Meet the Drone Facebook Wants to Use to Bring the Internet to Poor and Rural Areas
In its ongoing quest to conquer—err, make the world a better place, Facebook is building an air force.
The company on Thursday released a video of Aquila, an ultralight solar-powered drone designed to beam Wi-Fi to poor and rural regions via lasers. Made of carbon fiber, Aquila has the wingspan of a 737 but weighs less than a Prius. It flies at upwards of 60,000 feet, high above commercial flights, and Facebook claims it will stay aloft for three months at a time. The company is developing the drones under the auspices of its Internet.org project.
As Facebook explains it, a station on the ground transmits radio Internet to one drone, which then beams it to a network of other drones via a new laser technology that Facebook’s engineers invented. The laser system can transmit data at tens of gigabits for second, Facebook says. Those other aircraft then beam the signal to villages on the ground below them.
Facebook says it has completed the prototype and will begin testing Aquila soon. “If we can get the aircraft to fly reliably, then we’re well on the road to being able to deliver the Internet to a lot of people,” said Andy Cox, engineering lead for Facebook’s aviation team. (Cox was the CEO and chief engineer of Ascenta, the U.K.-based solar-powered drone startup that Facebook acquired last year.)
Here’s the video. It’s quite something:
Should Facebook’s drones take off, they’ll share the skies with Google’s Wi-Fi balloons, which are also racing to provide Internet to some of the estimated 2.5 billion people around the world who lack access. Meanwhile, SpaceX and Virgin Galactic-backed OneWorld are working on plans to beam Internet from satellites arrayed in low-Earth orbit, much higher than the balloons or drones but lower than the satellites that provide cellular data today.
Facebook’s stated aims for Internet.org are altruistic: delivering certain basic Internet services for free, without ads, to people who can’t afford a high-speed connection. But critics charge that the concept violates the principle of net neutrality and would amount to a second-class Internet for the poor. Facebook CEO Mark Zuckerberg has responded to the complaints, arguing, “It’s not sustainable to offer the whole Internet for free.”
France Wants EU's Right to Be Forgotten to Apply in Global Search Results
The European Union's "right to be forgotten" has been around for more than a year now. As of December there's even a framework for standardizing how search engine companies should evaluate and carry out right-to-be-forgotten requests. But some regulators want to take the controversial idea a step further.
In a blog post on Thursday, Google's global privacy counsel Peter Fleischer laid out the company's response to an order from the CNIL, France’s data protection agency. In June, the CNIL ordered that under right to be forgotten, Google should remove links in search results worldwide.
The agency said in a statement, "The CNIL considers that in order to be effective, delisting must be carried out on all extensions of the search engine and that the service provided by Google search constitutes a single processing." The idea is that results shouldn't just be removed from www.google.fr and other European Google versions, it should be removed on all of them everywhere.
Google strongly disagrees. Fleischer wrote:
While the right to be forgotten may now be the law in Europe, it is not the law globally. Moreover, there are innumerable examples around the world where content that is declared illegal under the laws of one country, would be deemed legal in others ... If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world’s least free place.
Taking France as an example, to respond to CNIL, Fleischer also pointed out that 97 percent of French Google users access the company's services through www.google.fr, so it's not like French users are frequently encountering links that they shouldn't see under right to be forgotten.
The CNIL said that Google had 15 days to begin removing links from its global search engine system before the agency began drafting a report to recommend sanctions. Google said Thursday, "we respectfully disagree with the CNIL’s assertion of global authority on this issue and we have asked the CNIL to withdraw its Formal Notice."
If the CNIL attempts to move forward with this global version of right to be forgotten, its impact will stretch far beyond Google. Hopefully it won't get that far.
