Ranking Members Warner, Klobuchar, Reed, and Peters Press Election Equipment Manufacturers on Security
Mar 27 2019
WASHINGTON – U.S. Senator Mark R. Warner, Vice Chairman of the Senate Intelligence Committee and a member of the Senate Rules Committee with oversight jurisdiction over federal elections, joined his colleagues in sending a letter to the country’s three largest election system vendors with questions to help inform the best way to move forward to strengthen the security of our voting machines. In the U.S., the three largest election equipment vendors—Election Systems & Software, LLC; Dominion Voting Systems, Inc.; and Hart InterCivic, Inc.—provide the voting machines and software used by ninety-two percent of the eligible voting population. However, voting and cybersecurity experts have begun to call attention to the lack of competition in the election vendor marketplace and the need for scrutiny by regulators as these vendors continue to produce poor technology, like machines that lack paper ballots or audibility.
The letter was signed by Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence Committee, Senator Amy Klobuchar (D-MN), Ranking Member of the Rules Committee, Senator Jack Reed (D-RI), Ranking Member of the Senate Armed Services Committee, and Senator Gary Peters (D-MI), Ranking Member of the Senate Homeland Security Committee.
“The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections,” the senators wrote. “The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”
The full text of the letter is below:
March 26, 2019
Mr. Phillip Braithwaite
President and Chief Executive Officer
Hart InterCivic, Inc.
Mr. Tom Burt
President and Chief Executive Officer
Election Systems & Software, LLC
Mr. John Poulos
President and Chief Executive Officer
Dominion Voting Systems
Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:
We write to request information about the security of the voting systems your companies manufacture and service.
The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections. Following the attack on our election systems in 2016, the Department of Homeland Security (DHS) designated election infrastructure as critical infrastructure in order to protect our democracy from future attacks and we have taken important steps to prioritize election security. We appreciate the work that your companies have done in helping to set up the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector.
Despite the progress that has been made, election security experts and federal and state government officials continue to warn that more must be done to fortify our election systems. Of particular concern is the fact that many of the machines that Americans use to vote have not been meaningfully updated in nearly two decades. Although each of your companies has a combination of older legacy machines and newer systems, vulnerabilities in each present a problem for the security of our democracy and they must be addressed.
On February 15, the Election Assistance Commission’s (EAC) Commissioners unanimously voted to publish the proposed Voluntary Voting System Guidelines 2.0 (VVSG) Principles and Guidelines in the Federal Register for a 90 day public comment period. As you know, this begins the long-awaited process of updating the Principles and Guidelines that inform testing and certification associated with functionality, accessibility, accuracy, auditability, and security. The VVSG have not been comprehensively updated since 2005 – before the iPhone was invented – and unfortunately, experts predict that updated guidelines will not be completed in time to have an impact on the 2020 elections. While the timeline for completing VVSG 2.0 is frustrating, these guidelines are voluntary and they establish a baseline – not a ceiling – for voting equipment. Furthermore, VVSG 1.1 has been available for testing since 2015.
In other words, the fact that VVSG 2.0 remains a work in progress is not an excuse for the fact that our voting equipment has not kept pace both with technological innovation and mounting cyber threats. There is a consensus among cybersecurity experts regarding the fact that voter-verifiable paper ballots and the ability to conduct a reliable audit are basic necessities for a reliable voting system. Despite this, each of your companies continues to produce some machines without paper ballots. The fact that you continue to manufacture and sell outdated products is a sign that the marketplace for election equipment is broken. These issues combined with the technical vulnerabilities facing our election machines explain why the Department of Defense’s Defense Advanced Research Projects Agency (DARPA) is reportedly working to develop an open source voting machine that would be secure and allow people to ensure their votes were tallied correctly.
As the three largest election equipment vendors, your companies provide voting machines and software used by 92 percent of the eligible voting population in the U.S. This market concentration is one factor among many that could be contributing to the lack of innovation in election equipment. The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.
In order to help improve our understanding of your businesses and the integrity of our election systems, we respectfully request answers to the following questions by April 9, 2019:
- What specific steps are you taking to strengthen election security ahead of 2020? How can Congress and the federal government support these actions?
- What additional information is necessary regarding VVSG 2.0 in order for your companies to begin developing systems that comply with the new guidelines?
- Do you anticipate producing systems that will be tested for compliance with VVSG 1.1? Why or why not?
- What steps, if any, are you taking to enhance the security of your oldest legacy systems in the field, many of which have not been meaningfully updated (if at all) in over a decade?
- How do EAC certification requirements and the certification process affect your ability to create new election systems and to regularly update your election systems?
- Do you support federal efforts to require the use of hand-marked paper ballots for most voters in federal elections? Why or why not?
- How are you working to ensure that your voting systems are compatible with the EAC’s ballot design guidelines (i.e. “Effective Designs for the Administration of Federal Elections”)?
- Experts have raised significant concerns about the risks of ballot marking machines that store voter choice information in non-transparent forms that cannot be reviewed by voters (i.e. such as barcodes or QR codes), noting that errors in the printed vote record could potentially evade detection by voters. Do you currently sell any machines whose paper records do not permit voters to review the same information that the voting system uses for tabulation? If so, do you believe this practice is secure enough to be used in the 2020 election cycle?
- Do you make voting systems with Cast Vote Records (CVRs) that can be reliably connected to specific unique ballots, while also maintaining voter privacy? If not, why not? Does your company make voting systems that allow for a machine-readable data export of these CVRs in a format that is presentation-agnostic (such as JSON) and can be reliably parsed without substantial technical effort? If not, why not?
- Would you support federal legislation requiring expanded use of routine post-election audits, such as risk-limiting audits, in federal elections? Why or why not?
- What portion of your revenue is invested into research and development to produce better and more cost effective voting equipment?
- Congress is currently working on legislation to establish information sharing procedures for vendors regarding security threats. How does your company currently define a reportable cyber-incident and what protocols are in place to report incidents to government officials?
- What steps are you taking to improve supply chain security? To the extent your machines operate using custom, non-commodity hardware, what measures are you taking to ensure that the supply chains for your custom hardware components are monitored and secure?
- Do you employ a full-time cybersecurity expert whose role is fully dedicated to improving the security of your systems? If so, how long have they been on staff, and what title and authority do they have within your company? Do you conduct background checks on potential employees who would be involved in building and servicing election systems?
- Does your company operate, or plan to operate, a vulnerability disclosure program that authorizes good-faith security research and testing of your systems, and provides a clear reporting mechanism when vulnerabilities are discovered? If not, what makes it difficult for your company to do so, and how can Congress and the federal government help make it less difficult?
- How will DARPA’s work impact how your company develops and manufactures voting machines?
We look forward to your answers to these questions, and thank you for your efforts to work with us and with state election officials around the country to improve the security of our nation’s elections.
Bipartisan Legislation to Improve Cybersecurity of Internet-of-Things Devices Introduced in Senate & House
Mar 11 2019
WASHINGTON – Bipartisan legislation to improve the cybersecurity of Internet-connected devices will be introduced today in the Senate and the House of Representatives. The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require that devices purchased by the U.S. government meet certain minimum security requirements.
The legislation is being introduced in the Senate by U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner(R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Maggie Hassan (D-NH) and Steve Daines (R-MT), while Reps. Robin Kelly (D-IL) and Will Hurd (R-TX) are introducing companion legislation in the House of Representatives.
