We might be setting a blog record as Facebook makes our front page for the fourth week in a row. Lest you think I’m resting on my laurels and taking easy swings at low hanging fruit (mixed metaphors for the win!), Facebook’s fall from grace might be the biggest tech story of the decade, and this is happening alongside Intel’s monstrous security flaw, the Equifax breach (remember that one?), and the dismantling of Net Neutrality. And those are just the ones I can recall off the top of my head! I’d love to be writing about other things, but due to its sheer size and global reach, this evolving disaster is something from which we cannot (and must not) look away. The Cambridge Analytica debacle is the gift that keeps on giving, but unfortunately it’s the mother of all white elephants as far as Zuckerberg et al. are concerned, and I’m sure a large helping of “do not want” is being served around the table at Chez Facebook.
It’s like watching a slow-motion derailment
Mark Zuckerberg may be one of the richest technocrats on Earth at the moment, but that didn’t stop Congress from skewering him in a multi-hour, publicly televised congressional hearing. On the whole, I’d say he’s lucky some of the Senators are in their 60’s and 70’s, and clearly did not have a solid grasp of Facebook’s technology, allowing him to sidestep some of the more naive or ill-informed questions. But several, more savvy Senators put him square into a glaring spotlight that he could not dodge: What is Facebook doing to combat hate speech? Is Facebook a Monopoly? Are Cambridge Analytica and Russian “troll farm” Internet Research Agency somehow connected? Was Facebook selectively biased towards left-leaning content? Perhaps most telling was Sen. Durbin’s (D-Ill.) line of questioning: “Would (Zuckerberg) share the name of the hotel he stayed in last night?” to which the CEO responded, “No, I would not choose to do that publicly here.” Audible laughter from the room rang that point home.
Given the attention focused on digital privacy, two US Senators have hitched a new bill to the hype train named the CONSENT (Customer Online Notification for Stopping Edge-provider Network Transgressions) Act which calls for much more strict and well defined consent from consumers, putting the onus on providers to secure a user’s affirmative consent, ie. “opt in” as opposed to the current policy trend of requiring users to “opt out.”
And in case you need any more confirmation that Facebook might not have your best interests at heart, California’s own Senator Kamala Harris zeroed in on what I believe is a key takeaway from this current circus. When asked by Sen. Harris, point-blank, about the decision made at Facebook in 2015 to not notify users that their data had been inappropriately shared with Cambridge Analytica, Zuckerberg admitted, “in retrospect it was a mistake.” This was an important question, as Facebook’s failure to notify users of this breach is probably a direct violation of a deal the internet company reached with the SEC in 2011 that barred the company from making misrepresentations about the privacy or security of consumers’ personal information.
In case you are curious as to whether your information was shared with Cambridge Analytica in the breach mentioned above, you can click this Facebook link for an immediate look at what, if any, of your personal information was shared.
Despite the recent setbacks the Republican-controlled congress suffered in the healthcare reform arena, they managed to pick themselves up off the mat and delivered a solid drubbing in another area of consumer interest: internet privacy. Following a 50-48 Senate vote, the House passed 215-205 a “joint resolution of congressional disapproval” of the rules put in place by the FCC in October of last year to govern how internet service providers would be required to handle the piles of data they collect on your internet usage. Implementation of these rules, set to take effect in December of this year, were intended to make sure ISP’s handled your data with full transparency and clearly visible warnings (no fine text agreements) as well as protecting it via industry standard security. Proponents of the bill contend that the FCC overstepped its authority with rules that would be confusing and costly to enforce, arguing successfully that the FTC would be better suited to protect consumer and business interests in this area.
Why should this be important to me?
It’s important to understand a few things:
- Search engines like Google, Bing and Yahoo have been making money off your search history for years.
- ISP’s have probably been doing the same, but have likely been less forthcoming about it than the above companies.
- Your data, however mundane or irrelevant you believe it to be, is extremely valuable to every industry.
- In most cases, you can opt out of a vendor’s usage of your data, but you have to request it. You are opted in by default with most ISP’s and cellular carriers.
- Very few people in the US have more than two choices in internet service. It is essentially impossible to “switch” to a provider that operates with your best interests in mind.
- There are ways to secure your privacy despite your ISP’s practices, but they are fairly technical, not consumer friendly, and definitely not foolproof.
