Group items tagged

A person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter’s efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.

the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

Chief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges.

Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.

“I felt ethically bound. This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He declined to discuss what happened at Twitter, except to stand by the formal complaint. Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.

“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.

In 1998, Zatko had testified to Congress that the internet was so fragile that he and others could take it down with a half-hour of concentrated effort. He later served as the head of cyber grants at the Defense Advanced Research Projects Agency, the Pentagon innovation unit that had backed the internet’s invention.

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Charles E. Grassley (R-Iowa), the top Republican on the Senate Judiciary Committee,

Many government leaders and other trusted voices use Twitter to spread important messages quickly, so a hijacked account could drive panic or violence. In 2013, a captured Associated Press handle falsely tweeted about explosions at the White House, sending the Dow Jones industrial average briefly plunging more than 140 points.

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

After a teenager managed to hijack the verified accounts of Obama, then-candidate Joe Biden, Musk and others in 2020, Twitter’s chief executive at the time, Jack Dorsey, asked Zatko to join him, saying that he could help the world by fixing Twitter’s security and improving the public conversation, Zatko asserts in the complaint.

But at Twitter Zatko encountered problems more widespread than he realized and leadership that didn’t act on his concerns, according to the complaint.

Twitter’s difficulties with weak security stretches back more than a decade before Zatko’s arrival at the company in November 2020. In a pair of 2009 incidents, hackers gained administrative control of the social network, allowing them to reset passwords and access user data. In the first, beginning around January of that year, hackers sent tweets from the accounts of high-profile users, including Fox News and Obama.

Several months later, a hacker was able to guess an employee’s administrative password after gaining access to similar passwords in their personal email account. That hacker was able to reset at least one user’s password and obtain private information about any Twitter user.

Twitter continued to suffer high-profile hacks and security violations, including in 2017, when a contract worker briefly took over Trump’s account, and in the 2020 hack, in which a Florida teen tricked Twitter employees and won access to verified accounts. Twitter then said it put additional safeguards in place.

This year, the Justice Department accused Twitter of asking users for their phone numbers in the name of increased security, then using the numbers for marketing. Twitter agreed to pay a $150 million fine for allegedly breaking the 2011 order, which barred the company from making misrepresentations about the security of personal data.

After Zatko joined the company, he found it had made little progress since the 2011 settlement, the complaint says. The complaint alleges that he was able to reduce the backlog of safety cases, including harassment and threats, from 1 million to 200,000, add staff and push to measure results.

But Zatko saw major gaps in what the company was doing to satisfy its obligations to the FTC, according to the complaint. In Zatko’s interpretation, according to the complaint, the 2011 order required Twitter to implement a Software Development Life Cycle program, a standard process for making sure new code is free of dangerous bugs. The complaint alleges that other employees had been telling the board and the FTC that they were making progress in rolling out that program to Twitter’s systems. But Zatko alleges that he discovered that it had been sent to only a tenth of the company’s projects, and even then treated as optional.

“If all of that is true, I don’t think there’s any doubt that there are order violations,” Vladeck, who is now a Georgetown Law professor, said in an interview. “It is possible that the kinds of problems that Twitter faced eleven years ago are still running through the company.”

“Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.”

One current and one former employee recalled that incident, when failures at two Twitter data centers drove concerns that the service could have collapsed for an extended period. “I wondered if the company would exist in a few days,” one of them said.

The current and former employees also agreed with the complaint’s assertion that past reports to various privacy regulators were “misleading at best.”

The complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company’s data centers could leave it unable to correctly restart its servers. That could have left the service down for months, or even have caused all of its data to be lost. That came close to happening in 2021, when an “impending catastrophic” crisis threatened the platform’s survival before engineers were able to save the day, the complaint says, without providing further details.

As the head of security, Zatko says he also was in charge of a division that investigated users’ complaints about accounts, which meant that he oversaw the removal of some bots, according to the complaint. Spam bots — computer programs that tweet automatically — have long vexed Twitter. Unlike its social media counterparts, Twitter allows users to program bots to be used on its service: For example, the Twitter account @big_ben_clock is programmed to tweet “Bong Bong Bong” every hour in time with Big Ben in London. Twitter also allows people to create accounts without using their real identities, making it harder for the company to distinguish between authentic, duplicate and automated accounts.

In the complaint, Zatko alleges he could not get a straight answer when he sought what he viewed as an important data point: the prevalence of spam and bots across all of Twitter, not just among monetizable users.

Zatko cites a “sensitive source” who said Twitter was afraid to determine that number because it “would harm the image and valuation of the company.” He says the company’s tools for detecting spam are far less robust than implied in various statements.

For example, they said the company implied that it had destroyed all data on users who asked, but the material had spread so widely inside Twitter’s networks, it was impossible to know for sure

The four people familiar with Twitter’s spam and bot efforts said the engineering and integrity teams run software that samples thousands of tweets per day, and 100 accounts are sampled manually.

Some employees charged with executing the fight agreed that they had been short of staff. One said top executives showed “apathy” toward the issue.

Zatko’s complaint likewise depicts leadership dysfunction, starting with the CEO. Dorsey was largely absent during the pandemic, which made it hard for Zatko to get rulings on who should be in charge of what in areas of overlap and easier for rival executives to avoid collaborating, three current and former employees said.

For example, Zatko would encounter disinformation as part of his mandate to handle complaints, according to the complaint. To that end, he commissioned an outside report that found one of the disinformation teams had unfilled positions, yawning language deficiencies, and a lack of technical tools or the engineers to craft them. The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.

Dorsey made little effort to integrate Zatko at the company, according to the three employees as well as two others familiar with the process who spoke on the condition of anonymity to describe sensitive dynamics. In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.

Faced with such inertia, Zatko asserts that he was unable to solve some of the most serious issues, according to the complaint.

Some 30 percent of company laptops blocked automatic software updates carrying security fixes, and thousands of laptops had complete copies of Twitter’s source code, making them a rich target for hackers, it alleges.

