The Swiss government has ordered an inquiry into a global encryption company based in Zug following revelations it was owned and controlled for decades by US and German intelligence.
Encryption weaknesses added to products sold by Crypto AG allowed the CIA and its German counterpart, the BND, to eavesdrop on adversaries and allies alike while earning million of dollars from the sales, according the Washington Post and the German public broadcaster ZDF, based on the agencies’ internal histories of the intelligence operation.
“It was the intelligence coup of the century,” the CIA report concluded. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
[…]
The operation, codenamed Thesaurus and then renamed Rubicon in 1980s, demonstrated the overwhelming intelligence value of being able to insert flaws into widely sold communications equipment. The CIA’s success over many years is likely to reinforce current US suspicions of equipment made by the Chinese company Huawei.
Neither China or the Soviet Union bought Crypto encryption devices, suspicious of the company’s origins, but it was sold to more than 100 other countries.
Category: Technology
Chinese Military Accused of Hacking Equifax
Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans.
The 2017 breach affected roughly 145 million people, with the hackers successfully stealing names, Social Security numbers and other personal information stored in the company’s databases.
The Justice Department on Monday blamed China for one of the largest hacks in history.
The four – Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei – are members of the People’s Liberation Army, which is an arm of the Chinese military.
Netflix Allows Users to Disable Autoplay
Thank goodness. This is probably the most life-impacting news of the day.
Netflix is to finally give viewers the option of turning off its autoplay function for previews for its show.
The streaming provider became a source of irritation for many users after viewers would be scrolling through an endless list of titles only to have the shows previews start playing in the background on its homepage.
Netflix introduced the option of being able to disable the autoplay of the next episode in a series since 2014 but this new option will allow watchers to browse through the index of offerings in peace.
Access to Electronic Medical Records
Epic Systems, one of the largest medical records companies, emailed the chief executives of some of the largest hospitals in the U.S. on Wednesday, urging them to oppose proposed regulation designed to make it easier to share medical information.
The email, which was written by Epic CEO Judy Faulkner and addressed to CEOs and presidents of hospital systems, urges recipients to sign a letter alongside Epic that voices disapproval for rules the Department of Health and Human Services proposed in 2019. These rules aim to make it easy for patients to access their health information at no cost, and make it more challenging for companies to block access to that information.
The proposed rules have pit patient advocates against some doctor groups and companies, like Epic. Critics say they don’t have enough provisions to protect patients’ privacy. Epic’s Faulkner has been vocal in her criticism of the rule, which she believes will result in app makers having access to patient data without consent.
On the other side, patient advocates have spoken out in favor of the rules, which aim to make medical records accessible through application programming interfaces (APIs). The rules are also designed to make it easier for hospitals to share patient records with other medical offices or hospitals. That’s been a big challenge for years, and studies have shown that it has a negative impact on patient’s health.
Patient groups have criticized medical record vendors, like Epic and its chief rival Cerner, for failing to do enough to support health data interoperability. Both companies have stressed that they’re doing more to fix the problem, although progress has been slow.
As always… follow the money. Epic and some other EMR companies are notoriously closed systems. The reason is simple. If Epic controls access to the data and the integrations, they can charge for it. This is a revenue stream for them. Of course they do not want to be required to provide APIs unless it is on their terms.
That being said, their concerns about data privacy are valid. The more you expose the underlying data through APIs, the more potential data breaches are possible. This has been a concern with EMR in general. While electronic medical records are convenient and helpful to share complete patient data across multiple medical specialties, they are also subject to hacking and manipulation. But that ship has sailed. We have culturally decided that the rewards outweigh the risks.
Everything depends on the implementation of a law like this. It could be beneficial by offering patients greater visibility and control of their records. It could also be a security nightmare with millions of people’s medical records being leaked for the purposes of extortion, predatory violence, discrimination, and, worst of all, targeted robocalls.
Trolley in Memphis
I was in Memphis for a couple of days this week and noticed a couple of things. I stayed downtown near the convention center on main street. My hotel was about a mile from Beale Street and the entertainment district. I enjoy getting out of the hotel to explore, so I headed down the Beale Street a couple nights for dinner.
Memphis has a trolley that runs down a good length of Main Street from the transit center north of the convention center to a block north of Beale Street. It’s one of those trolleys on rails that is powered by overhead wires. The trolley is just a dollar to ride, but I chose to walk from my hotel to Beale Street twice because I enjoy walking. It also gave me the chance to observe the trolley in action and make a few observations.
