WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, joined Senate colleagues in urging the Chairmen of the Senate and House Armed Services Committees to include a Senate-passed amendment cosponsored by Sen. Warner that would reinstate penalties against ZTE in their upcoming NDAA FY2019 Conference Report. Earlier this year, intelligence leaders testified before the Senate Intelligence Committee warning that ZTE, Huawei, and other Chinese state-directed telecommunications companies have the capacity for espionage and intellectual property theft, posing clear threats to the national security, people, and economy of the United States. This week, President Trump’s Commerce Department announced an agreement to lift the ban preventing Chinese telecom giant ZTE from doing business with American suppliers.
Additionally, Senators urged the conferees to include the reforms to the Committee on Foreign Investment in the United States (CFIUS), which were a part of the recently passed Senate NDAA bill. These reforms, also known as the Foreign Investment Risk Review Modernization Act (FIRRMA), would ensure that foreign investments in the U.S. do not pose a national security risk.
Sen. Warner, a former technology executive, has long expressed concern that ZTE poses a significant threat to our national security. He recently wrote to the administration urging President Trump to re-consider a deal with the China-based company.
The text of the letter to NDAA conferees can be found here and below:
Dear Chairmen McCain and Thornberry, and Ranking Members Reed and Smith:
We write to express our strong support for measures in the Senate-passed Fiscal Year 2019 National Defense Authorization Act (FY 2019 NDAA) that would reinstate U.S. government penalties against ZTE, a Chinese state-directed telecommunications company, and modernize the Committee on Foreign Investment in the United States (CFIUS). As you begin deliberations over the final version of the FY 2019 NDAA, we request that you include these two measures.
Section 6702: Prohibition on Modification of Civil Penalties under Export Control and Sanctions Laws and Prohibition on Certain Telecommunications Equipment.
We strongly oppose the June 2018 deal with ZTE negotiated by the Commerce Department’s Bureau of Industry and Security (BIS) to lift the seven-year ban against the export of U.S. parts and components to ZTE. BIS imposed this seven-year ban and other penalties against ZTE in April 2018 in response to its numerous violations of U.S. export controls and sanctions laws.
We also note that our nation’s six top intelligence leaders testified before the Senate Intelligence Committee in February 2018 about their concern that ZTE, Huawei, and other Chinese state-directed telecommunications companies are beholden to the Chinese government and Communist Party, which provides the capacity for espionage and intellectual property theft, and therefore poses clear threats to the national security, people, and economy of the United States.
As you prepare the Conference Report, we therefore urge you to retain—and further strengthen—Section 6702 of the Senate-passed FY 2019 NDAA, which would not only reinstate the April 2018 penalties against ZTE and prohibit the modification of any penalties against a Chinese telecommunications firm unless certain conditions are met, but also prohibit the U.S. government from using or procuring equipment from, or entering into a contract with ZTE or Huawei.
Title XVII: Foreign Investment Risk Review Modernization Act of 2018
We also thank you for your work protecting our national security and intellectual property by ensuring that foreign countries are not engaged in illicit behavior when investing in the United States.
As you are aware, the Senate version of the FY 2019 NDAA includes important reforms to the Committee on Foreign Investment in the United States that were part of the Foreign Investment Risk Review Modernization Act (FIRRMA). Those reforms are vital to protecting our national security and preventing intellectual property theft by foreign countries—including the People’s Republic of China.
As you negotiate a conference report for the 2019 NDAA, we urge you to include the Senate-passed CFIUS reforms and ensure that the final language fully addresses our national security and competitiveness concerns. We believe that efforts to weaken the robust protections in the FIRRMA will embolden our adversaries and present threats to our national security.
We thank you for your leadership, and we appreciate your consideration.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance committees, issued the below statement regarding the U.S. Department of Commerce’s agreement to lift the ban on Chinese telecom giant ZTE doing business with American suppliers:
“I share the grave concerns of our military and the intelligence community, which are unanimous in their conclusion that ZTE — a state-controlled company with ties to Chinese intelligence — presents an ongoing threat to our national security. I also share many of the concerns the President has voiced in the past about China’s unfair trade practices, which have cheated American workers and permitted Chinese companies to steal the intellectual property of American firms with virtually no consequences.
“This sweetheart deal not only ignores these serious issues, it lets ZTE off the hook for evading sanctions against Iran and North Korea with a slap on the wrist.”
In Light of Federal Election Commission Hearing, Klobuchar, Warner Urge Commissioners to Issue Strongest Possible Transparency Requirements for Online Ads
Jun 27 2018
WASHINTON- U.S. Senators Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, urged the Federal Election Commission (FEC) to implement the strongest possible transparency and accountability requirements for online advertisements in response to the proposed rulemaking. The letter comes as the FEC begins public hearings today on online advertisements.
“During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again,” the senators wrote.
“People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.”
Klobuchar, Warner and Senator John McCain (R-AZ) are the authors of the bipartisan Honest Ads Act, legislation to help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
The full text of the letter can be found below:
As you conduct hearings this week on “Internet Disclaimers and Definition of Public Communication”, we encourage you to issue the strongest possible rule that will increase transparency and accountability for online advertisements.
During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As part of a wide social media exploitation effort, Russia spent at least $100,000 dollars—in rubles—on Facebook ads to influence the 2016 election. According to Facebook responses to investigations by the Senate Select Committee on Intelligence and Senate Judiciary Committee, Russian disinformation reached more than 126 million Americans online.
As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again. As Director of National Intelligence Dan Coats stated earlier this year, “[t]he 2018 U.S. midterm elections are a potential target for Russian influence operations” and Russia will conduct “bolder and more disruptive cyber operations.” Senate Intelligence Committee members determined that foreign actors illegally influenced the 2016 presidential election and that something has to be done to stop this from occurring in the future.
Online platforms dwarf broadcast, satellite, and cable providers. The largest internet platform has over 210 million American users. The largest cable provider only has 22 million subscribers – nearly an order of magnitude greater. That is why we introduced the Honest Ads Act earlier this year. Our legislation would apply the same rules to online political advertisements that already exist for traditional media and require digital advertisers to maintain a public record of political ads purchased. By requiring the same rules across all advertising platforms, we can limit foreign attempts to influence our elections, increase transparency in political advertising, and promote greater accountability.
People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Marco Rubio (R-FL) sent a letter to President Trump, urging him to re-consider the deal lifting the ZTE ban, and to support the Senate-passed ban on government purchases of ZTE and Huawei equipment. Sen. Warner is the Vice Chairman of the Senate Select Committee on Intelligence and a member of the Finance and Banking committees. Sen. Rubio is a member of Senate Foreign Relations and Intelligence committees.
In the letter to President Trump, the Senators wrote, “The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.”