A successful hacker takeover of one of those machines would have been able to sabotage the product with relative ease, because the engineers pushed out changes without being forced to test them first in a simulated environment, current and former employees said.

“It’s near-incredible that for something of that scale there would not be a development test environment separate from production and there would not be a more controlled source-code management process,” said Tony Sager, former chief operating officer at the cyberdefense wing of the National Security Agency, the Information Assurance divisio

Sager is currently senior vice president at the nonprofit Center for Internet Security, where he leads a consensus effort to establish best security practices.

The complaint says that about half of Twitter’s roughly 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked. Three current and former employees agreed that these were issues.

“A best practice is that you should only be authorized to see and access what you need to do your job, and nothing else,” said former U.S. chief information security officer Gregory Touhill. “If half the company has access to and can make configuration changes to the production environment, that exposes the company and its customers to significant risk.”

Another graphic implied a downward trend in the number of people with overly broad access, based on the small subset of people who had access to the highest administrative powers, known internally as “God mode.” That number was in the hundreds. But the number of people with broad access to core systems, which Zatko had called out as a big problem after joining, had actually grown slightly and remained in the thousands.

When Dorsey left in November 2021, a difficult situation worsened under Agrawal, who had been responsible for security decisions as chief technology officer before Zatko’s hiring, the complaint says.

An unnamed executive had prepared a presentation for the new CEO’s first full board meeting, according to the complaint. Zatko’s complaint calls the presentation deeply misleading.

The presentation showed that 92 percent of employee computers had security software installed — without mentioning that those installations determined that a third of the machines were insecure, according to the complaint.

The complaint says Dorsey never encouraged anyone to mislead the board about the shortcomings, but that others deliberately left out bad news.

The presentation included only a subset of serious intrusions or other security incidents, from a total Zatko estimated as one per week, and it said that the uncontrolled internal access to core systems was responsible for just 7 percent of incidents, when Zatko calculated the real proportion as 60 percent.

Zatko stopped the material from being presented at the Dec. 9, 2021 meeting, the complaint said. But over his continued objections, Agrawal let it go to the board’s smaller Risk Committee a week later.

Agrawal didn’t respond to requests for comment. In an email to employees after publication of this article, obtained by The Post, he said that privacy and security continues to be a top priority for the company, and he added that the narrative is “riddled with inconsistences” and “presented without important context.”

On Jan. 4, Zatko reported internally that the Risk Committee meeting might have been fraudulent, which triggered an Audit Committee investigation.

Agarwal fired him two weeks later. But Zatko complied with the company’s request to spell out his concerns in writing, even without access to his work email and documents, according to the complaint.

Since Zatko’s departure, Twitter has plunged further into chaos with Musk’s takeover, which the two parties agreed to in May. The stock price has fallen, many employees have quit, and Agrawal has dismissed executives and frozen big projects.

Zatko said he hoped that by bringing new scrutiny and accountability, he could improve the company from the outside.

“I still believe that this is a tremendous platform, and there is huge value and huge risk, and I hope that looking back at this, the world will be a better place, in part because of this.”

Other countries have different goals. The South Korean government announced a plan to install 1 gigabit per second of symmetric fiber data access in every home by 2012. Hong Kong, Japan and the Netherlands are heading in the same direction. Australia plans to get 93 percent of homes and businesses connected to fiber. In the U.K., a 300 Mbps fiber-to-the-home service will be offered on a wholesale basis.

The first step is to decide what the goal of telecommunications policy should be. Network access providers -- and the FCC -- are stuck on the idea that not all Americans need high-speed Internet access. The FCC’s National Broadband Plan of March 2010 suggested that the minimum appropriate speed for every American household by 2020 should be 4 megabits per second for downloads and 1 Mbps for uploads. These speeds are enough, the FCC said, to reliably send and receive e-mail, download Web pages and use simple video conferencing.

In a sense, the FCC adopted the cable companies’ business plan as the country’s goal. The commission’s embrace of asymmetric access -- slower upload than download speeds -- also serves the carriers’ interests: Only symmetric connections would allow every American to do business from home rather than use the Internet simply for high-priced entertainmen

Think of it this way: With a dialup connection, backing up 5 gigabytes of data (now the standard free plan offered by many storage companies) would take 20 days. Over a standard (3G) wireless connection, it would take two and a half days. Over a 4G connection it would be more than seven hours, and over a cable DOCSIS 3.0 connection, an hour and a half. With a gigabit fiber-to-the-home connection, it can be done in less than a minute.

If the U.S. had a fully fiber-based network, Hollywood blockbusters could be downloaded in 12 seconds, video conferencing would become routine, and every household could see 3D and Super HD images. Americans could be connected instantly to their co-workers, their families, their teachers and their health-care monitors. To make this happen, though, the U.S. needs to move to a utility model, based on the assumption that all Americans require fiber-optic Internet access at reasonable prices. How much would it cost to bring fiber to the homes of all Americans? Corning Inc. (GLW), the American glass manufacturer, and others have estimated that it would take between $50 billion and $90 billion.

The Internet has taken the place of the telephone as the world’s basic, general-purpose, two-way communication medium. All Americans need high-speed access, just as they need clean water, clean air and electricity. But they have allowed a naive belief in the power and beneficence of the free market to cloud their vision. As things stand, the U.S. has the worst of both worlds: no competition and no regulation.

In Texas, lack of

This particular case has implications for women across the United States, according to Ilyse Hogue, president of NARAL Pro-Choice America.

"This case represents the greatest threat to women's reproductive freedom since the Supreme Court decided Roe vs. Wade over 40 years ago."

The Guttmacher Institute estimates that 1 in 3 women will have an abortion in her lifetime. Lawmakers have passed a record-breaking 231 abortion restriction laws in the last four years, and more than 100 anti-abortion bills have been introduced in 28 state legislatures so far this year.

instructs the Department of Health and Human Services to open a special enrollment period for the Affordable Care Act through HealthCare.gov,

"As we continue to battle COVID-19, it is even more critical that Americans have meaningful access to affordable care," a White House fact sheet reads.

