Posts

Facebook’s Flip-Flop: Is It a Law Enforcement Thing?

Kash Hill has a fascinating story about a Facebook flip-flop over a story she reported yesterday.

It started when — as increasingly happens in her work — someone came to her with a scary problem. Facebook recommended he friend someone he had only just met for the first time at a meeting for parents of suicidal teens. In response, Facebook confirmed they do use co-location for such recommendations.

Last week, I met a man who was concerned that Facebook has used his smartphone location to figure out people he might know. After he attended a gathering for suicidal teens, Facebook recommended one of the other parents there as a friend, even though they seemingly had nothing else in common but being in the same place at the same time. He asked me whether Facebook was using location to figure out if people knew each other.

I was skeptical, because that seemed like such an egregious violation of privacy. On Friday, I emailed Facebook:

A Facebook user told me that he attended an event last week with people he’d never met before. The next morning, one of the people at the event came up as a suggested friend. They had no other ties beyond being in the same room the night before. Could their shared location have resulted in the suggestion?

A spokesperson responded, saying that location is one of the signals for “People You May Know.”

But then, as people started making a stink about this, Facebook reached out again and offered this oblique reversal.

Thus I reported that “Facebook is using your phone’s location to suggest new friends—which could be a privacy disaster.” The story garnered lots of negative feedback, with people upset about Facebook using their location information this way without telling them.

Then, on Monday night, the Facebook spokesperson reached out again, saying the company had dug into the matter and found that location isn’t currently used. She sent an updated statement:

“We’re not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you’ve imported and other factors.”

One part of this comment is easy: Facebook is not using locations you mark for yourself (so if I said I was in Grand Rapids, they wouldn’t use that to find new Grand Rapids friends for me). But it’s not really clear what they mean by “device location.” Determined by what? GPS? Cell tower? IP location? Wifi hotspot colocation?

Which got me thinking about the way that federal law enforcement (in both the criminal and FISA context, apparently) are obtaining location data from social media as a way to tie physical location to social media activity.

[Magistrate Stephen Smith] explained he had had several hybrid pen/trap/2703(d) requests for location and other data targeting WhatsApp accounts. And he had one fugitive probation violation case where the government asked for the location data of those in contact with the fugitive’s Snapchat account, based on the logic that he might be hiding out with one of the people who had interacted with him on Snapchat. The providers would basically be asked to to turn over the cell site location information they had obtained from the users’ phone along with other metadata about those interactions. To be clear, this is not location data the app provider generates, it would be the location data the phone company generates, which the app accesses in the normal course of operation.

Doing so with Facebook would be particularly valuable, as you could target an event (say, a meeting of sovereign citizens) and find out who had attended the meeting to see whose location showed up there. The application would be even more useful with PRISM, because if you were targeting meetings overseas, you wouldn’t need to worry about the law on location data.

In other words, I started wondering whether Facebook is using this application — and was perfectly willing to tell Hill about it — until the FBI or someone started complaining that people would figure out one of their favorite new law enforcement (and intelligence) methods.

Hill is still pressing Facebook for real answers (and noted that Facebook may be violating FTC rules if they are doing this, so expects answers from there if not from Facebook directly).

Still, I’m wondering if FBI is now telling our private spy companies they can’t reveal the techniques law enforcement most likes to rely on.

Wednesday: Get Bach

Summer bug laid me up. I’m indulging in the audio equivalent of tea with honey, lemon, and a shot of something to scare away the bug. A little cello playing by Yo-Yo Ma never fails to make me feel better.

This sweet video is enlightening, didn’t realize Ma had an older sister who was an accomplished musician at a tender age. Worthwhile to watch this week considering the blizzard of arguments about immigrants and refugees here and abroad.

And then for good measure, a second favorite added in the mix — Yo-Yo Ma and Itzhak Perlman together, performing Beethoven’s Triple Concerto Fantasy.

There. I feel a little better already.

Probably better than frustrated House Democrats led by Rep. John Lewis who are engaging in a sit-in protest on House floor demanding a vote on No-Fly-No-Buy gun control. If you want to watch the action, you’ll have to check social media. It’s said House GOP leadership ensured CSPAN cameras were shut off.

