, nor are able to comply with the reporting requirements of a broker. While the amendment had strong bipartisan support, including from the Biden administration, the Senate was never afforded the opportunity to vote on and pass this amendment last August due to a procedural hurdle. The legislation introduced today is the exact same text introduced as a bipartisan amendment nearly one year ago.
“There’s been a lot of confusion about the reporting requirements included in the bipartisan infrastructure law,” said Sen. Warner. “As a former venture capitalist and someone who’s enthusiastic about innovation, I want to maintain America’s lead in financial innovation, including distributed ledger technologies. This bipartisan bill will underscore that the reporting requirements in the IIJA do not apply to crypto validators and other actors not providing broker-like functions while maintaining sensible guidelines to ensure that financial networks aren’t enabling illicit activity.”
“While there’s no question that digital asset exchanges behaving as brokers should be required to comply with existing reporting requirements, the bill signed into law last year would impose these requirements on many people who don’t even have the information needed to comply with them,” said Sen. Toomey. “By clarifying the definition of a broker, our legislation will protect innovation by exempting miners, network validators, and other service providers from onerous and unworkable requirements. This amendment had strong bipartisan support last August, and there’s no reason it shouldn’t be signed into law.”
“The Infrastructure Investments and Jobs Act placed unnecessary burdens on digital asset mining and wallet providers, and we must fix these reporting requirements,” said Sen. Lummis. “I’m proud to join my colleagues in introducing this important legislation which will ensure our tax system reflects the realities of the digital asset industry.”
“As more Arizonans utilize digital assets, our commonsense, bipartisan legislation ensures that everyday users of crypto – miners, stakers, and software developers – won't be subjected to reporting requirements that are intended for brokers of digital assets,” said Sen. Sinema.
“This legislation is designed to ensure that the digital asset reporting requirements signed into law as part of last year’s Infrastructure Investment and Jobs Act are implemented as intended,” said Sen. Portman. “I am pleased to see the Senate come together in bipartisan fashion to ensure that we provide clarity in the law and guidance around cryptocurrencies to maintain our edge in financial innovation.”
In addition to maintaining strong bipartisan support in the Senate, this legislation is widely supported by the digital asset industry.
“Coin Center supports any effort to improve the status quo created by the ill-advised crypto tax provisions in the Infrastructure Investment and Jobs Act,” said Jerry Brito, Executive Director of Coin Center. “We applaud Sen. Toomey for leading a bipartisan effort to address some of these issues and appreciate the support of Senators Warner, Sinema, Lummis and Portman.”
"We thank Senators Toomey, Sinema, Portman, Lummis, and Warner for their bipartisan leadership in this nuanced space,” said Sheila Warren, Chief Executive Officer of the Crypto Council for Innovation. “Clarifying how people can use and report on digital assets is important for the industry. We look forward to supporting the continued growth of innovation in the U.S. and working with policymakers on this issue."
“The Chamber of Digital Commerce commends Senator Toomey and co-sponsors for listening to the concerns of the digital asset community and continuing to advocate for regulatory clarity,” said Cody Carbone, Director of Policy, Chamber of Digital Commerce. “The infrastructure bill included burdensome reporting requirements for nearly every participant within the ecosystem and this bipartisan bill will ensure digital asset reporting requirements match the technology’s operation. We urge that this legislation is swiftly passed into law and look forward to working with all interested parties on policy that provides additional certainty for the digital asset space.”
"ADAM applauds Senators Toomey, Sinema, Portman, Lummis, and Warner for their continued bipartisan leadership to provide clarification on the definition of a broker as it relates to the 2021 Infrastructure Bill,” said Robert Baldwin, Head of Policy, Association for Digital Asset Markets. “Definitions matter and an overly broad interpretation of the broker definition as passed has the potential to dampen innovation and lead to the offshoring of various digital assets projects in the rapidly growing sector. This bill fixes the tax definitional issue. ADAM looks forward to continued bipartisan cooperation on this bill and other policy topics so that the U.S. can ensure a long-term position of leadership in digital assets.”
“Global DCA applauds the tireless efforts to clarify the definition of a broker with respect to the digital asset markets,” said Gabriella Kusz, CEO, Global Digital Asset and Cryptocurrency Association. “This common-sense solution will protect innovation while ensuring that those who are buying and selling cryptocurrency pay legitimate taxes that are owed. We look forward to continuing to work with Senator Toomey, Senator Sinema, Senator Portman, Senator Lummis, and Senator Warner to ensure there is responsible regulation without excessive federal overreach.”
“The proposed revisions to Internal Revenue Code regarding Information Reporting for Brokers and Digital Assets marks a key legislative opportunity that we believe will begin to unlock the best benefits of digital assets and blockchain,” said Ron Quaranta, Chairman of the Wall Street Blockchain Alliance. “By clarifying what it means to be a broker in light of this important innovation, the bi-partisan legislation paves the way for further innovations that can evolve markets and ultimately improve the overall financial lives of Americans. We are thankful for the continued effort and thought leadership of Senators Lummis, Portman, Sinema, and Warner, and on behalf of our members look forward to continued dialogue and collaboration with policymakers in the future.”
“Americans need common sense and fair guidance for engaging with blockchain protocols,” said Alison Mangiero, the Executive Director of The Proof of Stake Alliance (POSA). “POSA appreciates Sen. Toomey, Sen. Sinema, Sen. Warner, Sen. Lummis, and Sen. Portman’s, leadership and efforts to make clear that validators, those who do important work to secure blockchain protocols, are recognized appropriately for tax reporting purposes. We urge the Senate to take up and pass this simple but important bill to provide much-needed clarity and help America grow its web3 economy.”
To read the full text of the bill click here.
###
WASHINGTON – Today, Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) and Vice Chairman Marco Rubio (R-FL) urged the Federal Trade Commission (FTC) to formally investigate TikTok and its parent company, ByteDance. The call comes in response to recent reports that the social media platform has permitted TikTok engineers and executives in the People’s Republic of China (PRC) to repeatedly access private data of US users despite repeated claims to lawmakers and users that this data was protected. This includes instances where staff based in the United States had to consult with their China-based colleagues for information about U.S. user data as they did not have access to the data on their own. These revelations undermine longstanding claims by TikTok’s management that the company’s operations were firewalled from demands of the Chinese Communist Party.
“We write in response to public reports that individuals in the People’s Republic of China (PRC) have been accessing data on U.S. users, in contravention of several public representations, including sworn testimony in October 2021,” the senators wrote in a letter to FTC Chair Lina Khan. “In light of this new report, we ask that your agency immediately initiate a Section 5 investigation on the basis of apparent deception by TikTok, and coordinate this work with any national security or counter-intelligence investigation that may be initiated by the U.S. Department of Justice.”
