President Donald Trump has had a lot on his plate in recent weeks — defending his administration from news of a criminal investigation by the FBI for alleged Russia collusion, rallying support for a controversial health care bill.
Somehow amid all that, the president, or his lawyers acting on their own, decided to go after a teenage girl from San Francisco, the Hollywood Reporter said.
Apparently, America’s commander in chief took issue with the girl’s website Kittenfeed.com. Originally called Trumpscratch.com, the site allows users to punch an animated image of Trump’s face with tiny kitten paws. It comes with the tagline: “Trump seems very tough at first but he gets weaker with every scratch.”
The girl, identified as “Lucy,” told the Observer that she developed the site, with its #Trumpcat hashtag, for fun while applying for web developer jobs. Little did she know that her site, which only drew 1700 visitors after its launch in February, had attracted the notice of the most important political leader on earth.
On March 1, she said she received a cease and desist letter from The Trump Organization. The letter claims her site infringed on the “internationally known and famous” Trump trademark.
After Lucy changed the domain name, she received another letter from the Trump Organization because her site linked to an anti-Trump shirt that is available for purchase on Amazon. Lucy told the Hollywood Reporter that she removed the link, and hasn’t heard anything from the campaign since.
Lucy is not alone in thinking that the president should have better things to with his time than to ask his lawyers to go after a teenager for creating a silly website.
“I really just want people to be aware that this is a president who’s clearly more concerned about what people think of him than doing things of substance,” she told the Hollywood Reporter.
However, she said she’s not surprised he might be so easily provoked by her site, given that he wages Twitter feuds with former California Gov. Arnold Schwarzenegger over ratings for his former reality TV show “Celebrity Apprentice.”
“Literally all my site is, is punching him with kitten paws,” she said. “A president should not have the time or care to hire people to shut sites like mine down. He should be running the country, not tweeting about TV ratings or anything else like that.”
Not surprisingly, the moves by Trump’s lawyers have had the opposite effect of their intention. After the Observer originally published its report on Tuesday, the site’s visitors surged from 3,000 to 50,000.
However, the site was down on Wednesday, possibly from so many users trying to access it.
The lesson here is that Trump may talk a tough game as president, but he and his tough, high-priced attorneys are no match for animated kittens.
This afternoon in London England there was another ‘terrorist incident’, this time just outside the entrance to their Parliament Building. The last I heard before I started this commentary there are four dead and about 20 wounded. One of the dead is the attacker, another is a Police Officer. The other two dead people were killed by being driven over by the attacker. What a typical example of ones hate being forced upon others lives. Folks, when a person chooses to murder someone, do you think they are doing this because they are ‘happy’ with the one they decide to kill? I tend to think, no, how about you? Killing other people, outside of contract obligations such as when you are in your Nation’s Military, or in the case of self-defence, murder is usually done through or because of hate. So, today the actions of one man ended the lives of three others and harmed and scarred many others. One man’s actions caused a lot of chain reactions not just in heroic goodness of some, but in the actions of the Press there in London informing we the people of the events, step by step. Yes they did a rather good job of informing me of the steps that (England’s) has in place that security protocol is designed to function within. In this case a person filled with hate could best figure out where to form a multi-tiered attack. Think of the pure hate concept of bringing an ambulance to a bomb or mass shooting location, filled with C-4 just so you can kill as many First Responders as you possibly can. Folks, this is not the way of a rational mind, nor of a God! It is not a mind filled with any form of morality, it is a mind filled with Evil, hate. When we humans decide to degrade other human beings to a ‘less than’ human status it becomes easier and easier to degrade, hurt or even kill them.
