|
History > 2013 > USA > Internet (II)
Obama Panel Recommends
New Limits on N.S.A. Spying
December 18, 2013
The New York Times
By DAVID E. SANGER
and CHARLIE SAVAGE
WASHINGTON — A panel of outside advisers urged President Obama
on Wednesday to impose major oversight and some restrictions on the National
Security Agency, arguing that in the past dozen years its powers had been
enhanced at the expense of personal privacy.
The panel recommended changes in the way the agency collects the telephone data
of Americans, spies on foreign leaders and prepares for cyberattacks abroad.
But the most significant recommendation of the panel of five intelligence and
legal experts was that Mr. Obama restructure a program in which the N.S.A.
systematically collects logs of all American phone calls — so-called metadata —
and a small group of agency officials have the power to authorize the search of
an individual’s telephone contacts. Instead, the panel said, the data should
remain in the hands of telecommunications companies or a private consortium, and
a court order should be necessary each time analysts want to access the
information of any individual “for queries and data mining.”
The experts briefed Mr. Obama on Wednesday on their 46 recommendations, and a
senior administration official said Mr. Obama was “open to many” of the changes,
though he has already rejected one that called for separate leaders for the
N.S.A. and its Pentagon cousin, the United States Cyber Command.
If Mr. Obama adopts the majority of the recommendations, it would mark the first
major restrictions on the unilateral powers that the N.S.A. has acquired since
the Sept. 11 terrorist attacks. They would require far more specific approvals
from the courts, far more oversight from the Congress and specific presidential
approval for spying on national leaders, especially allies. The agency would
also have to give up one of its most potent weapons in cyberconflicts: the
ability to insert “back doors” in American hardware or software, a secret way
into them to manipulate computers, or to purchase previously unknown flaws in
software that it can use to conduct cyberattacks.
“We have identified a series of reforms that are designed to safeguard the
privacy and dignity of American citizens, and to promote public trust, while
also allowing the intelligence community to do what must be done to respond to
genuine threats,” says the report, which Mr. Obama commissioned in August in
response to the mounting furor over revelations by Edward J. Snowden, a former
N.S.A. contractor, of the agency’s surveillance practices.
It adds, “Free nations must protect themselves, and nations that protect
themselves must remain free.”
White House officials said they expected significant resistance to some of the
report’s conclusions from the N.S.A. and other intelligence agencies, which have
argued that imposing rules that could slow the search for terror suspects could
pave the way for another attack. But those intelligence leaders were not present
in the Situation Room on Wednesday when Mr. Obama met the authors of the report.
The report’s authors made clear that they were weighing the N.S.A.’s
surveillance requirements against other priorities like constitutional
protections for privacy and economic considerations for American businesses. The
report came just three days after a federal judge in Washington ruled that the
bulk collection of telephone data by the government was “almost Orwellian” and a
day after Silicon Valley executives complained to Mr. Obama that the N.S.A.
programs were undermining American competitiveness in offering cloud services or
selling American-made hardware, which is now viewed as tainted.
The report was praised by privacy advocates in Congress and civil-liberties
groups as a surprisingly aggressive call for reform.
Senator Ron Wyden, an Oregon Democrat who has been an outspoken critic of N.S.A.
surveillance, said it echoed the arguments of the N.S.A.’s skeptics in
significant ways, noting that it flatly declared that the phone-logging program
had not been necessary in stopping terrorist attacks.
“This has been a big week for the cause of intelligence reform,” he said.
Greg Nojeim of the Center for Democracy and Technology called the report
“remarkably strong,” and singled out its call to sharply limit the F.B.I.’s
power to obtain business records about someone through a so-called national
security letter, which does not involve court oversight.
Anthony Romero, the executive director of the American Civil Liberties Union,
while praising the report’s recommendations, questioned “whether the president
will have the courage to implement the changes.”
Members of the advisory group said some of the recommendations were intended to
provide greater public reassurances about privacy protections rather than to
result in any wholesale dismantling of the N.S.A.’s surveillance powers. Richard
A. Clarke, a cyberexpert and former national security official under Presidents
Bill Clinton and George W. Bush, said the report would give “more reason for the
skeptics in the public to believe their civil liberties are being protected.”
Other members included Michael J. Morell, a former deputy director of the
C.I.A.; Cass Sunstein, a Harvard Law School professor who ran the office of
Information and Regulatory Affairs in the Obama White House; Peter Swire, a
privacy law specialist at the Georgia Institute of Technology; and Geoffrey R.
Stone, a constitutional law specialist at the University of Chicago Law School,
where Mr. Obama once taught.
Mr. Obama is expected to take the report to Hawaii on his vacation that starts
this week and announce decisions when he returns in early January. Some of the
report’s proposals could be ordered by Mr. Obama alone, while others would
require legislation from Congress, including changes to how judges are appointed
to the Foreign Intelligence Surveillance Court.
Senator Rand Paul, Republican of Kentucky, said he was skeptical that any
changes passed by Congress would go far enough. “It gives me optimism that it
won’t be completely brushed under the rug,” he said. “However, I’ve been here
long enough to know that in all likelihood when there’s a problem, you get
window dressing.”
The FISA court, which oversees national security surveillance inside the United
States, has been criticized because it hears arguments only from the Justice
Department without adversarial lawyers to raise opposing views, and because
Chief Justice John G. Roberts Jr. has unilateral power to select its members.
Echoing proposals already floated in congressional hearings and elsewhere, the
advisory group backs the view that there should be a “public interest advocate
to represent the interests of privacy and civil liberties” in classified
arguments before the court. It also says the power to select judges for the
surveillance court should be distributed among all the Supreme Court justices.
In backing a restructuring of the N.S.A.’s program that is systematically
collecting and storing logs of all Americans’ phone calls, the advisers went
further than some of the agency’s backers in Congress, who would make only
cosmetic changes to it, but stopped short of calling for the program to be shut
down, as its critics have urged. The N.S.A. uses the telephone data to search
for links between people in an effort to identify hidden associates of terrorism
suspects, but the report says it “was not essential to preventing attacks.”
Currently, the government obtains orders from the surveillance court every 90
days that require all the phone companies to give their customers’ data to the
N.S.A., which commingles the records from every company and stores it for five
years. A small group of analysts may query the database — examining records of
everyone who is linked by up to three degrees of separation from a suspect — if
the analyst has “reasonable, articulable suspicion” that the original person
being examined is linked to terrorism.
Under the new system proposed by the review group, such records would stay in
private hands — either scattered among the phone companies or pooled into some
kind of private consortium. The N.S.A. would need to make the case to the
surveillance court that it has met the standard of suspicion — and get a judge’s
order — every time it wanted to perform such “link analysis.”
“In our view, the current storage by the government of bulk metadata creates
potential risks to public trust, personal privacy, and civil liberty,” the
report said.
The report recommended new privacy protections for the disclosure of personal
information about non-Americans among agencies or to the public. The change
would extend to foreigners essentially the same protections that citizens have
under the Privacy Act of 1974 — a way of assuring foreign countries that their
own citizens, if targeted for surveillance, will enjoy at least some protections
under American law.
It also said the United States should get out of the business of secretly buying
or searching for flaws in common computer programs and using them for mounting
cyberattacks. That technique, using what are called zero-day flaws, so named
because they are used with zero days of warning that the flaw exists, were
crucial to the cyberattacks that the United States and Israel launched on Iran
in an effort to slow its nuclear program. The advisers said that the information
should be turned over to software manufacturers to have the mistakes fixed,
rather than exploited.
Regarding spying on foreign leaders, the report urged that the issue be taken
out the hands of the intelligence agencies and put into the hands of policy
makers.
Jeremy W. Peters contributed reporting.
Obama Panel Recommends New Limits on N.S.A.
Spying, NYT, 18.12.2013,
http://www.nytimes.com/2013/12/19/us/politics/
report-on-nsa-surveillance-tactics.html
After Setbacks,
Online
Courses Are Rethought
December
10, 2013
The New York Times
By TAMAR LEWIN
Two years
after a Stanford professor drew 160,000 students from around the globe to a free
online course on artificial intelligence, starting what was widely viewed as a
revolution in higher education, early results for such large-scale courses are
disappointing, forcing a rethinking of how college instruction can best use the
Internet.
A study of a million users of massive open online courses, known as MOOCs,
released this month by the University of Pennsylvania Graduate School of
Education found that, on average, only about half of those who registered for a
course ever viewed a lecture, and only about 4 percent completed the courses.
Much of the hope — and hype — surrounding MOOCs has focused on the promise of
courses for students in poor countries with little access to higher education.
But a separate survey from the University of Pennsylvania released last month
found that about 80 percent of those taking the university’s MOOCs had already
earned a degree of some kind.
And perhaps the most publicized MOOC experiment, at San Jose State University,
has turned into a flop. It was a partnership announced with great fanfare at a
January news conference featuring Gov. Jerry Brown of California, a strong
backer of online education. San Jose State and Udacity, a Silicon Valley company
co-founded by a Stanford artificial-intelligence professor, Sebastian Thrun,
would work together to offer three low-cost online introductory courses for
college credit.
Mr. Thrun, who had been unhappy with the low completion rates in free MOOCs,
hoped to increase them by hiring online mentors to help students stick with the
classes. And the university, in the heart of Silicon Valley, hoped to show its
leadership in online learning, and to reach more students.
But the pilot classes, of about 100 people each, failed. Despite access to the
Udacity mentors, the online students last spring — including many from a charter
high school in Oakland — did worse than those who took the classes on campus. In
the algebra class, fewer than a quarter of the students — and only 12 percent of
the high school students — earned a passing grade.
The program was suspended in July, and it is unclear when, if or how the program
will resume. Neither the provost nor the president of San Jose State returned
calls, and spokesmen said the university had no comment.
Whatever happens at San Jose, even the loudest critics of MOOCs do not expect
them to fade away. More likely, they will morph into many different shapes:
Already, San Jose State is getting good results using videos from edX, a
nonprofit MOOC venture, to supplement some classroom sessions, and edX is
producing videos to use in some high school Advanced Placement classes. And
Coursera, the largest MOOC company, is experimenting with using its courses,
along with a facilitator, in small discussion classes at some United States
consulates.
Some MOOC pioneers are working with a different model, so-called connectivist
MOOCs, which are more about the connections and communication among students
than about the content delivered by a professor.
“It’s like, ‘The MOOC is dead, long live the MOOC,’ ” said Jonathan Rees, a
Colorado State University-Pueblo professor who has expressed fears that the
online courses would displace professors and be an excuse for cuts in funding.
“At the beginning everybody talked about MOOCs being entirely online, but now
we’re seeing lots of things that fall in the middle, and even I see the appeal
of that.”
The intense publicity about MOOCs has nudged almost every university toward
developing an Internet strategy.
Given that the wave of publicity about MOOCs began with Mr. Thrun’s
artificial-intelligence course, it is fitting that he has become emblematic of a
reset in the thinking about MOOCs, after a profile in Fast Company magazine that
described him as moving away from college classes in favor of vocational
training in partnerships with corporations that would pay a fee.
Many educators saw the move as an admission of defeat for the idea that online
courses would democratize higher education — and confirmation that, at its core,
Udacity, a company funded with venture capital, was more interested in profits
than in helping to educate underserved students.
“Sebastian Thrun put himself out there as a little bit of a lightning rod,” said
George Siemens, a MOOC pioneer who got funding from the Bill & Melinda Gates
Foundation for research on MOOCs, and last week convened the researchers at the
University of Texas at Arlington to discuss their early results. “Whether he
intended it or not, that article marks a substantial turning point in the
conversation around MOOCs.”
The profile quoted Mr. Thrun as saying the Udacity MOOCs were “a lousy product”
and “not a good fit” for disadvantaged students, unleashing a torrent of
commentary in the higher-education blogosphere.
Mr. Thrun took issue with the article, and said he had never concluded that
MOOCs could not work for any particular group of students.
“I care about education for everyone, not just the elite,” he said in an
interview. “We want to bring high-quality education to everyone, and set up
everyone for success. My commitment is unchanged.”
While he said he was “super-excited” about working with corporations to improve
job skills, Mr. Thrun said he was working with San Jose State to revamp the
software so that future students could have more time to work through the
courses.
“To all those people who declared our experiment a failure, you have to
understand how innovation works,” he wrote on his blog. “Few ideas work on the
first try. Iteration is key to innovation. We are seeing significant improvement
in learning outcomes and student engagement. ”
Some draw an analogy to mobile phones, which took several generations to
progress from clunky and unreliable to indispensable.
Mr. Thrun stressed that results from the second round of the San Jose experiment
over the summer were much improved, with the online algebra and statistics
students doing better than their on-campus counterparts. Comparisons are murky,
though, since the summer classes were open to all, and half the students already
had degrees.
Some San Jose professors said they found the MOOC material useful and were
disappointed that the pilot was halted.
“We had great results in the summer, so I’m surprised that it’s not going
forward,” said Julie Sliva, who taught the college algebra course. “I’m still
using the Udacity videos to support another course, because they’re very
helpful.”
Mr. Siemens said what was happening was part of a natural process. “We’re moving
from the hype to the implementation,” he said. “It’s exciting to see
universities saying, ‘Fine, you woke us up,’ and beginning to grapple with how
the Internet can change the university, how it doesn’t have to be all about
teaching 25 people in a room.
“Now that we have the technology to teach 100,000 students online,” he said,
“the next challenge will be scaling creativity, and finding a way that even in a
class of 100,000, adaptive learning can give each student a personal
experience.”
After Setbacks, Online Courses Are Rethought, NYT, 10.12.2013,
http://www.nytimes.com/2013/12/11/us/
after-setbacks-online-courses-are-rethought.html
Internet Firms
Step Up
Efforts to Stop Spying
December 5,
2013
The New York Times
By NICOLE PERLROTH and VINDU GOEL
SAN
FRANCISCO — When Marissa Mayer, Yahoo’s chief executive, recently announced the
company’s biggest security overhaul in more than a decade, she did not exactly
receive a standing ovation.
Ordinary users asked Ms. Mayer why Yahoo was not doing more. Privacy activists
were more blunt. “Even after today’s announcement, Yahoo still lags far behind
Google on web security,” said Christopher Soghoian, a technology analyst at the
American Civil Liberties Union.
For big Internet outfits, it is no longer enough to have a fast-loading
smartphone app or cool messaging service. In the era of Edward J. Snowden and
his revelations of mass government surveillance, companies are competing to show
users how well their data is protected from prying eyes, with billions of
dollars in revenue hanging in the balance.
On Thursday, Microsoft will be the latest technology company to announce plans
to shield its services from outside surveillance. It is in the process of adding
state-of-the-art encryption features to various consumer services and internally
at its data centers.
The announcement follows similar efforts by Google, Mozilla, Twitter, Facebook
and Yahoo in what has effectively become a digital arms race with the National
Security Agency as the companies react to what some have called the “Snowden
Effect.”
While security has long simmered as a concern for users, many companies were
reluctant to employ modern protections, worried that upgrades would slow down
connections and add complexity to their networks.
But the issue boiled over six months ago, when documents leaked by Mr. Snowden
described efforts by the N.S.A. and its intelligence partners to spy on millions
of Internet users. More than half of Americans surveyed say N.S.A. surveillance
has intruded on their personal privacy rights, according to a Washington
Post-ABC News poll conducted in November.
The revelations also shook Internet companies, which have been trying to
reassure customers that they are doing what they can to protect their data from
spying. They have long complied with legal orders to hand over information, but
were alarmed by more recent news that the N.S.A. was also accessing their data
without their knowledge.
“We want to ensure that governments use legal process rather than technological
brute force to obtain customer data — it’s as simple as that,” said Bradford L.
Smith, Microsoft’s general counsel, in an interview.
Mr. Smith said his company would also open “transparency centers” where foreign
governments can inspect the company’s code in an effort to assure them that it
does not plant back doors for spy agencies in its products.
Already, the Snowden revelations threaten to erode the market share of American
technology companies abroad.
In India, government officials are now barred from using email services that
have servers located in the United States. In Brazil, lawmakers are pushing for
laws that would force foreign companies to spend billions redesigning their
systems — and possibly the entire Internet — to keep Brazilian data from leaving
the country.
Forrester Research projected the fallout could cost the so-called cloud
computing industry as much as $180 billion — a quarter of its revenue — by 2016.
“The world is quickly being divided into companies that are secure and companies
that are not,” said Bhaskar Chakravorti, a dean of international business and
finance at the Fletcher School at Tufts University.
One by one, technology companies have been scrambling to plug security holes.
The best defense, security experts say, is using Transport Layer Security, a
type of encryption familiar to many through the “https” and padlock symbol at
the beginning of Web addresses that use the technology. It uses a long sequence
of numbers — a master key — that scrambles sensitive data like passwords, credit
card details, intellectual property and personal information between a user and
a website while in transit.
Banks and other financial sites have used such security for years, and Google
and Twitter along with Microsoft’s email service made it standard long ago.
Facebook adopted https systemwide this year. And Ms. Mayer said Yahoo would
finally allow consumers to encrypt all their Yahoo data in January.
But as many sites move to https, security experts say more advanced security
measures are needed. If a government can crack the master key — or obtain it
through court orders — it could go back and decrypt past communications for
millions of users.
That’s why companies like Google, Mozilla, Facebook and Twitter have added
another layer of protection, called Perfect Forward Secrecy. That technology
adds a second lock to each user’s transmissions, with the key changed
frequently. Microsoft plans to add the encryption method next year, but Yahoo
has not said whether it will add it.
“Perfect Forward Secrecy is a billion different secrets, and it’s not protected
by one central secret,” said Scott Renfro, a Facebook software engineer who
works on the company’s security infrastructure.
So even if an outsider obtained the master key, it would still have to crack the
other keys, over and over again.
“This type of protection should have been engineered into all web systems and
all Internet systems to begin with,” said Jacob Hoffman-Andrews, an engineer at
Twitter.
The technology has existed for two decades, but companies were slow to adopt it
because it added complexity and introduced a delay to Internet transactions,
which can encourage impatient users to flee for faster sites. But many of those
issues were resolved by Google when it applied Perfect Forward Secrecy in 2011,
said Adam Langley, a software engineer at the company. Google shared its
improvements with the broader tech community.
Still, technical solutions can be trumped by law. While https and Perfect
Forward Secrecy protect the data transmission, law enforcement agencies can
still compel companies to hand the data over from their servers, where it is
stored.
So Internet companies are trying to ensure they are at least blocking
unauthorized access by addressing other security issues, including a hole that
leaves users vulnerable at the very beginning of a site visit. When users want
to log into, say, Google’s Gmail, their Internet browser checks the site’s
security certificate to make sure it’s not an impostor.
Some security experts believe that hackers are nearly capable of cracking the
1024-bit encryption keys that protect the certificates. But an industry
standards group is requiring that, starting next year, all new and renewed
certificate keys use 2048-bit encryption, which is far more difficult to break.
Ultimately, however, every security advance is met by new threats. “Attacks
don’t get worse,” Mr. Langley said. “They only get better.”
Internet Firms Step Up Efforts to Stop Spying, NYT, 5.12.2013,
http://www.nytimes.com/2013/12/05/technology/
internet-firms-step-up-efforts-to-stop-spying.html
They
Loved Your G.P.A.
Then
They Saw Your Tweets.
November 9,
2013
The New York Times
By NATASHA SINGER
At Bowdoin
College in Brunswick, Me., admissions officers are still talking about the high
school senior who attended a campus information session last year for
prospective students. Throughout the presentation, she apparently posted
disparaging comments on Twitter about her fellow attendees, repeatedly using a
common expletive.
Perhaps she hadn’t realized that colleges keep track of their social media
mentions.
“It was incredibly unusual and foolish of her to do that,” Scott A. Meiklejohn,
Bowdoin’s dean of admissions and financial aid, told me last week. The college
ultimately denied the student admission, he said, because her academic record
wasn’t competitive. But had her credentials been better, those indiscreet posts
could have scuttled her chances.
“We would have wondered about the judgment of someone who spends their time on
their mobile phone and makes such awful remarks,” Mr. Meiklejohn said.
As certain high school seniors work meticulously this month to finish their
early applications to colleges, some may not realize that comments they casually
make online could negatively affect their prospects. In fact, new research from
Kaplan Test Prep, the service owned by the Washington Post Company, suggests
that online scrutiny of college hopefuls is growing.
Of 381 college admissions officers who answered a Kaplan telephone questionnaire
this year, 31 percent said they had visited an applicant’s Facebook or other
personal social media page to learn more about them — a five-percentage-point
increase from last year. More crucially for those trying to get into college, 30
percent of the admissions officers said they had discovered information online
that had negatively affected an applicant’s prospects.
“Students’ social media and digital footprint can sometimes play a role in the
admissions process,” says Christine Brown, the executive director of K-12 and
college prep programs at Kaplan Test Prep. “It’s something that is becoming more
ubiquitous and less looked down upon.”
In the business realm, employers now vet the online reputations of job
candidates as a matter of course. Given the impulsiveness of typical teenagers,
however — not to mention the already fraught nature of college acceptances and
rejections — the idea that admissions officers would covertly nose around the
social media posts of prospective students seems more chilling.
There is some reason for concern. Ms. Brown says that most colleges don’t have
formal policies about admissions officers supplementing students’ files with
their own online research. If colleges find seemingly troubling material online,
they may not necessarily notify the applicants involved.
“To me, it’s a huge problem,” said Bradley S. Shear, a lawyer specializing in
social media law. For one thing, Mr. Shear told me, colleges might erroneously
identify the account of a person with the same name as a prospective student —
or even mistake an impostor’s account — as belonging to the applicant,
potentially leading to unfair treatment. “Often,” he added, “false and
misleading content online is taken as fact.”
These kinds of concerns prompted me last week to email 20 colleges and
universities — small and large, private and public, East Coast and West Coast —
to ask about their practices. Then I called admissions officials at 10 schools
who agreed to interviews.
Each official told me that it was not routine practice at his or her institution
for admissions officers to use Google searches on applicants or to peruse their
social media posts. Most said their school received so many applications to
review — with essays, recommendations and, often, supplemental portfolios — that
staff members wouldn’t be able to do extra research online. A few also felt that
online investigations might lead to unfair or inconsistent treatment.
“As students’ use of social media is growing, there’s a whole variety of ways
that college admissions officers can use it,” Beth A. Wiser, the director of
admissions at the University of Vermont, told me. “We have chosen to not use it
as part of the process in making admissions decisions.”
Other admissions officials said they did not formally prohibit the practice. In
fact, they said, admissions officers did look at online material about
applicants on an ad hoc basis. Sometimes prospective students themselves ask an
admissions office to look at blogs or videos they have posted; on other
occasions, an admissions official might look up an obscure award or event
mentioned by an applicant, for purposes of elucidation.
“Last year, we watched some animation videos and we followed media stories about
an applicant who was involved in a political cause,” says Will Hummel, an
admissions officer at Pomona College in Claremont, Calif. But those were rare
instances, he says, and the supplemental material didn’t significantly affect
the students’ admissions prospects.
Admissions officials also said they had occasionally rejected applicants, or
revoked their acceptances, because of online materials. Often, these officials
said, a college may learn about a potential problem from an outside source, such
as a high school counselor or a graduate, prompting it to look into the matter.
Last year, an undergraduate at Pitzer College in Claremont, Calif., who had
befriended a prospective student on Facebook, notified the admissions office
because he noticed that the applicant had posted offensive comments about one of
his high school teachers.
“We thought, this is not the kind of person we want in our community,” Angel B.
Perez, Pitzer’s dean of admission and financial aid, told me. With about 4,200
applications annually for a first-year class of 250 students, the school can
afford to be selective. “We didn’t admit the student,” Mr. Perez said.
But colleges vary in their transparency. While Pitzer doesn’t contact students
if their social media activities precluded admission to the school, Colgate
University does notify students if they are eliminated from the applicant pool
for any reason other than being uncompetitive candidates.
“We should be transparent with applicants,” says Gary L. Ross, Colgate’s dean of
admission. He once called a student, to whom Colgate had already offered
acceptance, to check whether an alcohol-related incident that was reported
online was indeed true. (It was, and Colgate rescinded the offer of admission.)
“We will always ask if there is something we didn’t understand,” Mr. Ross said.
In an effort to help high school students avoid self-sabotage online, guidance
counselors are tutoring them in scrubbing their digital identities. At Brookline
High School in Massachusetts, juniors are taught to delete alcohol-related posts
or photographs and to create socially acceptable email addresses. One junior’s
original email address was “bleedingjesus,” said Lenny Libenzon, the school’s
guidance department chairman. That changed.
“They imagine admissions officers are old professors,” he said. “But we tell
them a lot of admissions officers are very young and technology-savvy.”
Likewise, high school students seem to be growing more shrewd, changing their
searchable names on Facebook or untagging themselves in pictures to obscure
their digital footprints during the college admission process.
“We know that some students maintain two Facebook accounts,” says Wes K.
Waggoner, the dean of undergraduate admission at Southern Methodist University
in Dallas.
For their part, high school seniors say that sanitizing social media accounts
doesn’t seem qualitatively different than the efforts they already make to
present the most appealing versions of themselves to colleges. While Megan Heck,
17, a senior at East Lansing High School in Michigan, told me that she was not
amending any of her posts as she applied early to colleges this month, many of
her peers around the country were.
“If you’ve got stuff online you don’t want colleges to see,” Ms. Heck said,
“deleting it is kind of like joining two more clubs senior year to list on your
application to try to make you seem more like the person they want at their
schools.”
They Loved Your G.P.A. Then They Saw Your Tweets., NYT, 9.10.2013,
http://www.nytimes.com/2013/11/10/business/
they-loved-your-gpa-then-they-saw-your-tweets.html
Angry Over U.S. Surveillance,
Tech
Giants Bolster Defenses
October 31,
2013
The New York Times
By CLAIRE CAIN MILLER
SAN
FRANCISCO — Google has spent months and millions of dollars encrypting email,
search queries and other information flowing among its data centers worldwide.