- It was weeknights without much going on. Downtown was sparsely populated in the evenings, so I don’t think ridership was reflective of a busy time with a convention or something in town. Still, I only saw one family ride it. It was empty the rest of the time.
- Each trolley was driven by a driver. Plus, there was a guy who say in a Gator. Every time the trolley passed him, he got out and used a tool to shift the tracks. All told, they were paying at least 5 guys to run the system at any given time.
- The trolley did move faster than walking, but with the stops and waiting to board, it was still faster to walk.
- As it happens, the convention center was empty because it is currently undergoing a massive renovation (perhaps something to watch to see if it was worth it before Milwaukee spends money redoing theirs). This caused them to close a block of Main Street and block the tracks.
What that means is that to ride the rail trolley to the end of the route, you had to ride the rail trolley to the end of the block, get off, board a wheeled trolley, and then that trolley would take you around the detour to the other side.
In other words, while the railed trolley might be interesting, the infrastructure and personnel to run it are far more expensive than the wheeled version AND the wheeled version (A.K.A. decorated bus) is far more practical because it can adjust to circumstances on the road.
I wonder how much this system is costing the good taxpayers of Memphis per rider. Someone else can try to look that up.
Man’s DNA Changes After Transplant
The implications for criminal forensic work are fascinating.
A Nevada man discovered his DNA had changed after a bone marrow transplant and had been replaced, in part, by that of his German donor.
Chris Long, from Reno, found that not only had his blood swapped, but his semen was also changed, following his treatment for leukemia.
Long, who works at Washoe County Sheriff’s Department, told The New York Times: ‘I thought that it was pretty incredible that I can disappear and someone else can appear.’
Now his police colleagues are looking into how such changes could affect criminal cases and forensic work.
[…]
Long found that all the DNA in his blood had changed three months after his operation. It was four years later he discovered that parts of his lips and cheeks also contained the DNA of his donor.
The change has made him a chimera, which means he has two sets of DNA.
Only his chest and head hair were not affected, according to all the samples taken.
Busted by the Fitbit
Ha!
NFL correspondent Jane Slater revealed she caught her ex-boyfriend cheating through the FitBit app when his physical activity levels spiked at 4am.
[…]
She said: ‘An Ex Boyfriend once got me a Fitbit for Christmas. I loved it. We synched up, motivated each other… didn’t hate it until he was unaccounted for at 4am and his physical activity levels were spiking on the app.’ater: ‘We synched up, motivated each other… didn’t hate it until he was unaccounted for at 4am and his physical activity levels were spiking on the app’
Slater confirmed that he ex-boyfriend was not ‘enrolled in an Orange Theory class’ that early in the morning
In case there was any confusion as to what Slater was implying, she made sure to further clarify that he was, in fact, not working out.
‘Spoiler alert: he was not enrolled in an Orange Theory class at 4am.’
Hackers Disrupt Nursing Homes
Ouch.
Russian hackers are holding hostage data from a Milwaukee-based company that provides technology services to more than 100 nursing homes across the country after the company couldn’t afford a $14 million ransom demand.
The hack against Virtual Care Provider Inc., which provides internet security and data storage services to nursing homes and acute-care facilities, means that some locations cannot access patient records, use the internet, pay employees or order crucial medications.
Virtual Care Provider Inc. said on its website it was working to restore services after the Nov. 17 attack. In an interview with cybersecurity reporter Brian Krebs, who runs the blog KrebsOnSecurity.com, chief executive Karen Christianson said the ransomware attack has affected 80,000 computers.
Some affected facilities could be forced out of business, and patients’ health is at risk if the data is not accessible, Christianson told Krebs.
“We have employees asking when we’re going to make payroll,” Christianson said. “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”
Twitter Employees Allegedly Recruited by Saudi Arabia
It’s not just social media companies who sell your data. Sometimes, people steal it.
Two former Twitter employees have been charged with spying after they reportedly obtained personal account information for critics of the government of Saudi Arabia.
A complaint unsealed on Wednesday in US district court in San Francisco detailed a coordinated effort by Saudi officials to recruit employees at the social media giant to look up the private data of thousands of Twitter accounts.
One of the former Twitter employees, Ahmad Abouammo, was arrested on Tuesday on charges of spying and falsifying an invoice to obstruct an FBI investigation. He is a US citizen. The other former employee, a Saudi citizen named Ali Alzabarah, was accused of accessing the personal information of more than 6,000 Twitter accounts in 2015 on behalf of Saudi Arabia.