Friends this type of hate that we witnessed this afternoon in London is not just a hiccup in human history that we are living in, this is the reality for humans for ever more. Europe is being forced to deal with this hatred toward their own people and toward their own cultures. Here in the U.S. we have suffered several examples of hatred also toward our people and our chosen ways of life. Yet Europe and her people are a tender underbelly to a region full of hatred, for you and your way of life. I believe that the U.S. and all of the ‘America’s’ are just starting to see the damage caused by hatred. The olden days (our version of the good old days), they’re gone, they are not going to return, but why not? The answer is hatred folks. Hatred has a great helpmate which also causes so much heartache and that is ignorance. No one on this planet will ever have a totally unmonitored lifestyle again, nor will we ever be free of people hating you/us. Welcome to the new world everyone, the one filled with unending security measures brought on because of threats that are real or imagined. You see, fear caused by hatred can easily be duplicated in the one who fears as a way to grow into another hate filled, ignorant, Satan serving beast. A person who is hate filled creates and early grave for themselves and those around them, and a footstool in Hell.
American Citizens: U.S. Border Agents Can Search Your Cellphone
byCYNTHIA MCFADDEN, E.D. CAUCHI, WILLIAM M. ARKINandKEVIN MONAHAN
When Buffalo, New York couple Akram Shibly and Kelly McCormick returned to the U.S. from a trip to Toronto on Jan. 1, 2017, U.S. Customs & Border Protection officers held them for two hours, took their cellphones and demanded their passwords.
“It just felt like a gross violation of our rights,” said Shibly, a 23-year-old filmmaker born and raised in New York. But he and McCormick complied, and their phones were searched.
Three days later, they returned from another trip to Canada and were stopped again by CBP.
“One of the officers calls out to me and says, ‘Hey, give me your phone,'” recalled Shibly. “And I said, ‘No, because I already went through this.'”
The officer asked a second time.
Watch Cynthia McFadden on Nightly News for More
Within seconds, he was surrounded: one man held his legs, another squeezed his throat from behind. A third reached into his pocket, pulling out his phone. McCormick watched her boyfriend’s face turn red as the officer’s chokehold tightened.
Then they asked McCormick for her phone.
“I was not about to get tackled,” she said. She handed it over.
Shibly and McCormick’s experience is not unique. In 25 cases examined by NBC News, American citizens said that CBP officers at airports and border crossings demanded that they hand over their phones and their passwords, or unlock them.
The travelers came from across the nation, naturalized citizens and people born and raised on American soil. They traveled by plane and by car at different times through different states. Businessmen, couples, senior citizens, and families with young kids, questioned, searched, and detained for hours when they tried to enter or leave the U.S. None were on terror watchlists. One had a speeding ticket. Some were asked about their religion and their ethnic origins, and had the validity of their U.S. citizenship questioned
What most of them have in common — 23 of the 25 — is that they are Muslim, like Shibly, whose parents are from Syria.
Data provided by the Department of Homeland Security shows that searches of cellphones by border agents has exploded, growing fivefold in just one year, from fewer than 5,000 in 2015 to nearly 25,000 in 2016.
According to DHS officials, 2017 will be a blockbuster year. Five-thousand devices were searched in February alone, more than in all of 2015.
“That’s shocking,” said Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security. She wrote the rules and restrictions on how CBP should conduct electronic searches back in 2009. “That [increase] was clearly a conscious strategy, that’s not happenstance.”
“This really puts at risk both the security and liberty of the American people,” said Senator Ron Wyden, D-Oregon. “Law abiding Americans are being caught up in this digital dragnet.”
“This is just going to grow and grow and grow,” said Senator Wyden. “There’s tremendous potential for abuse here.”
What CBP agents call “detaining” cellphones didn’t start after Donald Trump’s election. The practice began a decade ago, late in the George W. Bush administration, but was highly focused on specific individuals.
The more aggressive tactics of the past two years, two senior intelligence officials told NBC News, were sparked by a string of domestic incidents in 2015 and 2016 in which the watch list system and the FBI failed to stop American citizens from conducting attacks. The searches also reflect new abilities to extract contact lists, travel patterns and other data from phones very quickly.
But the officials caution that rhetoric about a Muslim registry and ban during the presidential campaign also seems to have emboldened federal agents to act more forcefully.
“The shackles are off,” said Hugh Handeyside, a staff attorney with the ACLU’s National Security Project. “We see individual officers and perhaps supervisors as well pushing those limits, exceeding their authority and violating people’s rights.”
And multiple sources told NBC News that law enforcement and the Intelligence Community are exploiting a loophole to collect intelligence.
