87 Million Mexican Voter Records Discovered in Unprotected Online Database
Hacks and data breaches are a ubiquitous threat these days, but malicious actors don't always need to put in a lot of work to mine valuable personal data. Sometimes they can go right in the front door of an unprotected database. The latest example is a trove of Mexican voter registrations discovered by a security researcher a few weeks ago. And it wasn't a minor list. The database had personal information for 87 million Mexicans—out of a population of more than 120 million.
Security researcher Chris Vickery, of the software company MacKeeper, discovered the database on April 14. Vickery is the researcher who discovered the Hello Kitty Sanrio database leak in December. He followed that up about 10 days later with the discovery of an unprotected database that contained records for 191 million U.S. voters.
As with the latest Mexican leak, voter data generally doesn't contain citizen IDs (like social security numbers) or credit card numbers, but it does often have addresses, birthdays, voter ID numbers, and other personal information that could help bad actors construct phishing schemes or do other social hacking.
The Mexican database was taken down over the weekend, but Vickery had to work for a few days to notify the correct Mexican authorities. The Mexican National Electoral Institute released a statement on Friday noting that it has launched an internal investigation and notified the prosecutor for electoral crimes. Amazon Web Services, which was hosting the database, told BBC News that "As of 1:00 am on April 22, this database was no longer publicly accessible."
Vickery told Ars Technica UK, "The Mexican government says that when they give out these data sets, each set is 'watermarked.' ... That makes it possible to determine who was responsible for the set that got leaked. So, soon enough we'll at least know which non-governmental authority was responsible for the particular data that was leaked," he said.
Deploying intense cybersecurity measures is clearly necessary for sensitive personal data as hacks and breaches ramp up. These unprotected databases don't even put a password between valuable data and potential bad actors, though. As awareness about data security grows, even small protective steps are important.
The FBI Paid More Than $1.3 Million to Unlock the San Bernardino iPhone. Is That a Good Deal?
After spending months in court attempting to compel Apple to unlock the iPhone used by one of the San Bernardino shooters, the FBI eventually paid a third party to do it instead. The most important part of the saga is probably the ideological questions it raised about privacy and security ... but let’s be real, we’re all curious about how much the FBI spent to solve the problem.
At the Aspen Security Forum in London on Thursday, FBI director James Comey hinted at the amount, saying the bureau paid more to have the phone unlocked than he will make during the seven years and four months he has left in his 10-year term leading the bureau. Reuters estimates Comey’s remaining earning potential at the FBI is $1.34 million. Comey characterized the sum of money the bureau paid as “a lot,” but added, “It was, in my view, worth it.”
To put that in perspective, startup Zerodium offered a $1 million bounty to anyone who could hack iOS 9; that bounty was claimed back in November. Zooming out, Bank of America Merrill Lynch estimates that the cybersecurity defense market was $75 billion in 2015 and will grow to $170 billion by 2020. And banks like J.P. Morgan Chase, Citibank, and Wells Fargo are spending hundreds of millions of dollars per year on digital security.
The enacted 2016 FBI budget is about $8.8 billion. If the bureau spent roughly $1.3 million to hack the iPhone, that would account for about 0.01 percent of its annual spending.
Did the FBI get a good deal? CNN Money speculated in February that it would have only cost Apple $101,000 to crack the phone, but added that the company would have needed to spend millions of dollars to protect the tool it created.
Also, keep in mind that the Navy paid Microsoft $9 million last year to continue supporting Windows XP on its networks. We don’t know whether there was any worthwhile information on the San Bernardino iPhone, but the bar for justifying government tech spending seems to be pretty low.
EU Brings More Antitrust Charges Against Google for Pushing Its Mobile Services
A year ago, EU competition commissioner Margrethe Vestager announced antitrust charges against Google related to the ubiquity of the company’s web products like search. On Wednesday, Vestager announced similar charges related to Google’s Android mobile operating system, which dominates the international smartphone market.
Vestager presented a “statement of objections,” which outlines Android’s power to steer users toward Google services like search and the Chrome browser, allegedly making it difficult for competitor services to gain any type of traction. The commission estimates that 80 percent of internet-connected mobile devices in Europe run Android, because Google licenses the operating system to manufacturers. The licensing agreement requires pre-installation of Google Search and the Chrome browser, and includes financial incentives for doing so.