Court Rules Police Need a Warrant to Access Location Data From Your Cellphone
Take a moment and try to remember where you were 24 hours ago. Maybe you’re a creature of habit and it’s easy to guess. Or maybe, like me, you can’t quite recall whether you were at work, at home, or somewhere in between. Either way, if you had your cellphone with you, it would be astonishingly easy for someone with the right access to pin your location down. Thanks to a recent court decision, however, that information just got a lot harder to examine for many in the United States.
In an order released Thursday by the U.S. District Court for the Northern District of California, Judge Lucy Koh found that Fourth Amendment protections extend to location data generated by cellphones. Ruling against the federal government, Koh affirmed that law enforcement agencies must seek a warrant before acquiring historical location data produced by a cellphone.
As Koh explains, modern phones constantly ping cellular towers, even when they’re not actively in use. Thanks to these regular connections, they generate a steady stream of data about their physical location—sometimes even when the user turns off location services, a fact that the ACLU stressed in an amicus brief. Koh notes that many users may be unaware of how much information they’re giving up as they move through the world. This data, which is known as cell site location information (or CSLI) can be important to legal investigations.
In the past, courts have largely avoided the issue of whether CSLI should be readily available. Koh writes, “Neither the U.S. Supreme Court nor the Ninth Circuit has squarely addressed whether cell phone users possess a reasonable expectation of privacy in the CSLI, historical or otherwise, associated with their cell phones.”
Previous relevant cases were mostly built around more basic technologies. In 1983, for example, the Supreme Court held that an individual’s movements along public thoroughfares could be tracked via his or her beeper. A year later, the court clarified and restricted this decision, stressing that it did not apply when a user was within his or her private home.
Koh’s decision ultimately turns around the increasingly central role that cellphones play in almost all of our lives. “For many,” she writes, “cell phones are not a luxury good; they are an essential part of living in modern society.” That’s in keeping with recent case law, which increasingly holds that we shouldn’t have to choose between participating in the contemporary moment and maintaining our privacy. For instance, in 2014 the Supreme Court ruled, in Riley v. California, that law enforcement needs a warrant to search a person’s cellphone as part of an arrest.
Of course, not everyone agrees. Earlier this week, a Cincinnati appeals court found that you have no reasonable expectation of privacy if you accidentally butt dial someone. As Slate’s Lily Hay Newman explained, the judge in that case held that being overheard during a butt dial is a bit like having an argument near an open window.
That may be, but as cellular technologies grow more and more sophisticated, they offer an increasingly complex picture of our lives, furnishing what Justice Sonia Sotomayor calls “a wealth of detail about [a person’s] familial, political, professional, religious, and sexual associations.” (Koh cited that line in her ruling.) Because it can paint a picture of “the sum of one’s public movements,” CSLI makes it difficult to clearly distinguish between public and private experience. As these ambiguities multiply, powerful, clear decisions like Koh’s will become all the more important.
Hackers Could Heist Semis by Exploiting This Satellite Flaw
Remember the opening scene of the first Fast and Furious film when bandits hijacked a truck to steal its cargo? Or consider the recent real-life theft of $4 million in gold from a truck transiting from Miami to Massachusetts. Heists like these could become easier to pull off thanks to security flaws in systems used for tracking valuable shipments and assets.
Vulnerabilities in asset-tracking systems made by Globalstar and its subsidiaries would allow a hijacker to track valuable and sensitive cargo—such as electronics, gas and volatile chemicals, military supplies, or possibly even nuclear materials—disable the location-tracking device used to monitor it, then spoof the coordinates to make it appear as if a hijacked shipment was still traveling its intended route. Or a hacker who just wanted to cause chaos and confusion could feed false coordinates to companies and militaries monitoring their assets and shipments to make them think they’d been hijacked, according to Colby Moore, a researcher with the security firm Synack, who plans to discuss the vulnerabilities next week at the Blackhat and Def Con security conferences in Las Vegas.