Under the Fourth Amendment, law enforcement needs at least reasonable suspicion if they want to search people or their possessions within the United States. But not at border crossings, and not at airport terminals.
“The Fourth Amendment, even for U.S. citizens, doesn’t apply at the border,” said Callahan. “That’s under case law that goes back 150 years.”
Customs and Border officers can search travelers without any level of suspicion. They have the legal authority to go through any object crossing the border within 100 miles, including smartphones and laptops. They have the right to take devices away from travelers for five days without providing justification. In the absence of probable cause, however, they have to give the devices back.
CBP also searches people on behalf of other federal law enforcement agencies, sending its findings back to partners in the DEA, FBI, Treasury and the National Counterterrorism Center, among others.
Callahan thinks that CBP’s spike in searches means it is exploiting the loophole “in order to get information they otherwise might hot have been able to.”
On January 31, an engineer from NASA’s Jet Propulsion Laboratory was pulled into additional screening upon his return to the U.S. after a two-week vacation in Chile. Despite being cleared by the Global Entry program, Sidd Bikkannavar received an “X” on his customs form. He is not Muslim, and he is not from any of the seven countries named in President Trump’s original “travel ban” executive order. Half his family comes from India but he was born and raised in California.
Bikkannavar was brought into a closed room and told to hand over his phone and passcode. He paid particular notice to the form CBP handed him which explained it had the right to copy the contents of the phone, and that the penalty for refusal was “detention.”
“I didn’t know if that meant detention of the phone or me and I didn’t want to find out,” said Bikkannavar. He tried to refuse but the officer repeatedly demanded the PIN. Eventually he acquiesced.
“Once they had that, they had everything,” Bikkannavar said. That access allowed CBP officers to review the backend of his social media accounts, work emails, call and text history, photos and other apps. He had expected security might physically search any travelers for potential weapons but accessing his digital data felt different. “Your whole digital life is on your phone.”
The officers disappeared with his phone and PIN. They returned 30 minutes later and let him go home.Sidd Bikkannavar poses for a portrait in 2014. Takashi Akaishi
CBP also regularly searches people leaving the country.
On February 9, Haisam Elsharkawi was stopped by security while trying to board his flight out of Los Angeles International Airport. He said that six Customs officers told him he was randomly selected. They demanded access to his phone and when he refused, Elsharkawi said they handcuffed him, locked him in the airport’s lower level and asked questions including how he became a citizen. Elsharkawi thought he knew his rights and demanded access to legal counsel.
“They said if I need a lawyer, then I must be guilty of something,” said Elsharkawi, and Egyptian-born Muslim and naturalized U.S. citizen. After four hours of questioning in detention, he unlocked his smartphone and, after a search, was eventually released. Elsharkawi said he intends to sue the Department of Homeland Security.
The current policy has not been updated since 2009. Jayson Ahern, who served in CBP under both Bush and Obama, signed off on the current policy. He said the electronic searches are supposed to be based on specific, articulable facts that raise security concerns. They are not meant to be random or routine or applied liberally to border crossers. “That’s reckless and that’s how you would lose the authority, never mind the policy.”
The Customs & Border Patrol policy manual says that electronic devices fall under the same extended search doctrine that allows them to scan bags in the typical security line.
“As the threat landscape changes, so does CBP,” a spokesperson told NBC News.
Since the policy was written in 2009, legal advocates argue, several court cases have set new precedents that could make some CBP electronic searches illegal.
Several former DHS officials pointed to a 2014 Supreme Court ruling in Riley v California that determined law enforcement needed a warrant to search electronic devices when a person is being arrested. The court ruled unanimously, and Chief Justice John Roberts wrote the opinion.
“Modern cellphones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans ‘the privacies of life,'” wrote Roberts. “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought.”
Because that case happened outside of the border context, however, CBP lawyers have repeatedly asserted in court that the ruling does not apply to border searches.
For now a Department of Justice internal bulletin has instructed that, unless border officers have a search warrant, they need to take protective measures to limit intrusions, and make sure their searches do not access travelers’ digital cloud data. The ‘cloud’ is all content not directly stored on a device, which includes anything requiring internet to access, like email and social media.