His second executive action aims "to protect and expand access to comprehensive reproductive health care" by rescinding the Mexico City policy, also known as the global gag rule. This policy, reinstated and expanded by the Trump administration, bars international nongovernmental organizations that provide abortion counseling or referrals from receiving U.S. funding. Biden on Thursday called the gag rule an "attack on women's health access."

For decades, Democratic and Republican presidents have alternately rescinded or reinstated the global gag rule, with Democrats, such as Biden, opposing the policy. Republicans have argued that the rule would reduce the number of abortions.

The Supreme Court will hear a case that could decide the legality of work requirements for Medicaid recipients.

Biden is reversing course and directing federal agencies to reconsider those work requirement rules. He is also asking agencies to review policies that undermined protections for people with preexisting conditions, including complications related to COVID-19.

The administration faced pressure to open HealthCare.gov for anyone to enroll in the Affordable Care Act in response to the pandemic, but it never did.

Last November, the Trump administration and several Republican-led states argued at the U.S. Supreme Court that the program should be voided, which would have eliminated popular elements of the law such as protections for those with preexisting conditions.

However, a study released last year suggested the policy failed to reduce the rate of abortions and ultimately had the opposite effect. The study said the rate of abortions increased by about 40% in the countries studied — most likely because the funding ban caused a reduction in access to contraception and a consequent rise in unwanted pregnancies.

Under the actions announced on Thursday, the president is telling federal agencies to review a Trump-era rule that limited the use of Title X federal funds meant for family planning and reproductive health services for low-income patients. Under this program, organizations that provided abortions or abortion counseling could not have access to those federal funds. The White House said, "Across the country and around the world, people — particularly women, Black, Indigenous and other people of color, LGBTQ+ people, and those with low incomes — have been denied access to reproductive health care."

Facebook also assumed extraordinary power over the personal information of its 2.2 billion users — control it has wielded with little transparency or outside oversight.

The partnerships were so important that decisions about forming them were vetted at high levels, sometimes by Mr. Zuckerberg and Sheryl Sandberg, the chief operating officer, Facebook officials said. While many of the partnerships were announced publicly, the details of the sharing arrangements typically were confidential

Zuckerberg, the chief executive, assured lawmakers in April that people “have complete control” over everything they share on Facebook.

the documents, as well as interviews with about 50 former employees of Facebook and its corporate partners, reveal that Facebook allowed certain companies access to data despite those protections

Data privacy experts disputed Facebook’s assertion that most partnerships were exempted from the regulatory requirements

“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” said David Vladeck, who formerly ran the F.T.C.’s consumer protection bureau. “I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.

“I don’t believe it is legitimate to enter into data-sharing partnerships where there is not prior informed consent from the user,” said Roger McNamee, an early investor in Facebook. “No one should trust Facebook until they change their business model.”

Few companies have better data than Facebook and its rival, Google, whose popular products give them an intimate view into the daily lives of billions of people — and allow them to dominate the digital advertising market

Facebook has never sold its user data, fearful of user backlash and wary of handing would-be competitors a way to duplicate its most prized asset. Instead, internal documents show, it did the next best thing: granting other companies access to parts of the social network in ways that advanced its own interests.

as the social network has disclosed its data sharing deals with other kinds of businesses — including internet companies such as Yahoo — Facebook has labeled them integration partners, too

Among the revelations was that Facebook obtained data from multiple partners for a controversial friend-suggestion tool called “People You May Know.”

The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.

agreements with about a dozen companies did. Some enabled partners to see users’ contact information through their friends — even after the social network, responding to complaints, said in 2014 that it was stripping all applications of that power.

Pam Dixon, executive director of the World Privacy Forum, a nonprofit privacy research group, said that Facebook would have little power over what happens to users’ information after sharing it broadly. “It travels,” Ms. Dixon said. “It could be customized. It could be fed into an algorithm and decisions could be made about you based on that data.”

Facebook’s agreement with regulators is a result of the company’s early experiments with data sharing. In late 2009, it changed the privacy settings of the 400 million people then using the service, making some of their information accessible to all of the internet. Then it shared that information, including users’ locations and religious and political leanings, with Microsoft and other partners.

But the privacy program faced some internal resistance from the start, according to four former Facebook employees with direct knowledge of the company’s efforts. Some engineers and executives, they said, considered the privacy reviews an impediment to quick innovation and growth. And the core team responsible for coordinating the reviews — numbering about a dozen people by 2016 — was moved around within Facebook’s sprawling organization, sending mixed signals about how seriously the company took it, the ex-employees said.

Microsoft officials said that Bing was using the data to build profiles of Facebook users on Microsoft servers. They declined to provide details, other than to say the information was used in “feature development” and not for advertising. Microsoft has since deleted the data, the officials said.

For some advocates, the torrent of user data flowing out of Facebook has called into question not only Facebook’s compliance with the F.T.C. agreement, but also the agency’s approach to privacy regulation.

“We brought Facebook under the regulatory authority of the F.T.C. after a tremendous amount of work. The F.T.C. has failed to act.

Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.

Facebook records show Yandex had access in 2017 to Facebook’s unique user IDs even after the social network stopped sharing them with other applications, citing privacy risks. A spokeswoman for Yandex, which was accused last year by Ukraine’s security service of funneling its user data to the Kremlin, said the company was unaware of the access

In October, Facebook said Yandex was not an integration partner. But in early December, as The Times was preparing to publish this article, Facebook told congressional lawmakers that it was

But federal regulators had reason to know about the partnerships — and to question whether Facebook was adequately safeguarding users’ privacy. According to a letter that Facebook sent this fall to Senator Ron Wyden, the Oregon Democrat, PricewaterhouseCoopers reviewed at least some of Facebook’s data partnerships.

The first assessment, sent to the F.T.C. in 2013, found only “limited” evidence that Facebook had monitored those partners’ use of data. The finding was redacted from a public copy of the assessment, which gave Facebook’s privacy program a passing grade over all.