The same vulnerable technology isn’t used just for tracking cargo and assets, however. It’s also used in people-tracking systems for search-and-rescue missions and in SCADA environments to monitor high-tech engineering projects like pipelines and oil rigs to determine, for example, if valves are open or closed in areas where phone, cellular, and Internet service don’t exist. Hackers could exploit the same vulnerabilities to interfere with these systems as well, Moore says.
The tracking systems consist of devices about the size of a hand that are attached to a shipping container, vehicle or equipment and communicate with Globalstar’s low Earth-orbiting satellites by sending them latitude and longitude coordinates or, in the case of SCADA systems, information about their operation. A 2003 article about the technology, for example, indicated that the asset trackers could be configured to monitor and trigger an alert when certain events occurred such as the temperature rising above a safe level in a container or the lock on a container being opened. The satellites relay this information to ground stations, which in turn transmit the data via the Internet or phone networks to the customer’s computers.
According to Moore, the Simplex data network that Globalstar uses for its satellites doesn’t encrypt communication between the tracking devices, orbiting satellites, and ground stations, nor does it require the communication be authenticated so that only legitimate data gets sent. As a result, someone can intercept the communication, spoof it or jam it.
“The integrity of the whole system is relying on a hacker not being able to clone or tamper with a device,” says Moore. “The way Globalstar engineered the platform leaves security up to the end integrator, and so far, no one has implemented security.”
Simplex data transmissions are also one-way from device to satellite to ground station, which means there is no way to ping back to a device to verify that the data transmitted was accurate if the device has only satellite capability. (Some of the more expensive Globalstar tracking devices combine satellite and cell network communication for communicating in areas where network coverage is available.)
Moore says he notified Globalstar about the vulnerabilities about six months ago, but the company was noncommittal about fixing them. The problems, in fact, cannot be implemented with simple software patches. Instead, to add encryption and authentication, the protocol for the communication would have to be re-architected.
Globalstar did not respond to a request from Wired for comment.
Top Companies Rely on Globalstar Satellites
Globalstar has more than four dozen satellites in space, and it’s considered one of the largest providers of satellite voice and data communications in the world. Additionally, its satellite asset-tracking systems—such as the SmartOne, SmartOne B, and SmartOne C—provide service to a wide swath of industry, including oil and gas, mining, forestry, commercial fishing, utilities, and the military. Asset-tracking systems made by Globalstar and its subsidiaries Geforce and Axon can be used to track fleets of armored cars, cargo-shipping containers, maritime vessels, and military equipment or simply expensive construction equipment. Geforce’s customers include such bigwigs as BP, Halliburton, GE Oil and Gas, Chevron, and Conoco Phillips. Geforce markets its trackers for use with things like acid and fuel tanks, railway cars, and so-called frac tanks used in fracking operations.
The company noted in a press release this year that since the launch of its initial SmartOne asset-tracking system in 2012, more than 150,000 units were being used in multiple industries, including aviation, alternative energy, and the military.
In addition to asset-tracking, Globalstar produces a personal tracking system known as the SPOT Satellite Messenger for hikers, sailors, pilots and others who travel in remote areas where cell coverage might not be available so that emergency service personnel can find them if they become lost or separated from their vehicle.
Moore tested three Globalstar devices that he bought for tracking assets and people, but he says all systems that communicate with the Globalstar satellites use the same Simplex protocol and would therefore be vulnerable to interference. He also thinks the problem may not be unique to Globalstar trackers. “I would expect to see similar vulnerabilities in other systems if we were to look at them further,” he says.
The Simplex network uses a secret code to encode all data sent through it, but Moore was able to easily reverse-engineer it to determine how messages get encoded in order to craft his own. “The secret codes are not generated on the fly and are not unique. Instead, the same code is used for all the devices,” he says.
