Dec 04 2019
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and John Cornyn (R-TX) today introduced the UIGHUR Protection Act, which would place export controls on critical technologies to China, such as facial recognition software, that can be used to facilitate mass surveillance and detention.
“As we have seen from extensive reporting and leaked Chinese government documents, the Chinese government is undertaking systematic repression and internment of Uighurs and other ethnic minorities in the Xinjiang Uighur Autonomous region in the People’s Republic of China. This behavior extends beyond Xinjiang to other regions and online communities. We need to ensure that US companies are not enabling these efforts, intentionally or inadvertently, by selling specific technology items that provide critical capabilities to the Chinese government for their surveillance, censorship, and social control efforts,” said Sen. Warner.
“For years, members of China’s Uighur population have been unjustly detained and surveilled by the Chinese government,” said Sen. Cornyn. “American technology should not be used for the oppression of ethnic minority groups by foreign governments, and this legislation would ensure that the United States has no part in these despicable practices.”
The UIGHUR Protection Act would require the President, no later than 120 days after enactment, to identify and place items and technologies on the Commerce Control List that provide a critical capability to the Chinese government for suppressing human rights. Special licenses may be granted by the President for the export, re-export, or in-country transfer to or within China for these critical technologies but the bill would require a presumption of denial.
Uighurs, or Uyghurs, are an ethnic group living primarily in the Xinjiang Uyghur Autonomous Region (XUAR) in China’s northwest. Since an outbreak of demonstrations and ethnic unrest in 2009 and clashes involving Uyghurs and Xinjiang security personnel that spiked between 2013 and 2015, the Chinese Community Party (CCP) began a policy of mass internment through labor camps they refer to as “reeducation camps.”
According to various estimates, Xinjiang authorities have detained over one million Turkic Muslims, mostly ethnic Uyghurs, and Kazakhs, in these camps without formal charges, trials or hearings, and with no timetable for release. According to former detainees, treatment and conditions in the camps include beatings, food deprivation, and crowded and unsanitary conditions.
Nov 19 2019
WASHINGTON – Today, the bipartisan leadership of several key Senate committees urged President Trump’s national security adviser to designate a senior coordinator dedicated to leading the nation’s effort to develop and deploy next-generation communications technologies. In a letter to Robert O’Brien, who was appointed as national security adviser in September, the top Republican and Democratic Senators on the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, the Senate Foreign Relations Committee and the Senate Armed Services Committee stressed the urgent need for the Trump administration to develop a national strategy for 5G, and to prioritize across government agencies the nation’s effort to develop and deploy the technology.
“While we appreciate the progress being made within and across departments and agencies, we are concerned that their respective approaches are not informed by a coherent national strategy. In our view, the current national level approach to 5G comprises of a dispersed coalition of common concern, rather than a coordinated, interagency activity. Without a national strategy, facilitated by a common understanding of the geopolitical and technical impact of 5G and future telecommunications advancements, we expect each agency will continue to operate within its own mandate, rather than identifying national authority and policy deficiencies that do not neatly fall into a single department or agency. This fractured approach will not be sufficient to rise to the challenge the country faces. We hope that you, as the new National Security Adviser, will make this issue a top priority. We would further urge you to designate a dedicated, senior individual focused solely on coordinating and leading the nation’s effort to develop and deploy future telecommunications technologies. We believe that having a senior leader would position the United States to lead on telecommunications advancements, ensure the United States is appropriately postured against this strategic threat, and demonstrate to our allies the seriousness with which the nation considers the issue,” wrote Sens. Mark R. Warner (D-VA) and Richard Burr (R-NC), the Vice Chairman and Chairman of the Intelligence Committee; Sens. Ron Johnson (R-WI) and Gary Peters (D-MI), the Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee; Sens. Jim Risch (R-ID) and Bob Menendez (D-NJ), the Chairman and Ranking Member of the Foreign Relations Committee; and Sens. Jim Inhofe (R-OK) and Jack Reed (D-RI), the Chairman and Ranking Member of the Armed Services Committee.
The Senators stressed the dangers of allowing China to continue to lead the development of 5G technology. Maintaining White House focus on 5G is especially important in light of last week’s decision to eliminate the emerging technologies directorate at the National Security Council.
“While the United States has led in the development and deployment of previous telecommunications evolutions, 5G represents the first evolutionary step for which an authoritarian nation leads the marketplace for telecommunications solutions. China’s leadership, combined with the United States’ increased reliance on high-speed, reliable telecommunications services to facilitate both commerce and defense, poses a strategic risk for the country. We cannot rely exclusively on defensive measures to solve or mitigate the issue, but rather we must shape the future of advanced telecommunications technology by supporting domestic innovation through meaningful investments, leveraging existing areas of U.S. strength, and bringing together like-minded allies and private sector expertise through a sustained effort over the course of decades, not months. A challenge of this magnitude requires a more ambitious response than traditional agency processes can support,” wrote the Senators.
A copy of the letter is available here.
Warner Requests Update on V-A, DoD Efforts to Protect Veterans & Servicemembers from Foreign Disinformation online
Nov 13 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, joined his Senate colleagues in requesting information from the U.S. Department of Veterans Affairs (VA) and the U.S. Department of Defense (DoD) on the agencies' efforts to educate veterans and servicemembers about online disinformation campaigns and other malign influence operations by Russian, Chinese, and other foreign entities. Today’s letters follow a two-year investigation by Vietnam Veterans of America (VVA) that documented persistent, pervasive, and coordinated online targeting of American servicemembers, veterans, and their families by foreign entities seeking to disrupt American democracy.
In particular, the VVA report found that the Russian Internet Research Agency (IRA) specifically targeted American veterans and the social media followers of several congressionally-chartered veterans service organizations during and after the 2016 election. The report also revealed that foreign entities are targeting servicemembers and veterans for the purpose of interference in the upcoming federal election.
Virginia is home to roughly 714,000 veterans, approximately 130,000 active duty servicemembers, and their families.
In their letter to VA Secretary Robert Wilkie, the Senators noted that while the VA has prioritized the security of its information systems and infrastructure – including veterans' personal information – the VA does not appear to have an established strategy for educating veterans about online disinformation efforts targeting them. The Senators urged Secretary Wilkie to consider implementing the VVA report's recommendations.
“While countering disinformation targeting veterans is not a core VA function, identifying these tactics helps improve veterans' cyber security and their ability to detect and avoid falling prey to scams and other forms of manipulation,” the Senators wrote in their letter to VA.
In their letter to Defense Secretary Mark Esper, the senators acknowledged DoD has worked to deter online disinformation and other malign influence campaigns by foreign adversaries, but they also called on the Department to implement VVA's recommendations, consistent with existing efforts to counter foreign malign influence operations.
“Malicious foreign actors are targeting servicemembers using disinformation through social media platforms and other online tools and ... countering foreign interference in American elections is critical to protecting the integrity of our democracy,” the Senators wrote in their letter to DoD.
The VVA report's recommendations for addressing online disinformation targeting servicemembers include directing DoD to “create a working group to study the security risks inherent in the use of common personal electronic devices and apps at home and abroad by servicemembers,” and to “direct commanders to include personal cybersecurity training and regular cyber-hygiene checks for all servicemembers.”
The report also recommended that the VA immediately develop plans to make the cyber-hygiene of veterans an urgent priority within the VA, and educate and train veterans on personal cyber security, “including how to identify instances of online manipulation.”
In addition to Sen. Warner, the letter was led by Sen. Elizabeth Warren (D-MA) and cosigned by Sens. Sherrod Brown (D-OH), Tammy Duckworth (D-IL), Richard Blumenthal (D-CT), Edward J. Markey (D-MA), Chris Van Hollen (D-MD), Richard Durbin (D-IL), Democratic Whip, Catherine Cortez Masto (D-NV), Tom Udall (D-NM), Bernie Sanders (I-VT), Tammy Baldwin (D-WI), Doug Jones (D-AL), Ron Wyden (D-OR), Robert Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee, Mazie Hirono (D-HI), Kirsten Gillibrand (D-NY), Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Kamala Harris (D-CA).
Following Russia’s unprecedented use of social media to sow discord and influence the 2016 presidential elections, Sen. Warner wrote a social media white paper highlighting ways to protect users on social media against misinformation and disinformation campaigns. Sen. Warner has also written and introduced a series of bipartisan bills designed to protect consumers and reduce the power of giant social media platforms like Facebook. His work as Vice Chairman of the Senate Select Committee on Intelligence helped uncover Russia’s extensive efforts to exploit social media in the 2016 elections.
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA), Josh Hawley (R-MO) and Richard Blumenthal (D-CT) will introduce the Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, bipartisan legislation that will encourage market-based competition to dominant social media platforms by requiring the largest companies to make user data portable – and their services interoperable – with other platforms, and to allow users to designate a trusted third-party service to manage their privacy and account settings, if they so choose.
“Social media has enormous benefits. But, as we've seen, the tremendous dominance of a handful of large platforms also has major downsides – including few options for consumers who want to use social media to connect with friends, store their photos or just watch cat videos, but who face a marketplace with just a few major players and little in the way of real competition,” said Sen. Warner, a former technology entrepreneur and venture capitalist. “As a former cell phone guy, I saw what a game-changer number portability was for that industry. By making it easier for social media users to easily move their data or to continue to communicate with their friends after switching platforms, startups will be able to compete on equal terms with the biggest social media companies. And empowering trusted custodial companies to step in on behalf of users to better manage their accounts across different platforms will help balance the playing field between consumers and companies. In other words – by enabling portability, interoperability, and delegatability, this bill will help put consumers in the driver’s seat when it comes to how and where they use social media.”
“Your data is your property. Period. Consumers should have the flexibility to choose new online platforms without artificial barriers to entry. This bill creates long-overdue requirements that will boost competition and give consumers the power to move their data from one service to another,” said Sen. Hawley.
“The exclusive dominance of Facebook and Google have crowded out the meaningful competition that is needed to protect online privacy and promote technological innovation. As we learned in the Microsoft antitrust case, interoperability and portability are powerful tools to restrain anti-competitive behaviors and promote innovative new companies. The bipartisan ACCESS Act would empower consumers to finally stand up to Big Tech and move their data to services that respect their rights,” said Sen. Blumenthal.
Online communications platforms have become vital to the economic and social fabric of the nation, but network effects and consumer lock-in have entrenched a select number of companies’ dominance in the digital market and enhanced their control over consumer data. The Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act would increase market competition, encourage innovation, and increase consumer choice by requiring large communications platforms (products or services with over 100 million monthly active users in the U.S.) to:
- Make their services interoperable with competing communications platforms.
- Permit users to easily port their personal data in a structured, commonly used and machine-readable format.
- Allow users to delegate trusted custodial services, which are required to act in a user’s best interests through a strong duty of care, with the task of managing their account settings, content, and online interactions.
“One very real nightmare scenario for the future of the internet is users facing a meaningless choice among a few fully-integrated silos of technology, and the end of independent innovation and creativity. We all need to prevent that from happening. This legislation could help us take a huge step forward towards a better internet future,” said Chris Riley, Director of Public Policy at the Mozilla Corporation.
