THE KEY

President Trump’s course reversal Saturday on banning U.S. companies from supplying software and components to Huawei has managed to do what few other Trump policies have. It’s outraging Republicans.

Trump announced the shift after meeting with Chinese President Xi Jinping at the G-20 summit in Japan as part of an agreement to restart trade negotiations between the nations. In exchange, China agreed to buy more U.S. farm products, my colleagues David J. Lynch and Damian Paletta report.

The about-face prompted a quick rebuke from Republicans, with Sen. Marco Rubio (R-Fla.), a longtime China hawk, threatening to reinstate the bans with legislation he said could pass with a veto-proof majority.

The Commerce Department imposed those restrictions in May because of the national security risk that the Chinese telecom might help Beijing spy on U.S. networks. The decision came the same day Trump issued an executive order banning Huawei from building the next-generation U.S. 5G wireless networks.

If the administration shifts course and treats the Commerce restrictions as a bargaining chip in trade negotiations, it will seriously damage U.S. credibility the next time it warns of a national security threat, Rubio warned.

Sen. Rick Scott (R-Fla.) joined Rubio, declaring that restrictions on Huawei should be “non-negotiable” and calling the company “a national security threat to the U.S. and our allies.”

Sen. Marsha Blackburn (R-Tenn.) said the United States should do less business with Huawei, not more, and said it’s “time to stop them in their tracks.”

Retired Gen. Rob Spalding, who worked on 5G issues for the Trump administration in the buildup to the Huawei ban, declared that “Huawei is not a trade issue. It is an existential issue for democracy not just for the US, but everywhere.”

By Sunday, the administration was trying to temper Republicans’ concerns. Trump’s chief economic adviser Larry Kudlow went on the Sunday morning shows promising the shift would apply only to “general merchandise,” such as computer chips and software that are also available from non-American suppliers.

It would not apply to software and components U.S. officials have specific national security concerns about, Kudlow said.

“I hope that when President Trump comes back that he and others of us will be able to persuade Senator Rubio that there will be no national security violations,” Kudlow said on CBS'S "Face the Nation."

On Fox News Sunday, he promised the shift would not be a “general amnesty.”

Kudlow suggested, however, the president might pull back some other Huawei restrictions after all other issues are resolved in trade negotiations.

Huawei has steadfastly denied that it assists Chinese government spying and said it would refuse to do so if asked.

The Commerce ban that Trump plans to roll back is one of the most aggressive actions the U.S. government has taken against Huawei — and the least popular among cyber pros and industry.

When I surveyed The Cybersecurity 202 experts’ network about the ban in early June, 61 percent said it was a bad idea. They worried it would hurt U.S. tech companies supplying Huawei more than it hurt Huawei. They also fretted the ban would prompt an escalating tit-for-tat conflict that might result in more of the world using less digitally secure Chinese products rather than more secure American ones.

Many of the same experts said that banning Huawei from U.S. 5G networks — and a diplomatic campaign urging U.S. allies to do the same — was far more important.

But imposing the Commerce ban and then paring it back might be even worse, some experts suggested this weekend, because it signals that U.S. officials were being disingenuous when they warned of the dangers of Huawei spying. And that signal could be picked up by allies that are considering whether to buy Huawei gear for their 5G networks.

“When you tell the world one day Huawei is a security threat and then reverse that argument the next day, you undermine the veracity of the initial security claim, and make it much harder for anyone to believe your security concern in the future,” Michael McFaul, U.S. ambassador to Russia during the Obama administration, tweeted.

Michael Wessel, a commissioner on the U.S.-China Economic Security Review Commission, tweeted that it seemed Trump was “willing to accept a fistful of dollars while trading away our security.”

Even some lawmakers who were quiet about the security implications of the drawback criticized Trump for bargaining away some Huawei restrictions before getting more concessions from China on trade.

“Huawei is one of few potent levers we have to make China play fair on trade,” Senate Minority Leader Chuck Schumer (D-N.Y.) tweeted.

