Group items tagged

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

Chief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges.

Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.

“I felt ethically bound. This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He declined to discuss what happened at Twitter, except to stand by the formal complaint. Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.

“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.

A person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter’s efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Charles E. Grassley (R-Iowa), the top Republican on the Senate Judiciary Committee,

Many government leaders and other trusted voices use Twitter to spread important messages quickly, so a hijacked account could drive panic or violence. In 2013, a captured Associated Press handle falsely tweeted about explosions at the White House, sending the Dow Jones industrial average briefly plunging more than 140 points.

After a teenager managed to hijack the verified accounts of Obama, then-candidate Joe Biden, Musk and others in 2020, Twitter’s chief executive at the time, Jack Dorsey, asked Zatko to join him, saying that he could help the world by fixing Twitter’s security and improving the public conversation, Zatko asserts in the complaint.

In 1998, Zatko had testified to Congress that the internet was so fragile that he and others could take it down with a half-hour of concentrated effort. He later served as the head of cyber grants at the Defense Advanced Research Projects Agency, the Pentagon innovation unit that had backed the internet’s invention.

But at Twitter Zatko encountered problems more widespread than he realized and leadership that didn’t act on his concerns, according to the complaint.

Twitter’s difficulties with weak security stretches back more than a decade before Zatko’s arrival at the company in November 2020. In a pair of 2009 incidents, hackers gained administrative control of the social network, allowing them to reset passwords and access user data. In the first, beginning around January of that year, hackers sent tweets from the accounts of high-profile users, including Fox News and Obama.

Several months later, a hacker was able to guess an employee’s administrative password after gaining access to similar passwords in their personal email account. That hacker was able to reset at least one user’s password and obtain private information about any Twitter user.

Twitter continued to suffer high-profile hacks and security violations, including in 2017, when a contract worker briefly took over Trump’s account, and in the 2020 hack, in which a Florida teen tricked Twitter employees and won access to verified accounts. Twitter then said it put additional safeguards in place.

This year, the Justice Department accused Twitter of asking users for their phone numbers in the name of increased security, then using the numbers for marketing. Twitter agreed to pay a $150 million fine for allegedly breaking the 2011 order, which barred the company from making misrepresentations about the security of personal data.

After Zatko joined the company, he found it had made little progress since the 2011 settlement, the complaint says. The complaint alleges that he was able to reduce the backlog of safety cases, including harassment and threats, from 1 million to 200,000, add staff and push to measure results.

But Zatko saw major gaps in what the company was doing to satisfy its obligations to the FTC, according to the complaint. In Zatko’s interpretation, according to the complaint, the 2011 order required Twitter to implement a Software Development Life Cycle program, a standard process for making sure new code is free of dangerous bugs. The complaint alleges that other employees had been telling the board and the FTC that they were making progress in rolling out that program to Twitter’s systems. But Zatko alleges that he discovered that it had been sent to only a tenth of the company’s projects, and even then treated as optional.

“If all of that is true, I don’t think there’s any doubt that there are order violations,” Vladeck, who is now a Georgetown Law professor, said in an interview. “It is possible that the kinds of problems that Twitter faced eleven years ago are still running through the company.”

The complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company’s data centers could leave it unable to correctly restart its servers. That could have left the service down for months, or even have caused all of its data to be lost. That came close to happening in 2021, when an “impending catastrophic” crisis threatened the platform’s survival before engineers were able to save the day, the complaint says, without providing further details.

One current and one former employee recalled that incident, when failures at two Twitter data centers drove concerns that the service could have collapsed for an extended period. “I wondered if the company would exist in a few days,” one of them said.

The current and former employees also agreed with the complaint’s assertion that past reports to various privacy regulators were “misleading at best.”

For example, they said the company implied that it had destroyed all data on users who asked, but the material had spread so widely inside Twitter’s networks, it was impossible to know for sure

As the head of security, Zatko says he also was in charge of a division that investigated users’ complaints about accounts, which meant that he oversaw the removal of some bots, according to the complaint. Spam bots — computer programs that tweet automatically — have long vexed Twitter. Unlike its social media counterparts, Twitter allows users to program bots to be used on its service: For example, the Twitter account @big_ben_clock is programmed to tweet “Bong Bong Bong” every hour in time with Big Ben in London. Twitter also allows people to create accounts without using their real identities, making it harder for the company to distinguish between authentic, duplicate and automated accounts.

In the complaint, Zatko alleges he could not get a straight answer when he sought what he viewed as an important data point: the prevalence of spam and bots across all of Twitter, not just among monetizable users.

Zatko cites a “sensitive source” who said Twitter was afraid to determine that number because it “would harm the image and valuation of the company.” He says the company’s tools for detecting spam are far less robust than implied in various statements.

“Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.”

The four people familiar with Twitter’s spam and bot efforts said the engineering and integrity teams run software that samples thousands of tweets per day, and 100 accounts are sampled manually.

Some employees charged with executing the fight agreed that they had been short of staff. One said top executives showed “apathy” toward the issue.

Zatko’s complaint likewise depicts leadership dysfunction, starting with the CEO. Dorsey was largely absent during the pandemic, which made it hard for Zatko to get rulings on who should be in charge of what in areas of overlap and easier for rival executives to avoid collaborating, three current and former employees said.

For example, Zatko would encounter disinformation as part of his mandate to handle complaints, according to the complaint. To that end, he commissioned an outside report that found one of the disinformation teams had unfilled positions, yawning language deficiencies, and a lack of technical tools or the engineers to craft them. The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.