The report also highlights TikTok’s misrepresentation of the company’s relationship to ByteDance and its subsidiaries, including Beijing-based ByteDance Technology, which is partially owned by the Chinese Communist Party (CCP).
The senators continued, “TikTok’s Trust and Safety department was aware of these improper access practices and governance irregularities, which – according to internal recordings of TikTok deliberations – offered PRC-based employees unfettered access to user information, including birthdates, phone numbers, and device identification information. Recent updates to TikTok’s privacy policy, which indicate that TikTok may be collecting biometric data such as faceprints and voiceprints (i.e. individually-identifiable image and audio data, respectively), heighten the concern that data of U.S. users may be vulnerable to extrajudicial access by security services controlled by the CCP.”
As Chairman and Vice Chair of the Senate Select Committee on Intelligence, Sens. Warner and Rubio have been vocal about the cyber and national security threats posed by the CCP. In 2019, the senators introduced legislation to combat tech-specific threats to national security posed by foreign actors like China.
A copy of the letter is available here and below.
Dear Chairwoman Khan:
We write in response to public reports that individuals in the People’s Republic of China (PRC) have been accessing data on U.S. users, in contravention of several public representations, including sworn testimony in October 2021. In an interview with the online publication Cyberscoop, the Global Chief Security Officer for TikTok’s parent company, ByteDance, made a number of public representations on the data security practices of TikTok, including unequivocal claims that the data of American users is not accessible to the Chinese Communist Party (CCP) and the government of the PRC. As you know, TikTok’s privacy practices are already subject to a consent decree with the Federal Trade Commission, based on its improper collection and processing of personal information from children. In light of this new report, we ask that your agency immediately initiate a Section 5 investigation on the basis of apparent deception by TikTok, and coordinate this work with any national security or counter-intelligence investigation that may be initiated by the U.S. Department of Justice.
Additionally, these recent reports suggest that TikTok has also misrepresented its corporate governance practices, including to Congressional committees such as ours. In October 2021, TikTok’s head of public policy, Michael Beckerman, testified that TikTok has “no affiliation” with another ByteDance subsidiary, Beijing-based ByteDance Technology, of which the CCP owns a partial stake. Meanwhile, as recently as March of this year, TikTok officials reiterated to our Committee representations they have previously made that all corporate governance decisions are wholly firewalled from their PRC-based parent, ByteDance. Yet according to a recent report from Buzzfeed News, TikTok’s engineering teams ultimately report to ByteDance leadership in the PRC.
According to this same report, TikTok’s Trust and Safety department was aware of these improper access practices and governance irregularities, which – according to internal recordings of TikTok deliberations – offered PRC-based employees unfettered access to user information, including birthdates, phone numbers, and device identification information. Recent updates to TikTok’s privacy policy, which indicate that TikTok may be collecting biometric data such as faceprints and voiceprints (i.e. individually-identifiable image and audio data, respectively), heighten the concern that data of U.S. users may be vulnerable to extrajudicial access by security services controlled by the CCP.
A series of national security laws imposed by the CCP, including the 2017 National Intelligence Law and the 2014 Counter-Espionage Law provide extensive and extra-judicial access opportunities for CCP-controlled security services. Under these authorities, the CCP may compel access, regardless of where data is ultimately stored. While TikTok has suggested that migrating to U.S.-based storage from a U.S. cloud service provider alleviates any risk of unauthorized access, these latest revelations raise concerns about the reliability of TikTok representations: since TikTok will ultimately control all access to the cloud-hosted systems, the risk of access to that data by PRC-based engineers (or CCP security services) remains significant in light of the corporate governance irregularities revealed by BuzzFeed News. Moreover, as the recent report makes clear, the majority of TikTok data – including content posted by users as well as their unique IDs– will remain freely accessible to PRC-based ByteDance employees.
In light of repeated misrepresentations by TikTok concerning its data security, data processing, and corporate governance practices, we urge you to act promptly on this matter.
Sincerely,
###
WASHINGTON – With the privacy debate receiving renewed attention in Congress, U.S. Sens. Mark R. Warner (D-VA), Deb Fischer (R-NE), Amy Klobuchar (D-MN), and John Thune (R-SD) and Reps. Lisa Blunt Rochester (D-DE-AL) and Anthony Gonzalez (R-OH-16) today announced that their bipartisan, bicameral DETOUR Act – legislation that would prevent large online platforms from using deceptive user interfaces, known as “dark patterns,” to trick consumers into handing over their personal data – has picked up several new endorsements.
“We are pleased to see growing momentum behind our bipartisan effort to ban these manipulative practices,” said the members of Congress today. “There’s an increasing consensus in Congress that Americans should be able to make informed choices about handing over their data to large platform companies.”
The term “dark patterns” is used to describe online interfaces in websites and apps designed to intentionally manipulate users into taking actions they would otherwise not. These design tactics, drawn from extensive behavioral psychology research, are frequently used by social media platforms to mislead consumers into agreeing to settings and practices advantageous to the company.
The DETOUR Act would also prohibit large platforms from deploying features that encourage compulsive usage by children and from conducting behavioral experiments without a consumer’s consent.
"The American Psychological Association supports the efforts of Senators Mark Warner, Deb Fischer, Amy Klobuchar and John Thune to reduce harmful practices and deceptive tactics by social media companies. These practices can be especially harmful to children, but adults are also susceptible,” said Mitch Prinstein, PhD, Chief Science Officer at the American Psychological Association. “Through my research and that of my colleagues in psychological science, we increasingly understand how these companies can mislead individuals. This is why we support the DETOUR Act and its aim to protect social media users.”
“Social media companies often trick users into giving up their personal data – everything from their thoughts and fears to their likes and dislikes – which they then sell to advertisers. These practices are designed to exploit people; not to serve them better. Senator Warner and Senator Fischer’s DETOUR Act would put a stop to the destructive and deceptive use of dark patterns,” said Imran Ahmed, CEO of the Center for Countering Digital Hate.
“The DETOUR Act is an important step towards curbing Big Tech's unfair design choices that manipulate users into acting against their own interests. We are particularly excited by the provision that prohibits designs that cultivate compulsive use in children,” said Josh Golin, Executive Director of Fairplay. “Over the past year, we've heard a lot of talk from members of Congress about the need to protect children and teens from social media harms. It's time to put those words into action - pass the DETOUR Act!”
