WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance committees, issued the below statement regarding the U.S. Department of Commerce’s agreement to lift the ban on Chinese telecom giant ZTE doing business with American suppliers:
“I share the grave concerns of our military and the intelligence community, which are unanimous in their conclusion that ZTE — a state-controlled company with ties to Chinese intelligence — presents an ongoing threat to our national security. I also share many of the concerns the President has voiced in the past about China’s unfair trade practices, which have cheated American workers and permitted Chinese companies to steal the intellectual property of American firms with virtually no consequences.
“This sweetheart deal not only ignores these serious issues, it lets ZTE off the hook for evading sanctions against Iran and North Korea with a slap on the wrist.”
In Light of Federal Election Commission Hearing, Klobuchar, Warner Urge Commissioners to Issue Strongest Possible Transparency Requirements for Online Ads
Jun 27 2018
WASHINTON- U.S. Senators Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, urged the Federal Election Commission (FEC) to implement the strongest possible transparency and accountability requirements for online advertisements in response to the proposed rulemaking. The letter comes as the FEC begins public hearings today on online advertisements.
“During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again,” the senators wrote.
“People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.”
Klobuchar, Warner and Senator John McCain (R-AZ) are the authors of the bipartisan Honest Ads Act, legislation to help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
The full text of the letter can be found below:
As you conduct hearings this week on “Internet Disclaimers and Definition of Public Communication”, we encourage you to issue the strongest possible rule that will increase transparency and accountability for online advertisements.
During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As part of a wide social media exploitation effort, Russia spent at least $100,000 dollars—in rubles—on Facebook ads to influence the 2016 election. According to Facebook responses to investigations by the Senate Select Committee on Intelligence and Senate Judiciary Committee, Russian disinformation reached more than 126 million Americans online.
As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again. As Director of National Intelligence Dan Coats stated earlier this year, “[t]he 2018 U.S. midterm elections are a potential target for Russian influence operations” and Russia will conduct “bolder and more disruptive cyber operations.” Senate Intelligence Committee members determined that foreign actors illegally influenced the 2016 presidential election and that something has to be done to stop this from occurring in the future.
Online platforms dwarf broadcast, satellite, and cable providers. The largest internet platform has over 210 million American users. The largest cable provider only has 22 million subscribers – nearly an order of magnitude greater. That is why we introduced the Honest Ads Act earlier this year. Our legislation would apply the same rules to online political advertisements that already exist for traditional media and require digital advertisers to maintain a public record of political ads purchased. By requiring the same rules across all advertising platforms, we can limit foreign attempts to influence our elections, increase transparency in political advertising, and promote greater accountability.
People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Marco Rubio (R-FL) sent a letter to President Trump, urging him to re-consider the deal lifting the ZTE ban, and to support the Senate-passed ban on government purchases of ZTE and Huawei equipment. Sen. Warner is the Vice Chairman of the Senate Select Committee on Intelligence and a member of the Finance and Banking committees. Sen. Rubio is a member of Senate Foreign Relations and Intelligence committees.
In the letter to President Trump, the Senators wrote, “The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.”
The Senators noted that at a February 13, 2018 hearing in the Intelligence Committee, six of the nation’s top intelligence leaders – the Director of National Intelligence (DNI) and the heads of the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and the National Geospatial-Intelligence Agency (NGA) – testified about the risks posed to U.S. national security by ZTE and Huawei. Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that Chinese telecom companies such as ZTE and Huawei pose a significant threat to American security.
“As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security,” the Senators added. “ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.”
The full letter is available here and below.
June 26, 2018
The White House
1600 Pennsylvania Avenue, NW
Washington, DC 20500
Dear Mr. President:
We urge you to reconsider your decision to amend the April ZTE sanctions order and lift the ban the Commerce Department imposed this year that prohibited ZTE from buying U.S. components, and we ask for your support for the Senate-passed ban on the government buying ZTE and Huawei equipment. We strongly believe that the April sanctions order—which would have threatened ZTE’s survival—should not be used as a bargaining chip in negotiations with China on unrelated matters.
The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.
At the Senate Intelligence Committee’s hearing on February 13, 2018, six top intelligence leaders testified about the risk of ZTE and Huawei to American national security:
· FBI Director Wray stated: “We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks that provides the capacity to exert pressure or control over our telecommunications infrastructure. It provides the capacity to maliciously modify or steal information, and it provides the capacity to conduct undetected espionage.”
· Then-NSA Director Rogers warned: “I would agree with Director Wray’s characterization here. This is a challenge I think that's only going to increase, not lessen, over time for us.” To mayors, county judges, university presidents, and state legislatures, “I would say you need to look long and hard at companies like this.”
· The Director of National Intelligence, and the heads of the CIA, FBI, NSA, DIA, and NGA all indicated they would not use products or services from ZTE or Huawei; nor would they recommend private American citizens do so.
Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that “the Intelligence Community and law enforcement is clearly on the record, both in the public and in classified settings, with the threat from Chinese telecommunications companies.”
As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security.
ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.
Thank you for your attention to this important matter and for your assistance in ensuring we protect our nation’s future from authoritarian influence.
Mark R. Warner
United States Senator
United States Senator
WASHINGTON –U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, today sent letters to Twitter and Google parent company Alphabet, requesting information about any data sharing agreements between the companies and Chinese vendors. The letter follows a disclosure earlier this week by Facebook that the company has partnerships with Chinese telecom companies including Huawei that allow them to access Facebook users’ non-public data.
“Since at least October 2012, when the House Permanent Select Committee on Intelligence released its widely-publicized report, the relationship between the Chinese Communist Party and equipment makers like Huawei and ZTE has been an area of national security concern. Since then, numerous articles in the tech trade press have focused on concerns by American and allied intelligence agencies that products from Chinese device makers, such as Lenovo, have security vulnerabilities that could allow Chinese intelligence to access data stored on, or transmitted by, devices. And the New York Times reported in 2016 that firmware found in low-end smartphone devices, such as those of Huawei and ZTE, continually transmitted local data to Chinese severs, potentially for foreign intelligence purposes,” Sen. Warner wrote to the two companies today.
It is publicly known that Alphabet has entered into strategic partnerships with Chinese mobile device manufacturers, including Huawei and Xiaomi, as well as with Chinese technology platform Tencent. In light of Facebook’s recent revelations, Sen. Warner requested that the company provide information about those partnerships, as well as any other agreements that Alphabet may have entered into with third-party vendors based in China. A similar request was posed to Twitter.
