Welcome to Codebook, among the least flammable cybersecurity newsletters on the market today.
Tips? Reply to this email.
Illustration: MirageC/Getty Images
Supporters hope this will finally be the year that the Email Privacy Act will become law. The draft legislation — which has passed the House twice before — would require authorities to get warrants before gathering evidence stored in the cloud, and it's included in the House versions of two must-pass bills announced over the past week.
Why it matters: You might expect that police would always need a warrant to search someone's web-based email archive, cloud-stored files or social media direct messages. In reality, that's not a sure thing.
A 1980s-vintage law known as the Electronic Communications Privacy Act (ECPA) actually gives law enforcement the right to seize files without judicial review if they have been stored on someone else's hard drive for more than 180 days. Courts have limited ECPA's reach, but the outdated rule is still on the books.
Background: That statute made more sense before people started putting all their information online and leaving it there.
Why new legislation is needed: "The Sixth Circuit case technically only applies in the Sixth Circuit," said Tommy Ross, senior policy director at BSA, a software industry lobby. "It's important to codify what is already common practice."
But, but, but: Not all Federal agencies have the ability to obtain warrants. For a Security and Exchange Commission investigation, for example, ECPA is the only game in town. The new law would tie its hands.
Why now: The Email Privacy Act passed the House in 2016 and 2017, but failed in the Senate each time. Supporters think this time will be different.
The long weekend was a busy period for news about ZTE. Lawmakers from both parties rebelled against a deal to save China's second-largest telecom manufacturer that President Trump announced on Twitter Friday.
Meanwhile, Chinese tech giant Tencent said it aimed to reduce China's dependence on U.S.-made components, and President Trump announced plans for new trade restrictions against China.
The still-unfolding drama offers a case study in Trump's ability to handle competing U.S. interests during international negotiations. The president's transactional style may not be the best fit for diplomacy with so many variables, and the last few days have been erratic:
On Thursday, Trump blamed the growing bipartisan discontent from lawmakers on how the Obama administration dealt with China. That didn't appease any of his critics.
On Friday: Trump tweeted about his deal. Sen. Mark Warner (D-VA) said, in a statement, "This would be a big mistake. President Trump should listen to the advice of his intelligence leaders, who have unanimously said that ZTE poses a national security threat to the United States.”
On Saturday: Pony Ma Huateng, founder of Tencent, said regardless of the outcome of the ZTE deal, the ordeal was a "wake up call" and Tencent was looking to invest in a domestic chip industry for China in order to break the U.S.'s "grip on [China's] throat."
On Sunday: Marco Rubio expressed his concerns on Face the Nation: "If this was just a company that did something wrong and needed to be punished, the president's right. I don't just view the ZTE issue through ZTE alone. I view it in the broader context of what China is trying to do overtake the United States by stealing and by cheating and they're not going to stop until they know there are real consequences for doing it."
On Monday: Chinese President Xi Jinping told a crowd of engineers and scientists: "The initiatives of innovation and development must be securely kept in our own hands."
And, finally, on Tuesday: Trump announced export restrictions, tighter investment rules and 25% tariffs against parts of the the Chinese technology sector.
Two Canadian banks — Simplii Financial and BMO — announced Monday that "fraudsters" stole data from a small fraction of their accounts.
The details: Though details are scant, each bank said it was contacted Sunday by thieves saying they had stolen customer information. Both releases referred to the crooks as "fraudsters."
Waxwork of Donald Trump seen outside the U.S. London embassy. Photo: Richard Baker/Getty Images
President Trump’s charge that the Mueller investigation is going to tamper with this year’s American elections coopts language from the 2016 election hacking scandal to discredit the probe that scandal inspired.
What he’s tweeting: "The 13 Angry Democrats (plus people who worked 8 years for Obama) working on the rigged Russia Witch Hunt, will be MEDDLING with the mid-term elections…”
Why it’s an awful analogy: Russia is a foreign country that Democrats, Republicans and the international community agree broke U.S. law to try and sway the American election. The Mueller probe is home-grown and thus far well within the boundaries of the law.
This isn’t the first time that Trump has borrowed and redefined language from the saga of Russian interference with the 2016 election. Previously, he successfully transformed the meaning of “fake news” — from “clickbait articles on websites that make up news stories” to “any news stories I don’t like.”
Why it matters: If Trump succeeds in taking a legal investigation into foreign interference in one election and rebrand it as “meddling” in another election, he will muddy our necessary bipartisan national conversation about what happened in 2016 — and how to protect future U.S. elections from real foreign "meddling."
Codebook will return on Thursday.