Cybersecurity Archives - Page 38 of 88

Friday Morning: Mi Ritmo

May 20, 2016/9 Comments/in automobiles, Climate Change, Culture, Cybersecurity /by Rayne

Oye como va
Mi ritmo
Bueno pa gozar
Mulata

— excerpt, Oye Como Va by Tito Puente

This Latin jazz song was on the very first album I owned — Santana’s Abraxas. I have no idea what possessed my father to select this way back in 1971 because he’s not musically inclined. I prefer to think he was persuaded by the music store staff to buy it for me rather than think the cover art did it for him. To this day I don’t dare ask; I’d rather live with my illusion.

Perhaps he simply liked Oye Como Va by Tito Puente and decided I needed it. Maybe that’s what he wanted to listen to when I played the album over and over again, ad nauseam. The song is still easy to listen to even when played by a septuagenarian, isn’t it? Though Puente probably still felt the same way about this song in his last live performance as he did when he first recorded it in 1963.

The personal irony I’m certain my father never considered: the last line is a reference to a mixed race “mulatto” woman. That’s me.

Vamos, amigos!

Wheels

South Korea frustrated by Volkswagen’s response to Dieselgate (Yonhap) — Hard to tell how many VW passenger diesel cars with the emissions controls defeat tech have been sold in South Korea to date. Last year’s sales of 35,700 suggest VW needs to exert itself a little more than offer to recall a total 125,000 cars.

Technology Trends

Breakthrough in memory technology could change computing dramatically (IBM via YouTube) — I’m still trying to wrap my head around this; could be the simplicity of the underlying science seems so obvious I can’t understand why it wasn’t discovered sooner. Using polycrystalline rather than amorphous material, more data can be stored and in a manner which is stable and not prone to loss when electricity is cut. This technology could replace DRAM at flash memory prices. Imagine how quickly systems could begin processing if they could avoid seeking programs and data.
Google’s annual I/O event chary on enterprise computing (ComputerWorld) — Wonder if Google executives’ expressed intent to focus on the enterprise is a veiled threat directed at Oracle? The I/O annual conference didn’t have enough enterprise applications to satisfy the curious; is Google holding back? Or are there pending acquisitions to fill this stated intent, ones not yet ready for publication? I wouldn’t be surprised to see Google launch something on par with Salesforce or Zoho very soon. Google Drive components already compete with or are integrated with some of those Zoho offers in its small business offering.
Android’s coming to Chromebooks — finally! (Google Blog) — I’ve put off buying another laptop until this happened, guess I’ll look at the first three models on which developers will focus their development. The applications available for Android phones have been mind-boggling in number; it’d be nice to have the same diversity of selection for laptops. And then maybe desktops in the not-too-distant future? That would really make a dent in enterprise computing.

Cybersec

Security camera not password protected? Police may be able to tap it (Engadget) — Love the subhead: “Don’t worry, it’s supposed to be for a good cause.” Just add the invisible snark tag. Purdue University researchers found surveillance cameras could be tapped to allow law enforcement to monitor a crime scene. I don’t know about you but this sounds like a backdoor, not a convenient vulnerability. If the police can use it soon, who might already be using it?
Qualcomm mobile chip flaw leaves 60% of Android devices exposed (Threatpost) — Not good, especially since this boo-boo may affect both oldest and newest Android versions. But a malicious app is required to take advantage of this flaw, unlike the Stagefright exploit. Android has already issued a patch; the problem is getting it to all affected devices.
LinkedIn’s 2012 breach yielded info on more than 100 million accounts (Motherboard) — Only 6.5 million accounts were initially breached — but that’s only the first batch published online. The actual haul from 2012 was at least 117 million accounts, now for sale for a mere five bitcoins or $2200. Are you a LinkedIn user? Time to check Have I Been Pwned? to see if your account is among those in the breach.

Climate Crises

Record high temp of 51C (124F) recorded in India (The Register) — Drought continues as well; article notes, “Back in India, relief from the heat is expected when the annual monsoon hits. The cooling rains generally arrive in mid-June.” Except that with a monster El Nino underway, the amount of rain and cooling will depart from average.
Polymath Eleanor Saitta considers climate change and comes to some grim, mortal conclusions (Storify by @AnthonyBriggs) — If you’re a policymaker, you’d better worry about dealing effectively with climate refugees and deaths in the millions. Maybe billions. Refugees from Syria will look like a minuscule blip. If you’re not terrified, you should be.

Looks like it’s going to be a lovely late spring weekend here — hope you’re going to have a nice one, too. See you Monday!

Wednesday Morning: Meet Me on the Floor

May 18, 2016/6 Comments/in automobiles, Culture, Cybersecurity /by Rayne

I admit it, I’ve betrayed my kind. I’ve been remiss in my responsibilities, haven’t been equitable.

To fix that, you need a dose of estrogen, stat. This morning’s medication is Veruca Salt’s Volcano Girls.

Feel better soon, eh?