“The DETOUR Act proposed by Sen. Warner and co-sponsors represents a positive and important step to protect American consumers. DETOUR provides a mechanism for independent oversight over large technology companies and curtailing the ability of these companies to use deceptive and manipulative design practices, such as ‘dark patterns,’ which have been shown to produce substantial harms to users,” said Colin M. Gray, PhD, Associate Professor at Purdue University. “This legislation provides a foothold for regulators to better guard against deceptive and exploitative practices that have become rampant in many large technology companies, and which have had outsized impacts on children and underserved communities.”
“The proposed legislation represents an important step towards reducing big tech companies’ use of dark patterns that prioritize user engagement over well-being,” said Katie Davis, EdD, Associate Professor at the University of Washington. “As a developmental scientist, I’m hopeful the DETOUR Act will encourage companies to adopt a child-centered approach to design that places children’s well-being front and center, reducing the burden on parents to look out for and avoid dark patterns in their children’s technology experiences.”
The legislation was also previously supported by Mozilla, Common Sense, and the Center for Digital Democracy. Full text of the DETOUR Act is available here.
###
WASHINGTON – U.S. Sen. Mark R. Warner, Chairman of the Senate Select Committee on Intelligence, was joined by U.S. Sens. Steve Daines (R-MT) and Thom Tillis (R-NC) in urging Senate Committee on Appropriations leadership to include significant funding to modernize federal information technology (IT) systems for Fiscal Year (FY) 2023. This request includes at least $300 million in funding for the Technology Modernization Fund (TMF), created through a Warner-led bill in 2017.
“It is widely acknowledged that our federal government needs to make significant and urgent investments in replacing outdated and insecure legacy IT systems,” the senators wrote. “Each year, the federal government spends roughly $90 billion on IT systems. Significant portions of this funding go toward the maintenance of older, legacy systems, which over time grow increasingly costly, and often present concerning cybersecurity vulnerabilities.”
“In addition to the urgent security concerns, ignoring these needed modernization efforts hinders the public’s ability to interact with the government in an efficient and responsive way. We saw this issue magnified during the course of the pandemic, as added demands at times overwhelmed our government’s ability to continue providing effective customer service and critical benefits to Americans. We have heard repeatedly from constituents how these strains have slowed the processing of benefits and claims, in many cases hindering their ability to access critical resources and needed assistance that Congress has put in place,” they continued.
Sen. Warner has long pushed for the federal government to improve IT infrastructure. Last year, Sen. Warner applauded the Biden Administration for taking steps to more quickly and effectively help agencies address technology-related issues, after having previously called for them to do so. In 2020, Sen. Warner joined colleagues in calling on the Appropriations Committee to include funding for IT modernization in future COVID-19 relief packages.
A copy of this year’s bipartisan letter is available here and below.
Chairman Leahy, Vice Chairman Shelby, Chairman Van Hollen, and Ranking Member HydeSmith:
As your committee begins consideration of appropriations for Fiscal Year (FY) 2023, we write to urge you to include significant and critically needed funding to modernize federal information technology (IT) systems. In particular, we request that you provide funding of at least $300 million for the Technology Modernization Fund (TMF).
Congress created the TMF as part of the Modernizing Government Technology (MGT) Act, in response to pressing needs for federal agencies to modernize outdated IT systems and address critical vulnerabilities. The TMF – a revolving fund governed by a board of experts with backgrounds in IT, cybersecurity, financial management, and federal acquisition – is unique in its ability to rapidly evaluate agencies’ technology modernization proposals, assign funding in an agile manner that prioritizes high-need and cost-saving projects, and do all of this in a transparent and accountable manner.
In the roughly four years since it was established, the TMF has delivered approximately $400 million in funding to 20 modernization projects across the government, funding projects that the TMF Board identified as having significant impact on agencies’ security, program operability, and ability to efficiently and effectively deliver results for taxpayers. As the TMF is a revolving fund, agencies that receive funding are given repayment terms that vary based on the project, which allows the TMF to recover a portion of the funds – often through direct cost savings.
It is widely acknowledged that our federal government needs to make significant and urgent investments in replacing outdated and insecure legacy IT systems. Each year, the federal government spends roughly $90 billion on IT systems. Significant portions of this funding go toward the maintenance of older, legacy systems, which over time grow increasingly costly, and often present concerning cybersecurity vulnerabilities.
In addition to the urgent security concerns, ignoring these needed modernization efforts hinders the public’s ability to interact with the government in an efficient and responsive way. We saw this issue magnified during the course of the pandemic, as added demands at times overwhelmed our government’s ability to continue providing effective customer service and critical benefits to Americans. We have heard repeatedly from constituents how these strains have slowed the processing of benefits and claims, in many cases hindering their ability to access critical resources and needed assistance that Congress has put in place.
In 2021 Congress appropriated $1 billion to the TMF to address government IT challenges. While this served as a sizable investment towards these efforts, the demand for these funds was more than double their availability, and the Administration confirms that the TMF will allocate the majority of these funds by the end of this current fiscal year.
By necessity, efforts to modernize and improve the security of IT systems require ongoing and sustained effort by agencies. Congress has a similar responsibility to continue to fund modernization efforts, so that legacy systems aren’t left to grow increasingly costly and insecure over time. The TMF presents agencies with a funding vehicle that is agile and allows them to amortize modernization costs, and that makes technical experts available to agencies throughout the proposal and implementation phases. It also provides Congress a tool with additional accountability and oversight, in the form of board-review of proposals, incremental funding based on outcome-based milestones, and regular follow-up with funding recipients during funding implementation.
We appreciate your consideration of our request for at least $300 million for the Technology Modernization Fund – the level requested by the Administration – and we look forward to continuing to work with you, and with our other colleagues here in the Senate, to ensure that we are providing necessary investment in our federal government’s IT systems.
Sincerely,
###
Leading U.S. Senators Urge SEC to Finalize Tough Cybersecurity Disclosure Rules for Public Companies
May 10 2022
WASHINGTON - As the U.S. Securities and Exchange Commission (SEC) works to finalize policy changes to modernize and enhance the agency’s rules relating to cybersecurity, a bipartisan group of leading U.S. Senators is urging the SEC to increase transparency for investors in an age of persistent cybersecurity threats with rising economic costs.
In March, the SEC published proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. The proposed rules seek to enhance and standardize disclosures regarding public companies ’ cybersecurity risk governance, including disclosure of whether any directors on a company’s board have cybersecurity expertise. The proposed rules would affect public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.