White House Restricted Access to Transcripts of Calls
Hmmm…
The White House has restricted access to transcripts of some of President Donald Trump’s calls with foreign leaders, US media report.
Officials said notes about calls to leaders including Russia’s Vladimir Putin and the Saudi crown prince had not been handled in the usual way.
They say aides severely curtailed who saw them in a bid to stop leaks.
The White House has not so far commented on the claims, which follow the start of an impeachment inquiry.
Democrats launched the inquiry after the transcript of a July phone call revealed that President Trump pushed Ukraine’s President Volodymyr Zelensky to investigate Democratic presidential candidate Joe Biden.
According to officials quoted in various US media outlets, the policy of restricting access to transcripts of some of the president’s calls with foreign leaders began more than a year ago.
Setting aside the current controversy, is this a scandal? One would think that the transcripts and/or recordings of calls between the POTUS and foreign leaders would be highly restricted. Secrecy is critical so that our president can have frank conversations with foreign leaders without either participant worrying about the contents of the conversation being made public.
In this case, due to repeated instances of someone in the U.S. government leaking parts of these conversations to the media, the administration changed the way they secure the information to make it more secure. Isn’t that what we would expect them to do? The move to make the transcripts more secure was in response to actual breaches of security.
Identity Protection
Here’s an interesting and long article about how protesters around the world are finding ways to obscure their identities from the proliferation of face-recognition cameras being used by law enforcement and others. It’s a growing concern even if one is not protesting or breaking the law. We have entered an age of constant surveillance and it’s getting worse.
The use of reflective materials to evade surveillance isn’t just being explored in Hong Kong. In 2016, American artist Scott Urban set up a Kickstarter page to crowdfund his anti-surveillance sunglasses, Reflectacles.The eyewear is made from a material that reflects infrared light, meaning the frames appear as flashes of white light in surveillance footage. Because of the glare, a person could appear anonymous in images and photos, his website claims.Urban said his website has experienced a spike in hits from Hong Kong, as a result of the recent protests.“I’m not trying to hawk a product,” Urban said in a phone interview. “I’m just trying to tell people that when your face becomes your identity, there’s no going back. You’re going to be tracked constantly in any public space.”[…]
Many are worried about the future, when the “one country, two systems” arrangement that allows the city certain freedoms and autonomy expires in 2047.As a 20-year-old student protester — who only gave his surname, Lau — took a break in the shade during a protest on a blazingly hot day, he kept his face mask on, even though no police were around.“We are not prepared to be picked up by the government yet,” he said.
AOC Blocks Twitter Followers
Rules for thee, not for me...
Echoing the latter, Ocasio-Cortez responded to the letter via Twitter, saying that, out of her 5.2 million followers, she only blocks 20 accounts for “ongoing harassment.” None of the users are her constituents, she wrote.
“Harassment is not a viewpoint,” Ocasio-Cortez wrote in the tweet. “Some accounts, like the Daily Caller, posted fake nude photos of me & abused my comments to spread it. No one is entitled to abuse.”
“People are free to speak whatever classist, racist, false, misogynistic, bigoted comments they’d like,” the congresswoman continued in the Twitter thread. “They do not have the right to force others to endure their harassment and abuse.”
WASHINGTON — President Trump has been violating the Constitution by blocking people from following his Twitter account because they criticized or mocked him, a federal appeals court ruled on Tuesday. The ruling could have broader implications for how the First Amendment applies to the social-media era.
For the record, I think the court got it wrong. I agree with AOC and Trump on this one. But the rules are the rules…
New Pro-Abortion Google Rule
It seems to me that a search engine should just find and present the underlying websites based on their content and not seek to interpret, filter, or twist that content on the basis of Google’s own biases.
A new Google policy that was meant to rein in deceptive advertising by “crisis pregnancy centers” has a loophole that is allowing the centers to continue to post misleading ads on the search engine.
Crisis pregnancy centers often seek to aggressively discourage women from getting abortions and have earned the ire of abortion rights groups for often seeming to resemble abortion clinics.
The loophole means only users who are specifically searching under the term “abortion” will be provided information on Google’s website about whether a particular health care clinic does – or does not – offer the procedure to women.
If a user searches under other terms, like “free pregnancy test” or “pregnancy symptoms”, no such information appears under the advertisements for the same clinics. While the difference might seem semantic, there is a worry that it will confuse women who might mistake a crisis pregnancy center for an abortion clinic.
Facebook is Listening
Facebook has become the latest company to admit that human contractors listened to recordings of users without their knowledge, a practice the company now says has been “paused”.