Diesel do you

  • Volkswagen streamlining offerings to cut costs, 40 makes on the chopping block (Bloomberg) — This is the old General Motors play that eventually killed Oldsmobile and Pontiac to reduce costs related to duplicative brands. Makes sense, especially if this hatchet job kills passenger diesels. Note the story says a fix may come later — uh-huh, like never? Because VW can’t handle the volume of required repairs OR the lack of actual clean diesel technology, OR both?
  • Testimony in S Korea: VW’s upper management may have ordered regulatory cheats (The Hankyoreh) — Story is focused on emissions controls defeat and approval process, but sound controls were also an issue in South Korea. Were those likewise suppressed by order of VW’s German head office?
  • Former CEO under investigation for securities fraud (Reuters) — Big investors want to know why it took a year for Winterkorn to act after the emissions controls defeat were made public by researchers. Bet there’s a link between Winterkorn’s notification of researchers’ findings and the destruction of emails.

Sigh, cyber, sigh

Wait, what?
Did you know Led Zeppelin is being sued over Stairway to Heaven? Allegedly a key riff in the famous 40-year-old tune was stolen, violating copyright. Forty years. ~smh~

Going back to a recumbent position. Stay braced for the outcome of the sit-in and Brexit vote tomorrow.

Wednesday Morning: Simple Past, Perfect Future

There are thirteen verb tenses in English. I couldn’t recall the thirteenth one to save my life and now after digging through my old composition texts I still can’t figure out what the thirteenth is.

If I have to guess, it’s probably a special case referring to future action. Why should our language be any more lucid than our vision?

Vision we’ve lost; we don’t elect people of vision any longer because we don’t have any ourselves. We vote for people who promise us bullshit based on illusions of a simple past. We don’t choose people who assure us the road will be hard, but there will be rewards for our efforts.

Ad astra per aspera.

Fifty-five years ago today, John F. Kennedy Jr. spoke to a join session of Congress, asking our nation to go to the moon. I was six months old at the time. This quest framed my childhood; every math and science class shaped in some way by the pursuit, arts and humanities giving voice to the fears and aspirations at the same time.

In contrast I look at my children’s experience. My son, who graduates this year from high school, has not known a single year of K-12 education when we were not at war, when terrorism was a word foreign to his day, when we didn’t worry about paying for health care because we’d already bought perma-warfare. None of this was necessary at this scale, pervading our entire culture. What kind of vision does this create across an entire society?

I will say this: these children also don’t recall a time without the internet. They are deeply skeptical people who understand how easy it is to manipulate information. What vision they have may be biased toward technology, but their vision is high definition, and they can detect bullshit within bits and pixels. They also believe we have left them no choice but to boldly go and build a Plan B as we’ve thoroughly trashed Plan A.

Sic itur ad astra. Sic itur ad futurum.

Still looking at past, present, and future…

Past

Present

Future

  • Comparing Apple to BlackBerry, developer Marco Arment frets for Apple’s future (Marco.org) — I can’t help laugh at this bit:

    …When the iPhone came out, the BlackBerry continued to do well for a little while. But the iPhone had completely changed the game…

    Not only is Arment worrying Apple hasn’t grokked AI as Google has, he’s ignored Android’s ~80% global marketshare in mobile devices. That invisible giant which hadn’t ‘completely changed the game.’

  • Ivanpah Solar Power Facility in the Mojave Desert caught fire (WIRED) — IMO, sounds like a design problem; shouldn’t there be a fail-safe on this, a trigger when temps spike at the tower in the wrong place? Anyhow, it looks like Ivanpah has other problems ahead now that photovoltaic power production is cheaper than buggy concentrated solar power systems.
  • Women, especially WOC, win a record number of Nebula awards for sci-fi (HuffPo) — Prizes for Novel, Novella, Novelette, Short Story and Young Adult Science Fiction and Fantasy works went to women, which is huge improvement given how many writers and readers are women and women of color. What does the future look like when a greater percentage of humans are represented in fiction? What does a more gender-balanced, less-white future hold for us?

Either I start writing late the night before, or I give up the pretense this is a * morning * roundup. It’s still morning somewhere, I’ll leave this one as is for now. Catch you tomorrow morning — maybe — or early afternoon.