Jun 07 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Commerce Department’s agreement with ZTE:
“It is the unanimous conclusion of our nation’s intelligence community that ZTE poses a significant threat to our national security. These concerns aren’t new; back in 2012, the House Permanent Select Committee on Intelligence released a report on the serious counterintelligence concerns associated with ZTE equipment.
“It’s not only that ZTE was busted for evading sanctions on Iran and North Korea, and then lied about it; It’s that ZTE is a state-controlled telecommunications company that poses significant espionage risks, which this agreement appears to do little to address.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement after Facebook confirmed the company has data-sharing partnerships with Chinese telecom companies, including Huawei:
“Concerns about Huawei aren’t new – they were widely publicized beginning in 2012, when the House Permanent Select Committee on Intelligence released a well-read report on the close relationships between the Chinese Communist Party and equipment makers like Huawei. The news that Facebook provided privileged access to Facebook’s API to Chinese device makers like Huawei and TCL raises legitimate concerns, and I look forward to learning more about how Facebook ensured that information about their users was not sent to Chinese servers.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking Committee, released the following statement regarding the reported ZTE agreement lifting the Commerce Department ban:
“If these reports are accurate, this is a huge mistake. ZTE poses a threat to our national security. That’s not just my opinion – it’s the unanimous conclusion of our intelligence community.”
May 26 2018
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Trump administration’s deal on ZTE:
WASHINGTON, D.C. – U.S. Senators Mark Warner and Tim Kaine joined a bipartisan letter calling on Federal Communications Commission (FCC) Chairman Ajit Pai to support long-term funding that would make broadband and voice services more accessible and affordable in rural communities. In the letter, the Senators thank the FCC for its work to support rural broadband and request that it prevent upcoming funding cuts to smaller operators that deliver broadband to the country’s most rural communities, which would otherwise go into effect on July 1.
“These recurring budget shortfalls result in lower speeds, more unserved locations, and higher prices for rural consumers and businesses,” the Senators said. “We share your goal of eliminating the digital divide and look forward to working with you to maintain accessible, affordable broadband for rural American consumers and businesses.”
The FCC fixed the budget shortfall for the Universal Service Fund’s (USF) High-Cost program for the current Fiscal Year, but has not addressed long term funding for the program. The USF program helps to ensure that consumers in rural areas pay comparable rates to those in urban areas by helping rural carriers cover some of their costs. The Senators make the case that funding the program encourages businesses to invest in broadband networks in regions of the country where service is needed, but where deploying broadband is difficult and costly.
Warner and Kaine have been strong supporters of expanding broadband to rural communities in Virginia as Governors and Senators. Last year, Warner and Kaine joined a bipartisan group of colleagues to urge President Trump to include broadband in an infrastructure initiative. In October, Warner and Kainepraised a Senate Democratic proposal to invest $40 billion to build broadband infrastructure necessary to connect over 34 million Americans to high-speed internet. In November, Warner and Kaine announced $6 million in federal funding to construct broadband infrastructure in Buchanan and Scott Counties.
The full text of the Senators’ letter to Chairman Pai is available here and below:
May 15, 2018
The Honorable Ajit Pai
Federal Communications Commission
445 12th Street, S.W.
Washington, DC 20554
Dear Chairman Pai:
We write to express our strong support and sincere gratitude for the recent Order addressing budget shortfalls in the Universal Service Fund’s (USF) High-Cost program. The Order is an essential, immediate step in the right direction, and we now encourage the Federal Communications Commission (FCC) to continue down this path by acting quickly on the notice of proposed rulemaking to provide long-term, predictable support. Such additional steps are necessary to ensure rural Americans have access to high quality voice and broadband services.
The FCC’s recent Order approving an infusion of funds into the USF is greatly welcomed, and will provide needed support for small, rural carriers that rely on the High-Cost USF program. Despite this, persistent limitations on resources can affect the ability of smaller broadband providers to deliver services in our country’s most rural communities. The FCC’s cost model for smaller operators electing model-based USF support is not yet funded at the designed levels, and carriers not receiving model-based support will once again face significant funding cuts when the program’s new fiscal year takes effect on July 1, 2018. These recurring budget shortfalls result in lower speeds, more unserved locations, and higher prices for rural consumers and businesses.
Congress has expressed consistent, bipartisan support for addressing shortfalls in the USF program. In April 2017, 58 Senators called on the FCC to provide adequate resources for broadband delivery services to rural consumers in areas that are the hardest and costliest to serve. In May 2017, 102 Representatives wrote to the FCC, expressing similar concerns about the impacts of insufficient USF resources on rural consumers.
We commend the FCC’s actions thus far to address and modernize USF support. Taking action on the notice of proposed rulemaking and establishing lasting solutions that allow the reformed High-Cost mechanism to work as designed would enable many smaller operators to offer high quality, affordable broadband to consumers across rural America. It is important to consider any modifications needed to meet the program’s objectives of ensuring consistent network build-out and strengthening ongoing service, for locations otherwise unserved, in our nation’s high-cost rural areas.
Thank you for the actions you have undertaken thus far to support the USF and for considering this request. We share your goal of eliminating the digital divide and look forward to working with you to maintain accessible, affordable broadband for rural American consumers and businesses.
May 16 2018
WASHINGTON — Today, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) voted in favor of a Congressional Review Act (CRA) resolution to undo the Trump Administration’s repeal of net neutrality rules. In February 2018, Sens. Warner and Kaine joined a group of Senate and House Democrats in introducing the CRA to overturn the Federal Communications Commission’s (FCC) partisan vote to repeal open internet rules. The resolution passed the Senate this afternoon 52-47 and it now heads to the House of Representatives for consideration.
“The FCC last year repealed rules codifying longstanding open internet principles through a strictly partisan and hurried rulemaking, marked by troubling irregularities in its public comment system. Removing these rules of the road amounted to a greenlight for potential anti-competitive practices by Internet Service Providers, harming Internet users in Virginia and across the country. I urge the House to pass this bill and protect the integrity of the nation’s most crucial information network,” said Sen. Warner.
“Over the past year, there have been very few issues that have generated as much contact from my constituents as concerns over the repeal of net neutrality protections. The Obama Administration put these rules in place to protect consumers and the Trump Administration took them away to protect big internet service providers. It’s as simple as that. This is particularly important for students and families in rural communities that have limited options in internet providers. We fought hard for this vote, and now that our resolution has passed, we need the House to swiftly take it up so we can reverse the Trump Administration’s gutting of net neutrality protections. This is a fundamental issue of providing consumers with more choice and control,” Sen. Kaine said.
