Press Releases

WASHINGTON – Bipartisan legislation to improve the cybersecurity of Internet-connected devices will be introduced today in the Senate and the House of Representatives. The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require that devices purchased by the U.S. government meet certain minimum security requirements. 

The legislation is being introduced in the Senate by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner(R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT), while Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) are introducing companion legislation in the House of Representatives.

“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” said Sen. Warner, a former technology entrepreneur and executive and Vice Chairman of the Senate Select Committee on Intelligence. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.” 

“The Internet of Things (IoT) landscape continues to expand, with most experts expecting tens of billions of devices to be operating on our networks within the next several years,” Sen. Gardner said. “As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure, particularly when they are integrated into the federal government’s networks. Agencies like the National Institute of Standards and Technology (NIST), which has a major campus in Boulder, are key players in helping establish guidelines for improved IoT security and our bill builds on those efforts. As co-chairs of the Senate Cybersecurity Caucus, Senator Warner and I remain committed to advancing our nation’s cybersecurity defenses.”

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Rep. Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”

“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. This is groundbreaking work and IoT devices must be built with security in mind, not as an afterthought,” said Rep. Hurd, former computer science major, cybersecurity entrepreneur and Chair of the House Subcommittee on Information Technology. “This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”

“With everything from LED lights to thermostats connected to the internet, we need to act swiftly to step up security for ‘internet of things’ devices to prevent hackers from disrupting our economy and threatening public safety,” Sen. Hassan said. “By requiring the federal government to only purchase devices that meet certain cybersecurity standards, this bill will help protect federal agencies against hackers who are seeking to exploit internet of things devices in order to steal critical national security information and the private data of Granite Staters and Americans.”

“As the Internet of Things landscape grows – we must ensure that Montanan’s information is safe and the security of our critical infrastructure is protected,” said Sen. Daines. “This bill helps establish proper safeguards that balance the need to protect Montanan’s privacy and our national security with the growing tech economy and high-paying jobs it provides.”

The Internet of Things, the term used to describe the growing network of Internet-connected devices and sensors, is expected to include over 20 billion devices by 2020. While these devices and the data they collect and transmit present enormous benefits to consumers and industry, the relative insecurity of many devices presents enormous challenges. Sometimes shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack. IoT devices have been used by bad actors to launch devastating Distributed Denial of Service (DDoS) attacks against websites, web-hosting servers, and internet infrastructure providers. 

At a hearing of the Senate Armed Services Committee last year, the Director of the Defense Intelligence Agency, Lt. General Robert Ashley, described exploitation of insecure IoT devices as one of the two “most important emerging cyber threats to our national security.” Last May, the Departments of Commerce and Homeland Security published a report highlighting the IoT market forces that reward low-price and convenience at the expense of security. The signature recommendation of the May 2018 report was that the Federal government should “lead by example” by requiring the acquisition of more secure and resilient products and services, particularly IoT. The IoT Cybersecurity Improvement Act will address both this market failure and the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurements of connected devices by the government. 

Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would:

  • Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
  • Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
  • Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
  • Direct NIST to work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
  • Require contractors and vendors providing IoT devices to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.

“BSA applauds Senators Warner and Gardner for their leadership in securing the IoT, and calls on Congress to act swiftly to advance this important legislation,” said Tommy Ross, Senior Policy Director, BSA | The Software Alliance. “As IoT devices increasingly bring greater productivity and quality of life to consumers and businesses across sectors, we must be proactive in addressing the unique security considerations they bring.” 

“Internet-aware devices raise deep and novel security issues, with problems that could arise months or years after purchase, and spill over to people who aren't the purchasers. This bill leverages the government procurement market, rather than direct regulation, to encourage Internet-aware device makers to employ basic security measures in their products,” said Jonathan Zittrain, Co-Founder of Harvard University’s Berkman Klein Center for Internet & Society.

“Insecure and unsecured IoT devices are a risk we must address, and it will only happen if the government and the private sector both step up. I'm glad that Senators Warner and Gardner and Representatives Kelly and Hurd are continuing to push this issue,” said Jeff Greene, Vice President of Global Government Affairs & Policy at Symantec.

“Weak IoT security with little oversight puts the American public at risk, particularly as these devices become more and more common in our offices and in our homes. We need a coordinated approach. Empowering NIST to set standards for the development and management of these devices, as the IoT Cybersecurity Improvement Act of 2019 proposes, will help secure the sensitive data held by the government and the private information shared within our homes,” said Alan Davidson, Vice President of Global Policy, Trust, and Security at Mozilla. 

“The proliferation of insecure Internet-connected devices presents an enormous security challenge. The risks are no longer solely about data; they affect flesh and steel. The market is not going to provide security on its own, because there is no incentive for buyers or sellers to act in anything but their self-interests. I applaud Senator Warner and his cosponsors for nudging the market in the right direction by establishing thorough, yet flexible, security requirements for connected devices purchased by the government,” said Bruce Schneier, Fellow and Lecturer at Harvard Kennedy School of Government. 

“Cloudflare applauds Senators Warner and Gardner, Representatives Kelly and Hurd, and their cosponsors for their continued efforts to address the risks posed by improperly secured IoT devices with the introduction of this latest bill. Using the government procurement process to encourage security research and innovation will make the U.S. Government a leader in this area, and should open up a robust discussion of these issues. Cloudflare looks forward to continuing to work with them as this bill moves forward,” said Doug Kramer, General Counsel, Cloudflare Inc. 

“IoT device insecurity is a serious problem that needs to be addressed. Although much must be done to address this problem, the longest journey begins with a single step—and this bill is just such a step in moving the ball forward on IoT security for government procurements,” said Dr. Herb Lin, senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University.

"Billions of devices connect our world and in the coming years we will see billions more. Each device adds to an expanding and elastic attack surface that creates a massive gap in the ability to truly understand cyber risk at any given time. The Internet of Things (IoT) Cybersecurity Improvement Act, introduced by Representatives Robyn Kelly (D-IL) and Will Hurd (R-TX), tasks NIST with developing security guidelines to address critical vulnerabilities in the development of IoT devices that the federal government purchases. This legislation will help the government better manage its cyber risks, and provide a strong example for other organizations.  We also strongly support the call for NIST to develop a report that addresses Cyber Exposure considerations related to the increasing convergence of IT, IoT, and OT devices, networks and systems, as the modern enterprise must manage risk across all these environments," said James Hayes, Vice President of Global Government Affairs at Tenable.

“We applaud Senators Warner and Gardner and Representatives Kelly and Hurd for introducing the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The wireless industry is committed to ensuring the security of IoT devices and we look forward to working with the sponsors of the legislation on policies that will help protect consumers,” said Kelly Cole, Senior Vice President for Government Affairs at CTIA.

The bill is also supported by Rapid7. Similar legislation was previously introduced in the 115th Congress.

Sen. Warner wrote to the Federal Trade Commission (FTC) in July 2016 raising concerns about the security of children’s data collected by Internet-connected “Smart Toys.” In May 2017, the Senator wrote a follow-up letter to Acting FTC Chairwoman Maureen Ohlhausen reiterating his concerns following comments by the Chairwoman that the risks of IoT devices are merely speculative. In response to the Senator’s concerns, the FTC issued updated guidance on protecting children’s personal data in connected toys. Immediately in wake of October’s devastating DDoS attack on the nation’s internet infrastructure by the Mirai botnet, Sen. Warner wrote the FCC, FTC, and NCCIC to raise concerns about the proliferation of botnets composed of insecure devices. Sen. Warner also wrote to Office of Management and Budget Director Mick Mulvaney and Secretary of Homeland Security John Kelly in May 2017 asking what steps the Federal Government had taken to defend against WannaCry ransomware.

Sen. Warner, the Vice Chairman of the Senate Select Committee on Intelligence and former technology executive, is the co-founder and co-chair of the bipartisan Senate Cybersecurity Caucus and a leader in Congress on security issues related to the Internet of Things (IoT).