Moore spent about $1,000 in hardware to build a transceiver to intercept data from the tracking devices he purchased and an additional $300 in software and hardware for analyzing the data and mimicking a tracking device. Although he built his own transceiver, thieves would really only need a proper antenna and a universal software radio peripheral. With these, they could intercept satellite signals to identify a shipment of valuable cargo, track its movement and transmit spoofed data. While seizing the goods, they could disable the vehicle’s tracking device physically or jam the signals while sending spoofed location data from a laptop to make it appear that the vehicle or shipment was traveling in one location when it’s actually in another.
Each device has a unique ID that’s printed on its outer casing. The devices also transmit their unique IDs when communicating with satellites, so an attacker targeting a specific shipment could intercept and spoof the communication.
In most cases, attackers would want to know in advance, before hijacking a truck or shipment, what’s being transported. But an attacker could also just set up a receiver in an area where valuable shipments are expected to pass and track the assets as they move.
“I put this on a tower on a large building and all the locations of devices [in the area] are being monitored,” Moore says. “Can I find a diamond shipment or a nuclear shipment that it can track?”
It’s unclear how the military is using Globalstar’s asset-tracking devices, but conceivably if they’re being used in war zones, the vulnerabilities Moore uncovered could be used by adversaries to track supplies and convoys and aim missiles at them.
Often the unique IDs on devices are sequential, so if a commercial or military customer owns numerous devices for tracking assets, an attacker would be able to determine other device IDs, and assets, that belong to the same company or military based on similar ID numbers.
Moore says security problems like this are endemic when technologies that were designed years ago, when security protocols were lax, haven’t been re-architected to account for today’s threats.
“We rely on these systems that were architected long ago with no security in mind, and these bugs persist for years and years,” he says. “We need to be very mindful in designing satellite systems and critical infrastructure, otherwise we’re going to be stuck with these broken systems for years to come.”
The Art of Artificially Throwing Shade
As today’s artificial intelligence grows more and more capable of natural language interaction with humans, they will need to master a peculiar yet highly important design need: ready-made snarky responses for when their human owners troll them with science fiction movie A.I. references. As you can see in a video I recorded of myself playing with the Amazon Echo and its Alexa-intelligent assistant, Alexa got sassy when I repeated a famous line from 2001: A Space Odyssey.
In the movie, the astronaut Dave Bowman asks the homicidal supercomputer HAL to let him back inside the spacecraft, and HAL responds with a curt “I’m sorry Dave, I’m afraid I can’t do that.” When you say “HAL, open the pod bay doors,” Alexa responds by not only mimicking the first part of HAL’s response—she also reminds you that she is not HAL and we’re not in space.
Granted, Alexa’s shade-throwing is really that of the team of programmers that built her. But that’s also the point. There are many ways of building human connection to machines, and Alexa reflects many of them. For example, by assuming a human female’s name and taking on a vaguely female voice, Alexa encourages you to regard it using terminology such as “her” or “she.” And whenever I call an “it” a “she”, I linguistically imbue a cloud-based computer program speaking through a faceless black cylinder with a socially constructed marker of human identity: gender.
But, as my video demonstrates, another component of feeling connected to a machine could also be the machine faking a form of self-awareness. Alexa “knows” that she is an A.I. enough to understand what it means when I tease her by asking her to open the pod bay doors. And Alexa responds by effectively rolling her eyes at me. The fact that Alexa seems unhappy and even passive-aggressive when you troll her with HAL jokes makes it easier for us to assume that “she” has belief, desires, and intentions.
Small touches like this will help people adapt to a world in which they will live and work alongside machines like Alexa—as well as tease them in the hope of getting a “What, this joke again?” reaction.
A Look at the Awesome but Ridiculously Old Technology That Runs the NYC Subway System
Vintage technology is fun and fascinating. It feels new all over again to see how old devices made modern concepts possible. But buying LPs again is different than finding out that missile silos in the United States still rely on floppy disks. And this video of the old tech still in use in the New York City subway system feels more like the latter. It’s delightful, sure, but also deeply baffling.