“Markets work when consumers have a choice and know what's going on. The ACCESS Act is an important step toward reestablishing this dynamic in the market for tech services. We must get back to the conditions that make markets work: when consumers know what they give a firm and what they get in return; and if they don't like the deal, they can take their business elsewhere. By giving consumers the ability to delegate decisions to organizations working on their behalf, the ACCESS Act gives consumers some hope that they can understand what they are giving up and getting in the opaque world that the tech firms have created. By mandating portability, it also gives them a realistic option of switching to another provider,” said Paul Romer, New York University Professor of Economics and Nobel Prize winner in Economics.
“We’re thrilled to see a concrete legislative proposal to provide interoperability for consumers. Built on a solid foundation of privacy and security protections, interoperability enables users to communicate across networks promoting competition among social media platforms. Interoperability ensures that users benefit from increased competition, and it helps new competitors grow by reaching users that are locked-in to their current provider. Senator Warner’s interoperability bill lays out an excellent, practical framework for making interoperability a reality while preserving a role for states to go even further,” said Charlotte Slaiman, Senior Policy Counsel at Public Knowledge.
“All of us at USV believe in decentralized, emergent, market driven innovation. The shared communications infrastructure of the open Internet and a vibrant competitive market triggered the Cambrian explosion of new Web services we all now enjoy. But today, a small number of companies capitalize on their exclusive control over our data - the data we contribute as we interact with their services - to dominate markets, stifling competition and limiting consumer choice. While this is widely understood, most policy makers propose prescriptive regulation that would only further entrench the dominant platforms. The ACCESS Act targets the specific market failure - exclusive control over consumer data - that has led to the consolidation of market power on the Web. Ensuring that consumers have access to their data is an elegant way to restore competition without burdensome regulation,” said Brad Burnham, Partner and Co-Founder at Union Square Ventures.
Previously, Sens. Warner and Hawley have partnered on the DASHBOARD Act, legislation to require data harvesting companies such as social media platforms to disclose how they are monetizing consumer data, as well as the Do Not Track Act, which would allow users to opt out of non-essential data collection, modeled after the Federal Trade Commission’s (FTC) “Do Not Call” list.
WASHINGTON, D.C. – Today, Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released a new report titled, “Russia’s Use of Social Media.” It is the second volume released in the Committee’s bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. election.
The new report examines Russia’s efforts to use social media to sow societal discord and influence the outcome of the 2016 election, led by the Kremlin-backed Internet Research Agency (IRA). The analysis draws on data provided to the Committee by social media companies and input from a Technical Advisory Group comprising experts in social media network analysis, disinformation campaigns, and the technical analysis of complex data sets and images to discern the dissemination of disinformation across social media platforms.
Statement from Chairman Burr:
“Russia is waging an information warfare campaign against the U.S. that didn’t start and didn’t end with the 2016 election. Their goal is broader: to sow societal discord and erode public confidence in the machinery of government. By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans. While Russia may have been the first to hone the modern disinformation tactics outlined in this report, other adversaries, including China, North Korea, and Iran, are following suit.
“Any solution has to balance America’s national security interests with our constitutionally-protected right to free speech. Social media companies, federal agencies, law enforcement, and Congress must work together to address these challenges, and I am grateful for the cooperation our Committee has gotten from both the Intelligence Community and the tech industry. My hope is that by continuing to shine a light on this issue, we will encourage more Americans to use social media responsibly, as discerning and informed consumers.”
Statement from Vice Chairman Warner:
“The bipartisan work that this Committee has done to uncover and detail the extent of that effort has significantly advanced the public’s understanding of how, in 2016, Russia took advantage of our openness and innovation, exploiting American-bred social media platforms to spread disinformation, divide the public, and undermine our democracy. Now, with the 2020 elections on the horizon, there’s no doubt that bad actors will continue to try to weaponize the scale and reach of social media platforms to erode public confidence and foster chaos. The Russian playbook is out in the open for other foreign and domestic adversaries to expand upon – and their techniques will only get more sophisticated.
“As was made clear in 2016, we cannot expect social media companies to take adequate precautions on their own. Congress must step up and establish guardrails to protect the integrity of our democracy. At minimum, we need to demand transparency around social media to prevent our adversaries from hiding in its shadows. We also need to give Americans more control over their data and how it’s used, and make sure that they know who’s really bankrolling the political ads coming across their screens. Additionally, we need to take measures to guarantee that companies are identifying inauthentic user accounts and pages, and appropriately handling defamatory or synthetic content. It’s our responsibility to listen to the warnings of our Intelligence Community and take steps to prevent future attacks from being waged on our own social media platforms.”
The Committee has held five open hearings on Russia’s use of social media, including a September 2018 open hearing with Facebook’s Chief Operating Officer Sheryl Sandberg and Twitter’s Chief Executive Officer Jack Dorsey. In December 2018, the Committee released two independent analyses of IRA activity, produced by New Knowledge and Graphika and the University of Oxford.
The Committee released the first volume of its Russia investigation in July 2019. You can read, “Volume I: Russian Efforts Against Election Infrastructure,” here.
You can read, “Volume II: Russia’s Use of Social Media,” here.
Key Findings and Recommendations:
- The Committee found that the IRA sought to influence the 2016 U.S. presidential election by harming Hillary Clinton’s chances of success and supporting Donald Trump at the direction of the Kremlin. The Committee found that IRA social media activity was overtly and almost invariably supportive of then-candidate Trump to the detriment of Secretary Clinton’s campaign.
- The Internet Research Agency’s (IRA) targeting of the 2016 U.S. election was part of a broader, sophisticated, and ongoing information warfare campaign designed to sow discord in American politics and society. While the IRA exploited election-related content, the majority of its operations focused on exacerbating existing tensions on socially divisive issues, including race, immigration, and Second Amendment rights.
- The Committee found the IRA targeted African-Americans more than any other group or demographic. Through individual posts, location targeting, Facebook pages, Instagram accounts, and Twitter trends, the IRA focused much of its efforts on stoking divisions around hot-button issues with racial undertones.
- The IRA engaged with unwitting Americans to further its reach beyond the digital realm and into real-world activities. For example, IRA operatives targeting African-Americans convinced individuals to sign petitions, share personal information, and teach self-defense courses. Posing as U.S. political activists, operatives sought help from the Trump Campaign to procure campaign materials and to organize and promote rallies.
- The Committee found IRA activity increased, rather than decreased, after Election Day 2016. Analysis of IRA-associated accounts shows a significant spike in activity after the election, increasing across Instagram (238 percent), Facebook (59 percent), Twitter (52 percent), and YouTube (84 percent). Researchers continue to uncover IRA-associated accounts that spread malicious content.
- The Committee recommends social media companies work to facilitate greater information sharing between the public and private sector. Because information warfare campaigns are waged across a variety of platforms, communication between individual companies, government authorities, and law enforcement is essential for fully assessing and responding to them. Additionally, social media companies do not consistently provide a notification or guidance to users who have been exposed to inauthentic accounts.
- The Committee recommends Congress consider ways to facilitate productive coordination and cooperation between social media companies and relevant government agencies. Congress should consider whether any existing laws may hinder cooperation and whether information sharing should be formalized. The Committee also recommends Congress consider legislation to ensure Americans know the source behind online political advertisements, similar to existing requirements for television, radio, and satellite ads.
- The Committee recommends the Executive Branch publicly reinforce the danger of attempted foreign interference in the 2020 election. The Executive Branch should establish an interagency task force to monitor foreign nations’ use of social media platforms for democratic interference and develop a deterrence framework. A public initiative to increase media literacy and a public service announcement (PSA) campaign could also help inform voters.
- The Committee recommends candidates, campaigns, and other public figures scrutinize sourcing before sharing or promoting new content within their social media network. All Americans should approach social media responsibly to prevent giving “greater reach to those who seek to do our country harm.” The Committee recommends that media organizations establish clear guidelines for using social media accounts as sources to prevent the spread of state-sponsored disinformation.
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), member of the Senate Select Committee on Intelligence, have expressed concern over the growing threat posed by deepfakes – sophisticated audio and video technologies that allow users to create fake audio and/or video files that falsely depict someone saying or doing something. In letters to 11 social media companies, including Facebook, Twitter, and YouTube, Sens. Warner and Rubio urged the platforms to develop industry standards for sharing, removing, archiving, and confronting the sharing of synthetic content as soon as possible, in light of foreign threats to the upcoming U.S. election. The letters also encouraged the platforms to develop clear policies to ensure their platforms are not exploited to spread disinformation or misinformation, including through authenticating media, labeling and archiving synthetic media content, and providing access to qualified outside researchers.
“As concerning as deepfakes and other multimedia manipulation techniques are for the subjects whose actions are falsely portrayed, deepfakes pose an especially grave threat to the public’s trust in the information it consumes; particularly images, and video and audio recordings posted online,” wrote the Senators. “If the public can no longer trust recorded events or images, it will have a corrosive impact on our democracy.”
“Despite numerous conversations, meetings, and public testimony acknowledging your responsibilities to the public, there has been limited progress in creating industry-wide standards on the pressing issue of deepfakes and synthetic media,” they continued. “Having a clear strategy and policy in place for authenticating media, and slowing the pace at which disinformation spreads, can help blunt some of these risks. Similarly, establishing clear policies for the labeling and archiving of synthetic media can aid digital media literacy efforts and assist researchers in tracking disinformation campaigns, particularly from foreign entities and governments seeking to undermine our democracy.”
Deepfake technologies allow users to superimpose existing images and videos onto unrelated images or videos, essentially giving users the ability to create false and defamatory content that can be easily spread on social media.
In their letters to Facebook, Twitter, YouTube, Reddit, LinkedIn, Tumblr, Snapchat, Imgur, TikTok, Pinterest, and Twitch, the Senators emphasized that more than two-thirds of Americans get their news from social media sites, and stressed that online media platforms must assume a heightened responsibility for safeguarding public confidence. They also posed the following series of questions about each company’s ability to prevent, detect, and address deepfakes and other synthetic media:
- What is your company’s current policy regarding whether users can post intentionally misleading, synthetic or fabricated media?
- Does your company currently have the technical ability to detect intentionally misleading or fabricated media, such as deepfakes? If so, how do you archive this problematic content for better re-identification in the future?
- Will your company make available archived fabricated media to qualified outside researchers working to develop new methods of tracking and identifying such content? If so, what partnerships does your company currently have in place? Will your company maintain a separate, publicly accessible archive for this content?
- If the victim of a possible deepfake informs you that a recording is intentionally misleading or fabricated, how will your company adjudicate those claims or notify other potential victims?
- If your company determines that a media file hosted by your company is intentionally misleading or fabricated, how will you make clear to users that you have either removed or replaced that problematic content?
- Given that deepfakes may attract views that could drive algorithmic promotion, how will your company and its algorithms respond to, and downplay, deepfakes posted on your platform?
- What is your company’s policy for dealing with the posting and promotion of media content that is wholly fabricated, such as untrue articles posing as real news, in an effort to mislead the public?