Dorsey made little effort to integrate Zatko at the company, according to the three employees as well as two others familiar with the process who spoke on the condition of anonymity to describe sensitive dynamics. In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.

Faced with such inertia, Zatko asserts that he was unable to solve some of the most serious issues, according to the complaint.

Some 30 percent of company laptops blocked automatic software updates carrying security fixes, and thousands of laptops had complete copies of Twitter’s source code, making them a rich target for hackers, it alleges.

A successful hacker takeover of one of those machines would have been able to sabotage the product with relative ease, because the engineers pushed out changes without being forced to test them first in a simulated environment, current and former employees said.

“It’s near-incredible that for something of that scale there would not be a development test environment separate from production and there would not be a more controlled source-code management process,” said Tony Sager, former chief operating officer at the cyberdefense wing of the National Security Agency, the Information Assurance divisio

Sager is currently senior vice president at the nonprofit Center for Internet Security, where he leads a consensus effort to establish best security practices.

Zatko stopped the material from being presented at the Dec. 9, 2021 meeting, the complaint said. But over his continued objections, Agrawal let it go to the board’s smaller Risk Committee a week later.

“A best practice is that you should only be authorized to see and access what you need to do your job, and nothing else,” said former U.S. chief information security officer Gregory Touhill. “If half the company has access to and can make configuration changes to the production environment, that exposes the company and its customers to significant risk.”

The complaint says Dorsey never encouraged anyone to mislead the board about the shortcomings, but that others deliberately left out bad news.

The complaint says that about half of Twitter’s roughly 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked. Three current and former employees agreed that these were issues.

An unnamed executive had prepared a presentation for the new CEO’s first full board meeting, according to the complaint. Zatko’s complaint calls the presentation deeply misleading.

The presentation showed that 92 percent of employee computers had security software installed — without mentioning that those installations determined that a third of the machines were insecure, according to the complaint.

Another graphic implied a downward trend in the number of people with overly broad access, based on the small subset of people who had access to the highest administrative powers, known internally as “God mode.” That number was in the hundreds. But the number of people with broad access to core systems, which Zatko had called out as a big problem after joining, had actually grown slightly and remained in the thousands.

The presentation included only a subset of serious intrusions or other security incidents, from a total Zatko estimated as one per week, and it said that the uncontrolled internal access to core systems was responsible for just 7 percent of incidents, when Zatko calculated the real proportion as 60 percent.

When Dorsey left in November 2021, a difficult situation worsened under Agrawal, who had been responsible for security decisions as chief technology officer before Zatko’s hiring, the complaint says.

Agrawal didn’t respond to requests for comment. In an email to employees after publication of this article, obtained by The Post, he said that privacy and security continues to be a top priority for the company, and he added that the narrative is “riddled with inconsistences” and “presented without important context.”

On Jan. 4, Zatko reported internally that the Risk Committee meeting might have been fraudulent, which triggered an Audit Committee investigation.

Agarwal fired him two weeks later. But Zatko complied with the company’s request to spell out his concerns in writing, even without access to his work email and documents, according to the complaint.

Since Zatko’s departure, Twitter has plunged further into chaos with Musk’s takeover, which the two parties agreed to in May. The stock price has fallen, many employees have quit, and Agrawal has dismissed executives and frozen big projects.

Zatko said he hoped that by bringing new scrutiny and accountability, he could improve the company from the outside.

“I still believe that this is a tremendous platform, and there is huge value and huge risk, and I hope that looking back at this, the world will be a better place, in part because of this.”

that is a conception of objectivity so shallow as to be virtually meaningless, in large part because the two parties so often share highly questionable assumptions and orthodoxies on the most critical issues.

The highly questionable assumptions tacitly embedded in the questions Raddatz asked illustrate how this works, as does the questions she pointedly and predictably did not ask.

the very idea that Iran poses some kind of major "national security" crisis for the US – let alone that there is "really no bigger national security" issue "this country is facing" – is absurd. At the very least, it's highly debatable.The US has Iran virtually encircled militarily. Even with the highly implausible fear-mongering claims earlier this year about Tehran's planned increases in military spending, that nation's total military expenditures is a tiny fraction of what the US spends. Iran has demonstrated no propensity to launch attacks on US soil, has no meaningful capability to do so, and would be instantly damaged, if not (as Hillary Clinton once put it) "totally obliterated" if they tried. Even the Israelis are clear that Iran has not even committed itself to building a nuclear weapon.

That Iran is some major national security issue for the US is a concoction of the bipartisan DC class that always needs a scary foreign enemy. The claim is frequently debunked in multiple venues. But because both political parties embrace this highly ideological claim, Raddatz does, too.

one of the most strictly enforced taboos in establishment journalism is the prohibition on aggressively challenging those views that are shared by the two parties. Doing that makes one fringe, unserious and radical: the opposite of solemn objectivity.

To the extent that she questioned the possibility of attacking Iran, it was purely on the grounds of whether an attack would be tactically effective,

there were no questions about whether the US would have the legal or moral right to launch an aggressive attack on Iran. That the US has the right to attack any country it wants is one of those unexamined assumptions in Washington discourse, probably the supreme orthodoxy of the nation's "foreign policy community".

there was no discussion about the severe suffering imposed on Iranian civilians by the US, whether the US wants to repeat the mass death and starvation it brought to millions of Iraqis for a full decade, or what the consequences of doing that will be.

all of Raddatz's questions were squarely within the extremely narrow – and highly ideological – DC consensus about US foreign policy generally and Iran specifically: namely, Iran is a national security threat to the US; it is trying to obtain nuclear weapons; the US must stop them; the US has the unchallenged right to suffocate Iranian civilians and attack militarily

the same is true of Raddatz's statements and questions about America's entitlement programs.

That social security is "going broke" – a core premise of her question – is, to put it as generously as possible, a claim that is dubious in the extreme. "Factually false" is more apt. This claim lies at the heart of the right-wing and neo-liberal quest to slash entitlement benefits for ordinary Americans – Ryan predictably responded by saying: "Absolutely. Medicare and Social Security are going bankrupt. These are indisputable facts." – but the claim is baseless.

this is the primary demonstrable myth being used by the DC class – which largely does not need entitlements – to deceive ordinary Americans into believing that they must "sacrifice" the pittances on which they are now living:"Which federal program took in more than it spent last year, added $95 billion to its surplus and lifted 20 million Americans of all ages out of poverty?"Why, social security, of course, which ended 2011 with a $2.7 trillion surplus."That surplus is almost twice the $1.4 trillion collected in personal and corporate income taxes last year. And it is projected to go on growing until 2021, the year the youngest Baby Boomers turn 67 and qualify for full old-age benefits."So why all the talk about social security 'going broke?' … The reason is that the people who want to kill social security have for years worked hard to persuade the young that the social security taxes they pay to support today's gray hairs will do nothing for them when their own hair turns gray."That narrative has become the conventional wisdom because it is easily reduced to a headline or sound bite. The facts, which require more nuance and detail, show that, with a few fixes, Social Security can be safe for as long as we want."

Nonetheless, Raddatz announced this assertion as fact. That's because she's long embedded in the DC culture that equates its own ideological desires with neutral facts. As a result, the entire discussion on entitlement programs proceeded within this narrow, highly ideological, dubious framework

That is what this faux journalistic neutrality, whether by design or otherwise, always achieves. It glorifies highly ideological claims that benefit a narrow elite class (the one that happens to own the largest media outlets which employ these journalists) by allowing that ideology to masquerade as journalistic fact

is often noted that the Catholic Church stridently opposes reproductive rights. But it is almost never noted that the Church just as stridently opposes US militarism and its economic policies that continuously promote corporate cronyism over the poor. Too much emphasis on that latter fact might imperil the bipartisan commitment to those policies, and so discussion of religious belief is typically confined to the safer arena of social issues. That the Church has for decades denounced the US government's military aggression and its subservience to the wealthiest is almost always excluded from establishment journalistic circles, even as its steadfast opposition to abortion and gay rights is endlessly touted.

It’s a lesson to remember as we watch the crypto space melt down, with ex-billionaire Sam Bankman-Fried

It’s not like perfidy in crypto was some hidden secret. At the top of the market, back in December 2021, I wrote a piece very explicitly saying that crypto was a set of Ponzi schemes. It went viral, and I got a huge amount of hate mail from crypto types

one of the more bizarre aspects of the crypto meltdown is the deep anger not just at those who perpetrated it, but at those who were trying to stop the scam from going on. For instance, here’s crypto exchange Coinbase CEO Brian Armstrong, who just a year ago was fighting regulators vehemently, blaming the cops for allowing gambling in the casino he helps run.

FTX.com was an offshore exchange not regulated by the SEC. The problem is that the SEC failed to create regulatory clarity here in the US, so many American investors (and 95% of trading activity) went offshore. Punishing US companies for this makes no sense.

many crypto ‘enthusiasts’ watching Gensler discuss regulation with his predecessor “called for their incarceration or worse.”

Cryptocurrencies are securities, and should fit under securities law, which would have imposed rules that would foster a de facto ban of the entire space. But since regulators had not actually treated them as securities for the last ten years, a whole new gray area of fake law had emerged

Almost as soon as he took office, Gensler sought to fix this situation, and treat them as securities. He began investigating important players

But the legal wrangling to just get the courts to treat crypto as a set of speculative instruments regulated under securities law made the law moot

In May of 2022, a year after Gensler began trying to do something about Terra/Luna, Kwon’s scheme blew up. In a comically-too-late-to-matter gesture, an appeals court then said that the SEC had the right to compel information from Kwon’s now-bankrupt scheme. It is absolute lunacy that well-settled law, like the ability for the SEC to investigate those in the securities business, is now being re-litigated.

Securities and Exchange Commission Chair Gary Gensler, who took office in April of 2021 with a deep background in Wall Street, regulatory policy, and crypto, which he had taught at MIT years before joining the SEC. Gensler came in with the goal of implementing the rule of law in the crypto space, which he knew was full of scams and based on unproven technology. Yesterday, on CNBC, he was again confronted with Andrew Ross Sorkin essentially asking, “Why were you going after minor players when this Ponzi scheme was so flagrant?”

it wasn’t just the courts who were an impediment. Gensler wasn’t the only cop on the beat. Other regulators, like those at the Commodities Futures Trading Commission, the Federal Reserve, or the Office of Comptroller of the Currency, not only refused to take action, but actively defended their regulatory turf against an attempt from the SEC to stop the scams.