Bill text is available here.

 

###

Washington – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), a member of the Senate Select Committee on Intelligence, urged Director of National Intelligence Dan Coats to issue a comprehensive and unclassified report on China’s participation in the international standard-setting bodies (ISSBs) for fifth-generation wireless telecommunications technologies (5G). This report would allow companies in the U.S. to fully assess any existing threats to fair competition and push back against them.

“In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies,” wrote the Senators.“Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend.”

American companies do not currently have access to crucial information regarding China’s alleged use of political influence in ISSBs or other anti-competitive practices, such as the state-directed coordination of large Chinese telecommunications firms. These practices can undermine fair competition, hinder the ability of us companies to sell and scale their technologies, and raise serious economic and security concerns for U.S. networks and future generations of wireless technologies.

Prompted by a series of anecdotal concerns raised to the Senate Select Committee on Intelligence (SSCI) regarding China’s attempt to politically influence the ISSBs, the Senators urged Director Coats to issue a report detailing: 

1.             Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs;

2.             Specific examples of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,

3.             How Chinese-led standards for 5G technologies will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.

They concluded, “We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.”

Sens. Warner and Rubio are the lead sponsors of bipartisan legislation to help combat tech-specific threats to national security posed by foreign actors like China. Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies. On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Warner has also urged the Administration to work with our allies to combat these technology threats. Sens. Warner and Rubio are also the authors of bipartisan legislation to enforce full compliance by ZTE with all probationary conditions of a U.S. Commerce Department’s deal struck with the company last year that ended U.S. imposed sanctions.

 

Full text of the letter is below and a copy can be found here.

 

Director Dan Coats

Director of National Intelligence

1500 Tysons McLean Drive

McLean, VA 22102

 

Dear Director Coats:

 

We are writing to request an unclassified report on the participation of China and other adversarial nations in the international standard-setting bodies (“ISSBs”)  for fifth-generation wireless telecommunications technologies (“5G”). Over the past year, the Senate Select Committee on Intelligence (“SSCI”) has heard anecdotal concerns that China is attempting to exert pressure or political influence in the ISSBs, which have historically functioned as technological meritocracies. Not only does political influence undermine fair competition, it also raises serious economic and security concerns for 5G and future generations of wireless technologies.

 

Currently, U.S. companies do not have access to critical information about the nature of this threat, and the degree of state-directed coordination amongst large Chinese telecommunication firms seeking to gain a critical edge in wireless technologies. Without adequate information, U.S. companies cannot effectively push back against this behavior, nor can the United States coordinate with our allies to deter anticompetitive practices in the ISSBs. 

 

Specifically, we request a detailed and unclassified report, to the extent possible, from the Intelligence Community (“IC”) on the following items:

 

1.                  Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs, if there is evidence of such trends;

 

2.                  Specific examples and case studies of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,

 

3.                  Implications of Chinese-led standards for 5G technologies and how that will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.

 

In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies. Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend. 

 

We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.

 

We appreciate your attention to this important matter.

 

Sincerely,

 

###

WASHINGTON, DC – In an effort to better protect customers, increase transparency for investors, and ensure public companies are prioritizing cybersecurity and data privacy, U.S. Senators Jack Reed (D-RI), Susan Collins (R-ME), Mark Warner (D-VA), John Kennedy (R-LA), and Doug Jones (D-AL) are introducing S. 592, the Cybersecurity Disclosure Act of 2019.  Congressman Jim Himes (D-CT), who serves on the House Financial Services Committee and the House Permanent Select Committee on Intelligence, will be introducing the companion legislation in the House of Representatives.  

The Reed-Collins-Warner-Kennedy-Jones legislation would require publicly traded companies to include in its Securities and Exchange Commission (SEC) disclosures to investors information on whether any member of the company’s Board of Directors is a cybersecurity expert, and if not, why having this expertise on the Board of Directors is not necessary because of other cybersecurity steps taken by the company.  The legislation does not require companies to take any actions other than to provide this disclosure.

Cyberattacks on companies and business continue to increase in their sophistication, exposing customers and data to risk.  Indeed, according to the Identity Theft Resource Center, the number of records, containing personally identifiable information, exposed by data breaches in the business industry grew from 181,630,520 in 2017 to 415,233,143 in 2018, and in the medical and health care industry from 5,302,846 in 2017 to 9,927,798 last year.  Across all industries, the number of records containing personally identifiable information exposed by data breaches rose 126%, from 197,612,748 in 2017 to 446,515,334 in 2018. 

Deloitte’s 11th Global risk management survey of financial institutions found that “sixty-seven percent of respondents named cybersecurity as one of the three risks that would increase the most in importance for their business over the next two years, far more than for any other risk. Yet, only about one-half of the respondents felt their institutions were extremely or very effective in managing this risk.” And according to the 2018-2019 National Association of Corporate Directors Public Company Governance Survey, only 52 percent of directors “are confident that they sufficiently understand cyber risks to provide effective cyber-risk oversight,” and 58 percent “believe their boards collectively know enough about cyber risk to provide effective oversight.”

“Cybersecurity is one of the most significant and enduring challenges that all businesses, across industries, face and should be accounted for as part of the corporate risk management process.  With growing cyber threats, we must be proactive in bolstering our nation’s cybersecurity.   This legislation advances that goal by encouraging publicly traded companies to be more transparent about whether and how their Boards of Directors and senior management are prioritizing cybersecurity,” said Senator Reed, the Ranking Member of the Senate Armed Services Committee and a senior member of the Senate Banking Committee.  “As our economy becomes ever more dependent on technology and the Internet, our economic security is indeed a matter of national security.  Through the simple disclosure called for by this bipartisan legislation, we can strengthen cybersecurity oversight.”

“As cyberattacks become increasingly common, Congress must take action to better protect Americans from hackers attempting to steal sensitive data and personal information,” said Senator Collins, a member of the Senate Intelligence Committee.  “This bipartisan bill strengthens our nation’s cybersecurity by requiring companies to disclose to the public the basic steps they are taking to prevent cyberattacks.”

“Every day, determined cyberattackers target publicly traded companies in attempts to steal data. When successful, these attacks can be extremely damaging, which is why consumers and shareholders deserve to know whether companies’ boards have cyber expertise,” said Senator Warner, Vice Chairman of the Senate Select Committee on Intelligence and Ranking Member of the Senate Banking Subcommittee on National Security and International Trade and Finance. “This legislation will help inform consumers and shareholders by increasing transparency, and will serve as a tool to urge more reliable strategies to counter cyberattacks.”

“As our society increasingly relies on technology, businesses across all sectors of the economy must prioritize cybersecurity. A single cyberattack can cripple even the most sophisticated firms, and the public has a right to know whether companies are focused on preventing cybersecurity threats.  This bipartisan legislation will greatly increase transparency and accountability, and will ultimately help cybersecurity resilience across our economy,” said Senator Jones. 

The bipartisan Cybersecurity Disclosure Act of 2019 is supported by consumer advocates, investors, and securities law experts, including the North American Securities Administrators Association; the Council of Institutional Investors; the National Association of State Treasurers; the California Public Employees’ Retirement System; the Bipartisan Policy Center; Massachusetts Institute of Technology Professor Simon Johnson; Harvard Law Professor John Coates; Columbia Law Professor Jack Coffee; K&L Gates LLP; and the Consumer Federation of America.

WASHINGTON—U.S. Senator John Cornyn (R-TX), along with Senators Richard Burr (R-NC), Mark Warner (D-VA), Jim Risch (R-ID), Dianne Feinstein (D-CA), Marco Rubio (R-FL),  Tom Cotton (R-AR), Angus King (I-ME), Susan Collins (R-ME), Ben Sasse (R-NE), and Mitt Romney (R-UT), today sent a letter to the Secretary of Energy, Rick Perry, and the Secretary of Homeland Security, Kirstjen Nielsen, urging them to protect our electrical systems and critical infrastructure from potential cyberattacks by banning the use of inverters made by the Chinese-owned company, Huawei Technologies Co., Ltd. 