In December 2017, the Federal Communications Commission (FCC) voted to repeal the 2015 Open Internet Order, which the D.C. Circuit Court had upheld in 2016. The Open Internet Order prohibited internet service providers from blocking, slowing down, or discriminating against content online. Repealing the net neutrality rules could lead to higher prices for consumers, slower internet traffic, and even blocked websites. A recent poll showed that 83 percentof Americans do not approve of the FCC action to repeal net neutrality rules.
A simple majority of 51 votes is needed to pass a CRA resolution in the Senate.
WASHINGTON— U.S. Sens. Mark R. Warner (D-VA) and Amy Klobuchar (D-MN) today called on Twitter and Alphabet, Inc., the parent company of Google, to implement stronger transparency and accountability standards for online political advertisements. Specifically, the Senators called on the companies to voluntarily implement the provisions in the Honest Ads Act, bipartisan legislation introduced by Sens. Klobuchar, Warner and John McCain (R-AZ) that would require online political advertisements to abide by the same disclosure rules as television and radio ads.
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. However, Americans had no way of knowing who was behind the ads, because, unlike radio and television ads, the Federal Election Commission (FEC) has exempted large swathes of online ads from general requirements to include disclaimers about who is responsible for the content, and platforms are not required to make public information about political ad purchases as cable, satellite, and broadcast providers must.
“This lack of transparency has dangerous implications for our democracy. As we saw in the 2016 presidential election, foreign actors can seek to influence the electorate without voters’ knowledge through online political advertising,” wrote Sens. Warner and Klobuchar in a pair of letters today to Alphabet CEO Larry Page and Twitter CEO Jack Dorsey.
On Friday, April 6, Facebook announced that it would endorse and implement the disclosure requirements outlined in the Honest Ads Act. In today’s letters, Sens. Warner and Klobuchar asked Google and Twitter to do the same.
“The Honest Ads Act would apply analogous rules to online political advertisements that currently exist in traditional media, bringing long-overdue transparency to the opaque market of online political advertising. It would extend existing disclaimer obligations that print, broadcast, and cable ads must already meet to analogous political ads disseminated on online platforms… And it would require digital platforms to maintain a public record of political ads purchased by an advertiser who spends more than $500 in any 12 month period,” wrote the Senators. “Lastly, it requires that all advertising platforms – whether broadcast, radio or digital – make reasonable efforts to ensure that the prohibition on foreign nationals attempting to influence our elections through donations, expenditures or other things of value is not violated. These measures not only increase transparency in political advertising, but also promote accountability – both of platforms and of political advertisers.”
WASHINGTON, D.C. – Today, U.S. Senators Mark Warner and Tim Kaine announced $1,000,000 in federal funding from the National Science Foundation to support high-achieving students with demonstrated financial need as they pursue the cybersecurity program at Old Dominion University (ODU).
“Ensuring students have the support they need to pursue careers in cybersecurity is critical to building our federal workforce and defending the nation’s economic and national security,” the Senators said. “We are thrilled that ODU and the National Science Foundation are partnering to help make that a reality for more students.”
The funding will provide up to 18 scholarships for students in the cybersecurity program as well as additional mentoring and program activities.
As Vice Chairman of the Senate Intelligence Committee, Warner has been a strong voice for protecting the integrity of our election systems, introducing bipartisan legislation to bring accountability to online political ads and secure our elections. He is also the author of bipartisan, bicameral legislation that would provide states and local government funding to counter cyberattacks. As cofounder of the Senate Cybersecurity Caucus, Warner has been a leader in calling for the protection of consumers’ personal information and timely disclosure of data breaches, authoring legislation to hold credit reporting agencies accountable for such breaches.
Kaine, a member of the Senate Armed Services Committee, also co-chairs the Senate Career and Technical Education (CTE) Caucus and has become a leader in the Senate on policies to prepare students for careers in cybersecurity. Last year, key provisions of Kaine’s DoD Cyber Scholarship Program Act of 2017, which would improve and expand an existing DoD scholarship program for students pursuing degrees in cybersecurity fields, were included in the committee-passed Fiscal Year 2018 National Defense Authorization Act. The DoD Cyber Scholarship Act creates a jobs pipeline from Centers of Academic Excellence (CAE) to the Department of Defense.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement today after Facebook announced that it removed 70 Facebook and 65 Instagram accounts — as well as 138 Facebook pages — that were controlled by the Russia-based Internet Research Agency (IRA):
“For many months now, I have been pushing Facebook to more aggressively investigate and identify Russian-linked fake accounts on their platform. Given the scale and scope of the Kremlin’s disinformation campaign, it was always clear that Russian activity on Facebook extended far beyond the 470 fake accounts and pages that the company shut down in September. Today’s disclosure of more IRA-linked accounts is evidence that the Kremlin continues to exploit platforms like Facebook to sow division, spread disinformation, and influence political debates around the globe.
“I am glad that Facebook is taking some steps to pinpoint and address this activity, but I also expect Facebook and Mr. Zuckerberg, along with other platform companies, to continue to identify Russian troll activity and to work with Congress on updating our laws to better protect our democracy in the future.”
In October, Sen. Warner – along with Sens. Amy Klobuchar (D-MN) and John McCain (R-AZ) – introduced the Honest Ads Act to help prevent foreign interference in elections and improve the transparency of online political advertisements.
WASHINGTON, DC – Senators James Lankford (R-OK), Amy Klobuchar (D-MN), Kamala Harris (D-CA), Susan Collins (R-ME), Martin Heinrich (D-NM), and Lindsey Graham (R-SC) today introduced a revised Secure Elections Act, a bill to strengthen election cybersecurity in America. The Senators originally introduced the legislation in December, and have since worked with stakeholders to revise and strengthen the bill. With today’s reintroduction, Intelligence Committee Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) also co-sponsored the bill.
The revised legislation maintains the original purpose of the bill to streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; provide security clearances to state election officials; and provide support for state election cybersecurity infrastructure. Today’s revised bill modifies reporting requirements for state election offices; transitions the election security advisory panel from the Department of Homeland Security to the Election Assistance Commission; and makes grants eligible to local jurisdictions, among several other minor modifications.
