Month: June 2021

Cybersecurity experts have been poring over the transcripts from Wednesday’s news conferences in Geneva to determine whether the U.S.-Russia summit will produce real progress in halting a wave of high-profile ransomware attacks. For most, the answer is: It’s too soon to tell. In the run-up to the meeting between President Joe Biden and Russian President Vladimir Putin, cyberattacks for ransom emanating from Russia emerged as a critical national security issue for the United States. Concern over Russia’s purported role in these attacks grew after ransomware criminals believed to be based in Russia breached the computer networks of Colonial Pipeline — the largest pipeline system for refined oil products in the U.S. — and beef processing giant JBS last month.FILE – A JBS Processing Plant stands dormant after halting operations on June 1, 2021 in Greeley, Colorado. JBS facilities around the globe were impacted by a ransomware attack, forcing many of their facilities to shut down.Biden vowed to confront Putin over ransomware. But while no breakthrough over cybersecurity emerged from the summit, the two leaders agreed to start consultations over the issue.  Cyber consultations  Experts from the two countries will be tasked to work on “specific understandings of what’s off-limits” and to follow up on cyberattacks that originate in either country, Biden said.   What that will entail remains to be seen, but cybersecurity experts say the talks will likely be conducted by working groups composed of low-level officials from across the Biden administration and their Russian counterparts.   Sixteen exemptions The president said he handed Putin a list of 16 sectors such as energy and water services that the U.S. insists are out of bounds to attacks. These were designated as critical infrastructure sectors under a 2013 presidential directive.   “I talked about the proposition that certain critical infrastructure should be off-limits to attack, period — by cyber or any other means,” Biden told reporters.  FILE – A gasoline station posts signage saying that it has run out of unleaded and mid-grade fuel and has a $20 limit on super, following a ransomware attack on Colonial Pipeline, at the pump in Atlanta, May 11, 2021.In addition to energy and water systems, the list includes information technology, health care and public health, and food and agriculture — all of which have been the FILE – John Demers of the National Security Division speaks during a press conference at the Justice Department in Washington, Oct. 7, 2020.John Demers, the outgoing head of the Justice Department’s national security division, said that while the U.S. has in the past asked Russia for information on cybercriminals, it has all but given up on seeking cooperation.    “I think we’ve reached the stage today where there’s very little point in doing so,” Demers said at an event Tuesday sponsored by public sector media company CyberScoop.  Biden said Russia will be judged by its actions.”Of course, the principle is one thing,” the president said. “It has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory.”  U.S. cyber offensive capability  Biden said that while he issued no threats during the roughly three-hour meeting, he made it clear there will be consequences for Russian actions, telling Putin, “If you do that, then we’ll do this.”    In recent years, the U.S. has significantly bolstered its offensive cyber capabilities. The United States Cyber Command is tasked with carrying out cyberspace operations against malicious foreign actors. As part of an offensive cyber operation, Cyber Command can block a target’s internet access, destroy its databases or take down the group’s entire computer network. “I pointed out to him we have significant cyber capability, and he knows it,” Biden said of Putin. “He doesn’t know exactly what it is, but it’s significant.”  In 2018, a U.S. cyber operation reportedly blocked Russian troll farm Internet Research Agency’s internet access. Last year, Cyber Command, along with the National Security Agency, reportedly carried out a cyber operation against hackers working for Iran’s Islamic Revolutionary Guard Corps after they sent threatening emails to U.S. voters to undermine confidence in the November presidential elections.
…

