Hillary’s Campaign Seeks Hacker Support

When Jake Braun first attempted to organize a fundraising event for the Clinton Campaign at the world’s largest hacking conference, he discovered that he sought support from a very unlikely demographic.

“I think I had maybe a dozen RSVPs,” Mr. Braun told one major news outlet. “And then Trump made his comment about giving Russia a pass to hack our election and our RSVPs hit the roof.”

hillary3Donald Trump made one of his characteristic blunders during a major news conference when, in response to the hacking of Democratic National Committee servers, he called for Russian hackers to “find the 30,000 emails that are missing” from Hillary Clinton’s private email servers.

Trump later backtracked on his comments, saying that he was being “sarcastic” and didn’t mean for his comments to be taken seriously. However, this particular slip up caught the attention of a hacker movement that generally ignores politics.

Black Hat, the major Las Vegas-based hacking convention where Braun hoped to raise money, is a conference for serious cybersecurity professionals. Its timing overlaps with that of Def Con, a hacker conference considered to be somewhat less serious and more “underground.” Both conferences were founded by Jeff Moss, a man known to most hackers as “The Dark Tangent” and respected widely in the hacker community. Moss votes independently, but agreed to speak at the Clinton campaign fundraiser.

“Whoever the next president is they’re going to have big challenges in cybersecurity,” he said during his speech. “Hillary has talked more to these issues than Trump has.”

“If it wasn’t Trump, the two candidates were similar, then this event wouldn’t have happened. Because the candidates are so different, I think that fear of the unknown is what’s driving a lot of this,” he continued.

hillMoss went on to state that Clinton’s efforts to help dissidents in foreign countries gain access to the internet constituted a positive mark on her cyber CV, whereas Trump has not chosen a position (and probably does not understand) internet freedom.

That said, Moss’s speech does not imply that Clinton can rely on hackers’ votes. One fundraiser attendee who chose to remain anonymous told a major media outlet that the election seemed to be a choice between “bad and evil.”

Hackers at Def Con told the same outlet reporter, “You’be got one guy who doesn’t know what he’s talking about. You’ve got one lady who knows what she’s talking about, but then she’s not really on our side.”

And hacker hesitation isn’t the only cyber vulnerability at play during the 2016 US election. In many states in America, electronic voting booths are used for casting ballots. Voters are given smart cards loaded with their details that they can use only once for casting their vote. Security experts have long warned that the system is open to vulnerabilities:

“Some of the biggest concerns are manipulation of the cards used to vote, allowing people to vote multiple times,” warned Symantec employee Kevin Haley. “There’s also the collection of the ballots itself. The ballots sit on the electric voting machines, unencrypted.”

Read More

Consumer Group Calls for Autopilot to be Disabled

Consumer Reports, a non-profit consumer rights group based in the United States, has urged Tesla to disable the automatic steering function on its Autopilot system.

The pressure from Consumer Reports follows two crashes that have occurred recently involving Teslas with the autopilot system activated. According to CR, Tesla overreached in terms of its own abilities with its “aggressive rollout of self-driving technology.”

Tesla has described its autopilot feature as “well-meaning advice,” stating that “We make our decisions on the basis of real-world data.”

tesla ap“Tesla is constantly introducing enhancements proven over millions of miles of internal testing to ensure that drivers supported by Autopilot remain safer than those operating without assistance,” continued Tesla in a statement. “We will continue to develop, validate, and release those enhancements as the technology grows.”

Tesla has compared its Autopilot feature to that used by pilots “when conditions are clear.”

“The driver is still responsible for, and ultimately in control of the car,” Tesla explained. “This is enforced with onboard monitoring and alerts.”

The fatal crash that occurred in Florida last May has brought Tesla’s autopilot under intense scrutiny. The crash happened when Autopilot failed to recognize tractor that entered the path of 40-year-old Joshua Brown’s Model S.

According to Tesla, its autopilot mode failed to detect the trailer because it would not see the white side of the tractor given the backdrop of the brightly lit sky.

The National Highway Traffic Administration is currently investigating that and two other crashes involving Tesla and sent a written request to Tesla asking for information about Autopilot.