“This week’s Intelligence Committee hearing confirmed the need for America to make the security of our election infrastructure a priority,” said Lankford. “During the 2016 election, Russian entities hacked presidential campaign accounts, launched cyber-attacks against at least 21 state election systems, and attacked a US voting systems software company. This revised Secure Elections Act adequately helps the states prepare our election infrastructure for the possibility of interference from not just Russia, but possibly another adversary like Iran or North Korea or a hacktivist group. Although funding for election security is included in the Omnibus appropriations bill, Congress still must pass the Secure Elections Act in order to put needed election improvements into law.”
“We know—and our top intelligence officials have confirmed—that our election systems remain a target,” said Klobuchar, who is also Ranking Member of the Rules Committee with jurisdiction over federal elections. “The bipartisan group of co-sponsors on the Secure Elections Act have been working with state election officials and the Department of Homeland Security to improve this bill and ensure those on the front-lines of administering elections are equipped with the information and resources necessary to keep them safe. This week we made progress by securing $380 million in funding, but it’s not enough. There are 227 days until the next federal election and primaries have already begun, Congress should pass the bipartisan Secure Elections Act immediately.”
“Our democracy is under attack by foreign actors who seek to undermine and destabilize our country,” said Chairman Burr. “This bill will help strengthen our cybersecurity heading into upcoming election cycles, and has provisions to ensure that threat information is promptly shared with the states.”
“Elections – at all levels – are central to our democracy, to our institutions and to our government’s legitimacy,” said Vice Chairman Warner. “During the 2016 campaign, we saw unprecedented targeting of election infrastructure by Russian actors. As we’ve heard in recent weeks from our nation’s top intelligence officials, the Russians will continue to attack our elections. We need to make sure states and localities have the resources and federal support they need to make election security a top priority.”
“Election security is not a bipartisan issue, it’s a nonpartisan issue,” said Harris. “With 2018 elections across the country underway, the urgency to act is clear. We need to improve communication between states and federal authorities, fortify and upgrade election infrastructure, and implement best practices. We know there will be a new set of threats this year and we must be prepared to meet them.”
“While our investigation is still ongoing, we know for certain that the Russians were relentless in their efforts to meddle in the 2016 elections, and that those efforts are ongoing,” said Collins. “This bipartisan legislation will strengthen the integrity of our election process by ensuring that local voting officials have the information and financial resources they need to secure their voting systems. Given that we are already in an election year, the need to act now is urgent.”
“Our democracy hinges on Americans' ability to fairly choose our own leaders. As we approach the midterm elections and the next presidential election cycle, we need to act quickly to protect the integrity of our voting process,” said Heinrich. “Our bipartisan legislation will improve and modernize protections for our voting systems, registration data, and ballots to prevent theft, manipulation, and malicious computer hacking. Until we take these necessary steps, our nation's democratic institutions will remain vulnerable.”
“The Russians have been trying to break the backs of democracies all over the world,” said Graham. “And although they did not change the outcome, they clearly interfered in our 2016 election. This bipartisan legislation will help defend our elections from foreign interference and sends a strong signal to other bad actors – like Iran and North Korea -- that similar acts will not be tolerated. We are committed to defending and promoting confidence in American democracy by providing states with the resources they need to safeguard their election systems.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement on reports from the New York Times and the Guardian that Cambridge Analytica misused the data of millions of Facebook users:
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement in response to the Federal Election Commission (FEC)’s announcement that commissioners have approved a Draft Notice of Proposed Rulemaking on two proposals dealing with disclosure rules for online political advertisements:
“While I applaud the FEC for moving forward today, my hope was that the simple and overdue act of strengthening these disclaimer rules would have been completed by now. The Commission’s current plan, which contemplates yet another round of comments, means rules concerning online political ads remain woefully behind the commonsense standards we apply to political ads on TV and other media – just as the country begins the primary season for the upcoming 2018 mid-term elections.
“Congress must recognize that our current laws are simply not adequate to deal with the national security threats we face from foreign adversaries like Russia, and other bad actors. While no one law alone will completely protect our democracy, updating our election laws is a simple and important start. Bipartisan legislation like the Honest Ads Act is needed to bring true parity between digital political ads and ads running on broadcast, satellite, and cable services.”
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. However, Americans had no way of knowing who was behind the ads, because, unlike radio and television ads, the FEC has exempted large swathes of online ads from general requirements to include disclaimers about who is responsible for the content.
In November 2017, Senator Warner led a number of his colleagues in calling on the FEC to take immediate action to improve transparency for political advertisements online. That effort followed Senator Warner’s introduction in October 2017 of the Honest Ads Act, bipartisan legislation that would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
According to the FEC, the public will now have 60 days to provide comments on two alternative proposals, one Republican-sponsored and one Democrat-sponsored, to amend FEC regulations concerning disclaimers on public communications on the internet that contain express advocacy, solicit contributions, or are made by political committees.
WASHINGTON – On Net Neutrality National Day of Action, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) joined a group of Senate and House Democrats in introducing a Congressional Review Act (CRA) resolution to overturn the Federal Communications Commission’s (FCC) partisan decision on net neutrality. The Senate CRA resolution of disapproval stands at 50 supporters, including Republican Sen. Susan Collins (R-ME). The House resolution currently has 150 co-sponsors.
The FCC’s Open Internet Order prohibited internet service providers from blocking, slowing down, or discriminating against content online. Repealing these net neutrality rules could lead to higher prices for consumers, slower internet traffic, and even blocked websites. A recent poll showed that 83 percent of Americans do not approve of the FCC’s action to repeal net neutrality rules.
“From the start, the FCC’s process to determine whether to keep previously established rules that guarantee a free and open internet was marred by partisan fights and troubling irregularities in the public comment system,” said the Senators. “By repealing these open internet principles, we believe the agency greenlighted potential anti-competitive practices that could negatively impact consumers. We will continue urging our colleagues on both sides of the aisle to stand together to protect the integrity of our nation’s most crucial information network.”
Last week, the FCC’s rule repealing net neutrality was published in the Federal Register, leaving 60 legislative days to seek a vote on the Senate floor on the CRA resolutions. In order to force a vote on the Senate resolution, the Senators will submit a discharge petition, which requires a minimum of 30 Senators’ signatures. Once the discharge petition is filed, Senate Democrats will demand a vote on the resolution. A simple majority of 51 votes is needed to pass a CRA resolution in the Senate.
A copy of the CRA resolution can be found here.
