Statement of Senate Cybersecurity Caucus Co-Chairs Warner & Gardner On Classified CISA Ransomware Briefing
Dec 04 2019
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), the bipartisan co-chairs of the Senate Cybersecurity Caucus, issued a statement after convening a classified briefing with Senators and Chris Krebs, Director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), to discuss the growing threat posed by ransomware attacks:
“The continued prevalence of ransomware should really capture our attention. It’s costly, devastatingly high-impact, growing, and, in most cases, easily preventable with basic responsible cybersecurity practices.
“Ransomware and its destructive cousin wiperware are designed to inflict fear and uncertainty, disrupt vital services, and sow distrust in public institutions. While often viewed as basic digital extortion, ransomware has had materially adverse impacts on markets, social services like education, water, and power, and on healthcare delivery, as we have seen in a number of states and municipalities across the United States.
“We are glad our colleagues in the Senate Cybersecurity Caucus could join Director Krebs for this much-needed conversation about ways Congress and the federal government can better address this important issue.”
Dec 04 2019
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA) and John Cornyn (R-TX) today introduced the UIGHUR Protection Act, which would place export controls on critical technologies to China, such as facial recognition software, that can be used to facilitate mass surveillance and detention.
“As we have seen from extensive reporting and leaked Chinese government documents, the Chinese government is undertaking systematic repression and internment of Uighurs and other ethnic minorities in the Xinjiang Uighur Autonomous region in the People’s Republic of China. This behavior extends beyond Xinjiang to other regions and online communities. We need to ensure that US companies are not enabling these efforts, intentionally or inadvertently, by selling specific technology items that provide critical capabilities to the Chinese government for their surveillance, censorship, and social control efforts,” said Sen. Warner.
“For years, members of China’s Uighur population have been unjustly detained and surveilled by the Chinese government,” said Sen. Cornyn. “American technology should not be used for the oppression of ethnic minority groups by foreign governments, and this legislation would ensure that the United States has no part in these despicable practices.”
The UIGHUR Protection Act would require the President, no later than 120 days after enactment, to identify and place items and technologies on the Commerce Control List that provide a critical capability to the Chinese government for suppressing human rights. Special licenses may be granted by the President for the export, re-export, or in-country transfer to or within China for these critical technologies but the bill would require a presumption of denial.
Uighurs, or Uyghurs, are an ethnic group living primarily in the Xinjiang Uyghur Autonomous Region (XUAR) in China’s northwest. Since an outbreak of demonstrations and ethnic unrest in 2009 and clashes involving Uyghurs and Xinjiang security personnel that spiked between 2013 and 2015, the Chinese Community Party (CCP) began a policy of mass internment through labor camps they refer to as “reeducation camps.”
According to various estimates, Xinjiang authorities have detained over one million Turkic Muslims, mostly ethnic Uyghurs, and Kazakhs, in these camps without formal charges, trials or hearings, and with no timetable for release. According to former detainees, treatment and conditions in the camps include beatings, food deprivation, and crowded and unsanitary conditions.
WASHINGTON, D.C. – U.S. Senators Mark R. Warner and Tim Kaine, a member of the Senate Armed Services Committee, released the following statement after the Navy signed a contract to block buy nine Virginia-class submarines:
“We’re glad the Navy reached this deal to save taxpayer dollars and help protect our nation. We’ve long supported Virginia-class submarines, and we’re excited that this move will strengthen our shipbuilding community in Hampton Roads, where these submarines are built.”
Warner and Kaine have supported funding for the submarines in the annual defense bill and discussed the benefits of Virginia-class submarines with military leadership.
WASHINGTON – U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, spoke at a bipartisan event in the U.S. Capitol hosted by the Washington Kurdish Institute. In his remarks, Warner called on the Senate to take up and pass the Syrian Allies Protection Act, legislation Warner introduced that would make U.S. visas available to Kurdish Syrians who worked directly with the U.S. armed forces in Syria.
These individuals’ lives now may be in danger after President Trump abruptly withdrew American troops from northern Syria and allowed a Turkish military operation to move forward against Kurdish fighters, who have been integral partners in the fight against ISIS. Since the Turkish offensive began last month, there have been reports of executions and human rights abuses against Kurdish fighters and civilians, and at least 99,200 people in northeastern Syria remain displaced, with 14,000 refugees seeking shelter in Iraq, according to the United Nations.
Responding to the President’s decision to withdraw U.S. forces from northern Syria, Warner said, “It's now a month and a half since the President of the United States – in one phone call – undermined our Kurdish allies, completely caught the American military and the American intelligence community totally off-guard, and threw the region into chaos. As a result of that telephone conversation, men and women of the SDF [Syrian Defense Forces] and other Kurdish allies – who literally up until that phone call, in many cases, were standing with the American military – are now subject to being killed.”
The Senator continued, “I also think the President's decision to abandon the Kurds will be a disaster for American foreign policy for decades. How do we go back to allies or potential allies in a very troubled region and say, ‘If you align with us and promote democratic values and promote human rights and stand with us, we will stand with you?’”
On the question of who benefits most from the withdrawal of American troops, Warner noted, “Who are the winners? Iran… [Syrian Dictator Bashar al] Assad… Vladimir Putin… ISIS. These are not allies of the United States or the Kurdish people.”
According to a report from the Defense Department released Tuesday, the Turkish incursion into northeastern Syria and the drawdown of U.S. troops allowed ISIS to “reconstitute capabilities and resources within Syria and strengthen its ability to plan attacks abroad... In the longer term, ISIS will probably seek to regain control of some Syrian population centers and expand its global footprint.” The report also noted that the Turkish offensive allowed Russian and Syrian government forces to move into northeast Syria, a development the State Department and U.S. Agency for International Development (USAID) said “would likely impact” U.S. goals for a peaceful end to the Syrian civil war.
In his remarks, Warner called on Congress to pass his legislation to protect Kurdish Syrians who worked directly with the U.S. armed forces in Syria prior to the President’s withdrawal.
“One thing that is the bare minimum we should do is support legislation that I've put forward called the Syrian Allies Protection Act. What that says is very simply that the men and women, the Kurdish men and women allies who had been working with the United States military or our intelligence services for at least six months, ought to be protected on a going-forward basis,” Warner said.
Similar to congressionally-directed programs that made select Iraqi and Afghan nationals who worked as interpreters or in other vital military support positions eligible for special immigrant visas, the Syrian Allies Protection Act would protect those Kurds in Syria who worked most closely with the United States, usually as translators, and whose lives are now threatened not only by the ongoing Turkish incursion, but by potential retaliation by freed ISIS fighters, regime forces, and other foreign interests in Syria now that the protection of American forces has been removed. The legislation would provide permanent American residence to Syrian nationals who worked for the U.S. armed forces for at least six months, have obtained a favorable recommendation from a general or flag officer in the chain of command, and have passed a background check and screening. The legislation would also direct the Secretary of Defense, in consultation with the Secretaries of State and Homeland Security, to develop and implement a framework to evacuate these eligible individuals to safety – either in the United States or a third country – while vetting takes place, if their lives are at risk remaining in Syria.
The Washington Kurdish Institute is a 501(c)(3) non-profit, research and educational organization that was established in 1996, which represents Kurdish American interests and advocates for policies supporting the development of Kurdistan’s civil society.
Nov 19 2019
WASHINGTON – Today, the bipartisan leadership of several key Senate committees urged President Trump’s national security adviser to designate a senior coordinator dedicated to leading the nation’s effort to develop and deploy next-generation communications technologies. In a letter to Robert O’Brien, who was appointed as national security adviser in September, the top Republican and Democratic Senators on the Senate Select Committee on Intelligence, the Senate Homeland Security and Governmental Affairs Committee, the Senate Foreign Relations Committee and the Senate Armed Services Committee stressed the urgent need for the Trump administration to develop a national strategy for 5G, and to prioritize across government agencies the nation’s effort to develop and deploy the technology.
“While we appreciate the progress being made within and across departments and agencies, we are concerned that their respective approaches are not informed by a coherent national strategy. In our view, the current national level approach to 5G comprises of a dispersed coalition of common concern, rather than a coordinated, interagency activity. Without a national strategy, facilitated by a common understanding of the geopolitical and technical impact of 5G and future telecommunications advancements, we expect each agency will continue to operate within its own mandate, rather than identifying national authority and policy deficiencies that do not neatly fall into a single department or agency. This fractured approach will not be sufficient to rise to the challenge the country faces. We hope that you, as the new National Security Adviser, will make this issue a top priority. We would further urge you to designate a dedicated, senior individual focused solely on coordinating and leading the nation’s effort to develop and deploy future telecommunications technologies. We believe that having a senior leader would position the United States to lead on telecommunications advancements, ensure the United States is appropriately postured against this strategic threat, and demonstrate to our allies the seriousness with which the nation considers the issue,” wrote Sens. Mark R. Warner (D-VA) and Richard Burr (R-NC), the Vice Chairman and Chairman of the Intelligence Committee; Sens. Ron Johnson (R-WI) and Gary Peters (D-MI), the Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee; Sens. Jim Risch (R-ID) and Bob Menendez (D-NJ), the Chairman and Ranking Member of the Foreign Relations Committee; and Sens. Jim Inhofe (R-OK) and Jack Reed (D-RI), the Chairman and Ranking Member of the Armed Services Committee.
The Senators stressed the dangers of allowing China to continue to lead the development of 5G technology. Maintaining White House focus on 5G is especially important in light of last week’s decision to eliminate the emerging technologies directorate at the National Security Council.
“While the United States has led in the development and deployment of previous telecommunications evolutions, 5G represents the first evolutionary step for which an authoritarian nation leads the marketplace for telecommunications solutions. China’s leadership, combined with the United States’ increased reliance on high-speed, reliable telecommunications services to facilitate both commerce and defense, poses a strategic risk for the country. We cannot rely exclusively on defensive measures to solve or mitigate the issue, but rather we must shape the future of advanced telecommunications technology by supporting domestic innovation through meaningful investments, leveraging existing areas of U.S. strength, and bringing together like-minded allies and private sector expertise through a sustained effort over the course of decades, not months. A challenge of this magnitude requires a more ambitious response than traditional agency processes can support,” wrote the Senators.
A copy of the letter is available here.