“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” said Sen. Warner, a former technology entrepreneur and executive and Vice Chairman of the Senate Select Committee on Intelligence. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”
“The Internet of Things (IoT) landscape continues to expand, with most experts expecting tens of billions of devices to be operating on our networks within the next several years,” Sen. Gardner said. “As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure, particularly when they are integrated into the federal government’s networks. Agencies like the National Institute of Standards and Technology (NIST), which has a major campus in Boulder, are key players in helping establish guidelines for improved IoT security and our bill builds on those efforts. As co-chairs of the Senate Cybersecurity Caucus, Senator Warner and I remain committed to advancing our nation’s cybersecurity defenses.”
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Rep. Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. This is groundbreaking work and IoT devices must be built with security in mind, not as an afterthought,” said Rep. Hurd, former computer science major, cybersecurity entrepreneur and Chair of the House Subcommittee on Information Technology. “This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”
“With everything from LED lights to thermostats connected to the internet, we need to act swiftly to step up security for ‘internet of things’ devices to prevent hackers from disrupting our economy and threatening public safety,” Sen. Hassan said. “By requiring the federal government to only purchase devices that meet certain cybersecurity standards, this bill will help protect federal agencies against hackers who are seeking to exploit internet of things devices in order to steal critical national security information and the private data of Granite Staters and Americans.”
“As the Internet of Things landscape grows – we must ensure that Montanan’s information is safe and the security of our critical infrastructure is protected,” said Sen. Daines. “This bill helps establish proper safeguards that balance the need to protect Montanan’s privacy and our national security with the growing tech economy and high-paying jobs it provides.”
The Internet of Things, the term used to describe the growing network of Internet-connected devices and sensors, is expected to include over 20 billion devices by 2020. While these devices and the data they collect and transmit present enormous benefits to consumers and industry, the relative insecurity of many devices presents enormous challenges. Sometimes shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack. IoT devices have been used by bad actors to launch devastating Distributed Denial of Service (DDoS) attacks against websites, web-hosting servers, and internet infrastructure providers.
At a hearing of the Senate Armed Services Committee last year, the Director of the Defense Intelligence Agency, Lt. General Robert Ashley, described exploitation of insecure IoT devices as one of the two “most important emerging cyber threats to our national security.” Last May, the Departments of Commerce and Homeland Security published a report highlighting the IoT market forces that reward low-price and convenience at the expense of security. The signature recommendation of the May 2018 report was that the Federal government should “lead by example” by requiring the acquisition of more secure and resilient products and services, particularly IoT. The IoT Cybersecurity Improvement Act will address both this market failure and the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurements of connected devices by the government.
Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would:
- Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
- Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
- Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
- Direct NIST to work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
- Require contractors and vendors providing IoT devices to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.
“BSA applauds Senators Warner and Gardner for their leadership in securing the IoT, and calls on Congress to act swiftly to advance this important legislation,” said Tommy Ross, Senior Policy Director, BSA | The Software Alliance. “As IoT devices increasingly bring greater productivity and quality of life to consumers and businesses across sectors, we must be proactive in addressing the unique security considerations they bring.”
“Internet-aware devices raise deep and novel security issues, with problems that could arise months or years after purchase, and spill over to people who aren't the purchasers. This bill leverages the government procurement market, rather than direct regulation, to encourage Internet-aware device makers to employ basic security measures in their products,” said Jonathan Zittrain, Co-Founder of Harvard University’s Berkman Klein Center for Internet & Society.
“Insecure and unsecured IoT devices are a risk we must address, and it will only happen if the government and the private sector both step up. I'm glad that Senators Warner and Gardner and Representatives Kelly and Hurd are continuing to push this issue,” said Jeff Greene, Vice President of Global Government Affairs & Policy at Symantec.
“Weak IoT security with little oversight puts the American public at risk, particularly as these devices become more and more common in our offices and in our homes. We need a coordinated approach. Empowering NIST to set standards for the development and management of these devices, as the IoT Cybersecurity Improvement Act of 2019 proposes, will help secure the sensitive data held by the government and the private information shared within our homes,” said Alan Davidson, Vice President of Global Policy, Trust, and Security at Mozilla.
“The proliferation of insecure Internet-connected devices presents an enormous security challenge. The risks are no longer solely about data; they affect flesh and steel. The market is not going to provide security on its own, because there is no incentive for buyers or sellers to act in anything but their self-interests. I applaud Senator Warner and his cosponsors for nudging the market in the right direction by establishing thorough, yet flexible, security requirements for connected devices purchased by the government,” said Bruce Schneier, Fellow and Lecturer at Harvard Kennedy School of Government.
“Cloudflare applauds Senators Warner and Gardner, Representatives Kelly and Hurd, and their cosponsors for their continued efforts to address the risks posed by improperly secured IoT devices with the introduction of this latest bill. Using the government procurement process to encourage security research and innovation will make the U.S. Government a leader in this area, and should open up a robust discussion of these issues. Cloudflare looks forward to continuing to work with them as this bill moves forward,” said Doug Kramer, General Counsel, Cloudflare Inc.
“IoT device insecurity is a serious problem that needs to be addressed. Although much must be done to address this problem, the longest journey begins with a single step—and this bill is just such a step in moving the ball forward on IoT security for government procurements,” said Dr. Herb Lin, senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University.
"Billions of devices connect our world and in the coming years we will see billions more. Each device adds to an expanding and elastic attack surface that creates a massive gap in the ability to truly understand cyber risk at any given time. The Internet of Things (IoT) Cybersecurity Improvement Act, introduced by Representatives Robyn Kelly (D-IL) and Will Hurd (R-TX), tasks NIST with developing security guidelines to address critical vulnerabilities in the development of IoT devices that the federal government purchases. This legislation will help the government better manage its cyber risks, and provide a strong example for other organizations. We also strongly support the call for NIST to develop a report that addresses Cyber Exposure considerations related to the increasing convergence of IT, IoT, and OT devices, networks and systems, as the modern enterprise must manage risk across all these environments," said James Hayes, Vice President of Global Government Affairs at Tenable.
“We applaud Senators Warner and Gardner and Representatives Kelly and Hurd for introducing the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The wireless industry is committed to ensuring the security of IoT devices and we look forward to working with the sponsors of the legislation on policies that will help protect consumers,” said Kelly Cole, Senior Vice President for Government Affairs at CTIA.
Similar legislation was previously introduced in the 115th Congress.
Sen. Warner wrote to the Federal Trade Commission (FTC) in July 2016 raising concerns about the security of children’s data collected by Internet-connected “Smart Toys.” In May 2017, the Senator wrote a follow-up letter to Acting FTC Chairwoman Maureen Ohlhausen reiterating his concerns following comments by the Chairwoman that the risks of IoT devices are merely speculative. In response to the Senator’s concerns, the FTC issued updated guidance on protecting children’s personal data in connected toys. Immediately in wake of October’s devastating DDoS attack on the nation’s internet infrastructure by the Mirai botnet, Sen. Warner wrote the FCC, FTC, and NCCIC to raise concerns about the proliferation of botnets composed of insecure devices. Sen. Warner also wrote to Office of Management and Budget Director Mick Mulvaney and Secretary of Homeland Security John Kelly in May 2017 asking what steps the Federal Government had taken to defend against WannaCry ransomware.
Sen. Warner, the Vice Chairman of the Senate Select Committee on Intelligence and former technology executive, is the co-founder and co-chair of the bipartisan Senate Cybersecurity Caucus and a leader in Congress on security issues related to the Internet of Things (IoT).
Bill text is available here.
Warner, Rubio Ask Intelligence Community for Public Report Detailing Chinese Participation in 5G Standard-Setting
Mar 01 2019
Washington – U.S. Sens. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Marco Rubio (R-FL), a member of the Senate Select Committee on Intelligence, urged Director of National Intelligence Dan Coats to issue a comprehensive and unclassified report on China’s participation in the international standard-setting bodies (ISSBs) for fifth-generation wireless telecommunications technologies (5G). This report would allow companies in the U.S. to fully assess any existing threats to fair competition and push back against them.
