UK Bill Would Require Age Verification
February 25, 2022
It might seem like a no-brainer—require age verification to protect children from adult content wherever it may appear online. But The Register insists it is not so simple in, “UK.gov Threatens to Make Adults Give Credit Card Details for Access to Facebook or TikTok.” The UK’s upcoming Online Safety Bill will compel certain websites to ensure users are 18 or older, a process often done using credit card or other sensitive data. Though at first the government vowed this requirement would only apply to dedicated porn sites, a more recent statement from the Department for Digital, Culture, Media, and Sport indicates social media companies will be included. The statement notes research suggests such sites are common places for minors to access adult material.
Writer Gareth Corfield insists the bill will not even work because teenagers are perfectly capable of using a VPN to get around age verification measures. Meanwhile, adults following the rules will have to share sensitive data with third-party gatekeepers just to keep up with friends and family on social media. Then there is the threat to encryption, which would have to be discontinued to enable the bills provision for scanning social media posts. Civil liberties groups have expressed concern, just as they did the last time around. Corfield observes:
“Prior efforts for mandatory age verification controls were originally supposed to be inserted into Digital Economy Act but were abandoned in 2019 after more than one delay. At that time, the government had designated the British Board of Film Classification, rather than Ofcom, as the age verification regulator. In 2018, it estimated that legal challenges to implementing the age check rules could cost it up to £10m in the first year alone. As we pointed out at the time, despite what lawmakers would like to believe – it’s not a simple case of taking offline laws and applying them online. There are no end of technical and societal issues thrown up by asking people to submit personal details to third parties on the internet. … The newer effort, via the Online Safety Bill, will possibly fuel Britons’ use of VPNs and workarounds, which is arguably equally as risky: free VPNs come with a lot of risks and even paid products may not always work as advertised.”
So if this measure is not viable, what could be the solution to keeping kids away from harmful content? If only each child could be assigned one or more adults responsible for what their youngsters access online. We could call them “caregivers,” “guardians,” or “parents,” perhaps.
Cynthia Murrell, February 25, 2022
Anduril Victorious with SOCOM Contract
February 25, 2022
Tech startups, and the venture capitalists that back them, have been trying valiantly to break the chains of traditional government procurements. Pointing to a recent nearly billion-dollar deal, Breaking Defense ponders, “Anduril Nets Biggest DoD Contract to Date: Signifier or Outlier for Defense Start-Ups?” Anduril is based in Irvine, California, and was founded in 2017. The surveillance and military tech company beat out 11 others competing for the lucrative contract with Special Operations Command (SOCOM). Reporter Andrew Eversden writes:
“Anduril will serve as a systems integrator partner on SOCOM’s counter-unmanned systems efforts. The contract is worth a maximum of $967,599,957 over the next the decade. Under the contract, SOCOM will be able to purchase Anduril’s systems through traditional means, in addition to buying Anduril’s products as a service, meaning the command can configure the system ‘based on mission profiles and ensuring SOCOM can rapidly adapt to new and evolving threat profiles.’ According to the company press release, the company will ‘deliver, advance, and sustain CUxS capabilities for special operations forces wherever they operate.’ It will provide counter-drone capability through its Lattice AI platform, which is designed to autonomously identify and classify threats. The system will be deployed both domestically and overseas, the Jan. 20 announcement stated. Anduril has made major strides in the last year positioning itself to win major defense contracts and augment its technology portfolio. Last year, it acquired Area-I, a tube-launched unmanned aerial system maker. Last summer, the company won a five-year, $99 million production other transaction agreement with the Pentagon’s Defense Innovation Unit for its counter-drone tech. In September, it bought Copious Imaging, whose technology added another layer of threat detection to Anduril’s air defense portfolio.”
We also note the firm had the honor of collaborating with Palantir on the Army’s Tactical Intelligence Targeting Access Node (TITAN) prototype last year. Tech executives and investors have expressed frustration at the challenges of doing business with our military, but this latest contract may be a signal that startups and other non-giant companies can make their way in the federal marketplace after all. On the other hand, we are told, SOCOM has long been the DoD division most likely to embrace innovative, non-traditional partners. If this contract goes well, perhaps SOCOM’s forward-thinking perspective will spread to other agencies. No pressure, Anduril.
