WASHINGTON- U.S. Senator John Cornyn (R-TX), Senate Select Committee on Intelligence Chairman Richard Burr (R-NC), and Vice Chairman Mark Warner (D-VA) issued the following statements after the Senate passed their legislation, the Secure 5G and Beyond Act, yesterday to require the President to develop a strategy to ensure the security of next-gen mobile telecommunications systems and infrastructure in the United States, as well as assist allies in maximizing the security of their systems, infrastructure, and software:

“As our telecommunications technology advances, we must have plans in place to keep it secure from foreign interference,” said Sen. Cornyn. “I’m grateful to my colleagues for recognizing the risks that come along with the rewards of 5G technology, and I urge the House to pass this legislation as soon as possible.”

“It’s imperative we not only understand the revolutionary value of next-gen communications, but also the security measures required to ensure the deployment of safe and secure 5G networks,” said Sen. Burr. “I’m proud to work with my colleagues on this important legislation, which will bring together a variety of industry experts, further protect Americans’ privacy rights, and better equip our nation with a comprehensive strategy as we continue to be a global leader in technology.”

“5G promises to usher in a new wave of innovations, products, and services. At the same time, the greater complexity, density, and speed of 5G networks relative to traditional communications networks will make securing these networks harder and more complex. It’s why we need a coherent, national strategy to harness the advantages of 5G in a way that addresses those risks,” said Sen. Warner.

Background on the Secure 5G and Beyond Act:

• Requires the President to create an inter-agency strategy to secure 5th generation and future generation technology and infrastructure in the United States and with our strategic allies.
• Designates NTIA to coordinate implementation of the plan in coordination with: the Chairman of the FCC, the Secretary of Homeland Security, the Director of National Intelligence, the Attorney General, Secretary of State and the Secretary of Defense.
• Ensures that the strategy and implementation plan do not include a recommendation to nationalize 5th generation deployment or future generations of mobile telecommunications infrastructure in the United States.

Senator John Cornyn, a Republican from Texas, is a member of the Senate Finance, Intelligence, and Judiciary Committees.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, issued the following statement after federal prosecutors today charged four Chinese intelligence officers with hacking Equifax in one of the largest data breaches in history:

“I’m glad the DOJ has moved to formally indict the Chinese intelligence officers associated with the hack of Equifax. For years, the Chinese government has targeted western commercial firms. It is disappointing that despite a lot of rhetoric President Trump’s recent agreement with China does nothing to address this specific issue.

“That said, the indictment does not detract from the myriad of vulnerabilities and process deficiencies that we saw in Equifax’s systems and response to the hack. A company in the business of collecting and retaining massive amounts of Americans’ sensitive personal information must act with the utmost care – and face any consequences that arise from that failure. The legislation I have with Senator Warren would subject data brokers to a higher standard of care and is an important first step in data protection.”

Sen. Warner has been outspoken about the importance of protecting consumers from data theft by employing adequate cybersecurity practices. He has previously introduced legislation to hold large credit reporting agencies – including Equifax – accountable for data breaches involving sensitive consumer data.

###

WASHINGTON – Today, a bipartisan group of leading national security Senators introduced legislation to encourage and support U.S. innovation in the race for 5G, providing over $1 billion to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE.  

Heavily subsidized by the Chinese government, Huawei is poised to become the leading commercial provider of 5G, with far-reaching effects for U.S. economic and national security. With close ties to the Communist Party of China, Chinese state-directed technology companies present unacceptable risks to our national security and to the integrity of information networks globally. However, U.S. efforts to convince foreign partners to ban Huawei from their networks have stalled amid concerns about a lack of viable, affordable alternatives.

Today’s bipartisan legislation, the Utilizing Strategic Allied (USA) Telecommunications Act, would reassert U.S. and Western leadership by encouraging competition with Huawei that capitalizes on U.S. software advantages, accelerating development of an open-architecture model (known as O-RAN) that would allow for alternative vendors to enter the market for specific network components, rather than having to compete with Huawei end-to-end.

“Every month that the U.S. does nothing, Huawei stands poised to become the cheapest, fastest, most ubiquitous global provider of 5G, while U.S. and Western companies and workers lose out on market share and jobs. Widespread adoption of 5G technology has the potential to unleash sweeping effects for the future of internet-connected devices, individual data security, and national security. It is imperative that Congress address the complex security and competitiveness challenges that Chinese-directed telecommunication companies pose,” said Sen. Mark R. Warner (D-VA), who co-founded the wireless company Nextel before entering public service and currently serves as Vice Chairman of the Senate Select Committee on Intelligence. “We need to move beyond observing the problem to providing alternatives for U.S. and foreign network operators.”