Statement Of U.S. Sen. Mark R. Warner on Report that the Trump Administration is Considering Nationalizing 5G Network
Jan 29 2018
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement regarding press reports that the Trump Administration is considering building a nationalized 5G network:
“While I’m glad that the Trump Administration recognizes that maintaining American leadership in the information age requires a significant investment commitment, I’m concerned that constructing a nationalized 5G network would be both expensive and duplicative, particularly at a time when the Administration is proposing to slash critical federal investments in R&D and broadband support for unserved areas. America’s leadership in emerging fields like AI depends on supporting our nation’s research universities – and having an immigration system that attracts the brightest minds in the world – rather than rehashing old debates on construction of a standalone federal broadband network. I agree there are serious concerns relating to the Chinese government’s influence into network equipment markets, and I would look forward to working with the Administration on a viable, cost-effective solution to begin addressing those risks.”
A standalone network would cost more than $30 billion, according to previous estimates.
Sen. Warner spent 20 years as a successful technology and business leader in Virginia before entering public office. An early investor in the cellular telephone business, he co-founded the company that became Nextel.
Senate Aerospace Caucus Co-Chairs Meet with AIA CEO, Discuss Continued Partnership, Advancing American Innovation
Jan 25 2018
WASHINGTON – U.S. Senators Jerry Moran (R-Kan.) and Mark Warner (D-Va.) – co-chairs of the Senate Aerospace Caucus – this week met with Aerospace Industries Association (AIA) President and Chief Executive Officer Eric Fanning, who was selected to lead the association effective January 1, 2018. In welcoming Mr. Fanning in his new capacity with AIA, Sens. Moran and Warner emphasized the caucus’s longstanding partnership with AIA and discussed collaborative ways to continue growing the aerospace industry as AIA prepares to celebrate its centennial anniversary.
“Our nation’s aerospace industry is driving innovation and pursuing cutting edge technologies, contributing both to U.S. national security and our economic competitiveness,” said Sen. Warner. “As Co-Chair of the Senate Aerospace Caucus, I look forward to working with my co-chair Senator Moran, the Aerospace Industries Association, and our manufacturers and suppliers on a range of critical issues, including workforce development, unmanned systems, increased R&D, defense modernization efforts, and ways to improve cybersecurity within these critical industries. Congratulations to Eric Fanning on his new position as President and CEO of AIA.”
“In Kansas – from cybersecurity to aircraft manufacturing and developing a talented workforce to maintain American supremacy – the aerospace industry has an impact on every corner of our state,” said Sen. Moran. “The aerospace industry is where a strong national defense and stable economy converge, and as co-chairs of the Senate Aerospace Caucus, Sen. Warner and I are committed to making certain that America’s defense, civil aviation and space sectors advance amidst global challenges. With extensive experience in the executive and legislative branches of our government, I know Eric shares this commitment, and I look forward to working with my caucus colleagues and industry leaders in safeguarding and promoting American innovation.”
“I’m honored to be working once again with Senators Moran and Warner,” said AIA President and CEO Eric Fanning. “I’ve seen firsthand their commitment to the aerospace industry, the critical role it plays in our nation’s security, and the enormous impact it has on our economy.”
Items to note:
- Fanning previously served as the 22nd Secretary of the Army, Chief of Staff to the Secretary of Defense, both Acting Secretary and Under Secretary of the Air Force, and has worked in the White House and on Capitol Hill.
# # #
Warner, Warren Introduce Legislation to Hold Credit Reporting Agencies like Equifax Accountable for Data Breaches
Jan 10 2018
WASHINGTON — U.S. Sens. Mark R. Warner (D-VA) and Elizabeth Warren (D-MA) introduced today the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs)—including Equifax—accountable for data breaches involving consumer data. The bill would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at CRAs, impose mandatory penalties on CRAs to incentivize adequate protection of consumer data, and provide robust compensation to consumers for stolen data.
In September 2017, Equifax announced that hackers had stolen sensitive personal information – including Social Security Numbers, birth dates, credit card numbers, driver’s license numbers, and passport numbers – of over 145 million Americans. The attack highlighted that CRAs hold vast amounts of data on millions of Americans but lack adequate safeguards against hackers. Since 2013, Equifax has disclosed at least four separate hacks in which sensitive personal data was compromised.
“In today’s information economy, data is an enormous asset. But if companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn’t be collecting it in the first place,” said Sen. Warner. “This bill will ensure that companies like Equifax – which gather vast amounts of information on American consumers, often without their knowledge – are taking appropriate steps to secure data that’s central to Americans’ identity management and access to credit.”
“The financial incentives here are all out of whack – Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach,” said Sen. Warren. “Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers – which will put money back into peoples’ pockets and help stop these kinds of breaches from happening again.”
The Data Breach Prevention and Compensation Act would establish an Office of Cybersecurity at the FTC tasked with annual inspections and supervision of cybersecurity at CRAs. It would impose mandatory, strict liability penalties for breaches of consumer data beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer. To ensure robust recovery for affected consumers, the bill would also require the FTC to use 50% of its penalty to compensate consumers and would increase penalties in cases of woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.
The Data Breach Prevention and Compensation Act is supported by cybersecurity experts and consumer groups:
“U.S. PIRG commends Senators Warren and Warner for the Data Breach Prevention and Compensation Act. It will ensure that credit bureaus protect your information as if you actually mattered to them and it will both punish them and compensate you when they fail to do so,” said U.S. PIRG Consumer Program Director, Ed Mierzwinski.
"This bill establishes much-needed protections for data security for the credit bureaus. It also imposes real and meaningful penalties when credit bureaus, entrusted with our most sensitive financial information, break that trust," said National Consumer Law Center staff attorney, Chi Chi Wu.
"Senator Warner and Senator Warren have proposed a concrete response to a serious problem facing American consumers,” said Electronic Privacy Information Center President, Marc Rotenberg.
"This bill creates greater incentive for these companies to handle our data with care and gives the Federal Trade Commission the tools that it needs to hold them accountable,” said Director of Consumer Protection and Privacy at Consumer Federation of America, Susan Grant.