Have a look at how your senators and representatives voted on this measure. For the record, both California Senators and my House Representative voted “Nay” on this measure, but if your congress-critter’s view on this matter did not match yours, you should probably do something about that. Regardless of where you stand on the privacy issue, you should know that despite the FCC ruling last year, the rules they intended to enact never went into effect, and pending the President’s signature, likely never will, at least via the FCC’s hand as this joint measure also specifically forbids the FCC from attempting something like this again – also unlikely in the near future given the new Chair’s deregulation leanings.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Proving that sometimes our Congress people come by their paychecks honestly, a bi-partisan privacy caucus led by Joe Barton (Rep. TX) sent a list of questions to Google’s CEO Larry Page, asking him point blank about several privacy issues, including whether or not Google would allow the use of facial recognition technology on the device.
Supposedly, Google has maintained from the start that facial recognition would never be implemented without “strong privacy protections in place.” In a Google+ post Friday, they reiterated this position and stated that Google “…won’t be approving any facial recognition Glassware at this time.”
What this means for you:
By default, Android OS-based devices can only install software via Google’s Play store. Software distributed via Play must go through Google’s approval process, much like apps on Apple’s iTunes store, so you can assume that Google will be true to their word and prevent distribution of facial recognition apps simply by not approving them. However, unlike iPhones, many versions of Android allow “sideloading” of apps with a simple settings change. Sideloading in the Android ecosystem is well established – Amazon.com has an app store that requires sideloading to be enabled, and instructions for enabling this capability are easily found on their website and many, many others.
Bottom line: this is yet another Pandora’s box that won’t be closed. Facial recognition is a reality, and portable, undetectable devices capable of performing this function are only a step away from today’s consumer technology. Technology (and scientific progress in general) advances despite legal or cultural ramifications. One could argue that society only advances in light of controversial technologies like Google Glass. We are only beginning to glimpse the potential of an always connected and much less private world. Google Glass is only one step in a long, uphill climb.
A Congressional report authored by California Representative Michael Waxman and Massachusetts Representative Ed Markey publicizes that some United States utility companies are under constant cyberattack. Based upon a survey of 160 utilities, the publication notes that a dozen of the respondents report that they experience “daily, constant or frequent attempted cyber attacks.” Congress and the White House are understandably concerned that hackers could damage the nation’s powergrid, but the utilities say that their security standards are sufficient to protect the systems that keep America’s lights on, and that the attacks suffered by the utilities are no different than the ones that other American businesses and organizations suffer on a regular basis.
What this means for you:
Unless you happen to be a highly placed Security Officer at the North American Electrical Reliability Corporation or a member of the House Energy and Commerce Committee, there’s not much you’ll be able to do personally to prevent cyberterrorists hacking a utility eventually. Many security analysts predict that it’s only a matter of time before a US utility gets hacked, and you may recall a rather hushed-up incident affecting a large Saudi energy company not too long ago.
The real truth of the matter is that most companies, regardless of size, function or even nationality, are being probed and tested on a regular basis. The server that hosts this website experiences dozens (sometimes hundreds) of attacks on a daily basis. Is C2 being targeted specifically? Unlikely, but whether there is specific human intent behind the attacks or not, the fact remains that if (when) one of those automated attacks actually manages to penetrate a weakness, you can bet a human will follow along behind to assess whether the target is worth further hacking, or simply relegated to the growing army of zombified computers that are pointed at more high-value targets. My server doesn’t contain anything important enough to warrant concentrated effort, but you can bet that a compromised utility company server is a high-value target. And when everyone is gunning for you, it can’t dodge bullets forever, no matter how good you think your security is.
Shoppers enjoy online purchasing for a variety of reasons, but the lack of sales tax is probably highest on that list of perks. That may soon change due to a revamped Internet Tax bill re-introduced last week on the Senate floor, and one which could be voted on as early as this week. The “Marketplace Fairness Act“, penned by Sentor Mike Enzi (R., Wyoming), essentially requires any internet business with more than $1M in online sales to collect taxes on the US’s estimated 9600 state and local taxing authorities, something that brick-and-mortar businesses don’t have to do, even if sales come from across state lines (and presumably through channels other than the internet). Opponents of this bill state that this places an unfair burden on smaller internet businesses, as calculating and processing taxes for nearly ten-thousand different localities presents a logistical nightmare with which even large companies struggle. Obviously, brick-and-mortar companies back this bill, especially the big ones – Wal-Mart is a vocal backer, but even online retail giant, Amazon.com has thrown in their support. It may surprise no one that they have a dog in this race – Amazon offers a subscription-based tax-processing service to online retailers.
What this means for you:
If you sell more than $1 million in taxable goods on the internet to customers in the United States, you might need to look at some serious upgrades for your online store in the near future. On top of the huge headache this creates for your website administrator and programmers, this may also complicate your shopping cart process, and your customers may be in for a shock when they discover that their online shopping isn’t paying off like it used to. Opponents say that this bill will throw a wet-blanket on online shopping, and could be a huge damper on the struggling American economy. The bill hasn’t been made law yet – but it may behoove you to find out where your local government representative stands on this issue.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net. Note: image has been digitally altered by Chris Woo.
