Facebook, Google, Twitter asked to testify on Russian meddling

The Twitter application is seen on a phone screen August 3, 2017. REUTERS/Thomas White

By Dustin Volz and Patricia Zengerle

WASHINGTON (Reuters) – Executives from Facebook, Alphabet Inc’s Google and Twitter have been asked to testify to the U.S. Congress in coming weeks as lawmakers probe Russia’s alleged interference in the 2016 U.S. election, committee sources said on Wednesday.

A Senate aide said executives from the three firms had been asked by the Senate Intelligence Committee to appear at a public hearing on Nov. 1.

The leaders of the House of Representatives Intelligence Committee said the panel would hold an open hearing next month with representatives from unnamed technology companies in an effort to “better understand how Russia used online tools and platforms to sow discord in and influence our election.”

Representatives for Facebook and Google confirmed they had received invitations from the Senate committee but did not say whether the companies would attend. Twitter did not immediately respond to requests for comment.

The House panel did not immediately identify any companies, but a committee source said lawmakers expected to hear from the same three firms the Senate had asked to testify.

The requests are the latest move by congressional investigators to gain information from internet companies as they probe the extent of Moscow’s alleged efforts to disrupt last year’s U.S. election. Lawmakers in both parties have grown increasingly concerned that social networks may have played a key role in Russia’s influence operation.

Facebook revealed this month that suspected Russian trolls purchased more than $100,000 worth of divisive ads on its platform during the 2016 election cycle, a revelation that has prompted calls from some Democrats for new disclosure rules for online political ads.

On Wednesday, Trump attacked Facebook in a tweet and suggested the world’s largest social network had colluded with other media outlets that opposed him. The president has been skeptical of the conclusions of U.S. intelligence agencies that Russia interfered in the election and has denied his campaign colluded with Moscow.

The salvo prompted a lengthy rebuke from Facebook Chief Executive Mark Zuckerberg, who said both Trump and liberals were upset about ideas and content on Facebook during the campaign.

“That’s what running a platform for all ideas looks like,” Zuckerberg wrote on his personal Facebook page.

Other internet firms besides Facebook are also facing rising scrutiny over how Russia may have leveraged their platforms. Twitter is expected to privately brief the Senate panel on Thursday.

Republican Senator James Lankford, who has received classified information about Russia’s interference as a member of the Senate Intelligence Committee, said on Wednesday that the country’s attempts to sow discord in U.S. domestic affairs had not abated.

Russian internet trolls over the weekend fueled the debate ignited by Trump over whether NFL players should have the right to kneel during the national anthem, Lankford said.

Also on Wednesday, the Daily Beast, citing unnamed sources, reported that a Facebook group named “United Muslims of America” was a fake account linked to the Russian government and that it was used to push false claims about U.S. politicians, including Democratic presidential candidate Hillary Clinton.

The group bought Facebook ads to reach targeted audiences, promoting political rallies aimed at Muslims, the website reported.

The Senate and House intelligence committees are two of the main congressional panels probing allegations that Russia sought to interfere in the U.S. election to boost Trump’s chances at winning the White House, and possible collusion between Trump associates and Russia.

(Reporting by Patricia Zengerle and Dustin Volz, additional reporting by Paresh Dave; Editing by Peter Cooney and Andrew Hay)

Russia causing cyber mayhem, should face retaliation: ex-UK spy chief

The director of Britain's GCHQ Robert Hannigan delivers a speech at Government Communications Headquarters in Cheltenham, November 17, 2015.

By Michael Holden

LONDON (Reuters) – Russia is causing cyberspace mayhem and should face retaliation if it continues to undermine democratic institutions in the West, the former head of Britain’s GCHQ spy agency said on Monday.

Russia denies allegations from governments and intelligence services that it is behind a growing number of cyber attacks on commercial and political targets around the world, including the hackings of recent U.S. and French presidential election campaigns.

Asked if the Russian authorities were a threat to the democratic process, Robert Hannigan, who stepped down as head of the UK’s intelligence service in March, said: “Yes … There is a disproportionate amount of mayhem in cyberspace coming from Russia from state activity.”

In his first interview since leaving GCHQ, Hannigan told BBC radio that it was positive that French President Emmanuel Macron and German Chancellor Angela Merkel had publicly “called this out recently”.

Standing alongside Russian President Vladimir Putin in May, Macron said state-funded Russian news outlets had sought to destabilize his campaign while the head of Germany’s domestic intelligence agency said last week it was expecting Russia to try to influence the German election in September.

“Ultimately people will have to push back against Russian state activity and show that it’s unacceptable,” he said.

“It doesn’t have to be by cyber retaliation, but it may be that is necessary at some time in the future. It may be sanctions and other measures, just to put down some red lines and say that this behavior is unacceptable.”

Hannigan also said it would be a mistake to force social media companies to allow intelligence agencies to access services protected by encryption through so-called “back door” access.

“The best you can do with end-to-end encryption is work with companies in a cooperative way to find ways around it frankly,” he said. He said such “back doors” would weaken systems.

Hannigan also said governments should wait to see how a global working group on tackling online extremism established by Facebook, Google’s YouTube, Twitter and Microsoft performed before seeking new laws.

“Legislation is a blunt last resort because frankly extremism is very difficult to define in law and you could spend all your time in court arguing about whether a particular video crosses the line or not,” he said.

Last month, Germany approved a plan to fine social media networks up to 50 million euros ($57 million) if they failed to remove hateful postings promptly. Britain has also mooted bringing in possible sanctions for tech firms that failed to remove extremist content.

 

 

(Editing by Raissa Kasolowsky)

 

Google to push for law enforcement to have more access to overseas data

FILE PHOTO: A Google logo is seen in a store in Los Angeles, California, U.S., March 24, 2017. REUTERS/Lucy Nicholson/File Photo

By Dustin Volz

WASHINGTON (Reuters) – Alphabet Inc’s <GOOGL.O> Google will press U.S. lawmakers on Thursday to update laws on how governments access customer data stored on servers located in other countries, hoping to address a mounting concern for both law enforcement officials and Silicon Valley.

The push comes amid growing legal uncertainty, both in the United States and across the globe, about how technology firms must comply with government requests for foreign-held data. That has raised alarm that criminal and terrorism investigations are being hindered by outdated laws that make the current process for sharing information slow and burdensome.

Kent Walker, Google’s senior vice president and general counsel, will announce the company’s framework during a speech in Washington, D.C., at the Heritage Foundation, a conservative think tank that wields influence in the Trump White House and Republican-controlled Congress.

The speech urges Congress to update a decades-old electronic communications law and follows similar efforts by Microsoft Corp <MSFT.O>.

Both companies had previously objected in court to U.S. law enforcement efforts to use domestic search warrants for data held overseas because the practice could erode user privacy. But the tech industry and privacy advocates have also admitted the current rules for appropriate cross-border data requests are untenable.

The Mountain View, California-based company calls for allowing countries that commit to baseline privacy, human rights and due process principles to directly request data from U.S. providers without the need to consult the U.S. government as an intermediary. It is intended to be reciprocal.

Countries that do not adhere to the standards, such as an oppressive regime, would not be eligible.

Google did not detail specific baseline principles in its framework.

“This couldn’t be a more urgent set of issues,” Walker said in an interview, noting that recent acts of terrorism in Europe underscored the need to move quickly.

Current agreements that allow law enforcement access to data stored overseas, known as mutual legal assistance treaties, involve a formal diplomatic request for data and require the host country obtain a warrant on behalf of the requesting country. That can often take several months.

In January, a divided federal appeals court refused to reconsider its decision from last year that said the U.S. government could not force Microsoft or other companies to hand over customer data stored abroad under a domestic warrant.

The U.S. Justice Department has until midnight on Friday to appeal that decision to the Supreme Court. It did not respond to a request for comment.

U.S. judges have ruled against Google in similar recent cases, however, elevating the potential for Supreme Court review.

Companies, privacy advocates and judges themselves have urged Congress to address the problem rather than leave it to courts.

Google will also ask Congress to codify warrant requirements for data requests that involve content, such as the actual message found within an email.

Chris Calabrese, vice president of policy at the Center for Democracy & Technology, said Google’s framework was “broadly correct” but urged caution about the process for letting countries make direct requests to providers.

