On Tuesday, the U.S. Senate convened two hearings on a couple of this newsletter’s favorite topics: cryptocurrencies and bug bounty programs. The day’s testimonies were chock full of fresh insights—and were a welcome diversion, for this author, from the government’s unending budgetary troubles.
The first hearing before the Senate Banking Committee saw Jay Clayton, chair of the Securities and Exchange Commission, and Christopher Giancarlo, chair of the Commodity Futures Trading Commission, dish about virtual money. Amid cratering prices, repeated thefts, and recent banking credit bans, Bitcoin investors had braced themselves for the worst. The regulators, however, struck several positive notes during the session, praising Bitcoin for spurring innovations in digital ledger technology. Giancarlo, for one, promised “a thoughtful and balanced response, and not a dismissive one” to the digital gold rush.
One point to keep an eye on: Clayton warned entrepreneurs against “initial coin offerings,” recent fundraising phenomena that founders have used to raise billions of dollars through the sale of digital tokens. “To the extent that digital assets like ICOs [initial coin offerings] are securities—and I believe every ICO I’ve seen is a security—we have jurisdiction and our federal securities laws apply,” he said. Expect Clayton’s agency to continue to pursue action against projects it deems in violation of securities laws.
The second hearing before the Senate Subcommittee on Consumer Protection invited cybersecurity professionals to the Hill to discuss the historically uneasy relationship between companies and hackers. Some highlights: John Flynn, Uber’s chief information security officer, told the panel that his company “made a misstep” by failing to promptly report a 2016 data breach that recently came to light. Mårtin Mickos, CEO of HackerOne, a bug bounty startup, urged legislators to revise laws used to prosecute hackers and to standardize data breach notification requirements at the federal level. And Katie Moussouris, founder of Luta Security, a bug bounty consultancy, pressed companies to adopt clear policies around vulnerability reporting. (HackerOne posted a nice recap of the day’s happenings, which you can read on its blog here.)
Both hearings were highly encouraging. Let’s hope that when the lawmakers reexamine their books, they’ll keep the good sense of these experts in mind.
Digital defense discount deals. Insurer Allianz will offer discounts on cybersecurity insurance coverage to customers that use Apple devices, like Macs and iPhones, Cisco security products designed to protect against ransomware attacks, and risk evaluations from Aon, the professional services firm. Apple CEO Tim Cook and Cisco CEO Tim Robbins revealed in June that they were collaborating with insurers on these new policies.
Suspicious spy saga sours. U.S. intelligence agents, lured by the possibility of recovering hacking tools stolen from the NSA, paid a Russian intermediary an installment of $100,000 for the alleged cyber weapons last year. Further negotiations fell through after the Russian source delivered only materials already made public by the “shadow brokers,” a mysterious group that first started leaking the NSA attack code in 2016, and as the source continued to push unverifiable, allegedly compromising materials related to President Donald Trump.
Intern infiltrates iPhone internals. Apple forced the code-sharing website Github to take down a post containing leaked source code for the iPhone’s boot process this week, as Motherboard first reported. Apparently, the code escaped Apple headquarters when a lowly intern absconded with the files and shared them with friends in the “jailbreaking” hacker community.
Banks ban Bitcoin buys. Credit card issuers are forbidding cryptocurrency purchases on credit in an effort to reduce financial and legal risks. Firms that have recently blacklisted Bitcoin sellers include Bank of America, J.P. Morgan Chase, Citigroup, Capital One, Discover, and Lloyds.