“In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies,” wrote the Senators.“Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend.”
American companies do not currently have access to crucial information regarding China’s alleged use of political influence in ISSBs or other anti-competitive practices, such as the state-directed coordination of large Chinese telecommunications firms. These practices can undermine fair competition, hinder the ability of us companies to sell and scale their technologies, and raise serious economic and security concerns for U.S. networks and future generations of wireless technologies.
Prompted by a series of anecdotal concerns raised to the Senate Select Committee on Intelligence (SSCI) regarding China’s attempt to politically influence the ISSBs, the Senators urged Director Coats to issue a report detailing:
1. Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs;
2. Specific examples of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,
3. How Chinese-led standards for 5G technologies will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.
They concluded, “We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.”
Sens. Warner and Rubio are the lead sponsors of bipartisan legislation to help combat tech-specific threats to national security posed by foreign actors like China. Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies. On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Warner has also urged the Administration to work with our allies to combat these technology threats. Sens. Warner and Rubio are also the authors of bipartisan legislation to enforce full compliance by ZTE with all probationary conditions of a U.S. Commerce Department’s deal struck with the company last year that ended U.S. imposed sanctions.
Full text of the letter is below and a copy can be found here.
Director Dan Coats
Director of National Intelligence
1500 Tysons McLean Drive
McLean, VA 22102
Dear Director Coats:
We are writing to request an unclassified report on the participation of China and other adversarial nations in the international standard-setting bodies (“ISSBs”) for fifth-generation wireless telecommunications technologies (“5G”). Over the past year, the Senate Select Committee on Intelligence (“SSCI”) has heard anecdotal concerns that China is attempting to exert pressure or political influence in the ISSBs, which have historically functioned as technological meritocracies. Not only does political influence undermine fair competition, it also raises serious economic and security concerns for 5G and future generations of wireless technologies.
Currently, U.S. companies do not have access to critical information about the nature of this threat, and the degree of state-directed coordination amongst large Chinese telecommunication firms seeking to gain a critical edge in wireless technologies. Without adequate information, U.S. companies cannot effectively push back against this behavior, nor can the United States coordinate with our allies to deter anticompetitive practices in the ISSBs.
Specifically, we request a detailed and unclassified report, to the extent possible, from the Intelligence Community (“IC”) on the following items:
1. Overall trends in the ISSBs over the past decade and the implications of politicization of ISSBs, if there is evidence of such trends;
2. Specific examples and case studies of attempts by China and other foreign adversaries to exert pressure or political influence within the ISSBs or at major telecommunication conferences to secure standards that are favorable to Chinese companies and patent holders, or that might introduce deficiencies into 5G networks; and,
3. Implications of Chinese-led standards for 5G technologies and how that will affect U.S. economic and security interests, including efforts by U.S. companies to sell and scale its technologies, the ability of the U.S. to position itself for future generations of wireless technology, and to protect against cyber intrusions and security vulnerabilities.
In 2012, the House Permanent Select Committee on Intelligence’s study on Huawei and ZTE drew attention globally to the security concerns associated with certain Chinese telecommunication and information technology companies. Similarly, we believe Chinese influence in our ISSBs is not fully appreciated, and the IC can play an essential role in filling the publicly available information gap—a necessary first step to countering this trend.
We hope that this report will be part of an ongoing effort to share more timely and relevant information with U.S. companies and our allies. The U.S. cannot tackle this issue alone and must work closely with our international partners—including the European Union, Great Britain, Korea, Japan, Australia, New Zealand, and Canada—on how we may collectively strengthen security standards, supply chain management, and market share of critical technologies. To the greatest extent possible, we urge the IC to declassify relevant information.
We appreciate your attention to this important matter.
WASHINGTON— Today, the Vice Chairman of the Senate Select Committee on Intelligence Sen. Mark R. Warner (D-VA) and Committee member Sen. Marco Rubio (R-FL) introduced bipartisan legislation to help combat tech-specific threats to national security posed by foreign actors like China and ensure U.S. technological supremacy by improving interagency coordination across the U.S. government. To do this, the bill creates an Office of Critical Technologies & Security at the White House responsible for coordinating across agencies and developing a long-term, whole-of-government strategy to protect against state-sponsored technology theft and risks to critical supply chains.
“It is clear that China is determined to use every tool in its arsenal to surpass the United States technologically and dominate us economically. We need a whole-of-government technology strategy to protect U.S. competitiveness in emerging and dual-use technologies and address the Chinese threat by combating technology transfer from the United States, ” said Sen. Warner, a former technology and telecommunications executive. “We look forward to working with the Executive Branch and others to coordinate and respond to this threat.”
“China continues to conduct a coordinated assault on U.S. intellectual property, U.S. businesses, and our government networks and information with the full backing of the Chinese Communist Party,” said Sen. Rubio. “The United States needs a more coordinated approach to directly counter this critical threat and ensure we better protect U.S. technology. We must continue to do everything possible to prevent foreign theft of our technology, and interference in our networks and critical infrastructure. By establishing the Office of Critical Technologies and Security, this bill will help protect the United States by streamlining efforts across the government. I look forward to working with my colleagues and the Administration to enact this legislation and guard against these national security threats.”
China and other nations are currently attempting to achieve technological and economic superiority over the United States through the aggressive use of state-directed or -supported technology transfers. At the same time, the U.S. is also facing major challenges to the integrity of key supply chains as a result of reliance on foreign products that have been identified as national security risks. A national response to combat these threats and ensure our national security has, to date, been hampered by insufficient coordination at the federal level.
The Warner-Rubio bill would guarantee that there is a federal entity responsible for proactively coordinating interagency efforts and developing a national strategy to deal with these challenges to our national security and long-term technological competitiveness. Under the bill, the Office of Critical Technologies & Security would be directed to coordinate and consult with federal and state tech and telecom regulators, the private sector, nongovernmental experts and academic stakeholders, and key international partners and U.S. allies to ensure that every available tool is being utilized to safeguard the supply chain and protect emerging, foundational and dual-use technologies. The Office would also be responsible for raising awareness of these threats and improving the overall education of the American public and business leaders in key sectors about the threats to U.S. national security posed by the improper acquisition and transfer of critical technologies by foreign countries and reliance on foreign products – such as those manufactured by Chinese telecom companies ZTE and Huawei – that jeopardize the overall security of private sector supply chains.
Sen. Warner, a former telecommunications executive and entrepreneur, has long expressed concerns about the risks to our national security posed by Chinese-controlled telecom companies. On October 12, 2018, Sen. Warner and Sen. Rubio sent a letter to Canadian Prime Minister Justin Trudeau urging his country to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Warner has also urged the Administration to work with our allies to combat these technology threats. Sens. Warner and Rubio are also the authors of bipartisan legislation to enforce full compliance by ZTE with all probationary conditions of a U.S. Commerce Department’s deal struck with the company last year that ended U.S. imposed sanctions.
For a copy of the bill text, click here.
Nov 30 2018
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus, released the following statement on Marriott’s disclosure of a data breach affecting up to 500 million guests:
“It seems like every other day we learn about a new mega-breach affecting the personal data of millions of Americans. Rather than accepting this trend as the new normal, this latest incident should strengthen Congress’ resolve. We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need. And it is past time we enact data security laws that ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.”
