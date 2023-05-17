Comment on this story Comment Gift Article Share

Below: The U.S. charges a Russian accused of participating in the Babuk ransomware campaign, and prosecutors accuse people of stealing technology for other countries. First:

The Network: Keep Section 702 surveillance authorities, with adjustments

Biden administration security officials have been touting how some expiring surveillance powers have helped counter cyberattacks, even as others say the surveillance violates Americans’ civil liberties. It’s up to Congress to decide by the end of the year whether to let those powers expire, renew them as-is or make changes to them and preserve them.

If the majority of cyber experts who responded to our latest Network survey had their way, they’d choose the option to alter the authorities, known as Section 702, before re-upping them. That doesn’t mean they all want to make the same changes, with some citing the need for additional privacy safeguards for Americans and others citing the need to take overseas allies into account.

Before diving into the survey results, a word on what Section 702 is, exactly.

Part of the larger Foreign Intelligence Surveillance Act, the powers granted under Section 702 allow warrantless eavesdropping on electronic communications of overseas targets, originally with counterterrorism in mind.

But because those targets are sometimes communicating with Americans, Americans’ communications can get swept up into that surveillance. Officials also can search the collected communications, using search terms for Americans such as passport numbers or Social Security numbers.

Some key liberals in Congress are worried about the privacy implications of Section 702, while some key Republicans more skeptical of U.S. intelligence agencies than in earlier reauthorization battles, making the path to quickly reauthorizing the authorities more rocky

Against renewal

The smallest group of respondents, 16 percent, said that the privacy violations under Section 702 justify scrapping it entirely.

“Section 702 infringes upon the civil liberties of Americans and has been substantially abused for little benefit,” said Kendra Albert, a clinical instructor at the Cyberlaw Clinic at Harvard Law School. “If surveillance oversight is to mean anything, Congress should not reauthorize it.”

Also in the “don’t renew it” camp was Sascha Meinrath, the Palmer chair in telecommunications at Pennsylvania State University and the founding director of X-Lab, a think tank.

“Antiquated frameworks like Section 702 have led to rampant unconstitutional surveillance of millions of innocent Americans,” Meinrath wrote. “Section 702 does not function as intended, and needs to be sunset in favor of a completely new surveillance-oversight framework that ensures meaningful transparency to Congress and individual accountability for violating the law.”

Renewal as-is

A slightly larger group, 20 percent, said Congress should reauthorize Section 702 without changes, siding with Biden officials who say it’s a powerful tool.

“There will always be a tug of war between privacy and security,” wrote Jay Kaplan, chief executive and co-founder of Synack and a former National Security Agency analyst. “The reality is we haven’t suffered a major terrorist attack domestically in many years because 9/11-era policies like Section 702 are working.”

Another former NSA official, Glenn Gerstell, said that while concerns about Section 702 are understandable, Congress shouldn’t change things “piecemeal” but instead appoint a commission to examine all surveillance in the digital age.

“If the value of Section 702 surveillance wasn’t already clear and significant, it’s become essential to understanding and [combating] foreign cyber maliciousness,” said Gerstell, who formerly served as general counsel for the spy agency and now is a senior adviser at the Center for Strategic and International Studies. “There’s simply no tool to replace it.”

Renewal with changes

But the rest — 64 percent — favored reauthorization with some kind of change.

Suzanne Spaulding, also with CSIS as senior adviser for homeland security as part of the international security program, said the political realities require some changes.

“The underlying authority provided by section 702 is vital to our national security but it is not realistic to think that it can be reauthorized without any changes,” she wrote. “Congress and the public need to be confident that this authority is not misused.” She mentioned the idea that Congress could codify changes the FBI has made in an attempt to prevent abuses.

One popular suggestion, despite the Biden administration’s objections, has been to require a warrant when querying Americans’ messages.

“As it’s currently implemented, Section 702 conflicts with the Fourth Amendment — the prohibition against unreasonable search and seizure,” wrote Jamie Winterton, director of strategy for Arizona State University’s global security initiative. “Agents should at least be required to have a warrant before they can access Americans’ private communications.”

Others pointed to conflicts with the European Union without changes.

“FISA and in particular Section 702 represents one of the greatest challenges in getting a stable data privacy framework agreement with the E.U.,” said Alexander Klimberg, senior fellow at The Hague Center for Strategic Studies. “Recently, the European Parliament voted to dismiss the currently negotiated agreement largely due to concerns over ‘bulk collection’ facilitated via Section 702. … To solve this in the very least, Section 702 must feature more advanced minimization procedures that will lower the chance of the average citizen being ensnared.”

(There’s the potential that a warrant requirement for accessing Americans’ communications could, in fact, alienate the E.U. if it reinforces concerns that the United States “discriminates against non-U.S. persons,” wrote Peter Swire, who teaches privacy and cybersecurity at Georgia Tech and is senior counsel at Alston & Bird.)

Concerns about FISA abuses justify other changes, said Stewart Baker, a partner at Steptoe & Johnson and another former NSA official.

“The last five years have seen many claims, mostly on the right, that intelligence authorities have been used for partisan purposes,” Baker said. “Some of those claims have substance, and the reauthorization of Section 702 is an opportunity for Congress to put in place new guardrails against partisanization.”

The network

Here are some other responses.

Reauthorize with changes: “While Section 702 is an unpleasant necessity to support national security, the lack of oversight and overly broad scope allows abusive collection of data with a limitless duration on U.S. citizens who lack awareness and recourse,” said Scott Montgomery , vice president and general manager of public sector solutions at Island. “Reauthorization with no changes is limiting to U.S. citizen freedoms, not reauthorizing at all increases national security risk. The right answer is to reauthorize with common sense policy on scope and oversight.”

Reauthorize with no changes: Elizabeth Wharton said the surveillance powers have shined a light on the tactics, techniques and procedures (TTPs) of malicious hackers. “Section 702 has brought threat actor TTPs into the light where using U.S.-based services in particular was used as an attempt to stay hidden,” said Wharton, vice president for operations at SCYTHE.

Don’t reauthorize: “Preserving and restoring American privacy in tech should be the priority, not reauthorizing broad surveillance capabilities that are not proportionately effective at thwarting terrorists,” wrote Katie Moussouris, founder and CEO of Luta Security.

The keys

U.S. accuses Russian national of participating in ransomware attacks

The Treasury Department announced criminal charges against Russian national Mikhail Matveev, who is accused of participating in the Babuk ransomware attacks that impacted D.C. police, an airline and other American industries, Spencer S. Hsu, Aaron Schaffer and your Cybersecurity 202 host report.

“According to analysis conducted by Treasury’s Financial Crimes Enforcement Network, 75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies or people acting on its behalf,” we write. “Matveev is a ‘key actor’ in that system, the department said, helping develop and deploy Russian-linked ransomware variants such as Hive, LockBit and Babuk, with Hive alone targeting more than 1,500 victims in more than 80 countries.”

Matveev and other hackers allegedly deployed Babuk ransomware against D.C. police in 2021. That attack infected computer systems, stole data and threatened disclosure of sensitive information unless a payment was made.

“The United States will not tolerate ransomware attacks against our people and our institutions,” said Brian E. Nelson, undersecretary of the treasury for terrorism and financial intelligence. “Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyberthreats.”

U.S. charges former Apple employee, others with stealing technology for other countries

The United States on Tuesday unsealed multiple charges in cases that alleged employees at mostly U.S.-based companies of stealing key technologies for the benefit of other nations, including a former Apple engineer who absconded with proprietary company data to China, Sarah N. Lynch, David Shepardson and Karen Freifeld report for Reuters.

The five cases — against people who have allegedly tried to help China, Russia and Iran — were announced by a strike force formed by the Justice Department and Commerce Department in February.

“Two of the cases brought charges against procurement networks that U.S. law enforcement officials say were designed to help Russia violate American export control laws to obtain technology vitally important to national security such as quantum cryptography,” Tonya Riley reported for CyberScoop

The former Apple engineer, Weibao Wang, was involved in the company’s work on autonomous technologies and self-driving cars.

“In 2017, he accepted a U.S.-based job with a Chinese company working to develop self-driving cars before resigning from Apple, but waited about four months before informing Apple of his new job,” the Reuters report says.

It adds: “After his last day at Apple, the company discovered that he had accessed large amounts of proprietary data in the days before his departure, the Justice Department said. Federal agents searched his home in June 2018 and found ‘large quantities’ of data from Apple, it added. Shortly after the search, he boarded a plane to China, the department said.”

Apple declined to comment on the case to Reuters.

U.K.’s Capita facing new data breach incident amid fallout from March hack

The Colchester City Council accused U.K. consulting firm Capita of “unsafe storage of personal data” in the latest revelation from a cyberattack that has had reverberating effects since March, Leke Oso Alabi, Ian Smith and Josephine Cumbo report for Financial Times.

“Colchester Council said it had expressed ‘extreme disappointment with Capita’ following revelations of a ‘serious data breach,’” they write.

“The council said it was taking ‘swift and decisive action,’ adding that it understood that the incident had affected several other local authorities around the country,” the report adds.

Capita provides services for several U.K. government entities, including the Ministry of Defense and the Royal Navy. “We are aware of the cyber incident which affected Capita and are in regular contact with the company,” a U.K. government spokesperson told the FT. “The issue primarily affected internal processes with minimal impact on government services.”

A Capita spokesperson told the FT that it’s “working with our third-party technical advisers to investigate” the latest revelations, and that the historic data was “secure and no longer accessible.”

Government scan

Hill happenings

Industry report

Global cyberspace

Daybook

Secure log off

