Bitcoin and Bug Bounties on the Hill, Apple and Cisco's Cyber Deal, iPhone Leak
Robert Hackett
Updated
Good morning, Cyber Saturday readers.
On Tuesday, the U.S. Senate convened two hearings on a couple of this newsletter’s favorite topics: cryptocurrencies and bug bounty programs. The day’s testimonies were chock full of fresh insights—and were a welcome diversion, for this author, from the government’s unending budgetary troubles.
The first hearing before the Senate Banking Committee saw Jay Clayton, chair of the Securities and Exchange Commission, and Christopher Giancarlo, chair of the Commodity Futures Trading Commission, dish about virtual money. Amid cratering prices, repeated thefts, and recent banking credit bans, Bitcoin investors had braced themselves for the worst. The regulators, however, struck several positive notes during the session, praising Bitcoin for spurring innovations in digital ledger technology. Giancarlo, for one, promised “a thoughtful and balanced response, and not a dismissive one” to the digital gold rush.
One point to keep an eye on: Clayton warned entrepreneurs against “initial coin offerings,” recent fundraising phenomena that founders have used to raise billions of dollars through the sale of self-minted digital tokens. “To the extent that digital assets like ICOs [initial coin offerings] are securities—and I believe every ICO I’ve seen is a security—we have jurisdiction and our federal securities laws apply,” he said. Expect Clayton’s agency to continue to pursue action against projects it deems in violation of securities laws.
The second hearing before the Senate Subcommittee on Consumer Protection invited cybersecurity professionals to the Hill to discuss the historically uneasy relationship between companies and hackers. Some highlights: John Flynn, Uber’s chief information security officer, told the panel that his company “made a misstep” by failing to promptly report a 2016 data breach that recently came to light. Mårtin Mickos, CEO of HackerOne, a bug bounty startup, urged legislators to revise laws used to prosecute hackers and to standardize data breach notification requirements at the federal level. And Katie Moussouris, founder of Luta Security, a bug bounty consultancy, pressed companies to adopt clear policies around vulnerability reporting. (HackerOne posted a nice recap of the day’s happenings, which you can read on its blog here.)
Both hearings were highly encouraging. Let’s hope that when the lawmakers reexamine their books, they’ll keep the good sense of these experts in mind.
Have a great weekend.
Robert Hackett
@rhhackett
robert.hackett@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’sdaily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
Digital defense discount deals. Insurer Allianz will offer discounts on cybersecurity insurance coverage to customers that use Apple devices, like Macs and iPhones, Cisco security products designed to protect against ransomware attacks, and risk evaluations from Aon, the professional services firm. Apple CEO Tim Cook and Cisco CEO Tim Robbins revealed in June that they were collaborating with insurers on these new policies.
Suspicious spy saga sours. U.S. intelligence agents, lured by the possibility of recovering hacking tools stolen from the NSA, paid a Russian intermediary an installment of $100,000 for the alleged cyber weapons last year. Further negotiations fell through after the Russian source delivered only materials already made public by the “shadow brokers,” a mysterious group that first started leaking the NSA attack code in 2016, and as the source continued to push unverifiable, allegedly compromising materials related to President Donald Trump.
Intern infiltrates iPhone internals. Apple forced the code-sharing website Github to take down a post containing leaked source code for the iPhone’s boot process this week, as Motherboard first reported. Apparently, the code escaped Apple headquarters when a lowly intern absconded with the files and shared them with friends in the “jailbreaking” hacker community.
“If we lived in a dystopian world without trust, Bitcoin might dominate existing payment methods. But in this world, where people do tend to trust financial institutions to handle payments and central banks to maintain the value of money it seems unlikely that bitcoin could ever be as convenient as existing payment means.”
—Antoine Martin, an economist at the Federal Reserve Bank of New York, penned an op-ed that takes a whack at Bitcoin. He said the cryptocurrency could be useful—just not in this universe. But then, that’s what a Fed banker would say…
Meanwhile, Tyler Winklevoss told CNBC that people who fail to see Bitcoin’s potential suffer a “failure of imagination.”
Inside the “smart” home panopticon. If you’re interested in living in a “smart” home—an abode outfitted with hi-tech, Internet-connected gadgetry—you should first understand the extent to which everyday household items will spy on you. This Gizmodo investigation details, in an entertaining firsthand account, the many ways that connected TVs, security cameras, coffee makers, mattress covers, and more mundane objects invade people’s privacy. Add to that the micro-aggravations of dealing with buggy domestic devices and you’ll be left wondering how this stuff ever came to be called “smart.”