Vestager said in a statement on Wednesday, “Based on our investigation thus far, we believe that Google’s behaviour denies consumers a wider choice of mobile apps and services and stands in the way of innovation by other players, in breach of EU antitrust rules.”
Google will have 12 weeks to prepare an official response, and the New York Times reports that a decision about the seperate, but related antitrust charges from last year should also come out in the next few months. Google senior vice president and general counsel Kent Walker wrote in a statement on Wednesday, “We take these concerns seriously, but we also believe that our business model keeps manufacturers’ costs low and their flexibility high, while giving consumers unprecedented control of their mobile devices.”
The outcomes from these and other complaints brought by the EU competition commission may be influential in other markets, as tech giants continue to expand on mobile. For example, in the United States, the Federal Trade Commission conducted a significant antitrust probe of Google after other large companies complained that Google was skewing its search results to favor its own products and services. The FTC eventually settled with Google in 2013, but did have findings about the company’s anticompetitive behavior that have been slowly leaking.
Precedent from other countries could reopen or ignite controversies outside the EU. And decisions that aren’t in Google’s favor could threaten its business model for Android, which has made $31 billion in revenue for Google according to Oracle Corp. Google makes the vast majority of its money from ads—for example $19.1 billion out of $21.2 billion in the last quarter of 2015—so tighter controls on how the company presents its services or weights its search algorithm could cut into the company’s advertising reach, significantly affecting revenue.
“Mechanical Doping” Reaches Absurd New Low in Cycling World
Usually when we think of cheating in professional sports we think of performance-enhancing drugs. But there are other, more externalized approaches to cheating, too. Equipment tweaks in things like swimsuit material or ball inflation can potentially do just as much as doping to affect outcomes. But a new trend in professional cycling involves some hilariously blatant scamming: Riders are literally installing electric motors on their bikes.
On Sunday, journalists at Corriere della Sera and Stade 2 published evidence that seven cyclists were using hidden bike enhancements last month at two races in Italy. (Stade 2 is the French TV network that broadcasts the Tour de France.) The International Cycling Union has been using iPads lately to check bikes for electromagnetic irregularities, but the investigative team used thermal cameras to collect additional data.
Speculation about tiny, battery-powered motors started around 2010 with rumors that Swiss cyclist Fabian Cancellara was using one. He strongly denied the accusations and no conclusive proof ever surfaced. At the time, though, a spokesperson for the Cycling Union told the New York Times, “Maybe we are facing a general problem. You never know with technology.”
In January, these concerns finally bore out when the Cycling Union began investigating “technological fraud.” It discovered that 19-year-old Belgian competitor Femke Van den Driessche had a hidden electric motor on the bike she used in an off-road cyclo-cross competition. “We believe that it was indeed technological doping,” said Cycling Union president Brian Cookson.
The Corriere della Sera and Stade 2 journalists allege that five riders were using electric motors similar to Van den Driessche's, and two others had magnetic propulsion systems on their rear wheels. These electromagnetic wheels can add 20 to 60 watts of power on top of someone's pedaling. Hidden motors can add up to 200 watts, though probably closer to about 100 watts in practice. A February article about the technologies in Gazzetta dello Sport said, “You can do more miracles with electricity than chemistry.”
Electromagnetic wheel systems are somewhat mysterious and don't seem to be sold openly, but electric motors are a consumer product marketed for the average rider. Who wouldn't want an extra boost on the way to work or the grocery store? So-called "e-bikes" like the Raleigh Detour iE cost about $2,000 to $3,000 and proudly advertise their motors. But conversion kits like the Vivax-Assist and E-BikeKit can be in a similar price range or higher, especially if you're paying for special low-profile options like Vivax's "Invisible Performance Package." Vivax told Cyclist magazine in October that it hadn't been contacted by the International Cycling Union and that its customers were mainly people over 60 who were trying to keep up with riding buddies.
Though they're no better, you can at least see how an athlete could justify electromagnetic wheels as a sort of equipment upgrade. Concealed motors, though, are just flat-out ridiculous. You're basically doing a biking competition on a motorcycle. The International Cycling Union clearly needs to continue improving its bike-scanning tech. Meanwhile, athletes should stop cheating. Or at the very least have some dignity about keeping the techniques subtle.