The main point of the 9-minute video, released by New York City’s Metropolitan Transportation Authority, is to talk about how the subway system is modernizing. The agency has been working for years to implement “communications-based train control” on every line. It’s a system that tracks each train’s position, automates speed control, and calculates safe distances between trains. Compared with the current manual system of “fixed block signaling,” CBTC allows for more trains per hour, better precision, and less infrastructure maintenance. But first the MTA has to finish implementing it. (The automated system is only in use on one out of the system’s 34 lines so far, with another transition almost complete.)
The most captivating part of the video, though, is the opening section showing the devices that control trains in and around the West 4th Street stop in Manhattan. “What our riders don’t realize ... is that in our system it’s not just the architecture that’s 100 years old,” the narrator says. “It’s a lot of the basic technology as well. The infrastructure is old.” And the MTA is not joking around. The video shows 1930s devices, dispatchers filling out handwritten call sheets, and levers for manually operating signals and moving track switches.
In the relay room, MTA vice president and chief officer of service delivery Wynton Habersham talks about how difficult it is to maintain the aging technology.
This equipment is not supported at all by the railroad industry. We are fully self-sufficient and self-sustaining. We have a signal shop that can replace the parts, they rebuild these relays. And then when any modernization is going on we scavenge to retain the parts so we can provide replacement for those that remain in service.
Holy. Crap. This is a 24/7 subway system we’re talking about. Habersham goes on to say that the cables connecting many of the electromechanical relays throughout the system—meaning in control rooms but also on the tracks—are the original cloth-covered cables. And then Habersham talks about what would happen if there were a fire. (Bad things. Bad things would happen.) Vintage tech, so much nostalgia!
The video is fascinating, but Rebecca Fishbein put it best on Gothamist: “This shit is OLD, like grizzled dude who won’t stop stabbing at the back of your plane seat because he can’t figure out the TV touchscreen old. It’s a miracle the F train even runs at all.”
Tech Companies, Carriers Should Be Required to Issue Updates to Fix Security Flaws
No, it's not your imagination: You're hearing a spate of news about security flaws in the products you use every day. Two big annual hacker conferences are coming up in Las Vegas, and many of the people giving talks there are telling the world now what they've uncovered.
As usual, the news is grim, if not just a little terrifying—and it's especially bad this year if you own a mobile phone using the Google's Android operating system. The “Stagefright” vulnerability, revealed this week, suggests that a hacker could remotely take control of another person's phone simply by sending a specially crafted multimedia message, such as a text with a video attached. In other cases the user would have to open the message. (The company that found the flaw, Zimperium, has posted instructions on how to prevent this with some newer phones.)
Naturally, the people who sell Android phones are racing to install software patches that will fix this potentially catastrophic flaw, right? Wrong. There's a chance—a near-certainty in many cases—that you'll never get a fix for your phone. Because the companies that sell you phones and service care much more about their bottom lines than your security. The situation has gotten so bad that it’s time to turn to government intervention, much as it pains me to say.
We need a law, with teeth. Sellers of phones and many other connected consumer devices should be required to provide timely security updates for a minimum of three years after a device goes on the market. Regulation should be done with the lightest possible touch, and it should steer clear of interfering with the technology itself. Enforcing such a law would not be simple, to put it mildly. But the current situation has to change.
The Android ecosystem is a freewheeling mess. This is good in many situations, because it spurs innovation and competition. Google, which created the operating system, made it mostly open source—free to download and modify—and gives it away to hardware manufacturers. They modify it before installing it on their phones, most of which are sold by telecommunications carriers such as Verizon, AT&T, Sprint, and T-Mobile. So when Google issues updates to Android, which it does on a regular basis, owners have to wait for the manufacturer and the carrier to a) test the update with their own modified versions of Android, and b) send over-the-air updates to users. If they ever do.
Apple's iOS devices, of course, are part of a tightly controlled ecosystem, and while Apple is far from perfect on security, it does update iPhones. But we shouldn't be required to turn over our computing and communications to control-freak companies in order to get necessary security updates.