This week, U.S. Sens. Mark Warner (D-VA), Jack Reed (D-RI), Catherine Cortez Masto (D-NV), Kevin Cramer (R-ND), Angus King (I-ME), Ron Wyden (D-OR), and Susan Collins (R-ME) sent a comment letter to the SEC urging the agency to finalize rules regarding disclosures of the board’s oversight of cybersecurity risks.
The seven Senators, all cosponsors of the Cybersecurity Disclosure Act (S. 808), have urged the SEC to issue the exact rules that the agency proposed in March to require publicly traded companies to disclose whether they have cybersecurity expertise on their boards of directors.
The Senators wrote: “The Proposal would implement bipartisan legislation that we have introduced called the Cybersecurity Disclosure Act. That legislation directs the SEC to issue rules requiring each public company to disclose, in its annual report or annual proxy statement, whether any member of its governing body has expertise or experience in cybersecurity, including details necessary to describe fully the nature of that expertise or experience. And if no member has such expertise or experience, a company would be required to describe what other aspects of the company’s cybersecurity were considered by any person, such as an official serving on a nominating committee, who is responsible for identifying and evaluating nominees for membership to the governing body.
“The Proposal follows the intent of our bill by encouraging directors to play a more effective role in cybersecurity risk oversight at public companies, and we commend the SEC for issuing a Proposal that would achieve this important goal.”
Full text of the letter follows:
May 9, 2022
Re: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (SEC File No. S7-09-22).
Dear Ms. Countryman:
We write to respectfully request that the Securities and Exchange Commission (SEC) finalize, as proposed, rules requiring periodic disclosures by public companies regarding cybersecurity expertise on their boards of directors and management’s role in implementing cybersecurity policies and procedures (the Proposal).
The Proposal would implement bipartisan legislation that we have introduced called the Cybersecurity Disclosure Act. That legislation directs the SEC to issue rules requiring each public company to disclose, in its annual report or annual proxy statement, whether any member of its governing body has expertise or experience in cybersecurity, including details necessary to describe fully the nature of that expertise or experience. And if no member has such expertise or experience, a company would be required to describe what other aspects of the company’s cybersecurity were considered by any person, such as an official serving on a nominating committee, who is responsible for identifying and evaluating nominees for membership to the governing body.
The Proposal follows the intent of our bill by encouraging directors to play a more effective role in cybersecurity risk oversight at public companies, and we commend the SEC for issuing a Proposal that would achieve this important goal.
We respectfully request that the SEC finalize Items 106(c) and 407(j) of Regulation S-K as proposed. Item 106(c) would require disclosure about public companies’ cybersecurity governance, including the board’s oversight of cybersecurity risk and a description of management’s role in assessing and managing cybersecurity risks, the relevant experience of management, and its role in implementing cybersecurity policies, procedures, and strategies. Item 407(j) would require disclosure about the cybersecurity expertise of members of the board of directors, if any, including the name of any director, and details to describe the nature of the expertise.
I. Cybersecurity is an important component of long term shareholder value.
Cybersecurity incidents have never been more frequent, complex, and costly. Last year, the overall number of data breaches reached an all-time high of 1,862, up 23% year-over-year. Almost all of these data breaches were caused by cyberattacks. The average cost of a data breach has also reached an all-time high last year of $4.24 million, up 10% year-over-year. To take one concrete example at the high end of this scale, the Equifax breach in 2017 ultimately cost the company over $1.7 billion. Companies of all sizes and in many industries have experienced serious cybersecurity incidents with significant impacts on customers, counterparties, and investors.
Investors often bear the costs associated with these incidents. The Proposal details a number of specific costs to companies and shareholders, including payments to meet ransom, liability for stolen information, increased insurance premiums, lost revenues due to theft of intellectual property, reputational damage, and litigation costs. These costs culminate in damage not only to a company’s profitability, but also to its stock price. According to a report by leading economic consulting firms, a severe cybersecurity breach causes an average permanent decline in a company’s valuation of 1.8%.[5] The Proposal would provide investors with the disclosure they deserve regarding how public companies plan to guard against these risks before they materialize.
II. The Proposal provides powerful incentives for public companies to bolster cybersecurity, preserving long-term shareholder value.
Prudent management of cybersecurity risk is important to maintaining long-term shareholder value. Directors therefore have a responsibility to manage this risk and contribute to a company’s cybersecurity. But corporate boards are struggling to meet this important obligation. Only 40% of boards have a director with cybersecurity experience. And a recent survey by consulting firm EY confirmed a “deficiency of cybersecurity expertise at the C-suite level.” Indeed, according to a recent survey, 60% of directors “don’t believe that cybersecurity should get in the way of business operations.” The Proposal appropriately recognizes that boards must be more vigilant because cybersecurity is among the most significant challenges companies face.
The Proposal would create powerful incentives for public companies to pay greater attention to cybersecurity risks. According to a report by the prior Administration’s Council of Economic Advisors, “mandatory disclosure requirements were previously shown to incentivize firms to adopt better cybersecurity measures.” The Proposal’s board level expertise disclosure requirement is a prime example of such an incentive. The North American Securities Administrators Association agrees that “[i]ncentivizing publicly traded companies to consider whether or not they have appropriate cybersecurity expertise on their governing body is a common-sense way to promote greater attention to cybersecurity risk by public corporations. Investors and customers are well-served by policies that encourage companies to consider such risks proactively, as opposed to after a data breach has already occurred, when such investors and customers have already been harmed.” Proposed Item 106(c) of Regulation S-K would direct public companies to provide these exact disclosures.
The disclosures in the Proposal will also enable investors to hold public companies accountable. In a letter of support for the Cybersecurity Disclosure Act, the Council of Institutional Investors stated its belief that “cybersecurity is an integral component of a board’s role in risk oversight.” In another letter of support, the California Public Employees’ Retirement System said that this approach will “ensure that investors have access to decision useful information to better assess the ability of corporate management to adequately address cybersecurity risks.” And according to consulting firm EY, “remaining cyber-resilient and building stakeholder trust in the company’s data security and privacy practices is a strategic imperative. Public disclosures can help build trust by providing transparency and assurance around how boards are fulfilling their cybersecurity risk oversight responsibilities.” If public companies provide the market with more insights into their governance of cybersecurity risks, then investors will be better equipped to decide whether to invest in a public company and how to vote in elections for directors.