Nov 16 2018
WASHINGTON- U.S. Senators Amy Klobuchar (D-MN), Mark Warner (D-VA), Chris Coons (D-DE), and Richard Blumenthal (D-CT) pressed Facebook CEO Mark Zuckerberg to respond to reports that the company used contractors to retaliate against or spread intentionally inflammatory information about their critics. Since the 2016 election, both the government and Facebook internal investigations have revealed that the company failed to adequately protect the data of its 2.2 billion users. Recent reports—including one from the New York Times—allege that Facebook has taken significant steps to undermine critics, including hiring partisan political consultants to retaliate and spread intentionally inflammatory information about people who have criticized Facebook, which, if not properly disclosed, may have campaign finance implications.
“We are gravely concerned by recent reports indicating that your company used contractors to retaliate against or spread intentionally inflammatory information about your critics,” the senators wrote. “In addition, the staggering amount of data that Facebook has collected on both its users and people who have not subscribed to or consented to use of the platform, raises concern that the company could improperly or illegally use its vast financial and data resources against government officials and critics seeking to protect the public and our democracy.”
“Both elected officials and the general public have rightfully questioned whether Facebook is capable of regulating its own conduct.”
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter, and Google. The content and purchaser(s) of those online advertisements are a mystery to the public because of outdated laws that have failed to keep up with evolving technology. The Honest Ads Act, led by Klobuchar, Warner, and the late Senator John McCain (R-AZ) and cosponsored by Coons and Blumenthal, would prevent foreign actors from influencing our elections by ensuring that political ads sold online, including social media platforms like Facebook, are covered by the same rules as ads sold on TV, radio, and print.
The full text of the letter can be found below:
Dear Mr. Zuckerberg:
We are gravely concerned by recent reports indicating that your company used contractors to retaliate against or spread intentionally inflammatory information about your critics.
Since the 2016 election, both the government and your own internal investigations have revealed that your company failed to adequately protect the data of its 2.2 billion users. Your company also failed to implement protocols to prevent manipulation by foreign adversaries working to undermine America’s political system. Both elected officials and the general public have rightfully questioned whether Facebook is capable of regulating its own conduct.
According to recent reports, your company hired contractors to retaliate and spread intentionally inflammatory information about people who have criticized Facebook, which, if not properly disclosed, may have campaign finance and other potential legal implications. In addition, the staggering amount of data that Facebook has collected on both its users and people who have not subscribed to or consented to use of the platform, raises concern that the company could improperly or illegally use its vast financial and data resources against government officials and critics seeking to protect the public and our democracy.
In light of these concerns, we respectfully request you answer the following questions:
1. To your knowledge, did your company hire any entity – including, but not limited to research firms and contractors – to collect or find information to be used in retaliation against people who criticized Facebook, including elected officials who were scrutinizing your company?
2. Did your company hire any entity – including, but not limited to research firms and contractors – to spread negative or intentionally inflammatory information in retaliation against people who criticized Facebook, including elected officials who were scrutinizing your company?
3. Did your company – or any entity affiliated with or hired by your company – ever use any of the vast financial and data resources available to Facebook in retaliation against people who criticized Facebook, including elected officials who were scrutinizing your company?
4. Did your company – or any entity affiliated with or hired by your company – ever seek to conceal information related to foreign interference with the 2016 U.S. election from the public or government investigators?
5. Did your company – or any entity affiliated with or hired by your company — ever contact any media outlets with negative or misleading information, or suggest, promote, or amplify negative or misleading social media about your critics, including elected officials scrutinizing your company?
6. How much money have you expended or paid other entities to collect, find, spread or amplify information about people who have criticized Facebook, including elected officials scrutinizing your company? Has any of that spending been publically disclosed?
7. Some of us have requested that the Deputy Attorney General expand the scope of the Department of Justice’s existing investigations to include the latest reports that Facebook hired contractors to retaliate and spread negative information about people who criticized the company. If the Department’s investigation is expanded to include this recent report, will you commit to co-operating with any investigation into this matter?
Thank you for your prompt attention to this request.
Warner, Kaine Announce More Than $4.5 Million to Construct Broadband Infrastructure in Southwest Virginia and on the Eastern Shore
Nov 14 2018
WASHINGTON – Today U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) announced $4,799,911 in federal funds to boost broadband access in Southwest Virginia and on the Eastern Shore. The funding, awarded through the United States Department of Agriculture’s (USDA) Community Connect Grant Program, will be used to construct and expand broadband access in rural and underserved communities.
“Broadband access is vital to the economic success of the Commonwealth and the nation,” the Senators said. “These federal funds will help Virginia connect to the digital age while expanding access to healthcare, educational, and job opportunities.”
The Scott County Telephone Cooperative will receive $3,000,000 to construct a fiber-to-the home broadband system that will provide internet access to 554 households and 20 businesses in Scott County, Virginia. A community center will also be established where residents will have free access to computers and WiFi.
Eastern Shore Communications, LLC will receive $1,799,911 to construct a broadband fiber fixed-wireless high-speed network capable of servicing residents of Chincoteague, Wallops Island, Accomac, Exmore, Cape Charles, Virginia Beach, Chesapeake, and Norfolk with speeds of at least 25 megabits downstream and 3 megabits upstream.
Warner and Kaine have been strong supporters of expanding broadband access in Virginia as Governors and Senators. In February, Warner and Kaine joined a bipartisan group of colleagues to urge President Trump to include broadband in an infrastructure initiative.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement after a state-owned enterprise of the People’s Republic of China (PRC), a Taiwan company, and three individuals were indicted for a conspiracy to steal trade secrets from the American semiconductor company Micron:
“The reciprocal trading system that has existed between the U.S. and China can endure only on the basis of mutual respect for the rule of law, including fair trials and the enforcement of property rights. The Chinese government’s complicity in intellectual property theft hurts American manufacturers, workers, and consumers, and undermines the ability of U.S. businesses to operate in China. The Administration has powerful, targeted tools at its disposal to hold bad actors accountable for theft of U.S. companies’ IP and trade secrets, even when the theft takes place abroad. I applaud the Department of Justice for using one of those tools today to hold China accountable, and encourage the Administration to take additional steps to crack down on economic espionage by Chinese businesses and the Chinese government.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Banking Committee, wrote a letter to the Federal Trade Commission (FTC) Chairman Joseph Simons expressing concern following a report published by Buzzfeed detailing continued prevalence of digital advertising fraud and inaction by Google to curb these efforts. According Buzzfeed, this scheme has generated hundreds of millions of dollars in fraudulent advertising revenues, with operations spanning more than 125 Android apps and websites.
In July 2016, Sen. Warner and Sen. Chuck Schumer (D-NY) wrote to FTC Chairwoman Ramirez calling on the agency to protect consumers from the growing digital ad fraud phenomenon. Since then, reports have estimated that digital ad fraud has only grown to $7.4 billion in 2017 – and projected to rise to $10.9 billion by 2021.
At the center of Buzzfeed’s report is Google, the only tech company absent for the Senate Intelligence Committee’s September hearing on social media’s role in protecting elections from misinformation and disinformation. The extent to which many popular online communications technologies have been exploited – and their providers caught repeatedly flat-footed – has been continuously highlighted in the course of investigating Russia’s unprecedented inference in the 2016 election. In the same way that bots, trolls, click-farms, fake pages and groups, ads, and algorithm-gaming can be used to propagate political disinformation, these same tools can – and have – been used to assist click fraud in digital advertising markets and efforts to convince large numbers of users to download malicious apps on their phones.
The full text of the letter can be found here and below.
