Group items matching

in title, tags, annotations or url

but intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. A Microsoft “heat map” of infections shows that the vast majority — 80 percent — are in the United States, while Russia shows no infections at all.

Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks.

Secretary of State Mike Pompeo has deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the government’s new alert left no doubt the assessment had changed.

“Governments have long spied on each other but there is a growing and critical recognition that there needs to be a clear set of rules that put certain techniques off limits,” Mr. Smith said. “One of the things that needs to be off limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.”

“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies come together into a single place and share what they know.”

The world that emerges from the pandemic will be shaped by an adversarial rivalry that is not just about each side’s relative power, but has become an existential competition as each side strives to demonstrate the superiority of its system of government.

Starting with the Winter Olympics in February and culminating with the 20th Communist Party congress later in the year, China will stage a series of tightly choreographed events designed to project the competence, clout and all-round superiority of party rule, and formalise Mr Xi’s position at its helm beyond the ten-year tenure that has hitherto been the norm.

As the year goes on, the near certainty that, health permitting, Mr Trump will be the Republican presidential candidate in 2024 means America’s political debate will be overshadowed by fears of the biggest constitutional crisis since the civil war.

If the theatre of politics makes Western democracy look dysfunctional relative to Chinese autocracy, 2022 may offer a different verdict on which system delivers the most competent economic management. From tech companies to post-pandemic reopening, China and America are taking starkly divergent approaches to similar challenges

America and the rest of the West will move into a living-with-covid mindset. The disease will not disappear, but become endemic. Booster jabs will become the norm, remaining travel restrictions will be relaxed and lockdowns will become a thing of the past

China, by contrast, will stick with a zero-covid policy throughout 2022. Having terrified its citizens about the disease and touted its toughness as a mark of superiority, China’s government cannot easily change course. The country will remain walled off from the rest of the world with long quarantines and sharply restricted travel.

In both of these cases, China’s draconian approach will eventually cause economic damage.

All this will complicate China’s already challenging macroeconomic environment. China-watchers have worried for years about the consequences of unwinding the country’s enormous property boom and the jaw-dropping levels of debt that accompanied it. The crisis at Evergrande, a huge developer, suggests that this tricky transition is at last under way. It will dominate 2022 as other property-related firms fail. Add to that structural challenges, from a shrinking workforce to a rapidly growing number of old-age dependents, and the economic pressures are considerable. Annual GDP growth could fall to 5%

With covid-19 behind it, its fiscal tightening mostly complete and (assuming some version of Mr Biden’s bill is passed) with a long-overdue effort to improve infrastructure under way, America’s economy could grow smartly, even as its politics frays. GDP growth of 4%, not far off China’s, is plausible.

in theory the two sides could make progress in plenty of areas, such as devising a sensible deal on trade and technology to replace the tariffs of the Trump era; agreeing on a common approach to cyber-security, nuclear non-proliferation or the militarisation of space; or finding ways to accelerate the clean-energy transition in the wake of the COP26 climate meeting in Glasgow.

The good news is that a military confrontation seems unlikely in 2022. The overriding need to preserve stability in the run-up to the party congress will discourage China from adventurism or excessive sabre-rattling, whether around Taiwan or in the South China Sea. The bad news is that the Thucydides Trap will not have gone away.

imilar increases occurred at the same time for girls in Canada for mood disorders and for self-harm. Girls in the U.K. also experienced very large increases in anxiety, depression, and self-harm (with much smaller increases for boys).

Some have argued that these increases reflect nothing more than Gen Z’s increased willingness to disclose their mental-health problems. But researchers have found corresponding increases in measurable behaviors such as suicide (for both sexes), and emergency-department admissions for self-harm (for girls only). From 2010 to 2014, rates of hospital admission for self-harm did not increase at all for women in their early 20s, or for boys or young men, but they doubled for girls ages 10 to 14.

The available evidence suggests that Facebook’s products have probably harmed millions of girls. If public officials want to make that case, it could go like this:

2. The timing points to social media.

National surveys of American high-school students show that only about 63 percent reported using a “social networking site” on a daily basis back in 2010.

But as smartphone ownership increased, access became easier and visits became more frequent. By 2014, 80 percent of high-school students said they used a social-media platform on a daily basis, and 24 percent said that they were online “almost constantly.”

from 2010 to 2014, high-school students moved much more of their lives onto social-media platforms.

Notably, girls became much heavier users of the new visually oriented platforms, primarily Instagram (which by 2013 had more than 100 million users), followed by Snapchat, Pinterest, and Tumblr.

Boys are glued to their screens as well, but they aren’t using social media as much; they spend far more time playing video games. When a boy steps away from the console, he does not spend the next few hours worrying about what other players are saying about him

Instagram, in contrast, can loom in a girl’s mind even when the app is not open, driving hours of obsessive thought, worry, and shame.

3. The victims point to Instagram.

In 2017, British researchers asked 1,500 teens to rate how each of the major social-media platforms affected them on certain well-being measures, including anxiety, loneliness, body image, and sleep. Instagram scored as the most harmful, followed by Snapchat and then Facebook.

Facebook’s own research, leaked by the whistleblower Frances Haugen, has a similar finding: “Teens blame Instagram for increases in the rate of anxiety and depression … This reaction was unprompted and consistent across all groups.” The researchers also noted that “social comparison is worse” on Instagram than on rival apps.

Snapchat’s filters “keep the focus on the face,” whereas Instagram “focuses heavily on the body and lifestyle.

A recent experiment confirmed these observations: Young women were randomly assigned to use Instagram, use Facebook, or play a simple video game for seven minutes. The researchers found that “those who used Instagram, but not Facebook, showed decreased body satisfaction, decreased positive affect, and increased negative affect.”

4. No other suspect is equally plausible.

Correlation does not prove causation, but nobody has yet found an alternative explanation for the massive, sudden, gendered, multinational deterioration of teen mental health during the period in question.

The subset of studies that allow researchers to isolate social media, and Instagram in particular, show a much stronger relationship with poor mental health. The same goes for those that zoom in on girls rather than all teens.

In a 2019 internal essay, Andrew Bosworth, a longtime company executive, wrote:While Facebook may not be nicotine I think it is probably like sugar. Sugar is delicious and for most of us there is a special place for it in our lives. But like all things it benefits from moderation.

