Welcome to Codebook, the only cybersecurity bold enough to tell you not to delete requested evidence in an ongoing criminal case (see below).
Tips? Reply to this email address.
Photo: Johannes Eisele/AFP via Getty
The $1.4 billion deal the White House reached to keep embattled Chinese telecom equipment maker ZTE running preempts an amendment in the National Defense Authorization Act (NDAA) that would have tied the Trump administration’s hands on the issue.
Why it matters: The Trump administration and China hawks are fighting over how to define the ZTE controversy: Is it about balance-of-trade figures or national security? Trump's side just won a round.
The background: ZTE was caught — twice — selling banned technology to North Korea and Iran. After the first infraction, ZTE agreed that if it was ever caught again, it would lose access to U.S. tech components it needed to make equipment. That was the equivalent of a death penalty for the firm — and after the U.S. imposed the penalty in April, ZTE announced it would shut down manufacturing.
Timing is everything: The Senate is nearing passage of its version of the NDAA, which contained an amendment that would block the White House’s ability to make this kind of deal with a Chinese firm.
Illustration: Sarah Grillo/Axios
Two Senate Democrats have introduced a bill that would provide $50 million to stand up National Guard cyber units in every state to prevent and respond to election security issues. But there's a glitch: the Defense Department is somewhat resistant to shifting its authority to states.
Why it matters: Once more, the U.S. is up against its age-old conflict in election security — between the belief that states should run their own elections and the fact that the feds provide much of the resources and authority.
The arguments for it: The bill's authors, Sen. Maria Cantwell and Sen. Joe Manchin, and other advocates point out that the National Guard is already working on other critical infrastructure issues — including election security — in the states. As a result, the National Guard is uniquely familiar with the technological landscape that it would need to protect when it comes to election security, said Kilmer.
Why the DOD might push back: Standing up state-backed cyber units would naturally pull some resources away from the DOD.
The Department of Defense sent out a request for information (RFI) about a cloud-based web browser on Tuesday.
Why it matters: Traditionally, browsers are local programs that pull down content and code from servers elsewhere. The cloud would add a layer of protection — the content and code would open on a different server and then broadcast to the user's computer. It's a neat technical idea, and a fundamentally different approach to security.
How it's different: There are not a whole lot of places from which malware can enter a computer. Surfing the web is a big one.
There aren't too many players in the cloud browser space. Scott Petry, cofounder and CEO of one of those companies, Authentic8, told Codebook the RFI showed it was an idea whose time has come.
"It sends a message to government and commercial environments that the biggest, most secure network can use it," he said.
Special prosecutor Robert Mueller is asking witnesses to turn in their cell phones so he can check for encrypted apps. Meanwhile, Sean Hannity told his viewers not to comply.
Why it matters (in the probe): Former Trump campain chair Paul Manafort may have his bail rescinded after prosecutors claimed to have found he had used the encrypted app WhatsApp to ask witnesses in his case to lie on his behalf. This represents another instance where Manafort seems to have believed he could use technology to cover his tracks but didn't quite stick the landing.
Why it matters (to Sean Hannity): Hannity advised witnesses viewing his program to take thorough steps to thwart Mueller's request, as seen in this video taken by liberal media monitoring organization Media Matters For America: "Delete all your emails and then acid-wash the emails on the hard drives and your phones, then take your phones and bash them with a hammer to little itsy bitsy pieces...and hand them over to Robert Mueller and say: ‘Hillary Rodham Clinton, this is equal justice under the law.'"
There are two problems here:
In a Wednesday taping for C-SPAN's "The Communicators," Wheeler said that his successor, Ajit Pai, hasn't made the security of America's telecom networks enough of a priority.
Axios's David McCabe offers a report from his C-SPAN interview with former FCC head Tom Wheeler:
What Wheeler is saying: “The fact of the matter is that we need to have safe and secure networks, and the Trump FCC has said that’s not our job," he said. "And it seems to me that the agency responsible for America’s networks needs to also show leadership in the security of those networks.”
The bigger picture: Questions about network security aren't going away, as a recent scuffle over stingray devices in Washington, D.C. shows.
A quartet of Congress folk re-introduced legislation Thursday morning to prevent states and localities from introducing their own encryption laws.
Why it matters: It's easy to view any policy about encryption through the lens of the encryption debate over whether it would be a good thing to weaken encryption to aid law enforcement. This is not that debate. Instead, this is about whether it's feasible for tech vendors to create different versions of phones for each state or city that develops its own law.
Second time's the charm? 2018's ENCRYPT act, sponsored by Ted Lieu (D-Calif.), Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio), is the same as 2016's ENCRYPT act, sponsored by those 4 and former Rep. Blake Farenthold (R-Texas).
Codebook will return next week with a vengeance.