The Honorable Joseph J. Simons
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20530
Dear Chairman Simons,
I am writing to express my continued concern with the prevalence of digital advertising fraud, and in particular the inaction of major industry stakeholders in curbing these abuses. In 2016, Senator Schumer and I wrote Chairwoman Ramirez to express frustration with the growing phenomenon of digital ad fraud. Digital ad fraud has only grown since that time, rising to $7.4 billion in 2017 – and projected to rise to $10.9 billion by 2021. I am greatly concerned with recent reporting from Buzzfeed, detailing a massive digital advertising fraud scheme that depends, in large part, on a network of compromised Android apps. As Buzzfeed reports, this scheme generated hundreds of millions of dollars in fraudulent advertising revenues, with operations spanning more than 125 Android apps and websites.
In the course of investigating Russia’s unprecedented interference in the 2016 election, the extent to which many popular online communications technologies have been exploited – and their providers caught repeatedly flat-footed – has been unmistakable. More than illuminating the capacity of these technologies to be exploited by bad actors, the revelations of the last year have revealed the dark underbelly of an entire ecosystem. In the same way that bots, trolls, click-farms, fake pages and groups, ads, and algorithm-gaming can be used to propagate political disinformation, these same tools can – and have – been used to assist financial frauds such as stock-pumping schemes, click fraud in digital advertising markets, schemes to sell counterfeit prescription drugs, and efforts to convince large numbers of users to download malicious apps on their phones.
According to Buzzfeed, a recent ad fraud ring vividly illustrates this problem, with potentially millions of consumers unwittingly downloading and engaging with apps that captured the behavior of app users in order to program a network of bots mimicking user activity to engage in multi-million dollar ad fraud. While these techniques continue to grow more sophisticated, none of this is new for industry stakeholders. Sophisticated, user-mimicking bots have been widely publicized for a number of years now. According to leading researchers, one in five ad-serving websites is visited exclusively by bots engaged in ad fraud. Digital ad fraud thrives because of the opaqueness of the programmatic ad market, where user data is bought and sold in ways users are unwitting to, in order to target advertisements in ever more sophisticated ways.
At the center of this scheme was a strategy of buying moderately popular, legitimate Android apps – seemingly innocuous products like mobile games, a flashlight app, and a healthy eating app – and using the installed user base as both a source of fake traffic and behavioral data to model fraudulent bot behavior. Google’s inattention to misconduct within its app store has been a growing concern. In November of 2017, researchers found that over 1 million users had downloaded a spoofed version of WhatsApp. Researchers also routinely find banking Trojans and other malware in the Google Play store. While Google made an estimated $20 billion last year from the Google Play store, its mobile app ecosystem features considerably more malware and fraudulent activity than that of its mobile operating system competitors.
Google’s inattention to misconduct within its app store also enabled the extensive fraud involved here. In addition to failing to notify users of the change in ownership, Google failed to detect changes in the apps that facilitated extensive user tracking subsequently used for bot behavior. Nor did it detect the myriad indicators of coordinated fraudulent activity between the apps – including overlaps in app content, source code, IP addresses, SDKs, and common traffic patterns. Despite being approached by researchers in June with evidence of part of this scheme, Google failed to dig deeper to reveal the full scope of this fraudulent activity. While there is no evidence Google had direct knowledge, Google’s ad network and ad exchanges were also implicated in these schemes. At the very least, it seems that across a number of its products Google may have engaged in willful blindness, all while profiting from this fraudulent activity.
I encourage you to look closely at these reports, including the extent to which major ecosystem stakeholders engage in willful blindness to fraudulent activity in the online ad market.
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and U.S. Sen. Marco Rubio (R-FL), a member of the Committee, urged Canadian Prime Minister Justin Trudeau to reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. A letter from the two Senators to the Prime Minister follows comments made by Head-Designee of the Canadian Center for Cyber Security Scott Jones regarding Huawei.
The entry of Chinese state-directed telecommunications companies like Huawei into the Canadian market could seriously jeopardize the relationship between U.S. and Canadian carriers, depriving North American operators of the scale needed to rapidly build out 5G networks.
The full text of the letter is below. A copy of the signed letter is available here.
Dear Prime Minister Trudeau:
We write with grave concerns about the possibility that Canada might include Huawei Technologies or any other Chinese state-directed telecommunications company in its fifth-generation (5G) telecommunications network infrastructure. As you are aware, Huawei is not a normal private-sector company. There is ample evidence to suggest that no major Chinese company is independent of the Chinese government and Communist Party—and Huawei, which China’s government and military tout as a “national champion,” is no exception.
Based on what we know about Chinese state-directed telecommunications companies, it was troubling to learn that on September 20, 2018, the new Head-Designee of the Canadian Center for Cyber Security Scott Jones told the House of Commons Standing Committee on Public Safety and National Security that banning Huawei is not needed, in response to a question about why Canada has not come out against Huawei as other Five Eyes allies have. Specifically, he claimed that Canada has “a very advanced relationship with our telecommunications providers, something that is different from most other countries,” adding, “We have a program that is very deep in terms of working on increasing that broader resilience piece especially as we are looking at the next-generation telecommunications networks.”
In contrast to Mr. Scott’s comments, however, three former senior Canadian national security officials warned earlier this year against the inclusion of Huawei in Canada’s 5G network. One of them—Mr. Ward Elcock, former Deputy Minister of National Defence—told the Globe and Mail on March 18, 2018, “I have a pretty good idea of how signal-intelligence agencies work and the rules under which they work and their various operations,” concluding that, “I would not want to see Huawei equipment being incorporated into a 5G network in Canada.”
While Canada has strong telecommunications security safeguards in place, we have serious concerns that such safeguards are inadequate given what the United States and other allies know about Huawei. Indeed, we are concerned about the impact that any decision to include Huawei in Canada’s 5G networks will have on both Canadian national security and “Five Eyes” joint intelligence cooperation among the United States, United Kingdom, Australia, New Zealand, and Canada. As you know, Australia effectively banned Huawei, ZTE, and other Chinese state-directed companies from its nation’s 5G networks by excluding firms that “are likely to be subject to extrajudicial directions from a foreign government” and therefore pose unacceptable risks to national security. Moreover, the United Kingdom’s Huawei Cyber Security Evaluation Centre Oversight Board’s 2018 annual report to Britain’s national security adviser found that “identification of shortcomings in Huawei’s engineering processes have exposed new risks in the UK telecommunications networks and long-term challenges to mitigation and management.”
Further, the strong alignment between the United States and Canada in spectrum management has meant that American and Canadian carriers in many cases share complementary spectrum holdings, jointly benefiting from economies of scale for equipment designed for regionally harmonized frequencies. The entry of suppliers such as Huawei into the Canadian market could seriously jeopardize this dynamic, depriving both Canadian and American operators of the scale needed to rapidly build out 5G networks.
Given the strong statements by former Canadian national security officials as well as similar concerns out of the U.S., Australia, and the United Kingdom, we hope that you will reconsider Huawei’s inclusion in any aspect of Canada’s 5G development, introduction, and maintenance. Should you have any questions about the threat that Chinese state-directed telecommunications firms pose to your networks, we urge your government to seek additional information from the U.S. Intelligence Community.
Thank you for your attention to this matter.
Sep 28 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the announcement by Facebook that it discovered a security issue affecting almost 50 million accounts:
“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning. A full investigation should be swiftly conducted and made public so that we can understand more about what happened.
“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before – the era of the Wild West in social media is over.”
To kick start the debate around social media legislation, Sen. Warner in July released a white paper containing a suite of potential policy proposals for the regulation of social media.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and co-chair of the Senate Cybersecurity Caucus, released the following statement on the White House’s National Cyber Strategy:
“There is not one sector of American society, public or private, that has escaped the threat posed by malicious cyber actors. The entertainment industry, federal, state and local governments, hospitals, and the banking sector – to name just a few examples – have all suffered from major cyber incursions in recent years. Given the scale and frequency of these attacks, and the urgency of the challenge, I have been calling for some time for a national cyber strategy to build resiliency and deter adversaries.