Sen. Warner has been a leader in calling for better consumer protections from data theft. Following the Equifax data breach, Sen. Warner asked the Federal Trade Commission (FTC) to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.” He slammed the credit bureau for its cybersecurity failures and weak response at a Banking Committee hearing with Securities and Exchange Commission (SEC) Chairman Jay Clayton last year. Similarly, in the aftermath of the 2013 Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner has also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.Warner, Warren Introduce Legislation to Hold Credit Reporting Agencies like Equifax Accountable for Data Breaches
WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) urged Federal Communications Commission (FCC) Chairman Ajit Pai to delay a planned December 14th vote to roll back net neutrality rules until an investigation can be completed into reports that internet “bots” – automated computer programs designed to pose as people – filed hundreds of thousands of comments to the FCC during the net neutrality policymaking process.
“A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding,” the Senators wrote in a letter to Chairman Pai. “In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.”
“Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017,” the Senators continued.
“The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding,” the Senators concluded.
In addition to Sens. Warner and Kaine, the letter was signed by Sens. Maggie Hassan (D-NH), Jeanne Shaheen (D-NH), Sherrod Brown (D-OH), Bernie Sanders (I-VT), Ed Markey (D-MA), Catherine Cortez Masto (D-NV), Sheldon Whitehouse (D-RI), Tammy Duckworth (D-IL), Michael Bennet (D-CO), Richard Blumenthal (D-CT), Elizabeth Warren (D-MA), Gary Peters (D-MI), Patty Murray (D-WA), Amy Klobuchar (D-MN), Ron Wyden (D-OR), Tammy Baldwin (D-WI), Mazie Hirono (D-HI), Chuck Schumer (D-NY), Jack Reed (D-RI), Ben Cardin (D-MD), Dianne Feinstein (D-CA), Jeff Merkley (D-OR), Kirsten Gillibrand (D-NY), Angus King (I-ME), Al Franken (D-MN), and Cory Booker (D-NJ).
The full text of the letter appears below. A copy of the letter is available here.
December 4, 2017
The Honorable Ajit Pai
Federal Communications Commission
445 12th Street Southwest
Washington, DC 20554
Dear Chairman Pai:
We are deeply concerned by your recently released proposal to roll back critical consumer protections by dismantling the Federal Communications Commission’s (FCC) current net neutrality rules. A free and open Internet is vital to ensuring a level playing field online, and we believe that your proposed action may be based on an incomplete understanding of the public record in this proceeding. In fact, there is good reason to believe that the record may be replete with fake or fraudulent comments, suggesting that your proposal is fundamentally flawed.
To this end, we request a thorough investigation by the FCC into reports that bots may have interfered with this proceeding by filing hundreds of thousands of comments. Furthermore, an additional 50,000 consumer complaints seem to have been excluded from the public record in this proceeding, according to Freedom of Information Act (FOIA) requests filed by the National Hispanic Media Coalition. Without additional information about the alleged anomalies surrounding the public record, the FCC cannot conduct a thorough and fair evaluation of the public’s views on this topic, and should not move forward with a vote on December 14, 2017.
New York Attorney General Eric Schneiderman has spent the past six months conducting an investigation into the fraudulent comments, and found that “hundreds of thousands” of comments may have impersonated New York residents, a violation of state law. He further asserts that the FCC has not cooperated with requests for additional data and information. Data scientist Jeff Kao has also run an analysis of the public record, and estimates that over a million comments filed in support of repealing net neutrality may have been fake. These reports raise serious concerns as to whether the record the FCC is currently relying on has been tampered with and merits the full attention of, and investigation by, the FCC before votes on this item are cast.
A transparent and open process is vitally important to how the FCC functions. The FCC must invest its time and resources into obtaining a more accurate picture of the record as understanding that record is essential to reaching a defensible resolution to this proceeding. As a result, we are requesting that you delay your planned vote on this item until you can conduct a thorough review of the state of the record and provide Congress with greater assurance of its accuracy and completeness.
Thank you for your immediate attention to this matter.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the below statement on the Federal Communications Commission's plan to repeal net neutrality rules:
“The FCC Chairman has decided to move forward to repeal net neutrality rules without any plan in place to uphold longstanding open internet principles supported by both Democratic and Republican Administrations. I am deeply concerned that the FCC’s current plan would amount to a green light for potential anti-competitive practices by certain internet service providers, with the Chairman signaling the Commission’s unwillingness to protect consumers and small businesses from potential abuse.”
Warner, Klobuchar, McCain Introduce Legislation to Improve National Security and Protect Integrity of U.S. Elections by Bringing Transparency and Accountability to Online Political Ads
Oct 19 2017
WASHINGTON, DC – U.S. Senator Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, U.S. Senator Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, and U.S. Senator John McCain (R-AZ), Chairman of the Senate Committee on Armed Services today introduced the Honest Ads Act to help prevent foreign interference in future elections and improve the transparency of online political advertisements.
“Online political advertising represents an enormous marketplace, and today there is almost no transparency. The Russians realized this, and took advantage in 2016 to spread disinformation and misinformation in an organized effort to divide and distract us,” Senator Warner said. “Our bipartisan Honest Ads Act extends transparency and disclosure to political ads in the digital space. At the end of the day, it is not too much to ask that our most innovative digital companies work with us by exercising additional judgment and providing some transparency.”
“First and foremost this is an issue of national security – Russia attacked us and will continue to use different tactics to undermine our democracy and divide our country, including by purchasing disruptive online political ads. We have to secure our election systems and we have to do it now – the next election is only 383 days away,” Senator Klobuchar said. “This bipartisan legislation would help protect our democracy by updating our laws to ensure that political ads sold online are covered by the same rules as TV or radio stations – and make them public so Americans can see who is trying to influence them.”
“In the wake of Russia’s attack on the 2016 election, it is more important than ever to strengthen our defenses against foreign interference in our elections,” said Senator McCain.“Unfortunately, U.S. laws requiring transparency in political campaigns have not kept pace with rapid advances in technology, allowing our adversaries to take advantage of these loopholes to influence millions of American voters with impunity. Our bipartisan legislation would address this serious challenge by expanding landmark campaign finance law to apply to internet and digital communications platforms that command a significant audience. I have long fought to increase transparency and end the corrupting influence of special interests in political campaigns, and I am confident this legislation will modernize existing law to safeguard the integrity of our election system.”
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. The content and purchaser(s) of those online advertisements are a mystery to the public because of outdated laws that have failed to keep up with evolving technology. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
The Honest Ads Act enhances the integrity of our democracy by improving disclosure requirements for online political advertisements by:
- Amending the Bipartisan Campaign Reform Act of 2002’s definition of electioneering communication to include paid Internet and digital advertisements.