Behind this was the fist of political power. Everyone saw the incentives the Senate laid down when every single Republican, plus a smattering of Democrats, defeated the nomination of crypto-skeptic Saule Omarova in becoming the powerful bank regulator at the Comptroller of the Currency

Instead of strong figures like Omarova, we had a weakling acting Comptroller Michael Hsu at the OCC, put there by the excessively cautious Treasury Secretary Janet Yellen. Hsu refused to stop bank interactions with crypto or fintech because, as he told Congress in 2021, “These trends cannot be stopped.”

It’s not just these regulators; everyone wanted a piece of the bureaucratic pie. In March of 2022, before it all unraveled, the Biden administration issued an executive order on crypto. In it, Biden said that virtually every single government agency would have a hand in the space.

That’s… insane. If everyone’s in charge, no one is.

And behind all of these fights was the money and political prestige of some most powerful people in Silicon Valley, who were funding a large political fight to write the rules for crypto, with everyone from former Treasury Secretary Larry Summers to former SEC Chair Mary Jo White on the payroll.

(Even now, even after it was all revealed as a Ponzi scheme, Congress is still trying to write rules favorable to the industry. It’s like, guys, stop it. There’s no more bribe money!)

Moreover, the institution Gensler took over was deeply weakened. Since the Reagan administration, wave after wave of political leader at the SEC has gutted the place and dumbed down the enforcers. Courts have tied up the commission in knots, and Congress has defanged it

Under Trump crypto exploded, because his SEC chair Jay Clayton had no real policy on crypto (and then immediately went into the industry after leaving.) The SEC was so dormant that when Gensler came into office, some senior lawyers actually revolted over his attempt to make them do work.

In other words, the regulators were tied up in the courts, they were against an immensely powerful set of venture capitalists who have poured money into Congress and D.C., they had feeble legal levers, and they had to deal with ‘crypto enthusiasts' who thought they should be jailed or harmed for trying to impose basic rules around market manipulation.

The bottom line is, Gensler is just one regulator, up against a lot of massed power, money, and bad institutional habits. And we as a society simply made the choice through our elected leaders to have little meaningful law enforcement in financial markets, which first became blindingly obvious in 2008 during the financial crisis, and then became comical ten years later when a sector whose only real use cases were money laundering

, Ponzi scheming or buying drugs on the internet, managed to rack up enough political power to bring Tony Blair and Bill Clinton to a conference held in a tax haven billed as ‘the future.’

Such trading on information originating outside the company is generally not covered by insider trading regulation.

Insider trading is quite different from market manipulation, disclosure of false or misleading information to the market, or direct expropriation of the corporation’s wealth by insiders.

Regulation of insider trading began in the United States at the turn of the twentieth century, when judges in several states became willing to rescind corporate insiders’ transactions with uninformed shareholders.

One of the earliest (and unsuccessful) federal attempts to regulate insider trading occurred after the 1912–1913 congressional hearings before the Pujo Committee, which concluded that “the scandalous practices of officers and directors in speculating upon inside and advance information as to the action of their corporations may be curtailed if not stopped.”

The Securities Acts of 1933–1934, passed by the U.S. Congress in the aftermath of the stock market crash, though aimed primarily at prohibiting fraud and market manipulation, also targeted insider trading.

As of 2004, at least ninety-three countries, the vast majority of nations that possess organized securities markets, had laws regulating insider trading

Several factors explain the rapid emergence of such regulation, particularly during the last twenty years: namely, the growth of the securities industry worldwide, pressures to make national securities markets look more attractive in the eyes of outside investors, and the pressure the SEC exerted on foreign lawmakers and regulators to increase the effectiveness of domestic enforcement by identifying and punishing offenders and their associates operating outside the United States.

Many researchers argue that trading on inside information is a zero-sum game, benefiting insiders at the expense of outsiders. But most outsiders who bought from or sold to insiders would have traded anyway, and possibly at a worse price (Manne 1970). So, for example, if the insider sells stock because he expects the price to fall, the very act of selling may bring the price down to the buyer.

A controversial case is that of abstaining from trading on the basis of inside information (Fried 2003).

There is little disagreement that insider trading makes securities markets more efficient by moving the current market price closer to the future postdisclosure price. In other words, insiders’ transactions, even if they are anonymous, signal future price trends to others and make the current stock price reflect relevant information sooner.

Accurately priced stocks give valuable signals to investors and ensure more efficient allocation of capital.

The controversial question is whether insider trading is more or less effective than public disclosure.

Insider trading’s advantage is that it introduces individual profit motives, does not directly reveal sensitive intercorporate information, and mitigates the management’s aversion to disclosing negative information (

Probably the most controversial issue in the economic analysis of insider trading is whether it is an efficient way to pay managers for their entrepreneurial services to the corporation. Some researchers believe that insider trading gives managers a monetary incentive to innovate, search for, and produce valuable information, as well as to take risks that increase the firm’s value (Carlton and Fischel 1983; Manne 1966).

Another economic argument for insider trading is that it provides efficient compensation to holders of large blocks of stock

A common contention is that the presence of insider trading decreases public confidence in, and deters many potential investors from, equity markets, making them less liquid (Loss 1970).

Empirical research generally supports skepticism that regulation of insider trading has been effective in either the United States or internationally, as evidenced by the persistent trading profits of insiders, behavior of stock prices around corporate announcements, and relatively infrequent prosecution rates (Bhattacharya and Daouk 2002; Bris 2005).