Facebook’s chief executive said at a conference this fall that the government
“blew it.” And though it has not been announced publicly, Twitter plans to set
up new types of encryption to protect messages from snoops.
It is all reaction to reports of how far the government has gone in spying on
Internet users, sneaking around tech companies to tap into their systems without
their knowledge or cooperation.
What began as a public relations predicament for America’s technology companies
has evolved into a moral and business crisis that threatens the foundation of
their businesses, which rests on consumers and companies trusting them with
their digital lives.
So they are pushing back in various ways — from cosmetic tactics like publishing
the numbers of government requests they receive to political ones including
tense conversations with officials behind closed doors. And companies are
building technical fortresses intended to make the private information in which
they trade inaccessible to the government and other suspected spies.
Yet even as they take measures against government collection of personal
information, their business models rely on collecting that same data, largely to
sell personalized ads. So no matter the steps they take, as long as they remain
ad companies, they will be gathering a trove of information that will prove
tempting to law enforcement and spies.
When reports of surveillance by the National Security Agency surfaced in June,
the companies were frustrated at the exposure of their cooperation with the
government in complying with lawful requests for the data of foreign users, and
they scrambled to explain to customers that they had no choice but to obey the
requests.
But as details of the scope of spying emerge, frustration has turned to outrage,
and cooperation has turned to war.
The industry has learned that it knew of only a fraction of the spying, and it
is grappling with the risks of being viewed as an enabler of surveillance of
foreigners and American citizens.
Lawmakers in Brazil, for instance, are considering legislation requiring online
services to store the data of local users in the country. European lawmakers
last week proposed a measure to require American Internet companies to receive
permission from European officials before complying with lawful government
requests for data.
“The companies, some more than others, are taking steps to make sure that
surveillance without their consent is difficult,” said Christopher Soghoian, a
senior analyst at the American Civil Liberties Union. “But what they can’t do is
design services that truly keep the government out because of their ad-supported
business model, and they’re not willing to give up that business model.”
Even before June, Google executives worried about infiltration of their
networks. The Washington Post reported on Wednesday that the N.S.A. was tapping
into the links between data centers, the beating heart of tech companies housing
user information, confirming that their suspicions were not just paranoia.
In response, David Drummond, Google’s chief legal officer, issued a statement
that went further than any tech company had publicly gone in condemning
government spying. “We have long been concerned about the possibility of this
kind of snooping,” he said. “We are outraged at the lengths to which the
government seems to have gone.”
A tech industry executive who spoke only on the condition of anonymity because
of the sensitivities around the surveillance, said, “Just based on the
revelations yesterday, it’s outright theft,” adding, “These are discussions the
tech companies are not even aware of, and we find out from a newspaper.”
Though tech companies encrypt much of the data that travels between their
servers and users’ computers, they do not generally encrypt their internal data
because they believe it is safe and because encryption is expensive and
time-consuming and slows down a network.
But Google decided those risks were worth it. And this summer, as it grew more
suspicious, it sped up a project to encrypt internal systems. Google is also
building many of its own fiber-optic lines through which the data flows; if it
controls them, they are harder for outsiders to tap.
Tech companies’ security teams often feel as if they are playing a game of
Whac-a-Mole with intruders like the government, trying to stay one step ahead.
Google, for instance, changes its security keys, which unlock encrypted digital
data so it is readable, every few weeks. Google, Facebook and Yahoo have said
they are increasing the length of these keys to make them more difficult to
crack.
Facebook also said it was adding the encryption method of so-called perfect
forward secrecy, which Google did in 2011. This means that even if someone gets
access to a secret key, that person cannot decrypt past messages and traffic.
“A lot of the things everybody knew they should do but just weren’t getting
around to are now a much higher priority,” said Paul Kocher, president and chief
scientist of Cryptography Research, which makes security technologies.
Facebook said in July that it had turned on secure browsing by default, and
Yahoo said last month that it would do the same for Yahoo Mail early next year.
And Twitter is developing a variety of new security measures, including
encrypting private direct messages, according to a person briefed on the
measures.
Many tech companies have made public information about the number of government
requests for user data they receive, and sued to ask for permission to publish
more of this data. On Thursday, Google, Microsoft, Facebook, Yahoo, Apple and
AOL reiterated these points in a letter to members of Congress.
But publishing the numbers of requests the companies receive has less meaning
now that reports show the government sees company data without submitting a
legal request.
A sense of betrayal runs through the increasingly frequent conversations between
tech company lawyers and lawmakers and law enforcement in Washington, and in
private conversations among engineers at the companies and increasingly
outspoken public statements by executives.
Mr. Drummond and Larry Page, Google’s co-founder and chief executive, have said
privately that they thought the government betrayed them when the N.S.A. leaks
began, by failing to explain the tech companies’ role to the public or the
extent of its spying to the tech companies, according to three people briefed on
these conversations. When President Obama invited tech chief executives to
discuss surveillance in August, Mr. Page did not go and sent a lower-level
employee instead.
Mark Zuckerberg, Facebook’s chief executive, sarcastically discussed
surveillance at the TechCrunch Disrupt conference in September.
“The government blew it,” he said. “The government’s comment was, ‘Oh, don’t
worry, basically we’re not spying on any Americans.’ Right, and it’s like, ‘Oh,
wonderful, yeah, it’s like that’s really helpful to companies that are really
trying to serve people around the world and really going to inspire confidence
in American Internet companies.’ ”
Angry Over U.S. Surveillance, Tech Giants Bolster Defenses, NYT, 31.10.2013,
http://www.nytimes.com/2013/11/01/technology/
angry-over-us-surveillance-tech-giants-bolster-defenses.html
Ahead of I.P.O.,
Twitter
Alters Feed to Add Images
October 29,
2013
The New York Times
By VINDU GOEL
SAN
FRANCISCO — Twitter has gone visual.
The social network, which has been built around 140-character snippets of text
since its founding in 2006, has added photo and video previews to the feed of
items that users see when they log onto the service from the Web or mobile
applications. In the past, Twitter users had to click on a link to see a photo
or video.
The change, which helps Twitter catch up to recent moves by rivals like Facebook
to showcase photos and videos more prominently, could help increase the use of
Twitter as the company prepares to sell stock to the public for the first time
in an offering expected to occur next week.
The addition could also help the company sell more ads with visual elements.
Robert Peck, an Internet analyst with SunTrust Robinson Humphrey, said that the
adjustment to Twitter’s look addressed a concern he had heard from potential
buyers of Twitter’s stock. “It was all text, for the most part. There was no
multimedia,” he said. “People thought Twitter was behind.”
Twitter has traditionally resisted tinkering with its message feed, which it
calls the timeline, because it has wanted to keep its display of tweets as
streamlined as possible.
The turn toward the visual is the biggest change to Twitter’s interface since it
was overhauled in 2011, although the company has recently introduced other
changes, including a blue line that groups related messages so that users can
more easily follow a conversation.
With Tuesday’s change, tweets will still show up in chronological order, with
the most recent first. But the tweets that contain photos uploaded to Twitter or
six-second videos from Vine, a video-creation service owned by Twitter, will
automatically preview those images.
“Starting today, timelines on Twitter will be more visual and more engaging:
previews of Twitter photos and videos from Vine will be front and center in
tweets,” Michael Sippey, Twitter’s vice president for product, wrote in a blog
post on Tuesday. “To see more of the photo or play the video, just tap.”
If users embrace the change, Twitter could also add automatic previews of other
types of links, like articles and web pages or images and videos from outside
sites like Google’s YouTube.
That technology is already used to preview a variety of sites on Twitter’s
Discover tab, a little-used feature of the service that is meant to help users
find new content they might like based on the users they follow and topics in
which they have expressed interest.
The company is also experimenting with ways to highlight other types of
messages, like those about television shows, although no other changes have yet
been released to all users.
Although a more visual feed does not directly affect advertisers on Twitter, it
does improve the company’s position in the battle for mobile ad dollars.
Instagram, the photo-sharing service owned by Facebook, just began selling
visual ads on its service from brands like Adidas and Lexus that are sprinkled
into the flow of messages that users see.
Twitter’s principal form of advertising, known as a sponsored tweet, also
appears in the stream of messages from users, and advertisers can post sponsored
tweets with images in them.
Industry research shows that users are far more likely to click on an ad with a
photo in it. Since Twitter is paid by the advertiser only when a user interacts
with an ad, more responses to or sharing of image-based ads would most likely
lead to an increase in revenue. Some on Wall Street have expressed worries about
the company’s slowing growth ahead of its initial public offering of stock.
In the third quarter, Twitter had 232 million users who checked the service at
least once a month, up just 6.4 percent from the previous quarter and an
increase of 39 percent from the previous year. That is far less than the
double-digit quarterly growth rates that Facebook posted when it was the same
size as Twitter.
Clark Fredricksen, a vice president at the digital research firm eMarketer, said
that Twitter’s decision to make its feed more visually attractive makes sense on
multiple levels and helps it compete with the image and video-friendly services
of competitors like Instagram, Snapchat and Facebook.
“This move may help Twitter more deeply engage users, which is vital for its
long-term growth,” he said in an email. “At the very least it allows users to
perform some of the same actions that helped Twitter’s competitors grow
quickly.”
Ahead of I.P.O., Twitter Alters Feed to Add Images, NYT, 29.10.2013,
http://www.nytimes.com/2013/10/30/technology/
ahead-of-ipo-twitter-adds-photo-and-video-previews-to-timelines.html
Why the Government
Never
Gets Tech Right
October 24,
2013
The New York Times
By CLAY JOHNSON and HARPER REED
MILLIONS of
Americans negotiating America’s health care system know all too well what the
waiting room of a doctor’s office looks like. Now, thanks to HealthCare.gov,
they know what a “virtual waiting room” looks like, too. Nearly 20 million
Americans, in fact, have visited the Web site since it opened three weeks ago,
but only about 500,000 managed to complete applications for insurance coverage.
And an even smaller subset of those applicants actually obtained coverage.
For the first time in history, a president has had to stand in the Rose Garden
to apologize for a broken Web site. But HealthCare.gov is only the latest
episode in a string of information technology debacles by the federal
government. Indeed, according to the research firm the Standish Group, 94
percent of large federal information technology projects over the past 10 years
were unsuccessful — more than half were delayed, over budget, or didn’t meet
user expectations, and 41.4 percent failed completely.
For example, Sam.gov, a system for government contractors developed by I.B.M.
that started in 2012, has cost taxpayers $181 million and is just now beginning
to work as expected. Before that, a new version of USAJobs.gov landed with a
thud, after years during which millions were spent. In 2001, the F.B.I. started
a virtual case file system, and after dumping the project, renaming it, and
finding new vendors to build it, the project, “Sentinel,” managed to see the
light of day just last year.
Clearly, these failures — though they are not as well known to the public —
extend far beyond Barack Obama’s presidency. But this latest stings more than
the others. Perhaps that’s because it comes from a president who is seen as a
transformational figure, who has had to watch his signature achievement be held
hostage by that most banal of captors: a clunky computer system.
So why is it that the technology available to Mr. Obama as president doesn’t
compare to the technology he used to win an election? Much of the problem has to
do with the way the government buys things. The government has to follow a code
called the Federal Acquisition Regulation, which is more than 1,800 pages of
legalese that all but ensure that the companies that win government contracts,
like the ones put out to build HealthCare.gov, are those that can navigate the
regulations best, but not necessarily do the best job. That’s evidenced by
yesterday’s Congressional testimony by the largest of the vendors, CGI Federal,
which blamed everyone but itself when asked to explain the botched rollout of
the new Web site.
But maybe there’s hope. In 2004, campaign contracting was a lot like government
contracting is today: full of large, entrenched vendors providing subpar
services. Howard Dean changed that by reaching out to a new breed of
Internet-savvy companies and staffers (including one of us). In 2012, Barack
Obama beat Mitt Romney thanks in part to a mix of private-sector-trained
technology workers and a well-developed ecosystem of technologies available from
competitive consultants.
This latest failure is frustrating for us to watch. Our careers have largely
been about developing technology that allows more people to participate in the
way we finance, support and elect candidates for public office. Together, we’ve
done things that transformed elections, but we now need that work to carry into
transforming government.
Government should be as participatory and as interactive with its citizens as
our political process is. A digital candidate will never be able to become a
digital president if he can’t bring the innovation that helped him win election
into the Oval Office to help him govern.
HealthCare.gov needs to be fixed. We believe that in a few days it will be. As
Mr. Obama said last week after the government shutdown ended, “There’s no good
reason why we can’t govern responsibly, despite our differences, without
lurching from manufactured crisis to manufactured crisis.” There’s no good
reason we can’t code responsibly, either. We must find a fix to the federal
procurement process that spares the government’s technology projects from the
self-inflicted wounds of signing big contracts whose terms repeatedly and
spectacularly go unmet.
The good news is that these problems are not unique to the United States
government, and others already have solutions. In 2011, the British government
formed a new unit of its Cabinet Office called the Government Digital Service.
It’s a team of internal technologists whose job it is to either build the right
technology, or find the right vendors for every need across the government. It
gives the government a technical brain. It has saved the country millions, and
improved the way the government delivers services online.
The United States has taken a step in this direction. Last year, the
government’s chief technology officer, Todd Park, started the Presidential
Innovation Fellows program and brought together innovators from across the
country to work on hard technical problems inside of government. But we need to
create our own Government Digital Service.
The president should use the power of the White House to end all large
information technology purchases, and instead give his administration’s
accomplished technologists the ability to work with agencies to make the right
decisions, increase adoption of modern, incremental software development
practices, like a popular one called Agile, already used in the private sector,
and work with the Small Business Administration and the General Services
Administration to make it easy for small businesses to contract with the
government.
Large federal information technology purchases have to end. Any methodology with
a 94 percent chance of failure or delay, which costs taxpayers billions of
dollars, doesn’t belong in a 21st-century government.
Clay Johnson, a former Presidential Innovation Fellow and lead programmer for
Howard Dean’s 2004 campaign, is the chief executive officer of the Department of
Better Technology, a nonprofit that develops technology for governments. Harper
Reed is the former chief technology officer of Obama for America.
Why the Government Never Gets Tech Right, NYT, 24.10.2013
http://www.nytimes.com/2013/10/25/opinion/
getting-to-the-bottom-of-healthcaregovs-flop.html
Google Stock Tops $1,000,
Highlighting a Tech Divide
October 18,
2013
The New York Times
By QUENTIN HARDY
SAN
FRANCISCO — Google has done something few companies ever do in the stock market:
it has joined the $1,000 club.
On Friday, Google’s share price jumped above that price for the first time,
another milestone in its remarkable ascent from $85 in its public offering in
2004.
On one level, $1,000 is just a number. But on another, it is a reminder of the
new order that has taken hold in the technology world in just a few short years
— and how far apart the winners are from the losers.
Google closed up 14 percent on Friday, at $1,011.41, after a
better-than-expected earnings release late Thursday. The jump brought its gain
since its initial offering to roughly 1,100 percent. During the same period, the
shares of Amazon.com rose 830 percent. Samsung, which makes smartphones as well
as the chips that go into many other manufacturers’ devices, rose 760 percent.
And Apple leapt a staggering 3,300 percent.
By comparison, the overall Nasdaq composite rose 120 percent, while Microsoft —
10 years ago the most feared giant in technology — gained just 28 percent.
“Companies away from Google and Apple and a few others increasingly have trouble
communicating a value proposition” to shareholders, said Martin Reynolds, an
analyst with Gartner. “Only a few big companies are starting to matter.”
These new leaders have focused on Web-based businesses. While the big money in
technology used to be in selling to businesses, today’s leaders are oriented
toward consumers.
Friday’s gain made Google, already one of the world’s most valuable companies,
one of the few in which buying a single share costs more than $1,000. Others
include Priceline.com, the online-travel company, and Seaboard, which processes
turkeys and hogs.
In some ways, Google’s investors are betting that quantity can beat quality.
Google’s challenge has been lower prices for the ads it puts on its own and
others’ Web pages. Much of the traditional market for these ads has been
saturated, and Google has been trying to put more ads on mobile devices like
smartphones and tablets. Mobile ads tend to make less money because people click
on them less often.
But Google executives have emphasized the enormous number of mobile devices on
which it now places ads, and indicated that the sheer number of mobile outlets
was set to keep growing.
Much of the growth in mobile was initially in the developed world, where ad
prices are generally higher. As the use of smartphones and tablets spreads into
developing economies, the revenue per user is likely to drop, affecting overall
profits unless Google can grow even faster in these markets. For the third
consecutive quarter, 55 percent of Google’s revenue came from overseas sources.
Google also appeared to be moving more money through overseas accounts and
holding more money overseas, a strategy Apple and others have used to avoid
corporate taxes in the United States.
Both Republicans and Democrats in Washington have criticized Apple for its
offshore tax strategies. So far, however, the trend among companies seems to be
increasing.
“The U.S. corporate tax rate is supposed to be 35 percent, and Google was paying
an effective rate of about 15 percent,” said Colin Gillis, an analyst with BGC
Financial. “It wasn’t like there was a massive reacceleration of Google’s
business here.”
Google finished the quarter with $56 billion in cash, held in the United States
and overseas. Even the companies trying to compete with Google are starting to
draw off their overseas cash, buying foreign companies. These deals include
Microsoft’s purchase of the phone assets of Finland’s Nokia for $7.2 billion,
and Cisco’s purchase of NDS, a video services company based in Britain, for $5
billion in 2012.
Even eBay’s recent Bill Me Later feature is backstopped with its overseas cash,
Mr. Gillis said. “If I was starting a tech company, I’d put it in Luxembourg so
I could get bought with a U.S. company’s offshore cash,” he said.
Google’s United States business grew just under 13 percent over the quarter, a
low number that analysts ascribe to a maturing business. Google is trying to
increase the profitability of its ads by making them more personal, doing things
like looking at where people are or what their previous habits have been.
On Friday, Google announced a new partnership with a rival, Facebook, in which
it will begin selling ads that can appear on the desktop version of Facebook’s
service. It also announced changes to location-based searches in international
markets. While this yields more profitable ads for Google, since people are
generally more likely to click on things targeted at them, it also can run afoul
of privacy advocates and regulators.
Over all, Google’s quarterly numbers showed that its audience was spending more
time on mobile devices. The traditional business of people clicking ads on
desktop and laptop computers was flat last quarter, according to Search Agency,
a digital marketing firm. Clicks on phones more than doubled, the research
company said, while tablet clicks were up 63 percent.
Another bright spot in Google’s earnings, though a relatively small one, was
Google’s “other” category, believed to consist mostly of sales to businesses of
Google Apps, Google’s alternative to Microsoft’s office communications and
productivity software. This revenue was $1.23 billion, an increase of 85 percent
from the third quarter of 2012.
Google Stock Tops $1,000, Highlighting a Tech Divide, NYT, 18.10.2013,
http://www.nytimes.com/2013/10/19/technology/
google-stock-scales-1000-a-share.html
Facebook’s New Rules
October 18,
2013
The New York Times
By JOE NOCERA
No sooner
had the ink dried on my last column — about the new Dave Eggers’s novel “The
Circle,” in which he imagines a world without privacy — than Facebook announced
two changes to its privacy settings. In its short nine-year existence, Facebook
has made many changes to its privacy policies, of course. More often than not,
the changes have enabled the company to monetize the rich trove of data it
collects from its users. When you get right down to it, that’s really all it has
to sell.
As these things go, these particular changes were less than earth-shattering:
the first would make everyone’s news feed searchable; the second would allow
teenagers to share their latest thoughts or videos not just with their
“friends,” or their “friends of friends,” but with anyone who uses Facebook.
Previously, under-18 users of Facebook were restricted to sending posts to
“friends of friends” — a category that, admittedly, can run into the thousands
for many teenagers.
Still, it felt as though Facebook was making at least some small effort to
establish boundaries beyond which teens couldn’t go: a zone of safety to protect
them from predators and bullies. Now, it seemed, all bets were off. (In
fairness, I should note that the default setting for teenagers is “friends,”
which is restrictive, and that users under 18 have to change their setting to be
able to share information publicly.)
Whenever Facebook makes a change like this, it is always accompanied by some
highfalutin rationale. Sure enough, the company says that the move will amplify
the voices of young activists and idealists.
Well, I suppose. What the move clearly exemplifies, though, is the steady
erosion of privacy online — and not just on Facebook. In some ways, Facebook is
playing catch-up.
It’s important to remember that Facebook didn’t start life with an obvious
business model. Begun as a way for university students to share information with
others on the same campus — and no one else — it came to realize that
advertising was its ticket, and that advertisers wanted to be able to market to
a large universe of people who were sharing information. The more they divulged
about their likes and dislikes, the richer the data they provided.
Thus, as early as 2007, Facebook set up a program, called Beacon, that made it
possible to advertise to a user’s “friends” based on their purchases at other
sites. It resulted in a class-action lawsuit that has been settled. Facebook has
since shut down Beacon. In 2009, it got in trouble with the Federal Trade
Commission because it weakened its users’ privacy settings without telling them.
In 2010, it started a program called Open Graph, which gave marketers a wealth
of information about a Facebook user’s preferences. Most recently, the company
has developed a program that turns its users’ information into product
endorsements that are displayed to their “friends.” Such ads are far more
powerful than an obvious corporate ad because the “friends” trust the user.
Meanwhile, Facebook’s chief executive, Mark Zuckerberg, has always had a
philosophical bent toward “openness” and “sharing” — which meshed nicely with
his company’s advertising focus. Emily Bazelon, a Slate columnist, found a radio
interview in which Zuckerberg said, “We help you share information, and when you
do that, you’re more engaged on the site, and then there are ads on the side of
the page.” He added, “The model all just works out.”
“I think Facebook’s whole business model is habituating people to sharing all
their information,” Bazelon told me.
There’s one other factor: There are plenty of popular sites today where there is
no privacy at all. On Twitter, for the most part, every tweet is available for
anybody to see. Plenty of teenagers have gravitated to Twitter. When I spoke to
Facebook executives, I got the sense that they felt they had been backed into a
corner and had no choice but to open their site further so that teenagers could
post publicly on Facebook. Why should Facebook be punished commercially by
caring about privacy if competitors didn’t — and the users didn’t seem to care?
As for advertising, plainly the more time people spend on Facebook, the more
likely advertisers will stick with the company, instead of gravitating to
Twitter. Allowing teenagers to post publicly might well have the effect of
keeping them in Facebook’s orbit. The company acknowledges it wants more public
content, especially about popular subjects like television shows or movies.
Advertisers will continue to target teens with those ads on the side of the
page, just as they always have.
But what they won’t do, Facebook executives insist, is use teens’ own words and
images to create ads, the way they can do now with adults. They say this with
considerable vehemence, as if they are offended by the very notion.
Given their history, however, the obvious retort is: Give ’em time.
Facebook’s New Rules, NYT, 18.10.2013,
http://www.nytimes.com/2013/10/19/opinion/nocera-facebooks-new-rules.html
A World Without Privacy
October 14, 2013
The New York Times
By JOE NOCERA
In his great and prophetic novel “1984,” George Orwell laid
out his vision of what totalitarianism would look like if taken to its logical
extreme. The government — in the form of Big Brother — sees all and knows all.
The Party rewrites the past and controls the present. Heretics pop up on
television screens so they can be denounced by the populace. And the Ministry of
Truth propagates the Party’s three slogans:
WAR IS PEACE.
FREEDOM IS SLAVERY.
IGNORANCE IS STRENGTH.
Dave Eggers’s new novel, “The Circle,” also has three short, Orwellian slogans,
and while I have no special insight into whether he consciously modeled “The
Circle” on “1984,” I do know that his book could wind up being every bit as
prophetic.
Eggers’s subject is what the loss of privacy would look like if taken to its
logical extreme. His focus is not on government but on the technology companies
who invade our privacy on a daily basis. The Circle, you see, is a Silicon
Valley company, an evil hybrid of Google, Facebook and Twitter, whose cultures —
the freebies, the workaholism, the faux friendliness — Eggers captures with only
slight exaggeration.
The Circle has enormous power because it has become the primary gateway to the
Internet. Thanks to its near-monopoly, it is able to collect reams of data about
everyone who uses its services — and many who don’t — data that allows The
Circle to track anyone down in a matter of minutes. It has begun planting small,
hidden cameras in various places — to reduce crime, its leaders insist. The
Circle wants to place chips in children to prevent abductions, it says. It has
called on governments to be “transparent,” by which it means that legislators
should wear a tiny camera that allows the world to watch their every move.
Eventually, legislators who refuse find themselves under suspicion — after all,
they must be hiding something. This is where The Circle’s logic leads.
Of course, nobody who works for The Circle thinks what he or she is doing is
evil. On the contrary, like many a real Silicon Valley executive, they view
themselves as visionaries, whose only goal is benign: to make the world a better
place.
“We’re at the dawn of the Second Enlightenment,” says one of The Circle’s
founders in a speech to the staff. “I’m talking about an era where we don’t
allow the majority of human thought and action and achievement and learning to
escape as if from a leaky bucket.” It believes if it can eliminate secrecy
people will be forced to be their best selves all the time. It even toys with
the idea of getting the government to require voters to use The Circle — to
force them to vote on Election Day. And, of course, it has found multiple ways
to monetize the data it collects. As for the potential downside of this loss of
privacy, it is waved away by Circle executives as if too trifling to even
consider.