- Requiring digital platforms with at least 50,000,000 monthly viewers to maintain a public file of all electioneering communications purchased by a person or group who spends more than $500.00 total on ads published on their platform. The file would contain a digital copy of the advertisement, a description of the audience the advertisement targets, the number of views generated, the dates and times of publication, the rates charged, and the contact information of the purchaser.
- Requiring online platforms to make all reasonable efforts to ensure that foreign individuals and entities are not purchasing political advertisements in order to influence the American electorate.
Companion legislation to the Honest Ads Act is being introduced today in the House of Representatives by Reps. Derek Kilmer (D-WA), Mike Coffman (R-CO).
“The 2016 elections exposed glaring holes in our ability to police foreign intervention in US elections, and this bill is an appropriate, bipartisan disclosure remedy,” said Trevor Potter, president of Campaign Legal Center (CLC), and a former Republican Chairman of the Federal Election Commission. “Voters have a right to be fully informed about who is trying to influence their vote, particularly foreign powers whose motives are contrary to American interests. The Honest Ads Act gives voters, journalists, and law enforcement officers important tools to help root out illegal foreign activity. The transparency this bill aims to provide in the 2018 elections and beyond will protect and enhance the integrity of our elections, which are the most fundamental component of American self-governance.”
“Ensuring transparency and accountability remain encoded into our democracy in the 21st century has taken on new importance and relevance in the wake of the 2016 election. We hope this bill, which merits serious consideration, catalyzes an overdue public debate and substantive action in Congress and the Federal Election Commission to create platform parity for political ad disclosure across TV, radio, print and Internet companies. Opacity by design is not an acceptable status quo for the technology giants that shape public knowledge and discourse with limited accountability,” said Alexander B. Howard, Deputy Director of the Sunlight Foundation.
“The bipartisan introduction of the Honest Ads Act is an important step toward bringing American campaign finance law into the internet age, by ensuring that online political advertisements are subject to the same kind of disclosure rules that already exist for ads on television and radio,” said Lawrence Norden, Deputy Director of the Brennan Center’s Democracy Program. “At a time when hostile foreign powers are trying to exploit loopholes in our campaign laws to manipulate American elections, it is especially important for Congress to come together across partisan lines to strengthen our democracy. The Brennan Center applauds Senators Klobuchar, Warner and McCain for reaching across partisan lines to introduce this significant bill.”
“Americans have a right to know who is using political advertising to influence their votes and their views. As technology changes and political advertising shifts to online platforms, our transparency laws should keep pace. The recent revelations of Kremlin-connected influence operations on Facebook and Twitter underscore how important it is for Congress to take meaningful action. The HONEST Act is a critical step forward in enhancing the transparency of online political advertising. Common Cause commends Senators Klobuchar, Warner and McCain for their strong bipartisan leadership in introducing this important bill to bolster the integrity of our democracy,” said Karen Hobert Flynn, President of Common Cause.
As Ranking Member of the Senate Rules Committee with oversight jurisdiction over federal elections, Klobuchar has introduced legislation to improve the security of U.S. election systems and make commonsense improvements to election administration. She and Senator Roy Blunt (R-MO) introduced the bipartisan Stop Foreign Donations Affecting Our Elections Act to strengthen disclosure by requiring federal campaigns to use existing credit card verification protocols to help verify that online credit card donations come from U.S. sources. Klobuchar and Senator Lindsey Graham (R-SC) also introduced bipartisan legislation to help states block cyber-attacks, secure voter registration logs and voter data, upgrade election auditing procedures, and create secure and useful information sharing about threats. In June, Klobuchar introduced the Helping State and Local Governments Prevent Cyber Attacks Act to help combat foreign interference by providing state and local governments with the information and resources they need to keep our elections secure and improve voter confidence.
As vice chairman of the Senate Select Committee on Intelligence, Sen. Warner has been at the forefront of the Committee’s ongoing bipartisan counterintelligence investigation into Russian interference in the 2016 U.S. presidential election. Warner also is the co-founder of the Senate’s bipartisan Cybersecurity Caucus. In addition, Sen. Warner is working to finalize bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard, requiring timelier consumer notification for breaches of financial data and other sensitive information, and setting national data-protection standards for companies handling sensitive personal information.
Senator McCain has been a champion of campaign finance reform for decades. As a lead author of the Bipartisan Campaign Reform Act of 2002, he has long advocated of transparency in the American electoral process.
Sen. Warner Asks FTC to Probe Equifax Data, Security Practices & Customer Service Response After Recent Hack
Sep 13 2017
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), a member of the Banking, Budget and Finance committees and cofounder of the bipartisan Senate Cybersecurity Caucus, today asked the Federal Trade Commission to examine the recent cyber hack of credit reporting agency Equifax. Last week, Equifax publically disclosed a breach which exposed sensitive personal information of 143 million Americans.
Sen. Warner requested an FTC investigation into the lapse in Equifax cybersecurity practices, and questioned the company’s widely-panned response to consumers potentially impacted by the breach. His letter asks the FTC to examine whether credit reporting agencies such as Equifax have adequate cybersecurity safeguards in place for “the enormous amounts of sensitive data they gather and commercialize.”
Sen. Warner has been a leader in calling for better consumer protections from data theft. In the aftermath of the Target breach that exposed the debit and credit card information of 40 million customers, Sen. Warner in 2014 chaired the first congressional hearing on protecting consumer data from the threat posed by hackers targeting retailers’ online systems. Sen. Warner also partnered with the National Retail Federation to establish an information sharing platform that allows the industry to better protect consumer financial information from data breaches.
Sen. Warner has been working to develop bipartisan legislation to create a comprehensive, nationwide and uniform data breach standard requiring timely consumer notification for breaches of financial data and other sensitive information.
The text of the letter is below and can be found here.
September 13, 2017
The Honorable Maureen K. Ohlhausen
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580
Dear Acting Chairwoman Ohlhausen,
I write you in the wake of reports that one of the nation’s three major credit reporting agencies has suffered one of the largest, and potentially most impactful, breaches in recent history. According to reports, Equifax in May of this year experienced a breach affecting as many as 143 million consumers, with highly sensitive information such as Social Security numbers, driver’s license records, birthdates, addresses, and credit histories potentially at risk. This information – critical to opening a new bank account or taking out a loan – will expose Americans to identity theft, tax fraud, extortion, and other risks.
