Group items matching

in title, tags, annotations or url

A once-robust alliance of federal agencies, tech companies, election officials and researchers that worked together to thwart foreign propaganda and disinformation has fragmented after years of sustained Republican attacks.The GOP offensive started during the 2020 election as public critiques and has since escalated into lawsuits, governmental inquiries and public relations campaigns that have succeeded in stopping almost all coordination between the government and social media platforms.The most recent setback came when the FBI put an indefinite hold on most briefings to social media companies about Russian, Iranian and Chinese influence campaigns. Employees at two U.S. tech companies who used to receive regular briefings from the FBI’s Foreign Influence Task Force told NBC News that it has been months since the bureau reached out. In a testimony last week to the Senate Homeland Security Committee, FBI Director Christopher Wray signaled a significant pullback in communications with tech companies and tied the move to rulings by a conservative federal judge and appeals court that said some government agencies and officials should be restricted from communicating and meeting with social media companies to moderate content. The case is now on hold pending Supreme Court review.“We’re having some interaction with social media companies,” Wray said. “But all of those interactions have changed fundamentally in the wake of the court rulings.”

Three states and the District of Columbia allege that the tech giant misled consumers by continuing to track those who had changed their privacy settings to prevent data collection.

Google is also fighting an antitrust lawsuit led by Texas in which states have accused the company of obtaining and abusing a monopoly over the systems that allow publishers to auction off ad space to marketers. On Friday, Google asked a federal court to dismiss the lawsuit.The lawsuits add to a mounting offensive by regulators to curtail the power and business practices of Silicon Valley giants like Google, Facebook, Amazon and Apple. State and federal regulators have filed dozens of antitrust, consumer protection, privacy and trade lawsuits in an attempt to curb the business models or break up the companies. A Senate committee last week advanced potentially landmark antitrust legislation that tries to weaken the dominance of the internet giants.

The Senate Judiciary Committee is set to deliberate on the American Innovation and Choice Online Act, which some experts consider to have the most realistic chance of becoming law out of broad slate of reforms, while creating major change in the industry. The Committee schedule also lists a markup of the Open App Markets Act, another bipartisan competition bill.Both bills would prevent certain dominant tech platforms from favoring their own products or services over others that rely on their marketplaces to do business. But the Open App Markets Act’s impact would primarily be limited to those that run app stores, like Apple and Google, while the American Innovation and Choice Online Act would be more expansive, potentially preventing a company like Amazon from giving its own private label products a better ranking in its search than a third-party competitor.Apple and Google could similarly be barred from unfairly ranking their own apps above competitors’ in their mobile app stores, and for Google, the same principle would apply to its general search engine as well

French privacy watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), has hit Google with a 150 million euro fine and Facebook with a 60 million euro fine, because their websites—google.fr, youtube.com, and facebook.com—don’t make refusing cookies as easy as accepting them. The CNIL carried out an online investigation after receiving complaints from users about the way cookies were handled on these sites. It found that while the sites offered buttons for allowing immediate acceptance of cookies, the sites didn’t implement an equivalent solution to let users refuse them. Several clicks were required to refuse all cookies, against a single one to accept them. In addition to the fines, the companies have been given three months to provide Internet users in France with a way to refuse cookies that’s as simple as accepting them. If they don’t, the companies will have to pay a penalty of 100,000 euros for each day they delay.

EU data protection regulators’ powers have increased significantly since the General Data Protection Regulation (GDPR) took effect in May 2018. This EU law allows watchdogs to levy penalties of as much as 4% of a company’s annual global sales. The restricted committee, the body in charge of sanctions, considered that the process regarding cookies affects the freedom of consent of Internet users and constitutes an infringement of the French Data Protection Act, which demands that it should be as easy to refuse cookies as to accept them. Since March 31, 2021, when the deadline set for websites and mobile applications to comply with the new rules on cookies expired, the CNIL has adopted nearly 100 corrective measures (orders and sanctions) related to non-compliance with the legislation on cookies.

As the DoJ and FTC pursue civil antitrust litigation against some of America's largest tech firms, a House Committee has approved legislation to curb the market dominance of many of these same firms, including Google-owner Alphabet and Facebook. However, according to a report from WSJ, the tech firms targeted by the legislation are ramping up their lobbying efforts, precipitating a pitched battle over the legislation in the Senate.At the core of the six-bill raft of legislation is a measure to bar big tech firms from favoring their own products on their platforms. It was approved by the House Committee early Thursday by a vote of 24 to 20.The NYT reported that Apple and other tech giants engaged in aggressive lobbying against the six-bill package, with Apple CEO Tim Cook going so far as to call Speaker Nancy Pelosi and other top lawmakers to warn them against supporting the legislation. Per the NYT, the calls from Cook were "part of a forceful and wide-ranging pushback by the tech industry since the proposals were announced this month. Executives, lobbyists, and more than a dozen think tanks and advocacy groups paid by tech companies have swarmed Capitol offices, called and emailed lawmakers and their staff members, and written letters arguing there will be dire consequences for the industry and the country if the ideas become law."