Wheels
Mitsubishi’s Tetsuro Aikawa to leave, asks Nissan to name replacement (Bloomberg) — Announcement comes six days after Nissan announced it would buy a controlling interest in Mitsubishi. Nissan’s CEO Carlos Ghosn indicated he does not intend to subsume and phase out the Mitsubishi brand; this may have encouraged Aikawa he was leaving the company in good hands. I wouldn’t bet on some overlap between Nissan/Mitsubishi being eliminated.

Suzuki apologized for using the wrong fuel economy tests (Reuters) — Suzuki says it didn’t need to change its declared mileage data based on correct testing. I sure hope independent testing confirms this, though I suspect the same study which revealed Volkswagen’s cheat would have indicated additional validation needed.

Volkswagen says it will focus on profitability, pronto (Bloomberg) — Investors are restless and complaining about VW’s recalcitrance toward cost cutting in light of 16 billion euros it set aside for fixes and claims due to Dieselgate. Executives’ pay is on the butcher’s block. More than a little overdue as VW execs knew about the emissions controls defeat’s detection two years ago.

Forensic scientist reports to NHTSA Chevrolet’s dangerous cruise control problem (Zdziarski’s blog) — PAY ATTENTION TO THIS IF YOU’RE A LATE MODEL CHEVROLET OWNER. Read the linked post; Chevrolet’s response is deplorable, asking drivers to modify behavior rather than supply/fix product to work as documented and sold.

The (Fossil Fuel) Business
Goldman Sachs downgrades stocks to neutral while going bullish on oil (Bloomberg) — I like the subhead on this article: “Too many things to worry about.” ~LOL~ Excess valuation, lower growth, “a wall of stock market worries” encouraged the bear move. Things not explicitly mentioned: the U.S. and Australian elections and Brexit referendum outcome.

But…bullishness on oil out of whack (MarketWatch) — Another LOL-ish subhead today: “The fine print shows Goldman analysts believe oil will struggle to easily top $50.” So GS is telling its clients to reduce excess oil holdings while conditioning overall market to firm up what’s in their clients’ portfolios? ~smh~ Just as above, not mentioned in this take are any elections/referendums.

Note, too, that neither of these reports mentions Iran.

Anadarko Petroleum downgraded to neutral by Credit Suisse (Trade Calls) — You want another confusing take on fossil fuels? Read this article. Supports MarketWatch’s calling out GS on oil, though Anadarko also includes natural gas.

Total SA’s CEO Pouyanne pooh-poohs France’s ban on shale gas (Bloomberg) — Man, this dude is as arrogant as his predecessor. France could simply outlaw any imports without a certificate of origin, and force the industry to figure it out. Yet another article that doesn’t mention Iran, which sits on one of the largest natural gas reserves in the world. Pouyanne’s predecessor was cozy with Iran, too. So why all the attitude about North American shale gas imports?

Artificial Intelligence
Hedge fund used AI to pick through Fed Reserve’s minutes (Business Insider) — Using AI gleaned from a competition it hosted, Two Sigma fund analyzed the Fed Reserve. The app used Natural Language Processing and found some interesting trends. Wonder if the results would be different using Google’s SyntaxText open sourced this past week?

NSFWhut?
Cynically opportunistic marketing push promotes so-called ‘anti-Zika’ condoms (IBTImes-AU) — Pharmaco Starpharma Holdings and condom-maker Ansell will give Australia’s Olympians “Dual Protect” condoms lubricated with VivaGel for “almost 100-percent anti-viral protection” against Zika. Never let a perfectly good health crisis go to waste, right?

CDC says any condom will work against Zika (MarketWatch) — Yeah. That. I said this already: condoms are recommended for other viral STIs like herpes and HIV, will work fine for Zika, no special anti-Zika condom required. But you have to use the consistently and for at least six months after exposure to Zika since the virus can remain in men’s reproductive system for at least that long after infection.

ONE company will release condoms in 56 different sizes (Glamour) — Holy schnikes. This is a broader range of sizes than men’s off-the-rack suits. No excuses about not wearing condoms, there will be one bound to fit gents. Would be nice if ONE could hit the market with these in Brazil before the Olympics. (And don’t turn your nose up at Glamour. It’s one of the better articles I read today, includes some good links.)

There’s enough material to get you over the hump. Catch you in the morning tomorrow!

SEC Says Hackers Like NSA Are Biggest Threat to Global Financial System

May 18, 2016/4 Comments/in Cybersecurity, Financial Fraud /by emptywheel

Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.

Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

After which point, James Clapper started pointing to similar attacks as a major global threat.

I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.

Tuesday Morning: Speed of Love

May 17, 2016/12 Comments/in Culture, Cybersecurity /by Rayne

This video fascinates me. I’ve watched it a number of times since Nerdist shared it last month; it’s the 24-minute long set by Freddie Mercury and Queen at the 1985 Live Aid concert held in Wembley Stadium.

Nerdist noted the audience’s response reflects the speed of sound — the visible ripple of fans’ hands speeds across the crowd in response to the sound as it leaves the stage area and travels across the venue. The gif they shared was taken about 16:37 into this set, just as the band begins We Will Rock You.