III. Cybersecurity poses unique risks to public companies, which justify the disclosures required by the Proposal.
The unique harms caused by cybersecurity breaches justify the Proposal. According to testimony by Professor John Coates of Harvard Law School before the Senate Banking Committee:
[T]here is maybe going to be some suggestion that there is a slippery slope and there is all kinds of risks and that cyber is one of them and so on. I really do want to emphasize that cyber is unique. Other than financial risk, where we already have an obligation for boards to say do they have financial expertise on the board or not, other than financial risk, cyber risk is, I believe, the one type of risk that is almost universal among public companies. It is very hard to think of a public company in this network age that is not at least somewhat exposed to cyber risk.
This is precisely why cybersecurity risk warrants special attention from the SEC. The Proposal is narrowly tailored to require disclosure of board-level expertise that is important to mitigating this singular risk to public companies’ profitability and valuation.
Moreover, the Proposal accomplishes this goal while providing appropriate discretion to public companies to define what constitutes “cybersecurity expertise” and to address cybersecurity risks through any means they see fit. The Proposal, like our legislation, does not mandate that any company’s board actually have a person with expertise in cybersecurity or require companies to take any actions other than to provide this disclosure. We respectfully request that the SEC adopt this flexible disclosure approach over mandating any set of best practices, in order to encourage boards to develop approaches that are tailored to mitigate risks to the specific set of shareholders to which they are accountable.
###
WASHINGTON – Today it was announced that U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, will serve on the conference committee of Senators and House members working to reconcile differences between the House and Senate version of the jobs and competitiveness bill, which has been known variously as the Bipartisan Innovation Act, America COMPETES Act, the United States Innovation and Competition Act, or the Endless Frontier Act, in order to send a final bill to President Biden’s desk for signature.
“For too long, the United States has allowed our global competitors to out-invest and out-hustle us in regard to our innovation economy. This competitiveness bill will make major investments in domestic semiconductor manufacturing, create good-paying jobs, and provide the tools our country needs to continue competing in the global economy while addressing some of the major causes of economic inflation,” said Sen. Warner. “I am honored to be a member of the conference committee that will work to get a strong bill to the president’s desk ASAP.”
“The Senate is moving an important step closer to delivering a robust jobs and competitiveness bill that will help fix our supply chains and boost American innovation and technological dominance for generations. Our Democratic conferees will ensure that the Senate-passed bill stays on track to create more good-paying jobs, boost domestic manufacturing, and spark American ingenuity that will be the engine that drives our economy forward for years to come,” said Senate Majority Leader Chuck Schumer (D-NY).
In June, the Senate voted 68-28 to pass the United States Innovation and Competition Act, bipartisan legislation that includes Warner-led provisions to foster U.S. innovation in the race for 5G and shore up American leadership in the semiconductors industry. In February, the House finally acted to pass its own version of the bill, the America COMPETES Act. Now, a small group of House members and Senators will form a conference committee to negotiate differences between the two bills and assemble a final product to send to President Biden.
Earlier today, Sen. Warner joined Rep. Abigail Spanberger (D-VA) in leading the Virginia congressional delegation in calling on the U.S. Department of Commerce to consider Virginia for future locations of major semiconductor production and research facilities.
###
WASHINGTON - Today, Senate Intelligence Committee Chairman Mark Warner (D-VA), Sen. Elizabeth Warren (D-MA), Senate Armed Services Committee Chairman Jack Reed (D-RI), and Senate Defense Appropriations Subcommittee Chair Jon Tester (D-MT) introduced the Digital Asset Sanctions Compliance Enhancement Act to ensure that Vladimir Putin and Russian elites don't use digital assets to undermine the international community’s economic sanctions against Russia following its invasion of Ukraine. The senators’ bill comes amid bipartisan concerns and warnings by federal agencies that Russian actors may try to evade economic sanctions by using digital currencies. Countries hit hard by sanctions, including North Korea and Iran, have been previously found to use cryptocurrency to curb the effects of economic sanctions. This legislation is cosponsored by Sens. Tammy Duckworth (D-IL), Debbie Stabenow (D-MI), Raphael Warnock (D-GA), Chris Van Hollen (D-MD), Tina Smith (D-MN), Catherine Cortez Masto (D-NV), and Bob Menendez (D-NJ).
“In order for the sanctions levied by the United States and our allies to have the maximum impact on Vladimir Putin and his oligarch friends, we must close off avenues they might use to evade those sanctions. This legislation will crack down on foreign actors who help sanctioned Russians use digital assets like cryptocurrencies to circumvent the crippling measures we’ve put in place to punish Russia for its barbaric invasion of Ukraine,” said Sen. Warner.
“Putin and his cronies can move, store, and hide their wealth using cryptocurrencies, potentially allowing them to evade the historic economic sanctions the U.S. and its partners across the world have levied in response to Russia’s war against Ukraine. I'm glad to introduce the Digital Asset Sanctions Compliance Enhancement Act with my colleagues to strengthen our sanctions program and close off any avenues for Russian evasion,” said Sen. Warren.
“The U.S. and its allies have imposed some of the strongest sanctions in history to try to stop Putin and his cronies from waging war on Ukraine. A sanctions system without strong authorities to limit evasion using digital assets is like having a security system but leaving the front door open. This bill would clarify Treasury’s authorities and strengthen our sanctions on Putin and his enablers,” said Sen. Reed.
“Vladimir Putin’s unprovoked war in Ukraine is a threat to democracies everywhere, and if we are going to hold him and his cronies accountable, we have to be sure they aren’t using digital tools to evade sanctions,” said Sen. Tester. “I’m proud to introduce this legislation that will make sure we isolate Putin and sends a message to America’s adversaries that folks who threaten freedom and democracy around the world cannot hide from the consequences of their actions.”
“We’ve imposed devastating sanctions on Russia, and we must ensure that there aren’t any loopholes that would allow Putin and his oligarchs to evade them,” said Sen. Cortez Masto. “This legislation gives the U.S. the tools it needs to crack down on any entity using cryptocurrency to trade with sanctioned banks or individuals. We must do all we can to completely isolate Putin, and that includes strengthening the enforcement mechanisms in all of our economic measures.”
“Digital currencies can offer the Russian government and wealthy oligarchs an opportunity to evade the sanctions that President Biden has enacted on Russia as Putin continues to wage his unprovoked and inexcusable war of choice against Ukraine,” said Sen. Duckworth. “The United States can do more to ensure Putin and his cronies feel the full weight of the free world’s sanctions, which is one reason I’m proud to help introduce this legislation with Senator Warren to crack down on cryptocurrency exchanges that engage with Russian entities.”