Citing contractors who worked on the project, Bloomberg News reported on Tuesday that the company hired people to listen to audio conversations carried out on Facebook Messenger.
The practice involved users who had opted in Messenger to have their voice chats transcribed, the company said. The contractors were tasked with re-transcribing the conversations in order to gauge the accuracy of the automatic transcription tool.
“Much like Apple and Google, we paused human review of audio more than a week ago,” a Facebook spokesperson told the Guardian.
Massive Data Breach of Capital One
Wow.
The firm said in a statement released on Monday that the breach affected approximately 100 million individuals in the US and 6 million people in Canada.
The statement added that about 140,000 social security numbers and 80,000 linked bank account numbers were compromised in the US.
In Canada, about one million social insurance numbers belonging to Capital One credit card customers were also compromised.
One Small Step
50 years ago, a man step foot on another celestial body for the first time in human existence. It was an amazing accomplishment and one for which we can all be proud. Huzzah, huzzah, huzzah.
Regulating Big Tech
Putting aside the outright lie about Google being impartial (that’s been proven wrong time and time again), the next question is, what do we do about it, if anything?
Karan Bhatia, Google’s policy chief who was at the hearing, denied the claims and said it would be bad for business if users didn’t trust the company to be impartial.
Bhatia also said Google had done all it could to remove offensive content on YouTube but the volume of videos being uploaded makes it difficult to police.
Senator Mazie Hirono, a Democrat from Hawaii, told Bloomberg after the hearing that Section 230 was originally put in place to protect smaller tech companies in the 1990s rather than giants.
[…]
But Rep. James Sensenbrenner, a Wisconsin Republican, said the investigation could easily generate a gratuitous and unhealthy level of government control.
‘Just because a business is big doesn’t mean it’s bad,’ Sensenbrenner said Tuesday. He argued that breaking up big companies could hurt smaller firms around the U.S. and might compound privacy problems.
Apollo 11 Launched 50 Years Ago Today
Time to indulge your inner space geek.
Apollo 11 launched from Cape Kennedy on July 16, 1969, carrying Commander Neil Armstrong, Command Module Pilot Michael Collins and Lunar Module Pilot Edwin “Buzz” Aldrin into an initial Earth-orbit of 114 by 116 miles. An estimated 650 million people watched Armstrong’s televised image and heard his voice describe the event as he took “…one small step for a man, one giant leap for mankind” on July 20, 1969.
Two hours, 44 minutes and one-and-a-half revolutions after launch, the S-IVB stage reignited for a second burn of five minutes, 48 seconds, placing Apollo 11 into a translunar orbit. The command and service module, or CSM, Columbia separated from the stage, which included the spacecraft-lunar module adapter, or SLA, containing the lunar module, or LM, Eagle. After transposition and jettisoning of the SLA panels on the S-IVB stage, the CSM docked with the LM. The S-IVB stage separated and injected into heliocentric orbit four hours, 40 minutes into the flight.
Facebook Fined for Sharing Users’ Data Without Consent
Shocking… the Democrats voted to protect Big Tech.
US regulators have approved a record $5bn (£4bn) fine on Facebook to settle an investigation into data privacy violations, reports in US media say.
The Federal Trade Commission (FTC) has been investigating allegations that political consultancy Cambridge Analytica improperly obtained the data of up to 87 million Facebook users.
[…]
The FTC began investigating Facebook in March 2018, following reports that Cambridge Analytica had accessed the data of tens of millions of its users.
The investigation focused on whether Facebook had violated a 2011 agreement under which it was required to clearly notify users and gain “express consent” to share their data.
Anonymous sources familiar with the matter told The Wall Street Journal on Friday that the $5bn fine was approved by the FTC in a 3-2 vote, which broke along party lines with Republican commissioners in favour and Democrats opposed.
Sources cited in other media also reported the same information.
I’m Listening
This should no longer be news. If you don’t know this already, you haven’t been paying attention.
Google acknowledged its contractors are able to listen to recordings of what people say to the company’s artificial-intelligence system, Google Assistant.
The company admitted on Thursday that humans can access recordings made by the Assistant, after some of its Dutch language recordings were leaked. Google is investigating the breach.
The recordings were obtained by the Belgian public broadcaster VRT, which reviewed more than 1,000 audio clips and found 153 had been captured accidentally.
Google Assistant begins automatically recording audio when prompted by a user, usually by saying a wake-up word or phrase like, “OK, Google”.