Is this vision of the future far-fetched? Of course it is — though no more than
“1984” was. “The Circle” imagines where we could end up if we don’t begin paying
attention. Indeed, what is striking is how far down this road we have already
gone. Thanks to Edward Snowden, we know that the National Security Agency has
the ability to read our e-mails and listen to our phone calls. Google shows us
ads based on words we use in our Gmail accounts. Last week, Facebook — which
has, in shades of Orwell, a chief privacy officer — removed a privacy setting so
that any Facebook user can search for any other Facebook user. The next day,
Google unveiled a plan that would make it possible for the company to use its
customers’ words and likeness in ads for products they like — information that
Google knows because, well, Google knows everything.
So, yes, while we’re not in Eggers territory yet, we are getting closer. I don’t
have either a Facebook or a Twitter account, yet every few days I get an e-mail
from one of the two companies saying that so-and-so is waiting for me to join
them in social media land. The people it picks as my potential “friends” are
very often people with whom I’ve never been a true colleague, but I’ve briefly
met at some point in my life. It is creepy to me that the companies know that I
know these particular people.
“If you have something that you don’t want anyone to know,” Eric Schmidt, the
former chief executive of Google, once said, “maybe you shouldn’t be doing it in
the first place.” That line could easily have been uttered by one of Dave
Eggers’s characters. That is the thought-process that could someday cost us our
last shred of privacy. “The Circle” is a warning.
(And in case you’re wondering, here are The Circle’s three slogans:
SHARING IS CARING.
SECRETS ARE LIES.
PRIVACY IS THEFT.)
Frank Bruni is off today. David Brooks is on book leave.
A World Without Privacy, NYT, 14.10.2013,
http://www.nytimes.com/2013/10/15/opinion/nocera-a-world-without-privacy.html
Felony Counts for 2
in
Suicide of Bullied 12-Year-Old
October 15,
2013
The New York Times
By LIZETTE ALVAREZ
MIAMI — For
the Polk County sheriff’s office, which has been investigating the cyberbullying
suicide of a 12-year-old Florida girl, the Facebook comment was impossible to
disregard.
In Internet shorthand it began “Yes, ik” — I know — “I bullied Rebecca nd she
killed herself.” The writer concluded that she didn’t care, using an obscenity
to make the point and a heart as a perverse flourish. Five weeks ago, Rebecca
Ann Sedwick, a seventh grader in Lakeland in central Florida, jumped to her
death from an abandoned cement factory silo after enduring a year, on and off,
of face-to-face and online bullying.
The Facebook post, Sheriff Grady Judd of Polk County said, was so offensive that
he decided to move forward with the arrest immediately rather than continue to
gather evidence. With a probable cause affidavit in hand, he sent his deputies
Monday night to arrest two girls, calling them the “primary harassers.” The
first, a 14-year-old, is the one who posted the comment Saturday, he said. The
second is her friend, and Rebecca’s former best friend, a 12-year-old.
Both were charged with aggravated stalking, a third-degree felony and will be
processed through the juvenile court system. Neither had an arrest record. The
older girl was taken into custody in the juvenile wing of the Polk County Jail.
The younger girl, who the police said expressed remorse, was released to her
parents under house arrest.
Originally, Sheriff Judd said he had hoped to wait until he received data from
two far-flung cellphone application companies, Kik Messenger and ask.fm, before
moving forward.
“We learned this over the weekend, and we decided that, look, we can’t leave her
out there,” Sheriff Judd said, referring to the older girl. “Who else is she
going to torment? Who else is she going to harass? Who is the next person she
verbally abuses and attacks?”
He said the older girl told the police that her account had been hacked, and
that she had not posted the comment.
“She forced this arrest today,” Sheriff Judd said.
Rebecca was bullied from December 2012 to February 2013, according to the
probable cause affidavit. But her mother, Tricia Norman, has said the bullying
began long before then and continued until Rebecca killed herself.
The older of the two girls acknowledged to the police that she had bullied
Rebecca. She said she had sent Rebecca a Facebook message saying that “nobody”
liked her, the affidavit said. The girl also texted Rebecca that she wanted to
“fight” her, the police said. But the bullying did not end there; Rebecca was
told to “kill herself” and “drink bleach and die” among other things, the police
added.
The bullying contributed to Rebecca’s suicide, the sheriff said.
Brimming with outrage and incredulity, the sheriff said in a news conference on
Tuesday that he was stunned by the older girl’s Saturday Facebook posting. But
he reserved his harshest words for the girl’s parents for failing to monitor her
behavior, after she had been questioned by the police, and for allowing her to
keep her cellphone.
“I’m aggravated that the parents are not doing what parents should do: after she
is questioned and involved in this, why does she even have a device?” Sheriff
Judd said. “Parents, who instead of taking that device and smashing it into a
thousand pieces in front of that child, say her account was hacked.”
The police said the dispute with Rebecca began over a boy. The older girl was
upset that Rebecca had once dated her boyfriend, they said.
“She began to harass and ultimately torment Rebecca,” said the sheriff,
describing the 14-year-old as a girl with a long history of bullying behavior.
The police said the older girl began to turn Rebecca’s friends against her,
including her former best friend, the 12-year-old who was charged. She told
anyone who tried to befriend Rebecca that they also would be bullied, the
affidavit said.
The bullying leapt into the virtual world, Sheriff Judd said, and Rebecca began
receiving sordid messages instructing her to “go kill yourself.” The police said
Rebecca’s mother was reluctant to take her cellphone away because she did not
want to alienate her daughter and wanted her to be able to communicate with her
friends. Ms. Norman tried, she has said, to monitor Rebecca’s cellphone
activity.
In December, the bullying grew so intense that Rebecca began cutting herself and
was sent to a hospital by her mother to receive psychiatric care. Ultimately,
her mother pulled her out of Crystal Lake Middle School. She home schooled her
for a while and then enrolled her in a new school in August.
But the bullying did not stop.
“As a child, I can remember sticks and stones can break your bones but words
will never hurt you,” the sheriff said. “Today, words stick because they are
printed and they are there forever.”
Some of the messages were sent using a variety of social media smartphone
messaging and photo-sharing applications, including ask.fm and Kik Messenger,
that parents have a difficult time keeping track of.
“Watch what your children do online,” Sheriff Judd said. “Pay attention. Quit
being their best friend and be their best parent. That’s important.”
Felony Counts for 2 in Suicide of Bullied 12-Year-Old, NYT, 15.10.2013,
http://www.nytimes.com/2013/10/16/us/
felony-charges-for-2-girls-in-suicide-of-bullied-12-year-old-rebecca-sedwick.html
Let’s Build a More Secure Internet
October 8,
2013
The New York Times
By ELI DOURADO
ARLINGTON,
Va. — CAN we ever trust the Internet again?
In the wake of the disclosures about the National Security Agency’s surveillance
programs, considerable attention has been focused on the agency’s collaboration
with companies like Microsoft, Apple and Google, which according to leaked
documents appear to have programmed “back door” encryption weaknesses into
popular consumer products and services like Hotmail, iPhones and Android phones.
But while such vulnerabilities are worrisome, equally important — and because of
their technical nature, far less widely understood — are the weaknesses that the
N.S.A. seems to have built into the very infrastructure of the Internet. The
agency’s “upstream collection” capabilities, programs with names like Fairview
and Blarney, monitor Internet traffic as it passes through the guts of the
system: the cables and routers and switches.
The concern is that even if consumer software companies like Microsoft and
telecommunications companies like AT&T and Verizon stop cooperating with the
N.S.A., your online security will remain compromised as long as the agency can
still take advantage of weaknesses in the Internet itself.
Fortunately, there is something we can do: encourage the development of an “open
hardware” movement — an extension of the open-source movement that has led to
software products like the Mozilla browser and the Linux operating system.
The open-source movement champions an approach to product development in which
there is universal access to a blueprint, as well as universal ability to modify
and redistribute the blueprint. Wikipedia is perhaps the best-known example of a
product inspired by the movement. Open-source advocates typically emphasize two
kinds of freedom that their products afford: they are available free of charge,
and they can be used and manipulated free of restrictions.
But there is a third kind of freedom inherent in open-source systems: the
freedom to audit. With open-source software, independent security experts can
scrutinize the code for vulnerabilities — whether accidentally or intentionally
introduced. The more auditing by the programming masses, the better the
security. As the open-source software advocate Eric S. Raymond has put it,
“given enough eyeballs, all bugs are shallow.”
Perhaps the greatest open-source success story is the Internet itself — at least
its “soft” parts. The Internet’s communications protocols and the software that
implements them are collaboratively engineered by loose networks of programmers
working outside the control of any single person, company or government. The
Internet Engineering Task Force, which develops core Internet protocols, does
not even have formal membership and seeks contributions from developers all over
the world.
But the problem is that the physical layer of the Internet’s infrastructure —
the hardware that transmits, directs and relays traffic online, as well as its
closely knit software (or “firmware”) — is not open-source. It is made by
commercial computing companies like Cisco, Hewlett-Packard and Juniper Networks
according to proprietary designs, and then sold to governments, universities,
private companies and anyone else who wants to set up a network.
There is reason to be skeptical about the security of these networking products.
The hardware firms that make them often compete for contracts with the United
States military and presumably face considerable pressure to maintain good
relations with the government. It stands to reason that such pressure might lead
companies to collaborate with the government on surveillance-related requests.
Because these hardware designs are closed to public scrutiny, it is relatively
easy for surveillance at the Internet’s infrastructural level to go undetected.
To make the Internet less susceptible to mass surveillance, we need to recreate
the physical layer of its infrastructure on the basis of open-source principles.
At the moment, the open hardware movement is limited mostly to hobbyists —
engineers who use the Internet to collaboratively build “open” devices like the
RepRap 3D printer. But the Internet community, through a concerted effort like
the one that currently sustains the Internet’s software architecture, could also
develop open-source, Internet-grade hardware. Governments like Brazil’s that
have forsworn further involvement with American Internet companies could adopt
such nonproprietary equipment designs and have them manufactured locally, free
from any N.S.A. interference.
The result would be Internet infrastructure, both hardware and software, that
was 100 percent open and auditable.
But never, of course, 100 percent secure. The N.S.A. could still try to exploit
the Internet’s open hardware. And of course, open hardware would do little to
prevent the government from reading e-mail if it still had the cooperation of
companies like Microsoft or Google. Open hardware is not a panacea.
Still, open hardware would at a minimum make the N.S.A.’s Internet surveillance
efforts more difficult and less effective. And it would increase the difficulty
of surveillance not just for the N.S.A. but also for foreign governments that
might otherwise piggyback on N.S.A.-introduced security vulnerabilities.
A 100 percent open-infrastructure Internet — a trustworthy Internet — would be
an important step in the empowerment of individuals against their governments
the world over.
Eli Dourado is
a research fellow
with the
technology policy program
at the
Mercatus Center at George Mason University.
Let’s Build a More Secure Internet, NYT, 8.10.2013,
http://www.nytimes.com/2013/10/09/opinion/lets-build-a-more-secure-internet.html
Google Accused of Wiretapping
in Gmail
Scans
October 1,
2013
The New York Times
By CLAIRE CAIN MILLER
SAN
FRANCISCO — Wiretapping is typically the stuff of spy dramas and shady criminal
escapades. But now, one of the world’s biggest Web companies, Google, must
defend itself against accusations that it is illegally wiretapping in the course
of its everyday business — gathering data about Internet users and showing them
related ads.
The accusations, made over several years in various lawsuits that have been
merged into two separate cases, ask whether Google went too far in collecting
user data in Gmail and Street View, its mapping project. Two federal judges have
ruled, over Google’s protests, that both cases can move forward.
The wiretapping rulings are the latest example of judges and regulators prodding
Google over privacy violations. The company is on the defensive, struggling to
persuade overseers and its users that it protects consumer data, while arguing
that the law is stuck in the past and has failed to keep up with new
technologies.
“It’s been a bad month for Google,” said Alan Butler, a lawyer at the Electronic
Privacy Information Center. “What’s at stake is a core digital privacy issue for
consumers right now, which is the extent to which their digital communications
are protected from use by third parties.” For the most part, Google has managed
to avoid major privacy penalties. The Gmail case could have broad effects,
though, because nearly half a billion people worldwide use the service, and
because if it is, as expected, certified as a class action, the fines could be
enormous. At the same time, the case could have long-term consequences for all
e-mail services — including those from Yahoo and Microsoft — and for the issue
of how confidential is online data.
“This ruling has the potential to really reshape the entire e-mail industry,”
said Eric Goldman, director of the High Tech Law Institute at Santa Clara
University School of Law.
The Gmail case involves Google’s practice of automatically scanning e-mail
messages and showing ads based on the contents of the e-mails. The plaintiffs
include voluntary Gmail users, people who have to use Gmail as part of an
educational institution and non-Gmail users whose messages were received by a
Gmail user. They say the scanning of the messages violates state and federal
antiwiretapping laws.
The case revives a short-lived uproar over Gmail ads when Google introduced them
in 2004. Microsoft has recently tried to call attention to the practice as part
of its Scroogled campaign, including a video that shows a so-called Gmail man
reading people’s e-mail. Google has continued to show new types of ads in Gmail,
including ads that look like e-mails.
“Google uses Gmail as its own secret data-mining machine, which intercepts,
warehouses, and uses, without consent, the private thoughts and ideas of
millions of unsuspecting Americans who transmit e-mail messages through Gmail,”
lawyers for the plaintiffs argued on July 11, opposing Google’s motion to
dismiss the case. On Thursday, Judge Lucy H. Koh of Federal District Court
denied Google’s motion in a 43-page order that fought the company at almost
every turn.
Judge Koh is highly respected in Silicon Valley, with a reputation for being
fearless. During the Apple-Samsung patent trial, she made headlines for asking
an Apple lawyer if he was “smoking crack.”
In this case, she came down hard on Google.
In the June 13 motion to dismiss the suit, Google said the plaintiffs were
trying to “criminalize ordinary business practices.” It argued that the scanning
of Gmail messages was automated, with no human review, and was no different from
the processes it uses to detect spam or viruses, offer in-box searching or
filter messages into folders. It said users had consented to it by agreeing to
Google’s terms of service and privacy policy.
In a section of the motion that was widely noted, Google also argued that
non-Gmail users had no expectation of privacy when corresponding with Gmail
users.
“Just as a sender of a letter to a business colleague cannot be surprised that
the recipient’s assistant opens the letter, people who use Web-based e-mail
today cannot be surprised if their communications are processed by the
recipient’s” e-mail provider, the lawyers wrote.
Federal wiretap law exempts interception of communication if it is necessary in
a service provider’s “ordinary course of business,” which Google said included
scanning e-mail. That argument did not fly with Judge Koh.
“In fact, Google’s alleged interception of e-mail content is primarily used to
create user profiles and to provide targeted advertising — neither of which is
related to the transmission of e-mails,” she wrote in last week’s ruling.
Judge Koh also dismissed Google’s argument that Gmail users consented to the
interception and that non-Gmail users who communicated with Gmail users also
knew that their messages could be read.
“Accepting Google’s theory of implied consent — that by merely sending e-mails
to or receiving e-mails from a Gmail user, a non-Gmail user has consented to
Google’s interception of such e-mails for any purposes — would eviscerate the
rule against interception,” she wrote. A Google spokeswoman, Leslie Miller, and
a lawyer for the company, Michael G. Rhodes of the law firm Cooley, declined to
comment on the case beyond a company statement. “We’re disappointed in this
decision and are considering our options,” it said. “Automated scanning lets us
provide Gmail users with security and spam protection, as well as great features
like Priority Inbox.”
Lawyers for the plaintiffs, Sean F. Rommel of Wyly Rommel and F. Jerome Tapley
of Cory Watson, did not respond to requests for comment.
Also last week, Google asked the Court of Appeals for the Ninth Circuit to
reconsider a Sept. 10 ruling that a separate wiretapping lawsuit could proceed.
That one involves Google Street View vehicles that secretly collected personal
information from unencrypted home computer networks.
The federal antiwiretapping law at the heart of both cases is part of the
Electronic Communications Privacy Act, a 1986 law that has been under fire for
years for not taking into account modern-day technology like e-mail.
“It’s not surprising we’re seeing courts struggle with applying the E.C.P.A.,”
Mr. Goldman of Santa Clara said. “It’s a poorly drafted statute that has aged
very poorly.”
Google Accused of Wiretapping in Gmail Scans, NYT, 1.10.2013,
http://www.nytimes.com/2013/10/02/technology/
google-accused-of-wiretapping-in-gmail-scans.html
N.S.A.
Gathers Data
on
Social Connections of U.S. Citizens
September
28, 2013
The New York Times
By JAMES RISEN and LAURA POITRAS
WASHINGTON
— Since 2010, the National Security Agency has been exploiting its huge
collections of data to create sophisticated graphs of some Americans’ social
connections that can identify their associates, their locations at certain
times, their traveling companions and other personal information, according to
newly disclosed documents and interviews with officials.
The spy agency began allowing the analysis of phone call and e-mail logs in
November 2010 to examine Americans’ networks of associations for foreign
intelligence purposes after N.S.A. officials lifted restrictions on the
practice, according to documents provided by Edward J. Snowden, the former
N.S.A. contractor.
The policy shift was intended to help the agency “discover and track”
connections between intelligence targets overseas and people in the United
States, according to an N.S.A. memorandum from January 2011. The agency was
authorized to conduct “large-scale graph analysis on very large sets of
communications metadata without having to check foreignness” of every e-mail
address, phone number or other identifier, the document said. Because of
concerns about infringing on the privacy of American citizens, the computer
analysis of such data had previously been permitted only for foreigners.
The agency can augment the communications data with material from public,
commercial and other sources, including bank codes, insurance information,
Facebook profiles, passenger manifests, voter registration rolls and GPS
location information, as well as property records and unspecified tax data,
according to the documents. They do not indicate any restrictions on the use of
such “enrichment” data, and several former senior Obama administration officials
said the agency drew on it for both Americans and foreigners.
N.S.A. officials declined to say how many Americans have been caught up in the
effort, including people involved in no wrongdoing. The documents do not
describe what has resulted from the scrutiny, which links phone numbers and
e-mails in a “contact chain” tied directly or indirectly to a person or
organization overseas that is of foreign intelligence interest.
The new disclosures add to the growing body of knowledge in recent months about
the N.S.A.’s access to and use of private information concerning Americans,
prompting lawmakers in Washington to call for reining in the agency and
President Obama to order an examination of its surveillance policies. Almost
everything about the agency’s operations is hidden, and the decision to revise
the limits concerning Americans was made in secret, without review by the
nation’s intelligence court or any public debate. As far back as 2006, a Justice
Department memo warned of the potential for the “misuse” of such information
without adequate safeguards.
An agency spokeswoman, asked about the analyses of Americans’ data, said, “All
data queries must include a foreign intelligence justification, period.”
“All of N.S.A.’s work has a foreign intelligence purpose,” the spokeswoman
added. “Our activities are centered on counterterrorism, counterproliferation
and cybersecurity.”
The legal underpinning of the policy change, she said, was a 1979 Supreme Court
ruling that Americans could have no expectation of privacy about what numbers
they had called. Based on that ruling, the Justice Department and the Pentagon
decided that it was permissible to create contact chains using Americans’
“metadata,” which includes the timing, location and other details of calls and
e-mails, but not their content. The agency is not required to seek warrants for
the analyses from the Foreign Intelligence Surveillance Court.
N.S.A. officials declined to identify which phone and e-mail databases are used
to create the social network diagrams, and the documents provided by Mr. Snowden
do not specify them. The agency did say that the large database of Americans’
domestic phone call records, which was revealed by Mr. Snowden in June and
caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have
previously acknowledged that the agency has done limited analysis in that
database, collected under provisions of the Patriot Act, exclusively for people
who might be linked to terrorism suspects.)
But the agency has multiple collection programs and databases, the former
officials said, adding that the social networking analyses relied on both
domestic and international metadata. They spoke only on the condition of
anonymity because the information was classified.
The concerns in the United States since Mr. Snowden’s revelations have largely
focused on the scope of the agency’s collection of the private data of Americans
and the potential for abuse. But the new documents provide a rare window into
what the N.S.A. actually does with the information it gathers.
A series of agency PowerPoint presentations and memos describe how the N.S.A.
has been able to develop software and other tools — one document cited a new
generation of programs that “revolutionize” data collection and analysis — to
unlock as many secrets about individuals as possible.
The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more
weapons in the hunt for information about the nation’s adversaries, clearly
views its collections of metadata as one of its most powerful resources. N.S.A.
analysts can exploit that information to develop a portrait of an individual,
one that is perhaps more complete and predictive of behavior than could be
obtained by listening to phone conversations or reading e-mails, experts say.
Phone and e-mail logs, for example, allow analysts to identify people’s friends
and associates, detect where they were at a certain time, acquire clues to
religious or political affiliations, and pick up sensitive information like
regular calls to a psychiatrist’s office, late-night messages to an extramarital
partner or exchanges with a fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George
Washington University. “Knowing things like the number someone just dialed or
the location of the person’s cellphone is going to allow them to assemble a
picture of what someone is up to. It’s the digital equivalent of tailing a
suspect.”
The N.S.A. had been pushing for more than a decade to obtain the rule change
allowing the analysis of Americans’ phone and e-mail data. Intelligence
officials had been frustrated that they had to stop when a contact chain hit a
telephone number or e-mail address believed to be used by an American, even
though it might yield valuable intelligence primarily concerning a foreigner who
was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A.
officials also wanted to employ the agency’s advanced computer analysis tools to
sift through its huge databases with much greater efficiency.
The agency had asked for the new power as early as 1999, the documents show, but
had been initially rebuffed because it was not permitted under rules of the
Foreign Intelligence Surveillance Court that were intended to protect the
privacy of Americans.
A 2009 draft of an N.S.A. inspector general’s report suggests that contact
chaining and analysis may have been done on Americans’ communications data under
the Bush administration’s program of wiretapping without warrants, which began
after the Sept. 11 attacks to detect terrorist activities and skirted the
existing laws governing electronic surveillance.
In 2006, months after the wiretapping program was disclosed by The New York
Times, the N.S.A.’s acting general counsel wrote a letter to a senior Justice
Department official, which was also leaked by Mr. Snowden, formally asking for
permission to perform the analysis on American phone and e-mail data. A Justice
Department memo to the attorney general noted that the “misuse” of such
information “could raise serious concerns,” and said the N.S.A. promised to
impose safeguards, including regular audits, on the metadata program. In 2008,
the Bush administration gave its approval.
A new policy that year, detailed in “Defense Supplemental Procedures Governing
Communications Metadata Analysis,” authorized by Defense Secretary Robert M.
Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court
had ruled that metadata was not constitutionally protected, N.S.A. analysts
could use such information “without regard to the nationality or location of the
communicants,” according to an internal N.S.A. description of the policy.
After that decision, which was previously reported by The Guardian, the N.S.A.
performed the social network graphing in a pilot project for 1 ½ years “to great
benefit,” according to the 2011 memo. It was put in place in November 2010 in
“Sigint Management Directive 424” (sigint refers to signals intelligence).
In the 2011 memo explaining the shift, N.S.A. analysts were told that they could
trace the contacts of Americans as long as they cited a foreign intelligence
justification. That could include anything from ties to terrorism, weapons
proliferation or international drug smuggling to spying on conversations of
foreign politicians, business figures or activists.
Analysts were warned to follow existing “minimization rules,” which prohibit the
N.S.A. from sharing with other agencies names and other details of Americans
whose communications are collected, unless they are necessary to understand
foreign intelligence reports or there is evidence of a crime. The agency is
required to obtain a warrant from the intelligence court to target a “U.S.
person” — a citizen or legal resident — for actual eavesdropping.
The N.S.A. documents show that one of the main tools used for chaining phone
numbers and e-mail addresses has the code name Mainway. It is a repository into
which vast amounts of data flow daily from the agency’s fiber-optic cables,
corporate partners and foreign computer networks that have been hacked.
The documents show that significant amounts of information from the United
States go into Mainway. An internal N.S.A. bulletin, for example, noted that in
2011 Mainway was taking in 700 million phone records per day. In August 2011, it
began receiving an additional 1.1 billion cellphone records daily from an
unnamed American service provider under Section 702 of the 2008 FISA Amendments
Act, which allows for the collection of the data of Americans if at least one
end of the communication is believed to be foreign.
The overall volume of metadata collected by the N.S.A. is reflected in the
agency’s secret 2013 budget request to Congress. The budget document, disclosed
by Mr. Snowden, shows that the agency is pouring money and manpower into
creating a metadata repository capable of taking in 20 billion “record events”
daily and making them available to N.S.A. analysts within 60 minutes.
The spending includes support for the “Enterprise Knowledge System,” which has a
$394 million multiyear budget and is designed to “rapidly discover and correlate
complex relationships and patterns across diverse data sources on a massive
scale,” according to a 2008 document. The data is automatically computed to
speed queries and discover new targets for surveillance.
A top-secret document titled “Better Person Centric Analysis” describes how the
agency looks for 94 “entity types,” including phone numbers, e-mail addresses
and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to
build social networks and what the agency calls “community of interest”
profiles, using queries like “travelsWith, hasFather, sentForumMessage,
employs.”
A 2009 PowerPoint presentation provided more examples of data sources available
in the “enrichment” process, including location-based services like GPS and
TomTom, online social networks, billing records and bank codes for transactions
in the United States and overseas.
At a Senate Intelligence Committee hearing on Thursday, General Alexander was
asked if the agency ever collected or planned to collect bulk records about
Americans’ locations based on cellphone tower data. He replied that it was not
doing so as part of the call log program authorized by the Patriot Act, but said
a fuller response would be classified.
If the N.S.A. does not immediately use the phone and e-mail logging data of an
American, it can be stored for later use, at least under certain circumstances,
according to several documents.