Tuesday Morning: Garbage in, Garbage out [UPDATE]

Why’d I pick this music video, besides the fact I like the tune? Oh, no reason at all other than it’s trash day again.

Speaking of trash…

Facebook furor just frothy foam?
I didn’t add yesterday’s Gizmodo piece on Facebook’s news curation yesterday or the earlier May 3 piece because I thought the work was sketchy. Why?

  • The entire curation system appears to be contractors — Where is a Facebook employee in this process?

    “…News curators aren’t Facebook employees—they’re contractors. One former team member said they received benefits including limited medical insurance, paid time off after 6 months and transit reimbursement, but were otherwise excluded from the culture and perks of working at Facebook. […] When the curators, hired by companies like BCForward and Pro Unlimited (which are then subcontracted through Accenture to provide workers for Facebook), arrive at work each day, they read through a list of trending topics ranked by Facebook’s algorithm from most popular (or most engaged) to least. The curators then determine the news story the terms are related to.

    The news curation team writes headlines for each of the topics, along with a three-sentence summary of the news story it’s pegged to, and choose an image or Facebook video to attach to the topic. The news curator also chooses the “most substantive post” to summarize the topic, usually from a news website. […] News curators also have the power to “deactivate” (or blacklist) a trending topic—a power that those we spoke to exercised on a daily basis. …” (emphasis mine)

    I see a Facebook-generated algorithm, but no direct employees in the process — only curator-contractors.

  • Sources may have a beef with Facebook — This doesn’t sound like a happy work environment, does it?

    “…Over time, the work became increasingly demanding, and Facebook’s trending news team started to look more and more like the worst stereotypes of a digital media content farm.

    […]

    Burnout was rampant. ‘Most of the original team isn’t there anymore,’ said another former news curator. ‘It was a stop-gap for them. Most of the people were straight out of [journalism school]. At least one of them was fired. Most of them quit or were hired by other news outlets.’ …” (emphasis mine)

    It’s not as if unhappy contractors won’t have newsworthy tips, but what about unhappy Facebook employees? Where are they in either of Gizmodo’s pieces?

  • Details in the reporting reveal bias in the complainant(s) — So far I see one reference to a conservative curator, not multiple conservative curators.

    “Facebook workers routinely suppressed news stories of interest to conservative readers from the social network’s influential “trending” news section, according to a former journalist who worked on the project.

    […]

    Other former curators interviewed by Gizmodo denied consciously suppressing conservative news, and we were unable to determine if left-wing news topics or sources were similarly suppressed. The conservative curator described the omissions as a function of his colleagues’ judgements; there is no evidence that Facebook management mandated or was even aware of any political bias at work. …”

    Note the use of “a” in front of “former journalist” and “the” in front of “conservative curator.” (Note also Gizmodo apparently needs a spell check app.)

  • No named sources confirming the validity of the complaints or other facts in Gizmodo’s reporting — Again, where are Facebook employees? What about feedback from any of the companies supplying contractors; did they not hear complaints from contractors they placed? There aren’t any apparent attempts to contact them to find out, let alone anonymous confirmation from these contract companies. There are updates to the piece yesterday afternoon and this morning, including feedback from Vice President of Search at Facebook, Tom Stocky, which had been posted at Facebook. Something about the lack of direct or detailed feedback to Gizmodo seems off.
  • Though named in the first of two articles, Facebook’s managing editor Benjamin Wagner does not appear to have been asked for comment. The May 3 piece quotes an unnamed Facebook spokesperson:

    When asked about the trending news team and its future, a Facebook spokesperson said, “We don’t comment on rumor or speculation. As with all contractors, the trending review team contractors are fairly compensated and receive appropriate benefits.”

I’m disappointed that other news outlets picked up Gizmodo’s work without doing much analysis or followup. Reuters, for example, even parrots the same phrasing Gizmodo used, referring to the news curators as “Facebook workers” and not contract employees or contractors. Because of this ridiculous unquestioning regurgitation by outlets generally better than this, I felt compelled to write about my concerns.

And then there’s Gizmodo itself, which made a point of tweeting its report was trending on Facebook. Does Gizmodo have a beef with Facebook, too? Has it been curated out of Facebook’s news feed? Are these two pieces really about Facebook’s laundering of Gizmodo?