“Huawei has recently become the world’s largest maker of inverters - the sophisticated control systems that have allowed the rapid expansion of residential and utility scale energy production.  Both large-scale photovoltaic systems and those used by homeowners, school districts, and businesses are equally vulnerable to cyberattacks.  Our federal government should consider a ban on the use of Huawei inverters in the United States and work with state and local regulators to raise awareness and mitigate potential threats,” the Senators wrote.

“We urge you to work with all federal, state and local regulators, as well as the hundreds of independent power producers and electricity distributors nation-wide to ensure our systems are protected.  We stand ready and willing to provide any assistance you need to secure our critical electricity infrastructure.”

The signed letter is here, and full text is below.

 

February 25, 2019

 

The Honorable Rick Perry

Secretary

U.S. Department of Energy

1000 Independence Avenue SW

Washington, DC 20585

 

The Honorable Kirstjen Nielsen

Secretary

U.S. Department of Homeland Security

800 K Street NW

Washington, DC 20528

 

Dear Secretaries Perry and Nielsen:

 

We write to express our concern over the national security threat products manufactured by Huawei Technologies Co., Ltd. (Huawei) pose to our nation’s critical energy infrastructure.  We understand that Huawei, the world’s largest manufacturer of solar inverters, is attempting to access our domestic residential and commercial markets.  Congress recently acted to block Huawei from our telecommunications equipment market due to concerns with the company’s links to China’s intelligence services.  We urge similar action to protect critical U.S. electrical systems and infrastructure.

 

Huawei has recently become the world’s largest maker of inverters - the sophisticated control systems that have allowed the rapid expansion of residential and utility scale energy production.  Both large-scale photovoltaic systems and those used by homeowners, school districts, and businesses are equally vulnerable to cyberattacks.  Our federal government should consider a ban on the use of Huawei inverters in the United States and work with state and local regulators to raise awareness and mitigate potential threats.

 

We urge you to work with all federal, state and local regulators, as well as the hundreds of independent power producers and electricity distributors nation-wide to ensure our systems are protected.  We stand ready and willing to provide any assistance you need to secure our critical electricity infrastructure. 

 

Thank you for your attention to this important matter of national security.

 

Sincerely,

/s/

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Finance Committee and co-chair of the Senate Cybersecurity Caucus, wrote today to the leaders of four federal agencies and departments, seeking details on any measures being taken by the federal government to reduce vulnerabilities in the health care sector. In the letters, Sen. Warner pointed to apparent gaps in oversight, expressed concern about the impact of cyber-attacks on the health care industry, asked for strategic recommendations, and conveyed his desire to work alongside federal agencies and health care entities to develop strategies that strengthen information security. Sen. Warner also sent letters last week to major health care entities, including the American Hospital Association, American Medical Association, Virginia Hospital and Healthcare Association, and others.

“The increased use of technology in health care certainly has the potential to improve the quality of patient care, expand access to care (including by extending the range of services through telehealth), and reduce wasteful spending. However, the increased use of technology has also left the health care industry more vulnerable to attack,” said Sen. Warner. “As we welcome the benefits of health care technology we must also ensure we are effectively protecting patient information and the essential operations of our health care entities.” 

According to the Government Accountability Office, more than 113 million care records were stolen in 2015. A separate study conducted that same year estimated that the cost of cyberattacks would cost our health care system $305 million over a five-year period. Furthermore, a 2017 report by Trend Micro found that over 100,000 healthcare devices and systems were exposed directly to the public internet, including electronic health record systems, medical devices, and network equipment. 

Sen. Warner concluded the letters by noting that he would like to work with the agencies “to develop a short- and long-term strategy reducing cybersecurity vulnerabilities in the health care sector…It is my hope that with thoughtful and carefully considered feedback we can develop a national strategy that improves the safety, resilience, and security of our health care industry.”

The sensitive nature of medical information makes the health care industry a lucrative target for criminals seeking to profit from personally identifiable information. Medical records often contain private information, including a patient’s social security number, address, and health history. When stolen, this information can be used to conduct identity theft. The importance of continued availability of health data also makes health care organizations lucrative targets for ransomware attacks. 

In order to gauge existing risks and gather facts to develop a long- and short-term security strategy, Sen. Warner asked the following questions of each agency and department:

  1. To date, what proactive steps has your Department/Agency taken to identify and reduce cyber security vulnerabilities in the health care sector?
  2. How has your Department/Agency worked to establish an effective national strategy to reduce cybersecurity vulnerabilities in the health care sector?
  3. Has your Department/Agency engaged private sector health care stakeholders to solicit input on successful strategies to reduce cybersecurity vulnerabilities in the health care sector? If so, what has been the result of these efforts? 
  4. Has your Department/Agency worked collaboratively with other federal agencies and stakeholders to establish a federal strategy to reduce cybersecurity vulnerabilities in the health care sector? If so, who has led these efforts and what has been the result?
  5. Are there specific federal laws and/or regulations that you would recommend Congress consider changing in order to improve your efforts to combat cyberattacks on health care entities?
  6. Are there additional recommendations you would make in establishing a national strategy to improve cybersecurity in the health care sector? 

Letters were sent to the Food and Drug AdministrationDepartment of Health and Human ServicesCenters for Medicare and Medicaid Services, and National Institute of Standards and Technology.

 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement on President Trump’s Executive Order artificial intelligence (AI):

“AI holds enormous promise, with diverse applications across almost every imaginable sector and an array of implications in the national security context, as well. Our strategic competitors fully understand the stakes and have devoted enormous resources to outpacing the U.S. in this area. At the same time, if we’ve learned anything from the last two years, it’s that U.S. policy should be much more thoughtful in the consideration of emerging technologies – particularly in modeling their misuse. I applaud a number of aspects of the Executive Order, such as the proposal – mirroring the white paper I released last summer – to open federal data-sets to non-federal entities. 

“Overall, however, the tone of this Executive Order reflects a laissez-faire approach to AI development that I worry will have the U.S. repeating the mistakes it has made in treating digital technologies as inherently positive forces, with insufficient consideration paid to their misapplication. As I raised in my white paper, there are early indications that AI may contribute towards ‘winner-take-all markets’ – making it all the more important that our AI policies catalyze and sustain long-term competition and innovation. Similarly, the Administration’s Executive Order treats the impact of AI on the American workforce almost as an after-thought – relegating consideration of upskilling and retraining to existing federal programs.  

“Lastly, while the Executive Order explicitly references the activities of strategic competitors and adversarial nations, it offers little concrete guidance on how the U.S. should respond to adversarial and malicious uses of AI technologies by state and non-state actors alike, nor does it address instances where American technology companies are working in and with adversary nations in ways that undermine civil liberties, privacy, and American leadership.”

 

###

 

Washington, D.C. – U.S. Senators Marco Rubio (R-FL), Chris Van Hollen (D-MD), Susan Collins (R-ME), Mark Warner (D-VA), Jerry Moran (R-KS), Elizabeth Warren (D-MA), and Doug Jones (D-AL) today re-introduced the ZTE Enforcement Review and Oversight (ZERO) Act, a bipartisan bill to enforce full compliance by ZTE, a Chinese state-directed telecommunications firm that repeatedly violated U.S. laws, with all probationary conditions in the Commerce Department’s July 2018 deal to lift the denial order’s seven-year ban against the export of U.S. parts and components to ZTE. If the Commerce Secretary cannot regularly certify ZTE’s full compliance with the deal and with relevant U.S. export controls and sanctions laws, the denial order’s crippling punishments will be reinstated against ZTE. 