“We need to make sure the people in the club are the right people,” he said.

(Reporting by Dustin Volz; Editing by Lisa Shumaker)

Families of San Bernardino shooting sue Facebook, Google, Twitter

FILE PHOTO: Weapons confiscated from the attack in San Bernardino, California are shown in this San Bernardino County Sheriff Department handout photo from their Twitter account released to Reuters December 3, 2015. REUTERS/San Bernardino County Sheriffs Department/Handout/File Photo

By Dan Whitcomb

LOS ANGELES (Reuters) – Family members of three victims of the December 2015 shooting rampage in San Bernardino, California, have sued Facebook, Google and Twitter, claiming that the companies permitted Islamic State to flourish on social media.

The relatives assert that by allowing Islamic State militants to spread propaganda freely on social media, the three companies provided “material support” to the group and enabled attacks such as the one in San Bernardino.

“For years defendants have knowingly and recklessly provided the terrorist group ISIS with accounts to use its social networks as a tool for spreading extremist propaganda, raising funds and attracting new recruits,” family members of Sierra Clayborn, Tin Nguyen and Nicholas Thalasinos charge in the 32-page complaint, which was filed in U.S. District Court in Los Angeles on Wednesday.

“Without defendants Twitter, Facebook and Google (YouTube), the explosive growth of ISIS over the last few years into the most feared terrorist group in the world would not have been possible,” the complaint said.

Spokeswomen for Twitter and Google declined to comment on the lawsuit. Representatives for Facebook could not immediately be reached by Reuters on Thursday afternoon.

Syed Rizwan Farook and his wife, Tashfeen Malik, opened fire on a holiday gathering of Farook’s co-workers at a government building in San Bernardino on Dec. 2, 2015, killing 14 people and wounding 22 others.

Farook, the 28-year-old, U.S.-born son of Pakistani immigrants, and Malik, 29, a Pakistani native, died in a shootout with police four hours after the massacre.

Authorities have said the couple was inspired by Islamist militants. At the time, the assault ranked as the deadliest attack by Islamist extremists on U.S. soil since the Sept. 11, 2001, attacks. In June 2016, an American-born gunman pledging allegiance to the leader of Islamic State shot 49 people to death at the Pulse nightclub in Orlando, Florida, before he was killed by police.

In December 2016 the families of three men killed at the nightclub sued Twitter, Google and Facebook in federal court on allegations similar to those in the California lawsuit.

Federal law gives internet companies broad immunity from liability for content posted by their users. A number of lawsuits have been filed in recent years seeking to hold social media companies responsible for terror attacks, but none has advanced beyond the preliminary phases.

(Reporting by Dan Whitcomb in Los Angeles; Additional reporting by David Ingram and Julia Love in San Francisco; Editing by Dan Grebler and Grant McCool)

Spam campaign targets Google users with malicious link

A security guard keeps watch as he walks past a logo of Google in Shanghai, China, April 21, 2016. REUTERS/Aly Song/File Photo

By Jim Finkle and Alastair Sharp

(Reuters) – Alphabet Inc <GOOGL.O> warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

“This is the future of phishing,” said Aaron Higbee, chief technology officer at PhishMe Inc. “It gets attackers to their goal … without having to go through the pain of putting malware on a device.”

He said the hackers had also pointed some users to another site, since taken down, that sought to capture their passwords.

Google said its abuse team “is working to prevent this kind of spoofing from happening again.”

Anybody who granted access to the malicious app unknowingly also gave hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)

Major internet providers say will not sell customer browsing histories

The NBC and Comcast logo are displayed on top of 30 Rockefeller Plaza, formerly known as the GE building, in midtown Manhattan in New York July 1, 2015. REUTERS/Brendan McDermid/File Photo

By David Shepardson

WASHINGTON (Reuters) – Comcast Corp, Verizon Communications Inc and AT&T Inc said Friday they would not sell customers’ individual internet browsing information, days after the U.S. Congress approved legislation reversing Obama administration era internet privacy rules.