“When it comes to 5G technology, the decisions we make today will be felt for decades to come. The widespread adoption of 5G has the potential to transform the way we do business, but also carries significant national security risks. Those risks could prove disastrous if Huawei, a company that operates at the behest of the Chinese government, military, and intelligence services, is allowed to take over the 5G market unchecked. This legislation will help maintain America’s competitive advantage and protect our national security by encouraging Western competitors to develop innovative, affordable, and secure 5G alternatives,” said Sen. Richard Burr (R-NC), Chairman of the Senate Select Committee on Intelligence.

“The Trump Administration’s lecturing of our allies about the dangers of relying on the Chinese for 5G is no replacement for the development of 5G alternatives,” said Sen. Bob Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee. “This bill, which will supply the U.S. government with resources to help the private sector create viable 5G alternatives from all ends of the supply chain, is a long overdue step in the right direction. As I’ve said over and over again, confronting China is not the same as being competitive with China. It is time we do just that.”

“We are at a critical point in history for defining the future of the U.S.-China relationship in the 21st century, and we cannot allow Chinese state-directed telecommunications companies to surpass American competitors,” Sen. Marco Rubio (R-FL), a member of the Senate Intelligence and Foreign Relations Committees, said. “It is not only in our national security interests to support American competition in the 5G market, but it is also in our economic interests to continue to build and support an economy that leverages American strengths and creates American jobs in the industries of the future without relying on malign Chinese state-directed actors like Huawei and ZTE.”

“We should not accept a world that is forced to rely on Chinese telecommunication companies to unlock the benefits of 5G and next generation wireless technologies,” said Sen. Michael Bennet (D-CO), a member of the Senate Intelligence Committee. “It is imperative for America’s competitiveness and security that we develop alternatives for U.S. and foreign network operators. This $1 billion investment will send a strong, bipartisan signal that the United States is committed to developing viable, secure, and cutting-edge alternatives to China’s 5G technology while eliminating dependence on technology that poses real security threats.”

“5G technology presents a host of opportunities to transform American telecommunications,” Sen. John Cornyn (R-TX), a member of the Senate Intelligence Committee, said. “By helping to spur innovations in 5G, we can inoculate ourselves against the threat posed by China and encourage the development of technology that is secure, affordable, and economically beneficial to our allies.”

The Utilizing Strategic Allied (USA) Telecommunications Act would:

• Require the Federal Communications Commission (FCC) to direct at least $750 million, or up to 5 percent of annual auction proceeds, from new auctioned spectrum licenses to create an O-RAN R&D Fund to spur movement towards open-architecture, software-based wireless technologies, funding innovative, ‘leap-ahead’ technologies in the U.S. mobile broadband market. The fund would be managed by the National Telecommunications and Information Administration (NTIA), with input from the FCC, Defense Advanced Research Project Agency (DARPA), and National Institute of Standards and Technology (NIST), among others;
• Create a $500 million Multilateral Telecommunications Security Fund, working with our foreign partners, available for 10 years to accelerate the adoption of trusted and secure equipment globally and to encourage multilateral participation, and require reports for Congress on use of proceeds and progress against goals to ensure ample oversight;
• Create a transition plan for the purchase of new equipment by carriers that will be forward-compatible with forthcoming O-RAN equipment so small and rural carriers are not left behind;
• Increase U.S. leadership in International Standards Setting Bodies (ISSBs) by encouraging greater U.S. participation in global and regional telecommunications standards forums and requiring the FCC write a report to Congress with specific recommendations;
• Expand market opportunities for suppliers and promote economies of scale for equipment and devices by encouraging the FCC to harmonize new commercial spectrum allocations with partners where possible, thus promoting greater alignment with allies and driving down the cost of Huawei alternatives.

“VMware is very supportive of the Utilizing Strategic Allied (USA) Telecommunications Act. Moving towards an open, virtualized RAN infrastructure will speed up 5G network integration and rollout, while decreasing deployment costs. We thank Senator Warner for his approach, which will foster U.S.-led innovation in the mobile technology space and give carriers more secure options to buildout our next-generation wireless infrastructure,” said Allwyn Sequeira, SVP & GM of Telco Edge Cloud Products for VMware.

“The security of America's communications networks is an essential component in ensuring our nation's economic leadership, now and in the future.  It  requires all of us -- the industry, the government and those who live and work here – collaborating on efforts to build and maintain smart and secure communications.  Verizon appreciates the forward-thinking, bipartisan Members of Congress that introduced this bill today.  We look forward to working with Congress as we move forward with this important measure,” said Robert Fisher, SVP Federal Government Relations, Verizon.

“AT&T applauds Senator Warner, Senator Burr and the bipartisan group of cosponsors for introducing legislation that will promote the development and deployment of open standards-based advanced telecommunications networks.  We look forward to working with Congress through the legislative process to see this measure enacted,” said Tim McKone, Executive Vice President, Federal Relations, AT&T.