Why is @POTUS surrendering one of the United States’ key pieces of leverage before beginning new trade negotiations with China?” Rep. Jim Banks (R-Ind.), a member of the Armed Services Committee, asked.

PINGED, PATCHED, PWNED

PINGED: More than one-third of all voting machines used in the 2018 election did not include a paper trail of votes, according to a report out last week from the Election Assistance Commission.

And more than half of those machines were in just three states: Texas, Pennsylvania and Georgia, FCW’s Derek B. Johnson reports. Georgia accounted for about 27,000 of the 135,000 machines that lacked paper trails and Texas accounted for about 26,000.

The lack of a paper record for votes makes it far more likely that hackers could manipulate votes without either voters or election officials realizing it, experts say — a major concern since Russian hackers probed state election systems in advance of the 2016 contest.

Congress distributed $380 million to states to improve their election security after that election, much of which is being spent before the 2020 contest on replacing voting machines that lack paper records. 

PATCHED: The Department of Homeland Security is preparing for a dramatic increase in Iranian cyberattacks, some of which may be aimed at destroying data rather than simply stealing it, the department’s top cybersecurity official Chris Krebs tells Ars Technica’s Sean Gallagher.  

“My primary concern was that this is more than just an uptick — this is a dramatic increase in activity,” Krebs said, addressing a recent DHS warning about state-sponsored hackers from Iran. 

Krebs also told Ars Technica that he’d like to have a DHS-sponsored cybersecurity adviser “in every state capital” to help state and local governments deal with threats such as ransomware and election hacking. But that would require some major congressional funding, which is unlikely given Senate Majority Leader Mitch McConnell’s (Ky.) vow to block any election security-related legislation.

“If Congress wants to down the road decide to have a stronger security grant program for state and local governments . . ., that's how I see our engagement playing out over the next couple years,” he said.

PWNED: The parent company of LGBTQ dating app Jack'd has agreed to pay a $240,000 fine for not properly securing users’ private photos and data — including about 1,900 nude photos — against hackers, according to a statement from the New York attorney general's office.

A researcher first notified the company that its users’ photos and location data were publicly available via Amazon Web Services in 2018, the attorney general's investigation confirmed. But the company didn’t fix the vulnerability until a year later after multiple news reports, the attorney general said. (Washington Post owner Jeff Bezos owns Amazon Web Services.)

The settlement is just the latest in a long string of data security failures by dating apps, including a 2015 hack of infidelity site Ashley Madison that exposed more than 30 million users and data breaches or poor security practices at dating sites OkCupid, Coffee Meets Bagel and AdultFriendFinder.

PUBLIC KEY

— Cybersecurity news from the public sector:

Democratic presidential candidates are seizing on election security to attack Republicans for not doing enough to safeguard the country against foreign interference.
The Hill
"Triple threat" commodity malware attack seizes computers of yet another Florida town.
Ars Technica
A bipartisan group of freshman House lawmakers revealed Friday a Task Force Sentry that has worked behind closed doors the past two months to craft legislation to prevent foreign interference in U.S. elections.
The Hill
PRIVATE KEY

— Cybersecurity news from the private sector:

It infected 10 million computers. So why did cybergeddon never arrive?
The New York Times
In a speech to South Korea’s largest conglomerates after he eased the toughest U.S. measures against Huawei, President Trump provided no direction on how they should proceed with the Chinese tech giant.
Wall Street Journal
Back doors to your personal data can be found in everything from smart fish tanks to Wi-Fi pineapples.
Bloomberg
Eric Welling has left his position as deputy assistant director of the FBI’s Cyber Division to join consulting giant Accenture, a company spokesperson confirmed. After more than 20 years at the FBI, Welling will lead Accenture Security’s North America Incident Response Command Center.
CyberScoop

WILD WILD WEST

— Cybersecurity news from abroad 

Using code rather than concrete, European companies are busy building walls to protect their data, and are being encouraged by local politicians concerned about threats to their sovereignty.
Bloomberg
Ministers to be put in fictional scenarios after series of hacking incidents
https://www.theguardian.com/profile/daniel-boffey