I think there was more at work here because earlier snaps of the audience reaction during Radio Gaga (roughly 4:25 onward) don’t show the same marked wave across the crowd. But several points in the set Mercury interacts with the audience, coaxing them to sing and shout along with him.

And then at 16:35 when he begins We Will Rock You, the crowd is completely in sync with him. They adore him and are utterly engaged. The wave is not just sound but their feeling for Mercury and his performance.

Can you imagine a politician who could induce such a response?

Cybersecurity
Adobe Flash must die, and Google’s slowly exterminating it in Chrome (Ars Technica) — By year’s end, Flash will be disabled by default in Google’s Chrome browser. It will only play when manually enabled. All part of the slow migration to HTML5 away from risky Flash.

Antivirus app halts heart surgery (Ars Technica-UK) — Holy crap. Why does medical equipment need antivirus software to begin with, let alone how does an A/V app launch and run during surgery?

Artificial Intelligence
Dude, that female TA you hit on? An AI bot (Sydney Melbourne Herald) — Wow. Future’s already here and you can’t tell you’ve been dissed by both your prof and the chick-bot-TA.

A series of tubes
Remote healthcare not ready for prime time (ScienceDaily) — Study using fake patients to test direct-to-consumer teledermatology remote health care systems found security problems with IDs, poor-to-bad assignment of clinicians, many errors made in major diagnoses, insufficient warning to pregnant patients when meds prescribed, just for starters. Think of this as Healthcare Internet of Things Fail.

Super. Fast. Wireless. Internet. Coming. To. YOU! Really? (MIT Technology Review) — Ugh, so breathless with excitement they are about this startup called Starry. I was, too, initially, but we’ve been told this crap for more than a decade. Since this requires the cooperation of Verizon, AT&T, Facebook, and Google to standardize on this platform AND reception relies on line-of-sight, I’m not holding my breath.

The Business
New business for Amazon to tackle: its own private label groceries (Techcrunch) — Amazon doesn’t want to leave a penny on the table. If customers are too price sensitive to click their Dash button for a big name brand consumer good, they’ll offer their own instead. Prime accounts only, though; first goods will be heavy on baby needs, which makes sense given parents are often a captive audience.

Norway’s sovereign (oil) wealth fund to sue Volkswagen (AP) — Fossil fuel-created fund owns 1.64% stake in Volkswagen. It’s suing to protect its assets exposed by VW’s emissions controls cheat. Imagine me laughing at oil suing a car company for the manner in which it promulgated oil consumption.

Norway’s Statoil to launch first floating wind farm (Bloomberg) — This company is well ahead of Shell when it comes to diversifying energy production.

Flint Water Crisis
Michigan’s top law enforcement agent unaware of Michigan State Police “quiet investigation” (WZZM) — Still scratching my head over this one. Why did the governor ask MSP to conduct an administrative — not criminal — investigation, omitting the state attorney general? And who’s conducting a genuine criminal investigation, including the governor’s role?

Gender Equity
Toy maker(s) insisted Iron Man 3 movie must have male, not female villain (The Mary Sue) — In other words, Marvel’s big sweeping superhero movies are really just very long trailers to sell boys’ toys. Girls and women need not apply. I have no idea how they can make a decision based on any realistic data given the dearth of female villains on screen and in toys. Is this just some lame argument for inequity in front and behind the camera?

Running behind, probably read too much today and swamped my processing circuits. Hope mid-week becomes a little more focused — catch you tomorrow!

Thursday Not-Morning: Stupid

May 12, 2016/11 Comments/in Culture, Cybersecurity /by Rayne

Jeepers. I need hip waders. There is just so damned much stupid over the last 24 hours. It’s a veritable flood.

The Future is here, and it’s stupid

Law firm “hires” first artificially intelligent lawyer (Futurism) — Oh how nice. Treat human misery like a fungible commodity by using IBM’s AI ‘lawyer’ Ross to process bankruptcies. Want to bet it’s cheaper to hire paralegals to do the work Ross does? Want to bet Baker & Hostetler’s Ross will be replaced by a competing internet-based firm processing bankruptcies even more inexpensively? Hey Congress: doesn’t it say something to you about the number and kind of bankruptcies when a ‘robot’ can process them?
Facial recognition expected to be $6 billion by 2020 (Curatti) — No invasion of privacy issues there, nor any security risks whatsoever. No chance at all two or more people have the same facial characteristics in terms of dimension.
Chinese tech company prepares for future where our consciousness lives forever in a computer (Bloomberg) — This is really creepy, and yet very much possible in the near-term future. If AI can nearly reproduce you from your social media, why can’t it replicate your consciousness?