Warner Raises Questions about Cybersecurity Practices Amid Breaches Involving Sensitive Biometric Data
Sep 16 2019
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and former tech entrepreneur, wrote to U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate but alarming incidents that impacted both entities and exposed Americans’ personal, permanently identifiable data. In a letter to CBP, Sen. Warner inquired about the information security practices of CBP contractors, in light of a June cyberattack that resulted in the theft of tens of thousands of facial images belonging to U.S. travelers. In a separate letter, Sen. Warner requested more information from Suprema HQ, the company that owns web-based biometric lock system, Biostar 2, which experienced a cyber incident in August, resulting in the exposure of permanently identifiable biometric data belonging to at least one million people worldwide.
“While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” wrote Sen. Warner to Acting CBP Commissioner Mark Morgan. “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data. Americans deserve to have their sensitive information secured, regardless of whether it is being handled by a first or a third-party.”
In June, CBP announced the theft of at least 100,000 traveler ID photos from a CBP subcontractor that had improperly transferred copies of these photos from CBP servers to its own company database. In addition to facial images, the cyberattack resulted in the theft of several gigabytes of data, including license plate photos, confidential agreements, hardware blueprints for security systems, and budget spreadsheets.
In the letter to CBP, Sen. Warner expressed alarm regarding the failure of federal agencies to ensure that Americans’ sensitive information is safe in the hands of contractors. He also asked CBP to provide timely answers to a series of questions regarding the information security practices of CBP contractors and subcontractors. Among these questions, Sen. Warner requested details on CBP’s third-party contractual requirements concerning database encryption, biometric data management, vulnerability management, logging data retention, and identity and access management, among other security measures.
Similarly, in his letter to Suprema HQ, Sen. Warner raised concerns about the Biostar 2 incident, which exposed permanently identifiable biometric data, including user photos.
“Unlike passwords, email addresses and phone numbers, biometric information in voices, fingerprints, and eyes are unique data that are impossible to reset. Biometric data can be used effectively for unauthorized surveillance and access to secure facilities, to steal identities, and is even valuable in developing deepfake technologies,” wrote Sen. Warner to Suprema HQ CEO James Lee. “It is my understanding that your customers use your biometric security system to provide access to secure facilities, and that the product has also been integrated into Nedap’s AEOS access control systems, which are used by at least 5,700 organizations in 83 countries, including banks and foreign law enforcement entities. Given the sensitivity of this information, it is absolutely critical that companies like yours exercise exceptional due care when collecting and securing biometric information, and when contracting with customers that collect permanent personal information.”
The Biostar 2 breach resulted in the online exposure of more than one million fingerprint records, in addition to user images, personal details, usernames and passwords, and employee security clearances. The breach also revealed that large portions of the Biostar 2 database were unprotected and unencrypted. In the letter, Sen. Warner asked Suprema HQ to list which U.S. businesses are served by the company. He also requested more information on the company’s practices regarding server security, biometric data storage security, and database encryption.
Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In May, Sen. Warner introduced bold legislation to hold credit reporting agencies accountable for data breaches. He also introduced legislation earlier this year to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.
Warner Secures $15 Million for Unmanned Systems Integration Research at Virginia Tech Transportation Institute
Sep 11 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) today announced that the Virginia Tech Transportation Institute (VTTI) in Blacksburg, Va. will receive $15 million in federal funding to support research on safe automated driving integration. The funding, from the United States Department of Transportation (DOT), follows aggressive advocacy by Sen. Warner, who personally pressed Transportation Secretary Elaine L. Chao to grant Virginia the maximum award possible to continue the Commonwealth’s leadership in the growing unmanned systems industry.
“I’ve long called for increased funding for unmanned systems research because I know that innovation and advancement in this field can boost U.S. competitiveness, increase efficiency, and ultimately, improve lives across the globe,” said Sen. Warner, a former technology entrepreneur. “With new technologies, and particularly with automated driving systems, it’s important to get safety right the first time. That’s why I’m so excited to announce that this federal funding will support VTTI in continuing to safely blaze the trail for the future of transportation.”
“New technologies like automated vehicles create exciting opportunities, as well as some challenges, and there is no better place to hone our understanding of these issues than the Virginia Tech Transportation Institute. From auto safety testing to road design to the incorporation of new technology into our transportation network, VTTI is the gold standard, and these grants will go toward research that will incur long-term benefits for the Commonwealth and beyond,” said U.S. Sen. Tim Kaine (D-VA).
“Receiving these prestigious awards from the U.S. Department of Transportation is an honor and fantastic for Virginia Tech and Virginia. Over the years, VTTI has established itself as a global leader for automated vehicle evaluation and development. We are very happy to take these important steps to move automated vehicles forward to save lives, improve mobility across the population, and reduce the impact of vehicle emissions,” said Tom Dingus, director of VTTI and endowed professor of biomedical engineering and mechanics at Virginia Tech.
The funding is comprised of two $7.5 million grants that will support two VTTI projects. One project will seek to define, develop, and demonstrate key dynamic scenarios and their potential solutions for safe interaction of vehicles equipped with automated driving systems in a Northern Virginia corridor optimized for vehicle automation. The other will seek to develop and demonstrate a Fleet Concept of Operations to provide the trucking industry with clear guidelines on how to safely implement, and benefit from trucks equipped with automated driving systems.
The grants were awarded through the Automated Driving System (ADS) Demonstration Grants program, which provides federal funding to demonstration projects that test the safe integration of automated driving systems into the Nation’s on-road transportation system. These grants aim to gather significant safety data to inform rulemaking, foster collaboration amongst state and local government and private partners, and test the safe integration of ADS on U.S. roads.
Sen. Warner has been a longtime advocate for research and investment in unmanned systems, including driverless cars, drones, and unmanned maritime vehicles. Last year, he helped ensure Virginia’s participation in the Federal Aviation Administration (FAA) Unmanned Aircraft Systems (UAS) Integration Pilot Program (IPP). He also introduced a successful bipartisan amendment to double funding for unmanned aircraft systems and introduced bipartisan legislation designed to advance the development of unmanned aircraft systems (UAS).
Last month, Sen. Warner joined local and industry leaders at Lonesome Pine Airport in Wise, Va. to unveil a sign marking the first FAA-approved unmanned aircraft system delivery in the United States in 2015.
Washington, D.C. – Citing the vital need for a secure U.S. industrial base, U.S. Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) have introduced bipartisan legislation to guard against attempts by the People’s Republic of China and others to undermine U.S. national security by exploiting and penetrating U.S. supply chains. The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act (S. 2316) would develop a national strategy to assess and prevent risks to critical U.S. technologies.
“Actions by the People’s Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States,” said Senator Crapo. “Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security.”
“While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves,” said Senator Warner. “As a result, U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security.”
Chinese companies export telecommunication technology equipment into software, hardware, and services used in the United States, and hope to export fifth generation technology (5G) to the U.S. that could potentially harm and expose both consumer and U.S. military information. Malicious chips or counterfeit parts could create backdoors enabling the monitoring or stealing of consumer data or cause broader system malfunctions. Even with high investments in cybersecurity, the United States remains vulnerable to advanced cyber attackers like Russia and China. A 2018 Government Accountability Office report stated that, despite multiple warnings since the early 1990s, cybersecurity has not been a focus of weapon systems acquisitions within the military community. The Department of Defense’s (DOD) continuous acquisition of weapons systems without making security a key priority could potentially lead to loss of U.S. intellectual property and technological advantage of the U.S. Armed Forces, contribute to unnecessary risks to human life and interfere with the ability of the Armed Forces to execute their missions.
The MICROCHIPS Act would address China’s practice of four major non-kinetic areas of warfare, including supply chain exploitation through supplying faulty software hardware and components; cyber-physical attacks on U.S. systems with real-time operating deadlines, such as missiles, aircraft and electrical grids; cyber-attacks on computer systems; and bad actors gaining sensitive information. S. 2316 contains four sections with the following main components:
- Summarizes key findings of Congress regarding supply chain security;
- Directs the Director of National Intelligence, DOD and other relevant agencies to develop a plan to increase supply chain intelligence within 180 days;
- Establishes a National Supply Chain Security Center within the Office of the Director of National Intelligence to collect supply chain threat information and disseminate it to agencies with the authority to intervene; and
- Makes funds available under the Defense Production Act for federal supply chain security enhancements.
Section two of the bill was included in the House-passed version of the Intelligence Authorization Act, and the Senate adopted section four of the bill through its version of the National Defense Authorization Act.
WASHINGTON — Senators Tom Cotton (R-Arkansas) and Chris Van Hollen (D-Maryland), along with Senators Marco Rubio (R-Florida), Mark Warner (D-Virginia), Richard Blumenthal (D-Connecticut), and Mitt Romney (R-Utah) today introduced legislation to reinforce the Trump administration’s efforts to prevent the Chinese-owned telecom company Huawei from threatening America’s national security. The Defending America's 5G Future Act would codify President Trump’s recent Executive Order and would prohibit the removal of Huawei from the Commerce Department Entity List without an act of Congress. It also would empower Congress to disallow waivers that any administration might grant to U.S. companies engaged in commerce with Huawei. Representatives Mike Gallagher (R-Wisconsin), Jimmy Panetta (D-California), Liz Cheney (R-Wyoming), and Ruben Gallego (D-Arizona) have introduced companion legislation in the House of Representatives.
“Huawei isn’t a normal business partner for American companies, it’s a front for the Chinese Communist Party. Our bill reinforces the president’s decision to place Huawei on a technology blacklist. American companies shouldn’t be in the business of selling our enemies the tools they’ll use to spy on Americans,” said Cotton.
“The best way to address the national security threat we face from China’s telecommunications companies is to draw a clear line in the sand and stop retreating every time Beijing pushes back. By prohibiting American companies from doing business with Huawei, we finally sent an unequivocal message that we take this threat seriously and President Trump shouldn’t be able to trade away those legitimate security concerns,” said Van Hollen. “This legislation will make sure he doesn’t by codifying the President’s original executive order on Huawei and prohibiting the Administration from relieving penalties on Huawei without the approval of Congress.”
“This bill codifies Huawei’s addition to the Commerce Department’s banned Entity List, and thus protects one of the Trump Administration’s most important moves in America’s long-term strategic competition with the totalitarian Chinese government and Communist Party,” said Rubio. “Huawei, a malign Chinese state-directed telecommunications company that seeks to dominate the future of 5G networks, is an instrument of national power used by the regime in Beijing to undermine U.S. companies and other international competitors, engage in espionage on foreign countries, and steal intellectual property and trade secrets.”
“President Trump’s executive order and the Department of Commerce’s Entity List designation reflect the reality that companies like Huawei represent a threat to the security of U.S. and allied communications networks. It shouldn’t be used as a bargaining chip in a larger trade negotiation. This bipartisan bill will make sure that Congress has a chance to weigh in if the President attempts to make concessions on our national security,” said Warner.
“Huawei poses an alarming and unacceptable threat to our nation’s critical telecommunications networks. Our bipartisan bill is a no-brainer. Preventing Huawei from doing business in the United States protects our national security. We must act swiftly to make sure this dangerous company does not cause us harm,” said Blumenthal.
“We must make a concerted effort to confront the threat China poses to U.S. national security, intellectual property, and technology,” said Romney. “Our bill will prohibit U.S.-based companies from doing business with Huawei until they no longer pose a national security threat.”
“Huawei is an appendage of the Chinese Communist Party and should be treated as such,” said Rep. Gallagher. “The President’s actions to protect America’s telecommunications supply chain and restrict the sale of American technology to Huawei were critical steps to protect the future of 5G. It is time we codify these decisions into law and ensure American innovation does not fuel Huawei’s CCP-directed campaign to dominate the global telecommunications market.”
“Huawei is a threat to our international communications and, thus, our national security. This bipartisan legislation prevents compromises of our communications and stops foreign adversaries from benefiting from our ingenuity. It is time for Congress to come together and reassert its authority to protect American business and consumers and the safety of our constituents,” said Rep. Panetta.
“Huawei is a serious threat to American prosperity and security, and the United States must remain vigilant against this Chinese state-directed company and its efforts to gain access to American data, defense supply chain, and other crucial information. The Defending America’s 5G Future Act codifies the President’s wise decision to blacklist Huawei, and sends a clear message that Huawei continues to be a vehicle the Chinese Communist Party is using to gain commercial and security advantages and threaten the United States,” said Rep. Cheney.
“The threat from Huawei to U.S. and allied information networks is real. We cannot allow safeguards and restrictions placed on them to backslide without Congress having a say in the matter. I’m proud to work across the aisle to ensure that American and allied communications are protected against this problematic company for the foreseeable future,” said Rep. Gallego.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) issued the following statement regarding the Federal Trade Commission’s reported decision to approve a $5 billion settlement with Facebook for violating a 2011 consent decree requiring the company to enact privacy reforms:
“Given Facebook’s repeated privacy violations, it is clear that fundamental structural reforms are required. With the FTC either unable or unwilling to put in place reasonable guardrails to ensure that user privacy and data are protected, it’s time for Congress to act.”
Last year, Sen. Warner called on the social media companies to work with Congress and provide feedback on ideas he put forward in a white paper discussing potential policy solutions to challenges surrounding social media, privacy, and data security. He has introduced several bipartisan bills to improve transparency, privacy, and accountability on social media. The Honest Ads Act, introduced with Sens. Amy Klobuchar (D-MN) and Lindsey Graham (R-SC), would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite. The DETOUR Act, introduced in April with Sen. Deb Fischer (R-NE), would prohibit large online platforms from using deceptive user interfaces, known as “dark patterns,” to trick consumers into handing over their personal data. The most recent bill, the DASHBOARD Act, was introduced weeks ago with Sen. Josh Hawley (R-MO), and would require data harvesting companies such as social media platforms to tell consumers and financial regulators exactly what data they are collecting from consumers, and how it is being leveraged by the platform for profit.
Sen. Warner plans to introduce additional legislation in the coming weeks.
Warner & Hawley Introduce Bill to Force Social Media Companies to Disclose How They Are Monetizing User Data
Jun 24 2019
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Josh Hawley (R-MO) will introduce the Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data (DASHBOARD) Act, bipartisan legislation that will require data harvesting companies such as social media platforms to tell consumers and financial regulators exactly what data they are collecting from consumers, and how it is being leveraged by the platform for profit.
“For years, social media companies have told consumers that their products are free to the user. But that’s not true – you are paying with your data instead of your wallet,” said Sen. Warner. “But the overall lack of transparency and disclosure in this market have made it impossible for users to know what they’re giving up, who else their data is being shared with, or what it’s worth to the platform. Our bipartisan bill will allow consumers to understand the true value of the data they are providing to the platforms, which will encourage competition and allow antitrust enforcers to identify potentially anticompetitive practices.”
“When a big tech company says its product is free, consumers are the ones being sold. These 'free' products track everything we do so tech companies can sell our information to the highest bidder and use it to target us with creepy ads,” said Sen. Hawley. “Even worse, tech companies do their best to hide how much consumer data is worth and to whom it is sold. This bipartisan legislation gives consumers control of their data and will show them how much these 'free' services actually cost.”
As user data increasingly represents one of the most valuable, albeit intangible, assets held by technology firms, shining light on how this data is collected, retained, monetized, and protected, is critical. The DASHBOARD Act will:
- Require commercial data operators (defined as services with over 100 million monthly active users) to disclose types of data collected as well as regularly provide their users with an assessment of the value of that data.
- Require commercial data operators to file an annual report on the aggregate value of user data they’ve collected, as well as contracts with third parties involving data collection.
- Require commercial data operators to allow users to delete all, or individual fields, of data collected – and disclose to users all the ways in which their data is being used. including any uses not directly related to the online service for which the data was originally collected.
- Empower the SEC to develop methodologies for calculating data value, while encouraging the agency to facilitate flexibility to enable businesses to adopt methodologies that reflect the different uses, sectors, and business models.
The DASHBOARD Act is the second tech-focused bill Hawley and Warner have partnered on. The first was Hawley’s Do Not Track Act, which would be modeled after the Federal Trade Commission’s (FTC) “Do Not Call” list and allow users to opt out of non-essential data collection.
Warner Introduces Amendments to Improve Military Housing & Combat Tech Threats in Annual Defense Bill
Jun 18 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) has introduced several amendments to the annual defense authorization bill, including one that would build on his legislation, Ensuring Safe Housing for Our Military Act, most of which was included in the base text, by adding additional measures to improve privatized military housing.
Following reports of health hazards in privatized military housing in bases across the Commonwealth and the country, Sen. Warner has advocated on behalf of servicemembers and their families, and recently introduced an amendment to establish an advisory group to help the Department of Defense strengthen accountability and oversight in military housing. The amendment was offered in the FY20 National Defense Authorization Act (NDAA), the legislative vehicle that provides support for our servicemembers and sets the national security priorities for the United States.
“Servicemembers and their families sacrifice so much for this country. That’s why we’ve got to make things right for military families who, too often, have been subjected to subpar and sometimes dangerous living conditions. This includes making sure that the health and well-being of our nation’s servicemembers and their families are part of our national security priorities,” said Sen. Warner.
The amendment would also require the Secretaries of the Navy, Air Force, and Army to issue standard mold assessments, remediation’s and procedures in their agreements with privatized housing companies. Sens. Tim Kaine (D-VA) and Dianne Feinstein (D-CA) joined Sen. Warner in introducing the amendment, which comes on the heels of Sen. Warner’s letter to Acting Secretary of Defense Patrick Shanahan, urging the Department of Defense (DoD) to establish an advisory group to address the prevalent health and environmental hazards in privatized military housing.
To protect U.S. innovation and combat technology threats, Sen. Warner filed a bipartisan amendment with Sen. Marco Rubio (R-FL) to establish an Office of Critical Technologies within the Executive Office of the President. The office would be responsible for coordinating a whole-of-government approach to protect the U.S. from state-sponsored technology theft and risks to critical supply chains. The amendment is based on the bipartisan legislation introduced by Sens. Warner and Rubio that would combat technology threats from China. Sen. Warner also introduced a bipartisan amendment with Sen. Crapo to strengthen the intelligence support to protect our supply chain from growing adversary threats.
“In the 20th century, the U.S. pioneered many groundbreaking technological advancements, and today, countries like China are using every tool in their arsenal to try to diminish U.S. leadership, set the standards for technologies like 5G, and dominate key technologies. In order to confront this challenge, the United States must push forward a coherent strategy to protect our technological edge and preserve American leadership,” continued Sen. Warner.
In a move to further defend national security and respond to emerging cyber-threats, Sen. Warner also introduced a series of amendments that would revamp the security clearance process, assess cyber threat detection and encourage the DoD to work with the Federal Communications Commission (FCC) to identify new spectrum for reallocation for 5G services.
“To ensure the U.S. can hire trusted professionals to tackle the emerging threats in cyber and technology, we must modernize our outdated security clearance system. While we’ve already seen an encouraging drop in individuals waiting on a background check, there is still more work to be done,” concluded Sen. Warner.
The security clearance reform language is based on legislation introduced by Vice Chair Warner, and unanimously approved in the Intelligence Authorization Act (IAA) for Fiscal Years 2018-2020. Text for the cyber threat assessment amendment can be found here.
Sen. Warner also introduced amendments to improve the quality in information submitted in background investigation requests, ensure DoD has the funding flexibility to perform the personnel vetting mission, and ensure the new Defense Counterintelligence and Security Agency adequately protects the millions of pieces of personally identifiable information it will hold as the government’s primary investigative service provider.
Jun 13 2019
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), member of the Senate Select Committee on Intelligence, expressed deep concern that the Trump Administration may concede on important national security matters related to the development of fifth-generation wireless telecommunications technology (5G) in order to achieve a favorable outcome on trade negotiations. In a letter to the U.S. Department of State and the Office of the U.S. Trade Representative, the Senators underscored the threats posed by Chinese telecommunications equipment to network security, data privacy, and economic security across the globe, and emphasized the need to keep trade negotiations separate from any changes in policy concerning national security threats posed by Huawei.
“Allowing the use of Huawei equipment in U.S. telecommunications infrastructure is harmful to our national security,” the Senators wrote. “In no way should Huawei be used as a bargaining chip in trade negotiations. Instead, the U.S. should redouble our efforts to present our allies with compelling data on why the long-term network security and maintenance costs on Chinese telecommunications equipment offset any short-term cost savings.”
Sens. Warner and Rubio reiterated their support for existing U.S. efforts to convey the long-term security risks posed by Chinese telecommunications firms to allies and partners abroad. However, the Senators expressed concern that this message is being undermined by President Trump, whose Administration reversed a seven-year ban on ZTE last year in defiance of a Commerce Department recommendation, and who in late May indicated that Huawei could be included in a future trade deal. In the letter, the Senators also emphasized that any modifications of Huawei’s Temporary General License must be pursued in a risk-based way, separate from trade negotiations, and without undermining national security.
As a former telecommunications executive who introduced bipartisan legislation on 5G, Sen. Warner continues to be a leading voice on the national security risks posed by Chinese-controlled telecom companies. In December, Sens. Warner and Rubio urged Canadian Prime Minister Justin Trudeau to reconsider Huawei’s inclusion in Canada’s fifth-generation network. In January, Sens. Warner and Rubio teamed up to introduce legislation to combat tech-specific, national security threats posed by foreign actors like China, and establish a whole-of-government strategy to protect the U.S. from technology theft. Additionally, Sen. Warner led legislation with Sen. Wicker to provide $700 million for rural telecommunications providers in order to offset the costs of removing equipment from vendors that pose a security threat, such as Huawei.
The full text of the letter appears below. A copy of the letter is available here.
Dear Secretary Pompeo and Trade Representative Robert Lighthizer:
We are writing to express our deep concern that the Administration may concede on important national security matters related to Huawei Technologies, Inc. and the adoption of fifth-generation wireless telecommunications technology (5G) in order to achieve a favorable outcome in the Administration’s trade negotiations.
As Members of the Senate Select Committee on Intelligence (SSCI), we have strongly supported efforts by our diplomats, military, and intelligence personnel to persuade allies and partners around the world that Huawei and other Chinese telecommunications firms present a long-term legitimate security threat to their network security, data privacy, and economic security. As you know, Chinese telecommunications equipment poses a threat that intelligence and military officials assess will only become more acute as energy infrastructure, transportation networks and other critical functions move to 5G networks and as millions more Internet of things (IoT) devices are connected.