The bill would repeal regulations adopted in October by the Federal Communications Commission under former President Barack Obama requiring internet service providers to do more to protect customers’ privacy than websites like Alphabet Inc’s Google or Facebook Inc.

The easing of restrictions has sparked growing anger on social media sites.

“We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so,” said Gerard Lewis, Comcast’s chief privacy officer.

He added Comcast is revising its privacy policy to make more clear that “we do not sell our customers’ individual web browsing information to third parties.”

Verizon does not sell personal web browsing histories and has no plans to do so in the future, said spokesman Richard Young.

Verizon privacy officer Karen Zacharia said in a blog post Friday the company has two programs that use customer browsing data. One allows marketers to access “de-identified information to determine which customers fit into groups that advertisers are trying to reach” while the other “provides aggregate insights that might be useful for advertisers and other businesses.”

Republicans in Congress Tuesday narrowly passed the repeal of the rules with no Democratic support and over the objections of privacy advocates.

The vote was a win for internet providers such as AT&T Inc, Comcast and Verizon. Websites are governed by a less restrictive set of privacy rules.

The White House said Wednesday that President Donald Trump plans to sign the repeal of the rules, which had not taken effect.

Under the rules, internet providers would have needed to obtain consumer consent before using precise geolocation, financial information, health information, children’s information and web browsing history for advertising and marketing. Websites do not need the same affirmative consent.

Some in Congress suggested providers would begin selling personal data to the highest bidder, while others vowed to raise money to buy browsing histories of Republicans.

AT&T says in its privacy statement it “will not sell your personal information to anyone, for any purpose. Period.” In a blog post Friday, AT&T said it would not change those policies after Trump signs the repeal.

Websites and internet service providers do use and sell aggregated customer data to advertisers. Republicans say the rules unfairly would give websites the ability to harvest more data than internet providers.

Trade group USTelecom CEO Jonathan Spalter said in an op-ed Friday for website Axios that individual “browser history is already being aggregated and sold to advertising networks – by virtually every site you visit on the internet.”

This week, 46 Senate Democrats urged Trump not to sign the bill, arguing most Americans “believe that their private information should be just that.”

(Reporting by David Shepardson; Editing by Cynthia Osterman and Lisa Shumaker)

EU-U.S. commercial data transfer pact enters into force

Servers in Iceland

By Julia Fioretti

BRUSSELS (Reuters) – A new commercial data pact between the European Union and the United States entered into force on Tuesday, ending months of uncertainty over cross-border data flows, and companies such as Google <GOOGL.O>, Facebook <FB.O> and Microsoft <MSFT.O> can sign up from Aug. 1.

The EU-U.S. Privacy Shield will give businesses moving personal data across the Atlantic – from human resources information to people’s browsing histories to hotel bookings – an easy way to do so without falling foul of tough EU data transferral rules.

The previous such framework, Safe Harbour, was struck down by the EU’s top court in October on the grounds that it allowed U.S. agents too much access to Europeans’ data.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

In the months that followed the EU ruling companies have had to rely on other more cumbersome mechanisms for legally transferring data to the United States.

The Privacy Shield will underpin over $250 billion dollars of transatlantic trade in digital services annually.

Google and Microsoft said they would sign up to the Privacy Shield and would work with European data protection authorities in case of inquiries.

A person familiar with social network Facebook’s thinking said the company had not yet decided whether to sign up.

“It’s too early to say as we haven’t seen the full text yet but like other companies we will be evaluating the text in the coming weeks,” the person said.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

However the framework also faces criticism from privacy advocates for not going far enough in protecting Europeans’ data and is widely expected to be challenged in court.

Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”. However he added that he did not have plans to challenge it himself for the time being.

“We are confident the framework will withstand further scrutiny,” Penny Pritzker, U.S. Secretary of Commerce, told a news conference.

EU data protection authorities, who had demanded improvements to the Privacy Shield in April, said they were analyzing the framework and would finalize a position by July 25.

(Editing by Alexandra Hudson and Louise Heavens)

Apple, Google Products Target of Court Order

Apple Logo inside Corporate offices

SAN FRANCISCO (Reuters) – The American Civil Liberties Union on Wednesday said it had identified 63 cases across the U.S. in which the federal government asked for a court order compelling Apple Inc or Google to help access devices seized during investigations.