Warner Requests Update on V-A, DoD Efforts to Protect Veterans & Servicemembers from Foreign Disinformation online
Nov 13 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, joined his Senate colleagues in requesting information from the U.S. Department of Veterans Affairs (VA) and the U.S. Department of Defense (DoD) on the agencies' efforts to educate veterans and servicemembers about online disinformation campaigns and other malign influence operations by Russian, Chinese, and other foreign entities. Today’s letters follow a two-year investigation by Vietnam Veterans of America (VVA) that documented persistent, pervasive, and coordinated online targeting of American servicemembers, veterans, and their families by foreign entities seeking to disrupt American democracy.
In particular, the VVA report found that the Russian Internet Research Agency (IRA) specifically targeted American veterans and the social media followers of several congressionally-chartered veterans service organizations during and after the 2016 election. The report also revealed that foreign entities are targeting servicemembers and veterans for the purpose of interference in the upcoming federal election.
Virginia is home to roughly 714,000 veterans, approximately 130,000 active duty servicemembers, and their families.
In their letter to VA Secretary Robert Wilkie, the Senators noted that while the VA has prioritized the security of its information systems and infrastructure – including veterans' personal information – the VA does not appear to have an established strategy for educating veterans about online disinformation efforts targeting them. The Senators urged Secretary Wilkie to consider implementing the VVA report's recommendations.
“While countering disinformation targeting veterans is not a core VA function, identifying these tactics helps improve veterans' cyber security and their ability to detect and avoid falling prey to scams and other forms of manipulation,” the Senators wrote in their letter to VA.
In their letter to Defense Secretary Mark Esper, the senators acknowledged DoD has worked to deter online disinformation and other malign influence campaigns by foreign adversaries, but they also called on the Department to implement VVA's recommendations, consistent with existing efforts to counter foreign malign influence operations.
“Malicious foreign actors are targeting servicemembers using disinformation through social media platforms and other online tools and ... countering foreign interference in American elections is critical to protecting the integrity of our democracy,” the Senators wrote in their letter to DoD.
The VVA report's recommendations for addressing online disinformation targeting servicemembers include directing DoD to “create a working group to study the security risks inherent in the use of common personal electronic devices and apps at home and abroad by servicemembers,” and to “direct commanders to include personal cybersecurity training and regular cyber-hygiene checks for all servicemembers.”
The report also recommended that the VA immediately develop plans to make the cyber-hygiene of veterans an urgent priority within the VA, and educate and train veterans on personal cyber security, “including how to identify instances of online manipulation.”
In addition to Sen. Warner, the letter was led by Sen. Elizabeth Warren (D-MA) and cosigned by Sens. Sherrod Brown (D-OH), Tammy Duckworth (D-IL), Richard Blumenthal (D-CT), Edward J. Markey (D-MA), Chris Van Hollen (D-MD), Richard Durbin (D-IL), Democratic Whip, Catherine Cortez Masto (D-NV), Tom Udall (D-NM), Bernie Sanders (I-VT), Tammy Baldwin (D-WI), Doug Jones (D-AL), Ron Wyden (D-OR), Robert Menendez (D-NJ), Ranking Member of the Senate Foreign Relations Committee, Mazie Hirono (D-HI), Kirsten Gillibrand (D-NY), Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Kamala Harris (D-CA).
Following Russia’s unprecedented use of social media to sow discord and influence the 2016 presidential elections, Sen. Warner wrote a social media white paper highlighting ways to protect users on social media against misinformation and disinformation campaigns. Sen. Warner has also written and introduced a series of bipartisan bills designed to protect consumers and reduce the power of giant social media platforms like Facebook. His work as Vice Chairman of the Senate Select Committee on Intelligence helped uncover Russia’s extensive efforts to exploit social media in the 2016 elections.
Nov 08 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, today raised concern with the U.S. Department of Health and Human Services (HHS)’s failure to act, following a mass exposure of sensitive medical images and information by health organizations. In a letter to the HHS Director of the Office for Civil Rights, Sen. Warner identified this exposure as damaging to individual and national security, as this kind of information can be used to target individuals and to spread malware across organizations.
“I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it,” wrote Sen. Warner. “As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.”
“These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization,” he continued. “In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected.”
On September 17th, a report revealed that millions of Americans had their private medical images exposed online, due to unsecured picture archiving and communication servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM) protocol. Along with the medical images, these PACS also exposed the names and social security numbers of those affected, leaving this information open to anyone with basic computer expertise, as these required no authentication to access or download.
This exposure was uncovered by German researchers, who contacted the German Federal Office for Information Security (BSI). BSI then alerted the United States Computer Emergency Readiness Team (US-CERT), who confirmed the exposure and reached out to HHS. However, if they received this information, HHS has failed to act on it, even failing to list TridentUSA Health Services – one of the main companies responsible for the exposure – on its breach portal website.
In his letter to Director Roger Severino, Sen. Warner also raised alarm with the fact that TridentUSA Health Services successfully completed an HHS Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audit in March 2019, while patient images were actively accessible online.
Sen. Warner also posed the follow questions for HHS regarding the incident, and its current cybersecurity requirements and procedures:
- Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?
- If so, what actions were taken to address the issue?
- What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?
- Does OCR have information security experts on staff or does it rely on external consultants as part of these audits?
- What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?
- Please describe your information security audit process.
- Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?
Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In September, Sen. Warner wrote to TridentUSA Health Services to inquire about the company’s data security practices, following reports that a company affiliate exposed medical data belonging to millions of Americans. Earlier that month, Sen. Warner demanded answers from U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate incidents that affected both entities and exposed the personal, permanently identifiable data of many Americans. Sen. Warner has introduced legislation to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.
The letter text can be found below and a PDF is available here.
Mr. Roger Severino
Director, Office for Civil Rights
Department of Health and Human Services
200 Independence Ave SW
Washington, DC 20201
Dear Director Severino,
As the health care industry increasingly harnesses internet connectivity and software, including machine learning systems, to improve patient care, a long overdue focus on data privacy and information security has come into sharper focus. This is particularly evident in light of reports that sensitive medical records of potentially millions of Americans were recently exposed online – and that your agency has done little to address this issue. Prompting even greater concern, one of the companies that left the data exposed online also successfully completed one of your Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance audits in March. I am alarmed that this is happening and that your organization, with its responsibility to protect the sensitive personal medical information of the American people, has done nothing about it. As your agency aggressively pushes to permit a wider range of parties (including those not covered by HIPAA) to have access to the sensitive health information of American patients, without traditional privacy protections attaching to that information, HHS’s inattention to this particular incident becomes even more troubling.
On September 17th ProPublica published a shocking report that the sensitive medical images of millions of American patients were exposed online through unsecured picture and archiving and communications servers (PACS) that utilize the Digital Imaging and Communications in medicine (DICOM), protocol. The publicly-accessible information that had been accessed from Germany included MRI’s, X-rays, and CT scans, as well as names and social security numbers of the patients. The 13.7 million images found on the internet required absolutely no authentication to access or download. As of writing this letter, there are 779 million image records attached to 21.6 million patient records, impacting an estimated 5 million patients in 22 states. The largest system accessed holds 61 million diagnostic images attached to 1.23 million exam records of American patients and remains available on the internet.
In late August, German researchers initiated an investigation to determine the global accessibility and remote access capabilities of PACS. On September 9th, the researchers concluded their two week inquiry and submitted their findings to the German Federal Office for Information Security (BSI). By September 17th, BSI had addressed the affected systems which were removed from the internet prior to the publishing of the ProPublica report.
After US-CERT was notified of the problem by BSI, US-CERT contacted the German researchers at Greenbone Networks, confirming they received the data on September 20th. US-CERT stated the agency would convey the information to the U.S. Department of Health and Human Services (HHS). According to the researchers, however, there has been no further communication from US-CERT or HHS, even though data privacy authorities from other countries like France and the UK contacted Greenbone Networks following the publication of ProPublica’s report.
On September 23rd, I wrote to TridentUSA Health Services expressing my concern regarding the issues raised in the ProPublica report, and pointed out that MobilexUSA, a TridentUSA Health Services affiliate, was identified as controlling one of the unsecured PACS. On October 15th, the German researchers demonstrated to my office a number of US-based PACS have open ports, supporting unencrypted communications protocols, exposing images to the internet like chest X-rays and mammograms, and identifying details like names and social security numbers. Those images and medical records continue to be accessible.
These reports indicate egregious privacy violations and represent a serious national security issue -- the files may be altered, extracted, or used to spread malware across an organization. Earlier this year, researchers demonstrated that a design flaw in the DICOM protocol could easily allow an adversary to insert malicious code into an image file like a CT scan, without being detected. The researchers who discovered the flaw in the DICOM protocol were able to use a polyglot file, which can contain more than one stream of data with different file formats, and hide the malicious code in the scan. In their current unencrypted state, CT, MRI and other diagnostic scans on the internet could be downloaded, injected with malicious code, and re-uploaded into the medical organization’s system and, if capable of propagating, potentially spread laterally across the organization.
In their response to my letter, TridentUSA Health Services noted that they successfully completed the Department of Health and Human Services audits, confirming compliance with the HIPAA Security Rule, the last of which concluded in March 2019, while patient images were accessible online.
While the information security lapses by the medical companies using the PACS are clear, it is unclear how your agency has addressed this issue. As of the writing of this letter, TridentUSA Health Services is not included on your breach portal website, and I have seen no evidence that, once contacted by US-CERT, you acted on that information in any meaningful way.
To understand how such an enormous oversight in your organization has allowed medical companies to leave insecure ports open to the internet and accessed repeatedly by a German IP address, I ask that you answer the following questions:1. Did HHS receive a notice from US-CERT regarding the open PACS ports available with diagnostic imaging available on the internet without any restrictions?
a. If so, what actions were taken to address the issue?
2. What evidence do you require organizations to produce during a HIPAA Security Rule audit? Are organizations asked to turn over their audit logs? How does OCR review the logs?
a. Does OCR have information security experts on staff or does it rely on external consultants as part of these audits?
3. What are the follow-up procedures if an organization’s log files reveal access to sensitive data from outside the United States, such as in this case?
4. Please describe your information security audit process.
5. Please describe your oversight of the DICOM protocol and PACS security. Do you require organizations to implement access controls? If so, what kind? Do you require full-disk encryption and authentication for PACS? Are the DICOM protocol implementations included in the audits?