Even as big tech companies such as Amazon limit their sale of facial recognition software to law enforcement, one company has not: Clearview AI, a facial recognition search engine that contains three billion images scraped from the internet.    More than 3,000 U.S. law enforcement agencies employ the software, which uses an advanced algorithm to identify and match faces, the company says.   “The way it works is very similar to Google, but instead of putting in words, you’re putting in photos of faces, and it will find anything publicly available on the internet that looks like that face,” said Hoan Ton-That, chief executive and co-founder of the company.   Police argue that facial recognition software is an important tool in fighting and solving crimes. But its increasing use has raised concerns that there are too few rules in place for when and how police can use it.    Limiting the scope of software Police typically have image search engines at their disposal that pull drivers’ license pictures or other photos among police records.  Clearview AI, in contrast, has gathered billions of images from social media sites and other websites, which internet firms say were obtained by breaking their rules.  Clearview AI’s Ton-That says that the company only pulls publicly available information.   In one case, federal agents were able to identify a man suspected of sexual abuse of a girl using a single image from the “dark web,” an area of the internet only accessible by special software and matching it through Clearview AI.   “He was in the background of someone else’s photo at the gym, in the mirror,” said Ton-That. “They were able to identify where the gym was, identify the person, he ended up doing 35 years in jail and they saved a seven-year-old.”   A tool for law enforcement The software was also instrumental in helping federal as well as state and local law enforcement identify suspects that stormed the U.S. Capitol in January, according to Ton-That.  In one way, Clearview AI, which has created its database from people’s social media accounts and other public parts of the internet, was well suited to help with this massive investigation of people whose mugshots wouldn’t necessarily be in police databases, he said.   Police were able to use Clearview AI, which runs about a second per search, he said, and find matching photos online of some suspects.   “So they were able to quickly identify them, and reduce a lot of false-positives, and also speed up the investigative process,” he said.     What about privacy? When police violence protests swept the U.S. last year, Amazon and other tech firms suspended sales of their facial recognition technology to law enforcement, a suspension they have said is indefinite.   Clearview AI continues to sell to law enforcement, and internet firms such as Facebook, Google and Twitter as well as civil rights advocates are raising the alarm about its power and potential abuse of people’s privacy.   The American Civil Liberties Union (ACLU) has sued the company in Chicago and California.   Kate Ruane, senior legislative counsel for the ACLU, said that facial recognition technology raises the specter of the government “being able to surveil us throughout every single aspect of our lives.”   Federal, state and local governments, she says, “do admit that they use it, but they don’t tell us how, when or how often.”   There needs to be oversight and regulation, she said, but until then, she is calling for a total moratorium on law enforcement use of facial recognition technology.   Legislation & regulation In recent months, congressional leaders have introduced bills that would limit police use of purchased data that was “illegally obtained” via deception or breach of contract.  Clearview’s Ton-That agrees that there needs to be more transparency and even regulation around the technology’s use. But as for banning police use of Clearview?   “Given the success of our technology in solving crimes, especially crimes against children, it would be counterproductive and inappropriate to enact a moratorium or ban of facial recognition or Clearview AI’s product,” he said.   Ton-That has a code of conduct for customers and has built-in prompts in its software to help law enforcement customers prevent the software’s misuse.   Repressive governments’ use of facial recognition tech The ACLU and other civil rights groups are also concerned about the implications of this technology in the hands of repressive governments like China. “Because the implications are terrifying,” said the ACLU’s Kate Ruane, “especially what is going on in China, where it is trying to track citizens across every single aspect of their lives.” Ton-That says his company does not sell its software to foreign governments and is focusing for now on law enforcement in the U.S. “We’ve worked occasionally with some other private entities for investigative purposes, but we’ve decided just to focus on law enforcement,” he said. “It’s the easiest, most explainable and best use case of our technology.” 
…

A wave of brief internet outages hit the websites and apps of dozens of financial institutions, airlines and other companies across the globe Thursday.The Hong Kong Stock Exchange said in a tweet Thursday afternoon Hong Kong time that its site was facing technical issues and that it was investigating. It said in another post 17 minutes later that its websites were back to normal.Internet monitoring websites including ThousandEyes, Downdetector.com and fing.com showed dozens of disruptions, including to U.S.-based airlines.Many of the outages were reported by people in Australia trying to do banking, book flights and access postal services.Australia Post, the country’s postal service, said on Twitter that an “external outage” had impacted a number of its services, and that while most services had come back online, they are continuing to monitor and investigate.Many services were up and running after an hour or so, but the affected companies said they were working overtime to prevent further problems.Banking services were severely disrupted, with Westpac, the Commonwealth, ANZ and St George all down, along with the website of the Reserve Bank of Australia.Services have mostly been restored.Virgin Australia said flights were largely operating as scheduled after it restored access to its website and guest contact center.“Virgin Australia was one of many organizations to experience an outage with the Akamai content delivery system today,” it said. “We are working with them to ensure that necessary measures are taken to prevent these outages from reoccurring.”Akamai counts some of the world’s biggest companies and banks as customers.Calls to Akamai, which is headquartered in Cambridge, Massachusetts, but has global services, went unanswered.The disruptions came just days after many of the world’s top websites went offline briefly due to a problem with software at Fastly, another major web services company. The company blamed the problem on a software bug that was triggered when a customer changed a setting.Brief internet service outages are not uncommon and are only rarely the result of hacking or other mischief. But the outages have underscored how vital a small number of behind-the-scenes companies have become to running the internet. 
…

Facial recognition technology is playing an increasingly important role in helping law enforcement with criminal investigations, police say. But civil rights advocates are raising the alarm about its power and potential abuse of people’s privacy. VOA’s Julie Taboh has more
…

