House Reps Push Colleagues To Step Up Data Security Game

Law360, New York (May 24, 2016, 10:22 PM ET) -- A bipartisan pair of House lawmakers on Monday pressed their colleagues to do more to protect the security of their online communications, including by using end-to-end encryption and employing more complex passwords, saying it was "frightening" how easily hackers could gain access to their devices.

In a "dear colleague" letter sent to fellow members of the U.S. House of Representatives, Reps. Ted Lieu, D-Calif., and Will Hurd, R-Texas, advocated for the improvement of the "security culture" within the lower chamber.

"The ease with which foreign governments, criminal syndicates, and everyday hackers can access your smartphone, tablet, desktop or laptop is frightening," the lawmakers wrote.

While the chief information officer of the House of Representatives "has worked tirelessly" to protect lawmakers' offices from millions of cyberattacks every year, there are several steps that members of Congress and their staff could take on their own each day to better protect their sensitive data, the representatives wrote.

In their letter, Lieu and Hurd — who are two of only four members of Congress who hold degrees in computer science — laid out some "common ways" that their colleagues could help to secure their personal data from hackers and other bad actors.

Specifically, the tech-savvy congressmen championed the use of encryption and encryption messaging apps. Pointing to a recent segment on "60 Minutes" about a mobile network flaw that could potentially allow hackers to drop in on phone conversations, Lieu and Hurd stressed that there are "numerous vulnerabilities" throughout all communications platforms that encryption technologies could significantly help to mitigate.

"There are a number of easy-to-use applications that have end-to-end encryption for mobile communications," the letter said. "These apps will encrypt both your voice and text messaging data. While this method is not foolproof, the use of these apps constructs a huge barrier to your communications being deciphered."

The lawmakers also encouraged the use of a two-step or multistep authentication process for access to all internet services and the use of complex passwords that would be harder for cyberthieves to crack.

"The House of Representatives' system already requires a strong password consisting of numbers, letters and symbols and prompts you to change it every so often," they wrote. "This should be a common practice for all users across all platforms. Additionally, it is a best practice to avoid using duplicate passwords for separate accounts and devices."

Other tips advanced by the lawmakers included installing anti-virus software and apps that monitor for anomalous activity in the same way that the technology does on desktop computers; connecting only to trusted networks and avoiding the 89 percent of public Wi-Fi networks that are unsecured; and backing up data to ensure that irreplaceable or important information will be accessible elsewhere in the event that the original copy is hijacked in a ransomware of phishing attack.

Lieu, who holds an undergraduate degree in computer science from Stanford University and previously served as a lieutenant colonel in the U.S. Air Force Reserves, and Hurd, who also obtained a computer science degree from Texas A&M and worked as an undercover CIA agent for nearly a decade, additionally pointed their colleagues to the website of the U.S. Computer Emergency Readiness Team.

They noted that the resource provides a large amount of valuable information on cybersecurity, including guidance on cyberthreats to mobile phones, which they linked to in their letter.

"Your devices will be subject to continuing cyber attacks," the lawmakers wrote. "Hopefully this letter will help you to better defend against those attacks."