The American people deserve to have their sensitive private information protected and their government held accountable for enforcing the rules in place to keep that information private. I hope that you will share what immediate actions you are taking, along with answering the questions above. I look forward to hearing your response no later than November 18, 2019.
WASHINGTON – After ISIS terrorists in Syria escaped from detention facilities that had been run by America’s Kurdish partners in the Syrian Defense Forces (SDF) following the withdrawal of U.S. troops and subsequent incursion by Turkey, U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, and U.S. Sen. Susan Collins (R-ME), a senior member of the Committee, today requested that the Office of the Director of National Intelligence produce an unclassified assessment regarding the escape’s impact on the security of United States and our allies.
In a letter to the acting Director of National Intelligence Admiral Joseph Maguire, the Senators wrote, “The SDF has been holding more than 10,000 captured ISIS fighters, including 2,000 so-called ‘foreign fighters,’ committed jihadists who traveled from Europe, the Middle East, and elsewhere, to join ISIS. Many of these individuals are hard-core terrorists, with the kinds of expertise – bomb-making, leadership and propaganda – that had made ISIS such a threat to the United States and our allies. As the Kurds understandably shift their focus to defending themselves, their ability to securely detain these ISIS fighters will become increasingly uncertain. Already, press reports have indicated that senior U.S. officials say they have ‘no real idea’ how many fighters may have already escaped, and how many more are likely to do so.”
“If the past is any indication, it was escaped al-Qaeda in Iraq (AQI) prisoners that formed the core of what became known as ISIS, contributing to the group’s eventual takeover of Mosul and much of northern Iraq. The subsequent influx of foreign fighters into Iraq and Syria increased the terrorist threat to the United States and Europe. If left unchecked, the escape of ISIS detainees in Syria could lead to similar counterterrorism setbacks,” continued the Senators. “Therefore, please provide to the Senate Select Committee on Intelligence an assessment of the impact the escape of ISIS detainees in SDF custody could have on the security of United States and our allies, including the detainees who have escaped and those still residing in SDF custody. In order to better inform the American public, the Congress, policymakers and America’s allies, this assessment should be unclassified to the extent possible, with a classified annex if needed.”
The Senators asked that ODNI provide a response to the request within two weeks, by November 19, 2019. The full text of today’s letter is below. A signed copy is available here.
November 5, 2019
The Honorable Joseph Maguire
Acting Director of National Intelligence
Office of the Director of National Intelligence
Washington, DC 20511
Dear Director Maguire:
We write to express our grave concern about the instability in Syria, and particularly about the escape of numerous Islamic State (ISIS) detainees from detention facilities that had been run by America’s Kurdish partners in the Syrian Defense Forces (SDF).
The SDF has been holding more than 10,000 captured ISIS fighters, including 2,000 so-called “foreign fighters,” committed jihadists who traveled from Europe, the Middle East, and elsewhere, to join ISIS. Many of these individuals are hard-core terrorists, with the kinds of expertise – bomb-making, leadership and propaganda – that had made ISIS such a threat to the United States and our allies.
As the Kurds understandably shift their focus to defending themselves, their ability to securely detain these ISIS fighters will become increasingly uncertain. Already, press reports have indicated that senior U.S. officials say they have “no real idea” how many fighters may have already escaped, and how many more are likely to do so.
If the past is any indication, it was escaped al-Qaeda in Iraq (AQI) prisoners that formed the core of what became known as ISIS, contributing to the group’s eventual takeover of Mosul and much of northern Iraq. The subsequent influx of foreign fighters into Iraq and Syria increased the terrorist threat to the United States and Europe. If left unchecked, the escape of ISIS detainees in Syria could lead to similar counterterrorism setbacks.
Therefore, please provide to the Senate Select Committee on Intelligence an assessment of the impact the escape of ISIS detainees in SDF custody could have on the security of United States and our allies, including the detainees who have escaped and those still residing in SDF custody. In order to better inform the American public, the Congress, policymakers and America’s allies, this assessment should be unclassified to the extent possible, with a classified annex if needed. Please provide a response to this request by November 19, 2019.
Mark R. Warner
Susan M. Collins
United States Senator
CC: The Honorable Mark T. Esper, Secretary of Defense
Top Senate National Security Democrats Slam Trump for Trying to Pay for Border Wall with Defense Funds to help Deter Russian Aggression
Oct 25 2019
WASHINGTON – Senator Bob Menendez (D-N.J.), Ranking Member of the Senate Foreign Relations Committee, Senator Mark Warner (D-Va.), Ranking Member of the Senate Intelligence Committee, and Senator Jack Reed (D-R.I.), Ranking Member of the Senate Armed Services Committee, today sent a letter to President Trump fiercely opposing his plan to pay for his border wall using money meant to help our European allies deter Russian aggression. Nearly $1.3 billion, including $700 million designated by Congress for the European Defense Initiative (EDI), will be diverted from confronting one of our greatest national security challenges—all to fund a medieval vanity project that was supposed to be paid for by Mexico.
“In light of the Kremlin’s ongoing assault on our democracy and its malign actions in Ukraine, Syria, and Venezuela, U.S. national security requires our close cooperation with our NATO allies and maintaining a robust presence in Europe,” wrote the senators. “These cuts signal to the Kremlin that you do not view its interference in Europe as a serious concern and potentially serve as a green light for Moscow to expand their malign activities”
Diverting these funds from their original mission will impact critical military infrastructure projects in the countries most threatened by Russian aggression, and will cut more than half a billion dollars in funding for U.S.-operated facilities in Europe.
A copy of the letter can be found here and below:
Dear Mr. President:
We are writing to express deep concern about your decision to divert nearly $1.3 billion in U.S. funding away from critical national security projects in NATO countries, including funds specifically designated by Congress to deter Russian aggression and reassure our allies, in favor of your proposed border wall with Mexico. On numerous occasions you promised the American people that Mexico would pay for this wall. However, your administration’s diversion of funding from our core security interests and Secretary Esper’s statement that our NATO allies should pick up the tab, shows that the American people and our NATO allies, and not Mexico, are, in fact, paying. Your decision endangers our national security and signals to the Kremlin that the United States is not willing to stand up to its aggression.
In light of the Kremlin’s ongoing assault on our democracy and its malign actions in Ukraine, Syria, and Venezuela, U.S. national security requires our close cooperation with our NATO allies and maintaining a robust presence in Europe. Congress has strongly supported the European Deterrence Initiative (EDI) to bolster U.S. and NATO’s military preparedness in Europe in the face of the persistent Kremlin threat.
This diversion of $770 million in EDI funds, in particular, will impact critical projects such as a special operations training facility in Estonia, airfield upgrades in Slovakia, and ammunition storage in Poland. These cuts signal to the Kremlin that you do not view its interference in Europe as a serious concern and potentially serve as a green light for Moscow to expand their malign activities. Cutting EDI also again raises questions about the United States’ commitment to NATO and to Article Five, which has been repeatedly reaffirmed by Congress on a strong bipartisan basis. In addition to the EDI cut, your $1.3 billion cuts divert an additional $520 million from U.S.-operated facilities in Europe, that are vital to support the military families based there and to sustain our missions in the Middle East.
Instead of sending a signal that could be interpreted by Vladimir Putin as an invitation to further aggression in Europe, we strongly urge you to support U.S. national security interests and reverse this decision.
On Senate Floor, Warner, Klobuchar, Wyden Call for Immediate Consideration of Legislation to Stop Foreign Interference in our Elections
Oct 24 2019
WASHINGTON – Yesterday, just 377 days before the presidential election, Senators Mark Warner (D-VA), Amy Klobuchar (D-MN), and Ron Wyden (D-OR), asked for unanimous consent for the immediate consideration of legislation to stop foreign interference in our elections. Senator Warner spoke first and asked for the immediate consideration of the Foreign Influence Reporting in Elections (FIRE) Act (which is in the House SHIELD Act). Senator Klobuchar asked for the immediate consideration of the Stopping Harmful Interference in Elections for a Lasting Democracy (SHIELD) Act, which includes three Klobuchar provisions to secure U.S elections and passed the House yesterday. Senator Wyden asked for the immediate consideration of the Securing America's Federal Elections (SAFE) Act, legislation that passed the House of Representatives in June. Senator Marsha Blackburn (R-TN) objected to all three requests, preventing the Senate from immediately considering these important election security measures.
“Earlier this month, the Senate Intelligence Committee released its report on Russia’s use of social media to undermine our democracy. The committee’s bipartisan conclusion is clear: Russia attacked our democracy in 2016. Their efforts are ongoing, and they will be back in 2020,” said Warner, Vice Chairman of the Senate Select Committee on Intelligence. “The alarm bells are going off – and we are running out of time to do something about it. History will not look kindly on Republican leaders’ refusal to consider bipartisan election security legislation following Russia’s attack on our democracy.”
“The next major elections are just three hundred seventy seven days away,” said Klobuchar, Ranking Member of the Senate Rules Committee with jurisdiction over federal elections. “We must take action now to secure our elections. Fundamental to our democracy and our founding fathers was this simple idea that we would determine our fate in America. That we would not let foreign powers influence our elections. That is what this is about. It's about protecting our election hardware and infrastructure, but it is also about protecting us from disinformation campaigns.”
“Despite all of the ways foreign hackers have already made it into our election infrastructure, Congress has refused to arm state and county elections officials with the knowledge and funding they need to secure their systems,” said Wyden. “The SAFE Act has all three key elements recommended by our nation’s top cybersecurity experts: paper ballots, security standards, and post-election audits, as well as the funding necessary to make sure states can get the job done. I urge my Republican colleagues to reconsider their opposition to this vitally important legislation.”
In Senator Blackburn’s remarks she stated that the Senators were attempting to “circumvent going to the Rules Committee and trying to bring these bills to the floor,” despite the fact that multiple election security bills have been introduced since 2017 and have yet to be brought to the floor by Senate Republicans for an up or down vote. Last year, the Senate Rules Committee was scheduled to mark-up Ranking Member Klobuchar’s comprehensive election security legislation, and Republicans cancelled the markup the night before.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) said today that he was optimistic about the chances of passing bipartisan anti-money laundering legislation this Congress after the House voted yesterday to advance a bill that would curb illicit financial activities by requiring companies to disclose their true beneficial owners, and increasing information-sharing between law enforcement, financial institutions, and the Treasury Department.