Future Tense Newsletter: Evolved Consciousness and Its Discontents
Greetings, Future Tensers,
Conversations about artificial intelligence tend to fixate on the dangers such systems might present to human life. But what if we humans were the dangerous ones? That’s a possibility that ethicist Carissa Véliz raises in an article on the difficulty of recognizing A.I. sentience for this month’s Futurography course. “Because sentient beings can feel, they can be hurt, they have an interest in experiencing wellbeing, and therefore we owe them moral consideration,” Véliz writes. If we fail to take such considerations seriously, we risk “committing atrocities such as enslavement and murder” against the virtual minds we’re bringing into being.
Of course, even if we learn to act ethically toward our creations, we still need to calibrate their moral compasses. That problem may, however, take care of itself, Michael Chorost argues in Future Tense, if we simply give A.I. the opportunity to evolve under the proper conditions. Observing other species suggests that a capacity for mutual care grants evolutionary advantages. Accordingly, Chorost writes, “If moral intuitions confer fitness, and if organisms can pass on those intuitions to successors, then the species is on the road to having morality itself.” Maybe that’s when we’ll finally get A.I. that stops trying to force all the fun out of our busy schedules!
On the biomedical front, Dan Engber looked into the surprising difficulty of re-creating cancer research. Similar problems have struck various scientific fields, and the attempt to allay them may actually be making things worse by encouraging us to fixate on positive results. But as Monya Baker proposes, worrying over reproducibility may be making science better by reminding researchers to take more care as they set up their studies and analyze their results in the first place. If you’d like to know more, click over to Slate’s Facebook page on Thursday morning, where I’ll be talking about these issues with Rachel E. Gross in advance of Future Tense’s event on the topic (see below).
Here are some of the other stories we read this week while we were wondering about the design of the Apple car:
- Computer Science: Before we dump millions of dollars into cybersecurity courses, we need to figure out what we want such curricula to achieve, argues Josephine Wolff.
- E-Sports: Competitive video gamers exhibit a rich ingenuity that’s helping take us beyond recent conversations about video games as art.
- Neurotech: A brain implant allowed a paralyzed man to regain much of his lost mobility, but FDA regulations may mean that he can’t keep it for long.
- Internet law: Thanks to an absurdly broad statute, Matthew Keys was sentenced to two years in prison for contributing to a minor act of internet vandalism.
- Biomedicine’s current reproducibility crisis is challenging the very idea that scientific knowledge expands as research studies build upon one another. Reliable studies show you should join Future Tense on Thursday, April 21, in Washington, D.C., to explore the debates about this issue. For more information and to RSVP, visit the New America website, where the event will also be webcast.
- Join Future Tense from 6:30 till 8:30 p.m. on Tuesday, April 26, at Landmark’s E Street Cinema in Washington, D.C., to watch The Terminator with our experts Kevin Bankston, director of the Open Technology Institute at New America, and Sean Luke, director of the Autonomous Robotics Laboratory at George Mason University.
Shooting down a drone,
for Future Tense
The Supreme Court Won’t Stop Google From Scanning Every Book in Existence
On Monday, the U.S. Supreme Court declined to reconsider a 2015 circuit court decision on Google Books. In the process, the Supreme Court effectively affirmed the earlier finding, confirming that it was within the company’s rights to scan millions of volumes and produce a searchable database of their contents.
This news finally closes off a legal saga that began in 2005. Authors Guild, the case’s primary plaintiffs, has long contended that by scanning books, Google is effectively depriving authors of “potential income.” Though it allows “that Google Books is a good thing,” Authors Guild insists that it’s also “one for which authors should be compensated.”
In 2013, a district court found in Google’s favor, agreeing that the company’s actions did not infringe on authors’ copyrights. As Will Oremus wrote in Future Tense at the time, “Google has been careful to avoid making its scanned books available in full, instead offering ‘snippets’ online and linking to sites like Amazon and Barnes & Noble where people can buy the books if they want to read them in full.” It was, Oremus argued, a reasonable enough decision, though it was also one that only a company that was powerful enough to try “asking for forgiveness rather than permission” was in a position to force.
In appealing this decision, Authors Guild expressed a variety of concerns, going beyond the simple assertion that Google’s actions infringed on copyright. It insisted, for example, that Google’s scans aren’t actually transformative (an important fair use standard), even though the company only provides brief excerpts to searchers. It also worried Google’s databases might be vulnerable to hackers, potentially providing more complete access to the otherwise fragmentary works that it put on offer.