The Senators noted that at a February 13, 2018 hearing in the Intelligence Committee, six of the nation’s top intelligence leaders – the Director of National Intelligence (DNI) and the heads of the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and the National Geospatial-Intelligence Agency (NGA) – testified about the risks posed to U.S. national security by ZTE and Huawei. Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that Chinese telecom companies such as ZTE and Huawei pose a significant threat to American security.
“As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security,” the Senators added. “ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.”
The full letter is available here and below.
June 26, 2018
The White House
1600 Pennsylvania Avenue, NW
Washington, DC 20500
Dear Mr. President:
We urge you to reconsider your decision to amend the April ZTE sanctions order and lift the ban the Commerce Department imposed this year that prohibited ZTE from buying U.S. components, and we ask for your support for the Senate-passed ban on the government buying ZTE and Huawei equipment. We strongly believe that the April sanctions order—which would have threatened ZTE’s survival—should not be used as a bargaining chip in negotiations with China on unrelated matters.
The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.
At the Senate Intelligence Committee’s hearing on February 13, 2018, six top intelligence leaders testified about the risk of ZTE and Huawei to American national security:
· FBI Director Wray stated: “We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks that provides the capacity to exert pressure or control over our telecommunications infrastructure. It provides the capacity to maliciously modify or steal information, and it provides the capacity to conduct undetected espionage.”
· Then-NSA Director Rogers warned: “I would agree with Director Wray’s characterization here. This is a challenge I think that's only going to increase, not lessen, over time for us.” To mayors, county judges, university presidents, and state legislatures, “I would say you need to look long and hard at companies like this.”
· The Director of National Intelligence, and the heads of the CIA, FBI, NSA, DIA, and NGA all indicated they would not use products or services from ZTE or Huawei; nor would they recommend private American citizens do so.
Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that “the Intelligence Community and law enforcement is clearly on the record, both in the public and in classified settings, with the threat from Chinese telecommunications companies.”
As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security.
ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.
Thank you for your attention to this important matter and for your assistance in ensuring we protect our nation’s future from authoritarian influence.
Mark R. Warner
United States Senator
United States Senator
WASHINGTON – Today U.S. Sen. Mark R. Warner (D-VA) released a statement after Congress approved the Fiscal Year 2019 National Defense Authorization Act (NDAA):
“I’m glad that the Senate was able to work in a bipartisan way to improve national security, support our service members, and strengthen defense readiness.
“Since the Administration has failed to listen to warnings from their own top intelligence officials about the dangers posed by Chinese telecom company ZTE, this legislation includes a bipartisan amendment – which I co-sponsored – to automatically reinstate trade restrictions on ZTE once this bill is signed into law. Importantly, this legislation would also ensure that neither ZTE nor Huawei will be eligible for government contracts in the future. To further prioritize our national security, I also supported the inclusion of a bipartisan CFIUS bill similar to what we passed in the Banking Committee to ensure that foreign investments in the U.S. do not pose a national security risk. I strongly encourage the Administration to consider the strong bipartisan support for these measures in the Senate before taking any hasty actions. Additionally, this bill urges the Secretaries of State and Defense to dedicate all necessary resources to complete its strategy to counter and deter future cyber aggression by Russia.”
“This bill also funds several critical priorities important to Virginia’s shipbuilding footprint, including the procurement of two Virginia-class submarines. In addition, this bill pushes further action to make long-overdue investments in our nation’s public shipyards, authorizes more than $260 million towards 14 military construction projects across the Commonwealth, and includes a 2.6 percent raise for members of the armed forces. The NDAA also includes important reforms to modernize our antiquated security clearance system and to reduce the 700,000 person background investigation backlog. Although this bill is far from perfect, I commend my colleagues for passing this critical defense package,” said Sen. Warner.
Included in the NDAA are three provisions championed by Sen. Warner to address the security clearance backlog:
- A provision requiring the Director of National Intelligence to improve information sharing regarding government and contract employees;
- A provision requiring the Director of National Intelligence to provide a report on a clearance-in-person concept to accommodate a more modern mobile workforce;
- And a provision creating a “rocket” clearance for mission-critical positions that can be processed in 15 days for SECRET and 45 days for TOP SECRET.
In addition, the bill includes a bipartisan amendment sponsored by Sen. Warner and Sen. Marco Rubio (R-FL) that would improve access to cybersecurity scholarships for students at minority-serving institutions. With mounting demand across every industry for trained cyber workers, it’s particularly important that we invest now in developing a diverse cyber workforce.
Added Sen. Warner, “In order to address the nation’s increased cyber threats from foreign adversaries, this amendment will ensure the nation that the U.S. builds a strong and diverse pipeline of future talent to lead the nation’s strategy in the field of cybersecurity.”
“Norfolk State University is pleased to support this bipartisan proposal to recruit a more diverse pool of students to pursue cyber education,” said Dr. Melvin T. Stith, Interim President of Norfolk State University. “Strong cyber training and knowledge is essential for preparing students to compete and thrive in a 21st century economy. This effort by Senator Warner is a welcome boost to Norfolk State University's ongoing efforts to produce a talented and representative cyber workforce.”
The amendment is similar to provision offered by Rep. Pete Aguilar (D-CA) that was included in the House-passed version of the NDAA. The text of the amendment can be found here.
WASHINGTON –U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, today sent letters to Twitter and Google parent company Alphabet, requesting information about any data sharing agreements between the companies and Chinese vendors. The letter follows a disclosure earlier this week by Facebook that the company has partnerships with Chinese telecom companies including Huawei that allow them to access Facebook users’ non-public data.
“Since at least October 2012, when the House Permanent Select Committee on Intelligence released its widely-publicized report, the relationship between the Chinese Communist Party and equipment makers like Huawei and ZTE has been an area of national security concern. Since then, numerous articles in the tech trade press have focused on concerns by American and allied intelligence agencies that products from Chinese device makers, such as Lenovo, have security vulnerabilities that could allow Chinese intelligence to access data stored on, or transmitted by, devices. And the New York Times reported in 2016 that firmware found in low-end smartphone devices, such as those of Huawei and ZTE, continually transmitted local data to Chinese severs, potentially for foreign intelligence purposes,” Sen. Warner wrote to the two companies today.
It is publicly known that Alphabet has entered into strategic partnerships with Chinese mobile device manufacturers, including Huawei and Xiaomi, as well as with Chinese technology platform Tencent. In light of Facebook’s recent revelations, Sen. Warner requested that the company provide information about those partnerships, as well as any other agreements that Alphabet may have entered into with third-party vendors based in China. A similar request was posed to Twitter.
