Rep. Ted Lieu, D-Calif., is in his first term as a member of Congress, but he's quickly gained national attention for his work on cybersecurity. The Stanford graduate is one of just four members with a degree in computer science, and he believes Congress is in the "dark ages" on certain related issues.
"With 10 being very secure and one being not, I would say about a two," Lieu said when asked to rank how secure the average member was from hackers. "Just very basic cybersecurity protections in terms of things that members and staff should not do, we do not get very much training on, especially in terms of mobile devices."
Mobile devices have been a big issue since April, when Lieu asked Congress to investigate a security flaw in a telecommunications network known as Signaling System No. 7. The flaw grants any hacker able to penetrate the network access to any mobile device connected to it. In short, Lieu notes, that means all sophisticated governments have the ability to listen in on phone calls made by members of Congress.
Though intelligence officials have known about the flaw for around two years, they have not notified members of Congress, and Lieu wants to know the reason behind that decision. "The potential for blackmail, the potential for release of information that foreign governments shouldn't get, is extraordinary," he said. "As we sit here today, I have yet to see a single alert being issued by anyone in government."
Lieu also said he was dismayed by the scope of domestic surveillance revealed by Edward Snowden in 2013, and is still considering whether he can support an Internet surveillance regime known as PRISM. That program is set to sunset at the end of 2017 unless Congress takes action.
Nonetheless, Lieu added, he does not support reducing the criminal charges that Snowden faces. The former NSA contractor would face multiple felony charges under the Espionage Act in the event he returned to the U.S. from Russia.
Washington Examiner: What sparked your interest in politics?
Lieu: I think it has to do with how I came here. I'm an immigrant, and I'm one of only six in Congress. My parents came to Cleveland, so that's where I grew up. They were poor, they did not speak English well, they went to flea markets to sell gifts and jewelry to make ends meet. We lived in the basement of a person's home at the beginning.
Through many years, they were able to open one gift store in a shopping center, and then eventually one in the shopping mall, and my brother and I would help watch that store, because we were free labor. Eventually they expanded to six stores.
So in my mind, they achieved the American dream. They went from being poor to having a home, and gave my brother and I an amazing education. That's one reason I joined the U.S. Air Force on active duty, and one of the reasons I choose to still remain in the reserves, because I believe I can never give back to America everything this amazing country has given to me.
And it's one reason I love politics, because it's a way to ensure the door remains open to people who want to succeed.
Examiner: In terms of SS7, have you submitted any inquiries to intelligence officials about what was known or when?
Lieu: I've asked for an investigation from Congress. I'm pleased that the Energy and Commerce Committee has gone forward and issued letters to some companies asking for explanations about the SS7 flaw, and that the [Federal Communications Commission] announced last week it was going to investigate.
We're going to see as well whether the Oversight Committee will. I'm in the minority party, so I don't make these decisions, but I'm pleased there's already significant interest.
Examiner: You've been talking about having members of Congress switch to WhatsApp so that they have end-to-end encryption. In similar news, the Pentagon's Defense Advanced Research Projects Agency recently opened a bidding process for contractors interested in developing an application with even more advanced security and encryption. Is that overdue?
Lieu: My first point is, I'll bet you that DARPA proposal does not include a backdoor for FBI access. My view is that we need to increase encryption. I support DARPA's proposal. We need to go to strong encryption, no vulnerabilities, no backdoors. It's important for U.S. national security, it's important for e-commerce, for banking, for many aspects of our daily lives. Encryption is central to the Internet, central to society.
Examiner: You're one of just four members with computer science degrees. Most members are not as technically literate. On a scale of one-10, how secure would you say the average member of Congress would be in the event they were targeted for hacking by a country like China?
Lieu: With 10 being very secure and one being not, I would say about a two. I do want to commend the House CIO's office for doing very good briefings for members of the freshman class. I remember coming in during orientation, they told us about how they protect our offices and the good work they do every day to protect the House's data systems and emails and desktops from being hacked.
I do note that when it comes to mobile devices, we are in the dark ages in terms of giving information to members about how they can protect themselves and in protecting members. Right now, you can go to a Starbucks or hotel or any place that has Wi-Fi, and if you accidentally log on to a hacker's spoofed network, then every protection that we get goes out the window. They immediately have everything on that phone, the emails, everything that we try so hard to protect.
Just very basic cybersecurity protections in terms of things that members and staff should not do, we do not get very much training on, especially in terms of mobile devices. So with the SS7 flaw, right now, pretty much any foreign government can listen in on any cell phone, including members of Congress, their staff, everyday Americans, CEOs of companies, head coaches of football teams, it doesn't really matter.
The response I've seen from industry is bizarre. One of the responses is that your average hacker can't get this, it has to be a foreign government. Well, let's keep in mind what a foreign government means. It means Iran, China, Russia. Do you really want Vladimir Putin's government listening in on the cell phone conversations of members of Congress, or a criminal syndicate the government is working with?
The potential for blackmail, the potential for release of information that foreign governments shouldn't get, is extraordinary. And as we sit here today, I have yet to see a single alert being issued by anyone in government saying, "We might actually want to do things differently when it comes to mobile devices," and how members and their staff and other people communicate.
Examiner: Congress is looking at renewing Section 702 of the Foreign Intelligence Surveillance Act, which authorizes the bulk collection of data on the Internet and sunsets at the end of next year. What's your position on that?
Lieu: Every day, our intelligence agencies protect America from harm, and their employees do amazing work. They're patriotic. I have no problem with our intelligence agencies doing whatever they need to do to collect information on foreign nationals.
What concerns me is when intelligence collection starts happening on innocent U.S. citizens. To me, that has always been the problem.
I have no issue if the NSA wants to seize and search the phone records of a foreign national. What I have a problem with is when they ran a program seizing the phone records of all Americans. That to me was a violation of the Fourth Amendment.
My concern has always been making sure that our intelligence agencies do what their mission is, which is to acquire intelligence on foreign nationals, adversaries, governments, but not the domestic criminal surveillance that law enforcement is charged with doing.
Examiner: You're very sympathetic to the privacy lobby. Do you think Edward Snowden should be pardoned for his role in exposing the NSA's programs?
Lieu: If all Edward Snowden did was to let the American people know that all their phone records were being seized and then potentially searched, then yes, I'd think he should be pardoned as a whistleblower. But that's not all he released.
He also released a large amount of information that has damaged national security, and for that he should not be pardoned. He did violate laws of the United States, and he should be treated as anyone else who violated the law.
So in my opinion, he went far beyond being a whistleblower.
Examiner: He and Hillary Clinton both face charges of exposing classified information under the Espionage Act. Snowden has made several statements on Twitter suggesting that if Clinton is not charged, it amounts to him being held to a double standard. What's your response to that?
Lieu: There is zero evidence that the former secretary of state violated any U.S. laws, just as there's zero evidence that former secretaries violated any laws. It's pretty clear Snowden did, so for him to even make that analogy shows that even today he does not understand the gravity of what he did. He didn't just talk about the seizure of American phone records. He went way beyond that and released a lot of information that damaged national security.
Examiner: What's on your recommended reading list?
Lieu: Tuesdays with Morrie is a good book for your soul. Game of Thrones is a good book to take you away. I love that show and that series, and to me it's like Congress, except that people die.
I would also recommend The Martian. I get it was made into a movie, but the book very graphically, and step-by-step, illustrates how we can get to Mars and land a human being. And that's very exciting. I would just put it out there that this is something the human race can do within this generation.