THE KEY

Facebook is in hot water, again. This time, Mark Zuckerberg and his social media giant are facing intense scrutiny from lawmakers in Britain who are holding a high-profile hearing Tuesday in a continuing quest to hold the company accountable for privacy breaches and dissemination of “fake news.”

The hearing comes on the heels of an unusual seizure of  internal Facebook documents last week from an American businessman traveling in London that a prominent British lawmaker believes will shed light on the company's data practices leading up to the 2016 election of Donald Trump. The documents are currently under seal in a California court in an unrelated legal battle between a third-party developer and Facebook.

The British hearing and aggressive document seizure spotlight the growing tensions between European regulators and Facebook just as the social media company is facing additional questions in the United States from lawmakers — queries that are only likely to intensify as Democrats retake control of the House in January.

According to The Guardian, Ted Kramer, who founded U.S. software company Six4Three, was compelled to “hand over the documents during a business trip to London. In another exceptional move, parliament sent a serjeant at arms to his hotel with a final warning and a two-hour deadline to comply with its order. When the software firm founder failed to do so, it’s understood he was escorted to parliament. He was told he risked fines and even imprisonment if he didn’t hand over the documents.”

British officials think the documents could reveal more about Facebook's relationship with Cambridge Analytica, the now-defunct voter profiling firm hired by the Trump campaign and other Republicans that improperly harvested information from Facebook profiles. It was banned in March from Facebook, and rules for using the technology company's platform were tightened in the wake of the controversy (which is why Six4Three is suing Facebook in California).

Damian Collins, the chair of the committee that will hold tomorrow's hearing, called the seizure “unprecedented” but said “we are in an unprecedented situation.”

There's now a dispute about making the papers public. Regardless, Facebook will face a grilling from Collins's committee and an unusual slew of lawmakers from six other countries on Tuesday. 

Collins is upset that Zuckerberg has refused to testify before his committee — instead, it is sending Richard Allan, the company's vice president for public policy solutions.

This isn't the first time Zuckerberg has refused to appear before British lawmakers — he declined to do so at the end of October, and again before an expanded committee of international lawmakers in November, The Post's Tony Romm reports. U.K. investigators have also fined Facebook over the Cambridge Analytica mess, a penalty the company is appealing.

European officials have been leading the charge to crack down on the use of online information in moves that could be costly to U.S. technology giants and pave the way for U.S. action. The European Union implemented a sweeping digital-privacy law in May that gives users the right to demand the deletion of their data and requires companies to get explicit consent from consumers about how their data can be used, among other things.

The United States has lagged behind in privacy efforts, though some states — specifically California — are taking their own action to toughen privacy regulations.

The international hearing in British Parliament tomorrow — and the seizure of a U.S. company's information — suggests European regulators won't be letting up anytime soon. With a new political order coming soon in Washington, the same could soon be true on home turf for Zuckerberg and other tech titans.

A note to readers: Joe Marks, the new anchor of The Cybersecurity 202, will take the helm the first week of December. Until then, we have a great slate of guest anchors from The Post's national security, technology and business staff to share their reporting and insights. Thanks for bearing with us during the transition.

PINGED, PATCHED, PWNED

PINGED: “Russian hackers are back in the spotlight after the U.S. midterm elections, carrying out a widespread campaign that targeted the federal government, media outlets and think tanks,” the Hill's Jacqueline Thomsen and Olivia Beavers reported. “American officials were on the lookout for Russian interference ahead of and during the Nov. 6 elections, but the detection of activity by a Kremlin-linked hacking group took place just days after the polls closed. Some researchers told The Hill that the recent cyber efforts are a sign that hackers are exploring the new political landscape now that Democrats will be in control of the House starting in January.” As Thomsen and Beavers reported, U.S. cybersecurity companies spotted phishing efforts impersonating a State Department official. Moreover, the cybersecurity firms noted that the phishing campaign resembled previous operations by Russia-linked hackers, according to the Hill.

“Analysts warned against trying to predict the motivations of the Kremlin-linked hackers, saying they don’t know the specifics of what’s driving the phishing campaigns,” Thomsen and Beavers wrote. “Steve Weber, faculty director for the Center for Long Term Cybersecurity at the University of California at Berkeley, said a number of scenarios could be playing out behind the scenes, and it’s unclear how exactly the groups are run. Regardless of their orders, he said, the hackers could be showing that they can carry out campaigns at any time for whatever reason, and perhaps even for the sake of showing they still have the capability to launch cyberattacks.”

PATCHED: “The U.S. government has initiated an extraordinary outreach campaign to foreign allies, trying to persuade wireless and internet providers in these countries to avoid telecommunications equipment from China’s Huawei Technologies Co., according to people familiar with the situation,” the Wall Street Journal's Stu Woo and Kate O’Keeffe reported. “American officials have briefed their government counterparts and telecom executives in friendly countries where Huawei equipment is already in wide use, including Germany, Italy and Japan, about what they see as cybersecurity risks, these people said. The U.S. is also considering increasing financial aid for telecommunications development in countries that shun Chinese-made equipment, some of these people say.”

The Journal reported that briefings from the U.S. government argue that cyberattacks could target 5G networks. “Today’s cellular-tower equipment, for instance, is largely isolated from the ‘core’ systems that transfer much of a network’s voice and data traffic,” Woo and O'Keeffe wrote. “But in the 5G networks telecom carriers are preparing to install, cellular-tower hardware will take over some tasks from the core—and that hardware could potentially be used to disrupt the core via cyberattacks. For that reason, U.S. officials worry that Huawei or ZTE cellular-tower equipment could compromise swaths of a telecom network.” Citing a U.S. official, Woo and O'Keeffe also reported that the briefings mention “Beijing’s ability to force Chinese corporations to comply with government requests from government authorities.”