Mirroring the outcome of several EU anti-trust investigations, the legislation, known as the "American Choice and Innovation Online Act," the legislation would prohibit the owners of big platforms (like Amazon's online marketplace) from creating disadvantages for goods and services provided by competitors.

The Justice Department accused Google on Tuesday of illegally protecting its monopoly over search and search advertising, the government’s most significant challenge to a tech company’s market power in a generation and one that could reshape the way consumers use the internet.In a much-anticipated lawsuit, the agency accused Google of locking up deals with giant partners like Apple and throttling competition through exclusive business contracts and agreements.Google’s deals with Apple, mobile carriers and other handset makers to make its search engine the default option for users accounted for most of its dominant market share in search, the agency said, a figure that it put at around 80 percent.“For many years,” the agency said in its 57-page complaint, “Google has used anticompetitive tactics to maintain and extend its monopolies in the markets for general search services, search advertising and general search text advertising — the cornerstones of its empire.”The lawsuit, which may stretch on for years, could set off a cascade of other antitrust lawsuits from state attorneys general. About four dozen states and jurisdictions, including New York and Texas, have conducted parallel investigations and some of them are expected to bring separate complaints against the company’s grip on technology for online advertising. Eleven state attorneys general, all Republicans, signed on to support the federal lawsuit.

The Justice Department did not immediately put forward remedies, such as selling off parts of the company or unwinding business contracts, in the lawsuit. Such actions are typically pursued in later stages of a case.Ryan Shores, an associate deputy attorney general, said “nothing is off the table” in terms of remedies.

Democratic lawmakers on the House Judiciary Committee released a sprawling report on the tech giants two weeks ago, also accusing Google of controlling a monopoly over online search and the ads that come up when users enter a query.

While there is considerable telecom hubris regarding the 5G rollout and increasing speculation that the next generation of wireless is not yet ready for Prime Time, the industry continues to make promises to Rural America that it has no intention of fulfilling. Decades-long promises to deliver digital Utopia to rural America by T-Mobile, Verizon and AT&T have never materialized.  

In 2017, the USDA reported that 29% of American farms had no internet access. The FCC says that 14 million rural Americans and 1.2 million Americans living on tribal lands do not have 4G LTE on their phones, and that 30 million rural residents do not have broadband service compared to 2% of urban residents.  It’s beginning to sound like a Third World country. Despite an FCC $4.5 billion annual subsidy to carriers to provide broadband service in rural areas, the FCC reports that ‘over 24 million Americans do not have access to high-speed internet service, the bulk of them in rural area”while a  Microsoft Study found that  “162 million people across the US do not have internet service at broadband speeds.” At the same time, only three cable companies have access to 70% of the market in a sweetheart deal to hike rates as they avoid competition and the FCC looks the other way.  The FCC believes that it would cost $40 billion to bring broadband access to 98% of the country with expansion in rural America even more expensive.  While the FCC has pledged a $2 billion, ten year plan to identify rural wireless locations, only 4 million rural American businesses and homes will be targeted, a mere drop in the bucket. Which brings us to rural mapping: Since the advent of the digital age, there have been no accurate maps identifying where broadband service is available in rural America and where it is not available.  The FCC has a long history of promulgating unreliable and unverified carrier-provided numbers as the Commission has repeatedly ‘bungled efforts to produce accurate broadband maps” that would have facilitated rural coverage. During the Senate Commerce Committee hearing on April 10th regarding broadband mapping, critical testimony questioned whether the FCC and/or the telecom industry have either the commitment or the proficiency to provide 5G to rural America.  Members of the Committee shared concerns that 5G might put rural America further behind the curve so as to never catch up with the rest of the country

The request is one of the first responses from the U.S. Congress to the disclosure earlier this month by security researchers of the two major flaws, which may allow hackers to steal passwords or encryption keys on most types of computers, phones and cloud-based servers. McNerney, a member of the House Energy and Commerce Committee, asked the companies to explain the scope of Spectre and Meltdown, their timeframe for understanding the vulnerabilities, how consumers are affected and whether the flaws have been exploited, among other questions.

India is the world’s largest democracy and is home to 13.5 percent of the world’s internet users. So the Indian Supreme Court’s August ruling that privacy is a fundamental, constitutional right for all of the country’s 1.32 billion citizens was momentous. But now, close to three months later, it’s still unclear exactly how the decision will be implemented. Will it change everything for internet users? Or will the status quo remain? The most immediate consequence of the ruling is that tech companies such as Facebook, Twitter, Google, and Alibaba will be required to rein in their collection, utilization, and sharing of Indian user data. But the changes could go well beyond technology. If implemented properly, the decision could affect national politics, business, free speech, and society. It could encourage the country to continue to make large strides toward increased corporate and governmental transparency, stronger consumer confidence, and the establishment and growth of the Indian “individual” as opposed to the Indian collective identity. But that’s a pretty big if. Advertisement The privacy debate in India was in many ways sparked by a controversy that has shaken up the landscape of national politics for several months. It began in 2016 as a debate around a social security program that requires participating citizens to obtain biometric, or Aadhaar, cards. Each card has a unique 12-digit number and records an individual’s fingerprints and irises in order to confirm his or her identity. The program was devised to increase the ease with which citizens could receive social benefits and avoid instances of fraud. Over time, Aadhaar cards have become mandatory for integral tasks such as opening bank accounts, buying and selling property, and filing tax returns, much to the chagrin of citizens who are uncomfortable about handing over their personal data. Before the ruling, India had weak privacy protections in place, enabling unchecked data collection on citizens by private companies and the government. Over the past year, a number of large-scale data leaks and breaches that have impacted major Indian corporations, as well as the Aadhaar program itself, have prompted users to start asking questions about the security and uses of their personal data.

n order to bolster the ruling the government will also be introducing a set of data protection laws that are to be developed by a committee led by retired Supreme Court judge B.N. Srikrishna. The committee will study the data protection landscape, develop a draft Data Protection Bill, and identify how, and whether, the Aadhaar Act should be amended based on the privacy ruling.

Should the data protection laws be implemented in an enforceable manner, the ruling will significantly impact the business landscape in India. Since the election of Prime Minister Narendra Modi in May 2014, the government has made fostering and expanding the technology and startup sector a top priority. The startup scene has grown, giving rise to several promising e-commerce companies, but in 2014, only 12 percent of India’s internet users were online consumers. If the new data protection laws are truly impactful, companies will have to accept responsibility for collecting, utilizing, and protecting user data safely and fairly. Users would also have a stronger form of redress when their newly recognized rights are violated, which could transform how they engage with technology. This has the potential to not only increase consumer confidence but revitalize the Indian business sector, as it makes it more amenable and friendly to outside investors, users, and collaborators.

When you pay for federally funded research, you should be allowed to read it. That’s the idea behind the Fair Access to Science and Technology Research Act (S.1701, H.R.3427), which was recently reintroduced in both houses of Congress. FASTR was first introduced in 2013, and while it has strong support in both parties, it has never gained enough momentum to pass. We need to change that. Let’s tell Congress that passing an open access law should be a top priority.

Tell Congress: It’s time to move FASTR The proposal is pretty simple: Under FASTR, every federal agency that spends more than $100 million on grants for research would be required to adopt an open access policy. The bill gives each agency flexibility to implement an open access policy suited to the work it funds, so long as research is available to the public after an “embargo period” of a year or less. One of the major points of contention around FASTR is how long that embargo period should be. Last year, the Senate Homeland Security and Governmental Affairs Committee approved FASTR unanimously, but only after extending that embargo period from six months to 12, putting FASTR in line with the 2013 White House open access memo. That’s the version that was recently reintroduced in the Senate.  The House bill, by contrast, sets the embargo period at six months. EFF supports a shorter period. Part of what’s important about open access is that it democratizes knowledge: when research is available to the public, you don’t need expensive journal subscriptions or paid access to academic databases in order to read it. A citizen scientist can use and build on the same body of knowledge as someone with institutional connections. But in the fast-moving world of scientific research, 12 months is an eternity. A shorter embargo is far from a radical proposition, especially in 2017. The landscape for academic publishing is very different from what it was when FASTR was first introduced, thanks in larger part to nongovernmental funders who already enforce open access mandates. Major foundations like Ford, Gates, and Hewlett have adopted strong open access policies requiring that research be not only available to the public, but also licensed to allow republishing and reuse by anyone.