Bosworth was proposing what medical researchers call a “dose-response relationship.” Sugar, salt, alcohol, and many other substances that are dangerous in large doses are harmless in small ones.

his framing also implies that any health problems caused by social media result from the user’s lack of self-control. That’s exactly what Bosworth concluded: “Each of us must take responsibility for ourselves.” The dose-response frame also points to cheap solutions that pose no threat to its business model. The company can simply offer more tools to help Instagram and Facebook users limit their consumption.

social-media platforms are not like sugar. They don’t just affect the individuals who overindulge. Rather, when teens went from texting their close friends on flip phones in 2010 to posting carefully curated photographs and awaiting comments and likes by 2014, the change rewired everyone’s social life.

Improvements in technology generally help friends connect, but the move onto social-media platforms also made it easier—indeed, almost obligatory––for users to perform for one another.

Public performance is risky. Private conversation is far more playful. A bad joke or poorly chosen word among friends elicits groans, or perhaps a rebuke and a chance to apologize. Getting repeated feedback in a low-stakes environment is one of the main ways that play builds social skills, physical skills, and the ability to properly judge risk. Play also strengthens friendships.

When girls started spending hours each day on Instagram, they lost many of the benefits of play.

First, Congress should pass legislation compelling Facebook, Instagram, and all other social-media platforms to allow academic researchers access to their data. One such bill is the Platform Transparency and Accountability Act, proposed by the Stanford University researcher Nate Persily.

The wrong photo can lead to school-wide or even national infamy, cyberbullying from strangers, and a permanent scarlet letter

Performative social media also puts girls into a trap: Those who choose not to play the game are cut off from their classmates

Instagram and, more recently, TikTok have become wired into the way teens interact, much as the telephone became essential to past generations.

f those platforms. Without a proper control group, we can’t be certain that the experiment has been a catastrophic failure, but it probably has been. Until someone comes up with a more plausible explanation for what has happened to Gen Z girls, the most prudent course of action for regulators, legislators, and parents is to take steps to mitigate the harm.

(Boys lost less, and may even have gained, when they took up multiplayer fantasy games, especially those that put them into teams.)

Second, Congress should toughen the 1998 Children’s Online Privacy Protection Act. An early version of the legislation proposed 16 as the age at which children should legally be allowed to give away their data and their privacy.

Unfortunately, e-commerce companies lobbied successfully to have the age of “internet adulthood” set instead at 13. Now, more than two decades later, today’s 13-year-olds are not doing well. Federal law is outdated and inadequate. The age should be raised. More power should be given to parents, less to companies.

Third, while Americans wait for lawmakers to act, parents can work with local schools to establish a norm: Delay entry to Instagram and other social platforms until high school.

Right now, families are trapped. I have heard many parents say that they don’t want their children on Instagram, but they allow them to lie about their age and open accounts because, well, that’s what everyone else has done.

In one of the calls, she identified herself as a victim of the Surfside collapse.

One of the Champlain Towers survivors targeted by the scheme had applied for assistance from the Federal Emergency Management Agency. The thieves had changed her address so her payments would be redirected to the Hallandale Beach apartment.

In interviews with senior American and European officials in recent days, there is a consensus on one point: Just as the last two weeks revealed that Russia’s vaunted military faltered in its invasion plan, the next two or three may reveal whether Ukraine can survive as a state, and negotiate an end to the war.

And there is the possibility that Mr. Putin, angered by the slowness of his offensive in Ukraine, may reach for other weapons: chemical, biological, nuclear and cyber.

A French government account of a call to Mr. Putin on Saturday by Mr. Macron and Mr. Scholz termed it “disappointing with Putin’s insincerity: He is determined to continue the war.”

Quietly, the White House and the senior American military leadership have been modeling how they would respond to a series of escalations, including major cyberattacks on American financial institutions and the use of a tactical or “battlefield” nuclear weapon by Mr. Putin to signal to the rest of the world that he would brook no interference as he moves to crush Ukraine.

Even with Ukrainians begging for more offensive weapons and American intervention, Mr. Biden has stuck to his determination that he will not directly engage the forces of a nuclear-armed superpower.

The idea that we’re going to send in offensive equipment,” Mr. Biden said in Philadelphia to the House Democratic Caucus on Friday, “and have planes and tanks and trains going in with American pilots and American crews, just understand — and don’t kid yourself, no matter what you all say — that’s called ‘World War III.’ OK? Let’s get it straight here.”

Mr. Sullivan said that Russia would suffer “severe consequences” if it used chemical weapons, without specifying what those would be.

The fear now is that the war could expand.The more the fighting moves west, the more likely it is that an errant missile lands in NATO territory, or the Russians take down a NATO aircraft.

Despite his military’s logistical problems, Mr. Putin appears intent on intensifying his campaign and laying siege to Kyiv, the capital; Kharkiv, the country’s second-largest city; and other Ukrainian urban centers.

“I think Putin is angry and frustrated right now,” Mr. Burns said. He is likely to “try to grind down the Ukrainian military with no regard for civilian casualties,” he added.

Mr. Putin has demonstrated in past conflicts in Syria and Chechnya a willingness not only to bomb heavily populated areas but also to use civilian casualties as leverage against his enemies. Senior U.S. officials said the coming weeks could see a long, drawn-out fight with thousands of casualties on both sides, as well as among the roughly 1.5 million citizens remaining in the city.

“It will come at a very high price in Russian blood,” said retired Adm. James G. Stavridis, the former supreme allied commander for Europe. That high cost, he added, could cause Mr. Putin to destroy the city with an onslaught of missiles, artillery and bombs — “continuing a swath of war crimes unlike any we have seen in the 21st century.”

Russian forces are still subjecting Mariupol to siege and bombardment, but are close to securing that strategic southern port city and, with it, a land bridge from Crimea in the south to the Donbas region in the east that has been controlled by Russian-backed separatists since 2014.

And if Russia can seize Odessa, a pivotal Black Sea port city, and perhaps the remaining Ukrainian coast to the southeast, it would deprive Ukraine of important access to the sea.