Jun 07 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Commerce Department’s agreement with ZTE:
“It is the unanimous conclusion of our nation’s intelligence community that ZTE poses a significant threat to our national security. These concerns aren’t new; back in 2012, the House Permanent Select Committee on Intelligence released a report on the serious counterintelligence concerns associated with ZTE equipment.
“It’s not only that ZTE was busted for evading sanctions on Iran and North Korea, and then lied about it; It’s that ZTE is a state-controlled telecommunications company that poses significant espionage risks, which this agreement appears to do little to address.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement after Facebook confirmed the company has data-sharing partnerships with Chinese telecom companies, including Huawei:
“Concerns about Huawei aren’t new – they were widely publicized beginning in 2012, when the House Permanent Select Committee on Intelligence released a well-read report on the close relationships between the Chinese Communist Party and equipment makers like Huawei. The news that Facebook provided privileged access to Facebook’s API to Chinese device makers like Huawei and TCL raises legitimate concerns, and I look forward to learning more about how Facebook ensured that information about their users was not sent to Chinese servers.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking Committee, released the following statement regarding the reported ZTE agreement lifting the Commerce Department ban:
“If these reports are accurate, this is a huge mistake. ZTE poses a threat to our national security. That’s not just my opinion – it’s the unanimous conclusion of our intelligence community.”
May 31 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and cofounder of the Senate Cybersecurity Caucus, released the following statement after the Department of Homeland Security (DHS) and the Department of Commerce issued a joint report on how the federal government can combat botnets and other threats to the internet ecosystem:
“This report concludes that current market incentives do too little to promote security in internet-connected products, corroborating a longstanding concern I have had with the burgeoning market of Internet of Things (IoT) devices. The failure of these market forces to reward security over cost or convenience has led to devastating DDoS attacks (like the Mirai botnet) that contribute to internet-wide insecurity to this day.
“I am pleased to see the Departments of Commerce and Homeland Security acknowledge that the federal government should lead by example by requiring the acquisition of far more secure and resilient services and products; Congress should take the next step and pass bipartisan legislation I have introduced with Sen. Gardner that would set minimum security requirements for federal procurements of IoT devices.”
May 26 2018
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Trump administration’s deal on ZTE:
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) joined a group of bipartisan Senators in sending a letter to the Secretary of the Treasury Steve Mnuchin, the Secretary of Commerce Wilbur Ross, and the U.S. Trade Representative Robert Lighthizer, urging the Administration to protect national security interests when negotiating the U.S.-China trade relationship. This comes after President Trump has publicly pledged to lift a seven-year ban on American firms doing business with Chinese telecom company ZTE.
“There can be no question that China seeks to surpass the U.S. both economically and militarily and become the world’s foremost superpower, and neither the Federal Government nor private U.S. companies should aid and abet that effort,” the Senators wrote. “As such, we implore you to reject any proposal to soften restrictions on the transfer to China of U.S.-made military technologies and advanced dual-use technologies, including semiconductors."
“We urge you not to compromise lawful U.S. enforcement actions against serial and pre-meditated violators of U.S. law, such as ZTE. This is particularly critical when the violators are state-owned and -influenced, part and parcel of China’s policies and practices designed to strengthen its own national security innovation base, and essential tools of efforts to spread China’s influence in other countries that pose national security threats to the United States. Export control and sanctions laws should not be negotiable, because fidelity to the rule of law is a key part of what distinguishes the U.S. from a country like China that is ruled by a Communist dictatorship,” the Senators concluded.
As the Vice Chairman of the Senate Select Committee on Intelligence, Sen. Warner has publicly voiced his concern that rolling back trade restrictions on Chinese telecom company ZTE would pose significant national security risks to the United States. Last week, Sen. Warner joined a group of 34 Senators urging President Trump not reverse trade restrictions on ZTE.
In addition to Sen. Warner, the letter was signed by Sens. Chuck Schumer (D-NY), John Cornyn (R-TX), Dianne Feinstein (D-CA), Marco Rubio (R-FL), Martin Heinrich (D-NM), Steve Daines (R-MT), Susan Collins (R-ME), Mike Rounds (R-SD), John Thune (R-SD), Sherrod Brown (D-OH), Johnny Isakson (R-GA), Roy Blunt (R-MO), Bob Casey (D-PA), Bill Cassidy (R-LA), Ted Cruz (R-TX), Ben Sasse (R-NE), Joe Manchin (D-WV), Chuck Grassley (R-IA), Jack Reed (D-RI), Bill Nelson (D-FL), David Perdue (R-GA), Debbie Stabenow (D-MI), Ron Wyden (D-OR), Tom Cotton (R-AR), Kamala Harris (D-CA), and Angus King (I-ME)
Full text of the letter can be found below.
The Honorable Steven Mnuchin
Secretary of the Treasury
U.S. Department of the Treasury
1500 Pennsylvania Ave., NW
Washington, DC 20220
The Honorable Wilbur Ross
Secretary of Commerce
U.S. Department of Commerce
1401 Constitution Ave., NW
Washington, DC 20230
The Honorable Robert E. Lighthizer
U.S. Trade Representative
Office of the U.S. Trade Representative
600 17th St., NW
Washington, DC 20508
Dear Secretary Mnuchin, Secretary Ross, and Ambassador Lighthizer:
As you work to secure a fair and equitable trading and investment relationship with China for the American people, we write to express serious concerns over reports that China, in the ongoing negotiations, is pushing for access to U.S.-made military technologies and advanced dual-use technologies. We strongly support these critical negotiations to rebalance the U.S.-China economic relationship, but U.S. national security must remain the paramount consideration. Therefore, we strongly urge you to reject any proposal by China to loosen existing restrictions on the export or other transfer of these sensitive U.S. technologies. Any such move would bolster China’s aggressive military modernization and significantly undermine long-term U.S. national security interests.
We agree with General Joe Dunford, Chairman of the Joint Chiefs of Staff, that within seven years, China will pose the greatest threat to U.S. national security of any nation. Likewise, we concur with the Department of Defense’s most recent report on “Military and Security Developments Involving the People’s Republic of China,” which states that “China’s military modernization is targeting capabilities with the potential to degrade core U.S. military-technological advantages. To support this modernization, China uses a variety of methods to acquire foreign military and dual-use technologies . . . . Several cases emerged in 2016 of China using its intelligence services, and employing other illicit approaches that violate U.S. laws and export controls, to obtain national security and export-restricted technologies, controlled equipment, and other materials.”
Clearly, the Chinese Communist Party regards these sensitive technologies as essential for China’s military modernization and is accelerating its efforts to acquire such technologies through both legal and illegal means, including cyber theft, civil-military integration policies, coercion through joint ventures with foreign companies, targeted investment, and exploitation of the access of private Chinese nationals to such technologies. We must guard against such efforts and remain vigilant in protecting our national security innovation base.