“When it comes to violating U.S. sanctions and deceiving our government, ZTE is a repeat offender. Companies like ZTE threaten our security and compromise American interests but this administration has failed to hold them accountable. This much-needed legislation will force the telecom firm to play by the rules by imposing punitive measures if ZTE once again violates trade restrictions or its agreement with the U.S,” said Senator Warner, Vice Chairman of the Senate Select Committee on Intelligence.

“I am proud to reintroduce this bipartisan bill to hold the Chinese state-directed telecoms company, ZTE, accountable for repeated violations of U.S. exports controls and sanctions laws," Senator Rubio said. “China’s communist government continues to threaten our national security interests through state-directed actors and, while it was a mistake to strike a ‘deal’ with ZTE in the first place, this bill would ensure ZTE is held accountable if and when it cheats again.” 

“ZTE’s actions represent a threat to our national security. While we work on a broader strategy to combat China’s theft of advanced U.S. technology and brazen violation of U.S. law, we must act to ensure ZTE is not able to violate the current agreement with the Department of Commerce or break our laws. This bipartisan legislation will help hold their feet to the fire and should be considered without delay,” Senator Van Hollen said. 

“Having continuously violated American sanctions on Iran and North Korea, ZTE’s disregard for U.S. laws undermines our national security interests and cannot be tolerated,” Senator Collins said. “Our bipartisan bill would require the Department of Commerce to monitor ZTE and effectively put ZTE out of business if they are found to be noncompliant, ensuring the safety of our economy and national security.” 

“ZTE – with the support of the Chinese government – has repeatedly violated U.S. sanctions, and they must be held accountable for their actions,” Senator Moran said. “The bipartisan ZERO Act would authorize the Commerce Department to monitor ZTE and make certain they are not violating the current trade agreement. I urge my colleagues to support this legislation to protect our national security interests from bad actors and ensure ZTE faces severe penalties if they break the law again.” 

“ZTE must be held accountable for violating our sanctions laws and threatening U.S. national security interests, not given a slap on the wrist and allowed to do business in the United States,” Senator Warren said. “I’m glad to work with Senators in both parties on a bill to ensure that this company faces severe penalties if it breaks the law again or violates its settlement agreement.”

 

###

WASHINGTON— Today, the Vice Chairman of the Senate Select Committee on Intelligence Sen. Mark R. Warner (D-VA) and Committee member Sen. Marco Rubio (R-FL) announced that their bipartisan legislation to help combat tech-specific threats to national security posed by foreign actors like China has picked up four new bipartisan Senate co-sponsors. Sens. Michael Bennet (D-CO), Roy Blunt (R-MO), Chris Coons (D-DE) and Susan Collins (R-ME) have co-sponsored Warner and Rubio’s legislation to create an Office of Critical Technologies & Security at the White House responsible for coordinating across agencies and developing a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains. 

Companion legislation was also introduced in the House of Representatives on January 16 by Congressmen C.A. Dutch Ruppersberger (D-MD), Mike Conaway (R-TX), Jim Himes (D-CT), and Will Hurd (R-TX).  

China and other nations are currently attempting to achieve technological and economic superiority over the United States through the aggressive use of state-directed or -supported technology transfers. At the same time, the U.S. is also facing major challenges to the integrity of key supply chains as a result of reliance on foreign products that have been identified as national security risks. A national response to combat these threats and ensure our national security has, to date, been hampered by insufficient coordination at the federal level.

The Warner-Rubio bill would guarantee that there is a federal entity responsible for proactively coordinating interagency efforts and developing a national strategy to deal with these challenges to our national security and long-term technological competitiveness. Under the bill, the Office of Critical Technologies & Security would be directed to coordinate and consult with federal and state tech and telecom regulators, the private sector, nongovernmental experts and academic stakeholders, and key international partners and U.S. allies to ensure that every available tool is being utilized to safeguard the supply chain and protect emerging, foundational and dual-use technologies. The Office would also be responsible for raising awareness of these threats and improving the overall education of the American public and business leaders in key sectors about the threats to U.S. national security posed by the improper acquisition and transfer of critical technologies by foreign countries and reliance on foreign products – such as those manufactured by Chinese telecom companies ZTE and Huawei – that jeopardize the overall security of private sector supply chains.

“Our message is clear: We need a whole-of-government technology strategy to protect U.S. competitiveness in emerging and dual-use technologies and address the Chinese threat,” said Sen. Warner, a former technology and telecommunications executive. “I thank Senator Bennet, Senator Blunt, Senator Coons and Senator Collins for their support of this measure, and I look forward to working with them and the Executive Branch to improve coordination and respond to this threat.”  

“I thank my Senate colleagues for recognizing the importance of this legislation and the continued threat posed by Chinese government’s assault on U.S. intellectual property, U.S. businesses, and our government networks and information with the full backing of the Chinese Communist Party,” Sen. Rubio said. “The United States needs a more coordinated approach to directly counter this critical threat and ensure we better protect U.S. technology, and this important, bipartisan legislation will streamline efforts across the government. I look forward to working with my colleagues and the Administration to enact this legislation and guard against these national security threats.”

“The United States must sharpen efforts to address technology threats from China and other nations that undermine our economic and national security, erode democratic norms, and leave vulnerable our supply chains. Successfully combatting these threats requires a long-term strategy for maintaining U.S. competitiveness in technologies of the future. We must work across public and private sectors to galvanize efforts that ensure our technological competitiveness,” said Sen. Bennet.

“It’s more important than ever for the federal government to have a comprehensive strategy to combat the increase in tech-related security threats from China and other nations,” said Blunt. “This bill is an important step to better protect our critical supply chains and push back against state-sponsored technology theft,” Sen. Blunt said. 

“The United States needs a strategy to protect our critical infrastructure and safeguard technologies in industries of the future like 5G, quantum computing, artificial intelligence, and biotech,” said Sen. Coons, a member of the Senate Foreign Relations Committee. “I am proud to support a bill that can improve our government’s capacity to secure our supply chains and prevent forced technology transfer. I look forward to working with my colleagues to pass this bill and other similar efforts into law.”

“China’s theft of critical U.S. technologies and increased efforts to expand into our telecommunications market pose as serious threats to our national security and to consumers,” said Sen Collins.  “This bipartisan bill would ensure greater coordination and cooperation between government at the federal and state levels, as well as with nongovernmental experts and the private sector, to develop a long-term strategy on combatting foreign attempts to acquire U.S. technologies.”

Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies. On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Warner has also urged the Administration to work with our allies to combat these technology threats. Sens. Warner and Rubio are also the authors of bipartisan legislation to enforce full compliance by ZTE with all probationary conditions of a U.S. Commerce Department’s deal struck with the company last year that ended U.S. imposed sanctions.

For a copy of the bill text, click here

 

###

 

 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the below statement after the Department of Justice charged Huawei with the theft of trade secrets, sanctions violations and obstruction of justice: 

“There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party – and Huawei, which China’s government and military tout as a ‘national champion,’ is no exception. It has been clear for some time that Huawei poses a threat to our national security, and I applaud the Trump Administration for taking steps to finally hold the company accountable. 

“This is also a reminder that we need to take seriously the risks of doing business with companies like Huawei and allowing them access to our markets, and I will continue to strongly urge our ally Canada to reconsider Huawei’s inclusion in any aspect of its 5G infrastructure.

“This action further underscores the need for a coordinated, whole-of-government and whole-of-society approach to dealing with the threat posed by an increasingly forceful China. I will continue to urge the Trump Administration to make China’s rampant IP theft a top priority in ongoing trade negotiations, and will continue pressing for a more coherent, cohesive national strategy to protect U.S. technology and ensure U.S. technological competitiveness.” 

Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies.

