Welcome to The Cybersecurity 202! We won’t be publishing Monday because of Martin Luther King, Jr. Day, so we’ll next see you on Tuesday.
The fight over an expiring surveillance authority just kicked off
But civil liberties advocates appearing alongside him just as forcefully made their case about the expiring powers, saying it represents an immense violation of U.S. citizen privacy.
That’s the traditional dynamic when it comes to discussion of that surveillance authority, known as Section 702: The intelligence community calls it a vital national security tool, and privacy groups call it a threat to constitutional rights.
A new wrinkle this year is Republicans taking control of the House and equating the expiring authority with an overarching law the Justice Department used — in a process marked by “widespread” problems, according to the Justice Department inspector general — to snoop on a Donald Trump presidential campaign aide.
Section 702 is a part of the 1978 Foreign Intelligence Surveillance Act (FISA), and was added in a 2008 update to the FISA law. In 2018, President Donald Trump signed a six-year extension of Section 702. It’s the authority that allows the NSA to warrantlessly eavesdrop on foreign targets, albeit in a way that sometimes sweeps up communications from Americans the targets are talking to — known as “incidental collection.”
Consider Thursday’s meeting of the Privacy and Civil Liberties Oversight Board, where advocates and opponents of Section 702 both spoke, to be the kickoff of the 2023 debate about reauthorizing the authority.
“This authority provides the U.S. government irreplaceable insights whether we are reporting on cybersecurity threats, counterterrorism threats or protecting U.S. and allied forces,” Nakasone said. “FISA Section 702 has helped us to understand the strategic intention of the foreign governments we are most interested in, the People’s Republic of China, Russia, Iran and Democratic People’s Republic of Korea.”
It’s difficult to speak publicly about the successes of Section 702, Nakasone argued, because of the need to classify information about U.S. spying. But he said the agency will declassify some information when it can. He listed a couple instances of how Section 702 had helped in cyber cases, although he didn’t provide detailed accounts.
“The U.S. government identified multiple foreign ransomware attacks on U.S. critical infrastructure in 702 data,” Nakasone said. “This intelligence positioned the government to respond to and mitigate these events and, in some instances, prevent significant attacks on U.S. networks.”
- “In another recent example, the intelligence community used information from 702 to discover that a foreign adversary had used a cyberattack to acquire sensitive information related to the U.S. military,” Nakasone said, calling Section 702 powers “irreplaceable.”
If there’s one thing Nakasone and the civil liberties groups who spoke Thursday agree on, it’s that there’s too little information available publicly about how Section 702 is being used.
“While the government claims that Section 702 has played an important role in cybersecurity investigations, there’s not enough public information to corroborate whether Section 702 is necessary to accomplish these goals and whether special safeguards are necessary in the cyber context,” said Jeramie Scott, senior counsel at the Electronic Privacy Information Center. “The use of Section 702 as part of cybersecurity efforts raises privacy and civil liberties concerns given the potential breadth of collection.”
And the existence of “incidental collection” fundamentally makes Section 702 a mass U.S. monitoring program, said Cindy Cohn, executive director of the Electronic Frontier Foundation.
“The U.S. has de facto created a national security exception to the U.S. Constitution,” she said. “The American people, and indeed people all around the world, have lost the ability to have a private conversation over digital networks.”
One key House committee chairman is taking his own skeptical look.
“We need to make changes to the FISA process,” Rep. Jim Jordan (R-Ohio), who is now chair of the Judiciary Committee that shares jurisdiction over FISA, said in October on Fox News. “I think we should not even reauthorize FISA, which is going to come up in the next Congress.” (The entirety of FISA isn’t coming up for reauthorization this year; only Section 702 is.)
This week, the House voted along party lines to create a subcommittee under Jordan’s panel “that Republicans say will launch a far-reaching examination of the agencies and people that investigated Donald Trump and that Democrats describe as an unprecedented breach of protocol on criminal probes and national security matters,” as my colleagues Jacqueline Alemany and Devlin Barrett reported.
- On Section 702, their story reads, “It’s possible that Republicans will hold the program hostage if the Justice Department and other relevant agencies decline to answer the subcommittee’s requests, though such threats have proved hollow in the past.”
Another key lawmaker, House Intelligence Committee Chairman Michael R. Turner (R-Ohio), sounds more open to reauthorizing Section 702, although a working group he formed will be looking for changes to improve it, as Martin Matishak reported for the Record.
It all adds up to “the hardest reauthorization yet,” as Adam Klein, the former chairman of the Privacy and Civil Liberties Oversight Board, put it in a Lawfare story last month.
LockBit denies responsibility for cyberattack on Royal Mail
LockBit’s ransomware appeared to hit the devices that the postal service uses to print international customs labels, the Telegraph’s Gareth Corfield reports. But LockBitSupp, a support representative for Lockbit, denies that it was behind the cyberattack, and the gang says that hackers used a leaked tool to build ransomware that looks like LockBit’s, Bleeping Computer’s Lawrence Abrams reports.
“LockBitSupp's explanation does not explain why Royal Mail's ransom notes included links to LockBit's Tor negotiation and data leak sites rather than the other threat actor's sites who are allegedly using the builder,” Abrams writes. “However, if LockBitSupp is telling the truth and other threat actors used the leaked builder in the attack, then it would mean this was likely a destructive attack rather than one for personal gain, as there is no way to contact the actual attackers.”
Royal Mail has said it’s not able to send items internationally. It asked customers to “not post any export items while we work to resolve the issue.” It declined to comment to the Telegraph.
LockBit is one of the ransomware ecosystem’s most prolific groups, cybersecurity researchers say. The group didn’t take Russia’s side in its war with Ukraine. “For us, it is just business and we are all apolitical,” the group wrote after Russia invaded Ukraine. “We are only interested in money for our harmless and useful work.”
Two more Democratic governors ban TikTok on state devices
The bans of the app by Wisconsin Gov. Tony Evers (D) and North Carolina Gov. Roy Cooper (D) come after officials and governors from about half of the country announced similar bans, Reuters’s David Shepardson reports. Congress also banned federal workers from using the app on their government devices. The bans come amid concerns by critics over TikTok’s relationship with Chinese owner ByteDance, potential transfers of data on Americans and the ability of China to promote propaganda on the app.
Most of the governors who have announced TikTok bans are Republicans. Evers and Cooper are at least the second and third Democratic governors to ban the app, after Kansas Gov. Laura Kelly. New Jersey Gov. Phil Murphy (D) this week announced that state officials banned the app.
TikTok told Reuters that it’s “disappointed that so many states are jumping on the political bandwagon to enact policies that will do nothing to advance cybersecurity in their states and are based on unfounded falsehoods about TikTok.”
Thanks for reading. See you next week.
Gloss