Now, if you have a Google-branded phone such as a recent Nexus, you're safer than most, because Google sells them directly and updates them. (I use a phone running an Android variant called Cyanogenmod, which is community-based and gets timely updates.)
If you're running an older Android phone, however, I have bad news: There's almost no chance that your device maker and/or carrier will send you an operating system update that repairs the Stagefright vulnerability. This isn't because they couldn't. The reality is that once they sold you the phone, anything they have to do to improve it is added cost; they would much rather have you want buy a new one as soon as possible.
When businesses refuse to do what's necessary to provide customers even minimal safety, government has to step in. This is why regulators sometimes insist that car manufacturers recall their vehicles when flaws emerge.
The tech industry has been given a pass on all of this, in part because software is always a work in progress and is always going to have flaws. But once a flaw is identified, with code ready for updates, the updates should be made available, period.
It's not just phones where we need this. The home-router industry—companies making the devices that broadcast Wi-Fi signals throughout our homes—is notorious for its lax security practices and diffidence when it comes to fixing known flaws. Meanwhile, the Chrysler hack revealed last week should tell us that Internet-connected cars are, at this stage, an absolutely terrible idea; at least Chrysler is doing a (flawed) recall.
So far, the government has shown absolutely no interest in this issue. An ACLU security expert, Chris Soghoian, filed a complaint with the Federal Trade Commission more than two years ago, asking the consumer-protection agency to require Android updates. He got nowhere.
It's time for the FTC and others in Washington—hello, Congress—to pay attention. The technology and communications industries have made a deliberate decision to be neglectful with their customers' security. It's doesn't mean government should be derelict, too.
Google’s Translate App Is Now Indispensable for International Travelers
Google Translate may be the coolest app that you probably don’t have on your phone. Available for both iOS and Android, Translate doesn’t just shuffle words and phrases from one language to another—it can also literally rewrite the world around you. As TechCrunch reports, it also got a lot more useful Wednesday, adding 20 more languages to its repertoire. It now supports 27 tongues.
Instant translate is simple but surprisingly powerful, bringing augmented reality to the screens of consumer electronics. Hold up your phone’s camera to text in a foreign language, and the app will translate the words you put before it, erasing the old and inscribing the new in their place. As TechCrunch’s Drew Olanoff explains, Google built this feature around Word Lens, a program that it acquired when it purchased Quest Visual last year.
In its present form, instant translate works astonishingly well, but it does some things better than others. When I showed it a volume of Portuguese poetry, it was able to offer serviceable—if singularly unpoetic—takes on some lines. “The Martian found me on the street,” a Carlos Dumond de Andrade poem, aptly titled “Science Fiction,” promisingly begins, only to continue, “And had fear of my impossibility human.” Not bad, but I’ll stick with Richard Zenith’s more elegant rendering: “A Martian ran into me on the street / and recoiled at my human impossibility.” While it was impressive to watch the words take shape on my phone’s screen, this clearly isn’t the sort of task that the program was designed to accomplish—and it shouldn’t be faulted for its failure.
Google Translate performed much better in my neighborhood coffee shop, successfully translating signs into Spanish, Filipino, and a variety of other languages, but it struggled to make sense of the specials scribbled on the chalkboard. While the handwritten missives of my baristas left it flummoxed, it can still recognize a surprisingly wide range of letters and fonts. Like Google’s image recognition software—which has gotten the company into a bit of trouble in the recent past—Translate uses convolutional neural networks to determine what is and isn’t a letter and then to guess how those letters fit together into words.
Perhaps most impressively, all of this works even when a phone isn’t connected to the Internet or a cellular network. By limiting how much variation the network searches for, Google was able to fit Translate’s letter and word recognition capabilities into a surprisingly tiny package. When you first attempt to translate to or from a new language, you’ll be prompted to download a small data packet. Once you have that information stored on your device, it no longer needs to exchange information with Google’s data centers. This should make it a remarkable tool for those traveling abroad with limited Internet access.