“The most probable endgame, sadly, is a partition of Ukraine,” said Mr. Stavridis, pointing to the outcome of the Balkan wars in the 1990s as a model. “Putin would take the southeast of the country, and the ethnic Russians would gravitate there. The rest of the nation, overwhelmingly Ukrainian, would continue as a sovereign state.”

no evidence from the conversations so far that Mr. Putin has changed course; he remains “intent on destroying Ukraine.”

So far there are none of the procedures in place that American and Russian pilots use over Syria, for example, to prevent accidental conflict. And Mr. Putin has twice issued thinly veiled reminders of his nuclear capabilities, reminding the world that if the conflict does not go his way he has far larger, and far more fearsome, weapons to call into play.

“We will need a new generation of export controls, at least the evolution of the export controls we have, to ensure that these models are not stolen or not used in ways that would violate the country’s export control requirements,”

Smith also argued in the speech, and in a blogpost issued on Thursday, that people needed to be held accountable for any problems caused by AI and he urged lawmakers to ensure that safety brakes be put on AI used to control the electric grid, water supply and other critical infrastructure so that humans remain in control.

He urged use of a “Know Your Customer”-style system for developers of powerful AI models to keep tabs on how their technology is used and to inform the public of what content AI is creating so they can identify faked videos.

Some proposals being considered on Capitol Hill would focus on AI that may put people’s lives or livelihoods at risk, like in medicine and finance. Others are pushing for rules to ensure AI is not used to discriminate or violate civil rights.

We tend to take it for granted, but it is an astonishing novelty in human history. For thousands of years, military expenditure was by far the biggest item on the budget

The decline of war didn’t result from a divine miracle or from a change in the laws of nature. It resulted from humans making better choices. It is arguably the greatest political and moral achievement of modern civilisation.

he fact that it stems from human choice also means that it is reversible.

Technology, economics and culture continue to change. The rise of cyber weapons, AI-driven economies and newly militaristic cultures could result in a new era of war, worse than anything we have seen befor

Maybe the law of the jungle is a choice rather than an inevitability?

a poor choice by just one side can lead to war.

This is why the Russian threat to invade Ukraine should concern every person on Earth

The first and most obvious result of a return to the law of the jungle would be a sharp increase in military spending at the expense of everything else

A return to the jungle would also undermine global co-operation on problems such as preventing catastrophic climate change or regulating disruptive technologies such as artificial intelligence and genetic engineering.

If you believe that historic change is impossible, and that humanity never left the jungle and never will, the only choice left is whether to play the part of predator or prey.

To enjoy peace, we need almost everyone to make good choice

If so, any leader who chooses to conquer a neighbour will get a special place in humanity’s memory, far worse than your run-of-the-mill Tamerlane. He will go down in history as the man who ruined our greatest achievement

perhaps we can learn from the Ukrainians.

They endured two centuries of tsarist autocracy (which finally collapsed amidst the cataclysm of the first world war). A brief attempt at independence was quickly crushed by the Red Army that re-established Russian rule. Ukrainians then lived through the terrible man-made famine of the Holodomor, Stalinist terror, Nazi occupation and decades of soul-crushing Communist dictatorship. When the Soviet Union collapsed, history seemed to guarantee that Ukrainians would again go down the path of brutal tyranny – what else did they know?

Despite history, despite grinding poverty and despite seemingly insurmountable obstacles, Ukrainians established a democracy. In Ukraine, unlike in Russia and Belarus, opposition candidates repeatedly replaced incumbents

Every old thing was once new. It all comes down to human choices

A person familiar with Zatko’s tenure said the company investigated Zatko’s security claims during his time there and concluded they were sensationalistic and without merit. Four people familiar with Twitter’s efforts to fight spam said the company deploys extensive manual and automated tools to both measure the extent of spam across the service and reduce it.

the whistleblower document alleges the company prioritized user growth over reducing spam, though unwanted content made the user experience worse. Executives stood to win individual bonuses of as much as $10 million tied to increases in daily users, the complaint asserts, and nothing explicitly for cutting spam.

Chief executive Parag Agrawal was “lying” when he tweeted in May that the company was “strongly incentivized to detect and remove as much spam as we possibly can,” the complaint alleges.

Zatko described his decision to go public as an extension of his previous work exposing flaws in specific pieces of software and broader systemic failings in cybersecurity. He was hired at Twitter by former CEO Jack Dorsey in late 2020 after a major hack of the company’s systems.

“I felt ethically bound. This is not a light step to take,” said Zatko, who was fired by Agrawal in January. He declined to discuss what happened at Twitter, except to stand by the formal complaint. Under SEC whistleblower rules, he is entitled to legal protection against retaliation, as well as potential monetary rewards.

“Security and privacy have long been top companywide priorities at Twitter,” said Twitter spokeswoman Rebecca Hahn. She said that Zatko’s allegations appeared to be “riddled with inaccuracies” and that Zatko “now appears to be opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders.” Hahn said that Twitter fired Zatko after 15 months “for poor performance and leadership.” Attorneys for Zatko confirmed he was fired but denied it was for performance or leadership.

In 1998, Zatko had testified to Congress that the internet was so fragile that he and others could take it down with a half-hour of concentrated effort. He later served as the head of cyber grants at the Defense Advanced Research Projects Agency, the Pentagon innovation unit that had backed the internet’s invention.

Overall, Zatko wrote in a February analysis for the company attached as an exhibit to the SEC complaint, “Twitter is grossly negligent in several areas of information security. If these problems are not corrected, regulators, media and users of the platform will be shocked when they inevitably learn about Twitter’s severe lack of security basics.”

Zatko’s complaint says strong security should have been much more important to Twitter, which holds vast amounts of sensitive personal data about users. Twitter has the email addresses and phone numbers of many public figures, as well as dissidents who communicate over the service at great personal risk.

This month, an ex-Twitter employee was convicted of using his position at the company to spy on Saudi dissidents and government critics, passing their information to a close aide of Crown Prince Mohammed bin Salman in exchange for cash and gifts.

Zatko’s complaint says he believed the Indian government had forced Twitter to put one of its agents on the payroll, with access to user data at a time of intense protests in the country. The complaint said supporting information for that claim has gone to the National Security Division of the Justice Department and the Senate Select Committee on Intelligence. Another person familiar with the matter agreed that the employee was probably an agent.