Despite the best efforts of our government to convince other countries to keep Huawei components out of their 5G infrastructure, our message is being undermined by concerns that we are not sincere. For example, Europeans have publicly expressed fears that the Administration will soften its position on Huawei in the United States to gain leverage in trade talks, as the Administration did in June 2018 when the seven-year ban on ZTE was reversed and a new settlement agreement reached at the urging of President Xi over the recommendation of Commerce Department leadership. The President himself reinforced these fears in late May, stating:
“Huawei is something that’s very dangerous. You look at what they’ve done from a security standpoint, from a military standpoint. It’s very dangerous. So it’s possible that Huawei even would be included in some kind of a trade deal. If we made a deal, I could imagine Huawei being possibly included in some form of or some part of a trade deal.”
Allowing the use of Huawei equipment in U.S. telecommunications infrastructure is harmful to our national security. In no way should Huawei be used as a bargaining chip in trade negotiations. Instead, the U.S. should redouble our efforts to present our allies with compelling data on why the long-term network security and maintenance costs on Chinese telecommunications equipment offset any short-term cost savings. Any modifications to Huawei’s Temporary General License must be pursued in a risk-based way, separate from any trade negotiations, and consistent with national security considerations. Successfully identifying and mitigating these security risks requires sustained coordination and alignment with our international partners, particularly the Europeans who represent key parts of the 5G supply chain, and India, which is poised to be the single-largest telecommunications market. Conflating national security concerns with levers in trade negotiations undermines this effort, and endangers American security.
We appreciate your attention to this important matter of national security and request that you keep us apprised of your efforts.
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), a former technology entrepreneur and venture capitalist, joined Sen. Josh Hawley (R-MO) in co-sponsoring the Do Not Track Act, bipartisan legislation to give control over personal data back to users. Similar to the national “Do Not Call” list, the Do Not Track Act gives every person the power to block online companies from collecting any data beyond what is necessary for the companies’ online services.
“Unfortunately, as our technology continues to evolve, so do the avenues for consumer exploitation,” said Sen. Warner. “In the age of the internet, user information is an incredibly valuable asset and Americans deserve to have more control over who can collect it and how they can use it. This legislation will give power back to users and allow them to decide who can and cannot access their private data.”
“Big tech companies collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent. They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet. The American people didn't sign up for this, so I'm introducing this legislation to finally give them control over their personal information online,” said Sen. Hawley.
The sheer enormity of data big tech companies extract, and the unscrupulous ways they use that data, is distressing. These companies track user locations and spy on their internet history – even when they are told not to. In March, a senior official at Google admitted, under oath, that Google still tracks a user’s geolocation hundreds of times a day even after that person turns off “location history.” Facebook even collects data on people who don’t have a Facebook account. These companies and others exploit this harvested data to build massive profiles on users and then rake in hundreds of billions of dollars monetizing that data.
For years, industry groups promoted a program called “Do Not Track” to give users control, and the FTC endorsed the program in 2010. However, the program was voluntary, and tech giants that built their businesses around exploiting data refused to voluntarily comply. This bill would give Do Not Track legal force and expand it to cover all internet activity, not just browser-based activity. It would do this by:
- Creating a program similar to the national Do Not Call list that gives every person the power, at a touch of a button, to block online companies from collecting any data beyond what is indispensable to the companies’ online services.
- Prohibiting companies from profiling Americans who activate Do Not Track.
- Banning discrimination against people who activate Do Not Track.
- Banning companies from transferring data to other companies when a user activates Do Not Track unless the first company is an intended intermediary.
- Forcing internet companies to disclose to users their rights under this legislation.
- Imposing strict penalties for violating these provisions.
Under the Do Not Track Act, users would have several options to enroll, including a one-time click in the settings on their browser or downloading a simple app.
WASHINGTON, D.C. — Today, the Senate overwhelmingly passed bipartisan legislation cosponsored by U.S. Senators Mark R. Warner and Tim Kaine to crack down on illegal robocall scams. The Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act gives regulators more time to find scammers, increases civil forfeiture penalties for those who are caught, requires service providers to adopt call authentication and blocking, and brings relevant federal agencies and state attorneys general together to address impediments to criminal prosecution of robocallers who intentionally break laws.
“Americans are sick and tired of receiving fraudulent robocalls,” said the Senators. “We are proud the Senate passed this bill to help protect consumers from scams and ensure those behind these illegal robocalls are held accountable.”
One report estimated the number of spam calls will grow from nearly 30 percent of all phone calls last year to 45 percent of all calls this year. The TRACED Act gives the FCC more flexibility to enforce rules in the short term, while setting in motion consultations to increase prosecutions of violations, which often require international cooperation.
The bill now heads to the House for consideration.
May 23 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a former telecommunications executive and entrepreneur, along with Sens. Roger Wicker (R-MS), Tom Cotton (R-AR), Ed Markey (D-MA), and Dan Sullivan (R-AK), introduced legislation to establish U.S. policy for the commercial deployment and security of Fifth Generation (5G) networks. The United States 5G Leadership Act of 2019 will prioritize national security in the development of 5G by ensuring that American networks do not include equipment or services provided by Huawei, ZTE, or their affiliates. This legislation will also create a Supply Chain Security Trust Fund grant program to help rural and regional U.S. communications providers remove from their networks Chinese equipment determined to threaten national security.
“For a number of years, the federal government failed to effectively communicate the economic and national security risks of Huawei and ZTE communications equipment – and even adopted broadband grant policies that incentivized rural carriers to use this equipment because it was the cheapest around. While we’ve made enormous progress in educating the private sector of the dangers these vendors pose, we haven’t put in place policies to help resource-strapped rural carriers address and eliminate those risks. This bill ensures that on a going-forward basis we don’t make the same mistakes in allowing companies subject to extra-judicial directions of a foreign adversary to infiltrate our nation’s communications networks. And it provides significant resources to ensure that rural and regional providers can prioritize investments that eliminate this equipment from their existing networks where it poses a security threat,” said Sen. Warner. “Lastly, it builds on efforts my colleagues and I have already undertaken to engage with and educate the private sector about security risks and vulnerabilities posed to communications networks from certain foreign suppliers. We also believe this type of effort will be an important signal to international partners that we are putting resources behind this issue, and encouraging them to do the same.”
“5G networks need to be robust and secure, and not rely on equipment or services that pose a national security risk,” said Sen. Wicker. “This legislation would ensure continued American leadership in advanced wireless technology deployment. It offers relief to those providers that need to replace foreign equipment within their networks while augmenting the availability of secure 5G networks for all Americans.”
“Future U.S. security and economic prosperity will depend on 5G technology. With so much at stake, our communications infrastructure must be protected from threats posed by foreign governments and companies like Huawei,” said Sen. Cotton. “Our bill will support 5G’s deployment in the United States while defending that technology from exploitation.”
“5G wireless will revolutionize global telecommunications and connect people, information, and technology like never before. While 5G could yield enormous benefits, it also could pose significant risks if not implemented properly,” said Sen. Markey. “We have a responsibility to ensure that this next generation of telecommunications infrastructure will safely and securely connect Americans to each other and to the rest of the world.”
“We urgently need a comprehensive strategy when it comes to the very real threat that foreign actors, particularly China, pose to our communications networks,” said Sen. Sullivan. “It is clear that this problem is only going to grow with the development of next generation communications technologies without aggressive intervention. I’m pleased to partner with Chairman Wicker on this critical issue at the intersection of national security and commerce.”
Among other measures, The United States 5G Leadership Act would:
- Establish U.S. policy to promote the deployment of secure commercial 5G networks and the development of the Information and Communications Technology (ICT) sector in the U.S.
- Establish U.S. policy to identify additional spectrum for 5G, with an emphasis on promoting harmonization with global allocations;
- Establish U.S. policy that American 5G networks should not include equipment or services provided by Huawei, ZTE, or their affiliates.
- Require the Federal Communications Commission (FCC) to finalize rulemaking that would prohibit the use of Universal Service Fund subsidies to buy equipment or services from providers who pose a national security risk.
- Establish the Supply Chain Security Trust Fund grant program to help smaller U.S. communications providers remove Huawei equipment from their networks — and would make available up to $700 million from future spectrum auctions for this purpose.
- Require a report on current Federal government measures to ensure the secure deployment and availability of 5G networks.
- Establish an interagency program – led by the Department of Homeland Security – to share information regarding security, risks, and vulnerabilities with U.S. communications providers and trusted suppliers.
- Prioritize funding to enhance U.S. representation at international 5G standards-setting bodies, such as the International Telecommunications Union.
“I thank Senators Wicker, Cotton, Warner, Sullivan, and Markey for introducing the United States 5G Leadership Act of 2019. This bipartisan bill will help ensure that all carriers have the information and resources necessary to address security risks while advancing US leadership in 5G. I appreciate the Senators’ leadership on this important issue and look forward to continued work with Congress to ensure access to secure wireless networks, particularly in rural America,” said Steven K. Berry, President & CEO, Competitive Carriers Association.
Sen. Warner has been a leading voice in the Senate about the national security risks posed by Chinese-controlled telecom companies. Last week, Sen. Warner spoke out in favor of the executive order banning U.S. telecommunications firms from installing foreign-made equipment that could threaten national security. He is also the lead sponsor of the Secure 5G and Beyond Act – a bill to safeguard next-gen mobile telecommunications systems and infrastructure. Additionally, earlier this year, Sen. Warner introduced bipartisan legislation to help combat tech-specific, national security threats posed by foreign actors like China. As Vice Chairman of the Senate Intelligence Committee, Sen. Warner has been leading a bipartisan effort to educate the private sector on the economic and security risks posed by Chinese companies like Huawei.
For the full text of this legislation, click here.
May 23 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) applauded the inclusion of provisions that would provide much-needed oversight of privatized military housing for servicemembers in this year’s Senate National Defense Authorization Act (NDAA). The annual defense legislation lays out the nation’s overall policy priorities that are critical to our national security, and was just approved by the Senate Armed Services Committee, sending the bill to the full Senate for consideration.
“For far too long, military families have been subjected to sub-par living conditions, sometimes rivaling what you might see in a bad horror movie. That’s why I’m glad that my colleagues on the Armed Services Committee stepped up to add much-needed oversight on the private companies whose sole job is to provide safe housing for military families,” said Sen. Warner. “Additionally, I’m pleased to report that this defense bill includes additional steps to modernize our security clearance process to enhance our ability to hire and retain the national security talent we need to keep our country secure. Right now, we have 480,000 individuals waiting on a background check. While this drop is encouraging, there is still more work to be done to truly transform the clearance process.”
Sen. Warner has met with military families in Norfolk, Fort Lee, and Fort Belvoir who’ve shared their stories of hazardous living conditions in their homes and their frustrations with the lack of oversight and response from the military services and their respective housing companies. To keep the pressure on addressing the deplorable housing conditions, Sen. Warner wrote to four private military housing companies requesting a plan of action from each company, and has urged the Department of Defense to develop long-term solutions for fixing the privatized housing program overall through reopening and renegotiating the agreements with the private companies.
As the Vice Chairman of the Senate Select Committee on Intelligence, Sen. Warner has continued to push for security clearance modernization and reform. In February, Sen. Warner reintroduced the Modernizing the Trusted Workforce for the 21st Century Act of 2019, which was included in the Intelligence Authorization Act for Fiscal Years 2018-2020 and unanimously reported out of the Senate Select Committee on Intelligence last week. The Committee’s annual Intelligence Authorization Act also includes provisions championed by Sen. Warner that requires published guidelines so that the security clearance process cannot be abused for political purposes.
The defense bill also prioritizes innovation and technology development in the area of 5G and artificial intelligence (AI), to compete with our adversaries like Russia and China. As a former technology and telecommunications executive, Sen. Warner has pushed the Administration to develop a strategy to maintain our advantages in technological innovation, as well as to lead on 5G and AI.
Statement of Senate Intel Vice Chair Mark R. Warner on WH Executive Order to Ban Chinese Telecom Gear
May 15 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement after President Trump signed an executive order to ban American telecommunications firms from installing foreign-made equipment that could pose a threat to national security:
“This is a needed step, and reflects the reality that Huawei and ZTE represent a threat to the security of U.S. and allied communications networks. Under current Chinese security laws, these and other companies based in China are required to provide assistance to the Chinese state. This executive order places a great deal of authority in the Department of Commerce, which must ensure that it is implemented in a fair and responsible fashion as to not harm or stifle legitimate business activities. It should also be noted that we have yet to see a compelling strategy from this Administration on 5G, including how the Administration intends to work cooperatively with our allies and like-minded nations to ensure that international standards set for 5G reflect Western values and standards for security and privacy. Nor do we have a stated plan for replacing this equipment from existing commercial networks – a potentially multi-billion dollar effort that, if done ineptly, could have a major impact on broadband access in rural areas. A coherent coordinated and global approach is critically needed as nations and telecom providers move to implement 5G.”
As a former telecommunications executive and entrepreneur, Sen. Warner has been a leading voice in the Senate regarding the national security risks posed by Chinese-controlled telecom companies. He is the lead sponsor of the Secure 5G and Beyond Act – legislation to require the President to ensure the security of next-gen mobile telecommunications systems and infrastructure in the United States. He also introduced a bipartisan bill in January to help combat tech-specific threats to national security posed by foreign actors like China. Additionally, Sen. Warner called on the Trump Administration last week to promote U.S. leadership and strengthen diplomatic efforts around the development of a secure 5G architecture that challenges Huawei’s monopoly over the next generation of telecoms networks.
Menendez, Warner Urge Trump Admin Not to Cede Leadership in Developing Global Rules for Artificial Intelligence
May 13 2019
WASHINGTON – Senator Bob Menendez (D-N.J.), Ranking Member of the Senate Foreign Relations Committee, and Senator Mark R. Warner (D-Va.), Vice Chairman of the Senate Select Committee on Intelligence, sent a letter to Secretary of State Mike Pompeo calling attention to China’s efforts to be the leading country driving the development of standards and norms related to Artificial Intelligence (AI). The Senators urged the Secretary to strengthen the Trump Administration’s diplomatic efforts around emerging technologies to make certain the United States leads in setting international standards and norms for the AI field in ways that are congruent with our nation’s interests and values.
“Without an engaged United States, and close coordination with our allies, we have limited ability to set global standards for AI development and use, with potentially disastrous consequences,” wrote the Senators. “China, as an authoritarian regime that uses AI tools to monitor its citizens and parse through vast troves a data, is a significant threat to the personal freedoms of individuals around the globe.”
Menendez and Warner concluded the letter by asking Secretary Pompeo to articulate “the U.S. vision for global standards, norms, and mechanisms for the use of artificial intelligence,” and posing a series of questions about critical issues relating to AI.
A copy of the letter can be found here and below:
Dear Secretary Pompeo:
We write to urge you to ensure the United States takes a leading role in developing international standards and norms for new and emergent innovations shaping the next generation of information technologies, in particular Artificial Intelligence (AI). Other countries are already shaping this conversation in ways that may be detrimental to U.S. interests. For example, later this month China is convening and hosting a UNESCO Conference on AI, underscoring China’s continued efforts to shape the debate and set the standards surrounding the future of AI. Even our allies are leading in this space, with the EU releasing guidelines for ethical AI development.
Emerging technologies such as AI represent the cutting edge of innovation and will facilitate critical advances in a wide range of fields, including health care, education, information processing, logistics, and security. At the same time, these technologies will present enormous challenges, whether in job displacement, algorithmic discrimination, privacy, or cybersecurity (as adversaries exploit these tools, too). The United States has long played a formative role in developing AI technologies. In recent years, however, China has made significant progress in developing AI, with a stated goal of superseding the United States in this field by 2030. China’s efforts, according to a study conducted by the Allen Institute for Artificial Intelligence, are ahead of schedule, with the Institute highlighting that China has “surpassed the United States in published papers on artificial intelligence” and is “poised to overtake” the United States in terms of cited papers on the subject over the next few years. Disturbingly, some of America’s most prominent technology companies have opened major AI research centers in China, potentially giving China’s military and intelligence arms access to cutting-edge technology. China’s continued robust investment in the field of AI has the potential to provide a strategic rival a critical technological edge.
China’s organization of the UNESCO conference on AI is yet another indication of its efforts to fundamentally shape global standards governing the future of AI and to drive the debate in the international community around an approach that uses AI tools to infringe on the rights of individuals throughout the globe and aid authoritarian regimes in suppressing its citizens. Technologies are shaped by the values and norms that undergird their development. While a generation of ICT technologies developed by the U.S. and its allies have been shaped by our shared values and norms of openness, pluralism, fair competition, rule of law, security, and free expression, China’s development of AI has been shaped by fundamentally different values and norms, in service of objectives such as surveillance, censorship, and social control.
As I know you appreciate, it is critically important that as China attempts to capture primacy in the field of AI the United States works with our partners and allies to assert a position of leadership within the international community on this issue. Without an engaged United States, and close coordination with our allies, we have limited ability to set global standards for AI development and use, with potentially disastrous consequences. China, as an authoritarian regime that uses AI tools to monitor its citizens and parse through vast troves a data, is a significant threat to the personal freedoms of individuals around the globe.
Due to the issues raised by China’s efforts to set international standards in the field of AI that are not congruent with our interests and values, I am concerned the United States is not doing enough to promote United States leadership in establishing the norms and global governance for AI and other emerging technologies. Consequently, I ask that you please respond to the following questions regarding U.S. efforts in the AI field:
- What is the U.S. vision for global standards, norms, and mechanisms for the use of artificial intelligence, grounded in our values, including democracy, personal liberties, and the protection of human rights?
- What U.S. efforts are currently underway to promote this vision for the use of artificial intelligence?
- What should U.S. expectations be for leading U.S.-based firms and researchers when it comes to work in China on projects that violate human rights?
- Does the current export control regime adequately prevent the export of AI technology and technical assistance to human rights violators?
- Should Congress consider an update to the Alien Tort Claims Act, allowing foreign citizens (such as Uyghurs) to seek remedies in U.S. courts for human rights violations directly aided by the actions of U.S. firms or researchers?
- What standards for AI are you promoting in international fora?
- What is the current diplomatic engagement strategy by the Department of State to promote and promulgate those standards, including through participation in appropriate international fora and meetings?
- How is the United States working with allies and partners on the development of AI tools?
Moving forward, I hope to see the United States further strengthen its efforts in the AI field to ensure that we do not cede leadership on this issue to China. AI is rapidly becoming one of the most strategically important domains of the next generation, serving as an enabling technology to a range of future innovations and across disparate fields; it is vital to the security of the United States and our allies that we play a primary role in shaping AI to serve in the best interests of liberty, prosperity, and the promotion of human rights. I ask that you please respond to my questions by May 20th. I look forward to your response.
Warner, Klobuchar, Graham Reintroduce Bipartisan, Bicameral Senate Legislation to Protect Integrity of U.S. Elections, Improve National Security
May 08 2019
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Select Committee on Intelligence and former telecommunications executive, along with Sens. Amy Klobuchar (D-MN) and Lindsey Graham (R-SC), reintroduced bicameral legislation to help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Honest Ads Act will safeguard the integrity of our democracy by requiring large online platforms to maintain public records of advertisers who purchase political ads. Companion legislation is being introduced in the House of Representatives by U.S. Reps. Derek Kilmer (D-WA), Elise Stefanik (R-NY), and 24 other bipartisan cosponsors.
“In 2016, Russia waged widespread disinformation campaigns that exploited social media in an effort to attack our democracy and divide the American public. As we continue to grow increasingly dependent on a handful of very large platforms, there is no doubt in my mind that foreign adversaries will continue to follow in Russia’s footsteps, exploiting the scale, amplification, and lack of transparency of these platforms in order to undermine the strength of the United States and advance their own anti-American agendas,” Sen. Warner said. “Right now, our country needs strong defenses that help ward off shady online attacks by demanding increased transparency, which is why I’m proud to introduce the Honest Ads Act. By requiring large digital platforms to meet the same disclosure standards as broadcast, cable, and satellite ads, this legislation can help prevent foreign actors from manipulating the American public and interfering in our free and fair elections through the use of inauthentic and divisive paid ads.”
“Foreign adversaries interfered in the 2016 election and are continuing to use information warfare to try to influence our government and divide Americans. We must act now to protect our democracy and prevent this kind of interference from ever happening again,” Sen. Klobuchar said. “The goal of the Honest Ads Act is simple: to ensure that voters know who is paying to influence our political system. The bill would put in place the same rules of the road for social media platforms that currently apply to political ads sold on TV, radio, and in print regarding disclaimers and disclosures so that Americans know who is behind the ads they see online. I also want to commend Senator Graham for taking up the mantle of bipartisanship from our late friend, Senator John McCain. Protecting our elections isn’t about politics—it’s about national security and the future of our democracy. I look forward to working with him and Senator Warner to get the Honest Ads Act passed.”
“Hardening our electoral infrastructure will require a comprehensive approach and it can’t be done with a single piece of legislation,” Sen. Graham said. “I am cosponsoring this legislation because it’s clear we have to start somewhere. I am pleased to work with Senators Klobuchar and Warner to address the gaps that currently exist, particularly with regards to social media. Online platforms have made some progress but there is more to be done. Foreign interference in U.S. elections – whether Russia in the 2016 presidential election or another rogue actor in the future – poses a direct threat to our democracy. I intend to work with my colleagues on both sides of the aisle to bolster our defenses and defend the integrity of our electoral system.”
Prior to the 2016 presidential election, Russia attempted to influence the American electorate by using fake accounts to buy and place political ads on platforms such as Facebook, Twitter, and Google. Without greater transparency and disclosure requirements, foreign adversaries and bad actors copying their playbook can continue exploiting the opacity of large social media platforms.
The Honest Ads Act would improve disclosure requirements for online political advertisements by:
- Amending the definition of ‘electioneering communication’ in the Bipartisan Campaign Reform Act of 2002, to include paid internet and digital advertisements.
- Requiring digital platforms with at least 50,000,000 monthly visitors to maintain a public file of all electioneering communications purchased by a person or group who spends more than $500.00 total on ads published on their platform. This file would contain a digital copy of the advertisement, a description of the audience the advertisement targets, the number of views generated, the dates and times of publication, the rates charged, and the contact information of the purchaser.
- Requiring online platforms to make all reasonable efforts to ensure that foreign individuals and entities are not purchasing political advertisements in order to influence the American electorate.
The Honest Ads Act has the support of the Campaign Legal Center, the Alliance for Securing Democracy, the Brennan Center for Justice, Issue One, the Sunlight Foundation, the Center for American Progress, and the German Marshall Fund's Digital Innovation Democracy Initiative, as well as Facebook, and Twitter.
The full text of the Honest Ads Act is available here.
Ahead of G7 Tech Meeting, Menendez, Schumer, Brown, Warner, Wyden Call on Sec. Pompeo to Promote U.S. Leadership in 5G Development
May 07 2019
WASHINGTON – A group of leading national security senators today sent a letter to Secretary of State Mike Pompeo, urging him to use an upcoming meeting of the G7 to forge a partnership of like-minded allies to compete with China in the development of fifth-generation (5G) wireless technology. Signed by Senators Bob Menendez (D-N.J.), Ranking Member of the Senate Foreign Relations Committee, Democratic Leader Chuck Schumer (D-N.Y.), Sherrod Brown (D-Ohio), Ranking Member of the Senate Banking Committee, Mark R. Warner (D-Va.), Vice Chairman of the Senate Select Committee on Intelligence, and Ron Wyden (D-Ore.), Ranking Member of the Senate Finance Committee, the letter calls on the Trump Administration to lead an international effort to develop a secure 5G architecture challenging Huawei’s monopoly over the next generation of telecoms networks.
“As we prepare for G-20 in Japan later this year, this meeting provides a critical opportunity for the United States to lead in the development of an international consortium of like-minded nations to develop a safe, secure, and economically viable alternative to the 5G architecture of firms, like Huawei,” wrote the Senators.
The informal May 16th meeting of the G7 will focus on, “strategy of the G7 at the advent of the data economy and the need to build trust in digital technologies such as 5G.” In their letter, the senators suggest the U.S. must not just confront but also effectively compete with China by leading a public-private consortium of U.S., European, Japanese, Korean and others in an effort to create 5G architecture that meets mutual safety goals and does not pose a risk for national security.
“Separate and alone, competition with China’s state-directed authoritarian model is challenging. Together, our economies represent the vast majority of the world’s most productive and innovative assets. It’s important that this next generation of technologies is shaped by the values of the U.S. and our allies around openness, pluralism, fair competition, and security,” added the senators. “We look forward to your thoughts and ideas for how you intend to take advantage of this meeting to forge an international effort not merely to confront China, but to effectively compete to develop 5G architecture.”
A copy of the letter can be found here and below:
The Honorable Mike Pompeo
Secretary of State
U.S. Department of State
2201 C Street, N.W.
Washington, D.C. 20520
Dear Mr. Secretary,
On May 16th, France will host an informal G-7 “Digital Ministers” meeting to explore strategy and partnership in the G-7 on “Tech for Humanity,” including “strategy of the G-7 at the advent of the data economy and the need to build trust in digital technologies such as 5G.”
As we prepare for G-20 in Japan later this year, this meeting provides a critical opportunity for the United States to lead in the development of an international consortium of like-minded nations to develop a safe, secure, and economically viable alternative to the 5G architecture of firms, like Huawei, that are subject to extra-judicial demands of foreign governments.
As you know, we share many of the concerns you have raised about Huawei’s efforts to dominate global 5G architecture, including the risk created for espionage, and the risks to privacy, security, our military, and our economic competitiveness.
But it is not enough to simply confront China. Working with our allies, we must also be able to compete – and win. Fifth-generation wireless (5G) telecommunications technology stands poised to offer not just a simple step-change as with previous generations of cellular telecommunications technology, but to fundamentally re-write the rule book for economic and social organization, and even our politics, with a new generation of responsive and diversified services.
Yet the fact of the matter is that as things stand today, neither the United States nor our allies and partners are making comparable capital investments or commitments to research and development that match what China and Huawei are devoting to this critical next generation data governance architecture.
However, if the United States were to take a leadership role in forging a new approach with our G-7 and other like-minded partners to bring together a public-private consortium of the best of US, European, Japanese, Korean and others efforts, we are convinced that in short order we can create 5G architecture that meets our common goals for trusted, safe and secure 5G.
We are currently living through a digital transformation of society and of the economy that is as significant as any in human experience. It is creating both opportunities and challenges, including, immediately, that of Huawei’s efforts to set the standards and architecture for 5G. This is mirrored more broadly in China’s wider efforts to unduly shape the development of key emerging technologies such as quantum computing, artificial intelligence, and life sciences.
In the face of this challenge, the United States must stand at the forefront of the development of new global governance models, based on open and secure standards and principles -- and to do so with our allies and partners. Separate and alone, competition with China’s state-directed authoritarian model is challenging. Together, our economies represent the vast majority of the world’s most productive and innovative assets. It’s important that this next generation of technologies is shaped by the values of the U.S. and our allies around openness, pluralism, fair competition, and security.
Ranking Members Warner, Klobuchar, Reed, and Peters Press Election Equipment Manufacturers on Security
Mar 27 2019
WASHINGTON – U.S. Senator Mark R. Warner, Vice Chairman of the Senate Intelligence Committee and a member of the Senate Rules Committee with oversight jurisdiction over federal elections, joined his colleagues in sending a letter to the country’s three largest election system vendors with questions to help inform the best way to move forward to strengthen the security of our voting machines. In the U.S., the three largest election equipment vendors—Election Systems & Software, LLC; Dominion Voting Systems, Inc.; and Hart InterCivic, Inc.—provide the voting machines and software used by ninety-two percent of the eligible voting population. However, voting and cybersecurity experts have begun to call attention to the lack of competition in the election vendor marketplace and the need for scrutiny by regulators as these vendors continue to produce poor technology, like machines that lack paper ballots or audibility.
The letter was signed by Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, Senator Amy Klobuchar (D-MN), Ranking Member of the Rules Committee, Senator Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, and Senator Gary Peters (D-MI), Ranking Member of the Senate Homeland Security Committee.
“The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections,” the senators wrote. “The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”
The full text of the letter is below:
March 26, 2019
Mr. Phillip Braithwaite
President and Chief Executive Officer
Hart InterCivic, Inc.
Mr. Tom Burt
President and Chief Executive Officer
Election Systems & Software, LLC
Mr. John Poulos
President and Chief Executive Officer
Dominion Voting Systems
Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:
We write to request information about the security of the voting systems your companies manufacture and service.
The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections. Following the attack on our election systems in 2016, the Department of Homeland Security (DHS) designated election infrastructure as critical infrastructure in order to protect our democracy from future attacks and we have taken important steps to prioritize election security. We appreciate the work that your companies have done in helping to set up the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector.
Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems. Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.
On February 15, the Election Assistance Commission’s (EAC) Commissioners unanimously voted to publish the proposed Voluntary Voting System Guidelines 2.0 (VVSG) Principles and Guidelines in the Federal Register for a 90 day public comment period. As you know, this begins the long-awaited process of updating the Principles and Guidelines that inform testing and certification associated with functionality, accessibility, accuracy, auditability, and security. The VVSG have not been comprehensively updated since 2005 – before the iPhone was invented – and unfortunately, experts predict that updated guidelines will not be completed in time to have an impact on the 2020 elections. While the timeline for completing VVSG 2.0 is frustrating, these guidelines are voluntary and they establish a baseline – not a ceiling – for voting equipment. Furthermore, VVSG 1.1 has been available for testing since 2015.
In other words, the fact that VVSG 2.0 remains a work in progress is not an excuse for the fact that our voting equipment has not kept pace both with technological innovation and mounting cyber threats. There is a consensus among cybersecurity experts regarding the fact that voter-verifiable paper ballots and the ability to conduct a reliable audit are basic necessities for a reliable voting system. Despite this, each of your companies continues to produce some machines without paper ballots. The fact that you continue to manufacture and sell outdated products is a sign that the marketplace for election equipment is broken. These issues combined with the technical vulnerabilities facing our election machines explain why the Department of Defense’s Defense Advanced Research Projects Agency (DARPA) is reportedly working to develop an open source voting machine that would be secure and allow people to ensure their votes were tallied correctly.
As the three largest election equipment vendors, your companies provide voting machines and software used by 92 percent of the eligible voting population in the U.S. This market concentration is one factor among many that could be contributing to the lack of innovation in election equipment. The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.
In order to help improve our understanding of your businesses and the integrity of our election systems, we respectfully request answers to the following questions by April 9, 2019:
- What specific steps are you taking to strengthen election security ahead of 2020? How can Congress and the federal government support these actions?
- What additional information is necessary regarding VVSG 2.0 in order for your companies to begin developing systems that comply with the new guidelines?
- Do you anticipate producing systems that will be tested for compliance with VVSG 1.1? Why or why not?
- What steps, if any, are you taking to enhance the security of your oldest legacy systems in the field, many of which have not been meaningfully updated (if at all) in over a decade?
- How do EAC certification requirements and the certification process affect your ability to create new election systems and to regularly update your election systems?
- Do you support federal efforts to require the use of hand-marked paper ballots for most voters in federal elections? Why or why not?
- How are you working to ensure that your voting systems are compatible with the EAC’s ballot design guidelines (i.e. “Effective Designs for the Administration of Federal Elections”)?
- Experts have raised significant concerns about the risks of ballot marking machines that store voter choice information in non-transparent forms that cannot be reviewed by voters (i.e. such as barcodes or QR codes), noting that errors in the printed vote record could potentially evade detection by voters. Do you currently sell any machines whose paper records do not permit voters to review the same information that the voting system uses for tabulation? If so, do you believe this practice is secure enough to be used in the 2020 election cycle?
- Do you make voting systems with Cast Vote Records (CVRs) that can be reliably connected to specific unique ballots, while also maintaining voter privacy? If not, why not? Does your company make voting systems that allow for a machine-readable data export of these CVRs in a format that is presentation-agnostic (such as JSON) and can be reliably parsed without substantial technical effort? If not, why not?
- Would you support federal legislation requiring expanded use of routine post-election audits, such as risk-limiting audits, in federal elections? Why or why not?
- What portion of your revenue is invested into research and development to produce better and more cost effective voting equipment?
- Congress is currently working on legislation to establish information sharing procedures for vendors regarding security threats. How does your company currently define a reportable cyber-incident and what protocols are in place to report incidents to government officials?
- What steps are you taking to improve supply chain security? To the extent your machines operate using custom, non-commodity hardware, what measures are you taking to ensure that the supply chains for your custom hardware components are monitored and secure?
- Do you employ a full-time cybersecurity expert whose role is fully dedicated to improving the security of your systems? If so, how long have they been on staff, and what title and authority do they have within your company? Do you conduct background checks on potential employees who would be involved in building and servicing election systems?
- Does your company operate, or plan to operate, a vulnerability disclosure program that authorizes good-faith security research and testing of your systems, and provides a clear reporting mechanism when vulnerabilities are discovered? If not, what makes it difficult for your company to do so, and how can Congress and the federal government help make it less difficult?