Cynthia Murrell, February 25, 2022
Facebook: Irish Troubles
February 24, 2022
When I think of Ireland, here’s what comes to mind:
- A really weird street with jazzy murals and a penchant for violence
- Uplifting novels by Ken Bruen
- Potatoes
- The craic
After reading “Facebook Receives Bad News That Could Disrupt Its Business,” I am now thinking big money changing hands. The write up explains:
“We issued our decision [regarding trans border data] to Meta yesterday. And we have given them 28 days to come back to us with any comments they have. And at that stage we will prepare our draft decision and send our draft decision to our colleague data protection authorities in the EU and I expect that to happen in April,” Doyle [Irish Data Protection spokes person] said. The stakes are high: if the Meta is prohibited from transferring information, its activities in Europe will be very strongly affected.
Implications? Meat — sorry, I meant Meta, formerly the Zuckbook — has one more issue to ponder. Oscar Wilde noted:
“Experience is merely the name men gave to their mistakes.”
Perhaps a VR headset will improve the Emerald Isle real world experience?
Stephen E Arnold, February 24, 2022
Yep, Those Microsoft Exchange Servers Are Appealing to Some Bad Actors
February 22, 2022
I know that few agree with my assessment of Windows 11; that is, rushed out without informing the Twit.tv experts. Why? To get attention focused on something other than Microsoft security issues. SolarWinds? Exchange Server? I don’t know.
Then I irritated a few folks with my opinion that the big deal for the electronic game company and the attendant meta chant is essentially another distraction? Why? Maybe the wonderful Windows Defender system before an issue was fixed recently? Maybe another problem with Azure? I don’t know.
I do know that I read some information, which if true, makes clear that the US has a problem with security. And I know that some of the “problem” is a result of Microsoft’s software and systems. My source is the “real” news article FBI Says BlackByte Ransomware “FBI Says BlackByte Ransomware Group Has Breached Critical US Infrastructure.” Let’s assume that the information in the write up is mostly on the money.
First, we note that the FBI issued a statement available here which says that malware has compromised multiple businesses. What’s interesting is that infrastructure sectors appear to have been compromised. What does that mean? My take is that this is a gentle way of saying that bad actors can muck up certain organizations, financial functions, and food (maybe jiggle the chemicals for fertilizer or send box cars to Texas?).
Second, the write up points out that an NFL football team’s systems may have been fiddled. Interesting indeed. Why? No idea.
Third, this paragraph is the one which I think is the most important:
In their warning, the authorities said some victims reported that the bad actors used a known Microsoft Exchange Server vulnerability to gain access to their networks. The authorities have also released filenames, indicators of compromise and hashes that IT personnel can use to check their networks for presence of the ransomware.
Yep, Microsoft. Exchange Servers.
Windows 11 distracted for a while. The game deal is headed for legal choppy water. What will Microsofties roll out next? A phone, a new foldable perhaps, another reorganization?
Fascinating that security issues keep emerging and with each revelation the stakes creep higher. Bad actors may find this information encouraging. I find it downright awful.
Stephen E Arnold, February 22, 2022
Department of Defense: Troubling News about Security
February 21, 2022
It looks like a lack of resources and opaque commercial cloud providers are two factors hampering the DOD’s efforts to keep the nation cyber-safe. Breaking Defense discusses recent research from the Pentagon’s Director of Operational Test and Evaluation (DOT&E) in, “Pentagon’s Cybersecurity Tests Aren’t Realistic, Tough Enough: Report.” We encourage anyone interested in this important topic to check out the article and/or the report itself. Reporter Jaspreet Gill summarizes:
“[The report] states DoD should refocus its cybersecurity efforts on its cyber defender personnel instead of focusing primarily on the technology associated with cyber tools, networks and systems, and train them to face off against more real threats earlier in the process. For now, cybersecurity ‘Red Teams’ are stretched too thin and the ones that do test military systems are doing it with one hand tied behind their back compared to what actual adversaries would do, the report said.”
Enabling these teams to do their best work would mean giving them more time on the network to test vulnerabilities, more extensive toolsets, realistic rules of engagement, and better end-to-end planning, the report explains. In addition, it states, cyber security training must be expanded to include mission defense teams, system users, response-action teams, commanders, and network operators. We also learn that current funding practices effectively prohibit setting up offices dedicated to cyber technology effectiveness and training. Seriously? See the write-up for more recommendations that should be obvious.