“Take a tech platform that collects massive amounts of user data, combine it with what appears to be an incredibly weak security infrastructure and infuse it with foreign state actors with an agenda, and you’ve got a recipe for disaster,” Charles E. Grassley (R-Iowa), the top Republican on the Senate Judiciary Committee,

Many government leaders and other trusted voices use Twitter to spread important messages quickly, so a hijacked account could drive panic or violence. In 2013, a captured Associated Press handle falsely tweeted about explosions at the White House, sending the Dow Jones industrial average briefly plunging more than 140 points.

The complaint — filed last month with the Securities and Exchange Commission and the Department of Justice, as well as the FTC — says thousands of employees still had wide-ranging and poorly tracked internal access to core company software, a situation that for years had led to embarrassing hacks, including the commandeering of accounts held by such high-profile users as Elon Musk and former presidents Barack Obama and Donald Trump.

After a teenager managed to hijack the verified accounts of Obama, then-candidate Joe Biden, Musk and others in 2020, Twitter’s chief executive at the time, Jack Dorsey, asked Zatko to join him, saying that he could help the world by fixing Twitter’s security and improving the public conversation, Zatko asserts in the complaint.

But at Twitter Zatko encountered problems more widespread than he realized and leadership that didn’t act on his concerns, according to the complaint.

Twitter’s difficulties with weak security stretches back more than a decade before Zatko’s arrival at the company in November 2020. In a pair of 2009 incidents, hackers gained administrative control of the social network, allowing them to reset passwords and access user data. In the first, beginning around January of that year, hackers sent tweets from the accounts of high-profile users, including Fox News and Obama.

Several months later, a hacker was able to guess an employee’s administrative password after gaining access to similar passwords in their personal email account. That hacker was able to reset at least one user’s password and obtain private information about any Twitter user.

Twitter continued to suffer high-profile hacks and security violations, including in 2017, when a contract worker briefly took over Trump’s account, and in the 2020 hack, in which a Florida teen tricked Twitter employees and won access to verified accounts. Twitter then said it put additional safeguards in place.

This year, the Justice Department accused Twitter of asking users for their phone numbers in the name of increased security, then using the numbers for marketing. Twitter agreed to pay a $150 million fine for allegedly breaking the 2011 order, which barred the company from making misrepresentations about the security of personal data.

After Zatko joined the company, he found it had made little progress since the 2011 settlement, the complaint says. The complaint alleges that he was able to reduce the backlog of safety cases, including harassment and threats, from 1 million to 200,000, add staff and push to measure results.

But Zatko saw major gaps in what the company was doing to satisfy its obligations to the FTC, according to the complaint. In Zatko’s interpretation, according to the complaint, the 2011 order required Twitter to implement a Software Development Life Cycle program, a standard process for making sure new code is free of dangerous bugs. The complaint alleges that other employees had been telling the board and the FTC that they were making progress in rolling out that program to Twitter’s systems. But Zatko alleges that he discovered that it had been sent to only a tenth of the company’s projects, and even then treated as optional.

“If all of that is true, I don’t think there’s any doubt that there are order violations,” Vladeck, who is now a Georgetown Law professor, said in an interview. “It is possible that the kinds of problems that Twitter faced eleven years ago are still running through the company.”

“Agrawal’s Tweets and Twitter’s previous blog posts misleadingly imply that Twitter employs proactive, sophisticated systems to measure and block spam bots,” the complaint says. “The reality: mostly outdated, unmonitored, simple scripts plus overworked, inefficient, understaffed, and reactive human teams.”

One current and one former employee recalled that incident, when failures at two Twitter data centers drove concerns that the service could have collapsed for an extended period. “I wondered if the company would exist in a few days,” one of them said.

The current and former employees also agreed with the complaint’s assertion that past reports to various privacy regulators were “misleading at best.”

The complaint also alleges that Zatko warned the board early in his tenure that overlapping outages in the company’s data centers could leave it unable to correctly restart its servers. That could have left the service down for months, or even have caused all of its data to be lost. That came close to happening in 2021, when an “impending catastrophic” crisis threatened the platform’s survival before engineers were able to save the day, the complaint says, without providing further details.

As the head of security, Zatko says he also was in charge of a division that investigated users’ complaints about accounts, which meant that he oversaw the removal of some bots, according to the complaint. Spam bots — computer programs that tweet automatically — have long vexed Twitter. Unlike its social media counterparts, Twitter allows users to program bots to be used on its service: For example, the Twitter account @big_ben_clock is programmed to tweet “Bong Bong Bong” every hour in time with Big Ben in London. Twitter also allows people to create accounts without using their real identities, making it harder for the company to distinguish between authentic, duplicate and automated accounts.

In the complaint, Zatko alleges he could not get a straight answer when he sought what he viewed as an important data point: the prevalence of spam and bots across all of Twitter, not just among monetizable users.

Zatko cites a “sensitive source” who said Twitter was afraid to determine that number because it “would harm the image and valuation of the company.” He says the company’s tools for detecting spam are far less robust than implied in various statements.

For example, they said the company implied that it had destroyed all data on users who asked, but the material had spread so widely inside Twitter’s networks, it was impossible to know for sure

The four people familiar with Twitter’s spam and bot efforts said the engineering and integrity teams run software that samples thousands of tweets per day, and 100 accounts are sampled manually.

Some employees charged with executing the fight agreed that they had been short of staff. One said top executives showed “apathy” toward the issue.

Zatko’s complaint likewise depicts leadership dysfunction, starting with the CEO. Dorsey was largely absent during the pandemic, which made it hard for Zatko to get rulings on who should be in charge of what in areas of overlap and easier for rival executives to avoid collaborating, three current and former employees said.

For example, Zatko would encounter disinformation as part of his mandate to handle complaints, according to the complaint. To that end, he commissioned an outside report that found one of the disinformation teams had unfilled positions, yawning language deficiencies, and a lack of technical tools or the engineers to craft them. The authors said Twitter had no effective means of dealing with consistent spreaders of falsehoods.