Former DHS officials who helped design and implement the search policy said they agreed with that guidance.
Wyden Pushes to Change the Policy
On February 20, Sen. Wyden wrote to DHS Secretary John Kelly demanding details on electronic search-practices used on U.S. citizens, and referred to the extent of electronic searches as government “overreach”. As of publication, he had yet to receive an answer.
Now Sen. Wyden says that as early as next week he plans to propose a bill that would require CBP to at least obtain a warrant to search electronics of U.S. citizens, and explicitly prevent officers from demanding passwords.
“The old rules … seem to be on the way to being tossed in the garbage can,” said Senator Wyden. “I think it is time to update the law.”
Asked about the Shibly case, a CBP spokesperson declined to comment, but said the Homeland Security Inspector General is investigating. The spokesperson said the agency can’t comment on open investigations or particular travelers, but that it “firmly denies any accusations of racially profiling travelers based on nationality, race, sex, religion, faith, or spiritual beliefs.”
Explaining the sharp increase in electronic searches, a department spokesperson told NBC News: “CBP has adapted and adjusted to align with current threat information, which is based on intelligence.” A spokesman also noted that searches of citizens leaving the U.S. protect against the theft of American industrial and national security secrets.
After repeated communications, the Department of Homeland Security never responded to NBC News’ requests for comments. Nonetheless, the Homeland Security Inspector General is currently auditing CBP’s electronic search practices.
The Council on American-Islamic Relations (CAIR) also has filed two dozen complaints against CBP this year for issues profiling Muslim Americans. CAIR and the Electronic Frontier Foundation are considering legal action against the government for what they consider to be unconstitutional searches at the border.
The rule has never changed: Every phenomenon or positive change has a tax to be paid, whether we like it or not.This rule also applies to the enormous technological progress we are witnessing and its unlimited positive outcomes on our lives, businesses and communities. Here, the tax users pay is represented by forbidden acts and taboos becoming accepted and incorporated into our lives.
People might not sense this gradual transformation but they eventually accept it in return for using technology. Speaking of attempts to maintain some privacy has become impossible – privacy has been violated with a knockdown.
A group of scientists from Harvard University has developed a mosquito-sized robot that can steal samples of your DNA without you feeling it. Professor of Computer Science Margo Seltzer said that the privacy we used to know before no more exists, adding that current techniques such as credit cards, internet networks, highway radars, cameras in streets, social media and emails can all leave a digital print of us by which we can be followed.
In 2013, more than five billion data records were lost or stolen, according to the Breach Level Index (BLI). This reveals that perhaps only those distant from the world of internet were not subject to violation of privacy– and they did not avoid it for fear or cautiousness but because they weren’t capable of affording such technology – yet, they are certainly on their way there.
Half the world’s population is constantly connected to the Internet while the other half is on its way. According to Gartner, Inc. there will be 25 billion smartphones by 2020. At that time, no one will be safe regardless if he uses a smartphone or not. Saudi Arabia, for example, has a population of 30 million people, having 24 million internet users and 48 million subscribers of mobile telecommunication services.
Violations taking place every second with data and information divulged have become manifest for anyone connected to the internet. And it is impossible to stop or block them.
Take what has been published by founder of WikiLeaks Julian Assange in 2013 as an example – he published a huge archive of correspondences for former US Secretary of State Henry Kissinger since 1973 till 1976. These correspondences were classified as top secret and totaled 1.7 million, five-fold what has been previously published in WikiLeaks.
Another example is former Central Intelligence Agency (CIA) Edward Snowden, currently residing in Russia, who has unveiled that the National Security Agency (NSA) in the US and the Government Communications Headquarters (GCHQ) in Britain have jointly developed a technology that permits access to many global internet activity, call logs, individuals’ emails and a huge content of other digital telecommunications.
Misuse of personal data is a growing challenge all over the world. Requests were made to governments to take charge of protecting the future of citizens’ privacy and their social prosperity. However, it seems that none is capable of that, with governments themselves failing to protect their own classified data. So, how would a normal individual be able to do that?!