PWNED: Several European companies seek to challenge Google's dominance over online searches. “The backlash over Big Tech’s collection of personal data offers new hope to a number of little-known search engines that promise to protect user privacy,” the Associated Press's Kelvin Chan reported. “Sites like Britain’s Mojeek, France’s Qwant, Unbubble in Germany and Swisscows don’t track user data, filter results or show ‘behavioral’ ads. These sites are growing amid the rollout of new European privacy regulations and numerous corporate data scandals, which have raised public awareness about the mountains of personal information companies stealthily gather and sell to advertisers.”

European search engines remain far smaller than Google but firms like Qwant and Mojeek are drawing more and more traffic, the AP reported. “Qwant is even getting official support,” Chan wrote. “Last month the French army and parliament both said they would drop Google and use Qwant as their default search engine, as part of efforts to reclaim European ‘digital sovereignty.’ The site doesn’t use tracking cookies or profile users, allowing it to give two different users the exact same result. It has built its own index of 20 billion pages covering French, German and Italian and plans to expand it to about two dozen other languages, for which results currently come from Microsoft’s Bing.”

PUBLIC KEY

— “Conservative writer and conspiracy theorist Jerome Corsi is in plea negotiations with special counsel Robert S. Mueller III, according to Corsi and another person with knowledge of the talks,” The Post's Rosalind S. Helderman, Josh Dawsey and Manuel Roig-Franzia reported. “The talks with Corsi — an associate of GOP operative Roger Stone — could bring Mueller’s team closer to determining whether Trump or his advisers were linked to WikiLeaks’ release of hacked Democratic emails in 2016, a key part of his long-running inquiry. Corsi provided research on Democratic figures during the campaign to Stone, a longtime Trump adviser. For months, the special counsel has been scrutinizing Stone’s activities in an effort to determine whether he coordinated with WikiLeaks. Stone and WikiLeaks have repeatedly denied any such coordination.”

— “A federal judge on Sunday ruled George Papadopoulos must report to prison as scheduled on Monday, rejecting a bid from the former Trump campaign adviser to delay the start of his sentence while a constitutional challenge to the special counsel investigation into Russia’s election interference remains unresolved,” The Post's Rosalind S. Helderman and Matt Zapotosky reported. "Papadopoulos, who was sentenced to spend 14 days in prison, had argued it was possible that the constitutional challenge in a separate case would result in his conviction being set aside, and that he should therefore be allowed to remain free on bail. But U.S. District Judge Randolph D. Moss noted that Papadopoulos had not appealed his conviction, having waived his right to do so when he pleaded guilty. Moss also wrote that Papadopoulos had not shown that the appeals court in the separate case probably would conclude the special counsel’s appointment was unlawful."

— More cybersecurity news from the public sector:

The service has undergone a series of pilots to test what cyber capabilities brigade commanders should have at the tactical edge.
Fifth Domain
There's growing appetite among Republicans for regulating big tech companies.
Ars Technica
PRIVATE KEY
The Switch
A start-up that requires prospective babysitters to hand over their social media accounts says it uses “advanced artificial intelligence” to assess a sitter's risk of drug abuse, bullying and more.
Drew Harwell
Very often, small companies don’t scale their security to match their new size.
The Wall Street Journal
As the holiday season kicks into gear, it's important to understand that a lot of kids' toys and apps collect and store information about them, often with little regard for privacy and security. Here's how to make wise choices.
CNBC
THE NEW WILD WEST

— “Japan’s cybersecurity minister, who gained global notoriety last week when he said he doesn’t use a computer, has now admitted he’s not that familiar with the whole cybersecurity field either,” The Post's Simon Denyer reported. “Yoshitaka Sakurada, 68, who also serves as minister for the 2020 Olympics in Tokyo, faced a parliamentary committee Thursday on the country’s new cybersecurity law. ‘I myself am not that familiar with’ cybersecurity matters, he told the committee, according to the Japan Times. ‘My biggest job is to read out written replies without making any mistakes,’ he said, referring to responses to questions written for him by his ministry’s bureaucrats.”

— “Russia has drawn up draft legislation aimed at stopping leaks of personal information from state agencies, a step that follows publication of details of Russians allegedly involved in clandestine intelligence operations abroad,” Reuters's Maria Kolomychenko reported. “The bill, produced by Russia’s communications ministry, bars unauthorized people from creating and publishing databases of personal data drawn from official sources, and fines anyone violating that rule.”

— More cybersecurity news from abroad:

Just months before crown prince launched a purge against his opponents, NSO offered Saudi intelligence officials a system to hack into cellular phones
Haaretz
The head of the Russian intelligence agency that the West says meddled in the U.S. presidential elections in 2016 has died. The demise of Igor Korobov, 62 years old, follows his predecessor’s sudden death almost three years ago.
The Wall Street Journal
Russia plans to impose stiffer fines on technology firms that fail to comply with Russian laws, sources familiar with the plans said, raising the stakes in the Kremlin’s fight with global tech giants such as Facebook and Google.
Reuters
FOR THE N00BS
Every new version of iOS seems to bring with it a fresh lock screen bypass. Head the next one off by shushing Siri on your lock screen.
Wired
ZERO DAYBOOK

Coming soon

EASTER EGGS

Rep. Gowdy says personal email use is “not a crime”:

Trump questions military use of electromagnetic technology:

Migrant caravan crisis escalates with tear gas at border fence: