SUMMARY: The Wall Street Journal reported that Russia obtained classified information about how the U.S. military protects its computer networks and conducts electronic spying. The breach occurred when data was stolen by an NSA contractor, then hacked by Russia. Hari Sreenivasan speaks with The Wall Street Journal's Shane Harris.
SUMMARY: Ajit Pai, President Trump's new FCC chairman, has plans to do away with net neutrality rules that have been in place for the last three years. Pai argues the rules are too burdensome and that they stifle innovation and competition. William Brangham discusses the changes in oversight with Pai.
JUDY WOODRUFF (NewsHour): A political fight is brewing about access to the Internet. The new head of the FCC, the Federal Communications Commission, wants to clear away regulations about who controls and polices the flow of content on the Internet.
William Brangham has that.
WILLIAM BRANGHAM (NewsHour): We're talking here about what's known as net neutrality, not the easiest concept to grasp, so bear with me.
Almost all of us in America get our Internet access via one main provider. These are the telecom and cable giants like Verizon, Comcast, Charter, Time Warner. They provide the infrastructure that delivers the bounty of the Web to our homes and phones; sites and apps like Google, Netflix, Facebook, Instagram, you name it.
The telecoms build the highway. The others guys are like the cars traveling that highway.
The idea of net neutrality is that the telecoms have to treat that highway as an open road. They can't pick and choose which Web sites or services get to you faster or slower. The fear is that, if they do have that power, they will be tempted to favor their content, their sites, their own videos over a competitor's.
But the telecoms argue that's not fair, they should be able to control that flow, and be able to charge more for faster access.
In 2014, the Federal Communications Commission under President Obama wanted to lock in these net neutrality rules, but it faced intense pushback by the industry.
The fight even spilled into pop culture, with this from HBO's John Oliver:
JOHN OLIVER, Host, “Last Week Tonight With John Oliver”: If we let cable companies offer two speeds of service, they won't be Usain Bolt and Usain Bolt on a motorbike. They will be Usain Bolt, and Usain bolted to an anchor.
(LAUGHTER)
WILLIAM BRANGHAM: But those net neutrality rules did pass and have been in place for the last three years.
But Ajit Pai, President Trump's new FCC chairman, now wants to get rid of those rules, arguing they're too burdensome. And this week, he began the process of rolling them back.
And FCC Commissioner Ajit Pai joins me now.
Welcome to the NewsHour.
AJIT PAI, Chairman, Federal Communications Commission: Thank you for having me.
WILLIAM BRANGHAM: So, you, I understand, are not a fan of these net neutrality rules from a few years ago. What is your principal concern?
AJIT PAI: Well, I favor a free and open Internet, as I think most consumers do.
My concern is with the particular regulations that the FCC adopted two years ago. They are what is called Title II regulations developed in the 1930s to regulate the Ma Bell telephone monopoly.
And my concern is that, by imposing those heavy-handed economic regulations on Internet service providers big and small, we could end up disincentivizing companies from wanting to build out Internet access to a lot of parts of the country, in low-income, urban and rural areas, for example.
And that, I think, is something that nobody would benefit from.
WILLIAM BRANGHAM: Is there evidence, though, that these rules have disincentivized those companies? There are — businesses are doing very, very well. They're spending billions on the spectrum.
AJIT PAI: There is significant evidence that investment in infrastructure has gone down since the adoption of these rules.
For example, there is a study by a highly respected economist that says that among the top 12 Internet service providers in terms of size, investment is down by 5.6 percent, or several billion dollars, over the last two years.
And amongst smaller providers as well, just literally this week, 22 Internet service providers with 1,000 customers or less told us that these Title II regulations have kept them from getting the financing that they need to build out their networks. And, as they put it, these net neutrality regulations hang like a black cloud over our businesses.
And so what we're trying to do going forward is figure out a way that we can preserve that free and open Internet that consumers want and need and preserve that incentive to invest in the network that will ultimately benefit even more consumers going forward.
SUMMARY: There are new rules for broadband providers when it comes to collecting and sharing consumer data. On Thursday, the Federal Communications Commission voted for the first time to create protections on the transmission of personal information for broadband providers. Hari Sreenivasan speaks with Tom Wheeler, chairman of the FCC.
HARI SREENIVASAN (NewsHour): New rules for broadband providers when it comes to collecting and sharing customer data.
The Federal Communications Commission voted for the first time today to create protections on the transmission of personal information from broadband providers.
Tom Wheeler is the chairman of the FCC. And he joins me now.
What is a provider going to have to do under these new rules?
TOM WHEELER, Chairman, Federal Communications Commission: Well, the key thing is that it is the consumers' information. It's not the network's information.
And the consumer now has the choice to say how they want that information to be used and if they want it to be used. So, there are really three key things. One, there has to be transparency, that the consumers have to be told, here's what we're doing with your information. Two, they have to have choice. So, do you want to opt in or opt out of this kind of service?
And, three, that data, when it's stored someplace, has to be stored securely and consumers have to know if there is some kind of data breach.
HARI SREENIVASAN: So, you have also expanded the definition of what is sensitive data. And some businesses have pushed back, saying, the browsing history, the app usage, Internet companies like Facebook and Google, they already have all that, and you're placing undue burdens on companies like Verizon, AT&T, et cetera.
TOM WHEELER: But what we're talking about is not the fact that you may go to a dozen sites that each will get a little bit of information.
We're talking about the network that takes you to every site and knows everything you're doing. And that's the big difference. You hire the network to deliver you to those sites. You don't hire the network to take your information without your permission and turn around and resell it.
SUMMARY: The U.S. government wants to be able to read certain data that's inaccessible to intelligence agencies due to encryption. At a Senate hearing, FBI director James Comey said the privacy technology can be a double-edged sword, detrimental to public safety. Gwen Ifill speaks to former Homeland Security Department official Stewart Baker and Susan Landau of the Worcester Polytechnic Institute.
GWEN IFILL (NewsHour): Earlier in the day, the Obama administration went to Capitol Hill to make its case to allow government great access to encrypted information. Essentially, the government wants to be able to read certain data that intelligence agencies cannot get now because it’s been protected with special codes. That’s at the heart of an ongoing battle with tech companies.
JAMES COMEY, FBI Director: Encryption is a great thing. It keeps us all safe. It protects innovation.
GWEN IFILL: But, FBI Director James Comey warned at Senate hearings today, it’s also a double-edged sword. That’s because the technologies that seal off smartphones from surveillance also impede efforts to track criminals and terrorists.
JAMES COMEY: We are moving inexorably to a place where all of our lives, all of our papers and effects, all of our communications will be covered by universal strong encryption. And that is a world that in some ways is wonderful and in some ways has serious public safety ramifications.
GWEN IFILL: Google, Apple and other tech firms have ramped up data encryption in the wake of Edward Snowden’s revelations of sweeping government surveillance. They’re also responding to stepped-up hacking coming from Russia and China.
But, at the same time, Islamic State followers and other militants are now using encrypted communications to recruit at a rapid pace. Deputy Attorney General Sally Yates underscored that point today.
SALLY YATES, Deputy Attorney General: ISIL currently communicates on Twitter, sending communications to thousands of would-be followers right here in our country. When someone responds and the conversations begin, they are then directed to encrypted platforms for further communication.
And even with a court order, we can’t see those communications. This is a serious threat. And our inability to access these communications with valid court orders is a real national security problem.
GWEN IFILL: And the FBI’s Comey suggested it’s just a matter of time before that leads to a terror attack.
JAMES COMEY: We are stopping these things so far through tremendous hard work, the use of sources, the use of online undercovers, but it is incredibly difficult. I cannot see me stopping these indefinitely.
China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.
Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management, which holds data on millions of current and former federal employees, as well as the health insurance giant Anthem, among other targets, the officials and researchers said.
“They’re definitely going after quite a bit of personnel information,” said Rich Barger, chief intelligence officer of ThreatConnect, a Northern Virginia cybersecurity firm. “We suspect they’re using it to understand more about who to target [for espionage], whether electronically or via human recruitment.”
The targeting of large-scale databases is a relatively new tactic and is used by the Chinese government to further its intelligence-gathering, the officials and analysts say. It is government espionage, not commercial espionage, they say.
“This is part of their strategic goal — to increase their intelligence collection via big-data theft and big-data aggregation,” said a U.S. government official who, like others, spoke on the condition of anonymity to discuss a sensitive topic. “It’s part of a strategic plan.”
One hack of OPM, which was disclosed by the government Thursday, dates at least to December, officials said. Earlier last year, OPM discovered a separate intrusion into a highly sensitive database that contains information on employees seeking or renewing security clearances and on their background investigations.
Once harvested, the data can be used to glean details about key government personnel and potential spy recruits, or to gain information useful for counterintelligence. Records in OPM’s database of background investigations, for instance, could contain a complete history of where an individual has lived and all of his or her foreign contacts in, say, China. “So now the Chinese counterintelligence authorities know which American officials are meeting with which Chinese,” a China cyber and intelligence expert said.
The data could help Chinese analysts do more effective targeting of individuals, said a former National Security Agency official. “They can find specific individuals they want to go after, family members,” he said.
The trend has emerged and accelerated over the past 12 to 18 months, the official said. An increase in Chinese capability has opened the way “for bigger data storage, for bigger data theft,” he said. “And when you can gain it in bulk, you take it in bulk.”