Dorsey made little effort to integrate Zatko at the company, according to the three employees as well as two others familiar with the process who spoke on the condition of anonymity to describe sensitive dynamics. In 12 months, Zatko could manage only six one-on-one calls, all less than 30 minutes, with his direct boss Dorsey, who also served as CEO of payments company Square, now known as Block, according to the complaint. Zatko allegedly did almost all of the talking, and Dorsey said perhaps 50 words in the entire year to him. “A couple dozen text messages” rounded out their electronic communication, the complaint alleges.

Faced with such inertia, Zatko asserts that he was unable to solve some of the most serious issues, according to the complaint.

Some 30 percent of company laptops blocked automatic software updates carrying security fixes, and thousands of laptops had complete copies of Twitter’s source code, making them a rich target for hackers, it alleges.

A successful hacker takeover of one of those machines would have been able to sabotage the product with relative ease, because the engineers pushed out changes without being forced to test them first in a simulated environment, current and former employees said.

“It’s near-incredible that for something of that scale there would not be a development test environment separate from production and there would not be a more controlled source-code management process,” said Tony Sager, former chief operating officer at the cyberdefense wing of the National Security Agency, the Information Assurance divisio

Sager is currently senior vice president at the nonprofit Center for Internet Security, where he leads a consensus effort to establish best security practices.

The complaint says that about half of Twitter’s roughly 7,000 full-time employees had wide access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked. Three current and former employees agreed that these were issues.

“A best practice is that you should only be authorized to see and access what you need to do your job, and nothing else,” said former U.S. chief information security officer Gregory Touhill. “If half the company has access to and can make configuration changes to the production environment, that exposes the company and its customers to significant risk.”

Another graphic implied a downward trend in the number of people with overly broad access, based on the small subset of people who had access to the highest administrative powers, known internally as “God mode.” That number was in the hundreds. But the number of people with broad access to core systems, which Zatko had called out as a big problem after joining, had actually grown slightly and remained in the thousands.

When Dorsey left in November 2021, a difficult situation worsened under Agrawal, who had been responsible for security decisions as chief technology officer before Zatko’s hiring, the complaint says.

An unnamed executive had prepared a presentation for the new CEO’s first full board meeting, according to the complaint. Zatko’s complaint calls the presentation deeply misleading.

The presentation showed that 92 percent of employee computers had security software installed — without mentioning that those installations determined that a third of the machines were insecure, according to the complaint.

The complaint says Dorsey never encouraged anyone to mislead the board about the shortcomings, but that others deliberately left out bad news.

The presentation included only a subset of serious intrusions or other security incidents, from a total Zatko estimated as one per week, and it said that the uncontrolled internal access to core systems was responsible for just 7 percent of incidents, when Zatko calculated the real proportion as 60 percent.

Zatko stopped the material from being presented at the Dec. 9, 2021 meeting, the complaint said. But over his continued objections, Agrawal let it go to the board’s smaller Risk Committee a week later.

Agrawal didn’t respond to requests for comment. In an email to employees after publication of this article, obtained by The Post, he said that privacy and security continues to be a top priority for the company, and he added that the narrative is “riddled with inconsistences” and “presented without important context.”

On Jan. 4, Zatko reported internally that the Risk Committee meeting might have been fraudulent, which triggered an Audit Committee investigation.

Agarwal fired him two weeks later. But Zatko complied with the company’s request to spell out his concerns in writing, even without access to his work email and documents, according to the complaint.

Since Zatko’s departure, Twitter has plunged further into chaos with Musk’s takeover, which the two parties agreed to in May. The stock price has fallen, many employees have quit, and Agrawal has dismissed executives and frozen big projects.

Zatko said he hoped that by bringing new scrutiny and accountability, he could improve the company from the outside.

“I still believe that this is a tremendous platform, and there is huge value and huge risk, and I hope that looking back at this, the world will be a better place, in part because of this.”

such an alliance will not come together if Netanyahu sticks with his policy of undermining the Palestinian Authority in the West Bank — essentially driving Israel and its seven million Jews into indefinite control of five million Palestinians in Gaza and the West Bank. The pro-American forces in the region and Joe Biden himself cannot and will not be party to that.

three things are totally clear.1. The keystone for winning all three wars is a moderate, effective and legitimate Palestinian Authority that can replace Hamas in Gaza, be an active, credible partner for a two-state solution with Israel and thereby enable Saudi Arabia and other Arab Muslim states to justify normalizing relations with the Jewish state and isolating Iran and its proxies.2. The anti-keystones are Hamas and Netanyahu’s far-right coalition that refuses to do anything to rebuild, let alone expand, the Palestinian Authority’s role.3. Israel and its U.S. backer cannot create a sustainable post-Hamas regional alliance or permanently stabilize Gaza while Benjamin Netanyahu reigns as the prime minister of Israel.

Something similar might be said about “The Maniac,” Benjamín Labatut’s new novel, whose designated Prometheus is the Hungarian-born polymath John von Neumann, a pioneer of A.I. as well as an originator of game theory.

both narratives are grounded in fact, using the lives and ideas of real people as fodder for allegory and attempting to write a new mythology of the modern world.

on Neumann and Oppenheimer were close contemporaries, born a year apart to prosperous, assimilated Jewish families in Budapest and New York. Von Neumann, conversant in theoretical physics, mathematics and analytic philosophy, worked for Oppenheimer at Los Alamos during the Manhattan Project. He spent most of his career at the Institute for Advanced Study, where Oppenheimer served as director after the war.

More than most intellectual bastions, the institute is a house of theory. The Promethean mad scientists of the 19th century were creatures of the laboratory, tinkering away at their infernal machines and homemade monsters. Their 20th-century counterparts were more likely to be found at the chalkboard, scratching out our future in charts, equations and lines of code.

MANIAC. The name was an acronym for “Mathematical Analyzer, Numerical Integrator and Computer,” which doesn’t sound like much of a threat. But von Neumann saw no limit to its potential. “If you tell me precisely what it is a machine cannot do,” he declared, “then I can always make a machine which will do just that.” MANIAC didn’t just represent a powerful new kind of machine, but “a new type of life.”

the intellectual drama of “Oppenheimer” — as distinct from the dramas of his personal life and his political fate — is about how abstraction becomes reality. The atomic bomb may be, for the soldiers and politicians, a powerful strategic tool in war and diplomacy. For the scientists, it’s something else: a proof of concept, a concrete manifestation of quantum theory.