- How will DARPA’s work impact how your company develops and manufactures voting machines?
We look forward to your answers to these questions, and thank you for your efforts to work with us and with state election officials around the country to improve the security of our nation’s elections.
Bipartisan Legislation to Improve Cybersecurity of Internet-of-Things Devices Introduced in Senate & House
Mar 11 2019
WASHINGTON – Bipartisan legislation to improve the cybersecurity of Internet-connected devices will be introduced today in the Senate and the House of Representatives. The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require that devices purchased by the U.S. government meet certain minimum security requirements.
The legislation is being introduced in the Senate by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner(R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT), while Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) are introducing companion legislation in the House of Representatives.
“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” said Sen. Warner, a former technology entrepreneur and executive and Vice Chairman of the Senate Select Committee on Intelligence. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”
“The Internet of Things (IoT) landscape continues to expand, with most experts expecting tens of billions of devices to be operating on our networks within the next several years,” Sen. Gardner said. “As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure, particularly when they are integrated into the federal government’s networks. Agencies like the National Institute of Standards and Technology (NIST), which has a major campus in Boulder, are key players in helping establish guidelines for improved IoT security and our bill builds on those efforts. As co-chairs of the Senate Cybersecurity Caucus, Senator Warner and I remain committed to advancing our nation’s cybersecurity defenses.”
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Rep. Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. This is groundbreaking work and IoT devices must be built with security in mind, not as an afterthought,” said Rep. Hurd, former computer science major, cybersecurity entrepreneur and Chair of the House Subcommittee on Information Technology. “This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”
“With everything from LED lights to thermostats connected to the internet, we need to act swiftly to step up security for ‘internet of things’ devices to prevent hackers from disrupting our economy and threatening public safety,” Sen. Hassan said. “By requiring the federal government to only purchase devices that meet certain cybersecurity standards, this bill will help protect federal agencies against hackers who are seeking to exploit internet of things devices in order to steal critical national security information and the private data of Granite Staters and Americans.”
“As the Internet of Things landscape grows – we must ensure that Montanan’s information is safe and the security of our critical infrastructure is protected,” said Sen. Daines. “This bill helps establish proper safeguards that balance the need to protect Montanan’s privacy and our national security with the growing tech economy and high-paying jobs it provides.”
The Internet of Things, the term used to describe the growing network of Internet-connected devices and sensors, is expected to include over 20 billion devices by 2020. While these devices and the data they collect and transmit present enormous benefits to consumers and industry, the relative insecurity of many devices presents enormous challenges. Sometimes shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack. IoT devices have been used by bad actors to launch devastating Distributed Denial of Service (DDoS) attacks against websites, web-hosting servers, and internet infrastructure providers.
At a hearing of the Senate Armed Services Committee last year, the Director of the Defense Intelligence Agency, Lt. General Robert Ashley, described exploitation of insecure IoT devices as one of the two “most important emerging cyber threats to our national security.” Last May, the Departments of Commerce and Homeland Security published a report highlighting the IoT market forces that reward low-price and convenience at the expense of security. The signature recommendation of the May 2018 report was that the Federal government should “lead by example” by requiring the acquisition of more secure and resilient products and services, particularly IoT. The IoT Cybersecurity Improvement Act will address both this market failure and the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurements of connected devices by the government.
Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would:
- Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
- Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
- Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
- Direct NIST to work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
- Require contractors and vendors providing IoT devices to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.
“BSA applauds Senators Warner and Gardner for their leadership in securing the IoT, and calls on Congress to act swiftly to advance this important legislation,” said Tommy Ross, Senior Policy Director, BSA | The Software Alliance. “As IoT devices increasingly bring greater productivity and quality of life to consumers and businesses across sectors, we must be proactive in addressing the unique security considerations they bring.”
“Internet-aware devices raise deep and novel security issues, with problems that could arise months or years after purchase, and spill over to people who aren't the purchasers. This bill leverages the government procurement market, rather than direct regulation, to encourage Internet-aware device makers to employ basic security measures in their products,” said Jonathan Zittrain, Co-Founder of Harvard University’s Berkman Klein Center for Internet & Society.
“Insecure and unsecured IoT devices are a risk we must address, and it will only happen if the government and the private sector both step up. I'm glad that Senators Warner and Gardner and Representatives Kelly and Hurd are continuing to push this issue,” said Jeff Greene, Vice President of Global Government Affairs & Policy at Symantec.
“Weak IoT security with little oversight puts the American public at risk, particularly as these devices become more and more common in our offices and in our homes. We need a coordinated approach. Empowering NIST to set standards for the development and management of these devices, as the IoT Cybersecurity Improvement Act of 2019 proposes, will help secure the sensitive data held by the government and the private information shared within our homes,” said Alan Davidson, Vice President of Global Policy, Trust, and Security at Mozilla.
“The proliferation of insecure Internet-connected devices presents an enormous security challenge. The risks are no longer solely about data; they affect flesh and steel. The market is not going to provide security on its own, because there is no incentive for buyers or sellers to act in anything but their self-interests. I applaud Senator Warner and his cosponsors for nudging the market in the right direction by establishing thorough, yet flexible, security requirements for connected devices purchased by the government,” said Bruce Schneier, Fellow and Lecturer at Harvard Kennedy School of Government.
“Cloudflare applauds Senators Warner and Gardner, Representatives Kelly and Hurd, and their cosponsors for their continued efforts to address the risks posed by improperly secured IoT devices with the introduction of this latest bill. Using the government procurement process to encourage security research and innovation will make the U.S. Government a leader in this area, and should open up a robust discussion of these issues. Cloudflare looks forward to continuing to work with them as this bill moves forward,” said Doug Kramer, General Counsel, Cloudflare Inc.
“IoT device insecurity is a serious problem that needs to be addressed. Although much must be done to address this problem, the longest journey begins with a single step—and this bill is just such a step in moving the ball forward on IoT security for government procurements,” said Dr. Herb Lin, senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University.
"Billions of devices connect our world and in the coming years we will see billions more. Each device adds to an expanding and elastic attack surface that creates a massive gap in the ability to truly understand cyber risk at any given time. The Internet of Things (IoT) Cybersecurity Improvement Act, introduced by Representatives Robyn Kelly (D-IL) and Will Hurd (R-TX), tasks NIST with developing security guidelines to address critical vulnerabilities in the development of IoT devices that the federal government purchases. This legislation will help the government better manage its cyber risks, and provide a strong example for other organizations. We also strongly support the call for NIST to develop a report that addresses Cyber Exposure considerations related to the increasing convergence of IT, IoT, and OT devices, networks and systems, as the modern enterprise must manage risk across all these environments," said James Hayes, Vice President of Global Government Affairs at Tenable.
“We applaud Senators Warner and Gardner and Representatives Kelly and Hurd for introducing the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The wireless industry is committed to ensuring the security of IoT devices and we look forward to working with the sponsors of the legislation on policies that will help protect consumers,” said Kelly Cole, Senior Vice President for Government Affairs at CTIA.
Similar legislation was previously introduced in the 115th Congress.
Sen. Warner wrote to the Federal Trade Commission (FTC) in July 2016 raising concerns about the security of children’s data collected by Internet-connected “Smart Toys.” In May 2017, the Senator wrote a follow-up letter to Acting FTC Chairwoman Maureen Ohlhausen reiterating his concerns following comments by the Chairwoman that the risks of IoT devices are merely speculative. In response to the Senator’s concerns, the FTC issued updated guidance on protecting children’s personal data in connected toys. Immediately in wake of October’s devastating DDoS attack on the nation’s internet infrastructure by the Mirai botnet, Sen. Warner wrote the FCC, FTC, and NCCIC to raise concerns about the proliferation of botnets composed of insecure devices. Sen. Warner also wrote to Office of Management and Budget Director Mick Mulvaney and Secretary of Homeland Security John Kelly in May 2017 asking what steps the Federal Government had taken to defend against WannaCry ransomware.
Sen. Warner, the Vice Chairman of the Senate Select Committee on Intelligence and former technology executive, is the co-founder and co-chair of the bipartisan Senate Cybersecurity Caucus and a leader in Congress on security issues related to the Internet of Things (IoT).
Bill text is available here.
Warner, Rubio Ask Intelligence Community for Public Report Detailing Chinese Participation in 5G Standard-Setting
Mar 01 2019
Washington – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), a member of the Senate Select Committee on Intelligence, urged Director of National Intelligence Dan Coats to issue a comprehensive and unclassified report on China’s participation in the international standard-setting bodies (ISSBs) for fifth-generation wireless telecommunications technologies (5G). This report would allow companies in the U.S. to fully assess any existing threats to fair competition and push back against them.
“In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies,” wrote the Senators.“Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend.”
American companies do not currently have access to crucial information regarding China’s alleged use of political influence in ISSBs or other anti-competitive practices, such as the state-directed coordination of large Chinese telecommunications firms. These practices can undermine fair competition, hinder the ability of us companies to sell and scale their technologies, and raise serious economic and security concerns for U.S. networks and future generations of wireless technologies.
Prompted by a series of anecdotal concerns raised to the Senate Select Committee on Intelligence (SSCI) regarding China’s attempt to politically influence the ISSBs, the Senators urged Director Coats to issue a report detailing:
1. Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs;
2. Specific examples of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,
3. How Chinese-led standards for 5G technologies will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.
They concluded, “We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.”
Sens. Warner and Rubio are the lead sponsors of bipartisan legislation to help combat tech-specific threats to national security posed by foreign actors like China. Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies. On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Warner has also urged the Administration to work with our allies to combat these technology threats. Sens. Warner and Rubio are also the authors of bipartisan legislation to enforce full compliance by ZTE with all probationary conditions of a U.S. Commerce Department’s deal struck with the company last year that ended U.S. imposed sanctions.
Full text of the letter is below and a copy can be found here.
Director Dan Coats
Director of National Intelligence
1500 Tysons McLean Drive
McLean, VA 22102
Dear Director Coats:
We are writing to request an unclassified report on the participation of China and other adversarial nations in the international standard-setting bodies (“ISSBs”) for fifth-generation wireless telecommunications technologies (“5G”). Over the past year, the Senate Select Committee on Intelligence (“SSCI”) has heard anecdotal concerns that China is attempting to exert pressure or political influence in the ISSBs, which have historically functioned as technological meritocracies. Not only does political influence undermine fair competition, it also raises serious economic and security concerns for 5G and future generations of wireless technologies.
Currently, U.S. companies do not have access to critical information about the nature of this threat, and the degree of state-directed coordination amongst large Chinese telecommunication firms seeking to gain a critical edge in wireless technologies. Without adequate information, U.S. companies cannot effectively push back against this behavior, nor can the United States coordinate with our allies to deter anticompetitive practices in the ISSBs.
Specifically, we request a detailed and unclassified report, to the extent possible, from the Intelligence Community (“IC”) on the following items:
1. Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs, if there is evidence of such trends;
2. Specific examples and case studies of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,
3. Implications of Chinese-led standards for 5G technologies and how that will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.
In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies. Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend.
We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.
We appreciate your attention to this important matter.