As you know, export controls are designed to protect national security. The relaxing of these or other technology transfer restrictions would directly contradict and undermine key parts of President Trump’s 2017 National Security Strategy (NSS). The NSS states that, “China and Russia . . . are fielding military capabilities designed to deny America access in times of crisis and to contest our ability to operate freely in critical commercial zones during peacetime. In short, they are contesting our geopolitical advantages and trying to change the international order in their favor.”
There can be no question that China seeks to surpass the U.S. both economically and militarily and become the world’s foremost superpower, and neither the Federal Government nor private U.S. companies should aid and abet that effort. As such, we implore you to reject any proposal to soften restrictions on the transfer to China of U.S.-made military technologies and advanced dual-use technologies, including semiconductors. We do support a balanced and constructive relationship with China, but one that is clear-eyed about China’s predatory, comprehensive efforts to acquire sensitive technologies that would increase the risk China poses to the United States and our allies in the Indo-Pacific region and elsewhere.
In addition, we urge you not to compromise lawful U.S. enforcement actions against serial and pre-meditated violators of U.S. law, such as ZTE. This is particularly critical when the violators are state-owned and -influenced, part and parcel of China’s policies and practices designed to strengthen its own national security innovation base, and essential tools of efforts to spread China’s influence in other countries that pose national security threats to the United States. Export control and sanctions laws should not be negotiable, because fidelity to the rule of law is a key part of what distinguishes the U.S. from a country like China that is ruled by a Communist dictatorship.
Thank you for your attention to these concerns.
CC: The Honorable James N. Mattis, Secretary of Defense
The Honorable Mike Pompeo, Secretary of State
The Honorable John Bolton, Assistant to the President for National Security Affairs
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus, released the following statement after the White House eliminated the role of Cybersecurity Coordinator on the National Security Council, a position created to harmonize the federal government’s approach to cybersecurity and digital warfare:
“It’s frankly mindboggling that the Trump Administration has eliminated the top White House official responsible for a whole-of-government cyber strategy, at a time when the cyber threat to our nation is greater than ever. Our adversaries are investing heavily in 21st century cyber warfare capabilities, and if we only view national security through a conventional 20th century lens, we’re going to find ourselves unable to respond to increasingly asymmetric cyber threats down the road.”
May 15 2018
WASHINGTON – Today, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined a group of 33 Senators calling on the Trump Administration to put American jobs and national security ahead of China. The Senators wrote a letter to the Administration in response to President Trump’s announcement that he has directed the Department of Commerce to look at easing penalties imposed on China-based company ZTE for violations that include selling sensitive U.S. technologies to Iran and North Korea in violation of U.S. sanctions laws.
“Offering to trade American sanctions enforcement to promote jobs in China is plainly a bad deal for American workers and for the security of all Americans,” the Senators wrote. “American workers and companies confront rampant theft of U.S. intellectual property, agricultural policies that disadvantage American farmers, restrictions on market access for U.S. service providers and manufacturers, and mercantilist industrial policies that have cost U.S. workers their jobs. America’s policies toward China should put American workers, farmers and businesses first, not China’s.”
“We urge you to focus on identifying effective strategies to reshape China’s policy approach in each of these areas, such as through enforceable commitments to eliminate forced technology transfer policies, market distorting subsidies, data localization policies, and foreign investment restrictions, and ensuring nondiscriminatory treatment of U.S. firms in regulatory and other proceedings. Above all, we urge you to remain steadfast in enforcing America’s laws,” the Senators concluded.
In addition to Sens. Warner and Kaine, the letter was signed by Sens. Chuck Schumer (D-NY), Sherrod Brown (D-OH), Ron Wyden (D-OR), Tammy Baldwin (D-WI), Michael Bennet (D-CO), Richard Blumenthal (D-CT), Ben Cardin (D-MD), Tom Carper (D-DE), Bob Casey (D-PA) , Chris Coons (D-DE), Catherine Cortez Masto (D-NV), Joe Donnelly (D-IN), Dick Durbin (D-IL), Martin Heinrich (D-NM), Amy Klobuchar (D-MN), Patrick Leahy (D-VT), Ed Markey (D-MA), Robert Menendez (D-NJ), Jeff Merkley (D-OR), Bill Nelson (D-FL), Gary Peters (D-MI), Jack Reed (D-RI), Brian Schatz (D-HI), Jeanne Shaheen (D-NH), Tina Smith (D-MN), Debbie Stabenow (D-MI), Tom Udall (D-NM), Chris Van Hollen (D-MD), Elizabeth Warren (D-MA), and Sheldon Whitehouse (D-RI).
The full text of the letter can be found below:
Dear Mr. President:
Your recent remarks directing Secretary Ross to help ZTE – a Chinese company that has repeatedly sold sensitive U.S. technologies to Iran and North Korea in clear violation of American sanctions laws – call into grave doubt whether this administration will put American jobs and national security first.
If acted upon, your instruction would reverse a law enforcement decision by Secretary Ross to impose a seven-year denial of export privileges on ZTE, setting aside that decision made in the interests of U.S. national security to cushion the employment impact on the Chinese company. ZTE not only violated US sanctions law but then repeatedly lied about steps it would take to remedy the problems. As Secretary Ross noted when he imposed the order, “ZTE made false statements to the U.S. Government when they were originally caught and put on the Entity List, made false statements during the reprieve it was given, and made false statements again during its probation. ZTE misled the Department of Commerce. Instead of reprimanding ZTE staff and senior management, ZTE rewarded them. This egregious behavior cannot be ignored.”
In addition to paying a fine of $1.2 billion, and pleading guilty to knowingly violating U.S. sanctions laws, ZTE agreed to a multi-year denial of export privileges, to be activated if any aspect of the agreement was not met and/or if the company committed additional violations of US export control regulations. Prompted by new violations, Commerce imposed the denial.
America’s national security must not be used as a bargaining chip in trade negotiations. Offering to trade American sanctions enforcement to promote jobs in China is plainly a bad deal for American workers and for the security of all Americans. Bargaining away law enforcement power over bad actors such as ZTE undermines the historically sharp distinction between sanctions and export control enforcement and routine trade decisions made by the US.
Your order comes as your administration is in the midst of discussions with China to address China’s market-distorting policies and other tactics to undermine key American industries. Beyond appearing to risk American national security, the statement suggests that the administration is not serious about addressing the many economic challenges China presents. The devastating effects of China’s trade policies are clear. As your top trade negotiator recognized in his trade report on China less than six months ago, to address the “very serious and harmful problems generated by China’s trade regime”, China must “truly embrace a market-oriented approach, rooted in the fundamental WTO principles of non-discrimination, market access, reciprocity, fairness and transparency.” There is no evidence that China has agreed to such a shift in approach.