Oppenheimer wasn’t a principal author of that theory. Those scientists, among them Niels Bohr, Erwin Schrödinger and Werner Heisenberg, were characters in Labatut’s previous novel, “When We Cease to Understand the World.” That book provides harrowing illumination of a zone where scientific insight becomes indistinguishable from madness or, perhaps, divine inspiration. The basic truths of the new science seem to explode all common sense: A particle is also a wave; one thing can be in many places at once; “scientific method and its object could no longer be prised apart.”

. Oppenheimer’s designation as Prometheus is precise. He snatched a spark of quantum insight from those divinities and handed it to Harry S. Truman and the U.S. Army Air Forces.

Labatut’s account of von Neumann is, if anything, more unsettling than “Oppenheimer.” We had decades to get used to the specter of nuclear annihilation, and since the end of the Cold War it has been overshadowed by other terrors. A.I., on the other hand, seems newly sprung from science fiction, and especially terrifying because we can’t quite grasp what it will become.

Von Neumann, who died in 1957, did not teach machines to play Go. But when asked “what it would take for a computer, or some other mechanical entity, to begin to think and behave like a human being,” he replied that “it would have to play, like a child.”

More than 200 years after the Shelleys, Prometheus is having another moment, one closer in spirit to Mary’s terrifying ambivalence than to Percy’s fulsome gratitude. As technological optimism curdles in the face of cyber-capitalist villainy, climate disaster and what even some of its proponents warn is the existential threat of A.I., that ancient fire looks less like an ember of divine ingenuity than the start of a conflagration. Prometheus is what we call our capacity for self-destruction.

If Oppenheimer took hold of the sacred fire of atomic power, von Neumann’s theft was bolder and perhaps more insidious: He stole a piece of the human essence. He’s not only a modern Prometheus; he’s a second Frankenstein, creator of an all but human, potentially more than human monster.

“Technological power as such is always an ambivalent achievement,” Labatut’s von Neumann writes toward the end of his life, “and science is neutral all through, providing only means of control applicable to any purpose, and indifferent to all. It is not the particularly perverse destructiveness of one specific invention that creates danger. The danger is intrinsic. For progress there is no cure.”

It tweaked its algorithm to boost authoritative sources in the news feed and turned off recommendations to join groups based around political or social issues. Facebook is reversing some of these steps now, but it cannot make people forget this toolbox exists in the future

Nothing symbolizes this shift as neatly as Facebook’s decision in October (and Twitter’s shortly after) to start banning Holocaust denial. Almost exactly a year earlier, Zuckerberg had proudly tied himself to the First Amendment in a widely publicized “stand for free expression” at Georgetown University.

The evolution continues. Facebook announced earlier this month that it will join platforms such as YouTube and TikTok in removing, not merely labeling or down-ranking, false claims about COVID-19 vaccines.

the pandemic also showed that complete neutrality is impossible. Even though it’s not clear that removing content outright is the best way to correct misperceptions, Facebook and other platforms plainly want to signal that, at least in the current crisis, they don’t want to be seen as feeding people information that might kill them.

As platforms grow more comfortable with their power, they are recognizing that they have options beyond taking posts down or leaving them up. In addition to warning labels, Facebook implemented other “break glass” measures to stem misinformation as the election approached.

Down-ranking, labeling, or deleting content on an internet platform does not address the social or political circumstances that caused it to be posted in the first place

Content moderation comes to every content platform eventually, and platforms are starting to realize this faster than ever.

Platforms don’t deserve praise for belatedly noticing dumpster fires that they helped create and affixing unobtrusive labels to them

Warning labels for misinformation might make some commentators feel a little better, but whether labels actually do much to contain the spread of false information is still unknown.

News reporting suggests that insiders at Facebook knew they could and should do more about misinformation, but higher-ups vetoed their ideas. YouTube barely acted to stem the flood of misinformation about election results on its platform.

When internet platforms announce new policies, assessing whether they can and will enforce them consistently has always been difficult. In essence, the companies are grading their own work. But too often what can be gleaned from the outside suggests that they’re failing.

And if 2020 finally made clear to platforms the need for greater content moderation, it also exposed the inevitable limits of content moderation.

Even before the pandemic, YouTube had begun adjusting its recommendation algorithm to reduce the spread of borderline and harmful content, and is introducing pop-up nudges to encourage user

even the most powerful platform will never be able to fully compensate for the failures of other governing institutions or be able to stop the leader of the free world from constructing an alternative reality when a whole media ecosystem is ready and willing to enable him. As Renée DiResta wrote in The Atlantic last month, “reducing the supply of misinformation doesn’t eliminate the demand.”

Even so, this year’s events showed that nothing is innate, inevitable, or immutable about platforms as they currently exist. The possibilities for what they might become—and what role they will play in society—are limited more by imagination than any fixed technological constraint, and the companies appear more willing to experiment than ever.

First, Israel is facing threats from a set of enemies who combine medieval theocratic worldviews with 21st century weaponry — and are no longer organized as small bands of militiamen, but as modern armies with brigades, battalions, cyber capabilities, long-range rockets, drones and technical support.

my third, deep concern.

But Israel’s war against Hamas in Gaza entails urban, house-to-house fighting that creates thousands of civilian casualties — innocent men, women and children

But President Biden can only sustainably generate the support Israel needs if Israel is ready to engage in some kind of a wartime diplomatic initiative directed at the Palestinians in the West Bank — and hopefully in a post-Hamas Gaza — that indicates Israel will discuss some kind of two-state solutions if Palestinian officials can get their political house unified and in order.

The second danger I see is that the only conceivable way that Israel can generate the legitimacy, resources, time and allies to fight such a difficult war with so many enemies is if it has unwavering partners abroad, led by the United States.

Netanyahu’s message to the world remains, in effect: “Help us defeat Hamas in Gaza, while we work to expand settlements, annex the West Bank and build a Jewish supremacist state there.”

Worse, I am stunned at the degree to which that leader, Prime Minister Benjamin Netanyahu, continues to put the interests of holding on to the support of his far-right base

Israel has the worst leader in its history, maybe in all of Jewish history — who has no will or ability to produce such an initiative.