I don’t know; I can’t tell you because I don’t use Facebook. Not going to start now because of Gizmodo’s sketchy reporting on Facebook, of all things.

Miscellany
Just some odd bits read because today is as themeless as yesterday — lots of garbage out there.

Skepticism: I haz it
As I read coverage about news reporting and social media leading up to the general election, I also keep in the back of my mind this Bloomberg report, How to Hack an Election:

As for Sepúlveda, his insight was to understand that voters trusted what they thought were spontaneous expressions of real people on social media more than they did experts on television and in newspapers. […] On the question of whether the U.S. presidential campaign is being tampered with, he is unequivocal. “I’m 100 percent sure it is,” he says.

Be more skeptical. See you tomorrow morning!

UPDATE — 1:30 P.M. EDT —

@CNBCnow
JUST IN: Senate Commerce Commtitte chair sends letter to Facebook’s Mark Zuckerberg seeking answers on alleged manipulation of trending news

ARE YOU FUCKING KIDDING ME WITH THIS? THE SENATE GOING TO WASTE TAX DOLLARS ON THIS WHEN EVERY. SINGLE. NEWS. OUTLET. USES EDITORIAL JUDGMENT TO DECIDE WHAT TO COVER AS NEWS?

Cripes, Gizmodo’s poorly sourced hit piece says,

“…In other words, Facebook’s news section operates like a traditional newsroom, reflecting the biases of its workers and the institutional imperatives of the corporation. …”

Yet the Senate is going to pursue this bullshit story after Gizmodo relied on ONE conservative curator-contractor — and their story actually says an algorithm is used?

Jeebus. Yet the Senate will ignore Sheldon Adelson’s acquisition of the biggest newspaper in Las Vegas in a possible attempt to denigrate local judges?

I can’t with this.

UPDATE — 3:35 P.M. EDT —
The Guardian reports the senator wasting our tax dollars questioning a First Amendment exercise by Facebook is John Thune. Hey! Guess who’s running for re-election as South Dakota’s senior senator? Why it’s John Thune! Nothing like using your political office as a free press-generating tool to augment your campaign. I hope Facebook’s algorithm suppresses this manufactured non-news crap.

Friday Morning: Gypsy Caravan


TIME, you old gipsy man,
Will you not stay,
Put up your caravan
Just for one day?

— excerpt, Time, You Old Gipsy Man by Ralph Hodgson

If last week’s Friday chamber jazz was most like me, this genre is next to it. Gypsy jazz is what my grandfather always hoped I’d learn to play; I learned to love Django Reinhardt with Stephane Grapelli at his knee. This stuff makes a bad day move along briskly, makes heavy hearts light. I don’t mind the added filip some smart ass added to the embedded video of Hot Club of Dublin featured here — seems fitting for the tune’s mood.

Unfortunately I have to be away from my desk this morning on a mission of mercy. If I’m stuck someplace with decent WiFi I will try to share a few things I’ve been reading. Otherwise use this as an open thread and tell me what you’ve got planned this weekend — hope it’s something fun!

Oops, last minute adders:

Facebook gets smacked by court for storing biometric content (Reuters) — I really dislike Facebook. Just thought I’d tack that on.

Athabasca tar sands south of Fort McMurray threatened by fire (CBC Calgary) — something-something karma-something

A few more adders:

Aussie company touting anti-Zika virus condoms and gel – what? (Sydney Melbourne Herald) — Are you kidding me? Just use a damned condom. Think about it: plain old condoms are recommended as protection against viral STDs like HIV.

Maps showing borders India doesn’t like may earn jail time and fines (QZ-India) — Wondering why this issue has bubbled up again, not that the border with Pakistan has ever been resolved to India’s satisfaction.

Carnegie Mellon team turn human skin into touch tech (The Verge) — Um, this was done back seven years ago by MIT, called “Sixth Sense,” and released as open source a year later. Still wondering why that tech wasn’t commercialized.

Monday Morning: Tectonic Shift

Last week after the artist Prince Rogers Nelson died, a segment of the population were mystified by the reaction to his passing. They’d missed impact this artist had had on music which happened concurrent with a paradigm shift in the entertainment industry. Prince rose in sync with music videos in the 1980s when musical artists became more than sound alone.

