Law enforcement and Apple get ready to do battle in a new hearing

With help from Darren Goode and Tony Romm

APPLE VS. LAW ENFORCEMENT, ROUND TWO — The tech giant and the law enforcement community will square off again today over encryption at a hearing this morning before the House Energy and Commerce Committee’s top oversight panel. Look for Apple’s Bruce Sewell to say that “100 percent of our users would be made more vulnerable if we were forced to build a back door,” according to prepared testimony, per our friends at Morning Tech. But the submission from Sewell, the company's top lawyer, doesn’t raise either the company’s just-concluded fight over a locked iPhone in San Bernardino or a pending legal battle over a device in New York.


— Meanwhile, law enforcement officials appearing on their own panel will argue that encryption harms their ability to catch criminals. Thomas Galati, the chief of intelligence at the NYPD, will say New York City has been locked out of 67 Apple devices in the period between October and March, according to his prepared text. And Capt. Charles Cohen, who leads a task force focused on Internet crimes against children in Indiana, will say he hasn’t “seen any impediment to rescuing child victims or identifying and prosecuting child sexual predators that even comes close to the impediment created by encryption.” Both officials will also highlight troubles posed by encrypted apps, such as WhatsApp, whose developers had been invited to testify and declined.

BURR-FEINSTEIN GETS MORE LAW ENFORCEMENT BACKING — FBI agents and the New York City police commissioner are among the growing list of official law enforcement endorsements for a draft encryption bill from Sens. Richard Burr and Dianne Feinstein. The FBI Agents Association, Manhattan District Attorney Cyrus Vance Jr., New York City Police Commissioner William Bratton, the Major Cities Police Chiefs Association and the Major County Sheriff’s Association are backing the draft, Burr’s office announced Monday. The endorsements of the National District Attorneys Association and the International Association of Chiefs of Police were announced Friday. Technology and privacy advocates still hate it.

HAPPY TUESDAY and welcome to Morning Cybersecurity! The Mr. Spaghetti scandal is the best scandal there is. Send thoughts, feedback and especially your tips to [email protected] and follow @timstarks, @POLITICOPro and @MorningCybersec. Full team info is below.

IRS CYBER PARADE ON HILL MARCHES ON — IRS Commissioner John Koskinen appears before the House Ways and Means Oversight Subcommittee today to discuss how his agency is fending off hackers, a subject he’s talked about plenty lately on Capitol Hill. In his opening statement, Rep. Peter Roskam, who chairs the subcommittee, will point out that the IRS hasn’t fully adopted multiple factors of verifying taxpayer identities, or taken other steps to prevent identity theft, such as matching IP addresses to the address of tax returns.

Also appearing as a witness is Rep. Jim Renacci. “While I am aware that not every tax-related identity theft problem is best served with a congressional solution, I look forward to continuing to work with all stakeholders to curb this growing threat,” he will say in his prepared testimony, indicating that he intends to push for legislative proposals to combat identity theft.

WAGNER WANTS TO EXPAND TROUBLED IRS PINS — Rep. Ann Wagner has a bill to expand IRS-issued identity protection personal identification numbers to all interested taxpayers, even as the program’s security-readiness has suffered embarrassing setbacks this year. Wagner’s bill, introduced Feb. 3 but not announced until Tax Day on Monday, would expand a pilot project in Florida, Georgia and D.C. by requiring the IRS to issue a six-digit PIN to any verified taxpayer nationwide who requests one to stem the misuse of Social Security numbers on fraudulent income tax returns. But after hackers found a way to breach the security walls, the IRS was forced to suspend the online tools used by people who have forgotten their PINs. “All the more reason the IRS needs to implement this program for all states — providing better ways to obtain a PIN and ultimately better protect taxpayers,” a Wagner spokeswoman said in an email.

BAG OF CHIPS — Visa’s tally says 1 million U.S. merchant locations have new terminals capable of reading more secure chip cards, according to data compiled through March, accounting for 20 percent of the total. Merchant adoption of new chip-enabled terminals has been slow, according to most accounts, and has provoked hostility from retailers who contend it’s an extra expense that isn’t as secure as other options. But Visa figures that based on the newly released data on adoption so far, it’s already made a difference: Counterfeit fraud at the top five chip-enabled merchants has dropped by 18 percent from the end of 2014 to the end of 2015.

BERYLIA UNDER ASSAULT — The fictional nation of Berylia will be battered by cyberattacks this week under the Locked Shields 2016 exercise in Tallinn, Estonia, organized by the NATO Cooperative Cyber Defense Centre of Excellence. ZDNet reckons it’s the world’s biggest cyber wargame: “More than 1,700 attacks will be carried out against the 1,500 virtualised systems the teams have to defend — a variety of servers, online services and an industrial control system.” The exercise started Monday and runs through the close of the week.

RECENTLY ON PRO CYBERSECURITY — Rep. Ted Lieu wants a House panel to investigate security flaws in the global mobile network that could leave callers widely vulnerable to hackers monitoring their conversations. … Microsoft co-founder Bill Gates said he supports the company’s lawsuit against the government seeking the ability to notify customers when federal law enforcement receives their data.

REPORT WATCH

— Less than one-quarter of organizations hit by a cyberattack have no ability to respond immediately and must instead purchase services to help after the fact, according to the NTT Group’s 2016 threat intelligence report out today. And the top 10 vulnerabilities all were related to Adobe Flash.

— A total of 97 percent of applications tested by cybersecurity company Trustwave in 2015 had at least one vulnerability, 10 percent of which were rated critical. The firm’s annual report, released today, also found the most popular exploit kit was Angler, followed by Nuclear.

PEOPLE ON THE MOVE

— Maj. Gen. George J. Franz III has been assigned to U.S. Cyber Command to serve as director of operations.

— David Medine, who recently departed as head of the Privacy and Civil Liberties Oversight Board, will in July become a member of the policy consultant cadre for the Consultative Group to Assist the Poor, he said on Facebook.

QUICK BYTES

— BlackBerry offered a statement on giving access to Canadian law enforcement, although most agree it’s nebulous.

— Polls offer a range of opinions about encryption. Nextgov.

— #UnlockJustice, a campaign to support law enforcement access to encryption, caught some guff on Twitter. Motherboard.

— MIT is exploring how artificial intelligence can defend against cyberattacks. Wired.

— Cybersecurity could create 1 million jobs in India. Times of India.

— U.S. CERT is advising Windows users to get rid of Apple Quicktime. Krebs on Security.

— China’s state-run media outlet suggested that the United States is launching cyberattacks on itself to boost budgets and make Beijing look bad. The Hill.

That’s all for today. #TeamKimberlyStrubell

Stay in touch with the whole team: Darren Goode ( [email protected] , @DarrenGoode); Bob King ( [email protected], @BKingDC); and Tim Starks ( [email protected], @timstarks).

Follow us on Twitter Heidi Vogt @HeidiVogt



Eric Geller @ericgeller



Martin Matishak @martinmatishak



Tim Starks @timstarks