This kind of chilling exuberance — Israel was built so that such a thing could never happen — explains the homemade sign I saw on a sidewalk while driving through the French Hill Jewish neighborhood of Jerusalem the other day: “It’s either us or them.’’

After being slammed by the public for digitally stabbing his army and intelligence chiefs in the back in the middle of a war, Netanyahu published a new tweet. “I was wrong,” he wrote, adding that “the things I said following the press conference should not have been said, and I apologize for that. I fully support the heads of [Israel’s] security services.”

As a result, there is a conviction in the army that they must demonstrate to the entire neighborhood — to Hezbollah in Lebanon, to the Houthis in Yemen, to the Islamic militias in Iraq to the Hamas and other fighters in the West Bank — that they will stop at nothing to re-establish the security of their borders

it wants to show that no one can out-crazy Israel to drive them from this region — even if the Israeli military has to defy the U.S. and even if they do not have any solid plan for governing Gaza the morning after the war.

“Israel cannot accept such an active threat on its borders. The whole idea of people living side by side in the Middle East was jeopardized by Hamas.”

This conflict is now back to its most biblical and primordial roots. This seems to be a time of eyes for eyes and teeth for teeth. The morning-after policy thinking will have to wait for the mourning after.

So, Netanyahu is saying that seven million Jews are going to indefinitely control the lives of five million Palestinians in the West Bank and Gaza

while offering them no political horizon, nothing, by way of statehood one day on any demilitarized conditions.

Early on the morning of Oct. 29, as the Israeli Army was just moving into Gaza, Netanyahu tweeted and then deleted a social media post in which he blamed Israel’s defense and intelligence establishment for failing to anticipate Hamas’s surprise attack.

The euphoric rampage of Oct. 7 that killed some 1,400 soldiers and civilians has not only hardened Israeli hearts toward the suffering of Gaza civilians. It has also inflicted a deep sense of humiliation and guilt on the Israeli Army and defense establishment, for having failed in their most basic mission of protecting the country’s borders.

the damage was done. How much do you suppose those military leaders trust what Netanyahu will say if the Gaza campaign stalls? What real leader would behave that way at the start of a war of survival?

Netanyahu and his far-right zealots have taken Israel on multiple flights of fancy in the last year: dividing the country and the army over the fraudulent judicial reform, bankrupting its future with massive investments in religious schools that teach no math and in West Bank Jewish settlements that teach no pluralism — while building up Hamas, which would never be a partner for peace, and tearing down the Palestinian Authority, the only possible partner for peace.

“When you go to the front, you are overwhelmed by the power of what we lost.”

The latest flurry of missile tests suggests that ​North Korea’s leader, Kim Jong-un, is both pushing ahead with his program of modernizing his country’s missile forces and trying to jolt the Biden administration out of its diplomatic slumber​ and force Washington to engage with North Korea on Mr. Kim’s terms.

In 2017, North Korea launched three intercontinental ballistic missiles and claimed it was capable of targeting the continental United States with nuclear warheads. Mr. Kim then entered into diplomatic talks with President Donald J. Trump.

In late 2019, Mr. Kim warned that he no longer felt bound by his self-imposed moratorium on nuclear and long-range missile tests.

North Korea’s latest launch came amid reports that its internet service appeared to have been hit by a second wave of outages in as many weeks, possibly caused by a so-called distributed denial-of-service cyberattack.

In Putin’s plan to dismember Ukraine by embracing self-determination for ethnic Russian separatists, he, like Hitler in 1938, is exploiting careless rhetoric that ignores the fact that ethnicities do not tidily coincide with national boundaries.

Lansing, who called Wilson “a phrase-maker par excellence,” warned that “certain phrases” of Wilson’s “have not been thought out.” The “undigested” phrase “self-determination” is “simply loaded with dynamite.” Nevertheless, President Franklin D. Roosevelt and Churchill in their Atlantic Charter of August 1941 affirmed the right of self-determination for all “peoples,” which the United Nations Charter also affirms.

This phrase can be used to sanitize the dismemberment of Ukraine — and some other nations (see above: the Baltics). And perhaps can reduce nations supposedly supporting Ukraine to paralytic dithering about whether sanctions, or which sanctions, are an appropriate response to an aggression wielding a Wilsonian concept.

Much of Putin’s geopolitics consists of doing whatever opposes U.S. policy. Call this the Nelson Rule. Before the Battle of Trafalgar, Lord Nelson, meeting with some of his officers, reportedly picked up a fire poker and said, “It matters not at all in what way I lay this poker on the floor. But if Bonaparte should say it must be placed in this direction, we must instantly insist upon its being laid in some other one.” Regarding the United States, Putin is Nelsonian.

raw power lubricated by audacious lying is Bismarckian. In July 1870, the French ambassador to Prussia asked King William of Prussia for certain assurances, which the king declined to give. Bismarck edited a telegram describing this conversation to make the episode resemble an exchange of insults. Passions boiled in both countries, and France declared war, which Bismarck wanted because he correctly thought war would complete the welding of the German states into a muscular nation.

he raged at the alliance’s eastward expansion. Later, he decried a fictitious “genocide” that he says the West is sponsoring in Ukraine. Mr Putin can’t tell his people that his army is fighting against their Ukrainian brothers and sisters who gained freedom.

He may not invade the NATO countries that were once in the Soviet empire, at least not at first. But, bloated by victory, he will subject them to the cyber attacks and information warfare that fall short of the threshold of conflict.

Even China should see that a man who rampages across frontiers is a threat to the stability it seeks.

Some will say that it is too risky to challenge Mr Putin in these ways—because he has lost touch with reality, or because he will escalate, miscalculate or hug China

After 22 years at the top, even a dictator with an overdeveloped sense of his own destiny has a nose for survival and the ebb and flow of power.

Russia is Europe’s main supplier of gas. It exports metals like nickel and palladium and along with Ukraine it exports wheat. All of that will present problems at a time when the world economy is struggling with inflation and supply-chain glitches.

They will also signal to Mr Putin that the further he pushes in Ukraine, the more likely he is to end up strengthening NATO’s presence on its border—the very opposite of what he intends.