“In the long run, advanced active safety technologies in vehicles could make our roads safer,” posited Laura MacCleery, consumer policy vice-president at Consumer Reports.

“But today, we’re deeply concerned that consumers are being sold a pile of promises about unproven technology. Autopilot can’t actually drive the car, yet it allows consumers to have their hands off the steering wheel for minutes at a time. Tesla should disable automatic steering in its cars until it updates the program to verify that the driver’s hands are on the wheel.”

lil ppConsumer Reports published a report on its website in which it accuses Tesla of using confusing marketing to make it seem like Autopilot can handle more responsibility than it should be trusted with.

“These two messages- your vehicle can drive itself, but you may need to take over the controls at a moment’s notice- create potential for driver confusion. It also increases the possibility that drivers using Autopilot may not be engaged enough to react quickly to emergency situations,” CR stated on its website. CR went on to state that Tesla’s autopilot enabled too much autonomy, too soon. 

According to Ms MacCleery, consumers “should never be guinea pigs for vehicle safety ‘beta’ programs.” MacCleery went on to ask that regulators step up their oversight of cars with such autopilot features. “At the same time, regulators urgently need to step up their oversight of cars with these active safety features. NHTSA should insist on expert, independent third-party testing and certification for these featuers, and issue mandatory safety standards to ensure that they operate safely.”

Read More

Uber Plans to ‘Hide’ Surge Pricing

Allegedly hoping to make their app “less complicated,” US-based tech mogul Uber has decided to begin to hide surge pricing notifications from its users.

For those who haven’t used the popular ride sharing app, during busy periods the texi firm’s customers are told that they will be charged ‘surge prices’ that can be 1.7, 2.3, or even 5 times the standard fare. The busiest times tend to be during holidays or major public events.

surgeJim Clark, research director at Econsultancy, believes that hiding the surge price may be a method for Uber to keep customers from being discouraged to use the ride sharing service despite higher prices.

“I’ve been in the situation myself, where I’ve held off using an Uber during a surge,” Clark explained.

“We are sensitive to price- as a nation we do like a bargain and that’s one of the reasons they’ll be making this change.”

According to Uber, the company is moving to a system where riders know the cost of their journey before booking. Currently, factors like traffic can increase the price of a ride. Uber released this upcoming change in a blog post that stated the revision would take place in the US and India, with more cities following suit given that the change is successful.

The hiding of surge price notifications will also come with the removal of an option that tells customers when the surge price drops.

“There’s no complicated math and no surprises- passengers can just sit back and enjoy the ride,” Uber said in a statement. Mr. Clark believes this change will be financially advantageous for the company:

“There is the argument that it becomes quicker and easier to see the price,” he conceded,” But I think that’s an argument only Uber might make rather than anybody else… From a business perspective, it makes sense- it encourages people to use the service.”

“But it’s important to give users the choice of whether to wait- being given all the information is the spirit of the sharing economy,” Clark continued. “At the very least they could give users the option to switch the surge information on or off.”

ubeClark makes a pretty convincing argument- after all, if Uber was truly rolling this change out in an effort to help its customers, the ability to decide whether to simplify the app and have no surge information or keep the surge information and be better informed regarding price would surely please everyone with an opinion on the subject.

In fact, it seems almost like it would be illegal to create a business model in which the customer does not have the option to know the price of the service they sign up for, or at least the rates involved in the service.

That said, if the notifications are removed at the same time that the app is made to tell people how much their ride will cost before they decide whether or not to pay, the issue goes away.

Perhaps it’s simply the middle ground that’s awkward and somewhat exploitative; we’ll have to see how consumers react.

Read More

US Tech Against the World

Today a handful of American Technology companies are being highly scrutinized among the largely isolationist and segregationist of the European and Asian continents. All of the cultural defense you had in the case of a nation like France comes with a handful of American companies who have effectively washed away all your cultural defenses. All of a sudden when just about everything that a French person purchases, watches and consumes to some way or another through these behemoths.