American workers and companies confront rampant theft of U.S. intellectual property, agricultural policies that disadvantage American farmers, restrictions on market access for U.S. service providers and manufacturers, and mercantilist industrial policies that have cost U.S. workers their jobs. America’s policies toward China should put American workers, farmers and businesses first, not China’s.
We urge you to focus on identifying effective strategies to reshape China’s policy approach in each of these areas, such as through enforceable commitments to eliminate forced technology transfer policies, market distorting subsidies, data localization policies, and foreign investment restrictions, and ensuring nondiscriminatory treatment of U.S. firms in regulatory and other proceedings. Above all, we urge you to remain steadfast in enforcing America’s laws.
WASHINGTON – During a hearing of the Senate Select Committee on Intelligence today to consider the nomination of Bill Evanina to serve as the nation’s top counterintelligence official, U.S. Sen. Mark R. Warner (D-VA), the Committee’s Vice Chairman, voiced concern that rolling back trade restrictions on Chinese telecom company ZTE would pose significant national security risks to the United States.
In recent days, President Trump has publicity expressed his desire to reverse trade restrictions placed on the company for violating sanctions on Iran and North Korea.
“On the question of counterintelligence with China, a number of members of this committee have raised concerns about certain Chinese telecom companies and their penetration into the American market. I was actually pleased that the President acted on one of those companies, ZTE. Now it appears that that is simply a bargaining chip in negotiations with China. I don’t think that is the appropriate way,” said Sen. Warner during the nomination hearing.
“If this is a security threat, then it is a security threat and needs to be dealt with as such — not as a bargaining chip in greater trade negotiations,” added Sen. Warner.
On Sunday, May 13 Trump tweeted, “President Xi of China, and I, are working together to give massive Chinese phone company, ZTE, a way to get back into business, fast. Too many jobs in China lost. Commerce Department has been instructed to get it done!” The next day, Trump followed with another tweet: “ZTE, the large Chinese phone company, buys a big percentage of individual parts from U.S. companies. This is also reflective of the larger trade deal we are negotiating with China and my personal relationship with President Xi.”
Earlier today, Sen. Warner joined a group of 34 Senators urging President Trump not to reverse trade restrictions on ZTE.
WASHINGTON— U.S. Sens. Mark R. Warner (D-VA) and Amy Klobuchar (D-MN) today called on Twitter and Alphabet, Inc., the parent company of Google, to implement stronger transparency and accountability standards for online political advertisements. Specifically, the Senators called on the companies to voluntarily implement the provisions in the Honest Ads Act, bipartisan legislation introduced by Sens. Klobuchar, Warner and John McCain (R-AZ) that would require online political advertisements to abide by the same disclosure rules as television and radio ads.
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. However, Americans had no way of knowing who was behind the ads, because, unlike radio and television ads, the Federal Election Commission (FEC) has exempted large swathes of online ads from general requirements to include disclaimers about who is responsible for the content, and platforms are not required to make public information about political ad purchases as cable, satellite, and broadcast providers must.
“This lack of transparency has dangerous implications for our democracy. As we saw in the 2016 presidential election, foreign actors can seek to influence the electorate without voters’ knowledge through online political advertising,” wrote Sens. Warner and Klobuchar in a pair of letters today to Alphabet CEO Larry Page and Twitter CEO Jack Dorsey.
On Friday, April 6, Facebook announced that it would endorse and implement the disclosure requirements outlined in the Honest Ads Act. In today’s letters, Sens. Warner and Klobuchar asked Google and Twitter to do the same.
“The Honest Ads Act would apply analogous rules to online political advertisements that currently exist in traditional media, bringing long-overdue transparency to the opaque market of online political advertising. It would extend existing disclaimer obligations that print, broadcast, and cable ads must already meet to analogous political ads disseminated on online platforms… And it would require digital platforms to maintain a public record of political ads purchased by an advertiser who spends more than $500 in any 12 month period,” wrote the Senators. “Lastly, it requires that all advertising platforms – whether broadcast, radio or digital – make reasonable efforts to ensure that the prohibition on foreign nationals attempting to influence our elections through donations, expenditures or other things of value is not violated. These measures not only increase transparency in political advertising, but also promote accountability – both of platforms and of political advertisers.”
WASHINGTON, D.C. – Today, U.S. Senators Mark Warner and Tim Kaine announced $1,000,000 in federal funding from the National Science Foundation to support high-achieving students with demonstrated financial need as they pursue the cybersecurity program at Old Dominion University (ODU).
“Ensuring students have the support they need to pursue careers in cybersecurity is critical to building our federal workforce and defending the nation’s economic and national security,” the Senators said. “We are thrilled that ODU and the National Science Foundation are partnering to help make that a reality for more students.”
The funding will provide up to 18 scholarships for students in the cybersecurity program as well as additional mentoring and program activities.
As Vice Chairman of the Senate Intelligence Committee, Warner has been a strong voice for protecting the integrity of our election systems, introducing bipartisan legislation to bring accountability to online political ads and secure our elections. He is also the author of bipartisan, bicameral legislation that would provide states and local government funding to counter cyberattacks. As cofounder of the Senate Cybersecurity Caucus, Warner has been a leader in calling for the protection of consumers’ personal information and timely disclosure of data breaches, authoring legislation to hold credit reporting agencies accountable for such breaches.
Kaine, a member of the Senate Armed Services Committee, also co-chairs the Senate Career and Technical Education (CTE) Caucus and has become a leader in the Senate on policies to prepare students for careers in cybersecurity. Last year, key provisions of Kaine’s DoD Cyber Scholarship Program Act of 2017, which would improve and expand an existing DoD scholarship program for students pursuing degrees in cybersecurity fields, were included in the committee-passed Fiscal Year 2018 National Defense Authorization Act. The DoD Cyber Scholarship Act creates a jobs pipeline from Centers of Academic Excellence (CAE) to the Department of Defense.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement today after Facebook announced that it removed 70 Facebook and 65 Instagram accounts — as well as 138 Facebook pages — that were controlled by the Russia-based Internet Research Agency (IRA):
“For many months now, I have been pushing Facebook to more aggressively investigate and identify Russian-linked fake accounts on their platform. Given the scale and scope of the Kremlin’s disinformation campaign, it was always clear that Russian activity on Facebook extended far beyond the 470 fake accounts and pages that the company shut down in September. Today’s disclosure of more IRA-linked accounts is evidence that the Kremlin continues to exploit platforms like Facebook to sow division, spread disinformation, and influence political debates around the globe.
“I am glad that Facebook is taking some steps to pinpoint and address this activity, but I also expect Facebook and Mr. Zuckerberg, along with other platform companies, to continue to identify Russian troll activity and to work with Congress on updating our laws to better protect our democracy in the future.”