On March 11, YouTube’s parent company Google announced that it would block Russian state-backed media globally, including within Russia. The policy was an expansion of an earlier announcement that these channels would be blocked within the European Union. “Our Community Guidelines prohibit content denying, minimizing or trivializing well-documented violent events, and we remove content about Russia’s invasion in Ukraine that violates this policy,” Google said in a statement. “In line with that, effective immediately, we are also blocking YouTube channels associated with Russian state-funded media, globally.”

That could leave many millions of Russians cut off from independent news and content shared by opposition activists like Navalny’s team. (It would also effectively delete 75 million YouTube users, or some 4% of the platform’s global total—representing a small but still-significant portion of Google’s overall profits.)

Today, YouTube remains the most significant way for tens of millions of ordinary Russians to receive largely uncensored information from the outside world.

Part of the reason for YouTube’s survival amid the crackdown is its popularity, experts say. “YouTube is by far and away the most popular social media platform in Russia,” says Justin Sherman, a non-resident fellow at the Atlantic Council’s cyber statecraft initiative. The platform is even more popular than VK, the Russian-owned answer to Facebook.

Still, Sherman says the situation is volatile, with Russia now more likely than ever before to ban YouTube. For an authoritarian government like Russia’s, “part of the decision to allow a foreign platform in your country is that you get to use it to spread propaganda and disinformation, even if people use it to spread truth and organize against you,” he says. “If you start losing the ability to spread misinformation and propaganda, but people can still use it to spread truth and organize, then all of a sudden, you start wondering why you’re allowing that platform in your country in the first place.” YouTube did not respond to a request for comment.

On the same day as Navalny’s channel posted the video about Matviyenko, elsewhere on YouTube a very different spectacle was playing out. In a video posted to the channel of the Kremlin-funded media outlet RT, (formerly known as Russia Today,) a commentator dismissed evidence of Russian bombings of Ukrainian cities. She blamed “special forces of NATO countries” for allegedly faking images of bombed-out Ukrainian schools, kindergartens and other buildings.

“YouTube has, over the years, been a really important place for spreading Russian propaganda,” Donovan said in an interview with TIME days before YouTube banned Russian state-backed media.

In July 2021, the Russian government passed a law that would require foreign tech companies with more than 500,000 users to open a local office within Russia. (A similar law passed previously in India had been used by the government there to pressure tech companies to take down opposition accounts and posts critical of the government, by threatening employees with arrest.)

The heightened risk to free expression in Russia Experts say that Russia’s ongoing crackdown on social media platforms heralds a significant shift in the shape of the Russian internet—and a potential end to the era where the Kremlin tolerated largely free expression on YouTube in return for access to a tool that allowed it to spread disinformation far and wide.

At some point they will be able to, for example, suggest recipes for novel cyberattacks or biological attacks—all based on publicly available knowledge.

But as models become more sophisticated, this approach may prove insufficient. Some models are beginning to exhibit polymathic behavior: They appear to know more than just what is in their training data and can link concepts across fields, languages, and geographies.

We need to adopt new approaches to AI safety that track the complexity and innovation speed of the core models themselves.

What’s much harder to test for is what’s known as “capability overhang”—meaning not just the model’s current knowledge, but the derived knowledge it could potentially generate on its own.

Red teams have so far shown some promise in predicting models’ capabilities, but upcoming technologies could break our current approach to safety in AI. For one, “recursive self-improvement” is a feature that allows AI systems to collect data and get feedback on their own and incorporate it to update their own parameters, thus enabling the models to train themselves

This could result in, say, an AI that can build complex system applications (e.g., a simple search engine or a new game) from scratch. But, the full scope of the potential new capabilities that could be enabled by recursive self-improvement is not known.

Another example would be “multi-agent systems,” where multiple independent AI systems are able to coordinate with each other to build something new.

This so-called “combinatorial innovation,” where systems are merged to build something new, will be a threat simply because the number of combinations will quickly exceed the capacity of human oversight.

Short of pulling the plug on the computers doing this work, it will likely be very difficult to monitor such technologies once these breakthroughs occur

Current regulatory approaches are based on individual model size and training effort, and are based on passing increasingly rigorous tests, but these techniques will break down as the systems become orders of magnitude more powerful and potentially elusive

AI regulatory approaches will need to evolve to identify and govern the new emergent capabilities and the scaling of those capabilities.

But the AI Act has already fallen behind the frontier of innovation, as open-source AI models—which are largely exempt from the legislation—expand in scope and number

Europe has so far attempted the most ambitious regulatory regime with its AI Act,

both Biden’s order and Europe’s AI Act lack intrinsic mechanisms to rapidly adapt to an AI landscape that will continue to change quickly and often.

a gathering in Palo Alto organized by the Rand Corp. and the Carnegie Endowment for International Peace, where key technical leaders in AI converged on an idea: The best way to solve these problems is to create a new set of testing companies that will be incentivized to out-innovate each other—in short, a robust economy of testing

To check the most powerful AI systems, their testers will also themselves have to be powerful AI systems, precisely trained and refined to excel at the single task of identifying safety concerns and problem areas in the world’s most advanced models.

To be trustworthy and yet agile, these testing companies should be checked and certified by government regulators but developed and funded in the private market, with possible support by philanthropy organizations

The field is moving too quickly and the stakes are too high for exclusive reliance on typical government processes and timeframes.

One way this can unfold is for government regulators to require AI models exceeding a certain level of capability to be evaluated by government-certified private testing companies (from startups to university labs to nonprofit research organizations), with model builders paying for this testing and certification so as to meet safety requirements.

As AI models proliferate, growing demand for testing would create a big enough market. Testing companies could specialize in certifying submitted models across different safety regimes, such as the ability to self-proliferate, create new bio or cyber weapons, or manipulate or deceive their human creators

Much ink has been spilled over presumed threats of AI. Advanced AI systems could end up misaligned with human values and interests, able to cause chaos and catastrophe either deliberately or (often) despite efforts to make them safe. And as they advance, the threats we face today will only expand as new systems learn to self-improve, collaborate and potentially resist human oversight.

If we can bring about an ecosystem of nimble, sophisticated, independent testing companies who continuously develop and improve their skill evaluating AI testing, we can help bring about a future in which society benefits from the incredible power of AI tools while maintaining meaningful safeguards against destructive outcomes.