Mr. Wyden and other critics have questioned whether the assessments — in which the F.T.C. essentially outsources much of its day-to-day oversight to companies like PricewaterhouseCoopers — are effective. As with other businesses under consent agreements with the F.T.C., Facebook pays for and largely dictated the scope of its assessments, which are limited mostly to documenting that Facebook has conducted the internal privacy reviews it claims it had

Facebook officials said that while the social network audited partners only rarely, it managed them closely.

Sunday's order directs the heads of all federal agencies to submit proposals for their respective agencies to promote voter registration and participation within 200 days, while assisting states in voter registration under the National Voter Registration Act.

"Every eligible voter should be able to vote and have that vote counted. If you have the best ideas, you have nothing to hide. Let the people vote," he said at the event.

"I also urge Congress to fully restore the Voting Rights Act, named in John Lewis' honor," he said, referring to the late Georgia congressman and civil rights icon who died last year.

Biden called HR1 "a landmark piece of legislation that is urgently needed to protect the right to vote, the integrity of our elections, and to repair and strengthen our democracy."

"For the federal agencies, many of them have footprints around the country, with offices that people, outside the context of a pandemic could walk in and seek particular services," the official told reporters Saturday. We want to make sure that we can maximize the use of that kind of walk-in service and have them be places where people can also register to vote -- the goal is to make registering to vote and voting access as easy as possible."

The executive order also expands voter access and registration efforts for communities often overlooked in outreach, including the disabled, military serving overseas and the incarcerated.

As of February, state legislators in 43 states had introduced more than 250 bills with restrictive voting provisions, according to a tally from the Brennan Center for Justice at New York University.

"The President doesn't have executive authority to prevent a state from taking that kind of action," they said. "That would require congressional action -- so this executive order uses all of the authority that the President has to be able to take steps necessary to make voter registration and voter access easy and straightforward for people, and it also uses the President's bully pulpit to send a message to all the states and to all voters about the importance of democracy."

Only the most elite North Koreans have been allowed access to the Internet, and even they are watched

d becomes increasingly connected, their decision to be virtually isolated is very much going to affect their physical world, their economic growth and so forth

“As the world becomes inc

“As the worl

Comcast, my cable provider, offers me a menu of packages from which I might choose, each with a different mix of channels. It goes through long and sometimes arduous negotiations with the owners of those cable channels and has a different business arrangement with each of them. The details of those arrangements are opaque to me as the consumer; all I know is that I can get the movie package for X dollars a month or the sports package for Y dollars and so on.

just as your electric utility has no say in how you use the electricity they sell you, the Internet should be a reliable way to access content produced by anyone, regardless of whether they have any special business arrangement with the utility.

Those arguing against net neutrality, most significantly the cable companies, say the Internet will be a richer experience if the profit motive applies, if they can negotiate deals with major content providers (the equivalent of cable channels) so that Netflix or Hulu or other streaming services that use huge bandwidth have to pay for the privilege.

It would also give your Internet provider considerably more economic leverage. It would, in the non-net-neutrality world, be free to throttle the speed with which you could access services that don’t pay up, or block sites entirely, as surely as you cannot watch a cable channel that your cable provider chooses not to offer (perhaps because of a dispute with the channel over fees).

The order set off a furious public battle on Wednesday between the Obama administration and one of the world’s most valuable companies in a dispute with far-reaching legal implications.

This is not the first time a technology company has been ordered to effectively decrypt its own product. But industry experts say it is the most significant because of Apple’s global profile, the invasive steps it says are being demanded and the brutality of the San Bernardino attacks.

Law enforcement officials who support the F.B.I.’s position said that the impasse with Apple provided an ideal test case to move from an abstract debate over the balance between national security and privacy to a concrete one

The F.B.I. has been unable to get into the phone used by Syed Rizwan Farook, who was killed by the police along with his wife after they attacked Mr. Farook’s co-workers at a holiday gathering.

Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California issued her order Tuesday afternoon, after the F.B.I. said it had been unable to get access to the data on its own and needed Apple’s technical assistance.

Mr. Cook, the chief executive at Apple, responded Wednesday morning with a blistering, 1,100-word letter to Apple customers, warning of the “chilling” breach of privacy posed by the government’s demands. He maintained that the order would effectively require it to create a “backdoor” to get around its own safeguards, and Apple vowed to appeal the ruling by next week.

Apple argues that the software the F.B.I. wants it to create does not exist. But technologists say the company can do it.

pple executives had hoped to resolve the impasse without having to rewrite their own encryption software. They were frustrated that the Justice Department had aired its demand in public, according to an industry executive with knowledge of the case, who spoke on the condition of anonymity about internal discussions.

The Justice Department and the F.B.I. have the White House’s “full support,” the spokesman, Josh Earnest, said on Wednesday.

His vote of confidence was significant because James Comey, the F.B.I. director, has at times been at odds with the White House over his aggressive advocacy of tougher decryption requirements on technology companies. While Mr. Obama’s national security team was sympathetic to Mr. Comey’s position, others at the White House viewed legislation as potentially perilous. Late last year, Mr. Obama refused to back any legislation requiring decryption, leaving a court fight likely.

The dispute could initiate legislation in Congress, with Republicans and Democrats alike criticizing Apple’s stance on Wednesday and calling for tougher decryption requirements.

Donald J. Trump, the Republican presidential contender, also attacked Apple on Fox News, asking, “Who do they think they are?”

But Apple had many defenders of its own among privacy and consumer advocates, who praised Mr. Cook for standing up to what they saw as government overreach.

Many of the company’s defenders argued that the types of government surveillance operations exposed in 2013 by Edward J. Snowden, the former National Security Agency contractor, have prompted technology companies to build tougher encryption safeguards in their products because of the privacy demands of their customers.

Privacy advocates and others said they worried that if the F.B.I. succeeded in getting access to the software overriding Apple’s encryption, it would create easy access for the government in many future investigations.