Earlier this month, Sen. Warner and Sen. Marco Rubio (R-FL) introduced bipartisan legislation to create an Office of Critical Technologies & Security at the White House responsible for coordinating across agencies and developing a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains. 

On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. 

In September, Sen. Warner joined several colleagues to introduce the ZTE Enforcement Review and Oversight (ZERO) Act. The bipartisan bill would enforce full compliance by ZTE—a Chinese state-directed telecommunications firm that repeatedly violated U.S. laws – with all probationary conditions outlined in a Commerce Department deal with the company that lifted a denial order banning the export of U.S. parts and components.

 

###

 

WASHINGTON – Sen. Mark R. Warner (D-VA), along with Sens. Tim Kaine (D-VA), Ben Cardin (D-MD) and Chris Van Hollen (D-MD), wrote to Washington Metropolitan Area Transit Authority (WMATA) General Manager and CEO Paul J. Wiedefeld to express safety and security concerns regarding the possibility that Metro may award a contract to build its newest 8000-series rail cars to a Chinese manufacturing company.  

The Senators wrote, “In the transportation sector, there has been increased interest from particular foreign governments to participate in state and local procurements, including those to manufacture and assemble rail cars for transit agencies around the country. While other cities have welcomed this kind of investment, we have serious concerns about similar activity happening here in our nation’s capital, particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security. As Metro continues its procurement process for the 8000-series rail car, we strongly urge you to take the necessary steps to mitigate growing cyber risks to these cars.” 

The Washington Post recently reported that “the state-owned China Railway Rolling Stock Corp., or CRRC, has used bargain prices to win four of five large U.S. transit rail car contracts awarded since 2014. The company is expected to be a strong contender for a Metro contract likely to exceed $1 billion for between 256 and 800 of the agency's newest series of rail cars.”

In their letter, the Senators noted that Metro’s 8000-series rail car is expected to incorporate safety and communications technology such as automatic train control, network and trainline control, video surveillance, monitoring and diagnostics, and data interface with WMATA, among other potentially vulnerable mechanisms that could allow a foreign spy, terrorist, or other rogue actor to break in and take control of Metro’s systems to conduct foreign espionage or impact operations. 

 

“Many of these technologies could be entirely susceptible to hacking, or other forms of interference, if adequate protections are not in place to ensure they are sourced from safe and reliable suppliers. In a Q&A document posted as part of the RFP, WMATA noted that there are ‘no Buy America or DBE requirements for this contract,’ raising further questions about what protections will be in place to ensure the integrity of these components,” the Senators told Wiedefeld.

 

The Senators then posed a series of questions regarding Metro’s plans for the rail car procurement process, including:

  • While we are aware that nearly all passenger railcar manufacturers in the United States are foreign-owned, what steps is WMATA taking to ascertain and mitigate against the involvement of foreign governments in this procurement?
  • Has Metro received briefings from the Department of Homeland Security or related agencies on the attempts of foreign adversaries to infiltrate our critical infrastructure and the significant cyber vulnerabilities that can stem from them doing so?
  • Will Metro take a company’s ties to foreign governments with a record of industrial and cyber espionage into account when evaluating bids, particularly if such company is a state-owned enterprise?
  • If so, will Metro allow sensitive component parts of these railcars to be sourced from such countries?
  • Will Metro consult with the Department of Defense prior to awarding a contract to confirm whether the Department would permit railcars built by certain foreign governments to operate through the Pentagon?
  • We understand that Metro has announced that the RFP will be amended to include baseline cybersecurity protocols. Please provide information about these protocols and how they are being developed. How will Metro evaluate bidder responses to this forthcoming cybersecurity addendum? Will Metro review these responses with the Department of Transportation (USDOT) and the Department of Homeland Security, and seek the concurrence of USDOT and DHS in its cybersecurity evaluations before making any final contract award in this procurement? What specific requirements will the addendum include to ensure that any communications technology included in the rail car procurement is protected from being exploited for surveillance purposes? 

The Senators concluded, “U.S. national security should be of the utmost importance as WMATA considers bids for its procurement of 8000-series rail cars, and we therefore request that you consider submitting an addendum to the earlier RFP [Request for Proposals] to ensure that the necessary steps are taken to protect against the aforementioned concerns.”

 

The full text of the letter is available here

###

 

 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the below statement after the Department of Justice announced charges against two hackers associated with the Chinese government:

“The Department of Justice, and in particular Deputy Attorney General Rod Rosenstein, should be congratulated for their work on this announcement. DOJ’s recent moves to hold China accountable are important in exposing some of the threats posed by China as it attempts to pursue economic and technological dominance over the United States.

While legal action is important, a truly effective response will require a coordinated approach with our allies and a comprehensive strategy to protect our national security and enhance U.S. competitiveness and resiliency. We have to punch back against China’s malign activities – but we also have to do more than play defense if we’re going to truly check China’s bad behavior.” 

 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the below statement following the Canadian government’s arrest of Meng Wanzhou, the chief financial officer of Huawei:

“There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party – and Huawei, which China’s government and military tout as a ‘national champion,’ is no exception. It has been clear for some time that Huawei, like ZTE, poses a threat to our national security. Now we know that Huawei, like ZTE, has violated U.S. sanctions law. It's my hope that the Trump Administration will hold Huawei fully accountable for breaking sanctions law, as it failed to do in the case of ZTE. 

“This is a reminder that we need to take seriously the risks of doing business with companies like Huawei and allowing them access to our markets. I continue to strongly urge our close ally Canada to reconsider Huawei’s inclusion in any aspect of its 5G infrastructure.” 

Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies.

On October 12, 2018, Sen. Warner and Sen. Marco Rubio (R-FL) sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance.

In September, Sen. Warner joined several colleagues to introduce the ZTE Enforcement Review and Oversight (ZERO) Act. The bipartisan bill would enforce full compliance by ZTE—a Chinese state-directed telecommunications firm that repeatedly violated U.S. laws – with all probationary conditions outlined in a Commerce Department deal with the company that lifted a denial order banning the export of U.S. parts and components.

 

###

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) sent another letter to Federal Trade Commission (FTC) Chairman Joseph J. Simons pressing the leader of the agency to use the authorities granted to it by Congress to protect American businesses and shoppers from digital advertising fraud, which reached $7.4 billion in 2016 – costs that are later passed on to consumers in the form of higher prices. Today’s letter follows an earlier Oct. 25 letter urging the FTC to do more to respond to the prevalence of digital ad fraud, in light of inaction by major industry players like Google to voluntarily curb the problem.

Sen. Warner noted that in large part because of enforcement decisions made by the FTC, Google has come to dominate the digital ad market, but has done little to crack down on fraud. Google was the only major social media company absent for a September hearing in the Senate Intelligence Committee, on which Sen. Warner serves as Vice Chairman.

Sen. Warner today criticized the FTC’s failure to take action, writing, “As long as Google stands to profit from the sale of additional advertisements, the financial incentive for it to voluntarily root out and address fraud remains minimal. It was thus enormously discouraging to read your own response to my [Oct. 25] letter, which did nothing to address the inaction of major industry stakeholders in curbing these abuses. Instead, your letter appeared to suggest that your authority to address deceptive and unfair practices does not apply to this conduct; rather, your letter portrays the FTC as successfully addressing online fraud through workshops and education campaigns. Neither suggestion inspires confidence in the FTC’s efforts as digital ad fraud has continued to proliferate.”

“In recent congressional testimony, you have urged Congress to provide the FTC with additional authority related to promoting competition and consumer protection in the digital age. Increasingly, I am not convinced the Commission is adequately utilizing the authority it already has to crack down on fraud and other misbehavior,” Sen. Warner added. “The FTC is the agency explicitly empowered to address fraud and deceptive practices, and Section 5 of the Federal Trade Commission Act was written in broad terms precisely for this purpose. Since 1938, Congress has given your agency broad enforcement authority to protect consumers and expects you to use it. I would like to sit down with you in the next month to discuss how the FTC can ensure it does the job Congress intended it to do.” 