The Past remains, and it’s stupid, too

Staffing company Portico sent home a receptionist for not wearing high heels (BBC) — A petition emerged in response, asking Parliament to outlaw such policies; 100,000 signatures mustered overnight. They’ve reversed their position today after a furor arose about their policy requiring women to wear 2-4 inch high heels on the job at a PriceWaterhouse Cooper facility. PwC says it’s not their policy. Come on now — it’s 2016, not 1956. It’s just plain stupid to ask workers of a specific gender to wear attire for looks — attire which causes discomfort and is not recommended by doctors.
Belgian beer company changes iconic American brand name to pander to voters (AdAge) — Take one of the oldest and most recognized U.S. brands on which hundreds of millions of dollars have been spent to entrench an immigrant’s name into the American psyche. Then remove it and replace it with the country’s name for six months. My gods, the stupid on this one. Fortunately a West Michigan brewer is taking advantage of this opportunity with ‘Murica! I could use one right about now.
Some SAP accounting software users attacked because they screwed up in 2010 (The Register) — Talk about time travel. I’m sure there’s some folks who’d like to go back to 2010 and execute that security patch correctly this time before hackers smite their business to smithereens.

The Present’s no gift

Don’t feed the sea turtles (Scientific American) — Surprise! When tourists feed junk food to sea turtles, the turtles’ health mirrors that of humans fed the same crap.
Study: Ransomware cybercriminals provide better, faster service than internet service providers (Nature) — Not even a rational comparison next to Comcast. Seems like there’s a market opportunity here; if crooks held a machine hostage AND offered a PC tune-up, would PC owners happily fork over cash? Hmm.
Marijuana use during pregnancy increases risk for pre-term birth (ScienceDaily) — What a surprise that a psychoactive drug combined with toxic by-products from smoking a plant product might have negative effects on pregnancy.

Ugh. Hope tomorrow is kinder to us. See you in the morning!

Wednesday Morning: Wandering

May 11, 2016/4 Comments/in automobiles, Climate Change, Culture, Cybersecurity /by Rayne

This music video is the result of an insomniac walkabout. I went looking for something mellow I hadn’t heard before and tripped on this lovely little indie folk artistry. Not certain why I haven’t heard Radical Face before given how popular this piece is. I like it enough to look for more by the same artist.

Let’s go wandering…

Volkswagen: 3.0L fix in the offing, but too late for EU and the world?

New catalytic converter may be part of so-called fix for VW and Audi 3.0L vehicles (Bloomberg) — The financial hit affected dividend as reserve for fix/recall/litigation was raised from 6.7B to 16.2B euros. VW group will not have a full explanation about Dieselgate’s origins and costs to shareholders until the end of 2016.
But Netherland’s NO2 level exceeds the 40 microgram threshold in 11 locations, violating EU air pollution standards (DutchNews) — Locations are those with high automobile traffic.
UK government shoveled 105,000 pounds down legal fee rat hole fighting air pollution charges (Guardian-UK) — Look, we all know the air’s dirty. Stop fighting the charges and fix the mess.
UK’s MPs already said air pollution was a ‘public health emergency’ (Guardian-UK) — It’s killing 40-50,000 UK residents a year. One of the approaches discussed but not yet in motion is a scrapping plan for dirty diesel vehicles.
Unfortunately global CO2 level at 400 ppm tipping point, no thanks to VW’s diesel vehicles (Sydney Melbourne Herald) — Granted, VW’s passenger vehicles aren’t the only source, but cheating for nearly a decade across millions of cars played a substantive role.

Mixed government messages about hacking, encryption, and cybersecurity enforcement
Compare: FBI hires a “grey hat” to crack the San Bernardino shooter’s iPhone account, versus FCC and FTC desire for escalated security patching on wireless systems. So which is it? Hacking is good when it helps government, or no? Encryption is not good for government except when it is? How do these stories make any sense?

State of Florida prosecuting security researcher after he revealed FL state’s election website was vulnerable (Tampa Bay Times) — Unencrypted site wide-open to SQL “injection attack” allowed research to hack into the site. Florida arrests him instead of saying thanks and fixing their mess.
UK court rules hacker does not have to give up password (Guardian-UK) — Computer scientist and hacker activist Lauri Love fights extradition to U.S. after allegedly stealing ‘massive quantities’ of data from Fed Reserve and NASA computers; court ruled he does not have to give up password for his encrypted computers taken into custody last autumn.
SWIFT denies technicians left Bangladeshi bank vulnerable to hacking (Reuters) — Tit-for-tat back and forth between Bangladesh Bank and SWIFT as to which entity at fault for exposures to hacking. Funny how U.S. government is saying very little about this when the vulnerability could have been used by terrorists for financing.

Well, it’s not quite noon Pacific time, still morning somewhere. Schedule was off due to insomnia last night; hoping for a better night’s sleep tonight, and a better morning tomorrow. Catch you then!

James Clapper’s Latest Effort To Fearmonger about Snowden’s Damage

May 11, 2016/8 Comments/in Cybersecurity, EO 12333, FISA /by emptywheel

In addition to getting him to admit the US can’t fix the Middle East but we have to stay because our “leadership” is needed there, in this column David Ignatius asked James Clapper, again, about how much damage Edward Snowden has caused.