Last month, Sen. Warner – along with Sens. Tom Cotton (R-AR), Doug Jones (D-AL), Mike Rounds (R-SD), Bob Menendez (D-NJ), John Kennedy (R-LA), Catherine Cortez Masto (D-NV), and Jerry Moran (R-KS) – introduced the Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings (ILLICIT CASH) Act, which would, for the first time, require shell companies – often used as fronts for criminal activity – to disclose their true owners to the U.S. Department of Treasury.
“Today’s House vote is an encouraging sign of progress on this important issue, and it demonstrates that there is widespread support in Congress for reforming our laws to combat money laundering, fight crime, and improve our national security,” said Sen. Warner following the House vote. “I appreciate the Treasury Department’s willingness to work with Congress on this matter, and am hopeful that the Senate will soon move forward on our bipartisan proposal to crack down on shell companies, while also prioritizing data security and protecting small businesses from unnecessary regulation.”
According to research from the University of Texas and Brigham Young University, the U.S. remains one of the easiest places in the world to set up an anonymous shell company. A recent report by Global Financial Integrity demonstrates that, in all 50 U.S. states, more information is required to obtain a library card than to register a company. Human traffickers, terrorist groups, arms dealers, transnational criminal organizations, kleptocrats, drug cartels, and rogue regimes have all used U.S.-registered shell companies to hide their identities and facilitate illicit activities. Meanwhile, U.S. intelligence and law enforcement agencies find it increasingly difficult to investigate these illicit financial networks without access to information about the beneficial ownership of corporate entities involved.
The ILLICIT CASH Act would crack down on anonymous shell companies by requiring these companies to disclose their true owners to the U.S. Department of Treasury. It would also update decades-old anti-money laundering (AML) and combating the financing of terrorism (CFT) policies by giving Treasury and law enforcement the tools they need to fight criminal networks. A section-by-section analysis of this bill is available here. A one-pager is available here. The full text of the bill is available here.
Following Trump Abandonment, Warner Introduces Bill to Provide Visas to Kurds Who Worked with U.S. Forces
Oct 17 2019
WASHINGTON – U.S. Sen. Mark R. Warner, Vice Chairman of the Senate Select Committee on Intelligence, today introduced the Syrian Allies Protection Act, which would make U.S. visas available to Kurdish Syrians who worked directly with the U.S. armed forces in Syria and whose lives may now be in danger after President Trump abruptly withdrew American troops from northern Syria and allowed a Turkish military operation to move forward against Kurdish fighters who have been integral partners in the fight against ISIS. Since the Turkish offensive began last week, the UN has received reports of executions and human rights abuses against Kurdish fighters and civilians, and at least 160,000 civilians have been displaced.
“America has always stood by her allies. It’s shameful that as a result of President Trump’s reckless actions in Syria, the lives of our Kurdish allies are now in danger,” said Sen. Warner. “Our friends should not pay the price for the President’s irresponsible decision. This bill would establish a program, like those Congress has already established for Iraqi and Afghan nationals, that would allow Kurdish Syrians who worked directly with American troops in the fight against ISIS to come to safety here in the U.S.”
Similar to congressionally-directed programs that made select Iraqi and Afghan nationals who worked as interpreters or in other vital military support positions eligible for special immigrant visas, the Syrian Allies Protection Act would protect those Kurds in Syria who worked most closely with the United States, usually as translators, and whose lives are now threatened not only by the ongoing Turkish incursion, but by potential retaliation by freed ISIS fighters, regime forces, and other foreign interests in Syria now that the protection of American forces has been removed. The legislation would provide permanent American residence to Syrian nationals who worked for the U.S. armed forces for at least six months, have obtained a favorable recommendation from a general or flag officer in the chain of command, and have passed a background check and screening.
The legislation would also direct the Secretary of Defense, in consultation with the Secretaries of State and Homeland Security, to develop and implement a framework to evacuate these eligible individuals to safety – either in the United States or a third country – while vetting takes place, if their lives are at risk remaining in Syria.
The text of the Syrian Allies Protection Act is available here.
WASHINGTON, D.C. – Today, Senate Select Committee on Intelligence Chairman Richard Burr (R-NC) and Vice Chairman Mark Warner (D-VA) released a new report titled, “Russia’s Use of Social Media.” It is the second volume released in the Committee’s bipartisan investigation into Russia’s attempts to interfere with the 2016 U.S. election.
The new report examines Russia’s efforts to use social media to sow societal discord and influence the outcome of the 2016 election, led by the Kremlin-backed Internet Research Agency (IRA). The analysis draws on data provided to the Committee by social media companies and input from a Technical Advisory Group comprising experts in social media network analysis, disinformation campaigns, and the technical analysis of complex data sets and images to discern the dissemination of disinformation across social media platforms.
Statement from Chairman Burr:
“Russia is waging an information warfare campaign against the U.S. that didn’t start and didn’t end with the 2016 election. Their goal is broader: to sow societal discord and erode public confidence in the machinery of government. By flooding social media with false reports, conspiracy theories, and trolls, and by exploiting existing divisions, Russia is trying to breed distrust of our democratic institutions and our fellow Americans. While Russia may have been the first to hone the modern disinformation tactics outlined in this report, other adversaries, including China, North Korea, and Iran, are following suit.
“Any solution has to balance America’s national security interests with our constitutionally-protected right to free speech. Social media companies, federal agencies, law enforcement, and Congress must work together to address these challenges, and I am grateful for the cooperation our Committee has gotten from both the Intelligence Community and the tech industry. My hope is that by continuing to shine a light on this issue, we will encourage more Americans to use social media responsibly, as discerning and informed consumers.”
Statement from Vice Chairman Warner:
“The bipartisan work that this Committee has done to uncover and detail the extent of that effort has significantly advanced the public’s understanding of how, in 2016, Russia took advantage of our openness and innovation, exploiting American-bred social media platforms to spread disinformation, divide the public, and undermine our democracy. Now, with the 2020 elections on the horizon, there’s no doubt that bad actors will continue to try to weaponize the scale and reach of social media platforms to erode public confidence and foster chaos. The Russian playbook is out in the open for other foreign and domestic adversaries to expand upon – and their techniques will only get more sophisticated.
“As was made clear in 2016, we cannot expect social media companies to take adequate precautions on their own. Congress must step up and establish guardrails to protect the integrity of our democracy. At minimum, we need to demand transparency around social media to prevent our adversaries from hiding in its shadows. We also need to give Americans more control over their data and how it’s used, and make sure that they know who’s really bankrolling the political ads coming across their screens. Additionally, we need to take measures to guarantee that companies are identifying inauthentic user accounts and pages, and appropriately handling defamatory or synthetic content. It’s our responsibility to listen to the warnings of our Intelligence Community and take steps to prevent future attacks from being waged on our own social media platforms.”
The Committee has held five open hearings on Russia’s use of social media, including a September 2018 open hearing with Facebook’s Chief Operating Officer Sheryl Sandberg and Twitter’s Chief Executive Officer Jack Dorsey. In December 2018, the Committee released two independent analyses of IRA activity, produced by New Knowledge and Graphika and the University of Oxford.
The Committee released the first volume of its Russia investigation in July 2019. You can read, “Volume I: Russian Efforts Against Election Infrastructure,” here.
You can read, “Volume II: Russia’s Use of Social Media,” here.
Key Findings and Recommendations:
- The Committee found that the IRA sought to influence the 2016 U.S. presidential election by harming Hillary Clinton’s chances of success and supporting Donald Trump at the direction of the Kremlin. The Committee found that IRA social media activity was overtly and almost invariably supportive of then-candidate Trump to the detriment of Secretary Clinton’s campaign.
- The Internet Research Agency’s (IRA) targeting of the 2016 U.S. election was part of a broader, sophisticated, and ongoing information warfare campaign designed to sow discord in American politics and society. While the IRA exploited election-related content, the majority of its operations focused on exacerbating existing tensions on socially divisive issues, including race, immigration, and Second Amendment rights.
- The Committee found the IRA targeted African-Americans more than any other group or demographic. Through individual posts, location targeting, Facebook pages, Instagram accounts, and Twitter trends, the IRA focused much of its efforts on stoking divisions around hot-button issues with racial undertones.
- The IRA engaged with unwitting Americans to further its reach beyond the digital realm and into real-world activities. For example, IRA operatives targeting African-Americans convinced individuals to sign petitions, share personal information, and teach self-defense courses. Posing as U.S. political activists, operatives sought help from the Trump Campaign to procure campaign materials and to organize and promote rallies.
- The Committee found IRA activity increased, rather than decreased, after Election Day 2016. Analysis of IRA-associated accounts shows a significant spike in activity after the election, increasing across Instagram (238 percent), Facebook (59 percent), Twitter (52 percent), and YouTube (84 percent). Researchers continue to uncover IRA-associated accounts that spread malicious content.
- The Committee recommends social media companies work to facilitate greater information sharing between the public and private sector. Because information warfare campaigns are waged across a variety of platforms, communication between individual companies, government authorities, and law enforcement is essential for fully assessing and responding to them. Additionally, social media companies do not consistently provide a notification or guidance to users who have been exposed to inauthentic accounts.
- The Committee recommends Congress consider ways to facilitate productive coordination and cooperation between social media companies and relevant government agencies. Congress should consider whether any existing laws may hinder cooperation and whether information sharing should be formalized. The Committee also recommends Congress consider legislation to ensure Americans know the source behind online political advertisements, similar to existing requirements for television, radio, and satellite ads.
- The Committee recommends the Executive Branch publicly reinforce the danger of attempted foreign interference in the 2020 election. The Executive Branch should establish an interagency task force to monitor foreign nations’ use of social media platforms for democratic interference and develop a deterrence framework. A public initiative to increase media literacy and a public service announcement (PSA) campaign could also help inform voters.
- The Committee recommends candidates, campaigns, and other public figures scrutinize sourcing before sharing or promoting new content within their social media network. All Americans should approach social media responsibly to prevent giving “greater reach to those who seek to do our country harm.” The Committee recommends that media organizations establish clear guidelines for using social media accounts as sources to prevent the spread of state-sponsored disinformation.