One 2011 memo, for example, said that after a court ruling narrowed the scope of
the agency’s collection, the data in question was “being buffered for possible
ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office
of Legal Counsel showed that the agency was allowed to collect and retain raw
traffic, which includes both metadata and content, about “U.S. persons” for up
to five years online and for an additional 10 years offline for “historical
searches.”
James Risen
reported from Washington and New York.
Laura Poitras,
a freelance journalist, reported from Berlin.
N.S.A. Gathers Data on Social Connections of U.S. Citizens, NYT, 28.9.2013,
http://www.nytimes.com/2013/09/29/
us/nsa-examines-social-networks-of-us-citizens.html
Victims Push Laws
to End
Online Revenge Posts
September
23, 2013
The New York Times
By ERICA GOODE
He was a
muscular guy with “kind of a nerdy kind of charm,” Marianna Taschinger recalled,
a combination that proved irresistible to an 18-year-old girl in a small Texas
town.
They dated, broke up, dated again. He asked her to pick out a wedding ring. He
also made another request — that she take nude pictures of herself and send them
to him.
“He said if I didn’t want to send them to him, that meant that I didn’t trust
him, which meant that I didn’t love him,” Ms. Taschinger said.
The photos would never be shared with anyone else, she remembers him promising.
And she believed him — until last December, more than a year after the couple
broke up, when a dozen nude images of her popped up on a Web site focusing on
what has become known as revenge porn. She is suing the site and her
ex-boyfriend.
Revenge porn sites feature explicit photos posted by ex-boyfriends, ex-husbands
and ex-lovers, often accompanied by disparaging descriptions and identifying
details, like where the women live and work, as well as links to their Facebook
pages. The sites, which are proliferating, are largely immune to criminal
pursuit. But that may be changing. California lawmakers this month passed the
first law aimed at revenge porn sites.
With cellphone cameras ubiquitous and many Americans giving in to the urge to
document even the most intimate aspects of their lives, revenge porn has opened
up new ways to wreak vengeance.
The effects can be devastating. Victims say they have lost jobs, been approached
in stores by strangers who recognized their photographs, and watched close
friendships and family relationships dissolve. Some have changed their names or
altered their appearance.
“Sometimes I want to get into a fetal position and cry,” said Ms. Taschinger,
23, who added that she gave up her job at a restaurant and was stalked by a man
who sat outside her house in a car.
But when victims call the police, they are invariably told there is little to be
done. Lawsuits sometimes exact payments from men who post photographs or succeed
in shutting down a site. But once the images are online they spread, picked up
by dozens or even hundreds of other Web sites.
When Holly Jacobs, a woman in Florida, changed her name to dissociate herself
from the photos posted by her ex-boyfriend, she found them linked to her new
name. And the owners and operators of the Web sites are in most cases protected
by federal law, which largely absolves them of responsibility for material
posted by third parties.
“It’s just an easy way to make people unemployable, undatable and potentially at
physical risk,” said Danielle Citron, a law professor at the University of
Maryland, who is writing a book on online harassment.
As the sites have increased, legal scholars and women’s advocates have begun to
push for criminal penalties for people who post on them. Only New Jersey has a
law that would allow for criminal prosecution, although it was not written with
revenge porn in mind.
But proposals have met opposition from critics who worry that such laws would
infringe on the First Amendment. A bill addressing the issue failed in the
Florida Legislature this year.
And even California’s law, which on Monday was awaiting Gov. Jerry Brown’s
signature, would make only some forms of revenge posting a misdemeanor
punishable by jail time or a hefty fine — applying only to photos taken by
others and posted with an intent to cause serious distress.
“It has been watered down again and again as it has weaved its way through
Sacramento,” said Charlotte Laws, who began pushing for legislation after
pictures of her daughter, Kayla, 26, were posted on a site.
“What we really need is federal legislation,” Ms. Laws said.
Women who have been victimized by disgruntled exes have filed civil suits based
on claims of copyright infringement, invasion of privacy or, in some cases,
child pornography.
In Michigan, a federal judge last month issued a default judgment for more than
$300,000 in a suit filed by a woman whose photos appeared on yougotposted. The
Web site continues to operate despite at least four lawsuits filed against its
operators, including one that alleges that the site published images of
under-age girls. The alleged owners and operators of yougotposted have either
not responded to the lawsuits or have denied the allegations.
Ms. Taschinger is one of 25 plaintiffs, five of them under age, who are suing
Texxxan.com, along with its operators GoDaddy, the company that hosted the
now-defunct site, for invasion of privacy.
Ms. Taschinger’s ex-boyfriend, Eastwood Almazan, is also named, along with seven
other men who the suit claims uploaded photos of plaintiffs. In a telephone
interview, Mr. Almazan, 35, denied posting the images of Ms. Taschinger or any
other women. He said he was not familiar with the Texxxan.com Web site and did
not own a computer at the time the photographs appeared.
“I don’t know where they’re getting this information from,” Mr. Almazan said.
John Morgan, a lawyer in Beaumont, Tex., who represents Ms. Taschinger and the
other plaintiffs, said that Texxxan.com is under investigation in Texas by the
F.B.I.’s cybercrimes division and the Orange County Sheriff.
Aaron McKown, a lawyer representing GoDaddy, which has filed an appeal
contending that Section 230 of the federal Communications Decency Act exempts it
from liability for posted material, said in an e-mail that the company does not
comment on pending legislation.
Messages left for a lawyer representing Hunter Taylor, the operator of the Web
site, were not returned. (In a document filed with the court denying the
allegations in the lawsuit, Mr. Taylor said, “Attempts to contact Hunter T.
Taylor by the press will be of no use, as there will be no comment.”)
Revenge porn first drew public attention in 2011, when Hunter Moore, the
unapologetic creator of a site called isanyoneup.com, said in a television
interview with Anderson Cooper that he had no qualms about profiting from public
revenge.
“Why would I?” Mr. Moore said. “I get to look at naked girls all day.”
Mr. Moore — who shut down the Web site in 2012 but was reported to have earned
$10,000 a month in advertising when it was operational — drew outrage, including
from the hacker collective Anonymous. In a video announcing the creation of
“Operation Hunt Hunter,” the group called Mr. Moore a capitalist who “makes
money off of the misery of others” and said, “We will hold him accountable for
his actions.” Mr. Moore is under investigation by the F.B.I.
Not everyone agrees that criminalizing revenge porn is the best strategy. Marc
Randazza, a Nevada lawyer who represents plaintiffs against yougotposted, says
that he thinks civil remedies are preferable.
“As horrible as I think people are who do this,” he said, “do we really need
another law to put more people in jail in the United States?”
And some experts, like Eric Goldman, a law professor at Santa Clara University,
have said that any state law would be vulnerable to First Amendment challenges.
But Eugene Volokh, a First Amendment scholar at the University of California,
Los Angeles, said he saw no constitutional obstacle to a law written narrowly to
address naked or sexual images distributed without permission.
“I think that’s a kind of invasion of privacy that the courts would say can be
prohibited,” he said.
An example of what such a law might look like has been drafted by a law
professor at the University of Miami, Mary Anne Franks, and posted on the Web
site endrevengeporn.org, founded by Ms. Jacobs.
Professor Franks said that opposition to legislation often stems from a
blame-the-victim attitude that holds women responsible for allowing photographs
to be taken in the first place, an attitude similar in her view to blaming rape
victims for what they wear or where they walk.
“The moment the story is that she voluntarily gave this to her boyfriend, all
the sympathy disappears,” she said.
Ms. Taschinger said even now, her friends continued to send nude pictures of
themselves to their boyfriends.
“You don’t want to really think that five years down the line, your boyfriend at
the time could be your not-boyfriend and do something really bad to you,” she
said.
Victims Push Laws to End Online Revenge Posts, NYT, 23.9.2013,
http://www.nytimes.com/2013/09/24/us/
victims-push-laws-to-end-online-revenge-posts.html
Biometric Technology Takes Off
September
20, 2013
The New York Times
By THE EDITORIAL BOARD
The use of
biological markers like fingerprints, faces and irises to identify people is
rapidly moving from science fiction to reality. Apple’s latest iPhone, which
went on sale this week, can be unlocked with a fingerprint. Users of Android
smartphones can unlock their devices with a glance. And the Federal Bureau of
Investigation is developing facial recognition technology that would allow it to
pinpoint criminals and suspects in large crowds of people with closed-circuit
cameras.
Once so expensive that it was used only by the military or high-tech companies,
biometric technology has become so commonplace that even some schools and
hospitals are using it. Its adoption could make sensitive information more
secure than conventional identification cards or passwords, which can be easily
forgotten, lost or hacked. But it also has the potential to undermine privacy,
which has been greatly compromised by recent revelations about government
surveillance of phone and Internet communications.
In fact, biometrics are not as safe as is often thought. A 2010 report from the
National Research Council concluded that such systems are “inherently fallible”
because they identify people within certain degrees of certainty and because
biological markers are relatively easy to copy. For example, people leave their
fingerprints on everything they touch, which makes those fingerprints available
to any determined spy or law enforcement agent. Experts have shown that
fingerprints and other markers can be copied, giving hackers and thieves access
to private information. And once compromised, fingerprints cannot be reset, like
passwords, or replaced, like passports.
If proper safeguards are not put in place, the use of some biometrics, like
facial-recognition technology, can also be used to conduct intrusive
surveillance of individuals or groups of people by governments and private
companies. Using facial-recognition software to match databases of photos with
images from security cameras in public spaces and private buildings can help law
enforcement agencies spot and track dangerous criminals. But the same technology
can just as easily be abused to target political activists or protesters.
Retailers could use such systems to snoop on their customers’ shopping behavior
so that they could later target specific ads and offers to those customers.
Facebook already uses software to determine whether photos that users upload to
the site contain the images of their friends, though the company does let users
opt out of the system.
Even as the use of such technology has expanded rapidly, there has been little
public debate about its use. Most federal and state laws do not directly address
the collection and use of biological markers by businesses and the government.
Some lawmakers, like Senator Al Franken, Democrat of Minnesota, have asked the
F.B.I. and companies like Apple and Facebook to explain how they use biometrics.
But Congress must do more by enacting legislation that governs how this
technology is used, to make sure it does not compromise privacy rights.
Biometric Technology Takes Off, NYT, 20.9.2013,
http://www.nytimes.com/2013/09/21/opinion/biometric-technology-takes-off.html
Girl’s Suicide Points to Rise in Apps
Used by Cyberbullies
September 13, 2013
The New York Times
By LIZETTE ALVAREZ
MIAMI — The clues were buried in her bedroom. Before leaving
for school on Monday morning, Rebecca Ann Sedwick had hidden her schoolbooks
under a pile of clothes and left her cellphone behind, a rare lapse for a
12-year-old girl.
Inside her phone’s virtual world, she had changed her user name on Kik
Messenger, a cellphone application, to “That Dead Girl” and delivered a message
to two friends, saying goodbye forever. Then she climbed a platform at an
abandoned cement plant near her home in the Central Florida city of Lakeland and
leaped to the ground, the Polk County sheriff said.
In jumping, Rebecca became one of the youngest members of a growing list of
children and teenagers apparently driven to suicide, at least in part, after
being maligned, threatened and taunted online, mostly through a new collection
of texting and photo-sharing cellphone applications. Her suicide raises new
questions about the proliferation and popularity of these applications and Web
sites among children and the ability of parents to keep up with their children’s
online relationships.
For more than a year, Rebecca, pretty and smart, was cyberbullied by a coterie
of 15 middle-school children who urged her to kill herself, her mother said. The
Polk County sheriff’s office is investigating the role of cyberbullying in the
suicide and considering filing charges against the middle-school students who
apparently barraged Rebecca with hostile text messages. Florida passed a law
this year making it easier to bring felony charges in online bullying cases.
Rebecca was “absolutely terrorized on social media,” Sheriff Grady Judd of Polk
County said at a news conference this week.
Along with her grief, Rebecca’s mother, Tricia Norman, faces the frustration of
wondering what else she could have done. She complained to school officials for
several months about the bullying, and when little changed, she pulled Rebecca
out of school. She closed down her daughter’s Facebook page and took her
cellphone away. She changed her number. Rebecca was so distraught in December
that she began to cut herself, so her mother had her hospitalized and got her
counseling. As best she could, Ms. Norman said, she kept tabs on Rebecca’s
social media footprint.
It all seemed to be working, she said. Rebecca appeared content at her new
school as a seventh grader. She was gearing up to audition for chorus and was
considering slipping into her cheerleading uniform once again. But unknown to
her mother, Rebecca had recently signed on to new applications — ask.fm, and Kik
and Voxer — which kick-started the messaging and bullying once again.
“I had never even heard of them; I did go through her phone but didn’t even
know,” said Ms. Norman, 42, who works in customer service. “I had no reason to
even think that anything was going on. She was laughing and joking.”
Sheriff Judd said Rebecca had been using these messaging applications to send
and receive texts and photographs. His office showed Ms. Norman the messages and
photos, including one of Rebecca with razor blades on her arms and cuts on her
body. The texts were full of hate, her mother said: “Why are you still alive?”
“You’re ugly.”
One said, “Can u die please?” To which Rebecca responded, with a flash of
resilience, “Nope but I can live.” Her family said the bullying began with a
dispute over a boy Rebecca dated for a while. But Rebecca had stopped seeing
him, they said.
Rebecca was not nearly as resilient as she was letting on. Not long before her
death, she had clicked on questions online that explored suicide. “How many
Advil do you have to take to die?”
In hindsight, Ms. Norman wonders whether Rebecca kept her distress from her
family because she feared her mother might take away her cellphone again.
“Maybe she thought she could handle it on her own,” Ms. Norman said.
It is impossible to be certain what role the online abuse may have played in her
death. But cyberbullying experts said cellphone messaging applications are
proliferating so quickly that it is increasingly difficult for parents to keep
pace with their children’s complex digital lives.
“It’s a whole new culture, and the thing is that as adults, we don’t know
anything about it because it’s changing every single day,” said Denise Marzullo,
the chief executive of Mental Health America of Northeast Florida in
Jacksonville, who works with the schools there on bullying issues.
No sooner has a parent deciphered Facebook or Twitter or Instagram than his or
her children have migrated to the latest frontier. “It’s all of these small ones
where all this is happening,” Ms. Marzullo said.
In Britain, a number of suicides by young people have been linked to ask.fm, and
online petitions have been started there and here to make the site more
responsive to bullying. The company ultimately responded this year by
introducing an easy-to-see button to report bullying and saying it would hire
more moderators.
“You hear about this all the time,” Ms. Norman said of cyberbullying. “I never,
ever thought it would happen to me or my daughter.”
Questions have also been raised about whether Rebecca’s old school, Crystal Lake
Middle School, did enough last year to help stop the bullying; some of it,
including pushing and hitting, took place on school grounds. The same students
also appear to be involved in sending out the hate-filled online messages away
from school, something schools can also address.
Nancy Woolcock, the assistant superintendent in charge of antibullying programs
for Polk County Schools, said the school received one bullying complaint from
Rebecca and her mother in December about traditional bullying, not
cyberbullying. After law enforcement investigated, Rebecca’s class schedule was
changed. Ms. Woolcock said the school also has an extensive antibullying
campaign and takes reports seriously.
But Ms. Norman said the school should have done more. Officials told her that
Rebecca would receive an escort as she switched classes, but that did not
happen, she said.
Rebecca never boarded her school bus on Monday morning. She made her way to the
abandoned Cemex plant about 10 minutes away from her modest mobile home; the
plant was a place she had used as a getaway a few times when she wanted to
vanish. Somehow, she got past the high chain-link fence topped with barbed wire,
which is now a memorial, with teddy bears, candles and balloons. She climbed a
tower and then jumped.
“Don’t ignore your kids,” Ms. Norman said, “even if they seem fine.”
Lance Speere contributed reporting from Lakeland, Fla.,
and Alan Blinder from Atlanta.
Girl’s Suicide Points to Rise in Apps Used
by Cyberbullies, NYT, 13.9.2013,
http://www.nytimes.com/2013/09/14/us/
suicide-of-girl-after-bullying-raises-worries-on-web-sites.html
Obama, Snowden and Putin
August 13, 2013
The New York Times
By THOMAS L. FRIEDMAN
You only get one chance to make a second impression. It seems
to me that Edward Snowden should use his and that Russian President Vladimir
Putin has blown his.
Considering the breadth of reforms that President Obama is now proposing to
prevent privacy abuses in intelligence gathering, in the wake of Snowden’s
disclosures, Snowden deserves a chance to make a second impression — that he
truly is a whistle-blower, not a traitor. The fact is, he dumped his data and
fled to countries that are hostile to us and to the very principles he espoused.
To make a second impression, Snowden would need to come home, make his case and
face his accusers. It would mean risking a lengthy jail term, but also trusting
the fair-mindedness of the American people, who, I believe, will not allow an
authentic whistle-blower to be unfairly punished.
As for Putin, he blew his second impression — the reset in U.S.-Russian
relations — long before he granted Snowden asylum. Dealing with Putin always
involved a certain trade-off for America: accepting a degree of Putin
authoritarianism in return for cooperation on global issues that mattered to us,
as long as Putin “sort of” kept Russia moving toward a more open, consensual
society. But the balance is not there anymore. Putin’s insistence on blocking
any diplomacy on Syria that might move out “his guy,” President Bashar al-Assad,
his abuse of Russian gays and lesbians, and his blatant use of rule-by-law
tactics to silence any critics mean that we’re not getting anything from this
relationship anymore, nor are many Russians.
But rather than punch Putin in the face, which would elevate him with his
followers, it would be much better to hit him where it would really hurt by
publicly challenging the notion that he is making Russia strong.
Here’s what Obama could have said when asked about Putin last week: “You know,
back in 1979, President Putin’s brutal Soviet predecessors sent us Sergey Brin
and his family. As you know, Brin later became the co-founder of Google. That
was Russia’s loss, but a gift to us and to the world. We could not have enjoyed
the benefits of search had the Soviets not made life so unattractive for Brin’s
family. I make that point because Putin doesn’t seem interested in making life
attractive in today’s Russia for the Sergey Brins of his generation. Putin only
seems interested in sticking pipes in the ground and extracting oil and gas —
rather than the talents of his own young people — and making sure that he and
his cronies get their cut of the oil flow.
“Look what Putin just did. Sergei Guriev is one of the most talented of Russia’s
new-generation economists. He was rector of one of the few world-class academic
institutions left in Russia today: the New Economic School. Guriev was a loyal,
liberal adviser to former President Dmitri Medvedev, but after he co-authored a
report that criticized the conviction of Mikhail Khodorkovsky, the imprisoned
oil magnate, Putin’s goons began to harass him. He said they even demanded his
e-mails going back five years. (Snowden beware.) Well, in the spring, Guriev
fled to France, saying he feared losing his freedom, and he says he’s not going
back.
“Sergei Guriev, come to America. Bring your friends. Bring the members of that
band Putin put in jail, Pussy Riot, too. No creative person has any future in
Putin’s Russia because he doesn’t understand the present: There are no
‘developed’ and ‘developing’ countries anymore. There are only H.I.E.’s (high
imagination-enabling countries) and L.I.E.’s (low imagination-enabling
countries). That is, countries that nurture innovation and innovators and those
that don’t — in a world where so many more people can turn ideas into products,
services, companies and jobs faster and cheaper than ever. Putin is building a
political monoculture that will make Russia the lowest of low
imagination-enabling countries.
“Putin prefers to rely instead on less educated, xenophobic rural populations,
who buy into his anti-American, anti-gay trope that the world just wants to keep
Russia down. As the revolution in hydraulic fracturing, horizontal drilling and
energy efficiency spreads around the world, and oil and gas prices fall, Putin’s
failure to invest in Russia’s human talent — which he won’t do because it means
empowering and freeing them from his grasp — will become a big problem for
Russia.”
That’s what I would have said. Do we lose anything by not having Putin’s help?
You bet. Those who say we don’t need Russia are wrong. There is no major problem
in the world today — Syria, Afghanistan, Egypt, cybercrime, climate or drugs —
that would not be easier to solve if the U.S. and Russia worked together. (It’s
why I opposed NATO expansion.) But running against America is now essential to
Putin’s domestic survival.
So there is no sense wasting more time with him. While he will not help us, he
can’t do us serious harm. He can and is doing serious harm to Russia, by putting
loyalty to him before competence. Any system that does that for long, dies.
You can Google it.
Obama, Snowden and Putin, NYT, 13.8.2013,
http://www.nytimes.com/2013/08/14/opinion/
friedman-obama-snowden-and-putin.html
Facebook Is Erasing Doubts on Mobile
July 24,
2013
The New York Times
By VINDU GOEL
If Facebook
were a car, it just went from zero to 60 mph in six seconds.
The social networking company said Wednesday that it had revved up its mobile
advertising from virtually nothing a year ago to 41 percent of its total ad
revenue of $1.6 billion in the second quarter.
“Soon we’ll have more revenue on mobile than desktop,” Mark Zuckerberg,
Facebook’s founder and chief executive, said in a conference call with analysts.
Facebook’s results elated investors, who sent the company’s stock up nearly 17
percent, to $30.94, in after-hours trading.
Analysts said the strong performance dissipated lingering worries that the
company could not adapt to the current Internet environment, in which users are
relying more on mobile devices instead of personal computers to access the
information they want.
Those concerns have dogged the company since its disappointing initial public
offering in May 2012, in which it sold shares at $38 and then saw them fall by
half.
“One of the biggest overhangs from their I.P.O. is that this company had been
blindsided by mobile,” said Mark Mahaney, an analyst with RBC Capital Markets.
“They caught up. Instead of being behind the curve on mobile, they are ahead of
the curve.”
The company said it had net income of $333 million, or 13 cents a share, in the
second quarter. Excluding stock-based compensation expenses, profits were $488
million or 19 cents a share, compared with $295 million, or 12 cents a share, in
the second quarter a year ago.
The company’s revenue soared 53 percent, to $1.81 billion.
Facebook had particularly strong demand for ads that appear in its users’ news
feeds, the flow of updates from friends that they see when they log on. About 1
in 20 posts in the news feed is an ad, and advertisers cannot seem to get enough
of them.
The company expects those ads to continue to grow in the second half, its chief
financial officer, David Ebersman, said in a conference call with analysts.
One concern for the future is whether Facebook will annoy its users if it
significantly increases the number of ads in news feeds, said Debra Aho
Williamson, an analyst with eMarketer, a research firm.
“How many ads will people tolerate?” she asked.
Mr. Zuckerberg said Facebook’s studies had shown that users were noticing ads
more, and the company was working to improve the quality and relevance of ads.
Facebook is also studying when and how to introduce video ads, which are
expected to command at least several hundred thousand dollars each.
“We have nothing to announce today,” Facebook’s chief operating officer, Sheryl
Sandberg, said in an interview. But she said video was “tremendously important”
for users as well as marketers. Videos made and shared through Facebook’s new
video feature in Instagram are growing quickly.
The company’s results also show how its users are continuing to shift toward
mobile phones and tablets to use the site instead of a computer’s Web browser.
Although the company’s total number of active monthly users worldwide grew
slightly from the first quarter, to 1.15 billion, the number of people who use
its mobile versions at least once a month grew 9 percent, to 819 million in that
time.
Total ad revenue, a crucial measure watched by Wall Street, was $1.6 billion, up
61 percent from the second quarter of 2012. Of total ad revenue, 41 percent came
from mobile, up from 30 percent in the first quarter.
“I think this shows that all the questions that people might have had in the
past about whether Facebook could monetize on mobile devices, they’ve settled
definitively,” Ms. Williamson said.
Users’ preference for reading Facebook on the go has created special revenue
opportunities, like ads that prompt users to install mobile apps like games. But
advertisers are generally willing to pay much less for a mobile ad than they are
for the desktop.
The company’s sharp revenue growth reflects increased competition among
advertisers to reach Facebook’s large user base, said Rob Jewell, chief
executive of Spruce Media, a firm that helps advertisers like McDonald’s and the
insurer Progressive to buy ads on the social network and measure their
effectiveness.
Facebook’s ad rates are generally set through a bidding process, and Mr. Jewell
said that his clients paid about 10 percent more on average for ads in the
second quarter than in the first quarter. Ads in the news feed, both on the
desktop and mobile versions of Facebook, were in particularly high demand, with
rates up about 75 percent from the first quarter for both categories, he said.
“Facebook is the best channel for mobile app advertisers to purchase
advertising,” Mr. Jewell said.
In the second quarter of 2012, the company reported a net loss of $743 million,
or 8 cents a share. But that figure included $1.3 billion in compensation
expenses related to the company’s initial public offering. In the year ago
quarter, Facebook’s revenue was $1.2 billion.
The company far exceeded Wall Street’s expectations. Analysts had predicted the
company would report earnings of 14 cents a share, excluding stock compensation
costs, on revenue of $1.62 billion, according to a survey by Thomson Reuters.
Facebook’s surprisingly strong second-quarter earnings contrasted with those of
Google, which last week reported disappointing profits in mobile advertising.
While the two companies are not strictly comparable because Facebook is
expanding its ads from a much a smaller base, Ronald Josey, an analyst at JMP
Securities, said Facebook was doing extremely well in mobile categories like ads
prompting users to install new mobile applications.
“This company is becoming more and more of a mobile company,” he said.
This article
has been revised to reflect the following correction:
Correction: July 24, 2013
An earlier version of this article
misstated the
title of Rob Jewell.
He is the
chief executive of Spruce Media,
not the
president.
Facebook Is Erasing Doubts on Mobile, NYT, 24.7.2013,
http://www.nytimes.com/2013/07/25/technology/
facebook-beats-expectations-on-strong-mobile-growth.html
Facebook
Shares
Touch a
Symbolic Threshold
July 31,
2013
The New York Times
By VINDU GOEL
SAN
FRANCISCO — It took more than a year, but Facebook’s stock has fought its way
back.