In October, Sen. Warner – along with Sens. Amy Klobuchar (D-MN) and John McCain (R-AZ) – introduced the Honest Ads Act to help prevent foreign interference in elections and improve the transparency of online political advertisements.
WASHINGTON, DC – Senators James Lankford (R-OK), Amy Klobuchar (D-MN), Kamala Harris (D-CA), Susan Collins (R-ME), Martin Heinrich (D-NM), and Lindsey Graham (R-SC) today introduced a revised Secure Elections Act, a bill to strengthen election cybersecurity in America. The Senators originally introduced the legislation in December, and have since worked with stakeholders to revise and strengthen the bill. With today’s reintroduction, Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) also co-sponsored the bill.
The revised legislation maintains the original purpose of the bill to streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; provide security clearances to state election officials; and provide support for state election cybersecurity infrastructure. Today’s revised bill modifies reporting requirements for state election offices; transitions the election security advisory panel from the Department of Homeland Security to the Election Assistance Commission; and makes grants eligible to local jurisdictions, among several other minor modifications.
“This week’s Intelligence Committee hearing confirmed the need for America to make the security of our election infrastructure a priority,” said Lankford. “During the 2016 election, Russian entities hacked presidential campaign accounts, launched cyber-attacks against at least 21 state election systems, and attacked a US voting systems software company. This revised Secure Elections Act adequately helps the states prepare our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group. Although funding for election security is included in the Omnibus appropriations bill, Congress still must pass the Secure Elections Act in order to put needed election improvements into law.”
“We know—and our top intelligence officials have confirmed—that our election systems remain a target,” said Klobuchar, who is also Ranking Member of the Rules Committee with jurisdiction over federal elections. “The bipartisan group of co-sponsors on the Secure Elections Act have been working with state election officials and the Department of Homeland Security to improve this bill and ensure those on the front-lines of administering elections are equipped with the information and resources necessary to keep them safe. This week we made progress by securing $380 million in funding, but it’s not enough. There are 227 days until the next federal election and primaries have already begun, Congress should pass the bipartisan Secure Elections Act immediately.”
“Our democracy is under attack by foreign actors who seek to undermine and destabilize our country,” said Chairman Burr. “This bill will help strengthen our cybersecurity heading into upcoming election cycles, and has provisions to ensure that threat information is promptly shared with the states.”
“Elections – at all levels – are central to our democracy, to our institutions and to our government’s legitimacy,” said Vice Chairman Warner. “During the 2016 campaign, we saw unprecedented targeting of election infrastructure by Russian actors. As we’ve heard in recent weeks from our nation’s top intelligence officials, the Russians will continue to attack our elections. We need to make sure states and localities have the resources and federal support they need to make election security a top priority.”
“Election security is not a bipartisan issue, it’s a nonpartisan issue,” said Harris. “With 2018 elections across the country underway, the urgency to act is clear. We need to improve communication between states and federal authorities, fortify and upgrade election infrastructure, and implement best practices. We know there will be a new set of threats this year and we must be prepared to meet them.”
“While our investigation is still ongoing, we know for certain that the Russians were relentless in their efforts to meddle in the 2016 elections, and that those efforts are ongoing,” said Collins. “This bipartisan legislation will strengthen the integrity of our election process by ensuring that local voting officials have the information and financial resources they need to secure their voting systems. Given that we are already in an election year, the need to act now is urgent.”
“Our democracy hinges on Americans' ability to fairly choose our own leaders. As we approach the midterm elections and the next presidential election cycle, we need to act quickly to protect the integrity of our voting process,” said Heinrich. “Our bipartisan legislation will improve and modernize protections for our voting systems, registration data, and ballots to prevent theft, manipulation, and malicious computer hacking. Until we take these necessary steps, our nation's democratic institutions will remain vulnerable.”
“The Russians have been trying to break the backs of democracies all over the world,” said Graham. “And although they did not change the outcome, they clearly interfered in our 2016 election. This bipartisan legislation will help defend our elections from foreign interference and sends a strong signal to other bad actors – like Iran and North Korea -- that similar acts will not be tolerated. We are committed to defending and promoting confidence in American democracy by providing states with the resources they need to safeguard their election systems.”
Mar 20 2018
WASHINGTON – Senator Richard Burr (R-NC), Chairman of the Senate Select Committee on Intelligence, and Senator Mark Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, in advance of today’s press conference with Committee members, made available the Committee’s initial recommendations on election security after investigating Russian attempts to target election infrastructure during the 2016 U.S. elections.
The Committee will hold an open hearing on Wednesday, March 21, 2018, on the threats to election infrastructure. The hearing will cover attempted attacks on state election infrastructure in 2016, DHS and FBI efforts to improve election security, and the view from the states on their cybersecurity posture.
The Committee’s initial recommendations are embedded below and available here.
RUSSIAN TARGETING OF ELECTION INFRASTRUCTURE DURING THE 2016 ELECTION
SUMMARY OF DRAFT SSCI RECOMMENDATIONS
The Senate Select Committee on Intelligence has examined evidence of Russian attempts to target election infrastructure during the 2016 U.S. elections. The Committee has reviewed the steps state and local election officials take to ensure the integrity of our elections and agrees that U.S. election infrastructure is fundamentally resilient. The Department of Homeland Security, the Election Assistance Commission, state and local governments, and other groups have already taken beneficial steps toward addressing the vulnerabilities exposed during the 2016 election cycle, including some of the measures listed below, but more needs to be done.
The Committee recommends the following steps to better defend against a hostile nation-state who may seek to undermine our democracy:
1. Reinforce States’ Primacy in Running Elections
- States should remain firmly in the lead on running elections, and the Federal government should ensure they receive the necessary resources and information.
2. Build a Stronger Defense, Part I: Create Effective Deterrence
- The U.S. Government should clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.
- The Federal government, in particular the State Department and Defense Department, should engage allies and partners to establish new international cyber norms.
3. Build a Stronger Defense, Part II: Improve Information Sharing on Threats
- The Intelligence Community should put a high priority on attributing cyber-attacks both quickly and accurately. Similarly, policymakers should make plans to operate prior to attribution.
- DHS must create clear channels of communication between the Federal government and appropriate officials at the state and local levels. We recommend that state and local governments reciprocate that communication.
- Election experts, security officials, cybersecurity experts, and the media should develop a common set of precise and well-defined election security terms to improve communication.
- DHS should expedite security clearances for appropriate state and local officials.
- The Intelligence Community should work to declassify information quickly, whenever possible, to provide warning to appropriate state and local officials.