Clapper said the United States still can’t be certain how much harm was done to intelligence collection by the revelations of disaffected National Security Agency contractor Edward Snowden. “We’ve been very conservative in the damage assessment. Overall, there’s a lot,” Clapper said, noting that the Snowden disclosures made terrorist groups “very security-conscious” and speeded the move to unbreakable encryption of data. And he said the Snowden revelations may not have ended: “The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Let’s unpack this.

Clapper provides two pieces of evidence for damage:

Snowden disclosures have made terrorist groups “very security-conscious”
Snowden disclosures have “speeded the move” [by whom, it’s not entirely clear] to unbreakable encryption

That’s a bit funny, because what we saw from the terrorist cell that ravaged Paris and Belgium was — as The Grugq describes it — “drug dealer tradecraft writ large.” Stuff that they could have learned from watching the Wire a decade ago, with a good deal of sloppiness added in. With almost no hints of the use of encryption.

If the most dangerous terrorists today are using operational security that they could have learned years before Snowden, then his damage is not all that great.

Unless Clapper means, when he discusses the use of unbreakable encryption, us? Terrorists were already using encryption, but journalists and lawyers and US-based activists might not have been (activists in more dangerous places might have been using encryption that the State Department made available).

Neither of those developments should be that horrible. Which may be why Clapper says, “We’ve been very conservative in the damage assessment” even while insisting there’s a lot. Because this is not all that impressive, unless as Chief Spook you think you should have access to the communications of journalists and lawyers and activists.

I’m most interested, however, in this escrow idea.

“The assumption is that there are a lot more documents out there in escrow [to be revealed] at a time of his choosing.”

Snowden and Glenn Greenwald and Laura Poitras and Bart Gellman have said about a zillion times that Snowden handed everything off before he went to Russia. And everyone who knows anything about Russia would assume if he brought documents there, Putin has had them for almost 3 years.

Sure, there are surely documents that reporters have that, reviewed in the future by other people, may result in new disclosures. But the suggestion that Snowden himself is asking the journalists to hold back some of the documents “in escrow” is rather curious. Why would Snowden withhold documents until such time that the technology behind disclosures would be out of date.

I mean, it’s useful as a basis to claim that Snowden will continue to damage the IC when there’s actually not that much evidence he already has. But it doesn’t make much sense to me.

Ah well. In the article Clapper says he’ll be around for 265 days, which means around February 9 of next year, someone else will take up fearmongering about Edward Snowden.

Tuesday Morning: Garbage in, Garbage out [UPDATE]

May 10, 2016/27 Comments/in Culture, Cybersecurity /by Rayne

Why’d I pick this music video, besides the fact I like the tune? Oh, no reason at all other than it’s trash day again.

Speaking of trash…

Facebook furor just frothy foam?
I didn’t add yesterday’s Gizmodo piece on Facebook’s news curation yesterday or the earlier May 3 piece because I thought the work was sketchy. Why?

The entire curation system appears to be contractors — Where is a Facebook employee in this process?

“…News curators aren’t Facebook employees—they’re contractors. One former team member said they received benefits including limited medical insurance, paid time off after 6 months and transit reimbursement, but were otherwise excluded from the culture and perks of working at Facebook. […] When the curators, hired by companies like BCForward and Pro Unlimited (which are then subcontracted through Accenture to provide workers for Facebook), arrive at work each day, they read through a list of trending topics ranked by Facebook’s algorithm from most popular (or most engaged) to least. The curators then determine the news story the terms are related to.

The news curation team writes headlines for each of the topics, along with a three-sentence summary of the news story it’s pegged to, and choose an image or Facebook video to attach to the topic. The news curator also chooses the “most substantive post” to summarize the topic, usually from a news website. […] News curators also have the power to “deactivate” (or blacklist) a trending topic—a power that those we spoke to exercised on a daily basis. …” (emphasis mine)

I see a Facebook-generated algorithm, but no direct employees in the process — only curator-contractors.
Sources may have a beef with Facebook — This doesn’t sound like a happy work environment, does it?

“…Over time, the work became increasingly demanding, and Facebook’s trending news team started to look more and more like the worst stereotypes of a digital media content farm.

[…]

Burnout was rampant. ‘Most of the original team isn’t there anymore,’ said another former news curator. ‘It was a stop-gap for them. Most of the people were straight out of [journalism school]. At least one of them was fired. Most of them quit or were hired by other news outlets.’ …” (emphasis mine)

It’s not as if unhappy contractors won’t have newsworthy tips, but what about unhappy Facebook employees? Where are they in either of Gizmodo’s pieces?
Details in the reporting reveal bias in the complainant(s) — So far I see one reference to a conservative curator, not multiple conservative curators.

“Facebook workers routinely suppressed news stories of interest to conservative readers from the social network’s influential “trending” news section, according to a former journalist who worked on the project.