On Wednesday morning, the company’s stock crossed an important psychological
barrier, trading above $38 a share, the price at which Facebook, the world’s
leading social network, first sold shares to the public in May 2012.
The catalyst for the rise was the company’s surprisingly strong second-quarter
earnings report last Wednesday, which quelled many investors’ doubts about
Facebook’s ability to make money from its legions of mobile users and suggested
that the company’s profit stream would continue growing.
Since last week’s report, shares have risen about 34 percent. Early Wednesday,
they briefly touched $38.31 a share, although they pulled back to end at $36.80
a share at the time the market closed.
The company’s shares hit a low of $17.55 last fall. Since then, investors have
warmed to the company as its management demonstrated that it can increase
profits and not just users.
“There was a perception that they hadn’t monetized the users they have,” said
Aaron Kessler, an analyst at the Raymond James brokerage firm, referring to last
summer, when the Facebook’s stock was trading at half the current level.
These days, Wall Street sees revenue potential everywhere — from soon-to-come
video ads in the Facebook news feed to the expansion of high-dollar ads targeted
to specific swaths of Facebook users.
“Facebook was caught flat-footed by the shift to mobile,” said Mark S. Mahaney,
an analyst with RBC Capital Markets. Now, he said, “they appear to be set up as
a sustainable, high-growth business.”
Still, there are reasons to be concerned. Mobile messaging platforms like
Snapchat and WhatsApp are grabbing the attention of many of Facebook’s younger
users. Twitter is mounting a major effort to go after marketers, especially
brands that typically advertise on television, as it prepares for its own likely
public offering.
And Facebook risks turning off users with too many ads. About 1 in 20 items in
the news feed, the main flow of items that a Facebook user sees, is an ad.
During the company’s quarterly conference call with analysts, Facebook’s
co-founder and chief executive, Mark Zuckerberg, said that users were beginning
to notice the number of ads, suggesting that the company could not greatly
increase their frequency without losing some users.
Nate Elliott, a principal analyst with Forrester Research, said Facebook users
who visit the site on a computer’s browser still see too many cheap, poorly
targeted ads on the right side of the page. “They’ve got to get much better at
targeting,” he said.
Despite these worries, investors’ views of the company’s prospects have clearly
changed.
Mr. Mahaney, whose firm has a $40 price target on the Facebook stock, said that
analysts across Wall Street had increased their projections of the company’s
financial performance. Analysts now expect Facebook to increase its profits 30
to 35 percent a year through 2015.
Because stocks tend to trade as a multiple of a company’s future profits, those
upgrades last week sent Facebook’s stock soaring.
Facebook officials declined to comment on the stock rise on Wednesday. But for
the company’s executives, who had urged investors to be patient as their
strategy played out, the surge surely offers some vindication.
The company raised $16 billion from the initial public offering on May 18, 2012,
vaulting it into the big leagues of American stocks, but problems struck
immediately. The Nasdaq stock exchange botched the handling of buy and sell
orders on the first day of trading — so badly, in fact, that regulators
eventually fined Nasdaq $10 million for the fiasco.
In ensuing weeks, Facebook shares continued to fall. Instead of pouring into the
stock, as they did a decade earlier with Google, many investors questioned
whether Facebook’s stock was overpriced at $38 a share.
Particularly worrisome was Facebook’s seemingly nonexistent mobile strategy just
as Internet users were abandoning PCs for their smartphones. The company’s
smartphone and iPad applications were clunky, and it was generating no revenue
from mobile ads.
Facebook’s management, including Mr. Zuckerberg, recognized the problem and
began a crash course to revamp the company’s approach to mobile and better
position the company for fast-growing emerging markets.
The company overhauled its apps, introduced ads into its users’ news feeds, and
created a new category of revenue called app-install ads. With the app-install
ads, a game maker, for example, can promote its new game in Facebook’s mobile
software and give users an easy way to install the app with just a couple of
clicks.
Facebook also introduced new advertising products meant to give marketers more
ways to target specific groups of customers, which allowed the service to charge
higher advertising rates.
While mobile advertising continues to grow, and was about 41 percent of
Facebook’s ad revenue in the second quarter, investors are also looking to new
areas of potential profit growth. Those include video advertising in the news
feed, which is expected to begin later this year, and the possible sale of ads
in Instagram, the fast-growing photo and video-sharing app that Facebook bought
in 2012.
“All of those seem like relatively large low-hanging fruit, and they are
starting to go after them,” Mr. Mahaney said.
Facebook Shares Touch a Symbolic Threshold, NYT, 31.7.2013,
http://www.nytimes.com/2013/08/01/technology/
facebook-briefly-trades-above-ipo-price.html
A Mixed Verdict on Manning
July 30,
2013
The New York Times
By THE EDITORIAL BOARD
Lurking
just behind a military court’s conviction of Pfc. Bradley Manning, on charges
that included multiple violations of the Espionage Act, is a national-security
apparatus that has metastasized into a vast and largely unchecked exercise of
government secrecy and the overzealous prosecution of those who breach it.
Private Manning, a 25-year-old former intelligence analyst who served in Iraq,
was arrested in 2010 and charged with the largest military leak in United States
history. Private Manning shared 700,000 documents with the antisecrecy group
WikiLeaks, and several international news organizations, including The New York
Times, published extensive excerpts and articles on the documents.
Private Manning’s original leaks seemed careless in some ways, including names
and details of American operations that The Times and other organizations did
not publish. But there was also real value for the public in the documents about
the conduct of the war in Iraq, including a video of a military helicopter
shooting at two vans and killing civilians, including two Reuters journalists.
The judge in the court-martial, Col. Denise Lind, was wise to acquit Private
Manning on the most serious charge against him — that he had “aided the enemy,”
in this case Al Qaeda, by uploading the documents to the Internet, where he
should have known Al Qaeda would be able to get them. Aiding the enemy is
punishable by death. To convict under this law without requiring at least an
intent to communicate with an enemy would have severely chilling implications
for free speech, particularly in the age of the Internet.
There is no question that Private Manning broke laws. In February he pleaded
guilty to 10 of the less serious charges against him, which exposed him to up to
20 years in prison. But prosecutors continued to press the more serious charges,
which included violations of the Espionage Act, a 1917 law that has become the
Obama administration’s hobbyhorse to go after government workers whose actions
look nothing like spying. Under President Obama, the government has brought
espionage charges more than twice as often under that particular law as all
previous administrations combined.
Americans accept that material must be classified in the interest of national
security. But that acceptance is severely tested when the government classifies
more than 92 million documents in a year. In addition to the administration’s
overuse of the Espionage Act and its overly aggressive leak investigations, the
trust between the government and the public has been strained by the National
Security Agency’s indiscriminate collection of all Americans’ telephone logs,
based on a spurious reinterpretation of the Patriot Act.
The administration’s effort to chill connections between the news media and
confidential sources in government did not work with Edward Snowden, who
revealed the phone records sweep last month. And there are 4.2 million people
who have security clearance to view classified information. But investigative
journalists are reasonably concerned that prosecutions will cut off their access
to critical sources of information.
When he entered his guilty plea, Private Manning said he was trying to shed
light on the “day-to-day reality” of American war efforts. He hoped the
information “could spark a debate about foreign policy in relation to Iraq and
Afghanistan.” These are not the words of a man intent on bringing down the
government. On the contrary, Private Manning continues to express his devotion
to his country, despite being held without trial for three years, nine months of
which amounted to punitive and abusive solitary confinement.
Private Manning still faces the equivalent of several life sentences on the
espionage counts regarding disclosure of classified information. The government
should satisfy itself with a more moderate sentence and then do something about
its addiction to secrecy.
A Mixed Verdict on Manning, NYT, 30.7.2013,
http://www.nytimes.com/2013/07/31/opinion/a-mixed-verdict-on-manning.html
Manning
Is Acquitted of Aiding the Enemy
July 30,
2013
The New York Times
By CHARLIE SAVAGE
FORT MEADE,
Md. — A military judge on Tuesday found Pfc. Bradley Manning not guilty of
“aiding the enemy” for his release of hundreds of thousands of military and
diplomatic documents to WikiLeaks for publication on the Internet, rejecting the
government’s unprecedented effort to bring such a charge in a leak case.
But the judge in the court-martial, Col. Denise R. Lind, convicted Private
Manning of six counts of violating the Espionage Act of 1917 and most of the
other crimes he was charged with. He faces a theoretical maximum sentence of 136
years in prison, although legal experts said the actual term was likely to be
much shorter.
While advocates of open government celebrated his acquittal on the most serious
charge, the case still appears destined to stand as a fierce warning to any
government employee who is tempted to make public vast numbers of secret
documents. Private Manning’s actions lifted a veil on American military and
diplomatic activities around the world, and engendered a broad debate over what
information should become public, how the government treats leakers, and what
happens to those who see themselves as whistle-blowers.
“We always hate to see a government employee who was trying to publicize
wrongdoing convicted of a crime, but this case was unusual from the start
because of the scope of his release,” said Gregg Leslie of the Reporters
Committee for Freedom of the Press, adding, “Whistle-blowers always know they
are taking risks, and the more they reveal the bigger the threat is against
them.”
Colonel Lind said she would issue findings later that would explain her ruling
on each of the charges. But she appeared to reject the government’s theory that
an employee who gives information about national security matters to an
organization that publishes it online for the world to see is guilty of aiding
the enemy.
The premise of that theory is that the world includes not just ordinary people
who might engage in socially valuable debate, but also enemies like Al Qaeda.
Critics have said that it is not clear how giving information to WikiLeaks is
different for legal purposes from giving it to traditional news organizations
that publish online.
Yochai Benkler, a Harvard law professor who testified in Private Manning’s
defense, praised the judge for making an “extremely important decision” that he
portrayed as denying “the prosecution’s effort to launch the most dangerous
assault on investigative journalism and the free press in the area of national
security that we have seen in decades.”
But, he said, the decades of imprisonment that Private Manning could face “is
still too high a price for any democracy to demand of its whistle-blowers.”
The sentencing phase will begin on Wednesday, with more than 20 witnesses
scheduled to appear for both the prosecution and the defense. It could last for
weeks; there are no sentencing guidelines or minimum sentences in the military
justice system. Private Manning’s appeals could go on for years, legal experts
said.
Eugene R. Fidell, who teaches military law at Yale Law School, said Private
Manning would not be sentenced to anywhere near the 136-year maximum because
Colonel Lind was likely to collapse some charges so he did not “get punished
twice for the same underlying conduct.”
The case has arisen amid a crackdown by the Obama administration on leaks and a
debate about government secrecy. Private Manning is one of seven people to be
charged in connection with leaking to the news media during the Obama
administration; during all previous administrations, there were three.
The Justice Department recently won an appeals court ruling forcing James Risen,
a reporter for The New York Times and an author, to testify in the criminal
trial of a former intelligence official accused of being his source. And it has
used aggressive tactics in secretly subpoenaing communications records of
reporters for Fox News and The Associated Press.
Most reporters watched the proceedings from a closed-circuit feed in a filing
center. One who was inside the small courtroom said that Private Manning, 25,
appeared relaxed when he entered the room. But as the hour drew near he grew
more stoic, and he showed no emotion as he stood while Colonel Lind marched
through the litany of charges.
The “aiding the enemy” charge was the first in the list, and she said “not
guilty.” But she quickly moved into a long list of guilty findings for the bulk
of the remaining charges, including six counts of violating the Espionage Act,
five of stealing government property, and one violation of the Computer Fraud
and Abuse Act. Each carries up to a 10-year sentence.
Colonel Lind accepted Private Manning’s guilty pleas on two lesser counts, one
of which involved leaking a video of an American helicopter attack in Baghdad.
She also found him not guilty of leaking in 2009 a video of an airstrike in
Afghanistan; he had admitted leaking it, but said he did so later than the time
in the charge.
Steven Aftergood, the director of the project on government secrecy for the
Federation of American Scientists, called Private Manning’s many other
convictions “a weighty verdict that the prosecution would count as a win,” but
he argued that the “larger significance of the case” for open government may be
limited, since most leakers do not disclose entire databases.
Months before the trial, Private Manning confessed to being WikiLeaks’ source
for videos of airstrikes in which civilians were killed; incident reports from
the Afghanistan and Iraq wars; dossiers on detainees at Guantánamo Bay, Cuba;
and about 250,000 diplomatic cables.
Private Manning also pleaded guilty to a lesser version of the charges against
him, although that was not part of any bargain with prosecutors. The move was
unusual, and it appeared aimed at trying to persuade the judge to view Private
Manning as having taken responsibility for his actions, while recasting the
trial as a test of whether the government had brought excessive charges in the
case.
The government elected to press forward with trying to convict Private Manning
of the more serious charges. Prosecutors portrayed him as an “anarchist” and a
“traitor” who recklessly endangered lives out of a desire to “make a splash.”
The defense portrayed him as a young, naïve, but good-intentioned humanist who
wanted to prompt debate and change.
Hours before the verdict, about two dozen supporters of Private Manning gathered
at the main gate to Fort Meade displaying signs with messages like
“whistle-blowers keep us honest.” After the verdict, his supporters announced a
protest rally Tuesday in front of the White House.
But Representatives Mike Rogers of Michigan and C. A. Dutch Ruppersberger of
Maryland, the top Republican and Democrat on the House Intelligence Committee,
praised the verdict.
“Justice has been served today,” they said in a statement. “Pfc. Manning harmed
our national security, violated the public’s trust, and now stands convicted of
multiple serious crimes.”
Manning Is Acquitted of Aiding the Enemy, NYT, 30.7.2013,
http://www.nytimes.com/2013/07/31/us/bradley-manning-verdict.html
In the
Beginning Was the Word;
Now the
Word Is on an App
July 26,
2013
The New York Times
By AMY O’LEARY
EDMOND,
Okla. — More than 500 years after Gutenberg, the Bible is having its i-moment.
For millions of readers around the world, a wildly successful free Bible app,
YouVersion, is changing how, where and when they read the Bible.
Built by LifeChurch.tv, one of the nation’s largest and most technologically
advanced evangelical churches, YouVersion is part of what the church calls its
“digital missions.” They include a platform for online church services and
prepackaged worship videos that the church distributes free. A digital tithing
system and an interactive children’s Bible are in the works.
It’s all part of the church’s aspiration to be a kind of I.T. department for
churches everywhere. YouVersion, with over 600 Bible translations in more than
400 languages, is by far the church’s biggest success. The app is
nondenominational, including versions embraced by Catholics, Russian Orthodox
and Messianic Jews. This month, the app reached 100 million downloads, placing
it in the company of technology start-ups like Instagram and Dropbox.
“They have defined what it means to access God’s word on a mobile device,” said
Geoff Dennis, an executive vice president of Crossway, one of many Bible
publishers — from small presses to global Bible societies to News Corporation’s
Thomas Nelson imprint — that have licensed their translations, free, to the
church.
When Jen Sears, 37, a human resources manager in Oklahoma City, wants to pray
these days, she leaves her Bible behind and grabs her phone instead.
“I have my print Bible sitting on my dresser at home, but it hasn’t moved” in
the four years since she downloaded YouVersion, Mrs. Sears said.
The app, marketed simply as “The Bible,” has brought new donors to
LifeChurch.tv. About $3 million was given by a handful of large donors to
support development of the app last year; the church raised nearly $60 million
over all, according to its financial statements. The church says it will have
spent almost $20 million over all on YouVersion by the end of this year.
The church was founded in 1996 by a team consisting mostly of former business
executives. It is affiliated with the Evangelical Covenant Church, a wider
association of 850 congregations, which gives its members wide latitude in their
operations. It has 50,000 weekly attendees in 16 locations.
The Gutenberg behind YouVersion is the church’s 36-year-old “innovation pastor,”
Bobby Gruenewald, whose training was in business, not religion.
Mr. Gruenewald grew up in Decatur, Ill., in an evangelical church, where as a
teenager he started a Christian rap ministry. Later, he moved to Oklahoma to
join his sixth-grade crush, now his wife, who left Illinois to study at Southern
Nazarene University.
Here at the church’s headquarters, Mr. Gruenewald wears the same tennis shoes,
slouchy jeans and T-shirts that suited him as a Christian rapper and small-time
entrepreneur who bluffed his way into building Web sites, then ran a Web hosting
company out of his dorm room and later sold a pro-wrestling fan Web site for $7
million.
He joined LifeChurch.tv in 2001 after playing keyboard in its house band. Since
then, the church has allowed him to experiment without an eye to profit.
Mr. Gruenewald’s early efforts for LifeChurch.tv included a virtual church for
the online Second Life community and a Google ad campaign to lure pornography
consumers to the church instead. But then he had a critical insight: if the
church wanted to attract younger people, it needed both to be technically
advanced and to offer its resources free.
“We have a generation of people that can’t fathom paying 99 cents for a song
that they love,” Mr. Gruenewald said, “and we were asking them to pay $20 for a
book that they don’t understand.”
He made YouVersion available in 2008, as the first Bible in Apple’s App Store.
That early release contained only a few translations, like the King James
Version, mostly in the public domain. When he began trying to persuade
traditional Bible publishers to enter licensing arrangements with him, he
encountered suspicion.
“People would say: ‘If people read it on YouVersion and they’re not paying
anything for it, what’s going to happen to my pew Bibles?’ ” said Mr. Dennis of
Crossway. “‘What’s going to happen to the thinline Bible that people carry to
church?’”
Adam Graber of Tyndale House, another publisher that provides translations for
the app, expressed some reservations about YouVersion’s strong position in the
market for Bible apps.
“One major player emerges, whether it’s Apple or Google or YouVersion,” he said.
“It has its drawbacks in the sense that it gives people fewer options and it
definitely consolidates power and kind of clumps that power into a few people’s
hands.”
But Mr. Graber also said he saw benefits in being part of the app; he said he
hoped readers who use his company’s translation would later buy additional print
or digital editions.
He compared the relationship between YouVersion and traditional publishers to
the “freemium” strategy common in mobile games where the core content is free,
but extra features cost money. In this case, those extras are things like
devotional Bibles, study Bibles or gold-embossed heirloom Bibles.
As YouVersion became increasingly popular, other publishers also came to view
the app as a positive force — less a threat than a marketing opportunity.
Although there are no ads on the app and no plans to create any, Mr. Gruenewald
said, YouVersion collects vast amounts of data on Bible readership patterns.
That trove of data provides valuable information about the habits and
preferences of Christians that YouVersion selectively shares with its
traditional publishing partners, such as which verses are the most popular
within their own translations.
Today, the app contains everything from the New International Version to “The
Message,” an ultramodern interpretation that reads like a juicy novel. It also
includes the so-called Orthodox Jewish Bible, which was actually developed for a
religious sect known as Messianic Jews, who believe that Jesus is the Messiah
that the Jews await.
And it has become a platform for evangelical leaders like Rick Warren to reach
millions of people with custom reading plans; the pastor Billy Graham is the
most recent addition. On Sunday mornings, as pastors around the country preach
from iPads while congregations click on Corinthians, YouVersion’s servers track
more than 600,000 requests every minute.
And lately the church has fielded a variety of requests, including from a
Christian music Web site, a major Hollywood movie studio and television
producers like Mark Burnett and Roma Downey, who featured YouVersion alongside
their biblical History Channel mini-series this year.
Scott Thumma, a professor at the Hartford Institute for Religion Research, who
studies large American churches, said YouVersion filled a longstanding vacuum
for technological products aimed at a religious market. He called LifeChurch.tv
“the most innovative congregation in the country in developing and using
technology.”
The app has gained appreciation in the tech world as well.
“This is a remarkable tech start-up by any measure,” said Chi-Hua Chien, a
partner at the Silicon Valley venture capital firm Kleiner Perkins and a
Christian who has offered informal advice to Mr. Gruenewald. He compared
YouVersion with well-known ventures like Pinterest or Path.
“It is certainly going to be the most important distribution channel for anyone
who is creating Christian faith content,” he said. “Where else can you go and
reach 100 million people?”
In the Beginning Was the Word; Now the Word Is on an App, NYT, 26.7.2013,
http://www.nytimes.com/2013/07/27/technology/
the-faithful-embrace-youversion-a-bible-app.html
For Developing World,
a
Streamlined Facebook
July 21,
2013
The New York Times
By VINDU GOEL
MENLO PARK,
Calif. — Facebook has been quietly working for more than two years on a project
that is vital to expanding its base of 1.1 billion users: getting the social
network onto the billions of cheap, simple “feature phones” that have largely
disappeared in America and Europe but are still the norm in developing countries
like India and Brazil.
Facebook soon plans to announce the first results of the initiative, which it
calls Facebook for Every Phone: More than 100 million people, or roughly one out
of eight of its mobile users worldwide, now regularly access the social network
from more than 3,000 different models of feature phones, some costing as little
as $20.
Many of those users, who rank among the world’s poorest people, pay little or
nothing to download their Facebook news feeds and photos, with the data usage
subsidized by phone carriers and manufacturers.
Facebook has only just begun to sell ads to these customers, so it makes no
money from them yet. But the countries in which the simple phone software is
doing the best — India, Indonesia, Mexico, Brazil and Vietnam — are among the
fastest-growing markets for use of the Internet and social networks, according
to the research firm eMarketer.
Like many other giants of the technology industry, Facebook is struggling with
the seismic shift of its customers away from computers to mobile devices and the
erosion of profit that can bring.
Last year, the company overhauled its apps for Apple iPhones and Android-based
smartphones to improve mobile access while introducing new types of ads that
nudge users to install a new game or other apps on their phones. But customer
growth in developed markets like the United States has still slowed markedly
because just about everyone who wants to be on Facebook has already joined the
network.
Analysts say Facebook has a powerful opportunity to win the long-term loyalty of
millions of new global users by giving them their first taste of the Internet
through Facebook on a simple cellphone.
“In a lot of foreign markets, people think that the Internet is Facebook,” said
Clark Fredricksen, a vice president at eMarketer.
Those users, Facebook hopes, will become more attractive to advertisers as their
incomes grow and they gain broader access to the Web.
The feature phone project was driven by a small group of people who joined
Facebook in 2011, when it purchased a start-up called Snaptu. The team had to
re-engineer Facebook’s software to drastically shrink the amount of data sent
over slow cellular networks. They also had to find a way to quickly display
familiar Facebook features like chat and photos on phones with very basic
computing power and low-resolution screens.
“We actually run the apps on our servers,” said Ran Makavy, who was chief
executive of Snaptu and now runs Facebook’s feature phone project. “The result
was something that looks almost like a smartphone app.”
The software has features that are common in more advanced versions of Facebook,
including sticker-size emoticons in chat and Instagram-style filters to dress up
photos. (Facebook for Every Phone can be used by feature phone customers
anywhere, including those in the United States. It can be downloaded from
Facebook using the phone’s mobile browser or obtained from app stores operated
by the phone maker or independent companies like Getjar.)
Brian Blau, who studies consumer technologies at the research firm Gartner, said
that given Facebook’s mission of linking the entire globe through its service,
it needed to reach out to the least tech-savvy customers.
“They talk about socially connecting the world together,” he said. “They can’t
do that until they connect people who don’t have smartphones or computers.”
To understand how far Facebook has come in its approach to mobile devices,
consider this: until two years ago, the only way to sign up for the service was
through a Web browser, which is much slower to use than an app. Facebook
originally viewed phones as mostly useful for posting status updates, not as a
primary way to access the service, said Javier Olivan, who heads Facebook’s
growth team.
Eventually, the company realized that tens of millions of people in developing
countries were eager to try Facebook but had no access to a computer, nor could
they afford the $600 iPhones or $40-a-month data plans common in the developed
world.
“It became very obvious that the next wave of users would come on mobile only,”
Mr. Olivan said in an interview last week.
To go after those customers, Facebook spent a reported $70 million to buy
Snaptu, an Israeli company that had begun to offer primitive versions of
Facebook and other apps on simple cellphones.
The acquisition “unlocked an opportunity for us,” Mr. Olivan said.
From virtually no users on feature phones a couple of years ago, the company has
grown to 100 million active users. Facebook declined to offer any specific
predictions about the growth of its service on either smartphones or feature
phones.
The immediate prospects of making money from feature phone users are modest.
During the first quarter of this year, Facebook got only 24 percent of its $1.5
billion in revenue from outside of the United States, Canada and Europe. It is
just beginning to ramp up its mobile advertising revenue, which was 30 percent
of its overall global ad revenue in the first quarter. Those mobile ads are not
as profitable as desktop ads, whose growth is flat.
The company will report its second-quarter earnings on Wednesday, but analysts
expect that developed markets will be the biggest source of Facebook’s revenue
and profit for a long time.
Still, there is a longer-term business opportunity, for both Facebook and its
phone industry partners, as mobile usage grows in Asia, Latin America and
Africa.
Facebook has struck promotional deals with phone makers like Nokia, which in May
announced a $99 feature phone called the Asha 501 that includes free Facebook
access for customers of certain carriers, including Bharti Airtel, which serves
India and much of Africa.
The social network gets legions of new users from such deals, and the carriers
and phone manufacturers hope that once customers get a taste of the Internet
through Facebook, they will be willing to pay for more data access and better
phones.
“It drives people to use data,” Mr. Makavy said.
Mr. Olivan said Facebook has found that many users of the feature phone
software, despite slow and erratic data connections, are more engaged with the
service than customers using iPhones on fast networks. That engagement might be
attractive to advertisers.
The development of the feature phone technology, which is five to 10 times more
efficient than Facebook’s smartphone apps, has paid other dividends, teaching
the company how to improve the rest of its software.
“We’re working on bringing a lot of the ideas into smartphone apps,” Mr. Olivan
said.
But Mr. Makavy says he sees a strong future for the feature phone version of
Facebook. Even in places where sales of new feature phones are slowing, use of
the mobile Internet on them is growing.
“Before, maybe 2 percent were connecting,” he said. “Now it’s like 25 percent. I
think there is a pretty long runway still.”
For Developing World, a Streamlined Facebook, NYT, 21.7.2013,
http://www.nytimes.com/2013/07/22/technology/
for-developing-world-a-lightweight-facebook.html
Universities
Face a
Rising Barrage of Cyberattacks
July 16,
2013
The New York Times
By RICHARD PÉREZ-PEÑA
America’s
research universities, among the most open and robust centers of information
exchange in the world, are increasingly coming under cyberattack, most of it
thought to be from China, with millions of hacking attempts weekly. Campuses are
being forced to tighten security, constrict their culture of openness and try to
determine what has been stolen.
University officials concede that some of the hacking attempts have succeeded.
But they have declined to reveal specifics, other than those involving the theft
of personal data like Social Security numbers. They acknowledge that they often
do not learn of break-ins until much later, if ever, and that even after
discovering the breaches they may not be able to tell what was taken.
Universities and their professors are awarded thousands of patents each year,
some with vast potential value, in fields as disparate as prescription drugs,
computer chips, fuel cells, aircraft and medical devices.
“The attacks are increasing exponentially, and so is the sophistication, and I
think it’s outpaced our ability to respond,” said Rodney J. Petersen, who heads
the cybersecurity program at Educause, a nonprofit alliance of schools and
technology companies. “So everyone’s investing a lot more resources in detecting
this, so we learn of even more incidents we wouldn’t have known about before.”
Tracy B. Mitrano, the director of information technology policy at Cornell
University, said that detection was “probably our greatest area of concern, that
the hackers’ ability to detect vulnerabilities and penetrate them without being
detected has increased sharply.”
Like many of her counterparts, she said that while the largest number of attacks
appeared to have originated in China, hackers have become adept at bouncing
their work around the world. Officials do not know whether the hackers are
private or governmental. A request for comment from the Chinese Embassy in
Washington was not immediately answered.
Analysts can track where communications come from — a region, a service
provider, sometimes even a user’s specific Internet address. But hackers often
route their penetration attempts through multiple computers, even multiple
countries, and the targeted organizations rarely go to the effort and expense —
often fruitless — of trying to trace the origins. American government officials,
security experts and university and corporate officials nonetheless say that
China is clearly the leading source of efforts to steal information, but
attributing individual attacks to specific people, groups or places is rare.
The increased threat of hacking has forced many universities to rethink the
basic structure of their computer networks and their open style, though
officials say they are resisting the temptation to create a fortress with high
digital walls.
“A university environment is very different from a corporation or a government
agency, because of the kind of openness and free flow of information you’re
trying to promote,” said David J. Shaw, the chief information security officer
at Purdue University. “The researchers want to collaborate with others, inside
and outside the university, and to share their discoveries.”
Some universities no longer allow their professors to take laptops to certain
countries, and that should be a standard practice, said James A. Lewis, a senior
fellow at the Center for Strategic and International Studies, a policy group in
Washington. “There are some countries, including China, where the minute you
connect to a network, everything will be copied, or something will be planted on
your computer in hopes that you’ll take that computer back home and connect to
your home network, and then they’re in there,” he said. “Academics aren’t used
to thinking that way.”
Bill Mellon of the University of Wisconsin said that when he set out to overhaul
computer security recently, he was stunned by the sheer volume of hacking
attempts.
“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our
system,” said Mr. Mellon, the associate dean for research policy. “There are
also a lot from Russia, and recently a lot from Vietnam, but it’s primarily
China.”
Other universities report a similar number of attacks and say the figure is
doubling every few years. What worries them most is the growing sophistication
of the assault.
For corporations, cyberattacks have become a major concern, as they find
evidence of persistent hacking by well-organized groups around the world — often
suspected of being state-sponsored — that are looking to steal information that
has commercial, political or national security value. The New York Times
disclosed in January that hackers with possible links to the Chinese military
had penetrated its computer systems, apparently looking for the sources of
material embarrassing to China’s leaders.
This kind of industrial espionage has become a sticking point in United
States-China relations, with the Obama administration complaining of organized
cybertheft of trade secrets, and Chinese officials pointing to revelations of
American spying.
Like major corporations, universities develop intellectual property that can
turn into valuable products like prescription drugs or computer chips. But
university systems are harder to secure, with thousands of students and staff
members logging in with their own computers.
Mr. Shaw, of Purdue, said that he and many of his counterparts had accepted that
the external shells of their systems must remain somewhat porous. The most
sensitive data can be housed in the equivalent of smaller vaults that are harder
to access and harder to move within, use data encryption, and sometimes are not
even connected to the larger campus network, particularly when the work involves
dangerous pathogens or research that could turn into weapons systems.
“It’s sort of the opposite of the corporate structure,” which is often tougher
to enter but easier to navigate, said Paul Rivers, manager of system and network
security at the University of California, Berkeley. “We treat the overall
Berkeley network as just as hostile as the Internet outside.”
Berkeley’s cybersecurity budget, already in the millions of dollars, has doubled
since last year, responding to what Larry Conrad, the associate vice chancellor
and chief information officer, said were “millions of attempted break-ins every
single week.”
Mr. Shaw, who arrived at Purdue last year, said, “I’ve had no resistance to any
increased investment in security that I’ve advocated so far.” Mr. Mellon, at
Wisconsin, said his university was spending more than $1 million to upgrade
computer security in just one program, which works with infectious diseases.
Along with increased spending has come an array of policy changes, often after
consultation with the F.B.I. Every research university contacted said it was in
frequent contact with the bureau, which has programs specifically to advise
universities on safeguarding data. The F.B.I. did not respond to requests to
discuss those efforts.
Not all of the potential threats are digital. In April, a researcher from China
who was working at the University of Wisconsin’s medical school was arrested and
charged with trying to steal a cancer-fighting compound and related data.
Last year, Mr. Mellon said, Wisconsin began telling faculty members not to take
their laptops and cellphones abroad, for fear of hacking. Most universities have
not gone that far, but many say they have become more vigilant about urging
professors to follow federal rules that prohibit taking some kinds of sensitive
data out of the country, or have imposed their own restrictions, tighter than
the government’s. Still others require that employees returning from abroad have
their computers scrubbed by professionals.
That kind of precaution has been standard for some corporations and government
agencies for a few years, but it is newer to academia.
Information officers say they have also learned the hard way that when a
software publisher like Oracle or Microsoft announces that it has discovered a
security vulnerability and has developed a “patch” to correct it, systems need
to apply the patch right away. As soon as such a hole is disclosed, hacker
groups begin designing programs to take advantage of it, hoping to release new
attacks before people and organizations get around to installing the patch.
“The time between when a vulnerability is announced and when we see attempts to
exploit it has become extremely small,” said Mr. Conrad, of Berkeley. “It’s
days. Sometimes hours.”
Universities Face a Rising Barrage of Cyberattacks, NYT, 16.7.2013,
http://www.nytimes.com/2013/07/17/education/
barrage-of-cyberattacks-challenges-campus-culture.html
Offering Snowden Aid,
WikiLeaks Gets Back in the Game
June 23,
2013
The New York Times
By SCOTT SHANE
WikiLeaks
once again seized the global spotlight on Sunday by assisting Edward J. Snowden
in his daring flight from Hong Kong, mounting a bold defense of the culture of
national security disclosures that it has championed and that has bedeviled the
United States and other governments.
Accompanying Mr. Snowden on the Aeroflot airliner that carried him on Sunday
from Hong Kong to Moscow — continuing a global cat-and-mouse chase that might
have been borrowed from a Hollywood screenplay — was a British WikiLeaks
activist, Sarah Harrison. The group’s founder, Julian Assange, who has been
given refuge for the last year in Ecuador’s embassy in London, met last week
with Ecuador’s foreign minister to support Mr. Snowden’s asylum request. And
Baltasar Gárzon, the legal director of WikiLeaks and a former Spanish judge, is
leading a volunteer legal team advising him on how to stay out of an American
prison.
“Mr. Snowden requested our expertise and assistance,” Mr. Assange said in a
telephone interview from London on Sunday night. “We’ve been involved in very
similar legal and diplomatic and geopolitical struggles to preserve the
organization and its ability to publish.”
By Mr. Assange’s account, the group helped obtain and deliver a special refugee
travel document to Mr. Snowden in Hong Kong that, with his American passport
revoked, may now be crucial in his bid to travel onward from Moscow.
More broadly, WikiLeaks brought to global attention the model that Mr. Snowden
has wholeheartedly embraced: that of the conscience-stricken national security
worker who takes his concerns not to his boss or other official channels but to
the public.
The group’s assistance for Mr. Snowden shows that despite its shoestring staff,
limited fund-raising from a boycott by major financial firms, and defections
prompted by Mr. Assange’s personal troubles and abrasive style, it remains a
force to be reckoned with on the global stage.
“As an act of international, quasi-diplomatic intrigue, it’s impressive,” Steven
Aftergood, director of the Project on Government Secrecy at the Federation of
American Scientists, said of WikiLeaks’ role in Mr. Snowden’s flight. “It’s an
extraordinary turn of events.”
The antisecrecy advocates are themselves secretive — Mr. Assange said he could
not reveal the number of paid staffers at WikiLeaks because of “assassination
threats” or its budget because of the “banking blockade” — but the group has
dedicated volunteers in several countries, notably Britain and Iceland, and a
large number of supporters.
Since publishing the military and diplomatic documents in 2009 and 2010 that
made it famous, the group has released several lower-profile collections:
documents on commercial spying equipment; internal e-mails of an American
security consulting company, Stratfor; millions of e-mails sent by Syrian
government and business officials; and a library of cables to and from Henry
Kissinger, the former secretary of state, though most of those were already
public.
Mr. Assange said that WikiLeaks, which he started in 2006, has a “seven-year
history of publishing documents from every country in the world.” He added:
“We’ve documented hundreds of thousands of deaths and assassinations, billions
of dollars of corruption. We’ve affected elections and prompted reforms.”
WikiLeaks played no role in Mr. Snowden’s disclosures of classified documents he
took from his job as a National Security Agency contractor. But since joining
forces with him, WikiLeaks has used his case to boost its profile; its Twitter
feed on Sunday made an appeal for donations along with news about Mr. Snowden’s
flight.
Even as Mr. Snowden’s odyssey continued, the source whose disclosures brought
WikiLeaks to broad public attention, Pfc. Bradley Manning, was in a military
cell in the fourth week of his court-martial at Fort Meade, Md. Private Manning,
who became disillusioned as an intelligence analyst in Iraq, has admitted that
he gave WikiLeaks roughly 700,000 confidential government documents. He faces a
possible sentence of life in prison if convicted of charges that include
espionage and aiding the enemy.
In a statement on Saturday, Mr. Assange suggested that President Obama was the
real “traitor,” for betraying the hopes of a generation of idealists represented
by both Private Manning and Mr. Snowden.
“They are young, technically minded people from the generation that Barack Obama
betrayed,” Mr. Assange wrote on the WikiLeaks Web site. “They are the generation
that grew up on the Internet, and were shaped by it. The U.S. government is
always going to need intelligence analysts and systems administrators, and they
are going to have to hire them from this generation and the ones that follow
it.”
Mr. Assange added a warning to the government: “By trying to crush these young
whistle-blowers with espionage charges, the U.S. government is taking on a
generation, and that is a battle it is going to lose.”
The claim sounded like bravado. But Mr. Snowden is the seventh person to be
prosecuted by the Obama administration in its unprecedented campaign against
leaks. And while by many accounts the threat of prosecution has distinctly
chilled conventional national security reporting, Mr. Snowden has said he was
inspired to leak by several high-profile, self-described whistle-blowers who
have faced criminal charges since 2010: Private Manning; Thomas Drake, a former
N.S.A. official; and John Kiriakou, a former C.I.A. officer now serving a prison
term.
Instead of waiting on American soil to be arrested, Mr. Snowden headed to Hong
Kong before going public and sought help from WikiLeaks more than a week ago.
Explaining his decision to leave the United States, he said in an online
question-and-answer session with The Guardian that it made no sense to
“volunteer” for prosecution at home “if you can do more good outside of prison
than in it.”
Though in one initial comment Mr. Snowden appeared to distance himself from
WikiLeaks and Private Manning — suggesting that he had deliberately been more
selective in his leaks than the soldier had been — he later said that was a
misimpression.
“WikiLeaks is a legitimate journalistic outlet,” he wrote on The Guardian site
on June 17, “and they carefully redacted all of their releases in accordance
with a judgment of public interest.” Diplomatic cables were later released
without redactions, and Mr. Assange and a British journalist have disputed who
was to blame, but claims that Private Manning was responsible were a “smear,”
Mr. Snowden wrote.
Even among advocates of greater government openness, WikiLeaks evokes mixed
feelings. Mr. Aftergood, of the Federation of American Scientists, called it “an
adolescent phenomenon of rebellion against authority.”
“WikiLeaks and Mr. Snowden have elevated issues that have been neglected in
public discourse,” he said. “But they don’t offer solutions to the problems
they’ve raised.”
Yochai Benkler, a law professor at Harvard who has written extensively on
WikiLeaks and is a possible defense witness at the Manning trial, said he found
it “tragic” that the interaction of both WikiLeaks and Mr. Snowden with the
United States government had become so adversarial. WikiLeaks began as an
innovative media venture, he said, but the government’s overreaction has turned
it into more of an activist venture.
“It was so easy to portray Assange as an unpleasant weirdo,” he said.
Mr. Benkler noted that a federal grand jury in Alexandria, Va., is believed to
still be looking into the possibility of prosecuting WikiLeaks and Mr. Assange
for publishing Private Manning’s leaked documents, a development he said would
be dangerous to democracy.
Government employees who leak classified information may deserve modest
penalties, he said, but the Obama administration needs to make clear that
reporting or publishing classified information will not be prosecuted.
“It’s a big policy decision about relative threats: on the one hand, occasional
leaks of classified information; on the other hand, shutting down the Fourth
Estate’s oversight of national security,” Mr. Benkler said.
Mr. Assange, from his embassy lair, said the Obama administration appeared
intent on criminalizing national security journalism but promised that WikiLeaks
would keep revealing secrets. For naysayers who say that since 2010 the group
has never come close to publishing anything with the impact of the Manning
documents, he offered a riposte.
“As Joseph Heller said when people said he hadn’t published anything as good as
‘Catch 22’: ‘Neither has anyone else.’ ”
Offering Snowden Aid, WikiLeaks Gets Back in the Game, NYT, 23.6.2013,
http://www.nytimes.com/2013/06/24/world/
offering-snowden-aid-wikileaks-gets-back-in-the-game.html
Data Security Is a Classroom Worry, Too
June 22,
2013
The New York Times
By NATASHA SINGER
LIKE many
privacy-minded parents of elementary students, Tony Porterfield tries to keep
close tabs on the personal information collected about his two sons. So when he
heard that their school district in Los Altos, Calif., had adopted Edmodo, an
online learning network connecting more than 20 million teachers and students
around the world, he decided to check out the program.
Edmodo’s free software allows teachers to set up virtual classrooms where they
can post homework assignments, give quizzes and use third-party apps to
complement lessons. Students can create individual profiles, including their
photograph and other details, within their teacher’s class and post comments to
a communal class feed.
Mr. Porterfield, an engineer at Cisco Systems, examined Edmodo’s data security
practices by registering himself on the site as a fictional home-school teacher.
As he went about creating imaginary students — complete with cartoon avatars —
for his fictitious class, however, he noticed that Edmodo did not encrypt user
sessions using a standard encryption protocol called Secure Sockets Layer.
That cryptography system, called SSL for short and used by many online banking
and e-commerce sites, protects people who log in to sites over an open Wi-Fi
network — like the kind offered by many coffee shops — from strangers who might
be using snooping software on the same network. (An “https” at the beginning of
a URL indicates SSL encryption.)
Without that encryption, Mr. Porterfield says, he worried about the potential
for a stranger to gain access to student information, and thus hypothetically be
able to identify or even contact students.
To test this hypothesis, he used a computer on his home Wi-Fi network to log in
as an imaginary student; then, using another computer, he installed free
security auditing software, called Cookie Cadger, to spy on the student’s online
activities. Though the risk of this happening with actual students seemed small
— Edmodo and other companies say they have no evidence that this kind of breach
has occurred — he contacted his school district about his concerns.
“There’s a lot of contextual information you could use to gain trust, to make
yourself seem familiar to the child,” he says. “As a parent, that’s the scariest
thing.”
In response to an inquiry from me last week, Sara Mandel, a spokeswoman for
Edmodo, said the service provided “a safe alternative to open, consumer social
networking sites” because students could participate only in groups created by
their teachers and because teachers decided whether students could send private
messages to one another.
She added that “any school that chooses” had been able to use a completely
encrypted version of the site since 2011 and that the company “is working to
ensure that all of our users are using an SSL-encrypted version.”
SCHOOL administrators and teachers said they liked these online learning systems
because they could control the information that students might share.
“Kids can’t talk to each other. They can only speak to the group,” says Heather
Peretz, a special-education teacher at Great Neck South Middle School in Great
Neck, N.Y., who uses Edmodo in her English class. “It helps them learn to be
good digital citizens so they are not making inappropriate posts.”
But as school districts rush to adopt learning-management systems, some privacy
advocates warn that educators may be embracing the bells and whistles before
mastering fundamentals like data security and privacy.
Although a federal law protecting children’s online privacy requires online
services to take reasonable measures to secure personal information — like names
and e-mail addresses — collected from children under 13, the law doesn’t
specifically require SSL encryption. Yet school districts often issue only
general notices about classroom technology, leaving many parents unaware of the
practices of the online learning systems their children use. Moreover, schools
often require online participation so students can gain access to course
assignments or collaborate on projects.
“What we are finding with this type of database is that parents are uninformed,”
says Khaliah Barnes, a lawyer at the Electronic Privacy Information Center.
“Most don’t understand how the technology works.”
Online security experts have long warned consumers about unencrypted Web sites
that collect personal details. That is because on open Wi-Fi networks, hackers
using simple software programs can see and copy the unique code, called a
session cookie, that servers issue to authenticate a person who has logged into
a Web site. By replicating that cookie, a hacker can acquire the same
privileges, like the ability to edit a profile or grade a quiz, of the
authenticated user for that session.
To call attention to this risk, a software developer in 2010 released a free
program called FireSheep that was capable of hijacking unencrypted sessions of
people using open Wi-Fi. Early the next year, Facebook began rolling out full
encryption. But, because that kind of cryptography requires more computing
power, it can slow down sites and increase costs. That is why many sites — even
some dating services that ask personal questions — remain largely unencrypted.
“It’s not good to trade performance for security when you are talking about
people’s personal information,” says Michael Clarkson, an assistant professor of
computer science at George Washington University who teaches an annual course on
software security. “I can’t think of a good reason not to keep the entire
session encrypted.”
Last fall, Mr. Porterfield, who was coaching his younger son’s soccer team, was
asked by the league to use a free youth sports site provided by Shutterfly, a
photo-sharing service, to post team rosters, player contact information, game
locations and player photos. He discovered that the site was not fully encrypted
— an issue reported in a May article in Mother Jones. (Last Friday, a
spokeswoman for Shutterfly told me that the company planned to introduce full
SSL encryption on its youth sports and other sites by the end of July.) It was
this that made Mr. Porterfield curious about data security practices of K-12
online learning services and led him to set up imaginary classes on several
sites.
One site was Schoology, a learning network used by more than two million
students and teachers worldwide. Its privacy policy says it “uses industry
standard SSL (secure socket layer) encryption to transfer private, personal
information.”
Mr. Porterfield found that for the fictitious classroom he set up in May using
Schoology’s free software, the login page did use SSL. But the profile pages
that included students’ e-mail addresses, birth dates, phone numbers and home
addresses were not protected.
To check Mr. Porterfield’s concerns, I asked Ashkan Soltani, an independent
security analyst, to look at both Edmodo and Schoology. He found that each
site’s login page was encrypted, but not student sessions themselves.
“Anyone at a local cafe with Wi-Fi will have access to the information that the
student is viewing or transmitting,” he told me. “I would consider that
potentially sensitive information from the perspective of parents.”
Full-session encryption may not have seemed so important several years ago, when
students logged into the sites primarily on secure networks at school or at
home. But now that so many students use mobile devices, learning networks say
they are moving toward full encryption.
For individual teachers who wanted to set up online groups, for instance,
Schoology until last week offered free software that encrypted login pages. For
customers like school districts who paid for more comprehensive packages, the
site offered the option of full-session encryption. Last Monday, Jeremy
Friedman, the C.E.O. of Schoology, told me the company planned to switch to
sitewide encryption by this fall. Last Thursday evening, he e-mailed with an
update: the sitewide encryption had just been completed.
“Ultimately, we are all working toward the same thing — protecting student data
and privacy,” Mr. Friedman said.
SCHOOLS are also developing methods to protect student data. The Palo Alto
Unified School District in California uses Schoology as a clearinghouse for
course assignments in its secondary schools and a couple of elementary schools.
But administrators prevent students from entering personal data, like e-mail
addresses, in their profiles. They encourage students to upload an avatar, not a
photo of themselves. And the district doesn’t post grades on the site.
“We take security very seriously,” says Ann Dunkin, the school district’s chief
technology officer, “and one way to take it seriously is to limit the amount of
information students can put into the system.”
But Mr. Porterfield says schools, no matter their vigilance, should be
transparent with parents about the potential risks of online learning networks.
“It’s not the school’s decision to make,” he said. “You should let the parents
know.”
Data Security Is a Classroom Worry, Too, NYT, 22.6.2013,
http://www.nytimes.com/2013/06/23/business/
data-security-is-a-classroom-worry-too.html
The Banality of ‘Don’t Be Evil’
June 1,
2013
The New York Times
By JULIAN ASSANGE
“THE New
Digital Age” is a startlingly clear and provocative blueprint for technocratic
imperialism, from two of its leading witch doctors, Eric Schmidt and Jared
Cohen, who construct a new idiom for United States global power in the 21st
century. This idiom reflects the ever closer union between the State Department
and Silicon Valley, as personified by Mr. Schmidt, the executive chairman of
Google, and Mr. Cohen, a former adviser to Condoleezza Rice and Hillary Clinton
who is now director of Google Ideas.
The authors met in occupied Baghdad in 2009, when the book was conceived.
Strolling among the ruins, the two became excited that consumer technology was
transforming a society flattened by United States military occupation. They
decided the tech industry could be a powerful agent of American foreign policy.
The book proselytizes the role of technology in reshaping the world’s people and
nations into likenesses of the world’s dominant superpower, whether they want to
be reshaped or not. The prose is terse, the argument confident and the wisdom —
banal. But this isn’t a book designed to be read. It is a major declaration
designed to foster alliances.
“The New Digital Age” is, beyond anything else, an attempt by Google to position
itself as America’s geopolitical visionary — the one company that can answer the
question “Where should America go?” It is not surprising that a respectable cast
of the world’s most famous warmongers has been trotted out to give its stamp of
approval to this enticement to Western soft power. The acknowledgments give
pride of place to Henry Kissinger, who along with Tony Blair and the former
C.I.A. director Michael Hayden provided advance praise for the book.
In the book the authors happily take up the white geek’s burden. A liberal
sprinkling of convenient, hypothetical dark-skinned worthies appear: Congolese
fisherwomen, graphic designers in Botswana, anticorruption activists in San
Salvador and illiterate Masai cattle herders in the Serengeti are all obediently
summoned to demonstrate the progressive properties of Google phones jacked into
the informational supply chain of the Western empire.
The authors offer an expertly banalized version of tomorrow’s world: the
gadgetry of decades hence is predicted to be much like what we have right now —
only cooler. “Progress” is driven by the inexorable spread of American consumer
technology over the surface of the earth. Already, every day, another million or
so Google-run mobile devices are activated. Google will interpose itself, and
hence the United States government, between the communications of every human
being not in China (naughty China). Commodities just become more marvelous;
young, urban professionals sleep, work and shop with greater ease and comfort;
democracy is insidiously subverted by technologies of surveillance, and control
is enthusiastically rebranded as “participation”; and our present world order of
systematized domination, intimidation and oppression continues, unmentioned,
unafflicted or only faintly perturbed.
The authors are sour about the Egyptian triumph of 2011. They dismiss the
Egyptian youth witheringly, claiming that “the mix of activism and arrogance in
young people is universal.” Digitally inspired mobs mean revolutions will be
“easier to start” but “harder to finish.” Because of the absence of strong
leaders, the result, or so Mr. Kissinger tells the authors, will be coalition
governments that descend into autocracies. They say there will be “no more
springs” (but China is on the ropes).
The authors fantasize about the future of “well resourced” revolutionary groups.
A new “crop of consultants” will “use data to build and fine-tune a political
figure.”
“His” speeches (the future isn’t all that different) and writing will be fed
“through complex feature-extraction and trend-analysis software suites” while
“mapping his brain function,” and other “sophisticated diagnostics” will be used
to “assess the weak parts of his political repertoire.”
The book mirrors State Department institutional taboos and obsessions. It avoids
meaningful criticism of Israel and Saudi Arabia. It pretends, quite
extraordinarily, that the Latin American sovereignty movement, which has
liberated so many from United States-backed plutocracies and dictatorships over
the last 30 years, never happened. Referring instead to the region’s “aging
leaders,” the book can’t see Latin America for Cuba. And, of course, the book
frets theatrically over Washington’s favorite boogeymen: North Korea and Iran.
Google, which started out as an expression of independent Californian graduate
student culture — a decent, humane and playful culture — has, as it encountered
the big, bad world, thrown its lot in with traditional Washington power
elements, from the State Department to the National Security Agency.
Despite accounting for an infinitesimal fraction of violent deaths globally,
terrorism is a favorite brand in United States policy circles. This is a fetish
that must also be catered to, and so “The Future of Terrorism” gets a whole
chapter. The future of terrorism, we learn, is cyberterrorism. A session of
indulgent scaremongering follows, including a breathless disaster-movie
scenario, wherein cyberterrorists take control of American air-traffic control
systems and send planes crashing into buildings, shutting down power grids and
launching nuclear weapons. The authors then tar activists who engage in digital
sit-ins with the same brush.
I have a very different perspective. The advance of information technology
epitomized by Google heralds the death of privacy for most people and shifts the
world toward authoritarianism. This is the principal thesis in my book,
“Cypherpunks.” But while Mr. Schmidt and Mr. Cohen tell us that the death of
privacy will aid governments in “repressive autocracies” in “targeting their
citizens,” they also say governments in “open” democracies will see it as “a
gift” enabling them to “better respond to citizen and customer concerns.” In
reality, the erosion of individual privacy in the West and the attendant
centralization of power make abuses inevitable, moving the “good” societies
closer to the “bad” ones.
The section on “repressive autocracies” describes, disapprovingly, various
repressive surveillance measures: legislation to insert back doors into software
to enable spying on citizens, monitoring of social networks and the collection
of intelligence on entire populations. All of these are already in widespread
use in the United States. In fact, some of those measures — like the push to
require every social-network profile to be linked to a real name — were
spearheaded by Google itself.
THE writing is on the wall, but the authors cannot see it. They borrow from
William Dobson the idea that the media, in an autocracy, “allows for an
opposition press as long as regime opponents understand where the unspoken
limits are.” But these trends are beginning to emerge in the United States. No
one doubts the chilling effects of the investigations into The Associated Press
and Fox’s James Rosen. But there has been little analysis of Google’s role in
complying with the Rosen subpoena. I have personal experience of these trends.
The Department of Justice admitted in March that it was in its third year of a
continuing criminal investigation of WikiLeaks. Court testimony states that its
targets include “the founders, owners, or managers of WikiLeaks.” One alleged
source, Bradley Manning, faces a 12-week trial beginning tomorrow, with 24
prosecution witnesses expected to testify in secret.
This book is a balefully seminal work in which neither author has the language
to see, much less to express, the titanic centralizing evil they are
constructing. “What Lockheed Martin was to the 20th century,” they tell us,
“technology and cybersecurity companies will be to the 21st.” Without even
understanding how, they have updated and seamlessly implemented George Orwell’s
prophecy. If you want a vision of the future, imagine Washington-backed Google
Glasses strapped onto vacant human faces — forever. Zealots of the cult of
consumer technology will find little to inspire them here, not that they ever
seem to need it. But this is essential reading for anyone caught up in the
struggle for the future, in view of one simple imperative: Know your enemy.
Julian Assange
is the editor in chief of WikiLeaks
and author of
“Cypherpunks:
Freedom and
the Future of the Internet.”
The Banality of ‘Don’t Be Evil’, NYT, 1.6.2013,
http://www.nytimes.com/2013/06/02/opinion/
sunday/the-banality-of-googles-dont-be-evil.html
An Elizabethan Cyberwar
May 31,
2013
The New York Times
By JORDAN CHANDLER HIRSCH and SAM ADELSBERG
NEW HAVEN —
AS Barack Obama and China’s president, Xi Jinping, prepare to meet in California
next week, America’s relations with China are feeling increasingly like the cold
war — especially when it comes to cybersecurity.
With the two countries accusing each other of breaking the old rules of the
game, a new breed of “cyberhawks” on both sides are arguing for cold-war-like
escalation that could turn low-level cyberconflict into total war.
But treating today’s Beijing like Brezhnev’s Moscow distorts the nature of the
threat and how Washington should respond to it.
In confronting today’s cyberbattles, the United States should think less about
Soviets and more about pirates. Indeed, today’s cybercompetition is less like
the cold war than the battle for the New World.
In the era after the discovery of the Americas, European states fought for
mastery over the Atlantic. Much like the Internet today, the ocean then was a
primary avenue for trade and communication that no country could cordon off.
At that time, the Spanish empire boasted a fearsome navy, but it could not
dominate the seas. Poorer and weaker England tested Spain’s might by encouraging
and equipping would-be pirates to act on its behalf without official sanction.
These semi-state-sponsored privateers robbed Spain of gold and pride as they
raided ships off the coasts of the New World and Spain itself, enriching the
English crown while augmenting its naval power. Spain’s inability to attribute
the attacks directly to England allowed Queen Elizabeth I to level the playing
field in an arena lacking laws or customs.
Today’s cyberbattles aren’t so different.
Next week’s summit takes place amid reports of increasingly sophisticated
Chinese cyberespionage. Earlier this week, evidence surfaced that Chinese
hackers had gained access to several top-secret Pentagon programs. That followed
news that cyberunits believed to be linked to the Chinese Army have resumed
attacks on American businesses and government agencies.
As tensions deepen, hawkish Chinese military leaders are paving the way for
offensive war. A study by a RAND Corporation expert cited Chinese sources
calling for pre-emptive cyberstrikes “under the rubric of the rising Chinese
strategy of xianfa zhiren, or ‘gaining mastery before the enemy has struck.’ ”
And a recent paper found that Chinese military officials have contemplated using
cyberweapons like Stuxnet, which the United States and Israel deployed against
Iran’s nuclear program, to target critical infrastructure.
American policy makers are beginning to view their cyberstruggle with China
through a cold war lens. One Pentagon official recently said that while during
the cold war America focused “on the nuclear command centers around Moscow,”
today American leaders “worry as much about the computer servers in Shanghai.”
Another senior official declared that “the Cold War enforced norms, and the
Soviets and the United States didn’t go outside a set of boundaries.” But, he
argued, “China is going outside those boundaries now.”
Among those who view these hostilities as the cold war redux, some are proposing
a more strident response. Earlier this year, the United States military
announced the formation of 13 units dedicated to offensive cyberstrikes and
endorsed pre-emptive cyberattacks. And late last month, Jon M. Huntsman Jr., the
former ambassador to China, and Dennis C. Blair, the former director of national
intelligence, suggested allowing American companies to retaliate against Chinese
hackers on their own.
This emergence of cyberhawks in both nations raises the odds of a hack’s
becoming a cyberwar. These voices could pressure both nations to treat any
escalating cyberconflict as a latter-day Cuban missile crisis.
But the cold war model of a struggle with calibrated boundaries, clear rules,
and the threat of mutual assured destruction simply doesn’t fit cyberspace.
The first major difference is terrain. The United States and the Soviet Union
fought for global influence, manning divisions here and infiltrating covert
operatives there. The Internet is more fluid. Neither the United States nor
China can slice cyberspace into the reassuring structure of spheres of
influence. With no obvious borders for states to violate or defend, power in
cyberspace is at once easier to exercise and harder to maintain, a battle of
subtleties rather than hard-nosed deterrence.
There are also more players today. The United States and the Soviet Union were
the world’s unmatched nuclear powers. But in the cyberrealm, the United States
and China stand only just ahead of other nations, hacker groups and individuals
in their ability to inflict damage. And all of these actors can hide behind
layers of networks and third parties, making it difficult to discover not only
who attacked but also how and when. There will, in most cases, be plausible
deniability. Even if American and Chinese policy makers wanted to manage the Web
as carefully as their predecessors did the cold war, no working group could tame
this instability.
With nations still navigating how to interact on the Web and arguments
persisting about whether international law applies to the Internet, there are
few established customs of cyberbehavior, legal or implicit. The United States
should not expect China to follow the rules of a previous era. The norms of
American-Soviet conflict, which themselves emerged out of years of gunpoint
diplomacy, can’t be grafted onto cyberspace.
If American policy makers continue to define the cyberstruggle between
Washington and Beijing as a new cold war, they will not meet the challenge.
Viewing China’s actions through an obsolete lens will give them a distorted
sense of its intentions. And it will limit American retaliation to the outmoded
rules of a bygone battle.
If they must look to the past, they should heed the lessons of the 16th century,
not the 20th. In 1588, the Spanish crown, in no small part due to its
frustration with English piracy, resorted to massive retaliation, sending its
armada to overthrow Queen Elizabeth. That move ended in disaster and an
overwhelming English victory.
Instead of trying to beat back the New World instability of the Internet with an
old playbook, American officials should embrace it. With the conflict placed in
its proper perspective, policy makers could ratchet down the rhetoric and
experiment with a new range of responses that go beyond condemnation but stop
short of all-out cyberwar — giving them the room to maneuver without approaching
cyberconflict as a path to Defcon 1.
In these legally uncharted waters, only Elizabethan guile, not cold war
brinkmanship, will steer Washington through the storm.
Jordan
Chandler Hirsch,
a former staff
editor at Foreign Affairs,
and Sam
Adelsberg,
a fellow at
the Yale Information Society Project,
are students
at Yale Law School.
An Elizabethan Cyberwar, NYT, 31.5.2013,
http://www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html
Facebook Says It Failed
to Bar
Posts With Hate Speech
May 28,
2013
The New York Times
By TANZINA VEGA
Facebook on
Tuesday acknowledged that its systems to identify and remove hate speech had not
worked effectively, as it faced pressure from feminist groups that want the site
to ban pages that glorify violence against women.
The activists, who sent more than 5,000 e-mails to Facebook’s advertisers and
elicited more than 60,000 posts on Twitter, also prompted Nissan and more than a
dozen smaller companies to say that they would withdraw advertising from the
site.
In a blog post, Facebook said its “systems to identify and remove hate speech
have failed to work as effectively as we would like, particularly around issues
of gender-based hate.” The company said it would review how it dealt with such
content, update training for its employees, increase accountability — including
requiring that users use their real identities when creating content — and
establish more direct lines of communication with women’s groups and other
entities.
Women’s groups have complained to Facebook about misogynous content in the past,
but pressure on the company escalated last week when a collective led by Women,
Action and the Media; Laura Bates of the Everyday Sexism Project; and Soraya
Chemaly, a writer and activist, published an open letter asking Facebook
executives to “ban gender-based hate speech on your site.”
The letter highlighted Facebook pages with names like “Violently Raping Your
Friend Just for Laughs” and “Kicking your Girlfriend in the Fanny because she
won’t make you a Sandwich,” and other pages that included graphic images of
women being abused.
The groups asked Facebook to improve how it trains moderators to recognize and
remove such content. They also asked Facebook users to use the Twitter hashtag
#FBrape to call on companies to stop advertising on Facebook if their ads have
been placed alongside such content. A petition on the site change.org had almost
224,000 supporters by Tuesday evening.
“We thought that advertisers would be the most effective way of getting
Facebook’s attention,” said Jaclyn Friedman, the executive director of Women,
Action and the Media. “We had no idea that it would blow up this big. I think
people have been frustrated with this issue for so long and feeling like that
had no way for Facebook to pay attention to them. As consumers we do have a lot
of power.”
David Reuter, a spokesman for Nissan, said in an interview on Tuesday that the
automaker has stopped all advertising on Facebook until it could assure Nissan
that its ads would not appear on pages with offensive content.
Nissan typically buys Facebook advertisements that target particular demographic
groups, like men age 30 to 35, Mr. Reuter said. In Facebook’s system, those ads
follow the users onto whatever pages they visit, potentially including those
with offensive content.
“We are working with Facebook to understand this situation better and opt out of
advertising on any pages that are offensive,” he said.
While more than a dozen smaller advertisers like Down Easy Brewing and eReader
Utopia had agreed by Tuesday to remove their ads from Facebook, other major
advertisers, including Zappos, Dove and American Express, stopped short of
withdrawing their ads. Those companies did, however, issue responses through
Facebook, e-mail or Twitter that they did not condone violence against women.
Dove, a beauty brand that has a campaign that focuses on “real beauty,” has come
under intense pressure because of its marketing focus on women, Ms. Friedman
said. One commenter on the Dove Facebook page wrote: “So, Dove, you’re willing
to make money off of us, but not willing to lift a finger to let Facebook know
violence against women isn’t acceptable?”
Representatives for Dove did not respond to requests for an interview, nor did
representatives for Zappos or American Express.
Stacy Janicki, a senior partner and director of accounts at the advertising
agency Carmichael Lynch, called Facebook’s response on Tuesday “a bit of a
cop-out.”
“I think advertisers have a responsibility to consumers and media companies have
a responsibility to advertisers to make sure they control the content on those
sites,” Ms. Janicki, adding that as Facebook and other social media companies
seek to secure more advertising dollars, advertisers will have the power to walk
away from content that does not represent them well.
“That’s the power and the curse of social media,” she said. “You can put
anything on there, but the benefit is that you can elevate it and scale it to
where advertisers will listen and ultimately Facebook will listen.”
Vindu Goel
contributed reporting.
This article
has been revised to reflect the following correction:
Correction: May 28, 2013
An earlier version of this article referred incorrectly to the person who
commented on the power of advertisers in social media. It was Stacy Janicki, of
the advertising agency Carmichael Lynch, who said, “I think advertisers have a
responsibility to consumers, and media companies have a responsibility to
advertisers to make sure they control the content on those sites.” It was not
“Ms. Lynch.” (No “Ms. Lynch” was quoted in the article.)
Facebook Says It Failed to Bar Posts With Hate Speech, NYT, 29.5.2013,
http://www.nytimes.com/2013/05/29/business/media/
facebook-says-it-failed-to-stop-misogynous-pages.html
Bequeathing
the Keys
to Your Digital Afterlife
May 25,
2013
The New York Times
By ANNE EISENBERG
IT’S tough
enough to write an ordinary will, deciding how to pass along worldly goods like
your savings, your real estate and that treasured rocking chair from Aunt Martha
in the living room.
But you may want to provide for your virtual goods, too. Who gets the
photographs and the e-mail stored online, the contents of a Facebook account, or
that digital sword won in an online game?
These things can be important to the people you leave behind.
“Digital assets have value, sometimes sentimental, and sometimes commercial,
just like a boxful of jewelry,” said John M. Riccione, a lawyer at Aronberg
Goldgehn Davis & Garmisa in Chicago. “There can be painful legal and emotional
issues for relatives unless you decide how to handle your electronic possessions
in your estate planning.”
Many services and programs have sprung up to help people prepare for what
happens after their last login.
Google has a program called Inactive Account Manager, introduced in April, that
lets those who use Google services decide exactly how they want to deal with the
data they’ve stored online with the company — from Gmail and Picasa photo albums
to publicly shared data like YouTube videos and blogs.
The process is straightforward. First go to google.com/settings/account. Then
look for “account management” and then “control what happens to your account
when you stop using Google.” Click on “Learn more and go to setup.” Then let
Google know the people you want to be notified when the company deactivates the
account; you’re allowed up to 10 names. You choose when you want Google to end
your account — for example, after three, six or nine months of electronic
silence (or even 12 months, if you’ve decided to take a yearlong trip down the
Amazon).
Google has ways to make sure that your electronic pulse has really gone silent;
it checks for traces of your online self, for example, by way of Android
check-ins, Gmail activity and Web history. Then, a month before it pulls the
plug, Google alerts you by text and e-mail, just in case you’re still there. If
silence has indeed fallen, Google notifies your beneficiaries and provides links
they can follow to download the photographs, videos, documents or other data
left to them, said Nadja Blagojevic, a Google manager.
And if you just want to say goodbye to everything, with no bequests, you can
instruct Google to delete all of the information in your account.
Naomi R. Cahn, a professor of law at George Washington University Law School in
Washington, says Google’s new program is a step forward in digital estate
planning. “People should carefully consider the fate of their online presences
once they are no longer able to manage them,” she said.
Other companies may also be of help in planning your digital legacy. Many
services offer online safe deposit boxes, for example, where you can stow away
the passwords to e-mail accounts and other data. Accounts like this at
SecureSafe, are free for up to 50 passwords, 10 megabytes of storage and one
beneficiary, said Andreas Jacob, a co-founder. Accounts can be accessed from a
browser, or from free iPhone, iPad and Android apps. The company also offers
premium services for those who need a larger storage space, more passwords or
more beneficiaries.
There is always your sock drawer or another physical repository to store a list
of your user ID’s, should you be deterred from online lockboxes by fear of
cyberattacks or the risk that computer servers that may not be there in a few
decades, said Alexandra Gerson, a lawyer at Helsell Fetterman in Seattle.
“Make a private list of all your user names and passwords for all the accounts
in which you have a digital presence, and make sure you update the list if you
change login information” Ms. Gerson said. “Don’t put user names and passwords
in your will, though, as it becomes a public record when you die.”
Make sure that your executor or personal representative understands the
importance of preserving these digital assets, and knows how to find them, said
Laura Hoexter, a lawyer at Helsell who also works on inheritance issues.
“Preferably the person should be tech-savvy,” she said, and know about your
online game accounts, your PayPal account, your online presence on photo storage
sites, social media accounts and blogs, and even your online shopping accounts
where your credit card information is stored so that the information can be
deleted.
AFTER you die, an executor or agent can contact Facebook and other social media
sites, establish his or her authority to administer the estate, and request the
contents of the account.
“Most accounts won’t give you the user name and password, but they will release
the contents of the account such as photographs and posts” to an executor, Ms.
Hoexter said.
Transfer at death can depend on the company’s terms of service, copyright law
and whether the file is encrypted in ways that limit the ability to freely copy
and transfer it. Rights to digital contents bought on Google Play, for example,
end upon the person’s death. “There is currently no way of assigning them to
others after the user’s death,” Ms. Blagojevic said.
Encryption is a common constraint, but there are exceptions. Apple’s iTunes
store, for example, has long removed its anti-copying restrictions on the songs
sold there, and Ms. Gerson advises people to take advantage of this in their
digital planning. “Get your music backed up on your computer,” she said.
Up to five computers can be authorized to play purchases made with one iTunes
account, and a company support representative advises that users make sure that
their heirs have access. At Kindle, too, family members with user ID information
for the account can access the digital content.
Professor Cahn in Washington says the time to prepare for the digital hereafter
is now, particularly if serious illness is a factor. “If someone is terminally
ill,” she said, “in addition to getting emotional and financial issues in order,
you need to get your Internet house in order.”
Bequeathing the Keys to Your Digital Afterlife, NYT, 25.5.2013,
http://www.nytimes.com/2013/05/26/technology/
estate-planning-is-important-for-your-online-assets-too.html
The 1 Percent Are Only Half the Problem
Opinionator
- A Gathering of Opinion From Around the Web
May 18, 2013, 12:04 pm
The New York Times
By TIMOTHY NOAH
Most recent
discussion about economic inequality in the United States has focused on the top
1 percent of the nation’s income distribution, a group whose incomes average $1
million (with a bottom threshold of about $367,000). “We are the 99 percent,”
declared the Occupy protesters, unexpectedly popularizing research findings by
two economists, Thomas Piketty and Emmanuel Saez, that had previously drawn
attention mainly from academics. But the gap between the 1 percent and the 99
percent is only half the story.
Granted, it’s an important half. Since 1979, the one-percenters have doubled
their share of the nation’s collective income from about 10 percent to about 20
percent. And between 2009, when the Great Recession ended, and 2011, the
one-percenters saw their average income rise by 11 percent even as the
99-percenters saw theirs fall slightly. Some recovery!
This dismal litany invites the conclusion that if we would just put a tight
enough choke chain on the 1 percent, then we’d solve the problem of income
inequality. But alas, that isn’t true, because it wouldn’t address the other
half of the story: the rise of the educated class.
Since 1979 the income gap between people with college or graduate degrees and
people whose education ended in high school has grown. Broadly speaking, this is
a gap between working-class families in the middle 20 percent (with incomes
roughly between $39,000 and $62,000) and affluent-to-rich families (say, the top
10 percent, with incomes exceeding $111,000). This skills-based gap is the
inequality most Americans see in their everyday lives.
Conservatives don’t typically like to talk about income inequality. It stirs up
uncomfortable questions about economic fairness. (That’s why as a candidate Mitt
Romney told a TV interviewer that inequality was best discussed in “quiet
rooms.”) On those rare occasions when conservatives do bring it up, it’s the
skills-based gap that usually draws their attention, because it offers an
opportunity to criticize our government-run system of public education and
especially teachers’ unions.
Liberals resist talking about the skills-based gap because they don’t want to
tell the working classes that they’re losing ground because they didn’t study
hard enough. Liberals prefer to focus on the 1 percent-based gap. Conceiving of
inequality as something caused by the very richest people has obvious political
appeal, especially since (by definition) nearly all of us belong to the 99
percent. There’s also a pleasing simplicity to the causes of the growing gap
between the 1 and the 99. There are only two, and both are familiar liberal
targets: the rise of a deregulated financial sector and the erosion of
accountability in compensating top executives outside finance. (The cohort most
reflective of these trends is actually the top 0.1 percent, who make $1.6
million or more, but let’s not quibble.)
Both halves of the inequality story should command our attention, because both
represent a dramatic reversal of economic trends that prevailed in the United
States for most of the 20th century. From the 1930s through the 1970s the 1
percent saw its share of national income decline, while the “college premium”
either fell or followed no clear up-or-down pattern over time.
At least some of the tools to restore these more egalitarian trends shouldn’t be
divisive ideologically. Liberals and conservatives both recognize the benefits
of preschool education, which President Obama has proposed making universally
available. I’ve never met an affluent 4-year-old who wasn’t enrolled in
preschool, but nationwide about one-third of kids that age aren’t.
Another reform both conservatives and liberals have supported — though at
different times — is withholding federal aid from colleges and universities that
can’t control tuition increases. Mr. Obama proposed it in his last two State of
the Union addresses; House Speaker John A. Boehner was a sponsor of a bill to do
the same in 2003.
THERE is also more bipartisan support than you might suppose for restricting
some of the Wall Street excesses that enrich the 1 percent. The impetus to do so
isn’t inequality so much as fear that an out-of-control banking sector will once
again create economic crisis and compel Congress to bail out the big banks.
Congressional Republicans have been blocking proper implementation of the
Dodd-Frank financial reforms, but a growing chorus of conservative voices,
including the columnist George F. Will, the former Utah governor Jon M. Huntsman
Jr. and Richard W. Fisher, president of the Federal Reserve Bank of Dallas,
favor breaking up the big banks. Senators David Vitter, Republican of Louisiana,
and Sherrod Brown, Democrat of Ohio, have sponsored a bill to require the
largest banks to hold more capital reserves, or become smaller.
One reason the left plays down the growing skills-based gap is that it accepts
at face value the conservative claim that educational failure is its root cause.
But the decline of labor unions is just as important. At one time union
membership was highly effective at reducing or eliminating the wage gap between
college and high school graduates. That’s much less true today. Only about 7
percent of the private-sector labor force is covered by union contracts, about
the same proportion as before the New Deal. Six decades ago it was nearly 40
percent.
The decline of labor unions is what connects the skills-based gap to the 1
percent-based gap. Although conservatives often insist that the 1 percent’s
richesse doesn’t come out of the pockets of the 99 percent, that assertion
ignores the fact that labor’s share of gross domestic product is shrinking while
capital’s share is growing. Since 1979, except for a brief period during the
tech boom of the late 1990s, labor’s share of corporate income has fallen.
Pension funds have blurred somewhat the venerable distinction between capital
and labor. But that’s easy to exaggerate, since only about one-sixth of all
households own stocks whose value exceeds $7,000. According to the left-leaning
Economic Policy Institute, the G.D.P. shift from labor to capital explains fully
one-third of the 1 percent’s run-up in its share of national income. It couldn’t
have happened if private-sector unionism had remained strong.
Reviving labor unions is, sadly, anathema to the right; even many mainstream
liberals resist the idea. But if economic growth depends on rewarding effort, we
should all worry that the middle classes aren’t getting pay increases
commensurate with the wealth they create for their bosses. Bosses aren’t going
to fix this problem. That’s the job of unions, and finding ways to rebuild them
is liberalism’s most challenging task. A bipartisan effort to revive the labor
movement is hardly likely, but halting inequality’s growth will depend, at the
very least, on liberals and conservatives better understanding each other’s
definition of where the problem lies.
Timothy Noah
is the author
of “The Great
Divergence:
America’s
Growing Inequality Crisis
And What We
Can Do About It.”
The 1 Percent Are Only Half the Problem, NYT, 18.5.2013,
http://opinionator.blogs.nytimes.com/2013/05/18/
the-1-percent-are-only-half-the-problem/
Chinese
Hackers
Resume
Attacks on U.S. Targets
May 19,
2013
The New York Times
By DAVID E. SANGER and NICOLE PERLROTH
WASHINGTON
— Three months after hackers working for a cyberunit of China’s People’s
Liberation Army went silent amid evidence that they had stolen data from scores
of American companies and government agencies, they appear to have resumed their
attacks using different techniques, according to computer industry security
experts and American officials.
The Obama administration had bet that “naming and shaming” the groups, first in
industry reports and then in the Pentagon’s own detailed survey of Chinese
military capabilities, might prompt China’s new leadership to crack down on the
military’s highly organized team of hackers — or at least urge them to become
more subtle.
But Unit 61398, whose well-guarded 12-story white headquarters on the edges of
Shanghai became the symbol of Chinese cyberpower, is back in business, according
to American officials and security companies.
It is not clear precisely who has been affected by the latest attacks. Mandiant,
a private security company that helps companies and government agencies defend
themselves from hackers, said the attacks had resumed but would not identify the
targets, citing agreements with its clients. But it did say the victims were
many of the same ones the unit had attacked before.
The hackers were behind scores of thefts of intellectual property and government
documents over the past five years, according to a report by Mandiant in
February that was confirmed by American officials. They have stolen product
blueprints, manufacturing plans, clinical trial results, pricing documents,
negotiation strategies and other proprietary information from more than 100 of
Mandiant’s clients, predominantly in the United States.