Till now there are no realistic solutions that show optimism in ending the violation of our privacy. Given that we have agreed to be connected to the Internet and to use smartphones, we should admit that our privacy has been violated irreversibly, even if we try to convince ourselves otherwise.
The latest revelations about U.S. government’s powerful hacking tools potentially takes surveillance right into the homes and hip pockets of billions of users worldwide, showing how a remarkable variety of every day devices can be turned to spy on their owners.
Televisions, smartphones and Internet-connected vehicles are all vulnerable to CIA hacking, according to the Wikileaks documents released Tuesday. The capabilities described include recording the sounds, images and the private text messages of users, even when they use encrypted apps to communicate. The CIA also studied whether it could infect vehicle control systems used by modern cars and trucks, which Wikileaks said could allow “nearly undetectable assassinations.”
In the case of a tool called “Weeping Angel” for attacking Samsung SmartTVs, Wikileaks wrote, “After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on, In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”
The documents, which The Washington Post could not independently verify and the CIA has declined to confirm, list supposed tools for cracking into such widely popular devices as Apple’s iPhone or the Android smartphones whose operating system is made by Google, but there are marked differences from the 2013 revelations by the National Security Agency’s former contractor Edward Snowden.
His documents largely described mass surveillance of Internet-based communications systems, more often than the individual devices that appear to have been the focus of the CIA. By targeting devices, the CIA could gain access to even well-encrypted communications, on such popular apps as Signal and WhatsApp, without having to crack the encryption itself. The Wikileaks reports appear to acknowledge that difference by saying the CIA “bypassed” as opposed to defeated encryption technologies.
Resignation and frustration rippled through Silicon Valley on Tuesday as technologists grappled with revelations of yet another government attempt to exploit their systems.
“The argument that there is some terrorist using a Samsung TV somewhere – as a reason to not disclose that vulnerability to the company, when it puts thousands of Americans at risk — I fundamentally disagree with it, “ said Alex Rice, chief technology officer for Hacker One, a startup that enlists hackers to report security gaps to companies and organizations in exchange for cash.
Privacy experts say the CIA may have been forced into focusing on vulnerable devices because the Internet overall has become more secure through more widespread deployment of encryption. In this new world, devices have become the most vulnerable link.
“The idea that the CIA and NSA can hack into devices is kind of old news,” said Johns Hopkins cryptography expert Matthew Green. “Anyone who thought they couldn’t was living in a fantasy world.”
Snowden’s revelations and the backlash made strong encryption a major, well-funded cause for both privacy advocates and, perhaps more importantly, technology companies that had the engineering expertise and budgets to protect data as it flowed across the world.
Google, Microsoft, Facebook, Yahoo and many other companies announced major new initiatives, in part to protect their brands against accusations by some users that they had made it too easy for the NSA to collect information from their systems. Many Web sites, meanwhile, began encrypting their data flows to users to prevent snooping. Encryption tools such as Tor were strengthened.
Encrypting apps for private messaging, such as Signal, Telegram and WhatsApp exploded in popularity, especially among users around the world who were fearful of government intrusion. In the days following the U.S. presidential election, Signal was among the most downloaded in Apple’s app store and downloads grew by more than 300 percent.
Open Whispers Systems, which developed Signal, released a statement: “The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.” WhatsApp declined to comment, and Telegram did not respond to requests for comment. Google declined to comment, while Samsung and Apple did not immediately respond to requests for comment.
U.S. government authorities complained loudly that the new wave of encryption was undermining their ability to investigate serious crimes, such as terrorism and child pornography. The FBI sued Apple in hopes of forcing it to unlock an iPhone used by the San Bernadino killers before announcing it had other ways to crack the device amid heavy public criticism.
Against that backdrop, many privacy advocates argued that devices — often called “endpoints” for their place on chains of communications that can criss-cross continents — were the best available target left in a world with widespread online encryption. The Wikileaks documents suggests that the CIA may have reached the same conclusion.
“It would certainly be consistent with the hypothesis that we’ve made real progress in the encryption we’ve been introducing,” said Peter Eckersley, technology projects director for the Electronic Frontier Foundation, a San Francisco-based civil liberties group. “It’s impossible to be 100 percent certain, but reading the tea leaves, it’s plausible.”