“The White House strategy document outlines a number of important and well-established cyber priorities. We need to focus on growing the cyber workforce, promoting more secure development and security across product lifecycle, establishing norms of responsible state behavior, leveraging federal procurement power to drive better security, and publicly attributing and punishing adversaries who violate those standards. The Administration must now move beyond vague policy proposals and into concrete action towards achieving those goals.”
Warner, Colleagues Raise Concerns about Google's Reported Plan to Launch Censored Search Engine in China
Aug 03 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, and Sen. Marco Rubio (R-FL), a member of the Senate Foreign Relations and Intelligence committees, led a bipartisan group of senators in sending a letter to Google CEO Sundar Pichai that raises grave concerns and critical questions about Google’s reported plan to launch a censored version of its search engine in China that would prohibit websites and search terms objected to by the Chinese government and Communist Party. Sens. Robert Menendez (D-NJ), Tom Cotton (R-AR), Ron Wyden (D-OR), and Cory Gardner (R-CO) also signed the letter.
The full text of the letter is here and below:
Dear Mr. Pichai:
We write in response to recent news reports about Google’s plan to launch a censored version of its search engine in China—codenamed “Dragonfly”—that would prohibit websites and search terms deemed objectionable by the Chinese government and Communist Party. If true, this reported plan is deeply troubling and risks making Google complicit in human rights abuses related to China’s rigorous censorship regime.
After a cyberattack that compromised the Gmail accounts of dozens of Chinese human rights activists, Google’s March 2010 decision to stop censoring results on Google.cn was widely praised. The company’s statement at the time noted: “We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement.
Chinese authorities, however, continue to censor a broad range of news and social media topics that they have deemed politically “sensitive” due to their belief that these topics may contribute to criticism of the Chinese government and Communist Party, and possibly lead to collective action. In recent weeks, a significant vaccine scandal in China, which may have affected the health of hundreds of thousands of Chinese children, has run afoul of censors. News reports indicate that, as of last Monday, the Chinese word for “vaccine” was one of the most restricted on Weibo, China’s Twitter-like microblog platform.
Moreover, China has in recent years harnessed the power of communications technology to advance its surveillance and social control efforts. The Financial Times recently reported that the largest technology companies in China—including Alibaba, Tencent, Baidu, and JD.com—are “inextricably linked with the Chinese state and its security apparatus, and the authorities retain the upper hand in the relationship.” Google’s reported activity to build applications compatible with Chinese censorship demands is all the more concerning in light of relationships that Google has made with these companies, including a technology cross-licensing joint venture with Tencent and an investment of $550 million in JD.com.
It is a coup for the Chinese government and Communist Party to force Google—the biggest search engine in the world—to comply with their onerous censorship requirements, and sets a worrying precedent for other companies seeking to do business in China without compromising their core values. In light of these reports, we respectfully request answers to the following questions:
- Is Google in the process of developing a censored search engine or other censored applications for China? If so, will this be part of a joint venture with a Chinese domestic partner?
- What has changed since 2010 to make Google comfortable cooperating with the rigorous censorship regime in China?
- In many cases, the entrance of a western firm in China is conditioned upon that firm entering a joint venture with a domestic Chinese firm. Was Google’s decision to enter a joint venture with Tencent connected in any way with its efforts to enter the Chinese market via the custom search app?
- If Google is working on a search product for the mainland Chinese market, which “blacklist” of censored searches and websites are you using? Are there any phrases or words that Google is refusing to censor?
- Will Google employees involved in managing “Dragonfly” be required to attend the official mandatory trainings on “Marxist news values” and “socialist values” as required of other technology companies that provide Internet news content services in China?
- Presumably Google will comply with China’s Cybersecurity Law and its data localization requirements. Will Google provide information about the search histories of individual users to Chinese government authorities? What confidence does Google have that its local joint venture partner will abide by any user protections that Google puts in place?
We appreciate your prompt reply to this inquiry, including any views that you are prepared to share as to how this reported development can be reconciled with Google’s unofficial motto, “Don’t be evil.”
Jul 31 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, issued the following statement today after Facebook announced that it removed 32 Pages and accounts from Facebook and Instagram that showed connections to and activity consistent with previous Russian disinformation efforts:
“Today’s disclosure is further evidence that the Kremlin continues to exploit platforms like Facebook to sow division and spread disinformation, and I am glad that Facebook is taking some steps to pinpoint and address this activity. I also expect Facebook, along with other platform companies, will continue to identify Russian troll activity and to work with Congress on updating our laws to better protect our democracy in the future.”
In October, Sen. Warner – along with Sens. Amy Klobuchar (D-MN) and John McCain (R-AZ) – introduced the Honest Ads Act to help prevent foreign interference in elections and improve the transparency of online political advertisements.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance committees, issued the below statement regarding the U.S. Department of Commerce’s agreement to lift the ban on Chinese telecom giant ZTE doing business with American suppliers:
“I share the grave concerns of our military and the intelligence community, which are unanimous in their conclusion that ZTE — a state-controlled company with ties to Chinese intelligence — presents an ongoing threat to our national security. I also share many of the concerns the President has voiced in the past about China’s unfair trade practices, which have cheated American workers and permitted Chinese companies to steal the intellectual property of American firms with virtually no consequences.
“This sweetheart deal not only ignores these serious issues, it lets ZTE off the hook for evading sanctions against Iran and North Korea with a slap on the wrist.”
In Light of Federal Election Commission Hearing, Klobuchar, Warner Urge Commissioners to Issue Strongest Possible Transparency Requirements for Online Ads
Jun 27 2018
WASHINTON- U.S. Senators Amy Klobuchar (D-MN), Ranking Member of the Senate Rules Committee, and Mark Warner (D-VA), Vice Chairman of the Select Committee on Intelligence, urged the Federal Election Commission (FEC) to implement the strongest possible transparency and accountability requirements for online advertisements in response to the proposed rulemaking. The letter comes as the FEC begins public hearings today on online advertisements.
“During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again,” the senators wrote.
“People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.”
Klobuchar, Warner and Senator John McCain (R-AZ) are the authors of the bipartisan Honest Ads Act, legislation to help prevent foreign interference in future elections and improve the transparency of online political advertisements. The Honest Ads Act would prevent foreign actors from influencing our elections by ensuring that political ads sold online are covered by the same rules as ads sold on TV, radio, and satellite.
The full text of the letter can be found below:
As you conduct hearings this week on “Internet Disclaimers and Definition of Public Communication”, we encourage you to issue the strongest possible rule that will increase transparency and accountability for online advertisements.
During the 2016 election cycle, Russians took advantage of weak online disclaimer and disclosure rules to purchase online political advertisements. As part of a wide social media exploitation effort, Russia spent at least $100,000 dollars—in rubles—on Facebook ads to influence the 2016 election. According to Facebook responses to investigations by the Senate Select Committee on Intelligence and Senate Judiciary Committee, Russian disinformation reached more than 126 million Americans online.
As we rapidly approach the 2018 election, intelligence officials have warned that Russia is currently working to disrupt our elections again. As Director of National Intelligence Dan Coats stated earlier this year, “[t]he 2018 U.S. midterm elections are a potential target for Russian influence operations” and Russia will conduct “bolder and more disruptive cyber operations.” Senate Intelligence Committee members determined that foreign actors illegally influenced the 2016 presidential election and that something has to be done to stop this from occurring in the future.