Despite numerous and extensive debates, economists and legal scholars do not agree on a desirable government policy toward insider trading. On the one hand, absolute information parity is clearly infeasible, and information-based trading generally increases the pricing efficiency of financial markets. Information, after all, is a scarce economic good that is costly to produce or acquire, and its subsequent use and dissemination are difficult to control. On the other hand, insider trading, as opposed to other forms of informed trading, may produce unintended adverse consequences for the functioning of the corporate enterprise, the market-wide system of publicly mandated disclosure, or the market for information.

Full human fingerprints are difficult to falsify, but the finger scanners on phones are so small that they read only partial fingerprints.

“It’s as if you have 30 passwords and the attacker only has to match one,”

“I’m not worried,” he said. “I think it’s still a very convenient way of unlocking a phone. But I’d rather see Apple make me enter the PIN if it’s idle for one hour.”

The bureau’s powers became clear during the Trump administration, which wielded its authority aggressively, though somewhat erratically, using the agency to curb exports of advanced technology goods like semiconductors to the telecommunications company Huawei and other Chinese businesses.

The Biden administration is still carrying out a review of its China policies and has not indicated how it plans to use the bureau’s powers.

“China is the only country with the economic, diplomatic, military, and technological power to seriously challenge the stable and open international system — all the rules, values, and relationships that make the world work the way we want it to,”

That includes how to use the Commerce Department’s powers, including whether to block more exports of American technology, whether to keep or scrap Mr. Trump’s tariffs on foreign metals, and how to set the standards for national security reviews of foreign investments.

They have an overall goal to become the leading country in the world, the wealthiest country in the world and the most powerful country in the world. That’s not going to happen on my watch because the United States are going to continue to grow and expand.”

Congress updated its laws governing export controls, giving the Bureau of Industry and Security more power to determine what kind of emerging technologies cannot be shared with China and other geopolitical rivals.

It’s that these guys have been trained for 30 years to think that exports are good for America and that’s that,” Mr. Scissors said. “So surprise, they don’t want tighter export controls.”

“The sense of urgency in recent years inclined our leadership to make decisions without reference to what industry thought,

the Biden administration is considering candidates to lead the Bureau of Industry and Security.

Mr. Wolf, who was previously assistant secretary at the bureau, issued the sanctions against ZTE. He has consistently argued that restrictions that are unclear and unpredictable can backfire, “harming the very interests they were designed to protect.”

The administration may also be considering less prominent candidates for the bureau’s three Senate-confirmed posts,

Whoever leads the bureau, officials at the National Security Council are likely to play a guiding role, according to people familiar with the deliberations.

Mr. Putin’s decisions since the crisis began reflect instincts, political skills and emotions that have characterized his 14 years as Russia’s paramount leader, including a penchant for secrecy, loyalty and respect, for him and for Russia. They also suggest a deepening frustration with other world leaders that has left him impervious to threats of sanctions or international isolation

Because of Mr. Putin’s centralized authority, Russia’s policies and actions in moments of crisis can appear confused or hesitant until Mr. Putin himself decides on a course of action

Mr. Putin, by his own account at a news conference on Tuesday, warned Mr. Yanukovych not to withdraw the government’s security forces from Kiev, one of the demands of the agreement being negotiated.

By the next day, however, Ukraine’s Parliament had stripped Mr. Yanukovych of his powers, voted to release the opposition leader Yulia V. Tymoshenko from prison and scheduled new presidential elections. Russia’s initial response was muted, but officials have since said that Mr. Putin fumed that the Europeans who had mediated the agreement did nothing to enforce it.

The group, the officials and analysts said, included Sergei B. Ivanov, Mr. Putin’s chief of staff; Nikolai P. Patrushev, the secretary of the security council; and Aleksandr V. Bortnikov, the director of the Federal Security Service. All are veterans of the K.G.B., specifically colleagues of Mr. Putin’s when he served in the organization in Leningrad, now St. Petersburg, during the 1970s and ’80s.

“He has bit by bit winnowed out the people who challenged his worldview,” Mr. Galeotti said.

The deployment of the Russian forces — which the Ukrainian government has said ranged from 6,000 to 15,000 troops — remains a covert operation, the officials and analysts said, to sidestep international law and the need for approval by the United Nations Security Council, something that Mr. Putin and others have repeatedly insisted was necessary for any military operations against another country.

As long ago as 2008, when NATO leaders met in Bucharest to consider whether to invite Ukraine to begin moving toward membership, Mr. Putin bluntly warned that such membership would be unacceptable to Russia, presaging the strategy that appears to be unfolding now.

The ban would only prohibit involvement in what the association defines as national security interrogations, which are those conducted by the American military or intelligence agencies, or by contractors or foreign governments outside traditional domestic criminal law enforcement inside the United States.

Psychologists played crucial roles in the post-9/11 harsh interrogation programs created by the C.I.A. and Pentagon, and their involvement helped the Bush administration claim that the abusive interrogation techniques were legal. The involvement of psychologists in the interrogations enabled the Justice Department to issue secret legal opinions arguing that the interrogations were safe because they were being monitored by health professionals, and thus did not constitute torture.

Even before Friday’s vote, the Hoffman report and its unsparing findings of collusion during the Bush administration had already had a dramatic impact on the A.P.A. Four top association officials, including its chief executive and his deputy, have left the organization since the report was released in July.