Just last year, the Gates Foundation made headlines when it dropped the embargo period from its policy entirely, requiring that research be published openly immediately. After a brief standoff, major publishers began to accommodate Gates’ requirements. As a result, we finally have public confirmation of what we’ve always known: open access mandates don’t put publishers out of business; they push them to modernize their business models. Imagine how a strong open access mandate for government-funded research—with a requirement that that research be licensed openly—could transform publishing. FASTR may not be that law, but it’s a huge step in the right direction, and it’s the best option on the table today. Let’s urge Congress to pass a version of FASTR with an embargo period of six months or less, and then use it as a foundation for stronger open access in the future.

On Sunday’s Face the Nation, Sen. Rand Paul was asked about President Trump’s accusation that President Obama ordered the NSA to wiretap his calls. The Kentucky senator expressed skepticism about the mechanics of Trump’s specific charge, saying: “I doubt that Trump was a target directly of any kind of eavesdropping.” But he then made a broader and more crucial point about how the U.S. government spies on Americans’ communications — a point that is deliberately obscured and concealed by U.S. government defenders. Paul explained how the NSA routinely and deliberately spies on Americans’ communications — listens to their calls and reads their emails — without a judicial warrant of any kind: The way it works is, the FISA court, through Section 702, wiretaps foreigners and then [NSA] listens to Americans. It is a backdoor search of Americans. And because they have so much data, they can tap — type Donald Trump into their vast resources of people they are tapping overseas, and they get all of his phone calls. And so they did this to President Obama. They — 1,227 times eavesdrops on President Obama’s phone calls. Then they mask him. But here is the problem. And General Hayden said this the other day. He said even low-level employees can unmask the caller. That is probably what happened to Flynn. They are not targeting Americans. They are targeting foreigners. But they are doing it purposefully to get to Americans.

Paul’s explanation is absolutely correct. That the NSA is empowered to spy on Americans’ communications without a warrant — in direct contravention of the core Fourth Amendment guarantee that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause” — is the dirty little secret of the U.S. Surveillance State. As I documented at the height of the controversy over the Snowden reporting, top government officials — including President Obama — constantly deceived (and still deceive) the public by falsely telling them that their communications cannot be monitored without a warrant. Responding to the furor created over the first set of Snowden reports about domestic spying, Obama sought to reassure Americans by telling Charlie Rose: “What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause.” The right-wing chairman of the House Intelligence Committee at the time, GOP Rep. Mike Rogers, echoed Obama, telling CNN the NSA “is not listening to Americans’ phone calls. If it did, it is illegal. It is breaking the law.” Those statements are categorically false. A key purpose of the new 2008 FISA law — which then-Senator Obama voted for during the 2008 general election after breaking his primary-race promise to filibuster it — was to legalize the once-controversial Bush/Cheney warrantless eavesdropping program, which the New York Times won a Pulitzer Prize for exposing in 2005. The crux of the Bush/Cheney controversy was that they ordered NSA to listen to Americans’ international telephone calls without warrants — which was illegal at the time — and the 2008 law purported to make that type of domestic warrantless spying legal.

By James Bamford Last summer, cyber investigators plowing through the thousands of leaked emails from the Democratic National Committee uncovered a clue.A user named “Феликс Эдмундович” modified one of the documents using settings in the Russian language. Translated, his name was Felix Edmundovich, a pseudonym referring to Felix Edmundovich Dzerzhinsky, the chief of the Soviet Union’s first secret-police organization, the Cheka.It was one more link in the chain of evidence pointing to Russian President Vladimir Putin as the man ultimately behind the operation.During the Cold War, when Soviet intelligence was headquartered in Dzerzhinsky Square in Moscow, Putin was a KGB officer assigned to the First Chief Directorate. Its responsibilities included “active measures,” a form of political warfare that included media manipulation, propaganda and disinformation. Soviet active measures, retired KGB Major General Oleg Kalugin told Army historian Thomas Boghart, aimed to discredit the United States and “conquer world public opinion.”As the Cold War has turned into the code war, Putin recently unveiled his new, greatly enlarged spy organization: the Ministry of State Security, taking the name from Joseph Stalin’s secret service. Putin also resurrected, according to James Clapper, the U.S. director of national intelligence, some of the KGB’s old active- measures tactics. On October 7, Clapper issued a statement: “The U.S. Intelligence community is confident that the Russian government directed the recent compromises of emails from U.S. persons and institutions, including from U.S. political organizations.” Notably, however, the FBI declined to join the chorus, according to reports by the New York Times and CNBC.A week later, Vice President Joe Biden said on NBC’s Meet the Press that "we're sending a message" to Putin and "it will be at the time of our choosing, and under the circumstances that will have the greatest impact." When asked if the American public would know a message was sent, Biden replied, "Hope not." Meanwhile, the CIA was asked, according to an NBC report on October 14, “to deliver options to the White House for a wide-ranging ‘clandestine’ cyber operation designed to harass and ‘embarrass’ the Kremlin leadership.”But as both sides begin arming their cyberweapons, it is critical for the public to be confident that the evidence is really there, and to understand the potential consequences of a tit-for-tat cyberwar escalating into a real war. 