Google Translate product manager Julie Cattiau told TechCrunch that the program isn’t going to replace traditional language learning any time soon. It’s also no poet—as its brute force renderings of the lines I showed it plainly demonstrate. It is, however, very, very cool.
The Most Important Feature of Windows 10 May Seem Boring. It’s Actually Revolutionary.
In the opening of a (truly hilarious) Microsoft promo video for Windows 95, the narrator says, “I just want a new operating system!” That’s exactly what we’ve been taught to look forward to every few years, and Wednesday’s release of Windows 10 feels like a satisfying step in the progression. But this time things are different, because this is “the last version of Windows.”
As the Verge reported in May, Microsoft developers started talking about a fundamental shift in Windows at the company’s Ignite conference. Instead of the periodic large releases of big-name operating systems, Microsoft wanted to make Windows 10 a streamlined, device-agnostic platform that could be reinvented whenever and however the company wanted on any given day. CEO Satya Nadella told BBC News on Wednesday that, "It’s not just another release of Windows, it’s the beginning of a new era."
In the new Windows world everything is seamless and infinite. In a statement about Windows 10 on Tuesday, Microsoft said, “Windows 10 is delivered as a service and kept automatically up-to-date with innovations and security updates.” It’s a mental shift from thinking of operating systems as individual releases to thinking of them as boundless platforms. Erick Schonfeld explained the concept well on TechCrunch in 2011: “The approach is more like updating a website than a piece of client software. The version numbers don’t really matter. What version of Amazon are you on? Exactly.”
But in 2011, Schonfeld obviously wasn’t talking about Windows 10 (Windows 8 was just debuting). He was talking about a service we all know that’s been doing incremental updates for years: Google Chrome. In 2010, Chrome changed from pushing updates every few months to releasing them every six weeks. The idea was that fixes and features should go live whenever they were ready. If something missed its deadline it would just come out six weeks later instead of holding everything up. When updates are that frequent, it doesn’t really matter what “version” you’re on.
Chrome program manager Anthony Laforge wrote in 2010:
Predictable fixed duration development periods allow us to determine how much work we can do in a fixed amount of time, and makes schedule communication simple. We basically wanted to operate more like trains leaving Grand Central Station (regularly scheduled and always on time), and less like taxis leaving the Bronx (ad hoc and unpredictable).
Incremental updates serve Windows 10’s goal of being a universal operating system and offering “one experience” across PCs, tablets, phones, Raspberry Pi, Xbox One, and HoloLens (plus the 2,000 devices Microsoft says it’s testing for compatability). Managing updates on so many different devices is currently pretty painful, and Windows 10 aims to fix that. If nothing else, streamlining the update process makes devices more secure, because they automatically get their patches and bug fixes instead of relying on users to initiate a download.
The pressing question, then, will be whether Microsoft can deliver significant innovations and redesigns without affecting Windows’ daily performance. Windows 10 is culling usage statistics to suggest times for automatic restarts (so updates can take effect), and presumably many updates will happen behind the scenes without requiring a restart at all. But Microsoft will need a way to generate excitement about new features as they come out, work carefully to avoid pushing out flawed updates, and generally keep users informed. You wouldn’t want your operating system to morph into something you never asked for, right?
Netizen Report: Emails Suggest Lebanon Used Angry Birds to Infect Devices With Malware
The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. It originally appears each week on Global Voices Advocacy. Juan Arellano, Ellery Roberts Biddle, Hae-in Lim, Katitza Rodriguez, and Sarah Myers West contributed to this report.