Music television has since collapsed as anyone who watched MTV and VH-1 since 2000 can tell you. Programming once dedicated to music videos became a mess of unscripted reality programs and oddments, punctuated occasionally by music specials, chasing an audience which increasingly found and consumed music on the internet.

This weekend, though, marked another shift. R&B pop artist Beyoncé released a ‘visual album’ on HBO on Saturday evening entitled ‘Lemonade’. The work was available exclusively through Tidal after its HBO premiere until midnight last night when it was released on Apple iTunes. This is the first music collection released in this manner, using a cable network not previously dedicated to music in tandem with internet streaming and download sales.

I won’t offer any analysis here about the album; you’re not looking if you do not see at least a fraction of the deluge of reaction and think pieces responding to Beyoncé’s latest work. I will say, though, that like Prince’s Purple Rain in 1984, this collection of work will have long-term impact across not only music but the entire entertainment industry.

Let’s launch this week’s roundup…

The Dutch pull a Lavabit-plus
Encrypted communications network Ennetcom was shut down on Friday and its owner arrested. Dutch law enforcement claimed Ennetcom was used by organized crime; its owner is accused of money laundering and illegal weapons possession. The network relied on servers located in Canada, where law enforcement has cooperated with the Netherlands by copying the information on the servers. Unlike the former secure email provider Lavabit in the U.S., it’s not clear there was any advance request for information by way of warrant served on Ennetcom in either the Netherlands or in Canada. Given the mention of illegal weapons, one might wonder if this seizure is related to the recent prosecution of gun smugglers in the UK.

Time for ‘Spring Cleaning’ — get rid of digital dust bunnies
Seems like a surprising source for a nudge on this topic, but the Better Business Bureau is right to encourage cleaning and maintenance. If you read Marcy’s post this morning, you know failing to use adequate passwords and firewalls can be costly. It’s time to go through your electronic devices and make sure you’re using two-factor authentication where possible, freshly reset strong passwords, and on your network equipment as well as your desktop and mobile devices.

Planning for your funeral – on Facebook?
A BBC piece this past week noted that Facebook will eventually have more dead users than live ones. Which brings up an interesting question: how do you want your digital presence handled after you die? Do you have instructions in place? Keep in mind, too, that your social media could be mined to recreate an online personality — your personality. Do you want to live forever in teh toobz?

Investigation into Flint’s water crisis continues
A Michigan legislative panel appointed by Governor Rick Snyder will hear from more state and local officials today in its fifth such meeting to investigate the Flint water crisis. Snyder is conveniently out of the country trying to drum up business in Europe — and conveniently not drinking Flint’s water.

Odds and sods

  • Waiting for word on Yahoo’s final bidders list (Bloomberg) — No word yet on who will remain among the 10 first-round bidders offering between $4-$8 billion.
  • German regulators won’t approve recall and fix of VW’s 2.0-liter diesel-powered Passat (Bloomberg) — And yet the U.S. is going forward with VW’s proposed fix for 2.0l vehicles? Odd, given Germany’s less-stringent approach to automotive emissions compared to U.S. and California in particular.
  • A UK-based inquiry found widespread emissions controls failure (Phys.org) — By widespread, I mean “not a single car among the 37 models involved in the study met an EU lab limit for nitrogen oxide emissions under normal driving conditions.” VW’s emissions controls defeat was just the tip of the iceberg.

There’s your Monday. Have at it!

UPDATE — 5:25 P.M. EDT — Oops, the auto-publish feature failed me today. I wasn’t able to come back and check the egg timer on this post and it got stuck in the queue. Oh well, better luck tomorrow morning!

Wednesday Morning: A Whiter Shade

She said, ‘There is no reason
and the truth is plain to see.’
But I wandered through my playing cards
and would not let her be

— excerpt, Whiter Shade of Pale by Procol Harum
cover here by Annie Lennox

I’ve been on an Annie Lennox jag, sorry. I’m indulging myself here at the intersection of a favorite song which fit today’s theme and a favorite performer. Some of you will take me to task for not using the original version by Procol Harum, or another cover like Eric Clapton’s. Knock yourselves out; it’s Lennox for me.