While the appeals court considered these and other possibilities, it ultimately upheld the earlier findings, asserting that the plaintiffs hadn’t produced enough evidence to substantiate their concerns. In its 2015 decision, the court wrote, “Google’s making of a digital copy to provide a search function is a transformative use, which augments public knowledge by making available information about Plaintiffs’ books without providing the public with a substantial substitute for matter protected by the Plaintiffs’ copyright interests in the original works or derivatives of them.” That is, Google was offering something other than the books themselves.
Google Books has its share of problems—not least of all that it may be a flawed research tool—but this is still good news for those who privilege open access to information. Last year, Mike Godwin celebrated the circuit court’s decision in Future Tense, writing that it was “a big deal not just for search engine giants, copyright lawyers, authors, and publishers, but also for ordinary people.” By implicitly affirming the earlier decision, the Supreme Court’s refusal to consider the case makes that “big deal” just a little larger.
The Legal Arms Race Threatening the Future of the Global Internet
Around the time that Galileo Galilei faced the Inquisition, the English established their first American settlement in Virginia, and the Taj Mahal was built by the Mughal Empire, the Peace of Westphalia ended warring between the fragmented states of the Holy Roman Empire by establishing the principle of territorial sovereignty. At this point in the 17th century, pendulum clocks were considered advanced technology.
The Westphalian model continues to serve as the basis for our modern international system, and its 17th-century principles of territoriality struggle to cope with the digital realities of the 21st century. Historically, interactions across borders were rare, expensive, and inconvenient; now they can be carried out by anyone with an internet connection—and conflicts of jurisdiction happen behind everyday actions online.
A legal arms race to apply national sovereignty online is currently taking place. If nothing is done, states around the world could progressively nationalize the internet, which would fundamentally alter the character of the Internet as we know it. The application of national jurisdiction in cyberspace is already a thread running through major news stories around the world regarding conflicts about data, content and domains. Government requests for user data are complicated when users, companies, and public authorities are in different countries; For instance, the United States wants access to Microsoft’s Irish servers, and WhatsApp was briefly blocked in Brazil when the Facebook-owned company refused to hand over information. Different speech laws across borders also create challenges, as when France wants Google to apply the right to be de-indexed globally. As connectivity and internet penetration increase, so will these conflicts between jurisdictions.
Join Future Tense for a Free Screening of The Terminator
Since The Terminator came out in 1984, Arnold Schwarzenegger has become a respected politician, and people have begun carrying computers in their pockets. But one thing is the same: We’re still thinking about the existential threat posted by rapidly evolving artificial intelligence.
Join Future Tense from 6:30 till 8:30 p.m. on Tuesday, April 26, at Landmark’s E Street Cinema in Washington, D.C., to watch The Terminator with our experts Kevin Bankston, director of the Open Technology Institute at New America, and Sean Luke, director of the Autonomous Robotics Laboratory at George Mason University.
This is part of the April installment of Futurography, a series in which Future Tense introduces readers to the technologies that will define tomorrow. This month, we’re discussing “killer artificial intelligence.”
If you would like to attend, please RSVP to email@example.com with your name, email address, and any affiliation you’d like to share. You may RSVP for yourself and up to one guest. Please include your guest’s name in your response. Seating is limited.
Read more from Futurography on artificial intelligence:
FAA Confirms It’s a Federal Crime to Shoot Down a Drone
The Federal Aviation Administration is a busy organization, one that oversees everything from air traffic control systems to pilot certifications. You’d think that would leave it with enough on its hands, but the current vogue for civilian drones keeps piling new new responsibilities onto the beleaguered administration. Last year, the FAA established a drone registry for pilots of unmanned aircraft. Now it’s unequivocally confirming that it’s a federal crime to shoot down a drone, as John Goglia reports in Forbes.
Goglia explains the FAA offered this ruling in response to his questions on the topic, citing 18 USC. 32, which “makes it a felony to damage or destroy an aircraft.” This is bad news if you were planning to invest in the DroneDefender, a goofy-looking gun that promised to disrupt intrusive drones by bombarding them “with radio waves that disrupt [their] remote control and GPS signals,” as Justin Peters wrote in Future Tense last year.