This is a prospect that has long worried Richard Clarke, the former White House cyber czar under President George W. Bush. “It’s highly likely that any war that began as a cyberwar,” Clarke told me last year, “would ultimately end up being a conventional war, where the United States was engaged with bombers and missiles.”The problem with attempting to draw a straight line from the Kremlin to the Clinton campaign is the number of variables that get in the way. For one, there is little doubt about Russian cyber fingerprints in various U.S. campaign activities. Moscow, like Washington, has long spied on such matters. The United States, for example, inserted malware in the recent Mexican election campaign. The question isn’t whether Russia spied on the U.S. presidential election, it’s whether it released the election emails.Then there’s the role of Guccifer 2.0, the person or persons supplying WikiLeaks and other organizations with many of the pilfered emails. Is this a Russian agent? A free agent? A cybercriminal? A combination, or some other entity? No one knows.There is also the problem of groupthink that led to the war in Iraq. For example, just as the National Security Agency, the Central Intelligence Agency and the rest of the intelligence establishment are convinced Putin is behind the attacks, they also believed it was a slam-dunk that Saddam Hussein had a trove of weapons of mass destruction. Consider as well the speed of the political-hacking investigation, followed by a lack of skepticism, culminating in a rush to judgment. After the Democratic committee discovered the potential hack last spring, it called in the cybersecurity firm CrowdStrike in May to analyze the problem.

CrowdStrike took just a month or so before it conclusively determined that Russia’s FSB, the successor to the KGB, and the Russian military intelligence organization, GRU, were behind it. Most of the other major cybersecurity firms quickly fell in line and agreed. By October, the intelligence community made it unanimous. That speed and certainty contrasts sharply with a previous suspected Russian hack in 2010, when the target was the Nasdaq stock market. According to an extensive investigation by Bloomberg Businessweek in 2014, the NSA and FBI made numerous mistakes over many months that stretched to nearly a year. “After months of work,” the article said, “there were still basic disagreements in different parts of government over who was behind the incident and why.”  There was no consensus­, with just a 70 percent certainty that the hack was a cybercrime. Months later, this determination was revised again: It was just a Russian attempt to spy on the exchange in order to design its own. The federal agents also considered the possibility that the Nasdaq snooping was not connected to the Kremlin. Instead, “someone in the FSB could have been running a for-profit operation on the side, or perhaps sold the malware to a criminal hacking group.” Again, that’s why it’s necessary to better understand the role of Guccifer 2.0 in releasing the Democratic National Committee and Clinton campaign emails before launching any cyberweapons.

The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans. What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”

The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs."  Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted. Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”  David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:

Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs. None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate. Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary committee are left to speculate about just how far-reaching this surveillance is. It's part of the reason why we urged the House Judiciary committee to demand that the Intelligence Community provide the public with a number. 

How much extra will you have to pay for the privilege of being spied on?

UK ISPs have warned MPs that the costs of implementing the Investigatory Powers Bill (aka the Snooper's Charter) will be much greater than the £175 million the UK government has allotted for the task, and that broadband bills will need to rise as a result. Representatives from ISPs and software companies told the House of Commons Science and Technology Committee that the legislation greatly underestimates the "sheer quantity" of data generated by Internet users these days. They also pointed out that distinguishing content from metadata is a far harder task than the government seems to assume. Matthew Hare, the chief executive of ISP Gigaclear, said with "a typical 1 gigabit connection to someone's home, over 50 terabytes of data per year [are] passing over it. If you say that a proportion of that is going to be the communications data—the record of who you communicate with, when you communicate or what you communicate—there would be the most massive and enormous amount of data that in future an access provider would be expected to keep. The indiscriminate collection of mass data across effectively every user of the Internet in this country is going to have a massive cost."

Moreover, the larger the cache of stored data, the more worthwhile it will be for criminals and state-backed actors to gain access and download that highly-revealing personal information for fraud and blackmail. John Shaw, the vice president of product management at British security firm Sophos, told the MPs: "There would be a huge amount of very sensitive personal data that could be used by bad guys.