The full text of today’s letter is available here, and also appears below.

In October, Sen. Warner wrote a letter to the Federal Trade Commission (FTC) Chairman Joseph Simons expressing concern following a report published by Buzzfeed detailing continued prevalence of digital advertising fraud and inaction by Google to curb these efforts. AccordingBuzzfeed, this scheme has generated hundreds of millions of dollars in fraudulent advertising revenues, with operations spanning more than 125 Android apps and websites. The FTC’s November response can be found here. 

In July 2016, Sen. Warner and Sen. Chuck Schumer (D-NY) wrote to then-FTC Chairwoman Ramirez calling on the agency to protect consumers from the growing digital ad fraud phenomenon. Since then, reports have estimated that digital ad fraud has only grown to $7.4 billion in 2017 – and projected to rise to $10.9 billion by 2021.

 

The full text of today’s letter follows:

 

December 6, 2018

 

The Honorable Joseph J. Simons

Chairman

Federal Trade Commission

600 Pennsylvania Avenue, NW

Washington, D.C. 20530

 

Dear Chairman Simons,

 

On October 25th, I wrote to you to express grave concerns with the growing phenomenon of digital ad fraud, and in particular my frustration with the ways that large intermediaries have turned a blind eye to, and in certain cases helped enable, this fraud. This letter followed concerns Senator Schumer and I raised in a 2016 letter to your predecessor about the negative economic impact of ad fraud on end users, advertisers, and publishers. I was deeply disappointed by your November 19th response, which failed to substantively address any of the concerns that I have been raising for two years now regarding the Federal Trade Commission’s failures to crack down on digital advertising fraud.

 

The digital advertising market has come to be largely dominated by one company,  in part because of enforcement decisions by the FTC.  The FTC’s failure to act has had the effect of allowing Google to structure its own market; through a series of transactions, the company has accomplished a level of vertical integration that allows it in effect to act as the equivalent of market-maker, commodities broker, and commodities exchange for digital advertising – in the process creating a range of conflicts of interest. While the company controls each link in the supply chain and therefore maintains the power to monitor activity in the digital advertising market from start to finish, it has continued to be caught flat-footed in identifying and addressing digital ad fraud. As we’ve seen in other contexts – such as the rampant proliferation of online disinformation – major platforms including Google have often proved unwilling to address misuse of their platforms until brought to the wider public’s attention by Congress or media outlets. As long as Google stands to profit from the sale of additional advertisements, the financial incentive for it to voluntarily root out and address fraud remains minimal.

 

It was thus enormously discouraging to read your own response to my letter, which did nothing to address the inaction of major industry stakeholders in curbing these abuses. Instead, your letter appeared to suggest that your authority to address deceptive and unfair practices does not apply to this conduct; rather, your letter portrays the FTC as successfully addressing online fraud through workshops and education campaigns. Neither suggestion inspires confidence in the FTC’s efforts as digital ad fraud has continued to proliferate.

 

In recent congressional testimony, you urged Congress to provide the FTC with additional authority related to promoting competition and consumer protection in the digital age.  Increasingly, I am not convinced the Commission is adequately utilizing the authority it already has to crack down on fraud and other misbehavior. The FTC is the agency explicitly empowered to address fraud and deceptive practices, and Section 5 of the Federal Trade Commission Act was written in broad terms precisely for this purpose. 

 

Since 1938, Congress has given your agency broad enforcement authority to protect consumers and expects you to use it. I would like to sit down with you in the next month to discuss how the FTC can ensure it does the job Congress intended it to do.   

 

Sincerely,

 

Mark R. Warner

United States Senator

 

 

###

WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus, released the following statement on Marriott’s disclosure of a data breach affecting up to 500 million guests:  

“It seems like every other day we learn about a new mega-breach affecting the personal data of millions of Americans. Rather than accepting this trend as the new normal, this latest incident should strengthen Congress’ resolve. We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need. And it is past time we enact data security laws that ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.”

 

###

WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and U.S. Sen. Marco Rubio (R-FL), a member of the Committee, urged Canadian Prime Minister Justin Trudeau to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. A letter from the two Senators to the Prime Minister follows comments made by Head-Designee of the Canadian Center for Cyber Security Scott Jones regarding Huawei. 

The entry of Chinese state-directed telecommunications companies like Huawei into the Canadian market could seriously jeopardize the relationship between U.S. and Canadian carriers, depriving North American operators of the scale needed to rapidly build out 5G networks.

The full text of the letter is below. A copy of the signed letter is available here. 

 

Dear Prime Minister Trudeau:

 

We write with grave concerns about the possibility that Canada might include Huawei Technologies or any other Chinese state-directed telecommunications company in its fifth-generation (5G) telecommunications network infrastructure.  As you are aware, Huawei is not a normal private-sector company.  There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party—and Huawei, which China’s government and military tout as a “national champion,” is no exception.

 

Based on what we know about Chinese state-directed telecommunications companies, it was troubling to learn that on September 20, 2018, the new Head-Designee of the Canadian Center for Cyber Security Scott Jones told the House of Commons Standing Committee on Public Safety and National Security that banning Huawei is not needed, in response to a question about why Canada has not come out against Huawei as other Five Eyes allies have.  Specifically, he claimed that Canada has “a very advanced relationship with our telecommunications providers, something that is different from most other countries,” adding, “We have a program that is very deep in terms of working on increasing that broader resilience piece especially as we are looking at the next-generation telecommunications networks.”

 

In contrast to Mr. Scott’s comments, however, three former senior Canadian national security officials warned earlier this year against the inclusion of Huawei in Canada’s 5G network.  One of them—Mr. Ward Elcock, former Deputy Minister of National Defence—told the Globe and Mail on March 18, 2018, “I have a pretty good idea of how signal-intelligence agencies work and the rules under which they work and their various operations,” concluding that, “I would not want to see Huawei equipment being incorporated into a 5G network in Canada.”

 

While Canada has strong telecommunications security safeguards in place, we have serious concerns that such safeguards are inadequate given what the United States and other allies know about Huawei.  Indeed, we are concerned about the impact that any decision to include Huawei in Canada’s 5G networks will have on both Canadian national security and “Five Eyes” joint intelligence cooperation among the United States, United Kingdom, Australia, New Zealand, and Canada.  As you know, Australia effectively banned Huawei, ZTE, and other Chinese state-directed companies from its nation’s 5G networks by excluding firms that “are likely to be subject to extrajudicial directions from a foreign government” and therefore pose unacceptable risks to national security.  Moreover, the United Kingdom’s Huawei Cyber Security Evaluation Centre Oversight Board’s 2018 annual report to Britain’s national security adviser found that “identification of shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunications networks and long-term challenges to mitigation and management.”

 

Further, the strong alignment between the United States and Canada in spectrum management has meant that American and Canadian carriers in many cases share complementary spectrum holdings, jointly benefiting from economies of scale for equipment designed for regionally harmonized frequencies. The entry of suppliers such as Huawei into the Canadian market could seriously jeopardize this dynamic, depriving both Canadian and American operators of the scale needed to rapidly build out 5G networks.

 

Given the strong statements by former Canadian national security officials as well as similar concerns out of the U.S., Australia, and the United Kingdom, we hope that you will reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance.  Should you have any questions about the threat that Chinese state-directed telecommunications firms pose to your networks, we urge your government to seek additional information from the U.S. Intelligence Community.

 

Thank you for your attention to this matter.

 

Sincerely,

 

 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts: 

“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.  

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures. 

“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”  

To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.


###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the White House’s National Cyber Strategy:

“There is not one sector of American society, public or private, that has escaped the threat posed by malicious cyber actors. The entertainment industry, federal, state and local governments, hospitals, and the banking sector – to name just a few examples – have all suffered from major cyber incursions in recent years. Given the scale and frequency of these attacks, and the urgency of the challenge, I have been calling for some time for a national cyber strategy to build resiliency and deter adversaries.