Online platforms dwarf broadcast, satellite, and cable providers. The largest internet platform has over 210 million American users. The largest cable provider only has 22 million subscribers – nearly an order of magnitude greater. That is why we introduced the Honest Ads Act earlier this year. Our legislation would apply the same rules to online political advertisements that already exist for traditional media and require digital advertisers to maintain a public record of political ads purchased. By requiring the same rules across all advertising platforms, we can limit foreign attempts to influence our elections, increase transparency in political advertising, and promote greater accountability.
People have a right to know who is behind the information they receive, and in particular who is trying to influence their vote. This necessitates new disclaimer and disclosure requirements for all online advertisements. Primary elections are already upon us and the general election is only 131 days away. Therefore, we encourage you to quickly adopt the strongest possible rule to increase transparency and accountability for online advertisements.
WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and Marco Rubio (R-FL) sent a letter to President Trump, urging him to re-consider the deal lifting the ZTE ban, and to support the Senate-passed ban on government purchases of ZTE and Huawei equipment. Sen. Warner is the Vice Chairman of the Senate Select Committee on Intelligence and a member of the Finance and Banking committees. Sen. Rubio is a member of Senate Foreign Relations and Intelligence committees.
In the letter to President Trump, the Senators wrote, “The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.”
The Senators noted that at a February 13, 2018 hearing in the Intelligence Committee, six of the nation’s top intelligence leaders – the Director of National Intelligence (DNI) and the heads of the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), and the National Geospatial-Intelligence Agency (NGA) – testified about the risks posed to U.S. national security by ZTE and Huawei. Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that Chinese telecom companies such as ZTE and Huawei pose a significant threat to American security.
“As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security,” the Senators added. “ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.”
The full letter is available here and below.
June 26, 2018
The White House
1600 Pennsylvania Avenue, NW
Washington, DC 20500
Dear Mr. President:
We urge you to reconsider your decision to amend the April ZTE sanctions order and lift the ban the Commerce Department imposed this year that prohibited ZTE from buying U.S. components, and we ask for your support for the Senate-passed ban on the government buying ZTE and Huawei equipment. We strongly believe that the April sanctions order—which would have threatened ZTE’s survival—should not be used as a bargaining chip in negotiations with China on unrelated matters.
The Senate and the U.S. Intelligence Community are in agreement that ZTE poses a significant threat to our national security. The Senate recently voted 85-10 to reimpose the April sanctions order and the ban on ZTE buying U.S. components, and to prohibit the U.S. federal government from purchasing ZTE or Huawei equipment and contracting with any entity that purchases such equipment. We urge you to heed the leaders of the U.S. Intelligence Community, supported by a strong bipartisan consensus in the Senate, that we must pursue policies that prevent the widespread use of ZTE products in the U.S.
At the Senate Intelligence Committee’s hearing on February 13, 2018, six top intelligence leaders testified about the risk of ZTE and Huawei to American national security:
· FBI Director Wray stated: “We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks that provides the capacity to exert pressure or control over our telecommunications infrastructure. It provides the capacity to maliciously modify or steal information, and it provides the capacity to conduct undetected espionage.”
· Then-NSA Director Rogers warned: “I would agree with Director Wray’s characterization here. This is a challenge I think that's only going to increase, not lessen, over time for us.” To mayors, county judges, university presidents, and state legislatures, “I would say you need to look long and hard at companies like this.”
· The Director of National Intelligence, and the heads of the CIA, FBI, NSA, DIA, and NGA all indicated they would not use products or services from ZTE or Huawei; nor would they recommend private American citizens do so.
Additionally, the nation’s top counterintelligence officer, Director of the National Counterintelligence Security Center Bill Evanina, testified at his May 15, 2018, confirmation hearing that “the Intelligence Community and law enforcement is clearly on the record, both in the public and in classified settings, with the threat from Chinese telecommunications companies.”
As you know, this is not a new threat. Congressionally documented concerns date back to a 2012 House Permanent Select Committee on Intelligence report on the serious counterintelligence concerns associated with ZTE equipment, the ties between the company and government, and the risks to American national security.
ZTE, though publicly traded, is a state-backed enterprise that is ultimately loyal not to its shareholders, but to the Chinese Communist Party and Chinese government. This patronage relationship poses unacceptable risks to American sovereignty; risks that will only increase if the company is permitted to establish itself deeply in America’s telecommunications infrastructure.
Thank you for your attention to this important matter and for your assistance in ensuring we protect our nation’s future from authoritarian influence.
Mark R. Warner
United States Senator
United States Senator
WASHINGTON –U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, today sent letters to Twitter and Google parent company Alphabet, requesting information about any data sharing agreements between the companies and Chinese vendors. The letter follows a disclosure earlier this week by Facebook that the company has partnerships with Chinese telecom companies including Huawei that allow them to access Facebook users’ non-public data.
“Since at least October 2012, when the House Permanent Select Committee on Intelligence released its widely-publicized report, the relationship between the Chinese Communist Party and equipment makers like Huawei and ZTE has been an area of national security concern. Since then, numerous articles in the tech trade press have focused on concerns by American and allied intelligence agencies that products from Chinese device makers, such as Lenovo, have security vulnerabilities that could allow Chinese intelligence to access data stored on, or transmitted by, devices. And the New York Times reported in 2016 that firmware found in low-end smartphone devices, such as those of Huawei and ZTE, continually transmitted local data to Chinese severs, potentially for foreign intelligence purposes,” Sen. Warner wrote to the two companies today.
It is publicly known that Alphabet has entered into strategic partnerships with Chinese mobile device manufacturers, including Huawei and Xiaomi, as well as with Chinese technology platform Tencent. In light of Facebook’s recent revelations, Sen. Warner requested that the company provide information about those partnerships, as well as any other agreements that Alphabet may have entered into with third-party vendors based in China. A similar request was posed to Twitter.
Jun 07 2018
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Commerce Department’s agreement with ZTE:
“It is the unanimous conclusion of our nation’s intelligence community that ZTE poses a significant threat to our national security. These concerns aren’t new; back in 2012, the House Permanent Select Committee on Intelligence released a report on the serious counterintelligence concerns associated with ZTE equipment.
“It’s not only that ZTE was busted for evading sanctions on Iran and North Korea, and then lied about it; It’s that ZTE is a state-controlled telecommunications company that poses significant espionage risks, which this agreement appears to do little to address.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, released the following statement after Facebook confirmed the company has data-sharing partnerships with Chinese telecom companies, including Huawei:
“Concerns about Huawei aren’t new – they were widely publicized beginning in 2012, when the House Permanent Select Committee on Intelligence released a well-read report on the close relationships between the Chinese Communist Party and equipment makers like Huawei. The news that Facebook provided privileged access to Facebook’s API to Chinese device makers like Huawei and TCL raises legitimate concerns, and I look forward to learning more about how Facebook ensured that information about their users was not sent to Chinese servers.”
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking Committee, released the following statement regarding the reported ZTE agreement lifting the Commerce Department ban:
“If these reports are accurate, this is a huge mistake. ZTE poses a threat to our national security. That’s not just my opinion – it’s the unanimous conclusion of our intelligence community.”
May 26 2018
WASHINGTON — U.S. Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence and a member of the Senate Banking and Finance Committees, released the following statement regarding the Trump administration’s deal on ZTE:
WASHINGTON, D.C. – U.S. Senators Mark Warner and Tim Kaine joined a bipartisan letter calling on Federal Communications Commission (FCC) Chairman Ajit Pai to support long-term funding that would make broadband and voice services more accessible and affordable in rural communities. In the letter, the Senators thank the FCC for its work to support rural broadband and request that it prevent upcoming funding cuts to smaller operators that deliver broadband to the country’s most rural communities, which would otherwise go into effect on July 1.