By removing the tangible product from the center of commerce, surveillance capitalism upsets the equilibrium. Whenever we use free apps and online services, it’s often said, we become the products, our attention harvested and sold to advertisers

this truism gets it wrong. Surveillance capitalism’s real products, vaporous but immensely valuable, are predictions about our future behavior — what we’ll look at, where we’ll go, what we’ll buy, what opinions we’ll hold — that internet companies derive from our personal data and sell to businesses, political operatives, and other bidders.

Unlike financial derivatives, which they in some ways resemble, these new data derivatives draw their value, parasite-like, from human experience.To the Googles and Facebooks of the world, we are neither the customer nor the product. We are the source of what Silicon Valley technologists call “data exhaust” — the informational byproducts of online activity that become the inputs to prediction algorithms

Another 2015 study, appearing in the Journal of Computer-Mediated Communication, showed that when people hear their phone ring but are unable to answer it, their blood pressure spikes, their pulse quickens, and their problem-solving skills decline.

The smartphone has become a repository of the self, recording and dispensing the words, sounds and images that define what we think, what we experience and who we are. In a 2015 Gallup survey, more than half of iPhone owners said that they couldn’t imagine life without the device.

So what happens to our minds when we allow a single tool such dominion over our perception and cognition?

Not only do our phones shape our thoughts in deep and complicated ways, but the effects persist even when we aren’t using the devices. As the brain grows dependent on the technology, the research suggests, the intellect weakens.

he has seen mounting evidence that using a smartphone, or even hearing one ring or vibrate, produces a welter of distractions that makes it harder to concentrate on a difficult problem or job. The division of attention impedes reasoning and performance.

internet companies operate in what Zuboff terms “extreme structural independence from people.” When databases displace goods as the engine of the economy, our own interests, as consumers but also as citizens, cease to be part of the negotiation. We are no longer one of the forces guiding the market’s invisible hand. We are the objects of surveillance and control.

Social skills and relationships seem to suffer as well.

In both tests, the subjects whose phones were in view posted the worst scores, while those who left their phones in a different room did the best. The students who kept their phones in their pockets or bags came out in the middle. As the phone’s proximity increased, brainpower decreased.

In subsequent interviews, nearly all the participants said that their phones hadn’t been a distraction—that they hadn’t even thought about the devices during the experiment. They remained oblivious even as the phones disrupted their focus and thinking.

The researchers recruited 520 undergraduates at UCSD and gave them two standard tests of intellectual acuity. One test gauged “available working-memory capacity,” a measure of how fully a person’s mind can focus on a particular task. The second assessed “fluid intelligence,” a person’s ability to interpret and solve an unfamiliar problem. The only variable in the experiment was the location of the subjects’ smartphones. Some of the students were asked to place their phones in front of them on their desks; others were told to stow their phones in their pockets or handbags; still others were required to leave their phones in a different room.

the “integration of smartphones into daily life” appears to cause a “brain drain” that can diminish such vital mental skills as “learning, logical reasoning, abstract thought, problem solving, and creativity.”

 Smartphones have become so entangled with our existence that, even when we’re not peering or pawing at them, they tug at our attention, diverting precious cognitive resources. Just suppressing the desire to check our phone, which we do routinely and subconsciously throughout the day, can debilitate our thinking.

They found that students who didn’t bring their phones to the classroom scored a full letter-grade higher on a test of the material presented than those who brought their phones. It didn’t matter whether the students who had their phones used them or not: All of them scored equally poorly.

A study of nearly a hundred secondary schools in the U.K., published last year in the journal Labour Economics, found that when schools ban smartphones, students’ examination scores go up substantially, with the weakest students benefiting the most.

Data, the novelist and critic Cynthia Ozick once wrote, is “memory without history.” Her observation points to the problem with allowing smartphones to commandeer our brains

Because smartphones serve as constant reminders of all the friends we could be chatting with electronically, they pull at our minds when we’re talking with people in person, leaving our conversations shallower and less satisfying.

In a 2013 study conducted at the University of Essex in England, 142 participants were divided into pairs and asked to converse in private for ten minutes. Half talked with a phone in the room, half without a phone present. The subjects were then given tests of affinity, trust and empathy. “The mere presence of mobile phones,” the researchers reported in the Journal of Social and Personal Relationships, “inhibited the development of interpersonal closeness and trust” and diminished “the extent to which individuals felt empathy and understanding from their partners.”

The evidence that our phones can get inside our heads so forcefully is unsettling. It suggests that our thoughts and feelings, far from being sequestered in our skulls, can be skewed by external forces we’re not even aware o

 Scientists have long known that the brain is a monitoring system as well as a thinking system. Its attention is drawn toward any object that is new, intriguing or otherwise striking — that has, in the psychological jargon, “salience.”

even in the history of captivating media, the smartphone stands out. It is an attention magnet unlike any our minds have had to grapple with before. Because the phone is packed with so many forms of information and so many useful and entertaining functions, it acts as what Dr. Ward calls a “supernormal stimulus,” one that can “hijack” attention whenever it is part of our surroundings — and it is always part of our surroundings.

Imagine combining a mailbox, a newspaper, a TV, a radio, a photo album, a public library and a boisterous party attended by everyone you know, and then compressing them all into a single, small, radiant object. That is what a smartphone represents to us. No wonder we can’t take our minds off it.

The irony of the smartphone is that the qualities that make it so appealing to us — its constant connection to the net, its multiplicity of apps, its responsiveness, its portability — are the very ones that give it such sway over our minds.