The following bit is particularly troubling in this age of increasing privatization and corporate power. Gill informs us:
“The assessment also found DoD’s cyber concerns increasingly mirror those in the commercial sector due to increasing reliance on commercial products and infrastructure, especially with cloud services. The report recommends the Pentagon renegotiate contracts with commercial cloud providers and establish requirements for future contracts. ‘The DOD increasingly uses commercial cloud services to store highly sensitive, classified data, but current contracts with cloud vendors do not allow the DOD to independently assess the security of cloud infrastructure owned by the commercial vendor, preventing the DOD from fully assessing the security of commercial clouds. Current and future contracts must provide for threat-realistic, independent security assessments by the DOD of commercial clouds, to ensure critical data is protected.’”
Well yes—again that seems obvious. Public-private partnerships should be enacted with a dash of common sense. Unfortunately, that can be difficult to come by amidst bureaucracy.
Cynthia Murrell, February 21, 2022
Google Joke: A Googler Walks into a Coffee Shop with a Regulator and…
February 17, 2022
I read an amusing write up called “Google Keeps Android Ad Tool Into At Least 2024, Exploring Other Options.” I think the writer of the article is serious, not crafting a joke for Joe Rogan’s much admired “Man Show” comments. Here is the passage I found semi amusing:
Google said it would give “substantial notice” before axing what is known as AdId. But it will immediately begin seeking feedback on its proposed alternatives, which Google said aim to better protect users’ privacy and curb covert surveillance.
But better than what? What happens if there are technical issues in 2024? A Googler walks into a coffee shop with a regulator and says, “We need more time to better protect users’ privacy and curb covert surveillance.”
The regulator laughs out loud because he was thinking of Apple marginalizing Facebook. Perhaps the Google is delivering some Meta-Aid. Whoops. I meant to type Meta AdID.
Stephen E Arnold, February 17, 2022
Interesting Assertion from Bezos Affiliated Newspaper
February 15, 2022
My recollection is that Amazon, when under Jeff Bezos’ control, provided technology to the US Central Intelligence Agency. I was surprised when I read “Senators: CIA Has Secret Program That Collects American Data.” I have no idea if the story is on the money or note. I found it interesting that Amazon was not mentioned in the write up. Even though that interesting detail was omitted, I noted this passage in the article:
“These reports raise serious questions about the kinds of information the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans,” Patrick Toomey, a lawyer for the American Civil Liberties Union, said in a statement. “The CIA conducts these sweeping surveillance activities without any court approval, and with few, if any, safeguards imposed by Congress.”
And Amazon? Not in the picture. Amazon’s client? In the picture.
Stephen E Arnold, February 15, 2022
African Governments Vs. Citizens Online
February 7, 2022
As Market Research Telecast reports in a recent write-up, “Hacking: Demand for Products from the NSO Group and Co. Does Not Decrease.” As that piece points out, sales of the notorious Pegasus and other spyware continue to grow despite a rash of lawsuits, sanctions, and other threats against preeminent spyware vendor NSO. We see several examples of ways governments use such tools and other cyber strategies against their citizens, and some unintended consequences, in the Africa Center for Strategic Studies’ article, “Deluge of Digital Repression Threatens African Security.” Reporters Nathaniel Allen and Catherine Lena Kelly write:
“Digital repression is on the rise in many parts of Africa. Over a dozen African countries have recently experienced politically motivated internet shutdowns. Roughly the same number have been identified as operators of military-grade spyware (such as Pegasus, RCS, and FinFisher), which they use to track domestic political opponents and activists with the same vigor as criminals and terrorists. Governments employ automated tools to subject social media platforms to expansive surveillance. Increasingly, leaders are taking advantage of vague elements of recently passed cybercrime laws to expand executive powers to arrest activists and debilitate the free press. African leaders frequently portray digitally repressive tactics as necessary to combat threats from terrorism, organized crime, and secessionist violence. In fact, their main impact is to undermine the fundamental freedoms that make it possible for governments to be transparent, legitimate, and accountable to citizens.”
The thorough, link-filled article provides examples of such legislation leveraging, beginning with Tanzania. Information gathered with spyware is used against political opponents, journalists, and activists to blackmail, harass, or arrest them. Then there are other repressive tactics, like simply shutting down the Internet. This is a favorite ploy before and during contested elections and amid protests.