The Wikileaks revelations also will serve as a reminder that, for whatever the political backlash to revelations about digital spying, it is not going away and probably will continue to grow. The focus on hacking into individual devices — rather than the messages traveling between them — is likely to increase pressure on companies to make those devices safer because, as experts have long said, they are the most vulnerable target in a long chain of digital interactions.
That could be especially important for U.S. tech companies, such as Google, Apple and Facebook, that have worked to rebuild their reputations as stewards of their users’ privacy in recent years.
Cybersecurity experts, meanwhile, reacted with alarm to the news of the Wikileaks release.
“This is explosive,” said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. The material highlights specific antivirus products that can be defeated, going further than a release of NSA hacking tools last year, he said.
The CIA hackers, according to WikiLeaks, even “discussed what the NSA’s …hackers did wrong and how the CIA’s malware makers could avoid similar exposure.”
Hackers who worked at NSA’s Tailored Access Operations unit said the CIA’s library of tools looked comparable. The description of the implants, which are software that enable a hacker to remotely control a compromised device, and other attack tools appear to be “very, very complex” and “at least on par with the NSA,” said one former TAO hacker who spoke on condition his name not be used.
The Switch newsletter
The day’s top stories on the world of tech.
The WikiLeaks release revealed that they have sophisticated “stealth” capabilities that enable hackers not only to infiltrate systems, but evade detection, as well as abilities to “escalate privileges” or move inside a system as if they owned it.
“The only thing that separates NSA from commodity malware in the first place is their ability to remain hidden,” the former TAO hacker said. “So when you talk about the stealth components, it’s huge that you’re seeing a tangible example here of them using and researching stealth.”
Computer security experts noted that the release includes no actual tools or exploits, “so we don’t know if WikiLeaks did not get them or is just not choosing to publish them,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley. “However we should assume that whoever stole this data has access to the exploits and tools.”
He noted that the dates in the files suggest the tools were taken in February or March 2016 and that there are at least two documents marked Top Secret, “which suggests that somebody in early 2016 managed to compromise a Top Secret CIA development system and is willing to say that they did.”
One internal CIA document listed a set of Apple iPhone “exploits” — or tools that can be used to compromise the device by taking advantage of software flaws. Some of the tools are based on “zero-days,” which are software vulnerabilities that have not been shared with the manufacturer. So “some of these descriptions will allow Apple to fix the vulnerabilities,” Weaver said. “But at the same time, they’re out in the public and whoever stole this data could use them against U.S. interests.”
SAN FRANCISCO — Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was being resisted by law enforcement or, in some instances, had been outright banned.
The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials. Uber used these methods to evade the authorities in cities such as Boston, Paris and Las Vegas, and in countries like Australia, China, Italy and South Korea.
Greyball was part of a broader program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The VTOS program, including the Greyball tool, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team.
Greyball and the broader VTOS program were described to The New York Times by four current and former Uber employees, who also provided documents. The four spoke on the condition of anonymity because the tools and their use are confidential and because of fear of retaliation by the company.
Uber’s use of Greyball was recorded on video in late 2014, when Erich England, a code enforcement inspector in Portland, Ore., tried to hail an Uber car downtown as part of a sting operation against the company.
At the time, Uber had just started its ride-hailing service in Portland without seeking permission from the city, which later declared the service illegal. To build a case against the company, officers like Mr. England posed as riders, opening the Uber app to hail a car and watching as the miniature vehicles on the screen made their way toward the potential fares.
But unknown to Mr. England and other authorities, some of the digital cars they saw in their Uber apps were never there at all. The Uber drivers they were able to hail also quickly canceled. That was because Uber had tagged Mr. England and his colleagues — essentially Greyballing them as city officials — based on data collected from its app and through other techniques. Uber then served up a fake version of its app that was populated with ghost cars, to evade capture.
At a time when Uber is already under scrutiny for its boundary-pushing workplace culture, the Greyball tool underscores the lengths to which the company will go to win in its business. Uber has long flouted laws and regulations to gain an edge against entrenched transportation providers, a modus operandi that has helped propel the company into more than 70 countries and to a valuation close to $70 billion.
Yet using its app to identify and sidestep authorities in places where regulators said the company was breaking the law goes further in skirting ethical lines — and potentially legal ones, too. Inside Uber, some of those who knew about the VTOS program and how the Greyball tool was being used were troubled by it.
In a statement, Uber said, “This program denies ride requests to users who are violating our terms of service — whether that’s people aiming to physically harm drivers, competitors looking to disrupt our operations, or opponents who collude with officials on secret ‘stings’ meant to entrap drivers.”
Dylan Rivera, a spokesman for the Portland Bureau of Transportation, said in a statement: “We’re very concerned to hear that this practice continued at least into 2015 and affected other cities.
“We take any effort to undermine our efforts to protect the public very seriously,” Mr. Rivera said.
Uber, which lets people hail rides from a smartphone app, operates multiple kinds of services, including a luxury Black Car one in which drivers are commercially licensed. But one Uber service that many regulators have had problems with is the company’s lower-cost service, known as UberX in the United States.
UberX essentially lets people who have passed a cursory background check and vehicle inspection to become an Uber driver quickly. In the past, many cities banned the service and declared it illegal.
That’s because the ability to summon a noncommercial driver — which is how UberX drivers who use their private vehicles are typically categorized — often had no regulations around it. When Uber barreled into new markets, it capitalized on the lack of rules to quickly enlist UberX drivers, who were not commercially licensed, and put them to work before local regulators could prohibit them from doing so.
After authorities caught up, the company and officials generally clashed — Uber has run into legal hurdles with UberX in cities including Austin, Tex., Philadelphia and Tampa, Fla., as well as internationally. Eventually, the two sides came to an agreement, and regulators developed a legal framework for the low-cost service.
That approach has been costly. Law enforcement officials in some cities have impounded or ticketed UberX drivers, with Uber generally picking up those costs on behalf of the drivers. Uber has estimated thousands of dollars in lost revenue for every vehicle impounded and ticket dispensed.
This is where the VTOS program and the use of the Greyball tool came in. When Uber moved into a new city, it appointed a general manager to lead the charge. The manager would try to spot enforcement officers using a set of technologies and techniques.
Get the latest technology news and buzz from around the web.
Receive occasional updates and special offers for The New York Times’s products and services.
One method involved drawing a digital perimeter, or “geofence,” around authorities’ offices on a digital map of the city that Uber monitored. The company watched which people frequently opened and closed the app — a process internally called “eyeballing” — around that location, which signified that the user might be associated with city agencies.
Other techniques included looking at the user’s credit card information and whether that card was tied directly to an institution like a police credit union.
Enforcement officials involved in large-scale sting operations to catch Uber drivers also sometimes bought dozens of cellphones to create different accounts. To circumvent that tactic, Uber employees went to that city’s local electronics stores to look up device numbers of the cheapest mobile phones on sale, which were often the ones bought by city officials, whose budgets were not sizable.
In all, there were at least a dozen or so signifiers in the VTOS program that Uber employees could use to assess whether users were new riders or very likely city officials.
If those clues were not enough to confirm a user’s identity, Uber employees would search social media profiles and other available information online. Once a user was identified as law enforcement, Uber Greyballed him or her, tagging the user with a small piece of code that read Greyball followed by a string of numbers.
When a tagged officer called a car, Uber could scramble a set of ghost cars inside a fake version of the app for that person, or show no cars available at all. If a driver accidentally picked up an officer, Uber occasionally called the driver with instructions to end the ride.
Uber employees said the practices and tools were partly born out of safety measures for drivers in certain countries. In France, Kenya and India, for instance, taxi companies and workers targeted and attacked new Uber drivers.
In those environments, Greyballing started as a way to scramble the locations of UberX drivers to prevent competitors from finding them. Uber said it remained the primary use of the tool today.
But as Uber moved into new markets, its engineers saw that those same techniques and tools could also be used for evading law enforcement. Once the Greyball tool was put in place and tested, Uber engineers created a playbook with a list of tactics and distributed it to general managers in more than a dozen countries across five continents.