Phone makers like Apple and Samsung and app writers like Facebook, Google and Snap design their products to consume as much of our attention as possible during every one of our waking hours

Social media apps were designed to exploit “a vulnerability in human psychology,” former Facebook president Sean Parker said in a recent interview. “[We] understood this consciously. And we did it anyway.”

A quarter-century ago, when we first started going online, we took it on faith that the web would make us smarter: More information would breed sharper thinking. We now know it’s not that simple.

As strange as it might seem, people’s knowledge and understanding may actually dwindle as gadgets grant them easier access to online data stores

In a seminal 2011 study published in Science, a team of researchers — led by the Columbia University psychologist Betsy Sparrow and including the late Harvard memory expert Daniel Wegner — had a group of volunteers read forty brief, factual statements (such as “The space shuttle Columbia disintegrated during re-entry over Texas in Feb. 2003”) and then type the statements into a computer. Half the people were told that the machine would save what they typed; half were told that the statements would be erased.

Afterward, the researchers asked the subjects to write down as many of the statements as they could remember. Those who believed that the facts had been recorded in the computer demonstrated much weaker recall than those who assumed the facts wouldn’t be stored. Anticipating that information would be readily available in digital form seemed to reduce the mental effort that people made to remember it

The researchers dubbed this phenomenon the “Google effect” and noted its broad implications: “Because search engines are continually available to us, we may often be in a state of not feeling we need to encode the information internally. When we need it, we will look it up.”

as the pioneering psychologist and philosopher William James said in an 1892 lecture, “the art of remembering is the art of thinking.”

Only by encoding information in our biological memory can we weave the rich intellectual associations that form the essence of personal knowledge and give rise to critical and conceptual thinking. No matter how much information swirls around us, the less well-stocked our memory, the less we have to think with.

As Dr. Wegner and Dr. Ward explained in a 2013 Scientific American article, when people call up information through their devices, they often end up suffering from delusions of intelligence. They feel as though “their own mental capacities” had generated the information, not their devices. “The advent of the ‘information age’ seems to have created a generation of people who feel they know more than ever before,” the scholars concluded, even though “they may know ever less about the world around them.”

That insight sheds light on society’s current gullibility crisis, in which people are all too quick to credit lies and half-truths spread through social media. If your phone has sapped your powers of discernment, you’ll believe anything it tells you.

A second experiment conducted by the researchers produced similar results, while also revealing that the more heavily students relied on their phones in their everyday lives, the greater the cognitive penalty they suffered.

When we constrict our capacity for reasoning and recall or transfer those skills to a gadget, we sacrifice our ability to turn information into knowledge. We get the data but lose the meaning

We need to give our minds more room to think. And that means putting some distance between ourselves and our phones.

Google’s once-patient investors grew restive, demanding that the founders figure out a way to make money, preferably lots of it.

nder pressure, Page and Brin authorized the launch of an auction system for selling advertisements tied to search queries. The system was designed so that the company would get paid by an advertiser only when a user clicked on an ad. This feature gave Google a huge financial incentive to make accurate predictions about how users would respond to ads and other online content. Even tiny increases in click rates would bring big gains in income. And so the company began deploying its stores of behavioral data not for the benefit of users but to aid advertisers — and to juice its own profits. Surveillance capitalism had arrived.

Google’s business now hinged on what Zuboff calls “the extraction imperative.” To improve its predictions, it had to mine as much information as possible from web users. It aggressively expanded its online services to widen the scope of its surveillance.

Through Gmail, it secured access to the contents of people’s emails and address books. Through Google Maps, it gained a bead on people’s whereabouts and movements. Through Google Calendar, it learned what people were doing at different moments during the day and whom they were doing it with. Through Google News, it got a readout of people’s interests and political leanings. Through Google Shopping, it opened a window onto people’s wish lists,

The company gave all these services away for free to ensure they’d be used by as many people as possible. It knew the money lay in the data.

the organization grew insular and secretive. Seeking to keep the true nature of its work from the public, it adopted what its CEO at the time, Eric Schmidt, called a “hiding strategy” — a kind of corporate omerta backed up by stringent nondisclosure agreements.

Page and Brin further shielded themselves from outside oversight by establishing a stock structure that guaranteed their power could never be challenged, neither by investors nor by directors.

What’s most remarkable about the birth of surveillance capitalism is the speed and audacity with which Google overturned social conventions and norms about data and privacy. Without permission, without compensation, and with little in the way of resistance, the company seized and declared ownership over everyone’s information

The companies that followed Google presumed that they too had an unfettered right to collect, parse, and sell personal data in pretty much any way they pleased. In the smart homes being built today, it’s understood that any and all data will be beamed up to corporate clouds.

Google conducted its great data heist under the cover of novelty. The web was an exciting frontier — something new in the world — and few people understood or cared about what they were revealing as they searched and surfed. In those innocent days, data was there for the taking, and Google took it

Google also benefited from decisions made by lawmakers, regulators, and judges — decisions that granted internet companies free use of a vast taxpayer-funded communication infrastructure, relieved them of legal and ethical responsibility for the information and messages they distributed, and gave them carte blanche to collect and exploit user data.