“Juniper Networks supports the ‘USA Telecommunications Act’ introduced by Senator Mark Warner, Senator Richard Burr and the bipartisan group of original cosponsors. The development of open standards and deployment of open standards-based interoperable equipment are crucial to the building of secure 5G networks. The Trust Funds that the Warner-Burr bill proposes would boost R&D spending as well as U.S. leadership in 5G. We look forward to working with Congress and the Administration to get this bill enacted into law and implemented," said Manoj Leelanivas, Executive Vice President and Chief Product Officer, Juniper Networks.

Bill text is available here.

###

WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Sen. Deb Fischer (R-NE) announced two new bipartisan co-sponsors for their legislation to protect consumers from being tricked into giving away their personal data online. Sens. Amy Klobuchar (D-MN) and John Thune (R-SD), two senior members of the Senate Commerce Committee, have co-sponsored the Warner-Fischer legislation to prohibit large online platforms from using deceptive user interfaces, known as “dark patterns” to trick consumers into handing over their personal data.

“Whether you bought Christmas gifts online, downloaded a new messaging app, or tried to navigate a major browser’s byzantine privacy settings, chances are you were a victim of a dark pattern. In fact, if you wanted to score that extra discount at checkout, these design tactics most likely manipulated you into handing over more than just your email address to get that deal,” Sen. Warner. “I’m grateful to have the support of Sen. Klobuchar and Sen. Thune on this important bill to make sure Americans have more transparency about, and control over, their interactions online.”

“Nearly every time Americans use a new app on our smart phones or browse social media from our laptops, we run into dark patterns. These unethical tricks online platforms use as they battle to capture attention and manipulate users must be stopped. I am pleased to have expanded bipartisan support for this legislation that combats risks to consumer choice and privacy online,” said Sen. Fischer.

“Dark patterns are manipulative tactics used to trick consumers into sharing their personal data. These tactics undermine consumers’ autonomy and privacy, yet they are becoming pervasive on many online platforms,” said Sen. Klobuchar. “This legislation would help prevent the major online platforms from using such manipulative tactics to mislead consumers, and it would prohibit behavioral experiments on users without their informed consent.”

“We live in an environment where large online operators often deploy manipulative practices or ‘dark patterns’ to obtain consent to collect user data, so I’m glad this bills takes meaningful steps to advance consumer transparency,” said Sen. Thune. “I particularly applaud the provisions of this bill that require large online operators to be more transparent about when users are subject to behavioral or psychological research for the purpose of promoting engagement on their platforms. I want to thank Sens. Warner and Fischer for leading this effort, and I’m glad to join them and Sen. Klobuchar in cosponsoring this important legislation.”

The bipartisan Deceptive Experiences To Online Users Reduction (DETOUR) Act aims to curb manipulative dark pattern behavior by prohibiting the largest online platforms (those with over 100 million monthly active users) from relying on user interfaces that intentionally impair user autonomy, decision-making, or choice. Specifically, the legislation:

• Enables the creation of a professional standards body, which can register with the Federal Trade Commission (FTC), to focus on best practices surrounding user design for large online operators. This association would act as a self-regulatory body, providing updated guidance to platforms on design practices that impair user autonomy, decision-making, or choice, positioning the FTC to act as a regulatory backstop.
• Prohibits segmenting consumers for the purposes of behavioral experiments, unless with a consumer’s informed consent. This includes routine disclosures for large online operators, not less than once every 90 days, on any behavioral or psychological experiments to users and the public. Additionally, the bill would require large online operators to create an internal Independent Review Board to provide oversight on these practices to safeguard consumer welfare. 
• Prohibits user design intended to create compulsive usage among children under the age of 13 years old.
• Directs the FTC to create rules within one year of enactment to carry out the requirements related to informed consent, Independent Review Boards, and Professional Standards Bodies.

Sen. Warner has been raising concerns about the implications of social media companies’ reliance on dark patterns for several years. In 2014, Sen. Warner asked the FTC to investigate Facebook’s use of dark patterns in an experiment involving nearly 700,000 users designed to study the emotional impact of manipulating information on News Feeds.

Sen. Warner is also recognized as one of Congress’ leading voices in an ongoing public debate around social media and user privacy. He has written and introduced a series of bipartisan bills designed to protect consumers and promote competition in social media. The Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act will require data harvesting companies such as social media platforms to tell consumers and financial regulators exactly what data they are collecting from consumers, and how it is being leveraged by the platform for profit.? The Honest Ads Act will help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act is a bipartisan bill to encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) released the following statement after President Trump signed into law a bill sponsored by Sen. Warner to crack down on illegal robocall scams:

“The truth is, folks in Virginia and across the nation are sick and tired of receiving unsolicited robocalls at all hours of the day,” said Sen. Warner. “These calls are intrusive and often set up by scammers looking to pray on vulnerable individuals. I’m proud to have sponsored this legislation and am very excited to see it signed into law so that it can start giving individuals some peace of mind. Personally, I know I won’t miss these annoying robocalls, and I have a feeling other Virginians won’t either.”

The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act gives regulators more time to find scammers, increases civil forfeiture penalties for those who are caught, requires service providers to adopt call authentication and blocking, and brings relevant federal agencies and state attorneys general together to address impediments to criminal prosecution of robocallers who intentionally break laws. Sen. Warner sponsored the Senate version of the bill, which passed the Senate in 97-1 vote in May 2019. After the House passed an amended version of the bill earlier this month, the Senate unanimously voted to send the bill to the President’s desk for signature on December 18.

The TRACED Act:

• Broadens the authority of the Federal Communications Commission (FCC) to levy civil penalties of up to $10,000 per call on people who intentionally flout telemarketing restrictions.
• Extends the window for the FCC to catch and take civil enforcement action against intentional violations to four years after a robocall is placed. Under current law, the FCC has only one year to do so, and the FCC has told the committee that “even a one-year longer statute of limitations for enforcement” would improve enforcement against violators.
• Brings together the Department of Justice, FCC, Federal Trade Commission, Department of Commerce, Department of State, Department of Homeland Security, the Consumer Financial Protection Bureau, and other relevant federal agencies, as well as state attorneys general and other non-federal entities to identify and report to Congress on improving deterrence and criminal prosecution at the federal and state level of robocall scams.
• Requires voice service providers to adopt call authentication technologies, enabling a telephone carrier to verify that incoming calls are legitimate before they reach consumers’ phones.
• Directs the FCC to initiate a rulemaking to help protect subscribers from receiving unwanted calls or texts from callers.
• Directs the FCC to initiate a rulemaking process to protect consumers from “one-ring” scams.
• Requires the FCC to establish a working group to issue best practices to prevent hospitals from receiving illegal robocalls.

###

WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and John Cornyn (R-TX) today introduced the UIGHUR Protection Act, which would place export controls on critical technologies to China, such as facial recognition software, that can be used to facilitate mass surveillance and detention.

“As we have seen from extensive reporting and leaked Chinese government documents, the Chinese government is undertaking systematic repression and internment of Uighurs and other ethnic minorities in the Xinjiang Uighur Autonomous region in the People’s Republic of China. This behavior extends beyond Xinjiang to other regions and online communities. We need to ensure that US companies are not enabling these efforts, intentionally or inadvertently, by selling specific technology items that provide critical capabilities to the Chinese government for their surveillance, censorship, and social control efforts,” said Sen. Warner.

“For years, members of China’s Uighur population have been unjustly detained and surveilled by the Chinese government,” said Sen. Cornyn. “American technology should not be used for the oppression of ethnic minority groups by foreign governments, and this legislation would ensure that the United States has no part in these despicable practices.”

Background:

The UIGHUR Protection Act would require the President, no later than 120 days after enactment, to identify and place items and technologies on the Commerce Control List that provide a critical capability to the Chinese government for suppressing human rights. Special licenses may be granted by the President for the export, re-export, or in-country transfer to or within China for these critical technologies but the bill would require a presumption of denial.

Uighurs, or Uyghurs, are an ethnic group living primarily in the Xinjiang Uyghur Autonomous Region (XUAR) in China’s northwest. Since an outbreak of demonstrations and ethnic unrest in 2009 and clashes involving Uyghurs and Xinjiang security personnel that spiked between 2013 and 2015, the Chinese Community Party (CCP) began a policy of mass internment through labor camps they refer to as “reeducation camps.”

According to various estimates, Xinjiang authorities have detained over one million Turkic Muslims, mostly ethnic Uyghurs, and Kazakhs, in these camps without formal charges, trials or hearings, and with no timetable for release. According to former detainees, treatment and conditions in the camps include beatings, food deprivation, and crowded and unsanitary conditions.

###

WASHINGTON – Today, the bipartisan leadership of several key Senate committees urged President Trump’s national security adviser to designate a senior coordinator dedicated to leading the nation’s effort to develop and deploy next-generation communications technologies. In a letter to Robert O’Brien, who was appointed as national security adviser in September, the top Republican and Democratic Senators on the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, the Senate Foreign Relations Committee and the Senate Armed Services Committee stressed the urgent need for the Trump administration to develop a national strategy for 5G, and to prioritize across government agencies the nation’s effort to develop and deploy the technology. 

“While we appreciate the progress being made within and across departments and agencies, we are concerned that their respective approaches are not informed by a coherent national strategy. In our view, the current national level approach to 5G comprises of a dispersed coalition of common concern, rather than a coordinated, interagency activity. Without a national strategy, facilitated by a common understanding of the geopolitical and technical impact of 5G and future telecommunications advancements, we expect each agency will continue to operate within its own mandate, rather than identifying national authority and policy deficiencies that do not neatly fall into a single department or agency. This fractured approach will not be sufficient to rise to the challenge the country faces. We hope that you, as the new National Security Adviser, will make this issue a top priority. We would further urge you to designate a dedicated, senior individual focused solely on coordinating and leading the nation’s effort to develop and deploy future telecommunications technologies. We believe that having a senior leader would position the United States to lead on telecommunications advancements, ensure the United States is appropriately postured against this strategic threat, and demonstrate to our allies the seriousness with which the nation considers the issue,” wrote Sens. Mark R. Warner (D-VA) and Richard Burr (R-NC), the Vice Chairman and Chairman of the Intelligence Committee; Sens. Ron Johnson (R-WI) and Gary Peters (D-MI), the Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee; Sens. Jim Risch (R-ID) and Bob Menendez (D-NJ), the Chairman and Ranking Member of the Foreign Relations Committee; and Sens. Jim Inhofe (R-OK) and Jack Reed (D-RI), the Chairman and Ranking Member of the Armed Services Committee.

The Senators stressed the dangers of allowing China to continue to lead the development of 5G technology. Maintaining White House focus on 5G is especially important in light of last week’s decision to eliminate the emerging technologies directorate at the National Security Council. 

“While the United States has led in the development and deployment of previous telecommunications evolutions, 5G represents the first evolutionary step for which an authoritarian nation leads the marketplace for telecommunications solutions. China’s leadership, combined with the United States’ increased reliance on high-speed, reliable telecommunications services to facilitate both commerce and defense, poses a strategic risk for the country. We cannot rely exclusively on defensive measures to solve or mitigate the issue, but rather we must shape the future of advanced telecommunications technology by supporting domestic innovation through meaningful investments, leveraging existing areas of U.S. strength, and bringing together like-minded allies and private sector expertise through a sustained effort over the course of decades, not months. A challenge of this magnitude requires a more ambitious response than traditional agency processes can support,” wrote the Senators.

A copy of the letter is available here. 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, joined his Senate colleagues in requesting information from the U.S. Department of Veterans Affairs (VA) and the U.S. Department of Defense (DoD) on the agencies' efforts to educate veterans and servicemembers about online disinformation campaigns and other malign influence operations by Russian, Chinese, and other foreign entities. Today’s letters follow a two-year investigation by Vietnam Veterans of America (VVA) that documented persistent, pervasive, and coordinated online targeting of American servicemembers, veterans, and their families by foreign entities seeking to disrupt American democracy.

In particular, the VVA report found that the Russian Internet Research Agency (IRA) specifically targeted American veterans and the social media followers of several congressionally-chartered veterans service organizations during and after the 2016 election. The report also revealed that foreign entities are targeting servicemembers and veterans for the purpose of interference in the upcoming federal election.

Virginia is home to roughly 714,000 veterans, approximately 130,000 active duty servicemembers, and their families.

In their letter to VA Secretary Robert Wilkie, the Senators noted that while the VA has prioritized the security of its information systems and infrastructure – including veterans' personal information – the VA does not appear to have an established strategy for educating veterans about online disinformation efforts targeting them. The Senators urged Secretary Wilkie to consider implementing the VVA report's recommendations.

“While countering disinformation targeting veterans is not a core VA function, identifying these tactics helps improve veterans' cyber security and their ability to detect and avoid falling prey to scams and other forms of manipulation,” the Senators wrote in their letter to VA.

In their letter to Defense Secretary Mark Esper, the senators acknowledged DoD has worked to deter online disinformation and other malign influence campaigns by foreign adversaries, but they also called on the Department to implement VVA's recommendations, consistent with existing efforts to counter foreign malign influence operations.

“Malicious foreign actors are targeting servicemembers using disinformation through social media platforms and other online tools and ... countering foreign interference in American elections is critical to protecting the integrity of our democracy,” the Senators wrote in their letter to DoD.

The VVA report's recommendations for addressing online disinformation targeting servicemembers include directing DoD to “create a working group to study the security risks inherent in the use of common personal electronic devices and apps at home and abroad by servicemembers,” and to “direct commanders to include personal cybersecurity training and regular cyber-hygiene checks for all servicemembers.”

The report also recommended that the VA immediately develop plans to make the cyber-hygiene of veterans an urgent priority within the VA, and educate and train veterans on personal cyber security, “including how to identify instances of online manipulation.”

In addition to Sen. Warner, the letter was led by Sen. Elizabeth Warren (D-MA) and cosigned by Sens. Sherrod Brown (D-OH), Tammy Duckworth (D-IL), Richard Blumenthal (D-CT), Edward J. Markey (D-MA), Chris Van Hollen (D-MD), Richard Durbin (D-IL), Democratic Whip, Catherine Cortez Masto (D-NV), Tom Udall (D-NM), Bernie Sanders (I-VT), Tammy Baldwin (D-WI), Doug Jones (D-AL), Ron Wyden (D-OR), Robert Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee, Mazie Hirono (D-HI), Kirsten Gillibrand (D-NY), Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Kamala Harris (D-CA).