By streamlining and routinizing the collection of consumer reports and credit history, the Fair Credit Reporting Act in part enshrined the nation’s major credit reporting agencies’ role as arbiters of Americans’ access to credit, and even employment and residential opportunities. At the same time, Congress sought to ensure that these firms “exercise their grave responsibilities” with a “respect for the consumer’s right to privacy,” including through “reasonable procedures…with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information[.]” And Congress directed the Federal Trade Commission (“Commission” or “FTC”) to enforce key aspects of the law, including by treating violations of the FCRA as unfair or deceptive practices under the Commission’s Section 5 authority.
Today’s digital economy, in which data increasingly represents a key input, has only amplified the reach of these firms, and provided them with incentives to collect and centralize ever-growing amounts of sensitive personal information, and to commercialize this data in opaque ways. The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize.
As someone who has worked for several years with stakeholders and a bipartisan group of lawmakers on legislation to establish a comprehensive, nationwide and uniform data breach standard, I recognize Congress’s unfinished work in this area. I am hopeful that this recent development will help galvanize action among my colleagues in Congress to safeguard American consumers and our nation’s economic security.
At the same time, aspects of this breach raise questions about the data security practices of Equifax that implicate the Federal Trade Commission’s existing authority. In particular, press reports and cybersecurity experts have identified a number of security lapses, including in the days following Equifax’s disclosure of the breach, that potentially indicate a pattern of security failings.
While the precise details of the “website application vulnerability” exploited in the Equifax breach are not yet known, experts have pointed to a wide range of other lapses by Equifax – including in the wake of the breach – that indicate exceptionally poor cybersecurity practices. For instance, experts have pointed to an exceedingly broad attack surface, with thousands of domains and subdomains managed by Equifax across hundreds of network hosts. And security experts have identified a range of antiquated, unpatched, or otherwise vulnerable systems maintained by Equifax.
Equifax’s post-breach actions also raise serious concerns about the company’s data security practices. For instance, Equifax chose to register a new domain, Equifaxsecurity2017.com – but not in its own name. Reports also catalogued a litany of security mistakes, including use of potentially insecure content management software and improperly configured web encryption. These, and other lapses, resulted in a range of popular web browsers flagging Equifax’s site as a potential phishing or scam site.
Equally alarming have been Equifax’s procedures for handling customer inquiries. In order for a concerned consumer to determine if they may have been impacted, Equifax requires the consumer to submit their last name and six digits of their Social Security number. The security of this procedure is as questionable as its efficacy: researchers noted that entering the last name “Test” and the Social Security numbers “123456” returned a confirmed breach.
Similarly alarming, when concerned consumers elect to place a credit freeze with Equifax – something the Commission encourages them to do – the PIN that Equifax assigns to that consumer is a simple, non-unique timestamp (formatted as, for instance, “0910170930” for a user that submitted a request at 9:30AM on the 10th of September). Separately, experts have noted that Equifax’s central website, where American consumers go to set up credit account monitoring, features cross-site scripting vulnerabilities that would enable an attacker to execute malicious code to, for instance, redirect submitted form data (such as the Social Security number the Equifax site requests) to an attacker.
Taken as a whole, and given past breaches by other major credit bureaus, these lapses may potentially represent a systemic failure by firms currently incentivized to collect and store highly sensitive identification and financial data for Americans. The volume and sensitivity of the data involved – information critical to identity management and access to consumer credit – distinguishes this breach from many other breaches of consumer data. And in contrast to other breaches, where consumers might respond to the perceived lack of data security by taking their business elsewhere, those affected by last week’s breach in most cases do not have a direct consumer relationship with Equifax.
The implications of a breach of this magnitude are sobering, as this identifying data forms the basis for consumer credit and other financial transactions. Congress foresaw this threat in 1970, noting that failures of this industry could “undermine the public confidence which is essential to the continued functioning of the banking system.” In ways similar to the financial service industry’s systemic risk designation, I fear that firms like Equifax may illustrate a set of institutions whose activities, left unchecked, can significantly threaten the economic security of Americans.
I respectfully request that you respond to the following questions:
- 1. Equifax is currently under a consent decree with the Commission for violations of the Fair Credit Reporting Act related to improper handling of consumer information. Does that consent decree provide the Commission with additional remedies in the context of Equifax’s data security practices?
- 2. Given the current inability of consumers to cease doing business with a credit reporting agency which displays an arguably cavalier attitude toward cybersecurity, should the Fair Credit Reporting Act be amended to provide the Commission authority to issue rules requiring credit reporting agencies to establish a way for consumers to “opt out” of having their information stored by a particular credit reporting agency?
- 3. In many cases, Equifax collects and maintains sensitive information about consumers as a service to other businesses. Under state data breach notification statutes, a breached service provider need only inform the business it provides service to about the breaches it suffers, and has no obligation to provide public notice that it incurred the breach. In recent breach incidents involving third-party service providers, some companies (e.g., Heartland, Experian, Anthem, etc.) have provided public notice that their breach affected consumers. Would the FTC support legislation that requires all entities suffering a breach of security that creates a significant risk of financial harm, to make public notice of that breach in order to ensure a more timely and effective form of notice?
- 4. Do you interpret the Fair Credit Reporting Act to include heightened data security standards and/or requirements, given Congress’s unique concern about the “confidentiality, accuracy…and proper utilization” of this highly sensitive data?
- 5. The Commission has suggested that consumers place a credit freeze with the three major credit bureaus. Does the Commission consider a timestamp to be a sufficiently strong PIN for unfreezing a consumer’s account?
- a. Has the Commission issued guidance to credit reporting agencies on adequate security and data protection measures associated with credit freezes?
- b. Should this guidance be updated in light of security concerns with the site Equifax maintains to process credit monitoring and freeze requests?
- 6. Should Congress limit the ability of credit reporting agencies to sell data outside specific contexts, such as credit, banking, and employment inquiries?
- 7. Does the Commission hold lapses in data security practices in response to a breach to a higher standard than data security practices related to the breach itself?
- 8. Do adequate incentives to use reasonable data security practices, or penalties to deter unreasonable data security practices, exist to counter-balance the profit incentives to collect, centralize, and maintain large quantities of highly sensitive personal information of American consumers?
The American people deserve to know that their government is serious about learning from and responding to this truly concerning incident, and that it is taking all appropriate steps to help ensure it cannot happen again. Your response will be critical to this process, and I look forward to receiving that within the next two weeks. If you should have any questions or concerns, please contact my office.
As always, I appreciate your service in this important role. Thank you for your timely consideration of this matter.
MARK R. WARNER
United States Senator