Emails leaked after Hacking Team’s systems were hacked in early July—and now searchable on WikiLeaks—indicate that Lebanon’s Interior Security Forces, General Security office, and Cybercrime Bureau all pursued contracts with the Milan-based surveillance-software maker. Emails suggest that Security Forces personnel were able to successfully infect target devices with the help of Hacking Team staff and that they created a technical “backdoor” in the devices (a virtual channel through which authorities can monitor a user’s activities) by exploiting a security flaw in Angry Birds.
These revelations confirm what various bloggers and political activists had suspected after they were summoned for questioning by the Cybercrime Bureau. Beirut-based technology journalist Habib Battah described the bureau’s approach in June:
In some cases, bloggers have claimed that police agents tricked them into giving up information by sending malware to their computers, a practice [Major Suzan Hajj Hobeiche, head of the Cybercrime Bureau] seemed to endorse by claiming “ethical hacking” used by law enforcement is sometimes needed to protect the greater good. Yet, increasingly that greater good seems to be defined by the interests of the wealthy and well-connected. …
Peru and Pakistan erode citizen privacy with new surveillance tactics
A recent executive decree from Peru’s government compels all telecommunications companies and Internet service providers to store traffic data for three years. Assuming that the decree holds, telcos will be forced to provide police with individual user data from these logs upon their request. Issued one day before Peru’s independence day, the decree explicitly states that the police should have access to geolocation data without a warrant or court order and that this data is not protected under the Peruvian Constitution. Peruvian lawyer Miguel Morachimo told the Electronic Frontier Foundation: “Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic.”
The decree has significant potential for abuse of its new powers. It ignores the fact that most cellphones today constantly transmit detailed location data about every individual to their carriers and that all this location data is housed in one place—with the telecommunications service provider. This will leave Peruvian police with access to more precise, more comprehensive, and more pervasive data than would ever have been possible under previous policies.
Pakistan too is planning to expand its surveillance capabilities, which could include monitoring broadband Internet traffic, phone records, and cellular data transmissions, according to a report by Privacy International. The Verge notes that because Pakistan already has stringent registration requirements, such as a national biometric ID program and SIM card registration by fingerprint, these bulk surveillance plans may be particularly invasive.
U.K. High Court strikes down discrete data retention practices
In slightly better news from the world of digital surveillance, a U.K. High Court ruled against data retention laws that allowed the government to order telecommunications companies to retain their users’ metadata for one year. The reason: The laws failed to require authorities to obtain judicial approval prior. The court also took issue with the lack of “clear and precise rules” for the collection of data in the Data Retention and Investigatory Powers Act 2014 (sections 1 and 2). The Home Office says it will appeal the decision.
Malaysia blocks news website in face of public finance investigation
Malaysia blocked news website the Sarawak Report and suspended two local papers after they published investigative reports on the suspicious transfer of $700 million from a government-managed investment fund into the personal bank account of Malaysian Prime Minister Najib Razak. While there is evidence that the government has censored the Internet in the past, this marks the first time it has publicly acknowledged doing so. Although the Malaysian Communications and Multimedia Commission claims that the block was carried out legally under the Communications and Multimedia Act of 1998, the law does not sanction censorship of online websites.
Is YouTube headed for Russia’s Internet blacklist?
Russian media and Internet watchdog Roscomnadzor issued an official warning to YouTube July 22 that the site may be added to the country’s Internet blacklist for copyright violations. The warning comes after the Moscow city court ruled that copyright was violated when two Russian TV shows were uploaded to YouTube. Though YouTube took down the videos, others were subsequently uploaded; Roscomnadzor reported seeing 137 copies on the site as of July 20.
Transparency reports: When it comes to takedowns, copyright is king
The online marketplace Etsy shut down more than 168,000 accounts over the year 2014, according to its first transparency report. It shut down 3,993 shops for violations of Etsy’s intellectual property policy and disabled 176,137 listings in response to DMCA takedown requests. However, the majority of the shutdowns were for non-IP related issues, such as spam and the sale of items prohibited on the site.