Speaking of a whiter shade and truth…

FBI used a ‘gray hat’ to crack the San Bernardino shooter’s phone
Last evening after regular business hours WaPo published a story which made damned sure we knew:

1) The FBI waded into a fuzzy zone to hack the phone — oh, not hiring a ‘black hat’, mind you, but a whiter-shade ‘gray hat’ hacker;
2) Cellebrite wasn’t that ‘gray hat’;
3) The third-party resource was referred to as ‘professional hackers’ or ‘researchers who sell flaws’;
4) FBI paid a ‘one-time fee’ for this hack — which sounds like, “Honest, we only did it once! How could we be pregnant?!
5) A ‘previously unknown software flaw’ was employed after the third-party pointed to it.

This reporting only generated more questions:

• Why the careful wording, ‘previously unknown software flaw’ as opposed to zero-day vulnerability, which has become a term of art?
• How was the determination made that the party was not black or white but gray, and not just a ‘professional hacker who sold knowledges about a flaw they used’? Or was the explanation provided just stenography?
• However did Cellebrite end up named in the media anyhow if they weren’t the source of the resolution?
• What assurances were received in addition to the assist for that ‘one-time fee’?
• Why weren’t known security experts consulted?
• Why did the FBI say it had exhausted all resources to crack the San Bernardino shooter’s phone?
• Why did FBI director Jim Comey say “we just haven’t decided yet” to tell Apple about this unlocking method at all if ‘persons familiar with the matter’ were going to blab to WaPo about their sketchy not-black-or-white-hat approach instead?

That’s just for starters. Marcy’s gone over this latest story, too, be sure to read.

Volkswagen execs get a haircut
Panic among employees and state of Lower Saxony over VW’s losses and anticipated payouts as a result of Dieselgate impelled executives to share the pain and cut their bonuses. Germany’s Lower Saxony is the largest state/municipal shareholder in VW, but it’s doubly exposed to VW financial risks as nearly one in ten Germans are employed in the automotive industry, and VW is the largest single German automotive company. The cuts to bonuses will be retroactive, affecting payouts based on last year’s business performance.

Fuzzy dust bunnies

  • Verizon workers on strike (Boston Globe) — Until minimum wage is raised across the country and offshoring jobs stops, we’ll probably see more labor actions like this. Should be a warning to corporations with quarter-after-quarter profits and offshore tax shelters to watch themselves — they can afford to pay their workers.
  • Facebook deploys bots across its services (Computerworld) — But, but AI is years away, said Microsoft research…meanwhile, you just know Amazon’s Alexa is already looking to hookup with Facebook’s chatbot.
  • Google’s charitable arm ponied up $20M cash for disabled users’ technology improvements (Google.org) — IMO, this was a great move for an underserved population.
  • Judge’s rejects Obama administration blow-off of apex predator wolverines (HGN) — Wolverines, a necessary part of health northern and mountain ecosystems, need cold weather to survive. Montana’s U.S. District Court ruled the administration had not done enough to protect biodiversity including the wolverine. Crazy part of this entire situation is that the feds don’t believe the wolverine warrants Endangered Species Act (ESA) protection and that they can’t tell what effects climate change has on this species, but the species is seen rarely to know. Hello? A rarely-seen species means the numbers are so low they are at risk of extinction — isn’t that what the ESA is supposed to define and prevent?

UPDATE — 12:10 PM EDT —
From @cintagliata via Twitter:

Back in 1971, researchers observed Zika virus replicating in neurons and glia. (in mice) http://bit.ly/1XvsD4d

I’m done with the pesticides-as-causal theory. It may be a secondary exacerbating factor, but not likely primary. In short, we’ve had information about Zika’s destructive effects on the brain and nervous system for 45 years. It’s past time for adequate funding to address prevention, treatments, control of its spread.

It’s all down the hump from here, kids. See you tomorrow morning!

Wednesday Morning: All the Range from Sublime to Silly

We start with the sublime, welcoming astronaut Scott Kelly back to earth after nearly a year in space — 340 days all told. Wouldn’t you like to know how these first hours and days will feel to Kelly as he regains his earth legs?