The Chinese government, he said, is making use of Chinese companies that specialize in aggregating large sets of data “to help them in sifting through” the information for useful details. “The analogy would be one of our intelligence organizations using Google, Yahoo, Accenture to aggregate data that we collected.”
China on Friday dismissed the allegation of hacking as “irresponsible and unscientific.”
Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace.
“We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,” he told a regular news briefing,
OPM disclosed that the latest hack of one of its systems exposed personal data of up to 4 million current and former employees — the largest hack of federal employee data in recent years.
It is possible that officials as senior as Cabinet secretaries had their data exposed, a congressional aide said on a briefing call with government officials Friday.
U.S. officials privately said China was behind it. The stolen information included Social Security numbers and performance evaluations.
“This is an intelligence operation designed to help the Chinese government,” the China expert said. “It’s a new phase in an evolution of what they’re doing. It certainly requires greater sophistication on their part in terms of being able to take out this much data.”
Barger’s firm has turned up technical evidence that the same Chinese group is behind the hacks of Premera Blue Cross and Empire BlueCross, which were discovered at roughly the same time earlier this year.
The first OPM incident has been linked to the health-care hacks by Barger and another security researcher, John Hultquist, senior manager for cyberespionage threat intelligence at iSight Partners. Hultquist said the same group is responsible for all of them, and for other intrusions into commercial databases containing large sets of Americans’ personal information.
“They would leverage this data to get to diplomatic, political, military and economic intelligence that they typically target,” said Hultquist, who declined to comment on who was behind the attacks.
Though much Chinese cyberespionage is attributed to the People’s Liberation Army, these hacks, Barger said, appeared to be linked to the Ministry of State Security, which is a spy agency responsible for foreign espionage and domestic counterintelligence.
Other Chinese entities, including the military, may also be involved in the campaign, analysts said.
Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, said Robert “Bear” Bryant, a former top counterespionage official in the government. “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”
Security researchers have pointed to a cyber tool or family of malicious software called Derusbi that has been linked exclusively to Chinese actors. One group that has used Derusbi is Deep Panda, a name coined by the firm CrowdStrike, which has linked that group to the Anthem hack.
Disclosed in February, that incident exposed the Social Security numbers, addresses, phone numbers, e-mail addresses and member IDs of tens of millions of customers. No medical data such as diagnosis or treatment information was compromised, the company said.
Researchers note that in contrast to the hacks of Home Depot and Target, personal data that might have been stolen from OPM, Anthem and the other companies has not shown up on the black market, where it can be sold to identity thieves. That is another sign, they said, that the intrusions are not being made for commercial purposes.
“Usually if there’s a criminally or financially motivated breach like that, we see the data making its way into the black market soon after that,” Barger said.
The big-data approach being taken by the Chinese might seem to mirror techniques used abroad by the NSA, which has come under scrutiny for its data-gathering practices under executive authority. But in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.
“This is what all intelligence services do if they’re good,” said the China cyber expert. “If you want to find a needle, first you have to gather a haystack of needles.”
The massive data harvesting “reflects a maturity in Chinese” electronic intelligence gathering, the expert said. “You have to put in place structured data repositories. You have to have big-data management tools to be able to store and sift and analyze.”
Barger said that “with a large pool of data, they can prioritize who is the best to target electronically and who is the best to target via human recruitment.”
The U.S. official noted that the Chinese “would not take [the data] if they did not have the opportunity to aggregate it.” And, he added, “they are taking it.”
How the Internet became so vulnerable
Senior Republicans conceded on Tuesday that the grueling fight with President Obama over the regulation of Internet service appears over, with the president and an army of Internet activists victorious.
The Federal Communications Commission is expected on Thursday to approve regulating Internet service like a public utility, prohibiting companies from paying for faster lanes on the Internet. While the two Democratic commissioners are negotiating over technical details, they are widely expected to side with the Democratic chairman, Tom Wheeler, against the two Republican commissioners.
And Republicans on Capitol Hill, who once criticized the plan as “Obamacare for the Internet,” now say they are unlikely to pass a legislative response that would undo perhaps the biggest policy shift since the Internet became a reality.
“We’re not going to get a signed bill that doesn’t have Democrats’ support,” said Senator John Thune, Republican of South Dakota and chairman of the Senate Commerce Committee. “This is an issue that needs to have bipartisan support.”
The new F.C.C. rules are still likely to be tied up in a protracted court fight with the cable companies and Internet service providers that oppose it, and they could be overturned in the future by a Republican-leaning commission. But for now, Congress’s hands appear to be tied.
The F.C.C. plan would let the agency regulate Internet access as if it is a public good. It would follow the concept known as net neutrality or an open Internet, banning so-called paid prioritization — or fast lanes — for willing Internet content providers.
In addition, it would ban the intentional slowing of the Internet for companies that refuse to pay broadband providers. The plan would also give the F.C.C. the power to step in if unforeseen impediments are thrown up by the handful of giant companies that run many of the country’s broadband and wireless networks.
Republicans hoped to pre-empt the F.C.C. vote with legislation, but Senate Democrats insisted on waiting until after Thursday’s F.C.C. vote before even beginning to talk about legislation for an open Internet. Even Mr. Thune, the architect of draft legislation to override the F.C.C., said Democrats had stalled what momentum he could muster.
And an avalanche of support for Mr. Wheeler’s plan — driven by Internet companies as varied as Netflix, Twitter, Mozilla and Etsy — has swamped Washington.
“We’ve been outspent, outlobbied. We were going up against the second-biggest corporate lobby in D.C., and it looks like we’ve won,” said Dave Steer, director of advocacy for the Mozilla Foundation, the nonprofit technology foundation that runs Firefox, a popular Web browser, referring to the cable companies. “A year ago today, we did not think we would be in this spot.”
The net neutrality movement pitted new media against old and may well have revolutionized notions of corporate social responsibility and activism. Top-down decisions by executives investing in or divesting themselves of resources, paying lobbyists and buying advertisements were upended by the mobilization of Internet customers and users.
“We don’t have an army of lobbyists to deploy. We don’t have financial resources to throw around,” said Liba Rubenstein, director of social impact and public policy at the social media company Tumblr, which is owned by Yahoo, the large Internet company, but operated independently on the issue. “What we do have is access to an incredibly engaged, incredibly passionate user base, and we can give folks the tools to respond.”
Internet service providers say heavy-handed regulation of the Internet will diminish their profitability and crush investment to expand and speed up Internet access. It could even open the web to taxation to pay for new regulators.
Brian Dietz, a spokesman for the National Cable & Telecommunications Association, said the pro-net-neutrality advocates turned a complex and technical debate over how best to keep the Internet operating most efficiently into a matter of religion. The forces for stronger regulation, he said, became viewed as for the Internet. Those opposed to the regulation were viewed as against the Internet.
The Internet companies, he said, sometimes mislead their customers, and in some cases, are misled on the intricacies of the policy.
“Many of the things they have said just belie reality and common sense,” he said.
In April, a dozen New York-based Internet companies gathered at Tumblr’s headquarters in the Flatiron district to hear dire warnings that broadband providers were about to obtain the right to charge for the fastest speeds on the web.
The implication: If they did not pony up, they would be stuck in the slow lane.
What followed was the longest, most sustained campaign of Internet activism in history. A swarm of small players, like Tumblr, Etsy, BoingBoing and Reddit, overwhelmed the giants of the broadband world, Comcast, Verizon Communications and Time Warner Cable. Two of the biggest players on the Internet, Amazon and Google, largely stayed in the background, while smaller participants — some household names like Twitter and Netflix, others far more obscure, like Chess.com and Urban Dictionary — mobilized a grass-roots crusade.
“Our community is the source of our power,” said Althea Erickson, director of public policy at Etsy, an online craft market, where users embroidered pillows and engraved spoons promoting net neutrality.
The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.
The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.
ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.
Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.
ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.
The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.
“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”
The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication — such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called — but not the content of the message or audio of the call.
HARI SREENIVASAN (Newshour): Net neutrality is the idea that broadband Internet service providers, Comcast, Time Warner Cable, Verizon and others, should treat everything that flows across the Internet equally. That means preventing service providers from creating fast lanes for sites they have business ties with, such as streaming video services like Hulu or Netflix, and slowing access to others, like Amazon.
It also means not charging more for YouTube and other sites based on their heavier bandwidth use or in exchange for faster speeds, all of which could affect what consumers see online, how fast, and at what price. The principles were set out by the Federal Communications Commission nearly a decade ago.
The agency enshrined them in its Open Internet Order adopted in 2010. But Verizon sued to challenge the agency's authority, and, yesterday, the U.S. District Court of Appeals for the District of Columbia found the FCC acted improperly. The 81-page ruling said the agency is wrong to classify Internet service providers as information services, but at the same time regulate them as common carriers, meaning as it does telephone and utility companies.
While the FCC decides whether to appeal, Amazon and others are watching to see if the broadband networks impose their own rules, favoring some content companies over others.
For its part, Verizon issued a statement yesterday that said, in part: "Verizon has been and remains committed to the open Internet. This will not change in light of the court's decision."
The ruling doesn't apply to wireless services accessed through mobile devices, which represent a growing share of the market.
I make no guarantee that any advice given on these pages will work as expected. There are just too many variables depending on Operator Systems and hardware configurations to give any advice that will always work.
Where possible, I will provide links to my source.