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), member of the Senate Select Committee on Intelligence, have expressed concern over the growing threat posed by deepfakes – sophisticated audio and video technologies that allow users to create fake audio and/or video files that falsely depict someone saying or doing something. In letters to 11 social media companies, including Facebook, Twitter, and YouTube, Sens. Warner and Rubio urged the platforms to develop industry standards for sharing, removing, archiving, and confronting the sharing of synthetic content as soon as possible, in light of foreign threats to the upcoming U.S. election. The letters also encouraged the platforms to develop clear policies to ensure their platforms are not exploited to spread disinformation or misinformation, including through authenticating media, labeling and archiving synthetic media content, and providing access to qualified outside researchers.
“As concerning as deepfakes and other multimedia manipulation techniques are for the subjects whose actions are falsely portrayed, deepfakes pose an especially grave threat to the public’s trust in the information it consumes; particularly images, and video and audio recordings posted online,” wrote the Senators. “If the public can no longer trust recorded events or images, it will have a corrosive impact on our democracy.”
“Despite numerous conversations, meetings, and public testimony acknowledging your responsibilities to the public, there has been limited progress in creating industry-wide standards on the pressing issue of deepfakes and synthetic media,” they continued. “Having a clear strategy and policy in place for authenticating media, and slowing the pace at which disinformation spreads, can help blunt some of these risks. Similarly, establishing clear policies for the labeling and archiving of synthetic media can aid digital media literacy efforts and assist researchers in tracking disinformation campaigns, particularly from foreign entities and governments seeking to undermine our democracy.”
Deepfake technologies allow users to superimpose existing images and videos onto unrelated images or videos, essentially giving users the ability to create false and defamatory content that can be easily spread on social media.
In their letters to Facebook, Twitter, YouTube, Reddit, LinkedIn, Tumblr, Snapchat, Imgur, TikTok, Pinterest, and Twitch, the Senators emphasized that more than two-thirds of Americans get their news from social media sites, and stressed that online media platforms must assume a heightened responsibility for safeguarding public confidence. They also posed the following series of questions about each company’s ability to prevent, detect, and address deepfakes and other synthetic media:
- What is your company’s current policy regarding whether users can post intentionally misleading, synthetic or fabricated media?
- Does your company currently have the technical ability to detect intentionally misleading or fabricated media, such as deepfakes? If so, how do you archive this problematic content for better re-identification in the future?
- Will your company make available archived fabricated media to qualified outside researchers working to develop new methods of tracking and identifying such content? If so, what partnerships does your company currently have in place? Will your company maintain a separate, publicly accessible archive for this content?
- If the victim of a possible deepfake informs you that a recording is intentionally misleading or fabricated, how will your company adjudicate those claims or notify other potential victims?
- If your company determines that a media file hosted by your company is intentionally misleading or fabricated, how will you make clear to users that you have either removed or replaced that problematic content?
- Given that deepfakes may attract views that could drive algorithmic promotion, how will your company and its algorithms respond to, and downplay, deepfakes posted on your platform?
- What is your company’s policy for dealing with the posting and promotion of media content that is wholly fabricated, such as untrue articles posing as real news, in an effort to mislead the public?
Statement of Senate Intel Vice Chair Mark R. Warner on Protecting Intelligence Community Whistleblowers
Oct 01 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement:
“It is deeply disturbing that the president went on national television and told the American people that he’s trying to find out the whistleblower’s identity. The president’s comments about ‘spies and treason’ and ‘what we used to do in the old days’ are downright dangerous and will do serious damage to our national security long after this news cycle is over. That kind of rhetoric can only serve one purpose: intimidation of this whistleblower and anyone else within the intelligence community who is considering stepping forward to report wrongdoing.
“It is incumbent upon the Acting Director of National Intelligence and other intelligence leaders to publicly pledge that they will protect and stand by this whistleblower, and any other individual within the intelligence community who steps forward to lawfully report illegal or unethical behavior within the federal government, anonymously or otherwise.”
Senators Introduce Legislation to Improve Corporate Transparency and Combat Money Laundering, Terrorist Financing
Sep 26 2019
WASHINGTON – Senate Banking Committee members, U.S. Sens. Mark R. Warner (D-VA), Tom Cotton (R-AR), Doug Jones (D-AL), Mike Rounds (R-SD), Bob Menendez (D-NJ), and John Kennedy (R-LA), Catherine Cortez Masto (D-NV), and Jerry Moran (R-KS) today introduced bipartisan legislation to improve corporate transparency, strengthen national security, and help law enforcement combat illicit financial activity being carried out by terrorists, drug and human traffickers, and other criminals.
The Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activity in Shell Holdings (ILLICIT CASH) Act would, for the first time, require shell companies – often used as fronts for criminal activity – to disclose their true owners to the U.S. Department of Treasury. It would also update decades-old anti-money laundering (AML) and combating the financing of terrorism (CFT) policies, by giving Treasury and law enforcement the tools they need to fight criminal networks. This includes improving overall communication between law enforcement, financial institutions, and regulators, and facilitating the adoption of critical 21st century technologies.
“Transparency is the best weapon we have against the misuse of our financial system by those who would harm the United States and our allies,” said Sen. Warner. “As bad actors use ever more sophisticated techniques, we need to make sure federal agencies have the tools they need to prevent this abuse of our financial system and protect our national security. That starts with making sure we have a full usable record of who actually owns these shell companies.”
“Right now, criminals and terrorists are exploiting our financial system using shell companies that hide their identities. This legislation will allow law enforcement to track ill-gotten gains while at the same time protecting small businesses from unnecessary regulation. I’m proud that we’ve delivered a product that respects the needs of Arkansas small businesses, from startups to steel companies,” said Sen. Cotton.
“It is simply too easy in the United States for criminals to hide behind anonymous shell companies. Our bipartisan bill gives the American law enforcement and national security officials the tools they need to fight back against the criminals that seek to exploit our financial system and fund their illegal activities,” said Sen. Jones.
“Our legislation protects Americans by depriving criminals and terrorists of tools they use to finance illicit activity. Developed through months of hard work and consensus-building, the ILLICIT CASH Act gives the Treasury Department and law enforcement the tools they need to combat illegal financial activity without burdening legitimate businesses. I look forward to continuing to work with my colleagues to advance this important issue – the first serious overhaul of our anti-money laundering system in decades,” said Sen. Rounds.
“It’s still far too easy for rogue regimes, corrupt oligarchs, human traffickers and drug cartels to use American shell companies to launder money through the United States,” said Sen. Menendez. “Our bill gives our national security and law enforcement professionals new tools to make sure our financial system can no longer be a safe haven for illegal actors.”
“Transparency is a powerful tool to use against criminal activity because it makes it impossible to hide. Criminals know it’s easier to set up a shell company than it is to get a library card in the U.S. This bill will help dismantle criminal networks by ensuring that we know who truly owns shell companies,” said Sen. Kennedy.
“From money laundering to funding terrorism and sex trafficking, it’s outrageous that in the United States it is still incredibly easy for criminals to set up shell companies to hide their illicit financial activity,” said Sen. Cortez Masto. “I’m proud to cosponsor comprehensive legislation that gives the Treasury Department and law enforcement the modern-day tools they need to track down these criminals, prevent abuse of our financial system and keep Americans safe.”
According to research from the University of Texas and Brigham Young University, the U.S. remains one of the easiest places in the world to set up an anonymous shell company. A recent report by Global Financial Integrity demonstrates that, in all 50 U.S. states, more information is currently required to obtain a library card than to register a company. Human traffickers, terrorist groups, arms dealers, transnational criminal organizations, kleptocrats, drug cartels, and rogue regimes have all used U.S.-registered shell companies to hide their identities and facilitate illicit activities. Meanwhile, U.S. intelligence and law enforcement agencies find it increasingly difficult to investigate these illicit financial networks without access to information about the beneficial ownership of corporate entities involved.
At the same time, U.S. AML-CFT laws have not kept pace with the growing exploitation of the global financial system to facilitate criminal activity. According to a United Nations Report, money laundering activity and illicit cross-border financial flows have generated upwards of $300 billion annually in criminal proceeds. While tracking these growing sums is increasingly difficult, U.S. laws have also failed to adequately address the small dollar financing of global terrorist groups.
“Our own research and data have shown that the criminals behind trafficking operations use secrecy to hide both their identity and the proceeds of their crimes. Secrecy allows them to profit with impunity. By ending the ability of traffickers and others to use anonymous companies, the ILLICIT CASH Act will, for the first time, provide critical information to the police and prosecutors with whom we work to follow the money. We applaud the bill sponsors for working across party lines to take these effective steps to address the deep, lasting and unimaginable harms caused by human trafficking,” said Bradley Myles, CEO, Polaris.
“As end users of evidence collected throughout the investigative process, it is imperative that prosecutors have as much information as possible in order to determine the best course of action for prosecuting an individual or entity that has committed a crime. Beneficial ownership data collection is vital to this effort, and law enforcement and prosecutors must have lawful access to that information. NDAA is excited to support the Illicit Cash Act and looks forward to working with Senators Warner, Jones, Cotton, Rounds, Kennedy, Menendez, Cortez Masto & Moran in moving this legislation through Congress,” said Nelson Bunn, Executive Director, National District Attorneys Association.
“We appreciate Senators Warner, Cotton, Jones, Rounds, Menendez, Kennedy, Cortez Masto and Moran’s hard work in building additional bipartisan support and pushing this legislation forward. Their legislation would both modernize our antiquated AML regime and help law enforcement and national security officials by closing the anonymous shell company loophole exploited by human traffickers, drug smugglers, and terrorists,” said Greg Baer, President and CEO, Bank Policy Institute.
“The ease with which bad actors can hide illicit cash in the U.S. undermines our national security, props up rogue leaders and renegade regimes, and destroys lives — both here and abroad. The ILLICIT CASH Act is a direct and effective response to the dangers and devastation that result from the lack of safeguards to protect our financial system from abuse,” said Gary Kalman, Executive Director, Financial Accountability and Corporate Transparency (FACT) Coalition.
“When we are able to expose the link between shell companies and drug trafficking, corruption, organized crime and terrorist finance, law enforcement will be able to bring these criminals to justice and make our citizens and our nation safer. This legislation will help law enforcement by removing the mask that hides these illicit actors,” said Pat Yoes, President, Fraternal Order of Police.
Given the critical importance of cracking down on criminal shell companies and the need to combat money laundering and terrorism, the ILLICIT CASH Act envisions a more transparent corporate ownership system and an updated, effective and efficient AML-CFT regime designed for the 21st century. Specifically, this legislation would:
- Establish federal reporting requirements mandating that all beneficial ownership information be maintained in a comprehensive federal database, with strict privacy protections, accessible by federal and local law enforcement.
- Help recruit and retain top talent at the Financial Crimes Enforcement Network (FinCEN) by putting employees on a pay scale comparable to that of federal financial regulators.
- Create a hub of financial expert investigators at FinCEN to investigate potential AML-CFT activity in collaboration with federal government agencies.
- Facilitate communications between the Treasury and financial institutions by establishing a Treasury financial institution liaison to seek and receive comments regarding AML-CFT rules, regulations, and examinations.
- Require the Department of Justice (DOJ) to provide the Treasury Department with metrics on the usefulness of AML-CFT data from financial institutions for law enforcement purposes, as well as data on the past and current trends identified by DOJ in the AML-CFT landscape.
- Require law enforcement to coordinate with financial regulators to provide periodic feedback to financial institutions on their suspicious activity reports.
- Prioritize the protection of personally identifying information while establishing a clear path for financial institutions to share AML-CFT information for the purposes of identifying suspicious activity.
- Prevent foreign banks from obstructing money laundering or terrorist financing investigations by requiring these banks to produce records in a manner that establishes their authenticity and reliability for evidentiary purposes, and compelling them to comply with subpoenas. This legislation would also authorize contempt sanctions for banks that fail to comply and increase penalties on repeat BSA violators.
- Ensure the inclusion of current and future payment systems in the AML-CFT regime by updating the definition of “coins and currency” to include digital currency.
Sep 18 2019
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement regarding the situation in the Middle East:
“Iran’s apparent attack on Saudi oil facilities represents a dangerous escalation by Iran. It is also a consequence of the Administration’s efforts to push Iran’s government into a corner where it has little to lose.
“Iranian violence cannot be rewarded and the U.S. must respond to attacks on our interests, but this Administration’s inconsistent and erratic policies are not making us safer. It is increasingly apparent that on Iran, the President has little credibility, few allies, and no plan.
“The U.S. must work with our European allies and regional partners to decrease the risk of violence from terrorism and Iranian proxies while ensuring that we do not launch ourselves into a disastrous Middle East war that would be catastrophic for our allies, the global economy and our young men and women in uniform. Doubling down on a failing strategy will get us nowhere.”
Warner Presses State Department on Plan for Protecting Health & Safety of Bomb-Sniffing Dogs Sent to Partner Countries
Sep 17 2019
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, wrote to the U.S. Department of State to follow up on an Inspector General (IG) report that found the Department sent highly-trained bomb-sniffing dogs to foreign partner nations without proper follow-up to ensure they were receiving adequate healthcare. The IG found that as a result, at least 10 dogs trained to assist in fighting terrorism died in the Kingdom of Jordan from various medical problems, including largely preventable illnesses such as parvovirus and heat exhaustion. Many of the dogs were trained at a State Department-contracted facility located in Winchester, Va.
“The IG report outlined a series of problems in the program, which led to the premature deaths of many dogs due to preventable illness, lack of veterinary care, and poor working conditions. Overall, the report makes clear the Department of State is not adequately monitoring and protecting the canines it provides to these countries,” wrote Sen. Warner, a dog owner.
The State Department’s antiterrorism assistance program provides Explosive Detection Canines (EDCs) to foreign countries to support local law enforcement in deterring and countering terrorism. The program is primarily implemented by the Bureau of Diplomatic Security’s Office of Antiterrorism Assistance, in partnership with the Bureau of Counterterrorism. Although the State Department previously relied on the Bureau of Alcohol, Tobacco, and Firearms to provide and train the bomb-sniffing dogs, in 2016, the State Department established its own canine training center, the Canine Validation Center (CVC) in Winchester, Va., which is responsible for procuring dogs, training foreign students as handlers, and conducting assessments to determine a country’s ability to care for the dogs and operate a canine program. In addition, the CVC is responsible for conducting health and welfare assessments in foreign countries.
As of September 2018, 100 dogs had been trained at the CVC and provided under the antiterrorism program to six partner nations. In addition, the State Department retains responsibility for approximately 70 dogs that had previously been trained and provided under the ATF program to seven countries.
The IG report found several deficiencies in the program, including:
- The Bureau of Counterterrorism and the Bureau of Diplomatic Security “do not have mechanisms in place to ensure effective management of the health and welfare of canines in the EDC program” including an absence of policies, procedures, written standards for the department, or written agreements with partner nations to ensure the dogs’ health and safety.
- The Department does not sufficiently monitor the trained canines that are provided to partner nations, including through follow-up visits and agreements that outline standards.
- The treatment and care of the dogs in Jordan, where the majority of the dogs are sent, is of particular concern. Despite longstanding concern over the treatment and care of the dogs in Jordan’s care, at least 100 EDCs have been sent to Jordan since 2008. From 2008 through 2016, at least ten dogs died as a result of medical conditions.
The report found multiple instances of dogs that had been severely mistreated in Jordan, including Zoe, a 2-year-old female Belgian Malinois that died of heatstroke; Mencey, a 3-year-old male Belgian Malinois that was euthanized after she contracted two diseases spread by sandflies and ticks; and Athena, a 2-year-old female Malinois who made a full recovery in the United States after a State Department veterinary team conducted a site visit in Jordan and found her “severely emaciated” and housed in a kennel that was “covered in dirt and feces,” according to the IG. While the IG advised that the State Department cease providing canines to Jordan until “there is a sustainability plan in place to ensure canine health and welfare,” the State Department has not yet agreed to that recommendation.
“The Department spends millions of taxpayer dollars in order to train the canines, provide appropriate veterinary care, and embed mentors in partner nations, among other expenses associated with the program. Yet once the dogs are deployed, many face mistreatment, malnutrition and unsafe facilities,” Sen. Warner wrote today. “I ask that you provide my office with a plan for how you will improve this program to protect taxpayer resources and ensure the safety and health of these highly-trained bomb-detection dogs.”
The full text of the letter is below, and a PDF is available here.
September 17, 2019
The Honorable Mike Pompeo
Secretary of State
U.S. Department of State
2201 C Street NW
Washington, DC 20520
Dear Secretary Pompeo:
I am writing to express my concern over a recent State Department Office of Inspector General report, which documented the failure of the Department to protect highly skilled explosion-detection dogs trained by the U.S. government and deployed to Jordan, an important U.S. counterterrorism partner, and additional countries.
Earlier this month, the Inspector General for the State Department released a report entitled, “Evaluation of the Antiterrorism Assistance Explosive Detection Canine Program – Health and Welfare,” which evaluated the Department’s program to provide Explosive Detection Canines (EDCs) to foreign countries for counterterrorism purposes. Many of these dogs were trained in the Canine Validation Center (CVC) in Winchester, Virginia. As of September 30, 2018, the CVC had trained 100 dogs, which were sent to six foreign partner nations. In addition, 66-89 dogs trained by a pre-existing program run by the Bureau of Alcohol, Tobacco, and Firearms (ATF) were still active in seven partner nations.
The IG report outlined a series of problems in the program, which led to the premature deaths of many dogs due to preventable illness, lack of veterinary care, and poor working conditions. Overall, the report makes clear the Department of State is not adequately monitoring and protecting the canines it provides to these countries. Some specific findings from their investigation include the following:
- The Bureau of Counterterrorism and the Bureau of Diplomatic Security “do not have mechanisms in place to ensure effective management of the health and welfare of canines in the EDC program” including an absence of policies, procedures, written standards for the Department, or written agreements with partner nations to ensure the dogs’ health and safety.
- The treatment and care of the dogs in Jordan, where the majority of the dogs are sent, is of particular concern.
- Despite longstanding concern over the treatment and care of the dogs in Jordan’s care, at least 100 EDCs have been sent to Jordan since 2008. From 2008 through 2016, at least 10 dogs died as a result of medical conditions including canine parvovirus and heat exhaustion.
- The Department does not sufficiently monitor the trained canines that are provided to partner nations, including through follow-up visits and agreements that outline standards.
The Department spends millions of taxpayer dollars in order to train the canines, provide appropriate veterinary care, and embed mentors in partner nations, among other expenses associated with the program. Yet once the dogs are deployed, many face mistreatment, malnutrition and unsafe facilities.
I ask that you provide my office with a plan for how you will improve this program to protect taxpayer resources and ensure the safety and health of these highly-trained bomb-detection dogs. Should you have any questions, please contact Caroline Wadhams in my office at (202) 224-2023.
Warner Raises Questions about Cybersecurity Practices Amid Breaches Involving Sensitive Biometric Data
Sep 16 2019
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and former tech entrepreneur, wrote to U.S. Customs and Border Protection (CBP) and South Korean company Suprema HQ, following separate but alarming incidents that impacted both entities and exposed Americans’ personal, permanently identifiable data. In a letter to CBP, Sen. Warner inquired about the information security practices of CBP contractors, in light of a June cyberattack that resulted in the theft of tens of thousands of facial images belonging to U.S. travelers. In a separate letter, Sen. Warner requested more information from Suprema HQ, the company that owns web-based biometric lock system, Biostar 2, which experienced a cyber incident in August, resulting in the exposure of permanently identifiable biometric data belonging to at least one million people worldwide.
“While all of the stolen information was sensitive and required protection, facial image data is especially sensitive, since such permanent personal information cannot be replaced like a password or a license plate number,” wrote Sen. Warner to Acting CBP Commissioner Mark Morgan. “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and processing biometric data. Americans deserve to have their sensitive information secured, regardless of whether it is being handled by a first or a third-party.”
In June, CBP announced the theft of at least 100,000 traveler ID photos from a CBP subcontractor that had improperly transferred copies of these photos from CBP servers to its own company database. In addition to facial images, the cyberattack resulted in the theft of several gigabytes of data, including license plate photos, confidential agreements, hardware blueprints for security systems, and budget spreadsheets.
In the letter to CBP, Sen. Warner expressed alarm regarding the failure of federal agencies to ensure that Americans’ sensitive information is safe in the hands of contractors. He also asked CBP to provide timely answers to a series of questions regarding the information security practices of CBP contractors and subcontractors. Among these questions, Sen. Warner requested details on CBP’s third-party contractual requirements concerning database encryption, biometric data management, vulnerability management, logging data retention, and identity and access management, among other security measures.
Similarly, in his letter to Suprema HQ, Sen. Warner raised concerns about the Biostar 2 incident, which exposed permanently identifiable biometric data, including user photos.