“The White House strategy document outlines a number of important and well-established cyber priorities. We need to focus on growing the cyber workforce, promoting more secure development and security across product lifecycle, establishing norms of responsible state behavior, leveraging federal procurement power to drive better security, and publicly attributing and punishing adversaries who violate those standards. The Administration must now move beyond vague policy proposals and into concrete action towards achieving those goals.”


###

 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, today released the following statement after the U.S. Department of Justice filed charges against a North Korean spy in connection with the 2014 cyberattack on Sony Pictures Entertainment and the 2017 Wannacry ransomware attack:

“This indictment is the result of years of hard work by the FBI and the Department of Justice, and it is an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable. It also points to the need for a clearly thought-out and articulated strategy for deterring and punishing state-sponsored cyberattacks.”


###

 

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement today after Facebook announced that it had removed 652 fraudulent Iranian-backed pages, groups, and accounts from Facebook and Instagram — as well as a number of pages, groups, and accounts linked to Russian military intelligence from Facebook. This announcement comes just weeks ahead of the September 5th open hearing of the Senate Intelligence Committee with the leadership of Facebook, Twitter, and Google on the subject of social media manipulation.

“This is further evidence that foreign adversaries are actively using social media to divide Americans and undermine our democratic institutions. I’ve been saying for months that there’s no way the problem of social media manipulation is limited to a single troll farm in St. Petersburg, and that fact is now beyond a doubt. We also learned today that the Iranians are now following the Kremlin’s playbook from 2016. While I’m encouraged to see Facebook taking steps to rid their platforms of these bad actors, there’s clearly more work to be done. I look forward to questioning the leadership of Facebook, Twitter, and Google about this at the Intelligence Committee’s hearing on September 5th.

 

 

 

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, joined Senate colleagues in urging the Chairmen of the Senate and House Armed Services Committees to include a Senate-passed amendment cosponsored by Sen. Warner that would reinstate penalties against ZTE in their upcoming NDAA FY2019 Conference Report. Earlier this year, intelligence leaders testified before the Senate Intelligence Committee warning that ZTE, Huawei, and other Chinese state-directed telecommunications companies have the capacity for espionage and intellectual property theft, posing clear threats to the national security, people, and economy of the United States. This week, President Trump’s Commerce Department announced an agreement to lift the ban preventing Chinese telecom giant ZTE from doing business with American suppliers.

Additionally, Senators urged the conferees to include the reforms to the Committee on Foreign Investment in the United States (CFIUS), which were a part of the recently passed Senate NDAA bill. These reforms, also known as the Foreign Investment Risk Review Modernization Act (FIRRMA), would ensure that foreign investments in the U.S. do not pose a national security risk.

Sen. Warner, a former technology executive, has long expressed concern that ZTE poses a significant threat to our national security. He recently wrote to the administration urging President Trump to re-consider a deal with the China-based company.

The text of the letter to NDAA conferees can be found here and below:

 

Dear Chairmen McCain and Thornberry, and Ranking Members Reed and Smith:

 

We write to express our strong support for measures in the Senate-passed Fiscal Year 2019 National Defense Authorization Act (FY 2019 NDAA) that would reinstate U.S. government penalties against ZTE, a Chinese state-directed telecommunications company, and modernize the Committee on Foreign Investment in the United States (CFIUS).  As you begin deliberations over the final version of the FY 2019 NDAA, we request that you include these two measures.

 

Section 6702:  Prohibition on Modification of Civil Penalties under Export Control and Sanctions Laws and Prohibition on Certain Telecommunications Equipment.

 

We strongly oppose the June 2018 deal with ZTE negotiated by the Commerce Department’s Bureau of Industry and Security (BIS) to lift the seven-year ban against the export of U.S. parts and components to ZTE.  BIS imposed this seven-year ban and other penalties against ZTE in April 2018 in response to its numerous violations of U.S. export controls and sanctions laws. 

 

We also note that our nation’s six top intelligence leaders testified before the Senate Intelligence Committee in February 2018 about their concern that ZTE, Huawei, and other Chinese state-directed telecommunications companies are beholden to the Chinese government and Communist Party, which provides the capacity for espionage and intellectual property theft, and therefore poses clear threats to the national security, people, and economy of the United States.  

 

As you prepare the Conference Report, we therefore urge you to retain—and further strengthen—Section 6702 of the Senate-passed FY 2019 NDAA, which would not only reinstate the April 2018 penalties against ZTE and prohibit the modification of any penalties against a Chinese telecommunications firm unless certain conditions are met, but also prohibit the U.S. government from using or procuring equipment from, or entering into a contract with ZTE or Huawei. 

 

Title XVII:  Foreign Investment Risk Review Modernization Act of 2018

 

We also thank you for your work protecting our national security and intellectual property by ensuring that foreign countries are not engaged in illicit behavior when investing in the United States.

 

As you are aware, the Senate version of the FY 2019 NDAA includes important reforms to the Committee on Foreign Investment in the United States that were part of the Foreign Investment Risk Review Modernization Act (FIRRMA).  Those reforms are vital to protecting our national security and preventing intellectual property theft by foreign countries—including the People’s Republic of China. 

 

As you negotiate a conference report for the 2019 NDAA, we urge you to include the Senate-passed CFIUS reforms and ensure that the final language fully addresses our national security and competitiveness concerns.  We believe that efforts to weaken the robust protections in the FIRRMA will embolden our adversaries and present threats to our national security.

 

We thank you for your leadership, and we appreciate your consideration.

 

Sincerely,

  

###

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance committees, issued the below statement regarding the U.S. Department of Commerce’s agreement to lift the ban on Chinese telecom giant ZTE doing business with American suppliers:

“I share the grave concerns of our military and the intelligence community, which are unanimous in their conclusion that ZTE — a state-controlled company with ties to Chinese intelligence — presents an ongoing threat to our national security. I also share many of the concerns the President has voiced in the past about China’s unfair trade practices, which have cheated American workers and permitted Chinese companies to steal the intellectual property of American firms with virtually no consequences. 

“This sweetheart deal not only ignores these serious issues, it lets ZTE off the hook for evading sanctions against Iran and North Korea with a slap on the wrist.”

 

###

WASHINTON- U.S. Senators Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, urged the Federal Election Commission (FEC) to implement the strongest possible transparency and accountability requirements for online advertisements in response to the proposed rulemaking. The letter comes as the FEC begins public hearings today on online advertisements. 

“During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again,” the senators wrote.

“People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.” 

Klobuchar, Warner and Senator John McCain (R-AZ) are the authors of the bipartisan Honest Ads Act, legislation to help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.

The full text of the letter can be found below:

 

Dear Commissioners:

 

As you conduct hearings this week on “Internet Disclaimers and Definition of Public Communication”, we encourage you to issue the strongest possible rule that will increase transparency and accountability for online advertisements.

 

During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As part of a wide social media exploitation effort, Russia spent at least $100,000 dollars—in rubles—on Facebook ads to influence the 2016 election. According to Facebook responses to investigations by the Senate Select Committee on Intelligence and Senate Judiciary Committee, Russian disinformation reached more than 126 million Americans online.

 

As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again. As Director of National Intelligence Dan Coats stated earlier this year, “[t]he 2018 U.S. midterm elections are a potential target for Russian influence operations” and Russia will conduct “bolder and more disruptive cyber operations.”   Senate Intelligence Committee members determined that foreign actors illegally influenced the 2016 presidential election and that something has to be done to stop this from occurring in the future.