The Apple order is a flash point in a dispute that has been building for more than a decade. Advertisement Continue reading the main story Advertisement Continue reading the main story

The F.B.I. began sounding alarms years ago about technology that allowed people to exchange private messages protected by encryption so strong that government agents could not break it. In fall 2010, at the behest of Robert S. Mueller III, the F.B.I. director, the Obama administration began work on a law that required technology companies to provide unencrypted data to the government.

Lawyers at the F.B.I., Justice Department and Commerce Department drafted bills around the idea that technology companies in the Internet age should be bound by the same rules as phone companies, which were forced during the Clinton administration to build digital networks that government agents could tap.

The draft legislation would have covered app developers like WhatsApp and large companies like Google and Apple, according to current and former officials involved in the process.

There is no debate that, when armed with a court order, the government can get text messages and other data stored in plain text. Far less certain was whether the government could use a court order to force a company to write software or redesign its system to decode encrypted data. A federal law would make that authority clear, they said.

But the disclosures of government surveillance by Mr. Snowden changed the privacy debate, and the Obama administration decided not to move on the proposed legislation. It has not been revived.

The legal issues raised by the judge’s order are complicated. They involve statutory interpretation, rather than constitutional rights, and they could end up before the Supreme Court.

As Apple noted, the F.B.I., instead of asking Congress to pass legislation resolving the encryption fight, has proposed what appears to be a novel reading of the All Writs Act of 1789.

The law lets judges “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

In the past 500 years, Russia has been invaded several times from the west. The Poles came across the European Plain in 1605, followed by the Swedes under Charles XII in 1707, the French under Napoleon in 1812, and the Germans—twice, in both world wars, in 1914 and 1941.

In Poland, the plain is only 300 miles wide—from the Baltic Sea in the north to the Carpathian Mountains in the south—but after that point it stretches to a width of about 2,000 miles near the Russian border, and from there, it offers a flat route straight to Moscow. Thus Russia’s repeated attempts to occupy Poland throughout history; the country represents a relatively narrow corridor into which Russia could drive its armed forces to block an enemy advance toward its own border, which, being wider, is much harder to defend.

On the other hand, Russia’s vastness has also protected it; by the time an army approaches Moscow, it already has unsustainably long supply lines, which become increasingly difficult to protect as they extend across Russian territory. Napoleon made this mistake in 1812, and Hitler repeated it in 1941.

Just as strategically important—and just as significant to the calculations of Russia’s leaders throughout history—has been the country’s historical lack of its own warm-water port with direct access to the oceans.

Many of the country’s ports on the Arctic freeze for several months each year. Vladivostok, the largest Russian port on the Pacific Ocean, is enclosed by the Sea of Japan, which is dominated by the Japanese

it prevents the Russian fleet from operating as a global power, as it does not have year-round access to the world’s most important sea-lanes.

when protests in Ukraine brought down the pro-Russia government of Viktor Yanukovych and a new, more pro-Western government came to power, Putin had a choice. He could have respected the territorial integrity of Ukraine, or he could have done what Russian leaders have done for centuries with the bad geographic cards they we

Enter Ivan the Terrible, the first tsar. He put into practice the concept of attack as defense—consolidating one’s position at home and then moving outward

He extended his territory east to the Ural Mountains, south to the Caspian Sea, and north toward the Arctic Circle. Russia gained access to the Caspian, and later the Black Sea, thus taking advantage of the Caucasus Mountains as a partial barrier between itself and the Mongols.

Now the Russians had a partial buffer zone and a hinterland—somewhere to fall back to in the case of invasion. No one was going to attack them in force from the Arctic Sea, nor fight their way over the Urals to get to them

to invade it from the south or southeast you would have to have a huge army and a very long supply line, and you would have to fight your way past defensive positions.

In the 18th century, Russia, under Peter the Great—who founded the Russian Empire in 1721—and then Empress Catherine the Great, expanded the empire westward, occupying Ukraine and reaching the Carpathian Mountains.

Now there was a huge ring around Moscow; starting at the Arctic, it came down through the Baltic region, across Ukraine, to the Carpathians, the Black Sea, the Caucasus, and the Caspian, swinging back around to the Urals, which stretched up to the Arctic Circle.

Two of Russia’s chief preoccupations—its vulnerability on land and its lack of access to warm-water ports—came together in Ukraine in 2014

early Russia, known as the Grand Principality of Moscow, was indefensible. There were no mountains, no deserts, and few rivers.

He chose his own kind of attack as defense, annexing Crimea to ensure Russia’s access to its only proper warm-water port, and moving to prevent NATO from creeping even closer to Russia’s border.

From the Grand Principality of Moscow, through Peter the Great, Stalin, and now Putin, each Russian leader has been confronted by the same problems. It doesn’t matter if the ideology of those in control is czarist, communist, or crony capitalist—the ports still freeze, and the European Plain is still flat.

Despite threats of more violence, Biden told reporters Monday he plans to carry on with the day's events saying, "I'm not afraid of taking the oath outside."

The event is set to go ahead as scheduled, with several security modifications that will restrict public access to what is usually a very public event, altering a day that was already scaled back due to the coronavirus pandemic.

there will be no public access to the Capitol grounds during the inauguration.

She said the Capitol Police — who have been heavily criticized for their handling of Wednesday's violent assault on the House and Senate chambers and offices — are engaged with law enforcement partners on the federal, state, and local levels on security for Inauguration Day.

The Washington Monument is also closed to tours due to "credible threats to visitors and park resources" surrounding Biden's inauguration, the National Park Service said. The monument will remain closed through Jan. 24.

The NPS says it might also temporarily block public access to roadways, parking areas, and restrooms on the National Mall

President Trump granted a state of emergency for Washington, D.C. from Monday through Jan. 24, after D.C. Mayor Muriel Bowser requested the declaration.