“Unlike passwords, email addresses and phone numbers, biometric information in voices, fingerprints, and eyes are unique data that are impossible to reset. Biometric data can be used effectively for unauthorized surveillance and access to secure facilities, to steal identities, and is even valuable in developing deepfake technologies,” wrote Sen. Warner to Suprema HQ CEO James Lee. “It is my understanding that your customers use your biometric security system to provide access to secure facilities, and that the product has also been integrated into Nedap’s AEOS access control systems, which are used by at least 5,700 organizations in 83 countries, including banks and foreign law enforcement entities. Given the sensitivity of this information, it is absolutely critical that companies like yours exercise exceptional due care when collecting and securing biometric information, and when contracting with customers that collect permanent personal information.”
The Biostar 2 breach resulted in the online exposure of more than one million fingerprint records, in addition to user images, personal details, usernames and passwords, and employee security clearances. The breach also revealed that large portions of the Biostar 2 database were unprotected and unencrypted. In the letter, Sen. Warner asked Suprema HQ to list which U.S. businesses are served by the company. He also requested more information on the company’s practices regarding server security, biometric data storage security, and database encryption.
Sen. Warner has been a champion for cybersecurity throughout his career, and has been an outspoken critic of poor cybersecurity practices that compromise Americans’ personal information. In May, Sen. Warner introduced bold legislation to hold credit reporting agencies accountable for data breaches. He also introduced legislation earlier this year to empower state and local government to counter cyberattacks, and to increase cybersecurity among public companies.
Senate Democrats Urge President Trump To Push For Action Against North Korea For Violation Of U.N. Security Resolutions And To Redouble Efforts To Build Pragmatic Path To Verifiable Denuclearization
Sep 05 2019
WASHINGTON – U.S. Senate Democratic Leader Chuck Schumer (D-NY), U.S. Senate Committee on Foreign Relations Ranking Member Bob Menendez (D-NJ), U.S. Senate Democratic Whip Dick Durbin (D-IL), U.S. Senate Committee on Appropriations Ranking Member Patrick Leahy (D-VT), U.S. Senate Committee on the Judiciary Ranking Member Dianne Feinstein (D-CA), U.S. Senate Committee on Banking, Housing, and Urban Affairs Ranking Member Sherrod Brown (D-OH), U.S. Senate Committee on Armed Services Ranking Member Jack Reed (D-RI), and U.S. Senate Select Committee on Intelligence Vice Chairman Mark Warner (D-VA) yesterday sent a letter to President Donald Trump urging the president to intensify efforts to build a durable pathway towards diplomatic denuclearization of North Korea, and more specifically, to recognize that North Korea’s series of ballistic missile tests clearly violate United Nations Security Council resolutions and are being used to advance their operational capabilities to deliver nuclear weapons. The Senators urge President Trump to push the United Nations to take enforcement action against North Korea for its violations of U.N. Security Council resolutions.
Senate Democrats note that the administration has downplayed the significance of North Korea’s series of ballistic missile tests and suggested that there is no rush to reach an agreement that freezes and reverses North Korea’s nuclear and missile development, despite these clear violations of United Nations Security Council resolutions and direct threats to our allies, and recent reporting and analysis that indicate these violations are akin to a research, development and testing program that are furthering North Korea’s nuclear and missile program.
The Senators emphasize that finding a path to engagement with North Korea that minimizes, and subsequently eliminates, its nuclear and ballistic missile threat while providing stability and preserving our strategic edge in the region, is vital. They urge the president to pursue a more pragmatic, verifiable approach to pursue denuclearization on the Korean peninsula and to take advantage of the upcoming United Nations General Assembly session to push for strong enforcement of existing sanctions and accountability for North Korea’s on-going ballistic missile activities at the Security Council, while also seeking to establish the regular working-level negotiations necessary for diplomacy to succeed.
Senate Democrats’ letter to President Trump can be found here and below:
September 5, 2019
President Donald Trump
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500
Dear President Trump,
We write to express our grave concern regarding your policy and diplomacy with North Korea and to urge you to redouble efforts to forge a successful and durable path towards denuclearization of North Korea – by diplomatic means – while the opportunity still exists. Specifically, we urge you to recognize that North Korea’s series of ballistic missile tests clearly contravene United Nations Security Council resolutions and are being used to advance their operational capabilities to deliver nuclear weapons, and to press the United Nations to take enforcement action against North Korea for its violations of U.N. Security Council resolutions. While these tests did not directly threaten the United States, they are a clear threat to our treaty allies in the Republic of Korea and Japan, and they have allowed North Korea to continue to develop significant new ballistic missile technology alongside its still unconstrained nuclear weapons programs.
Despite these clear violations of United Nations Security Council resolutions – and direct threats to our allies – your administration has downplayed the significance of these tests and suggested that there is no rush to reach an agreement that verifiably freezes and reverses North Korea’s nuclear and missile development. Accepting North Korean ballistic missile tests represents, in our view, a significant step backwards in the negotiations, especially as you yourself have previously asserted that North Korea halting all ballistic missile tests and nuclear tests was a sign of your administration’s success.
Moreover, by repeatedly calling into question the importance of our alliances and combined military exercises, you threaten to undermine strategic stability on the Korean Peninsula. Our alliance architecture is critical to safeguard US national interests, and these exercises are a critical element of US strategic engagement on the Peninsula, a guarantee of the freedom and prosperity of the people of the Republic of Korea, and a vital element of any coherent strategy to assure that the United States maintains leverage for successful denuclearization diplomacy. Threatening to unravel the integrity of our alliance architecture in Asia makes us less capable of dealing with North Korea, not more.
Mr. President, we must find a path to engagement with North Korea that minimizes, and subsequently eliminates, its nuclear and ballistic missile threat while providing stability and preserving our strategic edge in the region. Your success in this endeavor is vital for our national security interests, and we want to support your administration in the execution of a coherent, durable and sustainable strategy.
As a first step to rebalance our denuclearization diplomacy with North Korea we urge you to undertake a more pragmatic, verifiable approach to pursue denuclearization on the Korean peninsula. We also urge you to take advantage of the upcoming United Nations General Assembly session to simultaneously push for strong enforcement of existing sanctions and accountability for North Korea’s on-going ballistic missile activities at the Security Council while also seeking to establish the sort of regular working-level negotiations necessary for diplomacy to succeed. A pathway for progress and successful diplomacy with North Korea that balances pressure and engagement in the right measure is still possible, and we urge you and your administration to take immediate and meaningful action.
Sep 04 2019
WASHINGTON, D.C. – Today, U.S. Senators Mark R. Warner and Tim Kaine condemned the Trump Administration’s plans to build portions of President Trump’s border wall by diverting $3.6 billion in military construction funds, including by taking funding from four projects in Virginia:
“The decision by the President to divert funding meant to support U.S. national security interests so that he can build a border wall only makes us less safe,” said Warner. “Taking money away from our military – including funding to support critical projects here in Virginia – will mean we are less equipped to tackle threats here at home and abroad.”
“I’m deeply concerned about President Trump’s plan to pull funding from critical national security projects – including millions of dollars from important projects in Virginia – so he can build his border wall. The well-being of American troops is the core responsibility of every commander in the military, yet the Commander-in-Chief is shirking that duty so he can advance his own political agenda,” said Kaine.
The Department of Defense informed Warner and Kaine that the Trump Administration plans to take the following funding away from military construction projects in Virginia:
- Cyber Operations Facility at Joint Base Langley-Eustis will lose $10,000,000.
- Navy Ships Maintenance Facility in Portsmouth will lose $26,120,000.
- A project to replace a hazardous materials warehouse in Norfolk will lose $18,500,000.
- A project to replace a hazardous materials warehouse in Portsmouth will lose $22,500,000.
Warner and Kaine have been outspoken against President Trump’s plan to pull money from military construction projects to build his border wall since it was initially announced earlier this year. Kaine has demanded details on the projects that will lose funding and called on his colleagues in the Senate to oppose the Administration’s efforts.
WASHINGTON – U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) released the following statement after China announced that it will instate additional retaliatory tariffs starting September 1 in response to President Trump’s plans to impose additional levies on Chinese goods:
“Time and time again, we have warned President Trump against escalating a trade war with China. Trade wars yield no winners and hurt consumers and producers all over the Commonwealth, especially the farmers and small business owners who count on Chinese demand for products grown in Virginia. We’re even seeing devastating second-order effects of this trade war, with the possibility that fires in the Amazon are being deliberately set to clear land for soybean exports to China. While the U.S. must absolutely crack down on China for its illegal trade practices, we can’t afford to do so in an incoherent and erratic way. Today’s announcement shows once again that the Trump Administration’s bizarre trade policies destabilize the economy, put the livelihoods of many Americans at risk, undermine global stability, and fundamentally fail to hold China accountable for its unfair practices.”
According to an announcement by the Chinese finance ministry, China’s tariffs will range from five to ten percent on items such as agricultural products, apparel, chemicals, and textiles, in addition to a 25 percent tariff on automobiles and a five percent tariff on automobile parts. These levies are scheduled to take effect on September 1 and December 15, matching the dates of the President’s most recent tariffs.
Sens. Warner and Kaine have continuously warned the Trump Administration about how its haphazard approach on trade hurts Virginia’s families, businesses, and economy. According to the Virginia Department of Agriculture and Consumer Services (VDACS), China is the Commonwealth’s number-one agricultural export market for soybeans. In 2018, Virginia exported more than $58 million soybean products to China – an 83 percent decrease from 2017.
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, sent a letter to Secretary of Defense Mark Esper following a report that the Department of Defense (DoD) will reexamine the process for awarding a $10 billion Joint Enterprise Defense Infrastructure (JEDI) cloud-computing contract.
“The integrity of our federal procurement process rests in large part on its insulation from undue political influence, so that sound technical and business judgements can be used to make data- and evidence-based decisions. The importance of political noninterference is especially important in the context of Department of Defense procurements, where procurement decisions must focus on cost, quality, performance and other considerations directly related to promoting our national security in an increasingly complex global environment,” wrote Sens. Warner and Reed to DoD Secretary Mark Esper.
In their letter to the DoD, the Senators inquired about the possibility that political pressure may have led to DoD’s abrupt decision to pause the process for awarding the contract. Additionally, the Senators called on Secretary Esper to explain the reasoning behind DoD’s decision to reexamine the contract.