Following Russia’s unprecedented use of social media to sow discord and influence the 2016 presidential elections, Sen. Warner wrote a social media white paper highlighting ways to protect users on social media against misinformation and disinformation campaigns. Sen. Warner has also written and introduced a series of bipartisan bills designed to protect consumers and reduce the power of giant social media platforms like Facebook. His work as Vice Chairman of the Senate Select Committee on Intelligence helped uncover Russia’s extensive efforts to exploit social media in the 2016 elections.

A copy of the letter to the VA can be found here. A copy of the letter to the DoD can be found here.

###

WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), member of the Senate Select Committee on Intelligence, have expressed concern over the growing threat posed by deepfakes – sophisticated audio and video technologies that allow users to create fake audio and/or video files that falsely depict someone saying or doing something. In letters to 11 social media companies, including Facebook, Twitter, and YouTube, Sens. Warner and Rubio urged the platforms to develop industry standards for sharing, removing, archiving, and confronting the sharing of synthetic content as soon as possible, in light of foreign threats to the upcoming U.S. election. The letters also encouraged the platforms to develop clear policies to ensure their platforms are not exploited to spread disinformation or misinformation, including through authenticating media, labeling and archiving synthetic media content, and providing access to qualified outside researchers.

“As concerning as deepfakes and other multimedia manipulation techniques are for the subjects whose actions are falsely portrayed, deepfakes pose an especially grave threat to the public’s trust in the information it consumes; particularly images, and video and audio recordings posted online,” wrote the Senators. “If the public can no longer trust recorded events or images, it will have a corrosive impact on our democracy.”

“Despite numerous conversations, meetings, and public testimony acknowledging your responsibilities to the public, there has been limited progress in creating industry-wide standards on the pressing issue of deepfakes and synthetic media,” they continued. “Having a clear strategy and policy in place for authenticating media, and slowing the pace at which disinformation spreads, can help blunt some of these risks.  Similarly, establishing clear policies for the labeling and archiving of synthetic media can aid digital media literacy efforts and assist researchers in tracking disinformation campaigns, particularly from foreign entities and governments seeking to undermine our democracy.”

Deepfake technologies allow users to superimpose existing images and videos onto unrelated images or videos, essentially giving users the ability to create false and defamatory content that can be easily spread on social media.

In their letters to Facebook, Twitter, YouTube, Reddit, LinkedIn, Tumblr, Snapchat, Imgur, TikTok, Pinterest, and Twitch, the Senators emphasized that more than two-thirds of Americans get their news from social media sites, and stressed that online media platforms must assume a heightened responsibility for safeguarding public confidence. They also posed the following series of questions about each company’s ability to prevent, detect, and address deepfakes and other synthetic media:

1. What is your company’s current policy regarding whether users can post intentionally misleading, synthetic or fabricated media?
2. Does your company currently have the technical ability to detect intentionally misleading or fabricated media, such as deepfakes? If so, how do you archive this problematic content for better re-identification in the future?
3. Will your company make available archived fabricated media to qualified outside researchers working to develop new methods of tracking and identifying such content?  If so, what partnerships does your company currently have in place?  Will your company maintain a separate, publicly accessible archive for this content?
4. If the victim of a possible deepfake informs you that a recording is intentionally misleading or fabricated, how will your company adjudicate those claims or notify other potential victims?
5. If your company determines that a media file hosted by your company is intentionally misleading or fabricated, how will you make clear to users that you have either removed or replaced that problematic content?
6. Given that deepfakes may attract views that could drive algorithmic promotion, how will your company and its algorithms respond to, and downplay, deepfakes posted on your platform?
7. What is your company’s policy for dealing with the posting and promotion of media content that is wholly fabricated, such as untrue articles posing as real news, in an effort to mislead the public? 

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and former tech entrepreneur, wrote to U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate but alarming incidents that impacted both entities and exposed Americans’ personal, permanently identifiable data. In a letter to CBP, Sen. Warner inquired about the information security practices of CBP contractors, in light of a June cyberattack that resulted in the theft of tens of thousands of facial images belonging to U.S. travelers. In a separate letter, Sen. Warner requested more information from Suprema HQ, the company that owns web-based biometric lock system, Biostar 2, which experienced a cyber incident in August, resulting in the exposure of permanently identifiable biometric data belonging to at least one million people worldwide.

“While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” wrote Sen. Warner to Acting CBP Commissioner Mark Morgan.  “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data. Americans deserve to have their sensitive information secured, regardless of whether it is being handled by a first or a third-party.”

In June, CBP announced the theft of at least 100,000 traveler ID photos from a CBP subcontractor that had improperly transferred copies of these photos from CBP servers to its own company database. In addition to facial images, the cyberattack resulted in the theft of several gigabytes of data, including license plate photos, confidential agreements, hardware blueprints for security systems, and budget spreadsheets.