4. Build a Stronger Defense, Part III: Secure Election-Related Systems
- Cybersecurity should be a high priority for those managing election-related systems. Basic but crucial security steps like two-factor authentication for those logging into voter databases can improve the overall election security posture. States and localities should also take advantage of DHS offerings, to include DHS’s network monitoring capabilities.
- The Committee recommends DHS take the following steps:
- Working closely with election experts, develop a risk management framework that can be used in engagements with state and local election infrastructure owners to document and mitigate risks to all components of the electoral process.
- Create voluntary guidelines on cybersecurity best practices and a public awareness campaign to promote election security awareness, working through the U.S. Election Assistance Commission (EAC), the National Association of Secretaries of State (NASS), and the National Association of State Election Directors (NASED).
- Expand capacity to reduce wait times for DHS cybersecurity services.
- Work with GSA to establish a list of credible private sector vendors who can provide services similar to those provided by DHS.
5. Build a Stronger Defense, Part IV: Take Steps to Secure the Vote Itself
- States should rapidly replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and no WiFi capability. If use of paper ballots becomes more widespread, election officials should re-examine current practices for securing the chain of custody of all paper ballots and verify no opportunities exist for the introduction of fraudulent votes.
- States should consider implementing more widespread, statistically sound audits of election results.
- DHS should work with vendors to educate them about the vulnerabilities of both the machines and the supply chains.
6. Assistance for the States
- The Committee recommends Congress urgently pass legislation increasing assistance and establishing a voluntary grant program for the states.
- States should use grant funds to improve cybersecurity by hiring additional Information Technology staff, updating software, and contracting vendors to provide cybersecurity services, among other steps.
- Funds should also be available to defray the costs of instituting audits.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement on reports from the New York Times and the Guardian that Cambridge Analytica misused the data of millions of Facebook users:
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement today after the Special Counsel announced the indictment of 13 Russian nationals and three Russian companies for criminally interfering with the 2016 U.S. presidential election:
“The Senate Intelligence Committee, as a part of our bipartisan investigation into Russia's interference in the 2016 election, has been focused on uncovering and exposing the role that social media disinformation played in that effort.
“I'm glad to see that work vindicated today by the Special Counsel’s indictment of the ‘Internet Research Agency,’ the Russian troll farm that was a key component of Russia’s attempts to interfere in the U.S. elections in 2016, and which continues to spew divisive and false content aimed at undermining the United States. With this indictment, the Special Counsel and his team have taken an important step to hold Russia accountable.
“As we heard this week from the nation’s top intelligence officials, Russia is still using social media to attack our democratic institutions and sow division amongst Americans. In Tuesday’s hearing, I was frustrated to hear that there is still no one leading a coordinated, organized effort within the intelligence community to monitor and combat Russian disinformation campaigns on social media. As Vice Chairman of the Senate Intelligence Committee, I will continue pressing the nation’s intelligence leaders and the social media companies to be far more aggressive and proactive in responding to this threat.
“While platforms like Facebook and Twitter are allowing Americans to communicate and share ideas in ways unimaginable just a decade ago, we’re also learning that we each bear some responsibility for exercising good judgment and a healthy amount of skepticism when it comes to the things we read and share on social media.”
Sen. Warner has been a leader in recognizing the challenges posed by Russian use of social media. While companies like Facebook and Twitter initially denied that Russia used their platforms to influence the 2016 election, Warner publicly and privately pressed the companies to conduct thorough internal investigations of Russian misinformation and disinformation. In September, Facebook announced that the Internet Research Agency purchased approximately $100,000 worth of advertisements in connection with the 2016 election. Later estimates from the company found that as many as 150 million Americans may have been exposed to content from the Internet Research Agency. Twitter has also announced that at least 1.4 million people on Twitter engaged with content created by Russian trolls during the 2016 presidential election, and Google has uncovered evidence of Russian ad purchases and other activity on its platforms such as YouTube.
Russian use of misinformation and disinformation was the prime topic of the very first public hearing held by the Senate Intelligence Committee as part of its investigation. On March 30, 2017 – almost one year ago – the Committee held an open hearing on “Disinformation: A Primer in Russian Active Measures and Influence Campaigns.” On November 1, 2017, the Senate Intelligence Committee held a public hearing with the top legal officials from the three companies on “Social Media Influence in the 2016 U.S. Elections.”
In October, Sen. Warner introduced bipartisan legislation, the Honest Ads Act, to help prevent foreign interference in future elections and improve the transparency of online political advertisements.
Warner, Warren Introduce Legislation to Hold Credit Reporting Agencies like Equifax Accountable for Data Breaches
Jan 10 2018
WASHINGTON — U.S. Sens. Mark R. Warner (D-VA) and Elizabeth Warren (D-MA) introduced today the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs)—including Equifax—accountable for data breaches involving consumer data. The bill would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at CRAs, impose mandatory penalties on CRAs to incentivize adequate protection of consumer data, and provide robust compensation to consumers for stolen data.
In September 2017, Equifax announced that hackers had stolen sensitive personal information – including Social Security Numbers, birth dates, credit card numbers, driver’s license numbers, and passport numbers – of over 145 million Americans. The attack highlighted that CRAs hold vast amounts of data on millions of Americans but lack adequate safeguards against hackers. Since 2013, Equifax has disclosed at least four separate hacks in which sensitive personal data was compromised.
“In today’s information economy, data is an enormous asset. But if companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn’t be collecting it in the first place,” said Sen. Warner. “This bill will ensure that companies like Equifax – which gather vast amounts of information on American consumers, often without their knowledge – are taking appropriate steps to secure data that’s central to Americans’ identity management and access to credit.”
“The financial incentives here are all out of whack – Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach,” said Sen. Warren. “Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers – which will put money back into peoples’ pockets and help stop these kinds of breaches from happening again.”
The Data Breach Prevention and Compensation Act would establish an Office of Cybersecurity at the FTC tasked with annual inspections and supervision of cybersecurity at CRAs. It would impose mandatory, strict liability penalties for breaches of consumer data beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer. To ensure robust recovery for affected consumers, the bill would also require the FTC to use 50% of its penalty to compensate consumers and would increase penalties in cases of woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.
The Data Breach Prevention and Compensation Act is supported by cybersecurity experts and consumer groups:
“U.S. PIRG commends Senators Warren and Warner for the Data Breach Prevention and Compensation Act. It will ensure that credit bureaus protect your information as if you actually mattered to them and it will both punish them and compensate you when they fail to do so,” said U.S. PIRG Consumer Program Director, Ed Mierzwinski.
"This bill establishes much-needed protections for data security for the credit bureaus. It also imposes real and meaningful penalties when credit bureaus, entrusted with our most sensitive financial information, break that trust," said National Consumer Law Center staff attorney, Chi Chi Wu.