“Successful procurement programs foster an open, fair, and competitive process, and are informed by technical and acquisition expertise and an understanding of the planned operational environment. The federal government benefits from being served by a variety of providers, ensuring competition that will deliver the best cost, quality, and performance. There are already built-in mechanisms for independent review of potential conflicts of interest– some of which have already been used in the JEDI initiative,” the Senators continued. “We appreciate your desire to review this initiative as you take on your new role as Secretary, but we urge you to resist political pressures that might negatively affect the implementation of sound acquisition practices and of the cloud strategy.”
A copy of the letter is found here and below.
Dr. Mark T. Esper
Secretary of Defense
U.S. Department of Defense
1000 Defense Pentagon
Washington, D.C. 20301
Dear Secretary Esper:
We urge you to take appropriate steps to ensure that the ongoing Department of Defense initiative to a contract for commercial cloud computing services through the Joint Enterprise Defense Infrastructure (JEDI) program, is pursued in a manner that is consistent with the Department’s cloud strategy and serves the best interests of taxpayers and execution of DoD missions.
The integrity of our federal procurement process rests in large part on its insulation from undue political influence, so that sound technical and business judgements can be used to make data- and evidence-based decisions. The importance of political noninterference is especially important in the context of Department of Defense procurements, where procurement decisions must focus on cost, quality, performance and other considerations directly related to protecting our national security in an increasingly complex global environment. In particular, efficiently executing DOD’s cloud strategy, which emphasizes the appropriate evaluation and use of best available commercial services and systems, is extremely important to meeting the goals of the National Defense Strategy.
Successful procurement programs foster an open, fair, and competitive process, and are informed by technical and acquisition expertise and an understanding of the planned operational environment. The federal government benefits from being served by a variety of providers, ensuring competition that will deliver the best cost, quality, and performance. There are already built-in mechanisms for independent review of potential conflicts of interest– some of which have already been used in the JEDI initiative.
It is our understanding that the Department of Defense’s Chief Information Officer is moving towards concluding the competition for the JEDI contract, and appreciate his efforts to keep Congress informed during a lengthy process of protests by competitors and in the development and execution of a very complex and ambitious acquisition plan. We appreciate your desire to review this initiative as you take on your new role as Secretary, but we urge you to resist political pressures that might negatively affect the implementation of sound acquisition practices and of the cloud strategy.
For these reasons, we request that you respond to the following questions:
Did anyone outside of the Department of Defense direct you to delay or cancel the JEDI program or the award of this contract?
Has the Department of Defense obtained new information relative to the program that was not available to the Inspector General, Government Accountability Office, or U.S. Federal Court of Claims?
What prompted the new examination of the JEDI initiative?
We look forward to receiving your responses within the next week. If you should have any questions or concerns, please contact Caroline Wadhams in Senator Warner’s office at 202-224-2418 and Arun Seraphin in Senator Reed’s office at 202-224-3871.
WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, Dianne Feinstein (D-CA), Ranking Member of the Senate Committee on the Judiciary, Bob Menendez (D-NJ), Ranking Member of the Senate Committee on Foreign Relations, and Jack Reed (D-RI), Ranking Member of the Senate Committee on Armed Services, wrote to President Trump to request that he direct a review of the Executive Office of the President’s (EOP) compliance with security clearance policies and procedures after several alarming media reports suggesting abuses in the process at the White House.
“Over the last two years, public reporting has raised serious concerns about irregularities and questionable decisions related to eligibility determinations for EOP personnel access to classified information. Among other things, reports allege that individuals have been granted interim clearances, to include access to Secure Compartmented Information, without undergoing a complete background investigation; that the EOP has extended these temporary clearances beyond the usual six month timeframe; that the EOP has overruled unfavorable adjudication recommendations by career security professionals in more than 30 cases; and that the EOP has threatened to revoke former officials’ eligibility for access to classified information for reasons other than the adjudicative guidelines,” the Senators wrote.
The Democratic request follows an earlier letter sent in March 2019 to the Director of National Intelligence (DNI) and the Inspector General of the Intelligence Community (ICIG), requesting a review of the Trump administration’s compliance with security clearance protocols. In a pair of responses four months later, the DNI and the ICIG told the Senators that, despite having conducted such a review of the EOP’s practices in 2015, the DNI lacks the authority to conduct such a review unless expressly directed by the President.
According to press reports, President Trump ignored objections from then-White House Counsel Donald McGahn and then-Chief of Staff John F. Kelly to grant security clearances to his daughter, Ivanka Trump, and her husband Jared Kushner. Additional reports have alleged that former White House Staff Secretary Robert Porter was allowed to handle extremely sensitive information for over a year with an interim clearance, despite his record of domestic abuse, and that the White House overturned at least 30 clearance adjudication recommendations made by career security professionals.
“We believe a new review is necessary to address the allegations that have been raised and, if necessary, implement corrective action. Without such a review, it will be incumbent upon Congress to take a more direct role in overseeing and legislating on EOP security clearances to protect national security,” the Senators told the President.
Sen. Warner has been an outspoken critic of the Trump administration’s abuse of the security clearance process. He believes it significantly distracts from the shared agenda that he has with the administration to reform an antiquated process that does not reflect today’s threats, use advanced technologies and analytics, or support an increasingly mobile workforce. He has championed comprehensive legislation, included in the Senate-passed National Defense Authorization Act for Fiscal Year 2020, to modernize the government’s security clearance system and reduce the background investigation backlog. He has also teamed up with Sen. Susan Collins (R-ME) to introduce bipartisan legislation to protect the integrity of the security clearance process and ensure that it cannot be abused for political purposes.
Full text of the letter is below and a copy can be found here.
President Donald Trump
The White House
Washington, DC 20500
Dear Mr. President:
We request that you direct the Director of National Intelligence (DNI) perform a Security Executive Agent National Assessment Program (SNAP) review of the Executive Office of the President’s (EOP) compliance with security clearance policies and procedures.
Over the last two years, public reporting has raised serious concerns about irregularities and questionable decisions related to eligibility determinations for EOP personnel access to classified information. Among other things, reports allege that individuals have been granted interim clearances, to include access to Secure Compartmented Information, without undergoing a complete background investigation; that the EOP has extended these temporary clearances beyond the usual six month timeframe; that the EOP has overruled unfavorable adjudication recommendations by career security professionals in more than 30 cases; and that the EOP has threatened to revoke former officials’ eligibility for access to classified information for reasons other than the adjudicative guidelines.
A SNAP review will assess compliance with statutory requirements and executive-branch policies and procedures governing security clearances and access to Sensitive Compartmented Information. Such policies and procedures ensure proper due diligence in exercising the granting, denying, and revoking of access to classified information. The DNI has conducted scores of SNAP reviews to ensure rigorous application of proven standards and to give Congress faith that classified information is being properly protected.
In a recent letter, the Office of the DNI advised us that, despite completing a SNAP review of the EOP personnel security program in 2015, it does not have the legal authority under Executive Order 13467 to conduct a SNAP review of the EOP unless you specifically direct it to do so. We believe a new review is necessary to address the allegations that have been raised and, if necessary, implement corrective action. Without such a review, it will be incumbent upon Congress to take a more direct role in overseeing and legislating on EOP security clearances to protect national security.
Thank you for your prompt attention to this matter.
Washington, D.C. – Citing the vital need for a secure U.S. industrial base, U.S. Senators Mike Crapo (R-Idaho) and Mark Warner (D-Virginia) have introduced bipartisan legislation to guard against attempts by the People’s Republic of China and others to undermine U.S. national security by exploiting and penetrating U.S. supply chains. The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act (S. 2316) would develop a national strategy to assess and prevent risks to critical U.S. technologies.
“Actions by the People’s Republic of China have contributed to an unfair and unsafe advantage in its technological race against the United States,” said Senator Crapo. “Through government investments and subsidies, as well as intellectual property theft of companies like Idaho’s Micron, China aims to dominate a $1.5 trillion electronics industry, which creates serious, far-reaching threats to the supply chains that support the U.S. government and military. The MICROCHIPS Act would create a coordinated whole-of-government approach to identify and prevent these efforts and others aimed at undermining or interrupting the timely and secure provision of dual-use technologies vital to our national security.”
“While there is a broad recognition of the threats to our supply chain posed by China, we still lack a coordinated, whole-of-government strategy to defend ourselves,” said Senator Warner. “As a result, U.S. companies lose billions of dollars to intellectual property theft every year, and counterfeit and compromised electronics in U.S. military, government and critical civilian platforms give China potential backdoors to compromise these systems. We need a national strategy to unify efforts across the government to protect our supply chain and our national security.”
Chinese companies export telecommunication technology equipment into software, hardware, and services used in the United States, and hope to export fifth generation technology (5G) to the U.S. that could potentially harm and expose both consumer and U.S. military information. Malicious chips or counterfeit parts could create backdoors enabling the monitoring or stealing of consumer data or cause broader system malfunctions. Even with high investments in cybersecurity, the United States remains vulnerable to advanced cyber attackers like Russia and China. A 2018 Government Accountability Office report stated that, despite multiple warnings since the early 1990s, cybersecurity has not been a focus of weapon systems acquisitions within the military community. The Department of Defense’s (DOD) continuous acquisition of weapons systems without making security a key priority could potentially lead to loss of U.S. intellectual property and technological advantage of the U.S. Armed Forces, contribute to unnecessary risks to human life and interfere with the ability of the Armed Forces to execute their missions.
The MICROCHIPS Act would address China’s practice of four major non-kinetic areas of warfare, including supply chain exploitation through supplying faulty software hardware and components; cyber-physical attacks on U.S. systems with real-time operating deadlines, such as missiles, aircraft and electrical grids; cyber-attacks on computer systems; and bad actors gaining sensitive information. S. 2316 contains four sections with the following main components:
- Summarizes key findings of Congress regarding supply chain security;
- Directs the Director of National Intelligence, DOD and other relevant agencies to develop a plan to increase supply chain intelligence within 180 days;
- Establishes a National Supply Chain Security Center within the Office of the Director of National Intelligence to collect supply chain threat information and disseminate it to agencies with the authority to intervene; and
- Makes funds available under the Defense Production Act for federal supply chain security enhancements.
Section two of the bill was included in the House-passed version of the Intelligence Authorization Act, and the Senate adopted section four of the bill through its version of the National Defense Authorization Act.