In the letter to CBP, Sen. Warner expressed alarm regarding the failure of federal agencies to ensure that Americans’ sensitive information is safe in the hands of contractors. He also asked CBP to provide timely answers to a series of questions regarding the information security practices of CBP contractors and subcontractors. Among these questions, Sen. Warner requested details on CBP’s third-party contractual requirements concerning database encryption, biometric data management, vulnerability management, logging data retention, and identity and access management, among other security measures.

Similarly, in his letter to Suprema HQ, Sen. Warner raised concerns about the Biostar 2 incident, which exposed permanently identifiable biometric data, including user photos.

“Unlike passwords, email addresses and phone numbers, biometric information in voices, fingerprints, and eyes are unique data that are impossible to reset. Biometric data can be used effectively for unauthorized surveillance and access to secure facilities, to steal identities, and is even valuable in developing deepfake technologies,” wrote Sen. Warner to Suprema HQ CEO James Lee. “It is my understanding that your customers use your biometric security system to provide access to secure facilities, and that the product has also been integrated into Nedap’s AEOS access control systems, which are used by at least 5,700 organizations in 83 countries, including banks and foreign law enforcement entities.  Given the sensitivity of this information, it is absolutely critical that companies like yours exercise exceptional due care when collecting and securing biometric information, and when contracting with customers that collect permanent personal information.”

The Biostar 2 breach resulted in the online exposure of more than one million fingerprint records, in addition to user images, personal details, usernames and passwords, and employee security clearances. The breach also revealed that large portions of the Biostar 2 database were unprotected and unencrypted. In the letter, Sen. Warner asked Suprema HQ to list which U.S. businesses are served by the company. He also requested more information on the company’s practices regarding server security, biometric data storage security, and database encryption.

Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In May, Sen. Warner introduced bold legislation to hold credit reporting agencies accountable for data breaches. He also introduced legislation earlier this year to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.

###

WASHINGTON — Senators Tom Cotton (R-Arkansas) and Chris Van Hollen (D-Maryland), along with Senators Marco Rubio (R-Florida), Mark Warner (D-Virginia), Richard Blumenthal (D-Connecticut), and Mitt Romney (R-Utah) today introduced legislation to reinforce the Trump administration’s efforts to prevent the Chinese-owned telecom company Huawei from threatening America’s national security. The Defending America's 5G Future Act would codify President Trump’s recent Executive Order and would prohibit the removal of Huawei from the Commerce Department Entity List without an act of Congress. It also would empower Congress to disallow waivers that any administration might grant to U.S. companies engaged in commerce with Huawei. Representatives Mike Gallagher (R-Wisconsin), Jimmy Panetta (D-California), Liz Cheney (R-Wyoming), and Ruben Gallego (D-Arizona) have introduced companion legislation in the House of Representatives.

“Huawei isn’t a normal business partner for American companies, it’s a front for the Chinese Communist Party. Our bill reinforces the president’s decision to place Huawei on a technology blacklist. American companies shouldn’t be in the business of selling our enemies the tools they’ll use to spy on Americans,” said Cotton.

“The best way to address the national security threat we face from China’s telecommunications companies is to draw a clear line in the sand and stop retreating every time Beijing pushes back. By prohibiting American companies from doing business with Huawei, we finally sent an unequivocal message that we take this threat seriously and President Trump shouldn’t be able to trade away those legitimate security concerns,” said Van Hollen. “This legislation will make sure he doesn’t by codifying the President’s original executive order on Huawei and prohibiting the Administration from relieving penalties on Huawei without the approval of Congress.”

“This bill codifies Huawei’s addition to the Commerce Department’s banned Entity List, and thus protects one of the Trump Administration’s most important moves in America’s long-term strategic competition with the totalitarian Chinese government and Communist Party,” said Rubio. “Huawei, a malign Chinese state-directed telecommunications company that seeks to dominate the future of 5G networks, is an instrument of national power used by the regime in Beijing to undermine U.S. companies and other international competitors, engage in espionage on foreign countries, and steal intellectual property and trade secrets.”

“President Trump’s executive order and the Department of Commerce’s Entity List designation reflect the reality that companies like Huawei represent a threat to the security of U.S. and allied communications networks. It shouldn’t be used as a bargaining chip in a larger trade negotiation. This bipartisan bill will make sure that Congress has a chance to weigh in if the President attempts to make concessions on our national security,” said Warner.

“Huawei poses an alarming and unacceptable threat to our nation’s critical telecommunications networks. Our bipartisan bill is a no-brainer. Preventing Huawei from doing business in the United States protects our national security. We must act swiftly to make sure this dangerous company does not cause us harm,” said Blumenthal.

“We must make a concerted effort to confront the threat China poses to U.S. national security, intellectual property, and technology,” said Romney. “Our bill will prohibit U.S.-based companies from doing business with Huawei until they no longer pose a national security threat.”