[…]

Other former curators interviewed by Gizmodo denied consciously suppressing conservative news, and we were unable to determine if left-wing news topics or sources were similarly suppressed. The conservative curator described the omissions as a function of his colleagues’ judgements; there is no evidence that Facebook management mandated or was even aware of any political bias at work. …”

Note the use of “a” in front of “former journalist” and “the” in front of “conservative curator.” (Note also Gizmodo apparently needs a spell check app.)
No named sources confirming the validity of the complaints or other facts in Gizmodo’s reporting — Again, where are Facebook employees? What about feedback from any of the companies supplying contractors; did they not hear complaints from contractors they placed? There aren’t any apparent attempts to contact them to find out, let alone anonymous confirmation from these contract companies. There are updates to the piece yesterday afternoon and this morning, including feedback from Vice President of Search at Facebook, Tom Stocky, which had been posted at Facebook. Something about the lack of direct or detailed feedback to Gizmodo seems off.
Though named in the first of two articles, Facebook’s managing editor Benjamin Wagner does not appear to have been asked for comment. The May 3 piece quotes an unnamed Facebook spokesperson:

When asked about the trending news team and its future, a Facebook spokesperson said, “We don’t comment on rumor or speculation. As with all contractors, the trending review team contractors are fairly compensated and receive appropriate benefits.”

I’m disappointed that other news outlets picked up Gizmodo’s work without doing much analysis or followup. Reuters, for example, even parrots the same phrasing Gizmodo used, referring to the news curators as “Facebook workers” and not contract employees or contractors. Because of this ridiculous unquestioning regurgitation by outlets generally better than this, I felt compelled to write about my concerns.

And then there’s Gizmodo itself, which made a point of tweeting its report was trending on Facebook. Does Gizmodo have a beef with Facebook, too? Has it been curated out of Facebook’s news feed? Are these two pieces really about Facebook’s laundering of Gizmodo?

I don’t know; I can’t tell you because I don’t use Facebook. Not going to start now because of Gizmodo’s sketchy reporting on Facebook, of all things.

Miscellany
Just some odd bits read because today is as themeless as yesterday — lots of garbage out there.

SAS Confidential: Unpacking @AcademicsSay, Part 1 (SAS blog) — This is just good fun and yet it’s an incredibly educational collection of insights into the creation of a popular microblog. Worth a read.
Five Solomon Islands have sunk below sea level (CNN) — This climate change stuff isn’t bullshit. It’s affecting entire cultures with permanent displacement beginning now.
FCC and FTC want security patches from wireless providers yesterday (CNET) — If not sooner. Maybe these patches would have been done already if these firms hadn’t needed to redirect resources to responding to USDOJ’s encroachment on encryption…
Amazon’s new Video Direct goes after Google’s YouTube’s user-created videos (Investor’s Business Daily) — Amazon’s throwing out some monetary chum, too, offering to split a monthly pot of $1M among the creators of most popular videos. This could rock indie film distribution.

Skepticism: I haz it
As I read coverage about news reporting and social media leading up to the general election, I also keep in the back of my mind this Bloomberg report, How to Hack an Election:

As for Sepúlveda, his insight was to understand that voters trusted what they thought were spontaneous expressions of real people on social media more than they did experts on television and in newspapers. […] On the question of whether the U.S. presidential campaign is being tampered with, he is unequivocal. “I’m 100 percent sure it is,” he says.

Be more skeptical. See you tomorrow morning!

UPDATE — 1:30 P.M. EDT —

‏@CNBCnow
JUST IN: Senate Commerce Commtitte chair sends letter to Facebook’s Mark Zuckerberg seeking answers on alleged manipulation of trending news

ARE YOU FUCKING KIDDING ME WITH THIS? THE SENATE GOING TO WASTE TAX DOLLARS ON THIS WHEN EVERY. SINGLE. NEWS. OUTLET. USES EDITORIAL JUDGMENT TO DECIDE WHAT TO COVER AS NEWS?

Cripes, Gizmodo’s ~~poorly sourced hit~~ piece says,

“…In other words, Facebook’s news section operates like a traditional newsroom, reflecting the biases of its workers and the institutional imperatives of the corporation. …”

Yet the Senate is going to pursue this ~~bullshit~~ story after Gizmodo relied on ONE conservative curator-contractor — and their story actually says an algorithm is used?

Jeebus. Yet the Senate will ignore Sheldon Adelson’s acquisition of the biggest newspaper in Las Vegas in a possible attempt to denigrate local judges?

I can’t with this.

UPDATE — 3:35 P.M. EDT —
The Guardian reports the senator wasting our tax dollars questioning a First Amendment exercise by Facebook is John Thune. Hey! Guess who’s running for re-election as South Dakota’s senior senator? Why it’s John Thune! Nothing like using your political office as a free press-generating tool to augment your campaign. I hope Facebook’s algorithm suppresses this manufactured non-news crap.

DOJ Confirms One or More Agencies Acted Consistent with John Yoo’s Crummy Opinion

May 9, 2016/4 Comments/in Cybersecurity, EO 12333 /by emptywheel

There’s a whiff of panic in DOJ’s response to ACLU’s latest brief in the common commercial services OLC memo, which was submitted last Thursday. They really don’t want to release this memo.