Bowser has also asked the Department of the Interior to cancel or deny permits for demonstrations through Jan. 24, and she's asked the Justice Department to provide daily intelligence and threat briefings to D.C. authorities

the Guard plans to have up to 10,000 troops present, with the possibility of an additional increase of up to 15,000 in D.C. to meet current and future requests for the inauguration.

Maryland Gov. Larry Hogan, Virginia Gov. Ralph Northam, and Bowser issued a joint statement urging Americans not to come to D.C. for the celebrations.

In all but a handful of instances, the shooter was male. Boys also accounted for more than 80 percent of the victims.

The Times sought to identify every accidental firearm death of a child age 14 and under in Georgia, Minnesota, North Carolina and Ohio dating to 1999, and in California to 2007. Records were also obtained from several county medical examiners’ offices in Florida, Illinois and Texas.

In four of the five states — California, Georgia, North Carolina and Ohio — The Times identified roughly twice as many accidental killings as were tallied in the corresponding federal data.

Another important aspect of firearm accidents is that a vast majority of victims do not die. Tracking these injuries nationally, however, is arguably just as problematic as tallying fatalities, according to public health researchers. In fact, national figures often cited from the Centers for Disease Control and Prevention’s Web site are an estimate, projected from a sampling taken from hospital emergency departments. Nevertheless, in 2011, the most recent year with available data, the agency estimated that there were 847 unintentional nonfatal firearm injuries among children 14 and under.

More concrete are actual counts of emergency department visits, which are available in a small number of states. In North Carolina, for instance, there were more than 120 such visits for nonfatal gun accidents among children 17 and under in 2010, the most recent year for which data is available.

While about 60 percent of the accidental firearm deaths identified by The Times involved handguns as opposed to long guns, that number was much higher — more than 85 percent — when the victims were very young, under the age of 6. In fact, the average handgun victim was several years younger than long gun victims: between 7 and 8, compared with almost 11.

Over all, the largest number of deaths came at the upper end of the age range, with ages 13 and 14 being most common — not necessarily surprising, given that parents generally allow adolescents greater access to guns. But the third-most common age was 3 (tied with 12), a particularly vulnerable age, when children are curious and old enough to manipulate a firearm but ignorant of the dangers.

About half of the accidents took place inside the child’s home. A third, however, occurred at the house of a friend or a relative, pointing to a potential vulnerability if safe-storage laws apply only to households with children, as in North Carolina.

Even in accidental shootings where criminals were in some way involved, they usually were not the ones pulling the trigger. Rather, they — like many law-abiding adults in these cases — simply left a gun unsecured.

In state after state and often with considerable success, gun rights groups have cited the federal numbers as proof that the problem is nearly inconsequential and that storage laws are unnecessary. Gun Owners of America says on its Web site that children are “130 percent more likely to die from choking on their dinner” than from accidental shootings.

Under the Centers for Disease Control and Prevention figures, in fact, gun accidents were the ninth-leading cause of unintentional deaths among children ages 1 to 14 in 2010. (The agency reported 62 such killings that year.) If the actual numbers are, in fact, roughly double, however, gun accidents would rise into the top five or six.

The rifle association and its allies also often note that studies on the impact of safe-storage laws have found mixed results. But those studies are based on the flawed government statistics. “When we’re evaluating child access laws, we’re using total trash data,

A safe-storage bill was introduced in the Ohio legislature in February, prompted by a shooting that killed three students at a high school in suburban Cleveland. But the measure, which would prohibit storing a firearm in a residence in a place readily accessible to a child, has encountered skepticism from the Republicans who control the legislature. “The tenor was, somebody breaks in, do I have time enough to get to my gun?” said State Representative Bill Patmon, a Democrat who introduced the bill.

The N.R.A. has long argued that better education is the key to preventing gun accidents, citing its Eddie Eagle GunSafe program, which teaches children as young as 3 that if they see a gun, they should “stop, don’t touch, leave the area and tell an adult.” The association, which did not respond to a request for comment, says its program has reached more than 26 million children in all 50 states and should be credited for the deep decline in accidental gun deaths shown in federal statistics dating to the mid-1980s.

Beyond the unreliability of the federal data, public health experts have disputed the N.R.A.’s claims, pointing to other potential explanations for the decline, including improvements in emergency medical care, along with data showing fewer households with firearms. They also highlight research indicating that admonishing children to stay away from guns is often ineffective.

As part of Dr. Kellermann’s study, researchers watched through a one-way mirror as pairs of boys ages 8 to 12 were left alone in an examination room at a clinic in Atlanta. Unknown to the children, an inoperative .38-caliber handgun was concealed in a cabinet drawer.

Playing and exploring over the next 15 minutes, one boy after another — three-quarters of the 64 children — found the gun. Two-thirds handled it, and one-third actually pulled the trigger. Just one child went to tell an adult about the gun, and he was teased by his peers for it. More than 90 percent of the boys said they had had some gun safety instruction.

Other research has found that simply having a firearm in the household is correlated with an increased risk of accidental shooting death. In one study, published in 2003 in the journal Accident Analysis and Prevention, the risk was more than three times as high for one gun, and almost four times as high for more than one.

requiring, or even encouraging, efforts to introduce “smart gun” technology remains unpopular with the gun lobby, which has worked to undermine such research and attempts to regulate firearms as a dangerous consumer product.

But Taurus backed out within a few months, citing competing priorities, and the project fell apart. Charles Vehlow, Metal Storm’s chief executive at the time, said that while he did not know exactly what pressures Taurus faced, there was a general wariness of smart-gun efforts among manufacturers and pro-gun groups. “There was no question that the N.R.A. was very sensitive and was aware of what we were doing,” he said.

The Colt’s Manufacturing Company and Smith & Wesson experienced a backlash against their own smart-gun programs, which were abandoned amid financial problems caused, in part, by boycotts from gun groups and others in the industry. So unpopular was the whole smart-gun concept that Colt’s Manufacturing later could not even find a buyer for its patents, said Carlton Chen, a former lawyer for the company.

Gun rights lobbyists have also helped keep firearms and ammunition beyond the reach of the Consumer Product Safety Commission, which has the power to regulate other products that are dangerous to children. The N.R.A. argues that the commission would provide a back door for gun control advocates to restrict the manufacture of firearms. Proponents of regulation say guns pose too great a hazard to exclude them from scrutiny.

For proof of this go back to our response to the Great Recession, where we socialized losses, even as we privatized gains. Perfect competition should drive profits to zero, at least theoretically, but we have monopolies and oligopolies making persistently high profits. C.E.O.s enjoy incomes that are on average 295 times that of the typical worker, a much higher ratio than in the past, without any evidence of a proportionate increase in productivity.

f it is not the inexorable laws of economics that have led to America’s great divide, what is it? The straightforward answer: our policies and our politics.

Sweden, Finland and Norway have all succeeded in having about as much or faster growth in per capita incomes than the United States and with far greater equality.

why has America chosen these inequality-enhancing policies? Part of the answer is that as World War II faded into memory, so too did the solidarity it had engendered.

As America triumphed in the Cold War, there didn’t seem to be a viable competitor to our economic model. Without this international competition, we no longer had to show that our system could

Some drew the wrong lesson from the collapse of the Soviet system. The pendulum swung from much too much government there to much too little here.

Corporate interests argued for getting rid of regulations

But this ideology was hypocritical. The bankers, among the strongest advocates of laissez-faire economics, were only too willing to accept hundreds of billions of dollars from the government

The American political system is overrun by money. Economic inequality translates into political inequality, and political inequality yields increasing economic inequality

Economic and geographic segregation have immunized those at the top from the problems of those down below. Like the kings of yore, they have come to perceive their privileged positions essentially as a natural right.

The true test of an economy is not how much wealth its princes can accumulate in tax havens, but how well off the typical citizen is — even more so in America where our self-image is rooted in our claim to be the great middle-class society. But median incomes are lower than they were a quarter-century ago.

With almost a quarter of American children younger than 5 living in poverty, and with America doing so little for its poor, the deprivations of one generation are being visited upon the next

why is America one of the advanced countries where the life prospects of the young are most sharply determined by the income and education of their parents?

Those with only a high school diploma have seen their incomes decline by 13 percent over the past 35 years.

mass incarceration has come to define America — a country, it bears repeating, with about 5 percent of the world’s population but around a fourth of the world’s prisoners.

access to health care is among the most universally accepted rights, at least in the advanced countries. America, despite the implementation of the Affordable Care Act, is the exception. It has become a country with great divides in access to health care, life expectancy and health status.

Obamacare’s objective — to ensure that all Americans have access to health care — has been stymied: 24 states have not implemented the expanded Medicaid program, which was the means by which Obamacare was supposed to deliver on its promise to some of the poorest.

The problem of inequality is not so much a matter of technical economics. It’s really a problem of practical politics. Ensuring that those at the top pay their fair share of taxes — ending the special privileges of speculators, corporations and the rich — is both pragmatic and fair

We are not embracing a politics of envy if we reverse a politics of greed.

Inequality is not just about the top marginal tax rate but also about our children’s access to food and the right to justice for all. If we spent more on education, health and infrastructure, we would strengthen our economy, now and in the future.

We have located the underlying source of the problem: political inequities and policies that have commodified and corrupted our democracy.

“Particularly to his supporters, the behavioral choices he makes carry far more weight than virtually anything else,” Jeremy Konyndyk, a senior fellow at the Center for Global Development, told me. Konyndyk added that even if Trump and those around him benefit from special testing, “what’s seen” by Americans is, “don’t wear a mask.”

“The big question now is should the Biden campaign be given access to these same tests, which would allow him to also begin to travel, meet with staff and stay competitive with the GOP ticket?” Democratic strategist Simon Rosenberg told me.

Yet in many states, there are racial disparities in who has received the shot.

Boyd says there's evidence that Blacks will seek out vaccines when they have access to them.

Blacks are 26% of the population but they've made up only 16% of COVID-19 vaccinations so far

NPR identified disparities in the locations of vaccination sites in major cities across the South — with most sites placed in whiter neighborhoods. NPR found that the health care locations likely to be used to distribute a vaccine tend to be located in the more affluent and whiter parts of town where medical infrastructure already exists.

Boyd, who wrote about the lack of health care access for Blacks in a recent New York Times op-ed, urges expanding the network of health care services and placing primary care clinics "right in Black communities." She also calls for making "going to the doctor in the United States free.

1 out of 5 Black adults are unlikely to have a regular provider. They don't have somebody that they go to who they trust for their clinical care. We also know Black folks have some of the highest rates of uninsured and underinsurance,"

Back in the 1990s, our federal government said let's eliminate cost as a barrier to vaccination for children. And they created the Vaccines for Children program. ... By 2005, there were no gaps between Black children and other racial and ethnic groups for receipt of regularly recommended vaccines like MMR and polio.

Boyd and other Black health care workers and researchers created a campaign, called The Conversation: Between Us, About Us, to educate Blacks about COVID-19 vaccines.

"We knew that there were already baseline information gaps about how vaccines work and particular concerns that folks in the Black community had about this vaccine's development and their safety,"

"So we put together a campaign to actually tackle that misinformation so that when folks make the choice about vaccination, they can make an informed one."

She says the perception that Blacks are hesitant to get a COVID-19 vaccine has its roots in racial inequity.

"We say the reason that you have higher rates of diabetes or higher rates of heart disease is your own individual choices. You know, your cultural choices to choose what to eat shapes your disparity rather than the structural environment around you that might place you in a food desert.

"I think in health care we have had an analysis of what drives racial health inequities that centers on individuals rather than on our systems. And that has led us not to really confront racism as a cause of racial health inequities, including right now during the vaccine distribution."

After Mr. Trump’s impeachment for inciting his supporters before the deadly riot at the Capitol, and with Republican leaders turning on him, the pardon power remains one of the last and most likely outlets for quick unilateral action by an increasingly isolated, erratic president.

He has also discussed issuing pre-emptive pardons to his children, his son-in-law and senior adviser, Jared Kushner, and Mr. Giuliani.

He has paid Mr. Tolman at least $10,000 since late last year to lobby the White House and Congress for a pardon for his son Jeremy Hutchinson, a former Arkansas state lawmaker who pleaded guilty in 2019 to accepting bribes and tax fraud, according to a lobbying disclosure filed this month.

That system favors pardon seekers who have connections to Mr. Trump or his team, or who pay someone who does, said pardon lawyers who have worked for years through the Justice Department system.

. Any explicit offers of payment to the president in return could be investigated as possible violations of bribery laws; no evidence has emerged that Mr. Trump was offered money in exchange for a pardon.

“The criminal justice system is badly broken, badly flawed,” said the former senator, Tim Hutchinson, a Republican who served in Congress from 1993 to 2003.

“This kind of off-books influence peddling, special-privilege system denies consideration to the hundreds of ordinary people who have obediently lined up as required by Justice Department rules, and is a basic violation of the longstanding effort to make this process at least look fair,” said Margaret Love, who ran the Justice Department’s clemency process from 1990 until 1997 as the United States pardon attorney.

A filing this month revealed that Mr. Tolman was paid $22,500 by an Arizona man named Brian Anderson who had retained him in September to seek clemency for Ross Ulbricht, the Silk Road founder. Mr. Ulbricht was sentenced to life in prison in 2015 for engaging in a continuing criminal enterprise and distributing narcotics on the internet.

The former Trump campaign adviser, Karen Giorno, also had access to people around the president, having run Mr. Trump’s campaign in Florida during the 2016 primary and remaining on board as a senior political adviser during the general election.

Though the name was never publicly disclosed, Mr. Kiriakou was sentenced to 30 months in prison. In the meeting, at the Washington office of his lawyer, Mr. Kiriakou said he had been wronged by the government and was seeking a pardon so he could carry a handgun and receive his pension.

In July 2018, Ms. Giorno signed an agreement with Mr. Kiriakou, a copy of which was obtained by The New York Times, “to seek a full pardon from President Donald Trump of his conviction” for $50,000 and promised another $50,000 as a bonus if she secured a pardon.

the World Health Organization and international health partners have created the "Access to Covid-19 Tools Accelerator" (ACT-Accelerator) to distribute 2 billion doses of a vaccine, as well as 245 million treatments and 500 million tests by the end of 2021.

We need to share our funds, resources and expertise to increase production of lifesaving vaccines and train healthcare workers, while bringing costs down in a way that ensures no country is left behind.

It has so far pledged over half a billion dollars to the initiative, with the bulk of this going to COVAX's Advanced Market Commitment (AMC) to help developing countries access approved vaccines.

the UK has led a match-funding initiative to the COVAX AMC --pledging £1 for every $4 invested up to £250 million -- that successfully incentivized other countries to join in this global effort.

We also know that of the roughly 200 candidate vaccines in development, the vast majority could fail, based on what has been learned from previous vaccine clinical trials

We know from previous efforts that distributing lifesaving treatments can highlight inequality built into the international system -- just recall the experience of antiretroviral therapies for HIV/AIDS in the 1990s. After some wealthier countries did not take the threat seriously enough or make equitable access a priority, an epidemic surged across sub-Saharan Africa, which killed over 2 million adults and children in a single year at its peak.

In an ideal world, the pie would be shared equitably across nations, ensuring that no country is precluded from access to these lifesaving resources. It’s a goal that COVAX, an international alliance established to ensure that all countries have equal access to the vaccine, believes it can achieve if countries are willing to work together.

it has reserved enough manufacturing capacity to produce more than 1 billion doses—a goal which it aims to double by the end of next year. But that production will take time, leaving the alliance with just 700 million doses in advance market commitments in the short term—a sum significantly smaller than the number of doses reserved by many wealthy nations, and far short of its goal of providing enough doses to inoculate at least 20 percent of participating countries’ populations.

According to recent modeling by Northeastern University, proportional distribution of vaccines could avert nearly twice as many deaths as a vaccine distribution limited to only high-income countries.

Further modeling conducted by the Rand Corporation concluded that inequitable vaccine distribution could cost the global economy up to $1.2 trillion in GDP. Conversely, if low- and middle-income countries were granted equal access, according to Rand, the cost to the global economy would be considerably less.

“If rich countries monopolize vaccines at the outset, it will take us a lot longer, and many more people will die, than if we distribute on a global, equitable basis.”

supply-chain attack

According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months.

While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them.

The National Defense Authorization Act, which each year provides the Defense Department and other agencies the authority to perform its work, is caught up in partisan wrangling. Among other important provisions, the act would authorize the Department of Homeland Security to perform network hunting in federal networks.

The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services.

hat should be done?On Dec. 13, the Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security — itself a victim — issued an emergency directive ordering federal civilian agencies to remove SolarWinds software from their networks.

It also is impractical. In 2017, the federal government was ordered to remove from its networks software from a Russian company, Kaspersky Lab, that was deemed too risky. It took over a year to get it off the networks.

The remediation effort alone will be staggering

Cyber threat hunters that are stealthier than the Russians must be unleashed on these networks to look for the hidden, persistent access controls.

The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated

The response must be broader than patching networks. While all indicators point to the Russian government, the United States, and ideally its allies, must publicly and formally attribute responsibility for these hacks. If it is Russia, President Trump must make it clear to Vladimir Putin that these actions are unacceptable. The U.S. military and intelligence community must be placed on increased alert; all elements of national power must be placed on the table.

President Trump is on the verge of leaving behind a federal government, and perhaps a large number of major industries, compromised by the Russian government. He must use whatever leverage he can muster to protect the United States and severely punish the Russians.President-elect Joe Biden must begin his planning to take charge of this crisis. He has to assume that communications about this matter are being read by Russia, and assume that any government data or email could be falsified.