Consider the terms-of-service agreements that govern the division of rights and the delegation of ownership online. Non-negotiable, subject to emendation and extension at the company’s whim, and requiring only a casual click to bind the user, TOS agreements are parodies of contracts, yet they have been granted legal legitimacy by the court

Law professors, writes Zuboff, “call these ‘contracts of adhesion’ because they impose take-it-or-leave-it conditions on users that stick to them whether they like it or not.” Fundamentally undemocratic, the ubiquitous agreements helped Google and other firms commandeer personal data as if by fiat.

n the choices we make as consumers and private citizens, we have always traded some of our autonomy to gain other rewards. Many people, it seems clear, experience surveillance capitalism less as a prison, where their agency is restricted in a noxious way, than as an all-inclusive resort, where their agency is restricted in a pleasing way

Zuboff makes a convincing case that this is a short-sighted and dangerous view — that the bargain we’ve struck with the internet giants is a Faustian one

but her case would have been stronger still had she more fully addressed the benefits side of the ledger.

there’s a piece missing. While Zuboff’s assessment of the costs that people incur under surveillance capitalism is exhaustive, she largely ignores the benefits people receive in return — convenience, customization, savings, entertainment, social connection, and so on

hat the industries of the future will seek to manufacture is the self.

Behavior modification is the thread that ties today’s search engines, social networks, and smartphone trackers to tomorrow’s facial-recognition systems, emotion-detection sensors, and artificial-intelligence bots.

All of Facebook’s information wrangling and algorithmic fine-tuning, she writes, “is aimed at solving one problem: how and when to intervene in the state of play that is your daily life in order to modify your behavior and thus sharply increase the predictability of your actions now, soon, and later.”

“The goal of everything we do is to change people’s actual behavior at scale,” a top Silicon Valley data scientist told her in an interview. “We can test how actionable our cues are for them and how profitable certain behaviors are for us.”

This goal, she suggests, is not limited to Facebook. It is coming to guide much of the economy, as financial and social power shifts to the surveillance capitalists

Combining rich information on individuals’ behavioral triggers with the ability to deliver precisely tailored and timed messages turns out to be a recipe for behavior modification on an unprecedented scale.

it was Facebook, with its incredibly detailed data on people’s social lives, that grasped digital media’s full potential for behavior modification. By using what it called its “social graph” to map the intentions, desires, and interactions of literally billions of individuals, it saw that it could turn its network into a worldwide Skinner box, employing psychological triggers and rewards to program not only what people see but how they react.

spying on the populace is not the end game. The real prize lies in figuring out ways to use the data to shape how people think and act. “The best way to predict the future is to invent it,” the computer scientist Alan Kay once observed. And the best way to predict behavior is to script it.

competition for personal data intensified. It was no longer enough to monitor people online; making better predictions required that surveillance be extended into homes, stores, schools, workplaces, and the public squares of cities and towns. Much of the recent innovation in the tech industry has entailed the creation of products and services designed to vacuum up data from every corner of our lives

“The typical complaint is that privacy is eroded, but that is misleading,” Zuboff writes. “In the larger societal pattern, privacy is not eroded but redistributed . . . . Instead of people having the rights to decide how and what they will disclose, these rights are concentrated within the domain of surveillance capitalism.” The transfer of decision rights is also a transfer of autonomy and agency, from the citizen to the corporation.

What we lose under this regime is something more fundamental than privacy. It’s the right to make our own decisions about privacy — to draw our own lines between those aspects of our lives we are comfortable sharing and those we are not

Other possible ways of organizing online markets, such as through paid subscriptions for apps and services, never even got a chance to be tested.

Online surveillance came to be viewed as normal and even necessary by politicians, government bureaucrats, and the general public

Google and other Silicon Valley companies benefited directly from the government’s new stress on digital surveillance. They earned millions through contracts to share their data collection and analysis techniques with the National Security Agenc

As much as the dot-com crash, the horrors of 9/11 set the stage for the rise of surveillance capitalism. Zuboff notes that, in 2000, members of the Federal Trade Commission, frustrated by internet companies’ lack of progress in adopting privacy protections, began formulating legislation to secure people’s control over their online information and severely restrict the companies’ ability to collect and store it. It seemed obvious to the regulators that ownership of personal data should by default lie in the hands of private citizens, not corporations.

The 9/11 attacks changed the calculus. The centralized collection and analysis of online data, on a vast scale, came to be seen as essential to national security. “The privacy provisions debated just months earlier vanished from the conversation more or less overnight,”

On both sides of the Capitol, lawmakers, aides, police officers and reporters who had fled to secure locations have been warned that they might have been exposed to the coronavirus while hiding from the mob

“It angers me when they refuse to adhere to the directions about keeping their masks on,” Ms. Watson Coleman, a lung cancer survivor who will turn 76 next month, said in an interview. “It comes off to me as arrogance and defiance. And you can be both, but not at the expense of someone else.”

The scene that unfolded on Wednesday in that one secure room — where an offer of masks from Representative Lisa Blunt Rochester, Democrat of Delaware, was rejected by a group of Republicans — is emblematic of the challenge that has dogged Capitol Hill’s disorderly response to the pandemic.

Republicans accused Democrats, who needed their narrow majority fully present in person to confirm Ms. Pelosi as speaker, of subverting their own rules on the first day of the Congress

permitting the construction of a small plexiglass enclosure with its own ventilation system in one of the galleries so that lawmakers in a protective quarantine could vote in person

Complicating matters further, lawmakers in both parties have delayed receiving a vaccination, despite being granted primary access, arguing that essential workers needed to receive it first.

The expansion of security measures to other locations across the nation is based on the Postal Service's awareness of "planned protests or other situations involving large crowds" in key cities and areas

States and cities around the country are preparing for unrest ahead of the January 20 inauguration.