As you recall, this is a memo Ron Wyden has been hinting about forever, stating that it interprets the law other than most people understand it to be. After I wrote about it a bunch of times and pointed out it was apparently closely related to cybersecurity, ACLU finally showed some interest and FOIAed, then sued, for it. In March, DOJ made some silly (but typical) claims about it, including that ACLU had already tried but failed to get the memo as part of their suit for Stellar Wind documents (which got combined with EPIC’s suit for electronic surveillance documents). In response, Ron Wyden wrote a letter to Attorney General Loretta Lynch, noting a lie DOJ made in DOJ’s filings in the case, followed by an amicus brief asking the judge in the case to read the secret appendix to the letter he wrote to Lynch. In it, Wyden complained that DOJ wouldn’t let him read his secret declaration submitted in the case (making it clear they’re being kept secret for strategic reasons more than sources and methods), but asking that the court read his own appendix without saying what was in it.

Which brings us to last week’s response.

DOJ is relying on an opinion the 2nd circuit released last year in ACLU’s Awlaki drone memo case that found that if a significant delay passed between the time an opinion was issued and executive branch officials spoke publicly about it — as passed between the time someone wrote a memo for President Bush’s “close legal advisor” in 2002 about drone killings (potentially of American citizens) and the time Executive branch officials stopped hiding the fact they were planning on drone-killing an American citizen in 2010, then the government can still hide the memo.(I guess we’re not allowed to learn that Kamal Derwish was intentionally, not incidentally, drone-killed in 2002?)

This is, in my understanding, narrower protection for documents withheld under the b5 deliberative privilege exemption than exists in the DC Circuit, especially given that the 2nd circuit forced the government to turn over the Awlaki memos because they had been acknowledged.

In other words, they’re trying to use that 2nd circuit opinion to avoid releasing this memo.

To do that they’re making two key arguments that, in their effort to keep the memo secret, end up revealing a fair amount they’re trying to keep secret. First, they’re arguing (as they did earlier) that the ACLU has already had a shot at getting this memo (in an earlier lawsuit for memos relating to Stellar Wind) and lost.

There’s just one problem with that. As I noted earlier, the ACLU’s suit got joined with EPIC’s, but they asked for different things. ACLU asked for Stellar Wind documents, whereas EPIC asked more broadly for electronic surveillance ones. So when the ACLU argued for it, they were assuming it was Stellar Wind, not something that now appears to (also) relate to cybersecurity.

Indeed, the government suggests the ACLU shouldn’t assume this is a “Terrorist Surveillance Program” document.

7 Plaintiffs conclude that the OLC memorandum at issue here must relate to the Terrorist Surveillance Program and the reauthorization of that program because the attorney who authored the memorandum also authored memoranda on the Terrorist Surveillance Program. Pls.’ Opp. at 10. The fact that two OLC memoranda share an author of course establishes nothing about the documents’ contents, nature, purpose, or effect.

Suggesting (though not stating) the memo is not about TSP is not the same as saying it is not about Stellar Wind or the larger dragnets Bush had going on. But it should mean ACLU gets another shot at it, since they were looking only for SW documents the last time.

Which is interesting given the way DOJ argues, much more extensively, that this memo does not amount to working law. It starts by suggesting Wyden’s filing arguing a “key assertion” in the government’s briefs is wrong.

3 Senator Wyden asks the Court to review a classified attachment to a letter he sent Attorney General Loretta Lynch in support of his claim that a “key assertion” in the Government’s motion papers is “inaccurate.” Amicus Br. at 4. The Government will make the classified attachment available for the Court’s review ex parte and in camera. For the reasons explained in this memorandum, however, the Senator’s claim of inaccuracy is based not on any inaccurate or incomplete facts, but rather on a fundamental misunderstanding of the “working law” doctrine.

In doing so, it reveals (what we already expected but which Wyden, but apparently not DOJ, was discreet enough not to say publicly) that the government did whatever this John Yoo memo said government could do.

But, it argues (relying on both the DC and 2nd circuit opinions on this) that just because the government did the same thing a memo said would be legal (such as, say, drone-killing a US person with no due process), it doesn’t mean they relied on the memo’s advice when they took that action.

The mere fact that an agency “relies” on an OLC legal advice memorandum, by acting in a manner that is consistent with the advice, Pls.’ Opp. at 11, does not make it “working law.” OLC memoranda fundamentally lack the essential ingredient of “working law”: they do not establish agency policy. See New York Times, 806 F.3d at 687; Brennan Center, 697 F.3d at 203; EFF, 739 F.3d at 10. It is the agency, and not OLC (or any other legal adviser), that has the authority to establish agency policy. If OLC advises that a contemplated policy action is lawful, and the agency considers the opinion and elects to take the action, that does not mean that the advice becomes the policy of that agency. It remains legal advice. 5

5 Nor could the fact that any agency elects to engage in conduct consistent with what an OLC opinion has advised is lawful possibly constitute adoption of that legal advice, because taking such action does not show the requisite express adoption of both the reasoning and conclusion of OLC’s legal advice. See Brennan Center, 697 F.3d at 206; Wood, 432 F.3d at 84; La Raza, 411 F.3d at 358.

Effectively, DOJ is saying that John Yoo wrote another stupid memo just weeks before he left, the government took the action described in the stupid memo, but from that the courts should not assume that the government took Yoo’s advice, this time.

One reason they’re suggesting this isn’t TSP (which is not the same as saying it’s not Stellar Wind) is because it would mean the government did not (in 2005, when Bush admitted to a subset of things called TSP) confirm this action in the same way Obama officials danced around hailing that they had killed Anwar al-Awlaki, which led to us getting copies of the memos used to justify killing him.

In short, the government followed Yoo’s advice, just without admitting they were following his shitty logic again.

Monday Morning: Scattered

May 9, 2016/18 Comments/in 2016 Election, 2016 Presidential Election, Culture, Cybersecurity /by Rayne

That’s how I feel this morning — my head feels like a bunch of scattered pictures lying on my bedroom floor. Can’t tell how much of this sensation is work hangover from a too-busy weekend, or a result of a themeless news morning.

Often as I browse my feeds I find narratives emerge on their own, bubbling up on their own. Today? Not so much. There are too many topics in flight, too many major stories juggled, too many balls in the air, everything’s a blur.

The biggest stories adrift and muddled are those in which elections are central:

U.S. primary season wrap-up and the general election ahead — and I’m not going to touch this topic with a 20-foot pole. Imma’ let better writers and statisticians handle it without me piling on.
The Philippines election — the leading candidate is alleged to encourage urban vigilante death squads to reduce crime.
Brexit — Britain votes on a referendum next month on whether to exit the EU. Brexit played a role in the election last week of London’s new mayor, Sadiq Khan, who also happens to be London’s first Muslim mayor.
Australia’s double-dissolution election — PM Malcolm Turnbull last week announced both the House of Representatives and the Senate would be dissolved and replaced in an election on July 2nd. Turnbull faces replacement depending on which party amasses the most power during the election. There have only been seven double dissolutions since Australia’s federation under its constitution in 1901.

Anyhoo…here’s some miscellaneous flotsam that caught my eye in today’s debris field.

Number of unique mobile device users: 5 BILLION (Tomi Ahonen) — Do read this blog post, the numbers are mind-boggling. And intelligence agencies want to map and store ALL of the communications generated by these numbers?
Browser company Opera just went after iOS market with VPN offering (PC World) — Opera already announced a free VPN to Windows and Linux users; today it targeted Apple users with a VPN for iOS (do note the limited country availability). Don’t feel left out, Android users, you’ll get a VPN offering from Opera soon.
Swarm of earthquakes detected at Mount St. Helens (KOMO) — The eight-week-long swarm has been likened to those in 2013 and 2014 due to fault slippage. An eruption may not be imminent.
Jihadi Gang Warfare (@thegruq at Medium) — A really good read about the Islamic militant gang in Brussels and how their amateurishness prevented even greater bloodshed in both Paris and Brussels. Unfortunately a primer on how not to do urban terror.
Google isn’t just feeding romance novels to its AI to teach it language (Le Monde) — ZOMG, it’s using them to teach it morals, too! That’s what Le Monde reported that Buzzfeed didn’t.

Valeurs morales

Deux chercheurs de Georgia Tech, Mark Riedl et Brent Harrison, vont encore plus loin. Selon eux, la littérature peut inculquer des valeurs morales à des programmes d’intelligence artificielle. « Nous n’avons pas de manuel rassemblant toutes les valeurs d’une culture, mais nous avons des collections d’histoires issues de ces différentes cultures », expliquent-ils dans leur article de recherche publié en février.

«Les histoires encodent de nombreuses formes de connaissances implicites. Les fables et les contes ont fait passer de génération en génération des valeurs et des exemples de bons comportements. (…) Donner aux intelligences artificielles la capacité de lire et de comprendre des histoires pourrait être la façon la plus efficace de les acculturer afin qu’elles s’intègrent mieux dans les sociétés humaines et contribuent à notre bien-être.»

Moral values

Two researchers from Georgia Tech, Mark Riedl and Brent Harrison, go even further. They believe literature can inculcate moral values in artificial intelligence programs. “We have no manual containing all the values of a culture, but we have collections of stories from different cultures,” they explain in their research article published in February.

“The stories encode many forms of implicit knowledge. Fables and tales were passing generation to generation the values and examples of good behavior. (…) Giving artificial intelligence the ability to read and understand stories may be the most effective way to acculturate them so they can better integrate into human society and contribute to our well-being.”

Gods help us, I hope they didn’t feed the AI that POS Fifty Shades of freaking Grey. Though I’d rather 90% of romance novels for morals over Lord of the Flies or The Handmaid’s Tale, because romance’s depiction of right and wrong is much more straightforward than in literary fiction, even the very best of it.

That’s quite enough trouble to kick off our week, even if it’s not particularly coherent. Catch you tomorrow morning!