According to security experts, the cyberunit was responsible for a 2009 attack
on the Coca-Cola Company that coincided with its failed attempt to acquire the
China Huiyuan Juice Group. In 2011, it attacked RSA, a maker of data security
products used by American government agencies and defense contractors, and used
the information it collected from that attack to break into the computer systems
of Lockheed Martin, the aerospace contractor.
More recently, security experts said, the group took aim at companies with
access to the nation’s power grid. Last September, it broke into the Canadian
arm of Telvent, now Schneider Electric, which keeps detailed blueprints on more
than half the oil and gas pipelines in North America.
Representatives of Coca-Cola and Schneider Electric did not return requests for
comment on Sunday. A Lockheed Martin spokesman said the company declined to
comment.
In interviews, Obama administration officials said they were not surprised by
the resumption of the hacking activity. One senior official said Friday that
“this is something we are going to have to come back at time and again with the
Chinese leadership,” who, he said, “have to be convinced there is a real cost to
this kind of activity.”
Mandiant said that the Chinese hackers had stopped their attacks after they were
exposed in February and removed their spying tools from the organizations they
had infiltrated. But over the past two months, they have gradually begun
attacking the same victims from new servers and have reinserted many of the
tools that enable them to seek out data without detection. They are now
operating at 60 percent to 70 percent of the level they were working at before,
according to a study by Mandiant requested by The New York Times.
The Times hired Mandiant to investigate an attack that originated in China on
its news operations last fall. Mandiant is not currently working for The New
York Times Company.
Mandiant’s findings match those of Crowdstrike, another security company that
has also been tracking the group. Adam Meyers, director of intelligence at
Crowdstrike, said that apart from a few minor changes in tactics, it was
“business as usual” for the Chinese hackers.
The subject of Chinese attacks is expected to be a central issue in an upcoming
visit to China by President Obama’s national security adviser, Thomas Donilon,
who has said that dealing with China’s actions in cyberspace is now moving to
the center of the complex security and economic relationship between the two
countries.
But hopes for progress on the issue are limited. When the Pentagon released its
report this month officially identifying the Chinese military as the source of
years of attacks, the Chinese Foreign Ministry denied the accusation, and
People’s Daily, which reflects the views of the Communist Party, called the
United States “the real ‘hacking empire,’ ” saying it “has continued to
strengthen its network tools for political subversion against other countries.”
Other Chinese organizations and scholars cited American and Israeli cyberattacks
on Iran’s nuclear facilities as evidence of American hypocrisy.
At the White House, Caitlin Hayden, the spokeswoman for the National Security
Council, said Sunday that “what we have been seeking from China is for it to
investigate our concerns and to start a dialogue with us on cyberissues.” She
noted that China “agreed last month to start a new working group,” and that the
administration hoped to win “longer-term changes in China’s behavior, including
by working together to establish norms against the theft of trade secrets and
confidential business information.”
In a report to be issued Wednesday, a private task force led by Mr. Obama’s
former director of national intelligence, Dennis C. Blair, and his former
ambassador to China, Jon M. Huntsman Jr., lays out a series of proposed
executive actions and Congressional legislation intended to raise the stakes for
China.
“Jawboning alone won’t work,” Mr. Blair said Saturday. “Something has to change
China’s calculus.”
The exposure of Unit 61398’s actions, which have long been well known to
American intelligence agencies, did not accomplish that task.
One day after Mandiant and the United States government revealed the P.L.A. unit
as the culprit behind hundreds of attacks on agencies and companies, the unit
began a haphazard cleanup operation, Mandiant said.
Attack tools were unplugged from victims’ systems. Command and control servers
went silent. And of the 3,000 technical indicators Mandiant identified in its
initial report, only a sliver kept operating. Some of the unit’s most visible
operatives, hackers with names like “DOTA,” “SuperHard” and “UglyGorilla,”
disappeared, as cybersleuths scoured the Internet for clues to their real
identities.
In the case of UglyGorilla, Web sleuths found digital evidence that linked him
to a Chinese national named Wang Dong, who kept a blog about his experience as a
P.L.A. hacker from 2006 to 2009, in which he lamented his low pay, long hours
and instant ramen meals.
But in the weeks that followed, the group picked up where it had left off. From
its Shanghai headquarters, the unit’s hackers set up new beachheads from
compromised computers all over the world, many of them small Internet service
providers and mom-and-pop shops whose owners do not realize that by failing to
rigorously apply software patches for known threats, they are enabling
state-sponsored espionage.
“They dialed it back for a little while, though other groups that also wear
uniforms didn’t even bother to do that,” Kevin Mandia, the chief executive of
Mandiant, said in an interview on Friday. “I think you have to view this as the
new normal.”
The hackers now use the same malicious software they used to break into the same
organizations in the past, only with minor modifications to the code.
While American officials and corporate executives say they are trying to
persuade President Xi Jinping’s government that a pattern of theft by the P.L.A.
will damage China’s growth prospects — and the willingness of companies to
invest in China — their longer-term concern is that China may be trying to
establish a new set of rules for Internet commerce, with more censorship and
fewer penalties for the theft of intellectual property.
Eric Schmidt, the chairman of Google, said Friday that while there was evidence
that inside China many citizens are using the Web to pressure the government to
clean up industrial hazards or to complain about corruption, “so far there is no
positive data on China’s dealings with the rest of the world” on cyberissues.
Google largely pulled out of China after repeated attacks on its systems in 2009
and 2010, and now has its Chinese operations in Hong Kong. But it remains, Mr.
Schmidt said, a constant target for Chinese cyberattackers.
David E.
Sanger reported from Washington,
and Nicole
Perlroth from San Francisco.
Chinese Hackers Resume Attacks on U.S. Targets, NYT, 19.5.2013,
http://www.nytimes.com/2013/05/20/world/asia/
chinese-hackers-resume-attacks-on-us-targets.html
Times
Site Is Attacked by Hackers
May 17,
2013
The New York Times
By CHRISTINE HAUGHNEY
The New
York Times Company was a victim of online attacks earlier this week that slowed
down The New York Times Web site and limited access to articles and other types
of content.
According to Danielle Rhoades Ha, a company spokeswoman, the Web site became
unavailable to “a small number of users” after a denial-of-service attack, a
tactic used by hackers to slow or halt Web traffic by bombarding a host site
with requests for information. She added that the company did not “have
confirmation on who is responsible for the most recent attacks on nytimes.com.”
The announcement follows attacks that were made on The Times’s site late last
year. In January, the newspaper announced that its computer systems had been
infiltrated by Chinese hackers who found passwords for reporters and other
employees. The attacks took place as The Times investigated the relatives of Wen
Jiabao, China’s prime minister, and how they had built up a multibillion-dollar
fortune during his political tenure. David Barboza, the author of the article,
won a Pulitzer Prize.
Attacks on media organizations are not unique to The Times. Shortly after the
January announcement by The Times, officials at The Wall Street Journal and The
Washington Post also reported that their Web sites had been attacked by Chinese
hackers. On Friday, the Syrian Electronic Army said it had hacked the Web site
and several Twitter accounts that belonged to The Financial Times. In the past,
it has attacked other media companies, including The Associated Press and The
Onion.
Times Site Is Attacked by Hackers, NYT, 17.5.2013,
http://www.nytimes.com/2013/05/18/
business/media/times-site-is-attacked-by-hackers.html
Hunting
for Syrian Hackers’
Chain of Command
May 17, 2013
The New York Times
By NICOLE PERLROTH
It’s the question of the moment inside the murky realm of
cybersecurity: Just who — or what — is the Syrian Electronic Army?
The hacking group that calls itself the S.E.A. struck again on Friday, this time
breaking into the Twitter accounts and blog headlines of The Financial Times.
The attack was part of a crusade that has targeted dozens of media outlets as
varied as The Associated Press and The Onion, the parody news site.
But just who is behind the S.E.A.’s cybervandalism remains a mystery.
Paralleling the group’s boisterous, pro-Syrian government activity has been a
much quieter Internet surveillance campaign aimed at revealing the identities,
activities and whereabouts of the Syrian rebels fighting the government of
President Bashar al-Assad.
Now sleuths are trying to figure out how much overlap there is between the rowdy
pranks playing out on Twitter and the silent spying that also increasingly
includes the monitoring of foreign aid workers. It’s a high-stakes search. If
researchers prove the Assad regime is closely tied to the group, foreign
governments may choose to respond because the attacks have real-world
consequences. The S.E.A. nearly crashed the stock market, for example, by
planting false tales of White House explosions in a recent hijacking of The
A.P.’s Twitter feed.
The mystery is made more curious by the belief among researchers that the
hackers currently parading as the S.E.A. are not the same people who started the
pro-Assad campaign two years ago.
Experts say the Assad regime benefits from the ambiguity. “They have created
extra space between themselves and international law and international opinion,”
said James A. Lewis, a security expert with the Center for Strategic and
International Studies.
The S.E.A. emerged during the Syrian uprisings in May 2011, they said, to offer
a pro-Assad counternarrative to news coming out of Syria. In speeches, Mr. Assad
likened the S.E.A. to the government’s own online security corps, referring to
the group as “a real army in a virtual reality.”
In its early incarnation, researchers said, the S.E.A. had a clearly defined
hierarchy, with leaders, technical experts, a media arm and hundreds of
volunteers. Several early members belonged to the Syrian Computer Society, a
technical organization run by Mr. Assad before he became president. Until last
month, digital records suggest, the Syrian Computer Society still ran much of
the S.E.A.’s infrastructure. In April, a raid of S.E.A. Web domains revealed
that the majority were still registered to the society.
S.E.A. members initially created pro-Assad Facebook pages and spammed popular
pages like President Obama’s and Oprah Winfrey’s with pro-Syrian comments. But
by the fall of 2011, S.E.A. activities had become more premeditated. They
defaced prominent Web sites like Harvard University’s with pro-Assad messages,
in an attack a spokesman characterized as sophisticated.
At some point, the S.E.A.’s crucial players disappeared and a second crop of
hackers took over. The current group consists of roughly a dozen new actors led
by hackers who call themselves “Th3 Pr0” and “The Shadow” and function more like
Anonymous, the loose hacking collective, than a state-sponsored brigade. In
interviews, people who now identify as the S.E.A. insist they operate
independently from the Assad regime. But researchers who have been following the
group’s digital trail aren’t convinced.
“The opportunity for collaboration between the S.E.A. and regime is clear, but
what is missing is proof,” said Jacob West, a chief technology officer at
Hewlett-Packard. As governments consider stronger responses to malicious
cyberactivity, Mr. West said, “the motivation for Syria to maintain plausible
deniability is very, very real.”
Long before the S.E.A’s apparent changing of the guard, security researchers
unearthed a stealthier surveillance campaign targeting Syrian dissidents that
has since grown to include foreign aid workers. Morgan Marquis-Boire, a
researcher at the Citizen Lab at the University of Toronto, uncovered spyware
with names like “Dark Comet” and “BlackShades” sending information back to a
Syrian state-owned telecommunications company. The software — which tracked a
target’s location, read e-mails and logged keystrokes — disguised itself as an
encryption service for Skype, a program used by many Syrian activists.
Mr. Marquis-Boire has uncovered more than 200 Internet Protocol addresses
running the spyware. Some were among the few kept online last week during an
Internet disruption in Syria that the government blamed on a “technical
malfunction,” but experts described as a systematic government shutdown.
S.E.A. members deny spying on Syrian civilians. “We didn’t do that and we will
not,” the hacker who identifies himself as Th3 Pr0 wrote in an e-mail. “Our
targets are known,” he wrote, referring to the group’s public Twitter attacks.
Researchers have tracked several of those attacks — including that on The Onion
and another against Human Rights Watch in March — to a server in Russia, which
they believe is redirecting attacks from Syria. Last weekend, researchers traced
one attack back to a Syrian I.P. address registered to Syriatel, a
telecommunications company owned by Rami Makhlouf, Mr. Assad’s first cousin.
Dissidents say that connection is proof the S.E.A. is backed by the Assad regime
and claim that the Twitter attacks are just the outward-facing component of a
deeper surveillance campaign.
“There is no doubt they are the same,” said Dlshad Othman, a Syrian in
Washington who helps dissidents get rid of the spyware.
The smoking gun, Mr. Othman and others say, was an S.E.A. attack last year on
Burhan Ghalioun, a Syrian opposition leader. Shortly after Mr. Ghalioun’s
Facebook page was hacked, it began serving spyware to fans. Mr. Ghalioun’s
e-mails also showed up on a S.E.A. leak site.
The other potential link, they say, is a list of opposition leaders that
surfaced in July, after S.E.A. members boasted they could help the regime
quickly search for the names of opponents. Mr. Othman said the boasts were proof
the S.E.A. worked with the regime and kept tabs on dissidents.
Ironically, that opposition search most likely led to the S.E.A.’s internal
shake-up. Activists say encryption on the document was cracked, and in July it
popped up on Pastebin, a Web site for anonymous postings.
“There was a view that the government blamed the S.E.A. for the leak,” said John
Scott-Railton, a Citizen Lab research fellow.
In the days that followed, Facebook accounts for known S.E.A. members went dark.
S.E.A. aliases that researchers had been tracking suddenly vanished. New members
with different monikers assumed the group’s name. Researchers say the hackers
behind the recent spate of Twitter hacks are far less organized.
Outside Syria, the Twitter attacks made people take note of the S.E.A. But
inside Syria, they barely registered. Dissidents there are more concerned with
the mounting spyware infections and imprisonments. And researchers have seen the
spyware tracking a new target: aid workers.
“The Syrian opposition are quite paranoid and aware of the stakes,” Mr.
Marquis-Boire said. “But then you get foreign aid workers who show up to do good
work, but are not as paranoid about their operational security.”
“It’s a smart move if you think about it,” he added.
This article has been revised to reflect the following
correction:
Correction: May 17, 2013
An earlier version of this article based on previous reporting
referred incorrectly to a representative of The Financial Times,
Ryann Gastwirth. She is a spokeswoman, not a spokesman.
Hunting for Syrian Hackers’ Chain of
Command, NYT, 17.5.2013,
http://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html
Cyberattacks on the Rise
Against
U.S. Corporations
May 12,
2013
The New York Times
By DAVID E. SANGER and NICOLE PERLROTH
WASHINGTON
— A new wave of cyberattacks is striking American corporations, prompting
warnings from federal officials, including a vague one issued last week by the
Department of Homeland Security. This time, officials say, the attackers’ aim is
not espionage but sabotage, and the source seems to be somewhere in the Middle
East.
The targets have primarily been energy companies, and the attacks appeared to be
probes, looking for ways to seize control of their processing systems. The
attacks are continuing, officials said. But two senior administration officials
said Sunday that they were still not certain exactly where the attacks were
coming from, or whether they were state-sponsored or the work of hackers or
criminals.
“We are concerned by these intrusions, and we are trying to make sure they don’t
lead to something much bigger, as they did in the Saudi case,” said one senior
American official. He was referring to the aggressive attack last summer that
affected 30,000 computers at Saudi Aramco, one of the world’s largest oil
producers. After lengthy investigations, American officials concluded that Iran
had been behind the Saudi Aramco attack.
Another official said that in the new wave of attacks, “most everything we have
seen is coming from the Middle East,” but he did not say whether Iran, or
another country, appeared to be the source.
Last week’s warning was unusual because most attacks against American companies
— especially those coming from China — have been attempts to obtain confidential
information, steal trade secrets and gain competitive advantage. By contrast,
the new attacks seek to destroy data or to manipulate industrial machinery and
take over or shut down the networks that deliver energy or run industrial
processes.
That kind of attack is much more like the Stuxnet worm that the United States
and Israel secretly used against Iran’s nuclear enrichment plants several years
ago, to slow Iran’s progress toward a nuclear weapons capability. When that
covert program began, President Obama, among other officials, expressed worry
that its eventual discovery could prompt retaliatory attacks.
Two senior officials who have been briefed on the new intrusions say they were
aimed largely at the administrative systems of about 10 major American energy
firms, which they would not name. That is similar to what happened to Saudi
Aramco, where a computer virus wiped data from office computers, but never
succeeded in making the leap to the industrial control systems that run oil
production.
The Washington Post first reported the security warning on Friday. Over the
weekend the Obama administration described what had led to the warning. Those
officials began describing the activity as “probes that suggest someone is
looking at how to take control of these systems.”
According to one United States official, Homeland Security officials decided to
release the warning once they saw how deeply intruders had managed to penetrate
corporate systems, including one that deals with chemical processes. In the
past, the government occasionally approached individual companies it believed
were under threat. Last week’s warning “is an effort to make sure that the
volume and timeliness of the information improves,” in line with a new executive
order signed by the president, one senior official said.
The warning was issued by an agency called ICS-Cert, which monitors attacks on
computer systems that run industrial processes. It said the government was
“highly concerned about hostility against critical infrastructure
organizations,” and included a link to a previous warning about Shamoon, the
virus used in the Saudi Aramco attack last year. It also hinted that federal
investigations were under way, referring to indications “that adversary intent
extends beyond intellectual property to include use of cyber to disrupt business
and control systems.”
At Saudi Aramco, the virus replaced company data on thousands of computers with
an image of a burning American flag. The attack prompted the defense secretary
at the time, Leon E. Panetta, to warn of an impending “cyber 9/11” if the United
States did not respond more efficiently to attacks. American officials have
since concluded the attack and a subsequent one at RasGas, the Qatari energy
company, were the work of Iranian hackers. Israeli officials, who follow Iran
closely, said in interviews this month that they thought the attacks were the
work of Iran’s new “cybercorps,” organized after the cyberattacks that affected
their nuclear facilities.
Saudi Aramco said that while the attackers had attempted to penetrate its oil
production systems, they had failed because the company maintained a separation
between employees’ administrative computers and the computers used to control
and monitor production. RasGas said the attack on its computers had failed for
the same reason.
But there are no clear standards for computer security, and the Homeland
Security warning last week urged companies to take steps many computer
professionals already advise. The suggestions were for “things most everyone
should be doing on an everyday basis,” said Dan McWhorter, the managing director
of threat intelligence at Mandiant Corporation. His company conducted a study
this year that identified a specific unit of the Chinese Army as the source of a
number of attacks on American businesses and government organizations. “These
are all threats people have been seeing coming for some time,” he said.
Still, the warning underscored that most of the likely targets in the United
States, including cellphone networks and electric utility grids, are in private
rather than government hands. “The challenge will be managing our nation’s
offensive and defensive capabilities,” said Evan D. Wolff, a partner at Hunton &
Williams, who runs the firm’s homeland security practice and focuses on
cyberissues. “Unlike conventional weapons, this will require a very broad
engagement across the private sector.”
For the last four years, the Department of Homeland Security has said it needs
to expand its cybersecurity force by as many as 600 hacking specialists to keep
pace with the rising number of threats. But in the last four months, the
department has been grappling with an exodus of top officials, including Jane
Holl Lute, the agency’s deputy secretary; Mark Weatherford, the department’s top
cybersecurity official; Michael Locatis, the assistant secretary for
cybersecurity; and Richard Spires, the agency’s chief information officer, all
of whom resigned.
David E.
Sanger reported from Washington,
and Nicole
Perlroth from San Francisco.
Michael S.
Schmidt contributed reporting from Washington.
Cyberattacks on the Rise Against U.S. Corporations, NYT, 12.5.2013,
http://www.nytimes.com/2013/05/13/us/
cyberattacks-on-rise-against-us-corporations.html
U.S.
Directly Blames China’s Military
for
Cyberattacks
May 6, 2013
The New York Times
By DAVID E. SANGER
WASHINGTON
— The Obama administration on Monday explicitly accused China’s military of
mounting attacks on American government computer systems and defense
contractors, saying one motive could be to map “military capabilities that could
be exploited during a crisis.”
While some recent estimates have more than 90 percent of cyberespionage in the
United States originating in China, the accusations relayed in the Pentagon’s
annual report to Congress on Chinese military capabilities were remarkable in
their directness. Until now the administration avoided directly accusing both
the Chinese government and the People’s Liberation Army of using cyberweapons
against the United States in a deliberate, government-developed strategy to
steal intellectual property and gain strategic advantage.
“In 2012, numerous computer systems around the world, including those owned by
the U.S. government, continued to be targeted for intrusions, some of which
appear to be attributable directly to the Chinese government and military,” the
nearly 100-page report said.
The report, released Monday, described China’s primary goal as stealing
industrial technology, but said many intrusions also seemed aimed at obtaining
insights into American policy makers’ thinking. It warned that the same
information-gathering could easily be used for “building a picture of U.S.
network defense networks, logistics, and related military capabilities that
could be exploited during a crisis.”
It was unclear why the administration chose the Pentagon report to make
assertions that it has long declined to make at the White House. A White House
official declined to say at what level the report was cleared. A senior defense
official said “this was a thoroughly coordinated report,” but did not elaborate.
Missing from the Pentagon report was any acknowledgment of the similar abilities
being developed in the United States, where billions of dollars are spent each
year on cyberdefense and constructing increasingly sophisticated cyberweapons.
Recently the director of the National Security Agency, Gen. Keith Alexander, who
is also commander of the military’s fast-growing Cyber Command, told Congress
that he was creating more than a dozen offensive cyberunits, designed to mount
attacks, when necessary, at foreign computer networks.
When the United States mounted its cyberattacks on Iran’s nuclear facilities
early in President Obama’s first term, Mr. Obama expressed concern to aides that
China and other states might use the American operations to justify their own
intrusions.
But the Pentagon report describes something far more sophisticated: A China that
has now leapt into the first ranks of offensive cybertechnologies. It is
investing in electronic warfare capabilities in an effort to blind American
satellites and other space assets, and hopes to use electronic and traditional
weapons systems to gradually push the United States military presence into the
mid-Pacific nearly 2,000 miles from China’s coast.
The report argues that China’s first aircraft carrier, the Liaoning,
commissioned last September, is the first of several carriers the country plans
to deploy over the next 15 years. It said the carrier would not reach
“operational effectiveness” for three or four years, but is already set to
operate in the East and South China Seas, the site of China’s territorial
disputes with several neighbors, including Japan, Indonesia, the Philippines and
Vietnam. The report notes a new carrier base under construction in Yuchi.
The report also detailed China’s progress in developing its stealth aircraft,
first tested in January 2011.
Three months ago the Obama administration would not officially confirm reports
in The New York Times, based in large part on a detailed study by the computer
security firm Mandiant, that identified P.L.A. Unit 61398 near Shanghai as the
likely source of many of the biggest thefts of data from American companies and
some government institutions.
Until Monday, the strongest critique of China came from Thomas E. Donilon, the
president’s national security adviser, who said in a speech at the Asia Society
in March that American companies were increasingly concerned about
“cyberintrusions emanating from China on an unprecedented scale,” and that “the
international community cannot tolerate such activity from any country.” He
stopped short of blaming the Chinese government for the espionage.
But government officials said the overall issue of cyberintrusions would move to
the center of the United States-China relationship, and it was raised on recent
trips to Beijing by Treasury Secretary Jacob J. Lew and the chairman of the
Joint Chiefs of Staff, Gen. Martin E. Dempsey.
To bolster its case, the report argues that cyberweapons have become integral to
Chinese military strategy. It cites two major public works of military doctrine,
“Science of Strategy” and “Science of Campaigns,” saying they identify
“information warfare (I.W.) as integral to achieving information superiority and
an effective means for countering a stronger foe.” But it notes that neither
document “identifies the specific criteria for employing a computer network
attack against an adversary,” though they “advocate developing capabilities to
compete in this medium.”
It is a critique the Chinese could easily level at the United States, where the
Pentagon has declined to describe the conditions under which it would use
offensive cyberweapons. The Iran operation was considered a covert action, run
by intelligence agencies, though many techniques used to manipulate Iran’s
computer controllers would be common to a military program.
The Pentagon report also explicitly states that China’s investments in the
United States aim to bolster its own military technology. “China continues to
leverage foreign investments, commercial joint ventures, academic exchanges, the
experience of repatriated Chinese students and researchers, and state-sponsored
industrial and technical espionage to increase the level of technologies and
expertise available to support military research, development and acquisition.”
But the report does not address how the Obama administration should deal with
that problem in an economically interconnected world where the United States
encourages those investments, and its own in China, to create jobs and deepen
the relationship between the world’s No. 1 and No. 2 economies. Some experts
have argued that the threat from China has been exaggerated. They point out that
the Chinese government — unlike, say, Iran or North Korea — has such deep
investments in the United States that it cannot afford to mount a crippling
cyberstrike on the country.
The report estimates that China’s defense budget is $135 billion to $215
billion, a large range attributable in part to the opaqueness of Chinese
budgeting. While the figure is huge in Asia, the top estimate would still be
less than a third of what the United States spends every year.
Some of the report’s most interesting elements examine the debate inside China
over whether this is a moment for the country to bide its time, focusing on
internal challenges, or to directly challenge the United States and other powers
in the Pacific.
But it said that “proponents of a more active and assertive Chinese role on the
world stage” — a group whose members it did not name — “have suggested that
China would be better served by a firm stance in the face of U.S. or other
regional pressure.”
This article
has been revised to reflect the following correction:
Correction: May 7, 2013
An earlier version of this article gave the incorrect number for the unit
identified by a New York Times article in February as the likely source of many
of the biggest thefts of data from American companies and some government
institutions. It is P.L.A. Unit 61398, not 21398. The name of China’s first
aircraft carrier was also misspelled. It is the Liaoning, not the Lianoning.
U.S. Directly Blames China’s Military for Cyberattacks,
NYT,
6.5.2013,
http://www.nytimes.com/2013/05/07/
world/asia/us-accuses-chinas-military-in-cyberattacks.html
|