And then we have the silly…

Apple’s General Counsel Sewell and FBI Director Comey appeared before House Judiciary Committee
You’d think a Congressional hearing about FBI’s demand to crack open Apple iPhone would be far from silly, but yesterday’s hearing on Apple iPhone encryption…Jim Comey likened the iPhone 5C’s passcode protection to “a guard dog,” told Apple its business model wasn’t public safety, fretted about “warrant-proof spaces” and indulged in a thought exercise by wondering what would happen if Apple engineers were kidnapped and forced to write code.

What. The. Feck.

I think I’ll read about this hearing in French news outlets as it somehow sounds more rational: iPhone verrouillé: le patron du FBI sur le gril face au Congrès américain (iPhone locked: FBI boss grilled by US Congress – Le Monde). Other kickers in Comey’s testimony: an admission that a “mistake was made” (oh, the tell-tale passive voice here) in handling the San Bernardino shooter’s phone, the implication that the NSA couldn’t (wouldn’t?) backdoor the iPhone in question, and that obtaining the code demanded from Apple would set precedent applicable to other cases.

Predictably, Apple’s Bruce Sewell explained that “Building that software tool would not affect just one iPhone. It would weaken the security for all of them.” In other words, FBI’s demand that Apple writes new code to crack the iPhone 5C’s locking mechanism is a direct threat to Apple’s business model, based on secure electronic devices.

Catch the video of the entire hearing on C-SPAN.

Facebook’s Latin American VP arrested after resisting release of WhatsApp data
Here’s another legal precedent, set in another country, where a government made incorrect assumptions about technology. Brazilian law enforcement and courts believed WhatsApp stored data it maintains it doesn’t have, forcing the issue by arresting a Facebook executive though WhatsApp is a separate legal entity in Brazil. Imagine what could happen in Brazil if law enforcement wanted an Apple iPhone 5C unlocked. The executive will be released today, according to recent reports. The underlying case involved the use of WhatsApp messaging by drug traffickers.

USAO-EDNY subpoenaed Citigroup in FIFA bribery, corruption and money laundering allegations
In a financial filing, Citigroup advised it had been subpoenaed by the U.S. Attorney’s office. HSBC advised last week it had been contacted by U.S. law enforcement about its role. No word yet as to whether JPMorgan Chase and Bank of America have been likewise subpoenaed though they were used by FIFA officials. Amazing. We might see banksters perp-walked over a fútbol scandal before we see any prosecuted for events leading to the 2008 financial crisis.

Quick hits

I’m out of here, need to dig out after another winter storm dumped nearly a foot of the fluffy stuff yesterday. I’m open to volunteers, but I don’t expect many snow shovel-armed takers.

Friday Morning: Afro-Cuban Coffee

I should just dedicate Fridays to different genres of jazz. Today feels like a good day for Afro-Cuban jazz.

This chap, Francisco Raúl Gutiérrez Grillo, who performed under the name Machito with his Afro-Cubans, was an incredibly important innovator shaping Afro-Cuban jazz as well as modern American music. He was important to race in the music industry as well, as his Afro-Cubans may have been the first multi-racial band.

I’m brewing some Café Bustelo before I bust out my dancing shoes. ¡Vamonos!

Judge applies ‘Parkinson’s Law’ to VW emissions cheat case
You know the adage, “work expands so as to fill the time available for its completion”? U.S. District Court Judge Charles Breyer gave Volkswagen 30 days to come up with a fix* for all the emissions standards cheating passenger diesel engine cars in the class action lawsuits he oversees in San Francisco. Gotta’ love this:

“It’s an ongoing harm that has to be addressed … I’ve found the process is a function of how much time people have available to fill. The story about lawyers is that that if you give them a year to do something, it will take them a year to do something. If you give them 30 days to do something, they’ll do something in 30 days.”

As time passes, vehicle owners are increasingly damaged as no one wants to buy their cars and their investment is lost. Hence the aggressive time limit.

* Caution: that link to SFGate may autoplay video and ad content. Really, SFGate? That’s such hideously bad form.

Rough road ahead in Saudi Arabia to a post-oil world
This piece in WaPo paints a grim picture of cheap oil’s impact on Saudi Arabia — and there are huge pieces missing. Worth a read while asking yourself how much Saudis are spending on military efforts against Yemen and Syria, and what new industries they’re investing in to replace oil-based employment.