“These recurring budget shortfalls result in lower speeds, more unserved locations, and higher prices for rural consumers and businesses,” the Senators said. “We share your goal of eliminating the digital divide and look forward to working with you to maintain accessible, affordable broadband for rural American consumers and businesses.”
The FCC fixed the budget shortfall for the Universal Service Fund’s (USF) High-Cost program for the current Fiscal Year, but has not addressed long term funding for the program. The USF program helps to ensure that consumers in rural areas pay comparable rates to those in urban areas by helping rural carriers cover some of their costs. The Senators make the case that funding the program encourages businesses to invest in broadband networks in regions of the country where service is needed, but where deploying broadband is difficult and costly.
Warner and Kaine have been strong supporters of expanding broadband to rural communities in Virginia as Governors and Senators. Last year, Warner and Kaine joined a bipartisan group of colleagues to urge President Trump to include broadband in an infrastructure initiative. In October, Warner and Kainepraised a Senate Democratic proposal to invest $40 billion to build broadband infrastructure necessary to connect over 34 million Americans to high-speed internet. In November, Warner and Kaine announced $6 million in federal funding to construct broadband infrastructure in Buchanan and Scott Counties.
The full text of the Senators’ letter to Chairman Pai is available here and below:
May 15, 2018
The Honorable Ajit Pai
Federal Communications Commission
445 12th Street, S.W.
Washington, DC 20554
Dear Chairman Pai:
We write to express our strong support and sincere gratitude for the recent Order addressing budget shortfalls in the Universal Service Fund’s (USF) High-Cost program. The Order is an essential, immediate step in the right direction, and we now encourage the Federal Communications Commission (FCC) to continue down this path by acting quickly on the notice of proposed rulemaking to provide long-term, predictable support. Such additional steps are necessary to ensure rural Americans have access to high quality voice and broadband services.
The FCC’s recent Order approving an infusion of funds into the USF is greatly welcomed, and will provide needed support for small, rural carriers that rely on the High-Cost USF program. Despite this, persistent limitations on resources can affect the ability of smaller broadband providers to deliver services in our country’s most rural communities. The FCC’s cost model for smaller operators electing model-based USF support is not yet funded at the designed levels, and carriers not receiving model-based support will once again face significant funding cuts when the program’s new fiscal year takes effect on July 1, 2018. These recurring budget shortfalls result in lower speeds, more unserved locations, and higher prices for rural consumers and businesses.
Congress has expressed consistent, bipartisan support for addressing shortfalls in the USF program. In April 2017, 58 Senators called on the FCC to provide adequate resources for broadband delivery services to rural consumers in areas that are the hardest and costliest to serve. In May 2017, 102 Representatives wrote to the FCC, expressing similar concerns about the impacts of insufficient USF resources on rural consumers.
We commend the FCC’s actions thus far to address and modernize USF support. Taking action on the notice of proposed rulemaking and establishing lasting solutions that allow the reformed High-Cost mechanism to work as designed would enable many smaller operators to offer high quality, affordable broadband to consumers across rural America. It is important to consider any modifications needed to meet the program’s objectives of ensuring consistent network build-out and strengthening ongoing service, for locations otherwise unserved, in our nation’s high-cost rural areas.
Thank you for the actions you have undertaken thus far to support the USF and for considering this request. We share your goal of eliminating the digital divide and look forward to working with you to maintain accessible, affordable broadband for rural American consumers and businesses.
May 16 2018
WASHINGTON — Today, U.S. Sens. Mark R. Warner and Tim Kaine (both D-VA) voted in favor of a Congressional Review Act (CRA) resolution to undo the Trump Administration’s repeal of net neutrality rules. In February 2018, Sens. Warner and Kaine joined a group of Senate and House Democrats in introducing the CRA to overturn the Federal Communications Commission’s (FCC) partisan vote to repeal open internet rules. The resolution passed the Senate this afternoon 52-47 and it now heads to the House of Representatives for consideration.
“The FCC last year repealed rules codifying longstanding open internet principles through a strictly partisan and hurried rulemaking, marked by troubling irregularities in its public comment system. Removing these rules of the road amounted to a greenlight for potential anti-competitive practices by Internet Service Providers, harming Internet users in Virginia and across the country. I urge the House to pass this bill and protect the integrity of the nation’s most crucial information network,” said Sen. Warner.
“Over the past year, there have been very few issues that have generated as much contact from my constituents as concerns over the repeal of net neutrality protections. The Obama Administration put these rules in place to protect consumers and the Trump Administration took them away to protect big internet service providers. It’s as simple as that. This is particularly important for students and families in rural communities that have limited options in internet providers. We fought hard for this vote, and now that our resolution has passed, we need the House to swiftly take it up so we can reverse the Trump Administration’s gutting of net neutrality protections. This is a fundamental issue of providing consumers with more choice and control,” Sen. Kaine said.
In December 2017, the Federal Communications Commission (FCC) voted to repeal the 2015 Open Internet Order, which the D.C. Circuit Court had upheld in 2016. The Open Internet Order prohibited internet service providers from blocking, slowing down, or discriminating against content online. Repealing the net neutrality rules could lead to higher prices for consumers, slower internet traffic, and even blocked websites. A recent poll showed that 83 percentof Americans do not approve of the FCC action to repeal net neutrality rules.
A simple majority of 51 votes is needed to pass a CRA resolution in the Senate.
WASHINGTON— U.S. Sens. Mark R. Warner (D-VA) and Amy Klobuchar (D-MN) today called on Twitter and Alphabet, Inc., the parent company of Google, to implement stronger transparency and accountability standards for online political advertisements. Specifically, the Senators called on the companies to voluntarily implement the provisions in the Honest Ads Act, bipartisan legislation introduced by Sens. Klobuchar, Warner and John McCain (R-AZ) that would require online political advertisements to abide by the same disclosure rules as television and radio ads.
Russia attempted to influence the 2016 presidential election by buying and placing political ads on platforms such as Facebook, Twitter and Google. However, Americans had no way of knowing who was behind the ads, because, unlike radio and television ads, the Federal Election Commission (FEC) has exempted large swathes of online ads from general requirements to include disclaimers about who is responsible for the content, and platforms are not required to make public information about political ad purchases as cable, satellite, and broadcast providers must.
“This lack of transparency has dangerous implications for our democracy. As we saw in the 2016 presidential election, foreign actors can seek to influence the electorate without voters’ knowledge through online political advertising,” wrote Sens. Warner and Klobuchar in a pair of letters today to Alphabet CEO Larry Page and Twitter CEO Jack Dorsey.
On Friday, April 6, Facebook announced that it would endorse and implement the disclosure requirements outlined in the Honest Ads Act. In today’s letters, Sens. Warner and Klobuchar asked Google and Twitter to do the same.
“The Honest Ads Act would apply analogous rules to online political advertisements that currently exist in traditional media, bringing long-overdue transparency to the opaque market of online political advertising. It would extend existing disclaimer obligations that print, broadcast, and cable ads must already meet to analogous political ads disseminated on online platforms… And it would require digital platforms to maintain a public record of political ads purchased by an advertiser who spends more than $500 in any 12 month period,” wrote the Senators. “Lastly, it requires that all advertising platforms – whether broadcast, radio or digital – make reasonable efforts to ensure that the prohibition on foreign nationals attempting to influence our elections through donations, expenditures or other things of value is not violated. These measures not only increase transparency in political advertising, but also promote accountability – both of platforms and of political advertisers.”