The cases predominantly arise out of investigations into drug crimes, the ACLU said, adding that the data indicate such government requests have become “quite ordinary.”

Representatives for the Justice Department and Apple declined to comment.

A spokesman for Google, a unit of Alphabet Inc, declined to say how frequently it has cooperated with All Writs Act requests or orders, and how often it has contested them.

The Justice Department previously disclosed that Apple has received 70 court orders requiring it to provide assistance since 2008, which it obeyed without objection.

However, last October Apple contested a Justice Department demand for assistance in a Brooklyn drug case. Since then, Apple has objected to several other government requests for help accessing devices across the country, the company said in a court filing last month.

A U.S. judge in Brooklyn agreed with Apple and ruled that Congress has not authorized the government to ask for the help it demanded of the company. The Justice Department has appealed that ruling.

The ACLU report comes after the Justice Department withdrew a request for Apple’s assistance in California, saying on Monday it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple’s help.

Other cases involving government requests for Apple’s help are still pending.

A variety of Apple and Google products have been targeted by court orders, according to the ACLU report. In one, an Apple iPhone 5 was seized by a man arrested in 2013 for importing methamphetamine from Mexico.

A California court ordered Apple to help the Justice Department bypass the passcode and copy data onto an external hard drive. The order does not specify which operating system was running on the phone.

(Reporting by Dan Levine)

Google accused of improperly tracking students’ web activity

A civil liberties group is accusing Google of invading the privacy of schoolchildren by improperly collecting information through their computers, according to a federal complaint filed this week.

The Electronic Frontier Foundation (EFF) claims the information is being obtained through the Google for Education program, which many schools are utilizing. Through that program, schools can buy Chromebook laptop computers and provide them to their students for educational use.

Fortune reported that 3.4 million Chromebooks were added to the education sector last year.

The problem, the EFF alleges in the complaint, is a default setting on those Chromebooks allows Google to collect and store data about the websites students visit and use it for its own benefit.

The feature is called Chrome Sync, and the EFF says it’s automatically turned on in the Google Chrome web browser. It allows users to have the same Internet browser configuration — things like saved settings, bookmarks and passwords — anytime they log in to Chrome on any device.

But the EFF alleges that also allows Google to collect and keep track student’s browsing records, including things like their search history and what videos they watch on YouTube. They say that’s a violation of the Student Privacy Pledge, which Google and other tech companies signed. One of the terms of that pledge is that companies will only use data for educational purposes.

The EFF alleges Google is using the data to improve its products and asking the Federal Trade Commission to investigate the company and order it to destroy any student data it collected.

Google disputes the claims, telling Fortune that its programs comply with the law and its pledge.

“Our services enable students everywhere to learn and keep their information private and secure,” Google said in a statement reported by the Associated Press. And the Future of Privacy Forum, which helped draft the Student Privacy Pledge, thinks the allegations are unfounded.

“We have reviewed the EFF complaint but do not believe it has merit. … The Chrome Sync setting is a general feature of all Chromebooks, whether purchased by schools or the general public. We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge,” the forum’s executive director, Jules Polonetsky, said in a statement.

Google Eliminates Pornographic Ads

Google has announced that it will no longer allow advertising to depict sexual acts and other types of pornography.

The company sent an e-mail to advertising accounts saying that anyone using the Google AdWords system that it will restrict ads containing or linking to any sexually explicit content.  The announcement follows a meeting in May between Google and groups such as Morality in Media, Concerned Women for America and Focus on the Family.

“We are grateful that they are realizing that their profits from porn are not worth the devastation to children and families,” Morality in Media said in a statement.

In addition to the new restrictions on advertising, Google has increased policies for apps that can be sold through the Google Play store.  Apps that contain or promote sexually explicit or erotic content are no longer permitted and Google has removed several apps from the site that violated those policies.

Google has been part of the “Dirty Dozen” list released each year by PornHarms.com, a listing that shows the biggest contributors to sexual exploitation in America.  Google is on the 2014 list, released just before the announcement of the changes.  Other major companies on the list include Verizon, Barnes & Noble and Cosmopolitan magazine.