Took long enough: Software and social media firms get Apple’s back
Did their legal departments finally read the case thoroughly and realize they had skin in this game, too? Who knows — but Google as well as Microsoft are planning to file amicus briefs in support of Apple. Microsoft had already indicated they would support Apple in a congressional hearing yesterday morning; Google piped up later. The latest skinny is that Facebook and Twitter both intend to file briefs as well in favor of Apple. Looks like Microsoft’s current management took an 180-degree turn away from progenitor Bill Gates’ initial response, hmm?

Hit and run

That’s a wrap on this week. Keep your eyes peeled for news dumps while folks are still picking apart last night’s GOP-cast reality TV show. And make time to dance.

EDIT — 8:40 AM — Ugh, why didn’t the Detroit News publish this piece *yesterday* instead of a Friday morning? Michigan’s Gov. Snyder’s “inner circle” exchanged emails advising a switchback from Flint River a year before the switchback took place, and only three weeks before Snyder’s re-election. There was enough content in this to go to press without waiting for a quote from one of the former advisers.

Thursday Morning: Snowed In (Get It?)

Yes, it’s a weak information security joke, but it’s all I have after shoveling out.

Michigan’s winter storm expanded and shifted last night; Marcy more than caught up on her share of snow in her neck of the woods after all.

Fortunately nothing momentous in the news except for the weather…

Carmaker Nissan’s LEAF online service w-i-d-e open to hackers
Nissan shut down its Carwings app service, which controls LEAF model’s climate control systems. Carwings allows vehicle owners to check information about their cars on a remote basis. Some LEAF owners conducted a personal audit and hacked themselves, discovering their cars were vulnerable to hacking by nearly anyone else. Hackers need only the VIN as userid and no other authentication to access the vehicle’s Carwings account. You’d think by now all automakers would have instituted two-factor authentication at a minimum on any online service.

Researcher says hardware hack of iPhone may be possible
With “considerable financial resources and acumen,” a hardware-based attack may work against iPhone’s passcode security. The researcher noted such an attempt would be very risky and could destroy any information sought in the phone. Tracing power usage could also offer another opportunity at cracking an iPhone’s passcode, but the know-how is very limited in the industry. This bit from the article is rather interesting:

IOActive’s Zonenberg, meanwhile, told Threatpost that an invasive hardware attack hack is likely also in the National Security Agency’s arsenal; the NSA has been absent from discussions since this story broke last week.

“It’s been known they have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware,” he said. “How advanced they were, I cannot begin to guess.”

The NSA has been awfully quiet about the San Bernardino shooter’s phone, haven’t they?

‘Dust Storm’: Years-long cyber attacks focused on intel gathering from Japanese energy industry
“[U]sing dynamic DNS domains and customized backdoors,” a nebulous group has focused for five years on collecting information from energy-related entities in Japan. The attacks were not limited to Japan, but attacks outside Japan by this same group led back in some way to Japanese hydrocarbon and electricity generation and distribution. ‘Dust Storm’ approaches have evolved over time, from zero-day exploits to spearfishing, and Android trojans. There’s something about this collected, focused campaign which sounds familiar — rather like the attackers who hacked Sony Pictures? And backdoors…what is it about backdoors?

ISIS threatens Facebook’s Zuckerberg and Twitter’s Dorsey
Which geniuses in U.S. government both worked on Mark Zuckerberg and Jack Dorsey about cutting off ISIS-related accounts AND encouraged revelation about this effort? Somebody has a poor grasp on opsec, or puts a higher value on propaganda than opsec.

Wonder if the same geniuses were behind this widely-reported meeting last week between Secretary of State John Kerry and Hollywood executives. Brilliant.

Case 98476302, Don’t text while walking
So many people claimed to have bumped their heads on a large statue while texting that the statue was moved. The stupid, it burns…or bumps, in this case.

House Select Intelligence Committee hearing this morning on National Security World Wide Threats.
Usual cast of characters will appear, including CIA Director John Brennan, FBI Director James Comey, National Counterterrorism Center Director Nicholas Rasmussen, NSA Director Admiral Michael Rogers, and Defense Intelligence Agency Director Lieutenant General Vincent Stewart. Catch it on C-SPAN.

Snow’s supposed to end in a couple hours, need to go nap before I break out the snow shovels again. À plus tard!