“Russia must be held accountable for its cold-blooded, unprovoked attack on Ukraine. We’ve seen how economic sanctions can deliverer a major blow to the Russian economy, but we must do everything in our power to prevent Putin and his corrupt cronies from circumventing these sanctions using cryptocurrencies. This legislation provides the necessary tools to monitor and shut down any such loopholes,” said Sen. Van Hollen.
The Digital Asset Sanctions Compliance Enhancement Act would combat the risk of Russian actors from using digital assets to evade international sanctions by discouraging foreign crypto firms from doing business with sanctioned Russian elites, providing the Administration with authority to suspend transactions with Russia-linked crypto addresses, and increasing transparency around crypto holdings.
Specifically, the Digital Asset Sanctions Compliance Enhancement Act would close potential avenues for evasion of sanctions against Russia by:
- Requiring the President to identify foreign digital asset actors that are facilitating evasion of sanctions against Russia, and authorizing the President to sanction such actors, prohibiting their transactions with U.S. persons and blocking their assets.
- Providing the Treasury Secretary clear authority to prohibit digital asset trading platforms and transaction facilitators under U.S. jurisdiction from transacting with cryptocurrency addresses that are known to be, or could reasonably be known to be, in Russia.
- Directing FinCEN to require U.S. taxpayers engaged in a transaction with a value greater than $10K of cryptocurrency offshore to file FinCEN Form 114 (FBAR).
- Requiring the Treasury Department to report on its progress in implementing these provisions, including any resources needed by the Department to improve implementation and progress in coordinating with foreign partners.
- Requiring the Treasury Department to issue a public report identifying foreign digital asset trading platforms that are determined to be high risk for sanctions evasion, money laundering, or other illicit activities.
Earlier this month, Sens. Warren, Senate Intelligence Committee Chairman Mark Warner, Senate Banking, Housing, and Urban Affairs Chairman Sherrod Brown, and Senate Armed Services Committee Chairman Jack Reed led a letter to Treasury Secretary Janet Yellen raising concerns regarding the potential use of cryptocurrency to evade sanctions, which have become even more urgent amid the sanctions imposed on Russia after their invasion of Ukraine.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Intelligence Committee, released the following statement regarding President Biden’s executive order on ensuring responsible innovation in digital assets:
“Today’s executive order does a commendable job of balancing the potential opportunities and benefits of digital assets in financial innovation, economic inclusion, and global payments modernization against the risks and challenges they present to core U.S. interests. I applaud the executive order’s recognition that maintaining the centrality of the United States in the global financial system – and, in particular, the role of American governance standards and the primacy of the U.S. dollar – is absolutely fundamental to our efforts with regard to digital assets. The EO’s urgency with respect to a strategy for a U.S. Central Bank Digital Currency (CBDC) is especially welcome, and I look forward to working with the administration on further steps to engage on international norms and standards related to CBDCs.
“Today, we face a highly motivated adversary that is actively searching for opportunities to evade the substantial sanctions imposed by the Biden administration and our allies around the globe. We must ensure that all participants in the digital assets marketplace are actively complying with sanctions, and we need to develop clearer guardrails and improved enforcement to address fraud, illicit finance, and insecurity in the wider digital assets industry.”
Last week, Sen. Warner sent a letter to Treasury Secretary Janet Yellen raising concerns regarding the potential use of cryptocurrency to evade sanctions imposed on Russia after their invasion of Ukraine.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, issued the following statement after the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which would require companies responsible for U.S. critical infrastructure to report cybersecurity incidents to the government:
“At a time when we are facing significant threats of Russian cyberattacks against our institutions and our allies, it’s more important than ever that the government have an idea of what those threats are. I am glad the Senate has passed our bipartisan cyber incident reporting bill, and I look forward to working with my colleagues in the House to get a final version of this legislation to the president’s desk as soon as possible.”
###
Warner Urges CEOs of Major Tech Companies to Take Actions to Curb Russian Information Operations
Feb 25 2022
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, today sent letters to Alphabet, Meta, Reddit, Telegram, TikTok, and Twitter urging the companies to prevent misuse of their platforms by Russia and Russia-linked entities.
“In addition to Russia’s established use of influence operations as a tool of strategic influence, information warfare constitutes an integral part of Russian military doctrine. As this conflict continues, we can expect to see an escalation in Russia’s use of both overt and covert means to sow confusion about the conflict and promote disinformation narratives that weaken the global response to these illegal acts. While social media can provide valuable information to civilians in conflict zones, and educate audiences far removed from those conflict zones, as well as a platform for some relatively independent media outlets – including in Russia – it can also serve as a vector for harmful misinformation and disinformation campaigns, and a wide range of scams and frauds that opportunistically exploit confusion, desperation, and grief,” the senator wrote.
Copies of the letter sent to Meta, Reddit, Telegram, TikTok, and Twitter are available for download.
In his letter to YouTube parent company Alphabet, Sen. Warner noted that just yesterday his staff observed YouTube ads monetizing content regarding the conflict in Ukraine from RT, Sputnik and TASS, malign actors affiliated with the Russian government.
“Unfortunately, your platforms continue to be key vectors for malign actors – including, notably, those affiliated with the Russian government – to not only spread disinformation, but to profit from it. YouTube, for instance, continues to monetize the content of prominent influence actors that have been publicly connected to Russian influence campaigns,” the senator wrote.
Sen. Warner urged the companies to – at a minimum – take the following steps:
- Establish mechanisms by which Ukrainian public safety entities can disseminate emergency communications to your users in Ukraine;
- Furnish additional account monitoring and security resources to Ukrainian government, humanitarian, and public safety institutions to prevent account takeovers;
- Surge integrity teams, including those with language expertise in Ukrainian, Russian, Polish, Romanian, and German, to monitor your platform for malign influence activity related to the conflict;
- Devote additional resources towards the identification of inauthentic accounts, and the removal or labeling of inauthentic content, associated with Russian influence operations; and
- Establish dedicated reporting channels for qualified academic, public interest, and open source intelligence researchers to share credible information about inauthentic activity, disinformation, and other malign efforts utilizing your platforms.
Sen. Warner has released multiple statements harshly condemning Russia’s attack on Ukraine, which can be found here and here.
###
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, issued the following statement today:
“It’s only a matter of when, not if, we face another widespread cyber breach that threatens our national security. I was glad to see this NTSB-like function included in the President’s May 2020 executive order on cybersecurity, and this is a good first step to establishing such a capability. I look forward to monitoring how this board develops over the coming months.”
###
Statement of Senate Intel Chair Mark R. Warner on House Introduction of the America COMPETES Act of 2022
Jan 25 2022
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, issued the following statement today:
“Earlier today, the U.S. Commerce Department reported that manufacturers that rely on semiconductor chips have less than five days’ supply on hand, leaving vital supply chains extremely vulnerable to delays that are increasing prices for consumers on everything from automobiles to home appliances. Months ago, the Senate passed the U.S. Innovation and Competition Act, which would invest $52 billion in domestic semiconductor production, by an overwhelming bipartisan vote. The Senate bill also invests in R&D for 5G technologies and takes other critical steps to secure our supply chains, improve innovation, and ensure that the U.S. can compete with China and the rest of the world. Today’s introduction in the House of Representatives of the America COMPETES Act is an important step in setting up a conference with the Senate so that we can finally get a bill to President Biden’s desk to sign.”
###
Statement of Senate Intel Chair Mark Warner on National Security Memorandum to Improve Cybersecurity
Jan 19 2022
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued the following statement today after President Biden signed a National Security Memorandum (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems, as required in Executive Order (E.O) 14028, Improving the Nation’s Cybersecurity:
“I applaud President Biden for signing this order to improve our nation’s cybersecurity. Among other priorities, this National Security Memorandum (NSM) requires federal agencies to report efforts to breach their systems by cyber criminals and state-sponsored hackers. Now it’s time for Congress to act by passing our bipartisan legislation that would require critical infrastructure owners and operators to report such cyber intrusions within 72 hours.”
In July 2021, following the SolarWinds and Colonial Pipeline hacks, Chairman Warner was joined by Senate Intelligence Committee Vice Chairman Marco Rubio (R-FL), senior Committee member Susan Collins (R-ME), and a number of colleagues in introducing legislation to require federal government agencies, federal contractors, and critical infrastructure operators to notify the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when a breach is detected so that the U.S. government can mobilize to protect critical industries across the country. In November 2021, Warner announced that a bipartisan agreement had been reached with the leaders of the Senate Homeland Security Committee on compromise legislation requiring critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack.
###
Lawmakers Reintroduce Bipartisan Bicameral Legislation to Ban Manipulative 'Dark Patterns'
Dec 08 2021
WASHINGTON – Ahead of Wednesday’s Senate hearing with the head of Instagram, U.S. Sens. Mark R. Warner (D-VA), Deb Fischer (R-NE), Amy Klobuchar (D-MN), and John Thune (R-SD) along with Reps. Lisa Blunt Rochester (D-DE-AL) and Anthony Gonzalez (R-OH-16) have re-introduced the Deceptive Experiences to Online Users Reduction (DETOUR) Act to prohibit large online platforms from using deceptive user interfaces, known as “dark patterns,” to trick consumers into handing over their personal data. The DETOUR Act would also prohibit these platforms from using features that result in compulsive usage by children.
The term “dark patterns” is used to describe online interfaces in websites and apps designed to intentionally manipulate users into taking actions they would otherwise not. These design tactics, drawn from extensive behavioral psychology research, are frequently used by social media platforms to mislead consumers into agreeing to settings and practices advantageous to the company.
“For years dark patterns have allowed social media companies to use deceptive tactics to convince users to hand over personal data without understanding what they are consenting to. The DETOUR Act will end this practice while working to instill some level of transparency and oversight that the tech world currently lacks,” said Sen. Warner, Chairman of the Senate Select Committee on Intelligence and former technology executive. “Consumers should be able to make their own informed choices on when to share personal information without having to navigate intentionally misleading interfaces and design features deployed by social media companies.”
“Manipulative user interfaces that confuse people and trick consumers into sharing access to their personal information have become all too common online. Our bipartisan legislation would rein in the use of these dishonest interfaces and boost consumer trust. It’s time we put an end to ‘dark patterns’ and other manipulative practices to protect children online and ensure the American people can better protect their personal data,” said Sen. Fischer, a member of the Senate Commerce Committee.
“Dark patterns are manipulative tactics used to trick consumers into sharing their personal data. These tactics undermine consumers’ autonomy and privacy, yet they are becoming pervasive on many online platforms. This legislation would help prevent the major online platforms from using such manipulative tactics to mislead consumers, and it would prohibit behavioral experiments on users without their informed consent,” said Sen. Klobuchar, a member of the Senate Commerce and Judiciary Committees.
“We live in an environment where large online operators often deploy manipulative practices or ‘dark patterns’ to obtain consent to collect user data,” said Sen. Thune, ranking member of the Senate Commerce Committee’s Subcommittee on Communications, Media, and Broadband. “This bipartisan legislation would create a path forward to strengthen consumer transparency by holding large online operators accountable when they subject their users to behavioral or psychological research for the purpose of promoting engagement on their platforms.”
“My colleagues and I are introducing the DETOUR Act because Congress and the American public are tired of tech companies evading scrutiny and avoiding accountability for their actions. Despite congressional hearings and public outcries, many of these tech companies continue to trick and manipulate people into making choices against their own self-interest,” said Rep. Lisa Blunt Rochester. “Our bill would address some common tactics these companies use, like intentionally deceptive user interfaces that trick people into handing over their personal information. Our children, seniors, veterans, people of color, even our very way of life is at stake. We must act. And today, we are.”
“Social media has connected our communities, but also had detrimental effects on our society. Big tech companies that control these platforms currently have unregulated access to a wealth of information about their users and have used nontransparent methods, such as dark patterns, to gather additional information and manipulate users,” said Rep. Anthony Gonzalez. “The DETOUR Act would make these platforms more transparent through prohibiting the use of dark patterns. We live in a transformative period of technology, and it is important that the tech which permeates our day to day lives is transparent.”
Dark patterns can take various forms, often exploiting the power of defaults to push users into agreeing to terms stacked in favor of the service provider. Some examples of these actions include: a deliberate obscuring of alternative choices or settings through design or other means; the use of privacy settings that push users to ‘agree’ as the default option, while users looking for more privacy-friendly options often must click through a much longer process, detouring through multiple screens. Other times, users cannot find the alternative option, if it exists at all, and simply give up looking.
The result is that large online platforms have an unfair advantage over users and potential competitors in forcing consumers to give up personal data such as their contacts, messages, web activity, or location to the benefit of the company.
“Tech companies have clearly demonstrated that they cannot be trusted to self-regulate. So many companies choose to utilize manipulative design features that trick kids into giving up more personal information and compulsive usage of their platforms for the sake of increasing their profits and engagement without regard for the harm it inflicts on kids,” said Jim Steyer, CEO of Common Sense. “Common Sense supports Senators Warner and Fischer and Representatives Blunt Rochester and Gonzalez on this bill, which would rightfully hold companies accountable for these practices so kids can have a healthier and safer online experience.”
“'Dark patterns' and manipulative design techniques on the internet deceive consumers. We need solutions that protect people online and empower consumers to shape their own experience. We appreciate Senator Warner and Senator Fischer's work to address these misleading practices,” said Jenn Taylor Hodges, Head of U.S. Public Policy at Mozilla.
“Manipulative design, efforts to undermine users’ independent decision making, and secret psychological experiments conducted by corporations are everywhere online. The exploitative commercial surveillance model thrives on taking advantage of unsuspecting users. The DETOUR Act would put a stop to this: prohibiting online companies from designing their services to impair autonomy and to cultivate compulsive usage by children under 13. It would also prohibit companies from conducting online user experiments without consent. If enacted, the DETOUR Act will make an important contribution to living in a fairer and more civilized digital world,” said Katharina Kopp, Director of Policy at Center for Digital Democracy.
The Deceptive Experiences To Online Users Reduction (DETOUR) Act aims to curb manipulative behavior by prohibiting the largest online platforms (those with over 100 million monthly active users) from relying on user interfaces that intentionally impair user autonomy, decision-making, or choice. The legislation:
- Prohibits large online operators from designing, modifying, or manipulating user interface with the purpose or substantial effect of obscuring, subverting, or impairing user autonomy, decision-making, or choice to obtain consent or user data
- Prohibits subdividing or segmenting consumers for the purposes of behavioral experiments without a consumer’s informed consent, which cannot be buried in a general contract or service agreement. This includes routine disclosures for large online operators, not less than once every 90 days, on any behavioral or psychological experiments to users and the public. Additionally, the bill would require large online operators to create an internal Independent Review Board to provide oversight on these practices to safeguard consumer welfare.
- Prohibits user design intended to create compulsive usage among children under the age of 13 years old (as currently defined by the Children’s Online Privacy Protection Act).
- Directs the FTC to create rules within one year of enactment to carry out the requirements related to informed consent, Independent Review Boards, and Professional Standards Bodies.
Sen. Warner first introduced the DETOUR ACT in 2019 and has been raising concerns about the implications of social media companies’ reliance on dark patterns for years. In 2014, Sen. Warner asked the FTC to investigate Facebook’s use of dark patterns in an experiment involving nearly 700,000 users designed to study the emotional impact of manipulating information on their News Feeds.
Sen. Warner is one of Congress’ leading voices in demanding accountability and user protections from social media companies. In addition to the DETOUR Act, Sen. Warner has introduced and written numerous bills aimed designed to improve transparency, privacy, and accountability on social media. These include the Safeguarding Against Fraud, Exploitation, Threats, Extremism and Consumer Harms (SAFE TECH) Act – legislation that allow social media companies to be held accountable for enabling cyber-stalking, targeted harassment, and discrimination across platforms; the Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data (DASHBOARD) Act, bipartisan legislation that would require data harvesting companies to tell consumers and financial regulators exactly what data they are collecting from consumers and how it is being leveraged by the platform for profit; and the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, legislation that would encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.
Full text of the bill is available here.
###
WASHINGTON – U.S. Sens. Mark Warner (D-VA), Gary Peters (D-MI), Rob Portman (R-OH), and Susan Collins (R-ME) introduced a bipartisan amendment to the annual defense authorization bill to require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a cyber-attack, and most entities to report if they make a ransomware payment. The amendment is based on the Cyber Incident Reporting Act and Federal Information Security Modernization Act of 2021 authored by Peters and Portman, and advanced by the Homeland Security and Governmental Affairs Committee, where they serve as Chairman and Ranking Member, respectively.
“Cyber-attacks and ransomware attacks are a serious national security threat that have affected everything from our energy sector to the federal government and Americans’ own sensitive personal information,” said Senator Peters, Chairman of the Homeland Security and Governmental Affairs Committee. “I’m grateful to my colleagues for working together to introduce this bipartisan amendment that will take significant steps to strengthen cybersecurity protections, ensure that CISA is at the forefront of our nation’s response to serious breaches, and most importantly, requires timely reporting of these attacks to the federal government so that we can better prevent future incidents and hold attackers accountable for their crimes.”
“As cyber and ransomware attacks continue to increase, the federal government must be able to quickly coordinate a response and hold bad actors accountable,” said Senator Portman, Ranking Member of the Homeland Security and Governmental Affairs Committee. “That’s why I’m proud to introduce this bipartisan amendment to the FY 2022 NDAA to update the Federal Information Security Modernization Act (FISMA) and give the National Cyber Director, CISA, and other appropriate agencies broad visibility into the cyberattacks taking place across our nation on a daily basis to enable a whole-of-government response, mitigation, and warning to critical infrastructure and others of ongoing and imminent attacks. This bipartisan amendment to significantly update FISMA will provide the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”
“It seems like every day, Americans wake up to the news of another ransomware attack or cyber intrusion, but the SolarWinds hack showed us that there is nobody responsible for collecting information on the scope and scale of these incidents,” said Senator Warner, Chairman of the Senate Select Committee on Intelligence. “We can’t rely on voluntary reporting to protect our critical infrastructure – we need a routine reporting requirement so that when vital sectors of our economy are affected by a cyber breach, the full resources of the federal government can be mobilized to respond to, and stave off, its impact. I’m glad we were able to come to a bipartisan compromise on this amendment addressing many of the core issues raised by these high-profile hacking incidents.”
“Having a clear view of the dangers the nation faces from cyberattacks is necessary to prioritizing and acting to mitigate and reduce the threat,” said Senator Collins. “My 2012 bill would have led to improved information sharing with the federal government that likely would have reduced the impact of cyber incidents on both the government and the private sector. Failure to enact a robust cyber incident notification requirement will only give our adversaries more opportunity to gather intelligence on our government, steal intellectual property from our companies, and harm our critical infrastructure. I urge my colleagues to pass our amendment, which is common sense and long overdue.”
The amendment would require critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack. Many other organizations, including businesses, nonprofits, and state and local governments, would also be required to report to the federal government within 24 hours if they make a ransom payment following an attack. Additionally, the amendment would update current federal government cybersecurity laws to improve coordination between federal agencies, force the government to take a risk-based approach to security, as well as require all civilian agencies to report all cyber-attacks to CISA, and major cyber incidents to Congress. It also provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks.
###