U.S. President Joe Biden’s unexpected decision to name a staunch antitrust advocate to lead the Federal Trade Commission has thrilled supporters of stronger regulation of the tech industry and has prompted predictions of regulatory overreach from representatives of some of the country’s largest internet companies.Lina Khan, 32, a professor at Columbia Law School prior to her nomination, is known for advocating a hard-nosed approach to the regulation of large technology firms like Amazon, Facebook, Google and Apple. She was nominated to fill an open seat on the FTC in March, and on Tuesday she was confirmed in a bipartisan 69-28 vote in the Senate.Shortly afterward, the news that she would be not just a commission member but its leader was announced by Minnesota Democratic Senator Amy Klobuchar at a Senate hearing.Her confirmation may signal an unexpectedly aggressive stance toward big tech firms from a presidential administration that had not seemed to make reining in the giants of Silicon Valley a major priority.Early run-in with big techKhan was born in London to Pakistani immigrant parents. The family moved to the United States when she was 11 and settled in New York City. Khan went to Williams College in Massachusetts, where she edited the school newspaper and completed her thesis on the political theorist Hannah Arendt.Khan’s first run-in with the might of big tech firms came when she was barely out of college and working for the Open Markets Program at the New America Foundation, a left-of-center think tank. The program’s focus was on the anti-competitive behavior of big businesses, such as Google, which happened to be a major financial supporter of the New America Foundation.FILE – This March 19, 2018, photo shows a Google app.In 2017, after the Open Markets Program expressed its approval of the European Union’s decision to slap Google with a $2.7 billion fine for the way it ranked its own shopping services in internet search results, the company’s chief executive reached out to the head of New America to express his displeasure.What happened afterward is disputed by the various parties involved, but within about two months, the Open Markets team was formally separated from the foundation.Going after big tech companiesKhan made a name for herself in the world of antitrust law with a 2017 article in The Yale Law Journal called “Amazon’s Anti-Trust Paradox.” The piece argued that typical antitrust doctrine in the U.S., which considers “consumer welfare” when determining whether a company is engaging in anti-competitive behavior, is inadequate in today’s world. A consumer products giant like Amazon can keep prices low — the biggest determinant of consumer welfare — even as it uses its dominance of a technology platform to disadvantage its competitors.Two years later, Khan followed up with an article in the Columbia Law Review advocating the application of “structural separations” to tech firms. The idea is that a system in which a company operates a platform on which goods and services are sold while simultaneously selling goods and services on that platform creates “a conflict of interest that platforms can exploit to further entrench their dominance, thwart competition and stifle innovation.”A prime example, offered in the paper, was Apple’s decision to block the popular music streaming service Spotify from its app store at the same time that it was trying to roll out a competing service called Apple Music.House reportKhan went on to help lead a major investigation into competition in digital markets by the majority staff of the House Judiciary Committee, which was issued in October of last year. The report included sweeping proposals for the application of antitrust law to the tech industry — including Khan’s favored concept of structural separation — and infuriated advocates for the tech industry.FILE – This combination of photos shows logos for social media platforms Facebook and Twitter.Khan’s participation in the House Judiciary report figured strongly in the negative reaction that news of her appointment as FTC chair generated from the industry. NetChoice, a group that represents giant companies like Google, Facebook, Amazon, Twitter and more, quickly released a statement indicating its dismay with the decision.”Lina Khan’s antitrust activism detracts from the Federal Trade Commission’s reputation as an impartial body that enforces the law in a nondiscriminatory fashion,” said Carl Szabo, the group’s vice president and general counsel.Khan’s work on the House Judiciary report “casts doubt on her ability to fairly and neutrally apply our antitrust laws as they stand today,” Szabo said.Cheers from the leftDuring his campaign for the Democratic presidential nomination, Biden competed against other candidates, like Massachusetts Senator Elizabeth Warren, who specifically called on the government to “break up” large technology firms. During the  campaign, Biden never went as far as Warren, which made the elevation of Khan to lead the FTC all the more surprising.”Lina brings deep knowledge and expertise to this role and will be a fearless champion for consumers,” Warren said in a statement Tuesday. “Giant tech companies like Google, Apple, Facebook and Amazon deserve the growing scrutiny they are facing, and consolidation is choking off competition across American industries. With Chair Khan at the helm, we have a huge opportunity to make big, structural change by reviving antitrust enforcement and fighting monopolies that threaten our economy, our society and our democracy.”Even the New America Foundation — now New America — which separated with Khan and the Open Markets team under questionable circumstances in 2017, applauded her nomination to run the FTC.In a statement Tuesday, Joshua Stager, deputy director of broadband and competition policy at the foundation’s Open Technology Institute, called Khan a “proven thought leader who has helped jolt antitrust enforcement out of stagnant 1970s thinking. After years of sluggish enforcement — particularly in digital markets — the FTC needs a fresh perspective. We look forward to working with Commissioner Khan.”
…

Astronauts from both the U.S. space agency, NASA, and the European Space Agency ((ESA)) left the International Space Station ((ISS)) Wednesday to begin a project to upgrade the floating laboratory’s solar panel power supply system.
 
NASA flight engineer Shane Kimbrough and ESA astronaut Thomas Pesquet worked for several hours to install the first two of six ISS Roll-Out Solar Arrays (iROSAs)) to ultimately upgrade six of the station’s eight power channels.
 
NASA says the current solar arrays are functioning well but were designed for a 15-year service life and are in their 21st year of service. The new solar arrays will be positioned in front of six of the current arrays, increasing the station’s total available power from 160 kilowatts to a maximum of 215 kilowatts.  
 
The electrical boost will be needed to accommodate paying passengers and film crews expected to visit the ISS later this year.
 
Pesquet and Kimbrough will install two more of the new solar arrays Sunday. 
…