Image result for eu tech privacyThis is what sets the stage for social anxiety among European nations and is on the move against these US invading tech giants. European governments have also been at the forefront of an effort to limit the reach of tech companies and the influence they have over the social discourse within the nation. The European efforts are just a small bit of a coming global freak out over the power of the American tech industry that is going to ensue over the next few years. that rule the lands those companies are trying to invade. Whats happening in Europe is playing out in China, India, and Brazil as well and across much of the rest of the globe if we want to split hairs.

What comes out of this as the result is fragmentation, a term used within the industry but does not make much sense outside of it. To give you some perspective once not very long ago, many people who worked in tech believed that digital technology would bring about the dawn of a new global world order. “My assumption is that this is only the beginning; we’ll be seeing more of these governments make their own demands, and the problem is a fragmentation of the global tech companies, this could be a problem for the America in the 21 century.”

This is a dynamic that may not sound for new to those in the know. Whether it is the result of taxes, privacy, free speech, or security national governments have usually sought to impose rules on transnational corporations. But what is different in regards to the tech take over of the Eurasian continent is the sheer fact that what is being protected against and what is the most influential thing they have in their arsenal is largely intangible. To the degree that it is not something you can simply close your doors or borders to and be rid of. On the the contrary you cannot nit pick what you want and what you don’t out of your internet experience in a lot of ways in this regard and that is what posses such a big pickle for those involved and surrounding the situation.

“What’s happening right now is the nation state is losing its grip; one of the hallmarks of modernity is that you have a nation state that claims they are the exclusive source of a universal legal system that addresses all legal issues. But now people in one jurisdiction are subject to rules that come from outside the government, and often its companies that run these huge networks the are pushing their own rules.”

 

Read More

Brazilian Government-WhatsApp Battle Continues

A Brazilian judge recently ordered that local cellphone carriers block WhatsApp on their networks for a duration of 72 hours, initiating the lockout of over 100 million Brazilian users from the highly popular, Facebook-owned messaging service.

whatsapp2The ban began on Monday afternoon and is allegedly the result of an ongoing dispute between the Brazilian government and WhatsApp regarding the app’s encryption of 100 percent of the messages and pictures sent through its service. The Brazilian government has taken issue with this for months, and speaks chiefly through the orders of Judge Marcel Montalvo.

Clearly, issues balancing government surveillance and consumer privacy are not just an American thing.

Judge Montalvo has ordered that WhatsApp hand over encrypted data multiple times. Most recently, he ordered the turnover of chat records related to a drug investigation. As usual, WhatsApp’s response was to purport that it does not keep any records whatsoever and that it would be impossible to decrypt its own data, even if it did keep records. According to WhatsApp, Judge Montalvo repeatedly orders that the company give over something to which it does not have access in the first place.

As usual, Judge Montalvo and the Brazilian government aren’t buying it, and hope to pressure the company into folding. The first time the Brazilian government temporarily shut out WhatsApp was in December of last year, when Judge Montalvo ordered a 48-hour shut down in response to WhatsApp’s alleged refusal to take down illicit photos of minors. The ban lasted only 12 hours, after a different judge ruled that the initial order was “not reasonable” and “that millions of users [should not] be affected by the inertia of the company.”

It’s worth noting that WhatsApp is a hugely popular service, especially in Brazil, to the extent that major Brazilian telcos have been losing record numbers of subscribers to people who choose to replace their phone lines for WhatsApp and similar services.

whatsapp3The Brazilian government made another move to intimidate WhatsApp into conforming to its will when it arrested Facebook’s Latin America VP Diego Dzoden last March. Facebook went on record stating that the arrest was an “extreme and disproportionate measure” and pointing out yet again that it cannot access end-to-end encrypted data that it purposefully does not keep. Another point worth noting: WhatsApp is simply owned by Facebook; otherwise, it operates as an entirely separate entity from Facebook. Dzoden was in no way a major player in the dispute and was simply unfortunate enough to get caught up in the crossfire.

A judge ultimately agreed with Facebook’s portrayal of the situation, calling the move by the Brazilian government “unlawful coercion” and ordering the release of Dzodan the day following his arrest.