"Senator Warner and Senator Warren have proposed a concrete response to a serious problem facing American consumers,” said Electronic Privacy Information Center President, Marc Rotenberg.
"This bill creates greater incentive for these companies to handle our data with care and gives the Federal Trade Commission the tools that it needs to hold them accountable,” said Director of Consumer Protection and Privacy at Consumer Federation of America, Susan Grant.
Sen. Warner has been a leader in calling for better consumer protections from data theft. Following the Equifax data breach, Sen. Warner asked the Federal Trade Commission (FTC) to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.” He slammed the credit bureau for its cybersecurity failures and weak response at a Banking Committee hearing with Securities and Exchange Commission (SEC) Chairman Jay Clayton last year. Similarly, in the aftermath of the 2013 Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner has also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.Warner, Warren Introduce Legislation to Hold Credit Reporting Agencies like Equifax Accountable for Data Breaches
WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) urged Federal Communications Commission (FCC) Chairman Ajit Pai to delay a planned December 14th vote to roll back net neutrality rules until an investigation can be completed into reports that internet “bots” – automated computer programs designed to pose as people – filed hundreds of thousands of comments to the FCC during the net neutrality policymaking process.
“A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding,” the Senators wrote in a letter to Chairman Pai. “In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.”
“Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017,” the Senators continued.
“The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding,” the Senators concluded.
In addition to Sens. Warner and Kaine, the letter was signed by Sens. Maggie Hassan (D-NH), Jeanne Shaheen (D-NH), Sherrod Brown (D-OH), Bernie Sanders (I-VT), Ed Markey (D-MA), Catherine Cortez Masto (D-NV), Sheldon Whitehouse (D-RI), Tammy Duckworth (D-IL), Michael Bennet (D-CO), Richard Blumenthal (D-CT), Elizabeth Warren (D-MA), Gary Peters (D-MI), Patty Murray (D-WA), Amy Klobuchar (D-MN), Ron Wyden (D-OR), Tammy Baldwin (D-WI), Mazie Hirono (D-HI), Chuck Schumer (D-NY), Jack Reed (D-RI), Ben Cardin (D-MD), Dianne Feinstein (D-CA), Jeff Merkley (D-OR), Kirsten Gillibrand (D-NY), Angus King (I-ME), Al Franken (D-MN), and Cory Booker (D-NJ).
The full text of the letter appears below. A copy of the letter is available here.
December 4, 2017
The Honorable Ajit Pai
Federal Communications Commission
445 12th Street Southwest
Washington, DC 20554
Dear Chairman Pai:
We are deeply concerned by your recently released proposal to roll back critical consumer protections by dismantling the Federal Communications Commission’s (FCC) current net neutrality rules. A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding. In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.
To this end, we request a thorough investigation by the FCC into reports that bots may have interfered with this proceeding by filing hundreds of thousands of comments. Furthermore, an additional 50,000 consumer complaints seem to have been excluded from the public record in this proceeding, according to Freedom of Information Act (FOIA) requests filed by the National Hispanic Media Coalition. Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017.
New York Attorney General Eric Schneiderman has spent the past six months conducting an investigation into the fraudulent comments, and found that “hundreds of thousands” of comments may have impersonated New York residents, a violation of state law. He further asserts that the FCC has not cooperated with requests for additional data and information. Data scientist Jeff Kao has also run an analysis of the public record, and estimates that over a million comments filed in support of repealing net neutrality may have been fake. These reports raise serious concerns as to whether the record the FCC is currently relying on has been tampered with and merits the full attention of, and investigation by, the FCC before votes on this item are cast.
A transparent and open process is vitally important to how the FCC functions. The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding. As a result, we are requesting that you delay your planned vote on this item until you can conduct a thorough review of the state of the record and provide Congress with greater assurance of its accuracy and completeness.
Thank you for your immediate attention to this matter.
Sen. Warner Questions Uber CEO On Handling of Data Breach, Presses Company on Decision to Conceal Breach from Drivers, Consumers
Nov 27 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Ranking Member of the Senate Banking Subcommittee on Securities, Insurance and Investment, today pressed Uber CEO Dara Khosrowshahi on the company’s recent disclosure that hackers accessed the personal information of 57 million users last year. Uber paid the hackers $100,000 to pledge to destroy the data – which included the names and driver’s license numbers of 600,000 drivers, and names, phone numbers, and email addresses of millions of riders – and did not disclose the hack to regulators or users until last week.
Warner posed the following questions to Khosrowshahi:
- According to reports, Uber’s systems were breached after the attackers discovered log-in credentials to an AWS account used to handle payments. Why weren’t more robust access management mechanisms, including strong multi-factor authentication, enabled to prevent unauthorized access to passenger and driver data?
- Who conducted the initial investigation for Uber that successfully identified the hackers? What “assurances” were provided by the hackers to prove they did, in fact, delete the compromised data?
- Unlike ransomware payments, in which payment is made to recover or regain access to inaccessible data or systems, it appears the motivation behind this payment was principally to prevent the public or authorities from learning of the breach. What rationale was provided by senior executives for covering up this breach?
- Uber has alleged that it was required to provide information relating to the breach and subsequent cover-up to prospective investors. Can you explain why Uber chose not to disclose the breach to drivers and users prior to, or at least at the same time as, a prospective investor?
- Reports indicate that Uber successfully “tracked down the hackers and pushed them to sign nondisclosure agreements.” While some information necessary to accomplish this could certainly have been gleaned from traditional digital forensic tools, these reports – combined with Uber’s past pattern of conduct – raise serious questions about how Uber was able to track down the criminals who breached Uber’s systems and blackmailed the company, and whether these actions might have constituted violations of the Computer Fraud and Abuse Act. As you know, no private right exists for companies to “hack back” those who compromise their systems. In the process of tracking down these hackers, did Uber or any authorized party acting on its behalf engage in unauthorized access of third party systems?
- Uber’s decision to identify the responsible parties and commit them to a non-disclosure agreement thwarts law enforcement’s ability to bring criminal hackers to justice. To the extent Uber had lawfully acquired information enabling it to identify the hackers who had compromised its systems, ensure they would abide by agreements to delete the data and not to disclose the breach, and transfer them $100,000, it conceivably had enough information at hand to assist law enforcement in the apprehension of these criminals. Why did Uber choose not to provide relevant forensic information to law enforcement and has this information been provided to law enforcement in the last week?
Sen. Warner is a former technology executive and the co-founder of the Senate’s bipartisan Cybersecurity Caucus. Sen. Warner is working to finalize bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard, requiring timelier consumer notification for breaches of financial data and other sensitive information, and setting national data-protection standards for companies handling sensitive personal information.
A PDF of the signed letter is available here.