The controversial CISPA (Cyber Intelligence Sharing and Protection Act) proposal has passed committee review and is heading to the Senate for a vote, despite a clear warning from the Obama administration that it would VETO the proposed law. Unlike the equally controversial SOPA (Stop Online Piracy Act) backed by media companies and defeated through vigorous and coordinated protests from the technology industry, CISPA has divided the technology industry. Many large companies like IBM, AT&T, Oracle and Verizon backing it, while other, equally sizeable companies like Facebook, Microsoft, Google and dozens of activist organizations oppose the bill on the grounds that it doesn’t do enough to protect the privacy of US citizens.
What this means for you:
In case you are confused as to how CISPA might impact you or your business personally, here’s a summation of what the bill proposes: This law would allow telecommunication companies to share data with governmental agencies for the purposes of combatting terrorist or criminal activity, overriding any local laws that would prohibit such sharing. According to supporters, law-abiding citizens should have nothing to worry about, but opponents contend that on top of very weak protections for citizen privacy, there is nothing in the bill that would protect citizens from potential abuse by the various intelligence agencies who could amass an inconceivably comprehensive database from the information gained by CISPA. Regardless of which side of the privacy fight you stand on, it behooves you as a US citizen to be aware of where you stand on this issue, as well as encouraging everyone around you to participate as they can in helping our government come to terms with this problem.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
You might not have realized this, but in 2012, US Copyright Office let an exception to the Digital Millenium Copyright Act (DMCA) expire that suddenly made it illegal to unlock a cellphone you owned, for the purposes of using it with a different carrier. Passed in 1998, the DMCA covers many areas of modern technology, but the exception essentially allowed consumers to unlock phones like the Apple iPhone themselves, as opposed to purchasing a (much more expensive) unlocked phone or asking/paying the carrier to unlock the phone for you after you’ve paid for the phone through a subsidized contract. Though the exception lapsed late last year, the Whitehouse and the FCC have both issued statements urging Congress to legalize unlocking.
What this means for you:
In the US, unlocking your smartphone doesn’t have quite the same value as it does in other parts of the world, primarily because the two largest carriers operate networks that use two different technologies that are not found in any one phone. For example, if you had an AT&T iPhone, you can’t unlock it and move to Verizon, because the actual hardware will only work on GSM networks (Verizon is a CDMA-based network) but you could use it on T-Mobile’s network. The carriers aren’t really interested in seeing the exception renewed, primarily because it narrow’s consumer choice and “locks” unknowning customer with technology that, while simple to crack, is technically illegal to actually do without the carrier’s permission.
The issue rarely surfaces for most consumers anyways, as the carriers offer “free” or heavily discounted phones (with a multi-year contract, of course!) to “new” customers, so most opt to get something shiny and new, versus unlocking their 2-year old phone. The issue here is really more centered around protection of consumer rights and the fact that if you own something, you should be able to do whatever you want with it as long as it isn’t impacting the well-being of others. Unfortunately, the Whitehouse and the FCC can’t do anything about the DMCA or renewing the exception because the Copyright Office is governed by Congress. And we all know how productive they’ve been lately.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
In a House Intelligence committee report released on Monday, Oct 8, 2012, US lawmakers cite security concerns with Chinese electronics manufacturing firms Huawei and ZTE. Though neither could be considered a brand recognizable in the US, both firms manufacture electronics that are used to power telecommunication devices all over the world. Though no overt wrongdoing was detected in the 9-month investigation, the report notes that the firms refused to fully cooperate with the investigation. The Chinese government is known to have a heavy hand in directing operations and even strategy for Chinese businesses, mostly to ensure tight control over national security, so it’s no wonder investigators may have encountered resistance from the companies.
What this means for you:
Independent, industry-led investigations have not found any evidence that equipment utilizing parts manufactured by either company have purposefully included security defects or “backdoors” that may have been mandated by the Chinese government as a possible means to infiltrate other countries’ data networks, though vulnerabilities have been found in older Huawei routers. Similar defects have been found in Cisco routers (an American company) which lends credence that the vulnerabilities were not state-sponsored “backdoors”, but instead a product of ongoing security research and development. The intelligence report seems to be more politically minded as opposed to highlighting a clear and present danger, focusing on “what-if” scenarios given China’s heavy-handed government, and fails to note that Chinese (or any other nationality) hackers don’t need an easy-to-detect backdoor to hack American business interests.