Of the most recent ban, WhatsApp had this much to say: “This decision punishes more than 100 million Brazilians who rely on our service to communicate, run their businesses, and more, in order to force us to turn over information we repeatedly said we don’t have.” Whether the Brazilian government will manage to keep this ban in motion remains to be seen; perhaps another judge will step forward to dispute it.

Read More

The DHS will Share Info with Private Companies

The United States Department of Homeland Security will start to share cyberthreat information with certain private companies in accordance with the Cybersecurity Information Sharing Act.

The DHS plans to collect threat indicators from private companies and share them with other companies. That way, the private sector as a whole can better understand cyber threats and therefore be in a better position to protect itself in our digital age.

CISA removed liability from this information sharing, meaning companies no longer have to risk being sued for sharing information with the government.

CEO of Comilion Kobi Freedman stated, “Taking the liability issue out of the road is a huge step forward.”

cisaThat said, there are still many companies that are hesitant to share information with the government. A recent CIO conference found that over half the executives attending were no more likely to share their companies’ information with the government after CISA being passed.

“There is a lot of concern about the ability of DHS to reshare data with other law enforcement agencies if the data being shared is relevant to a criminal investigation,” explained Freedman. “Potentially, it could expose the initiator of the shared data to be part of an investigation that it didn’t want to be part of.”

However, for the time being, CISA does not give the government the power to force companies to share any information they don’t want to share.

“CISA doesn’t have any disclosure requirements or obligations. It creates a framework for meaningful sharing,” Freedman stated. “The main obstacle to meaningful sharing is trust between the participating parties– the government and the private sector… The private sector has to be confident that the government is not only receiving, but sharing, too.”

Controlling the quality of the threat indicators shared by the government will likely prove another challenge in CISA’s initiative to further protect companies from cyber attacks.

“Sharing threat indicators and not contextual data could become a joke,” speculated Freedman. “Threat indicators have very short life expectancy. By the time that information is shared, it could become irrelevant.”

“The government needs to show it can add value to the existing threat intelligence feeds that are being consumed,” Freedman continued. “There is real skepticism about whether what the government provides the private sector will be meaningful or not.”

Unfortunately for the private sector, keeping hackers out of an organizations’ network has proven to be an increasingly losing battle. Perimeter defenses that were adequately protective two or three years ago are already obsolete, and no matter how cutting-edge and high quality a network’s protection is, there’s always the risk of user error.

cisa3This was proven to be dismally true last week, when the IRS and departments of Justice and Homeland Security lost huge amounts of personal data regarding their employees when a relatively mediocre hacker simply did some snooping and eventually called the department acting like a new employee and requested a password.

“Access controls and passwords work- until someone gets in,” stated Zoltan Gyorko, CEO of BalaBit. “It’s easier to do social engineering than write a zero-day exploit.”

Read More

What Makes Internet Users Unique

The invention of the Internet has manifested itself as a societal force previously untapped by other generations, but what does it hold in store for we gineau pigs?

Some believe that the Internet is in many respects holding back humans from achieving pre-Internet cognitive ability. Oxford neurobiologist Susan Greenfield has made numerous claims about internet use leading to autism and social media use harming children’s brains.

Others dispute Greenfield’s claims and those like it, claiming that they are overwrought pseudo-science meant to cover up a very conservative fear of the new. University College London psychologist Vaughan Bell is among this camp and responded to the question “What is your beef with Susan Greenfield and her science?” with: “Up to date, there is no science to speak of.”

Greenfield has apparently refused to publish her work in a peer-reviewed scientific journal, making it impossible for other scientists to scrutinize.

“Greenfield claims that social networking sites could negatively affect social interaction, interpersonal empathy, and personal identity,” Bell’s criticism begins. “However, the bulk of research does not support this characterization. With regard to social interaction and empathy, adolescents’ use of social networking sites has been found to enhance existing friendships and the quality of relationships, although some individuals benefit more than others. The general finding is that those who use social networks to avoid social difficulties have reduced wellbeing, while use of social networks to deal with social challenges improves outcomes.”

internet brain2The old, it-depends-how-you-use-it standby does seem to hold for the internet and its affect on human health and the human mind.

Other criticisms of internet brain include that search engines have made it so that people no longer have to memorize facts, making their memory abilities slowly weaken through lack of use.

Bell and his team don’t buy that one either, claiming that “this effect applies to many situations and is not restricted to the use of technology; for instance, people who work in teams.”

Bell ascribes Greenfield’s position as one that has been historically taken in reaction to new technology. He compares her fear of the effect of technology to the fear of Conrad Gessner, a 16th century writer that was concerned that the printing press’s mass distribution of books would end up harming the mind.

Both teams do concede that more information must be done before we can come to any conclusions:

social media“We need to recognize that the use of the internet and digital technology has cognitive and social benefits and to balance these against any risks,” Bell and his colleagues wrote in their paper.

Unfortunately we likely won’t know the true benefits and adverse effects of the internet until that data is collected, and, perhaps even more frighteningly, that data is being made right now. Children are are exposed to more screen time than ever, and millennials and older generations seem to have accepted that their job will likely involve looking at a computer screen all day. What happens to our bodies and minds as a result is yet to be seen.

Read More

U.S. GOA Rules EPA Used Social Media to Spread Propaganda

Despite the prevalence of advertisement in social media (the ability to advertise on social media is basically why social media exists), the Environmental Protection Agency was recently found in violation of federal law for using social media to raise support for a potential law regarding protecting streams and surface waters.

EPAA decades-old battle has always raged between internet users’ right to free speech and the rights of victims of libel, slander, and other forms of public shaming. Around 2000, U.S. courts accepted “cybersmear” as an offense worthy of claiming reparations. In the case, cybersmear was considered to be any disparaging statement in which there couldn’t be found a single grain of truth, not even in the realm of opinion.

For example, if someone posted on Twitter than a politician was incompetent, that would be seen as free speech. If someone posted that a politician was a convicted felon and that weren’t true, the statement would be considered unprotected.

One would think that Trump’s allegations regarding Obama’s and Ted Cruz’s citizenship would be considered some form of cybersmear considering this definition, but perhaps pointing this out hasn’t been seen as politically fruitful.

So here’s where the EPA Comes in: Just one month ago, EPA spokesperson Liz Purchia wrote and posted a blog on the EPA website defending the agency’s use of GSA-approved Thunderclap social media platform. She claimed the EPA used the platform “to get the word out about our historic Clean Water Rule: a law to better protect the streams and wetlands that are the foundation of our nation’s water resources.”

The page on Thunderclap apparently included the EPA logo and a byline stating: “Clean Water is important to me. I support EPA’s efforts to protect it for me health, my family, and my community.”

The page was “linked to an EPA website with information about the rule. We shared this page with all of our stakeholders- no matter what sector, geographic location, or perspective- with the goal of catalyzing our public engagement process, and getting people excited about the importance of clean water,” explained Purchia.

GOAThe Government Accountability Office (GAO), a Republican-led investigative arm of Congress, took issue with the Thunderclap post around this time last year. The agency had been requested to investigate the EPA’s use of social media (Thunderclap in particular) by the Senate Environment and Public Works Committee. The Committee’s chairman, Sen. James M Inhofe of Oklahoma, requested that the GAO tailor its inquiry to examine “whether EPA’s activities constituted prohibited covert propaganda or publicity.”

Upon GAO’s submittal of its subsequent 26-page report, Inhofe had this to say:

“GAO’s finding confirms what I have long suspected, that the EPA will go to extreme lengths and even violate the law to promote its activist environmental agenda… We conclude that the EPA’s use of Thunderclap constitutes covert propaganda, in violation of the publicity or propaganda prohibition… We conclude that the EPA violated the anti-lobbying provisions contained in appropriations acts for FY 2015 when it obligated and expended funds in connection with establishing the hyperlinks to the webpages for environmental action groups.”

“Because EPA obligated and expended appropriated funds in violation of specific prohibitions, we also conclude that EPA violated the Antideficiency Act, 31 U.S.C. § 1341(a)(1)(A), as the agency’s appropriations were not available for these prohibited purposes.”

The issue seems to be more political than legal in nature, but one can assume that these issues are likely to bring about some kind of change in how government agencies spread the word about their causes in this social media age; either it will be officially unbridled, or agencies will have to real it in.

Read More