Allen and Kelly point out this irony: though governments often cite security as their excuse for implementing repressive policies, such measures often have the opposite effect by fueling political instability. Then there are the financial costs—like the rest of the world, much of Africa’s business has moved online. Politically motivated Internet shutdowns can be extremely pricy.
The article goes on to spell out some measures that can help combat misinformation and extremism online without sacrificing citizen rights. It also describes several citizen-centric organizations working to protect online freedoms in different parts of Africa. See the article for those details.
Cynthia Murrell, February 9, 2022
Facebook: Reluctant But Why?
January 26, 2022
The write up concerns Facebook in Australia. Australia has good relationships with the US. The bonds between Australia and the United Kingdom seem to be in reasonable shape as well. Australia, it seems to me, has been an origin point for some interesting ideas related to online.
“Meta Most Reluctant to Work with Government: Home Affairs” points out that Meta (originally just plain old super community minded Facebook) is less enthusiastic about working with Australia’s government than some of its very large, possibly monopolistic fellow travelers.
The write up reports:
In a submission to the House Select Committee Inquiry into Social Media and Online Safety, Home Affairs criticized Meta for not doing enough to protect its users and for not adequately engaging with the government on these issues. In its own submission, Meta said it has “responded constructively” to Australian government inquiries and is “highly responsive” to local regulators.
I think this means that Meta is doing a better job at foot dragging than some other big technology firms. Like Meta’s recognition as the worst company in the United States, the highly responsive outfit has tallied points in the “less enthusiastic” competition.
The Australian government and Meta have other issues which have caused the US company to arm wrestle with Australian officials; for example, encryption of Facebook Messenger content, dealing with Australian media’s interest in compensation for its content, and ideas about privacy.
The write up does not answer the question “But why?”
To fill the void, may I suggest a cou8ple of reasons:
- Keep people in the dark. Disclosures about Meta technology, business practices, or data systems might inform the Australian government. With the information, the Australian government could formulate some new ideas about fining or controlling the community focused US outfit. In short, Meta information may lead to meta prosecution perhaps?
- Take steps to prevent data moving around the Five Eyes. Information disclosed in Australia might find its way to the US and the UK. Despite these countries’ security methods, some of that disclosed data could seep into the efficient machinery of the European Union. It is conceivable that the risk of becoming even more responsive to Australia increases the risk of EU action with regard to the community oriented social media company.
- Circle the wagons to prevent user defections. Cooperating in any way that become public could cause some Meta users to delete their accounts and prevent others in their span of control from using Meta services. This means a loss of revenue, and a loss of revenue has downside consequences; namely, encouragement for other high technology companies to nose into Meta territory.
I want to emphasize none of these ideas appear in the write up cited above. Furthermore, these are views which I developed talking with my colleagues about Meta.
Net net: Meta does not want information about its systems, methods, research, and policies. Frances Haugen, it seems, did not get that email.
Stephen E Arnold, January 26, 2022
A Comparison: US Vs. European Government Methods
January 21, 2022
I know one thing about 5G. The T Mobile super high speed service delivers data more slowly than my 4G / LTE service. Thus, it is difficult for me to accept that the pig slow 5G in rural Kentucky is a threat to aircraft eager to land on the dirt road used by certain characters in the Commonwealth.
I noted “5G Is Grounding Planes and Freaking Out Airlines: We Found Out Why.” I want to sidestep the somewhat interesting discussion about who shot John, the 5G expert. The US government and the airlines are wrestling with US 5G carriers. The main idea is a minor one; that is, 5G signals in the C band emitted from vertically mounted towers could — note the word could — cause an aircraft to demonstrate one of Newton’s Laws in an expensive way.
But here’s the quote which caught my attention:
The issues haven’t affected other countries as badly because they don’t use the same 5G frequencies as the US. In Europe, for instance, the network operates on a wavelength that is less likely to cause interference. Both the EU’s Aviation Safety Authority and the UK’s Civil Aviation Authority say there’s no such problem with their networks. China and Australia have also rolled out 5G without any issues with aircraft…. Critics have also pointed the finger at the federal government. They’ve blamed the Trump administration for failing to create a national spectrum policy and the Biden administration for the chaotic rollout. Somehow, Europe’s collection of crappy governments has avoided such problems. [Emphasis added by the Beyond Search editor]
Interesting. Now European governments have a larger challenge to surmount. Vacationing in Kiyv perhaps?
Stephen E Arnold, January 21, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