“Huawei is an appendage of the Chinese Communist Party and should be treated as such,” said Rep. Gallagher. “The President’s actions to protect America’s telecommunications supply chain and restrict the sale of American technology to Huawei were critical steps to protect the future of 5G. It is time we codify these decisions into law and ensure American innovation does not fuel Huawei’s CCP-directed campaign to dominate the global telecommunications market.”

“Huawei is a threat to our international communications and, thus, our national security.  This bipartisan legislation prevents compromises of our communications and stops foreign adversaries from benefiting from our ingenuity.  It is time for Congress to come together and reassert its authority to protect American business and consumers and the safety of our constituents,” said Rep. Panetta.

“Huawei is a serious threat to American prosperity and security, and the United States must remain vigilant against this Chinese state-directed company and its efforts to gain access to American data, defense supply chain, and other crucial information. The Defending America’s 5G Future Act codifies the President’s wise decision to blacklist Huawei, and sends a clear message that Huawei continues to be a vehicle the Chinese Communist Party is using to gain commercial and security advantages and threaten the United States,” said Rep. Cheney.

“The threat from Huawei to U.S. and allied information networks is real. We cannot allow safeguards and restrictions placed on them to backslide without Congress having a say in the matter. I’m proud to work across the aisle to ensure that American and allied communications are protected against this problematic company for the foreseeable future,” said Rep. Gallego.

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) issued the following statement regarding the Federal Trade Commission’s reported decision to approve a $5 billion settlement with Facebook for violating a 2011 consent decree requiring the company to enact privacy reforms:  

“Given Facebook’s repeated privacy violations, it is clear that fundamental structural reforms are required. With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it’s time for Congress to act.”

Last year, Sen. Warner called on the social media companies to work with Congress and provide feedback on ideas he put forward in a white paper discussing potential policy solutions to challenges surrounding social media, privacy, and data security. He has introduced several bipartisan bills to improve transparency, privacy, and accountability on social media. The Honest Ads Act, introduced with Sens. Amy Klobuchar (D-MN) and Lindsey Graham (R-SC), would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite. The DETOUR Act, introduced in April with Sen. Deb Fischer (R-NE), would prohibit large online platforms from using deceptive user interfaces, known as “dark patterns,” to trick consumers into handing over their personal data. The most recent bill, the DASHBOARD Act, was introduced weeks ago with Sen. Josh Hawley (R-MO), and would require data harvesting companies such as social media platforms to tell consumers and financial regulators exactly what data they are collecting from consumers, and how it is being leveraged by the platform for profit.

Sen. Warner plans to introduce additional legislation in the coming weeks.

###?

WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Josh Hawley (R-MO) will introduce the Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act, bipartisan legislation that will require data harvesting companies such as social media platforms to tell consumers and financial regulators exactly what data they are collecting from consumers, and how it is being leveraged by the platform for profit.

“For years, social media companies have told consumers that their products are free to the user. But that’s not true – you are paying with your data instead of your wallet,” said Sen. Warner. “But the overall lack of transparency and disclosure in this market have made it impossible for users to know what they’re giving up, who else their data is being shared with, or what it’s worth to the platform. Our bipartisan bill will allow consumers to understand the true value of the data they are providing to the platforms, which will encourage competition and allow antitrust enforcers to identify potentially anticompetitive practices.”

“When a big tech company says its product is free, consumers are the ones being sold. These 'free' products track everything we do so tech companies can sell our information to the highest bidder and use it to target us with creepy ads,” said Sen. Hawley. “Even worse, tech companies do their best to hide how much consumer data is worth and to whom it is sold. This bipartisan legislation gives consumers control of their data and will show them how much these 'free' services actually cost.”

As user data increasingly represents one of the most valuable, albeit intangible, assets held by technology firms, shining light on how this data is collected, retained, monetized, and protected, is critical. The DASHBOARD Act will:

• Require commercial data operators (defined as services with over 100 million monthly active users) to disclose types of data collected as well as regularly provide their users with an assessment of the value of that data.

• Require commercial data operators to file an annual report on the aggregate value of user data they’ve collected, as well as contracts with third parties involving data collection.

• Require commercial data operators to allow users to delete all, or individual fields, of data collected – and disclose to users all the ways in which their data is being used. including any uses not directly related to the online service for which the data was originally collected.

• Empower the SEC to develop methodologies for calculating data value, while encouraging the agency to facilitate flexibility to enable businesses to adopt methodologies that reflect the different uses, sectors, and business models.

The DASHBOARD Act is the second tech-focused bill Hawley and Warner have partnered on. The first was Hawley’s Do Not Track Act, which would be modeled after the Federal Trade Commission’s (FTC) “Do Not Call” list and allow users to opt out of non-essential data collection.

A section-by-section summary of the bill is available here. Bill text is available here.

###