 

Online platforms dwarf broadcast, satellite, and cable providers. The largest internet platform has over 210 million American users. The largest cable provider only has 22 million subscribers – nearly an order of magnitude greater. That is why we introduced the Honest Ads Act earlier this year. Our legislation would apply the same rules to online political advertisements that already exist for traditional media and require digital advertisers to maintain a public record of political ads purchased. By requiring the same rules across all advertising platforms, we can limit foreign attempts to influence our elections, increase transparency in political advertising, and promote greater accountability.

 

People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.

 

Sincerely,

###

WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Marco Rubio (R-FL) sent a letter to President Trump, urging him to re-consider the deal lifting the ZTE ban, and to support the Senate-passed ban on government purchases of ZTE and Huawei equipment. Sen. Warner is the Vice Chairman of the Senate Select Committee on Intelligence and a member of the Finance and Banking committees. Sen. Rubio is a member of Senate Foreign Relations and Intelligence committees.  

In the letter to President Trump, the Senators wrote, “The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security.  The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment.  We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.”

The Senators noted that at a February 13, 2018 hearing in the Intelligence Committee, six of the nation’s top intelligence leaders – the Director of National Intelligence (DNI) and the heads of the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and the National Geospatial-Intelligence Agency (NGA) – testified about the risks posed to U.S. national security by ZTE and Huawei. Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that Chinese telecom companies such as ZTE and Huawei pose a significant threat to American security.   

“As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security,” the Senators added. “ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government.  This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.”

The full letter is available here and below. 

 

June 26, 2018

 

The President

The White House

1600 Pennsylvania Avenue, NW

Washington, DC  20500

 

Dear Mr. President:

 

We urge you to reconsider your decision to amend the April ZTE sanctions order and lift the ban the Commerce Department imposed this year that prohibited ZTE from buying U.S. components, and we ask for your support for the Senate-passed ban on the government buying ZTE and Huawei equipment.  We strongly believe that the April sanctions order—which would have threatened ZTE’s survival—should not be used as a bargaining chip in negotiations with China on unrelated matters.  

 

The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security.  The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components,  and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment.  We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.

 

At the Senate Intelligence Committee’s hearing on February 13, 2018, six top intelligence leaders testified about the risk of ZTE and Huawei to American national security: 

 

·         FBI Director Wray stated: “We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks that provides the capacity to exert pressure or control over our telecommunications infrastructure.  It provides the capacity to maliciously modify or steal information, and it provides the capacity to conduct undetected espionage.”  

·         Then-NSA Director Rogers warned:  “I would agree with Director Wray’s characterization here.  This is a challenge I think that's only going to increase, not lessen, over time for us.” To mayors, county judges, university presidents, and state legislatures, “I would say you need to look long and hard at companies like this.”

·         The Director of National Intelligence, and the heads of the CIA, FBI, NSA, DIA, and NGA all indicated they would not use products or services from ZTE or Huawei; nor would they recommend private American citizens do so. 

 

Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that “the Intelligence Community and law enforcement is clearly on the record, both in the public and in classified settings, with the threat from Chinese telecommunications companies.”

 

As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security. 

 

ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government.  This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.

 

Thank you for your attention to this important matter and for your assistance in ensuring we protect our nation’s future from authoritarian influence.

 

Sincerely,

 

Mark R. Warner

United States Senator

 

Marco Rubio

United States Senator

 

 

###

 

WASHINGTON – Today U.S. Sen. Mark R. Warner (D-VA) released a statement after Congress approved the Fiscal Year 2019 National Defense Authorization Act (NDAA):

 “I’m glad that the Senate was able to work in a bipartisan way to improve national security, support our service members, and strengthen defense readiness.  

“Since the Administration has failed to listen to warnings from their own top intelligence officials about the dangers posed by Chinese telecom company ZTE, this legislation includes a bipartisan amendment – which I co-sponsored – to automatically reinstate trade restrictions on ZTE once this bill is signed into law. Importantly, this legislation would also ensure that neither ZTE nor Huawei will be eligible for government contracts in the future. To further prioritize our national security, I also supported the inclusion of a bipartisan CFIUS bill similar to what we passed in the Banking Committee to ensure that foreign investments in the U.S. do not pose a national security risk. I strongly encourage the Administration to consider the strong bipartisan support for these measures in the Senate before taking any hasty actions. Additionally, this bill urges the Secretaries of State and Defense to dedicate all necessary resources to complete its strategy to counter and deter future cyber aggression by Russia.”  

“This bill also funds several critical priorities important to Virginia’s shipbuilding footprint, including the procurement of two Virginia-class submarines. In addition, this bill pushes further action to make long-overdue investments in our nation’s public shipyards, authorizes more than $260 million towards 14 military construction projects across the Commonwealth, and includes a 2.6 percent raise for members of the armed forces. The NDAA also includes important reforms to modernize our antiquated security clearance system and to reduce the 700,000 person background investigation backlog. Although this bill is far from perfect, I commend my colleagues for passing this critical defense package,” said Sen. Warner.  

Included in the NDAA are three provisions championed by Sen. Warner to address the security clearance backlog:

  • A provision requiring the Director of National Intelligence to improve information sharing regarding government and contract employees;
  • A provision requiring the Director of National Intelligence to provide a report on a clearance-in-person concept to accommodate a more modern mobile workforce;
  • And a provision creating a “rocket” clearance for mission-critical positions that can be processed in 15 days for SECRET and 45 days for TOP SECRET.

In addition, the bill includes a bipartisan amendment sponsored by Sen. Warner and Sen. Marco Rubio (R-FL) that would improve access to cybersecurity scholarships for students at minority-serving institutions. With mounting demand across every industry for trained cyber workers, it’s particularly important that we invest now in developing a diverse cyber workforce. 

Added Sen. Warner, “In order to address the nation’s increased cyber threats from foreign adversaries, this amendment will ensure the nation that the U.S. builds a strong and diverse pipeline of future talent to lead the nation’s strategy in the field of cybersecurity.” 

“Norfolk State University is pleased to support this bipartisan proposal to recruit a more diverse pool of students to pursue cyber education,” said Dr. Melvin T. Stith, Interim President of Norfolk State University. “Strong cyber training and knowledge is essential for preparing students to compete and thrive in a 21st century economy. This effort by Senator Warner is a welcome boost to Norfolk State University's ongoing efforts to produce a talented and representative cyber workforce.” 

The amendment is similar to provision offered by Rep. Pete Aguilar (D-CA) that was included in the House-passed version of the NDAA. The text of the amendment can be found here.

 

###

WASHINGTON –U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, today sent letters to Twitter and Google parent company Alphabet, requesting information about any data sharing agreements between the companies and Chinese vendors. The letter follows a disclosure earlier this week by Facebook that the company has partnerships with Chinese telecom companies including Huawei that allow them to access Facebook users’ non-public data. 

“Since at least October 2012, when the House Permanent Select Committee on Intelligence released its widely-publicized report, the relationship between the Chinese Communist Party and equipment makers like Huawei and ZTE has been an area of national security concern. Since then, numerous articles in the tech trade press have focused on concerns by American and allied intelligence agencies that products from Chinese device makers, such as Lenovo, have security vulnerabilities that could allow Chinese intelligence to access data stored on, or transmitted by, devices.  And the New York Times reported in 2016 that firmware found in low-end smartphone devices, such as those of Huawei and ZTE, continually transmitted local data to Chinese severs, potentially for foreign intelligence purposes,” Sen. Warner wrote to the two companies today. 

It is publicly known that Alphabet has entered into strategic partnerships with Chinese mobile device manufacturers, including Huawei and Xiaomi, as well as with Chinese technology platform Tencent. In light of Facebook’s recent revelations, Sen. Warner requested that the company provide information about those partnerships, as well as any other agreements that Alphabet may have entered into with third-party vendors based in China. A similar request was posed to Twitter. 

Sen. Warner’s letter to Alphabet CEO Larry Page is available here. His letter to Twitter CEO Jack Dorsey is available here.  

###