At least 50 to 60 people inside Uber knew about Greyball, and some had qualms about whether it was ethical or legal. Greyball was approved by Uber’s legal team, headed by Salle Yoo, the general counsel. Ryan Graves, an early hire who became senior vice president of global operations and a board member, was also aware of the program.
Ms. Yoo and Mr. Graves did not respond to a request for comment.
Outside scholars said they were unsure of the program’s legality. Greyball could be considered a violation of the federal Computer Fraud and Abuse Act, or possibly intentional obstruction of justice, depending on local laws and jurisdictions, said Peter Henning, a law professor at Wayne State University, who also writes for The New York Times.
“With any type of systematic thwarting of the law, you’re flirting with disaster,” Mr. Henning said. “We all take our foot off the gas when we see the police car at the intersection up ahead, and there’s nothing wrong with that. But this goes far beyond avoiding a speed trap.”
To date, Greyballing has been effective. In Portland that day in late 2014, Mr. England, the enforcement officer, did not catch an Uber, according to local reports.
And two weeks after Uber began dispatching drivers in that city, the company reached an agreement with local officials for UberX to be legally available there.
U.S. Department of Homeland Security employees in the Washington area and Philadelphia were unable to access some agency computer networks on Tuesday, according to three sources familiar with the matter.
It was not immediately clear how widespread the issue was or how significantly it affected daily functions at DHS, a large government agency whose responsibilities include immigration services, border security and cyber defense.
Employees began experiencing problems logging into networks at 5 a.m. ET on Tuesday due to a problem related to domain controllers, or servers that process authentication requests, and personal identity verification (PIV) cards used by federal workers and contractors to access certain information systems, one source said.
At least four DHS buildings in the Washington area were affected, the source said, including locations used by U.S. Citizenship and Immigration Services, but some employees were able to access systems through a virtual private network.
The source characterized the issue as one stemming from relatively benign information technology missteps and a failure to ensure network redundancy. There was no evidence of foul play, the source said, adding that it appeared DHS’s domain controller credentials had expired on Monday when offices were closed for the federal Presidents Day holiday.
Another source said it was unclear if PIV cards were connected to network issues. DHS did not immediately respond to requests for comment.
President Donald Trump vowed to make cyber security a priority during his administration, following an election marred by hacks of Democratic Party emails that U.S. intelligence agencies concluded were carried out by Russia in order to help Trump, a Republican, win. At a White House event last month he said he would “hold my Cabinet secretaries and agency heads accountable, totally accountable, for the cyber security of their organizations.”
(THIS ARTICLE IS COURTESY OF THE SHANGHAI DAILY NEWS)
CHINA’S press and publications regulator has ordered social media platforms featuring video and audio programs to obtain licenses.
The State Administration of Press, Publications, Radio, Film and Television recently issued a document strengthening the regulation of video and audio programs on social media platforms, such as Weibo and WeChat, it said in a statement yesterday.
If organizations and individuals operating online streaming services on Weibo or WeChat without licenses, the social platforms would be held responsible.
Platforms must monitor content to ensure it meets the “various requirements for managing video and audio programs,” the regulator said, adding that the content cannot exceed the license conditions.
Online platforms are also prohibited from offering access to Weibo or WeChat accounts that defy regulations.
(THIS ARTICLE IS COURTESY OF BLOOMBERG NEWS AND THE ASSOCIATED PRESS)
Yahoo Says Hackers Stole Information From Over 1 Billion Accounts
THE ASSOCIATED PRESS
December 14, 2016, 5:12 PM EST
New York (AP) — Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013.
The Sunnyvale, California, company says it’s a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo.
Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
truthtroubles.wordpress.com/ Just an average man who tries to do his best at being the kind of person the Bible tells us we are all suppose to be. Not perfect, never have been, don't expect anyone else to be perfect either. Always try to be very easy going type of a person if allowed to be.
#ActuallyAutistic - An Aspie obsessed with writing. This site is intend to inspire through sharing stories & experiences. The opinions of the writers are their own. I am just an Autistic woman - NOT a medical professional.