That said, the FAA’s stance will hardly comes as a revelation to those who’ve been paying attention. Way back in 2014, a New Jersey man was arrested for shooting down a drone. And though he was called to task for unlawful weapons charges rather than a violation of aviation law, the message was clear: However irritating drones may be, it’s probably best not to take vengeance into your own hands.
Goglia, for his own part, asks why the FAA hasn’t yet acted on 18 USC 32, especially given the increasing frequency of human-on-drone violence. “It’s time the United States put an end to these dangerous acts and criminally prosecuted those who shoot at unmanned aircraft,” Goglia writes. He has a point: Back in October, a judge exonerated a Kentucky man who had fired at a drone that intruded onto his property.
Here, at Slate we’re not so much frustrated with the FAA as we are irritated that it isn’t cooler. Over in the Netherlands, the police are training eagles to attack drones. If you’re really committed to policing the skies, that’s how you do it.
If the Apple Car Looks Anything Like This, Apple Is in Trouble
Motor Trend magazine managed to capture the automotive world’s attention on Wednesday with a cover story that it billed as an “exclusive” look at the much-hyped but closely guarded Apple car.
After a long, circuitous lead-in, the story turned out to be an elaborate work of speculative journalism, centered on an even more elaborate work of speculative design. The magazine enlisted a team of design professors and students from the ArtCenter College of Design in Pasadena, California, to dream up their own vision for the Apple Car, based on—well, their own imaginations, mostly.
Aside from a handful of leaked rumors and anecdotes, no one outside Cupertino seems to know very much about what the actual Apple Car will entail, thanks to the intense secrecy surrounding the company’s “Project Titan.” We know it will be electric (probably), semi-autonomous (possibly), and won’t launch until at least 2020—assuming it ever does. (The project’s leader, Steve Zadesky, stepped down in January.)
After reading Motor Trend’s “exclusive,” we know just as little as before. The story reveals essentially no new facts about the project. But at least now we have a picture to argue over—a picture, that is, of what the Apple Car might look like if it were designed by some people at a design college in Pasadena, rather than by Apple.
Not exactly inspiring, is it? Like an Apple Watch on wheels, it aims for elegant simplicity but winds up closer to cartoonish. But not cute-cartoonish, like the Googlemobile with its little koala face. It’s just sort of basic.
Let’s stipulate that designing a car is hard. Designing an attractive car is even harder, especially when you’re trying at the same time to make it look like no other car designed before. The task grows only taller if your goal is to rethink vehicle design from the wheels up in anticipation of a future in which cars drive themselves, as Motor Trend’s team attempted to do. As one auto blogger observed, the magazine might have done better to heed the advice of one of its own columns, which ran in a package alongside the cover story.
Motor Trend really should have followed its own (well, Sergio Marchionne's) advice. Leave auto design to the pros. pic.twitter.com/sjhQaikQan— E.W. Niedermeyer (@Tweetermeyer) April 14, 2016
Others took issue with Motor Trend’s attempt to frame its design team’s musings as an “Apple car exclusive,” and a series of tweets that misled people into believing it had obtained actual leaked renderings of the vehicle. Jalopnik called the piece extraordinarily dumb and dishonest.
Someone explain to me how @MotorTrend's "Exclusive" is in any way more exclusive than the weekly horoscopes.— MattHardigree (@MattHardigree) April 14, 2016
The whole thing does carry the whiff of a stunt designed to gin up page-views and publicity. And it comes at a time when the auto industry is growing justifiably wary of projects that seem like vaporware. Just this week the electric car startup Faraday Future held a “groundbreaking” in which it didn’t actually break any ground, because the land hasn’t even been graded yet.
But let’s give Motor Trend a break here. Its job isn’t to build cars, or even design them. It is to report on them, yes—something it didn’t do much of, in this case. But it’s also to analyze and criticize and wax philosophical and even speculate about them.
Easy as it is to ridicule the work of Motor Trend’s ad hoc design squad, a more instructive takeaway from its thought experiment would be that Apple faces a very tall order in designing an automobile as iconic as the iMac or the iPhone. Surely Cupertino’s finest can do better than Motor Trend did. But how much better? For an Apple car to even come close to fulfilling the grand expectations it will surely face, the answer is going to have to be: an awful lot.
Previously in Slate: