Posts

Thursday: Thunder Much

[image: Thor's Battle Against the Jötnar by Mårten Eskil Winge, c. 1872, via Wikimedia]

[image: Thor’s Battle Against the Jötnar by Mårten Eskil Winge, c. 1872, via Wikimedia]

It’s Thor’s Day, the Norse god of thunder’s day. This dude has a really poor selection of images available until the 20th century, and most are commercial. Doesn’t say much about his powers, does it.

Speaking of powers, mine are tapped out. I have a massive, partially-completed timeline on the Flint water crisis scheduled to post at 9:00 a.m. EST. When you see it, you’ll understand why my thunder’s depleted. I’ll throw a couple eye-catching items here for now; use this as an open thread.

In case I forget: Skål!

North Korean military chief executed for corruption
NK’s execution of Army General Ri Yong-Gil seems really oddly timed within a week of NK’s satellite launch. Makes one wonder if the launch and the execution were related. The termination is attributed to Kim Jong-Un’s continued efforts at retaining power.

Hundreds of thousands of stolen Social Security numbers used to attack IRS
Where the heck did hackers get 464,000 Social Security numbers? And how the heck did they use 101,000 of them to hammer away at the IRS to obtain e-pin number for filings? The IRS says no one’s personal taxpayer data has been compromised, nor were any filings messed up in this automated mass attack last month.

Comcast pleads with ISP customers in Atlanta
Looks like somebody’s nervous about Google Fiber coming to Atlanta, cutting into their broadband market. A pity, that, should have offered better customer service and more competitive pricing. If Comcast had already delivered these, there’d be no reason for Google to bother in that market.

Absolut-ly profitable year ahead for Pernod Ricard
Huh. I guess it makes sense, with the world in such upheaval that booze would be profitable. Pernod Ricard’s projections of one to three percent growth this year remain unchanged as the second-largest distiller in the world names a new leader for its North American business.

By Thor’s hammer…it’s tequila time somewhere. What’s the old Norse word for booze?

Friday Morning: Nasty Habits

I got nasty habits; I take tea at three.
— Mick Jagger

Hah. Just be careful what water you use to make that tea, Mick. Could be an entirely different realm of nasty.

Late start here, too much to read this morning. I’ll keep updating this as I write. Start your day off, though, by reading Marcy’s post from last night. The claws are coming out, the life boats are getting punctured.

Many WordPress-powered sites infected with ransomware
Your next assignment this morning: check and update applications as out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer are most prone to this new wave of ransomware affecting WordPress sites. Back up all your data files to offline media in case you are hit with ransomware, and make it a habit to back up data files more frequently.

Planes inbound to the UK from regions with Zika virus may be sprayed
Take one tightly-closed oversized can, spray interior with insecticide, then insert humans before sealing for several hours. This sounds like a spectacularly bad idea to me. What about you? Yet this is what the UK is poised to do with planes flying in from areas with frequent Zika infections.

Comcast a possible smartphone service provider
NO. I don’t even have Comcast, yet I think this company is one of the worst suited to offering smartphones and service to their users. The company has expressed interest in bidding on spectrum for wireless, however. Comcast has struggled for years with one of — if not THE — worst reps for customer service. How do they think they will manage to expand their service offering without pissing off more customers?

AT&T obstructing muni broadband
No surprise here that AT&T is lobbying hard against more broadband, especially that offered by communities. The public knows there’s a problem with marketplace competition when they don’t have multiple choices for broadband, and they want solutions even if they have to build it themselves. When AT&T annoys a Republican lawmaker while squelching competition, they’ve gone too far. Keep an eye on this one as it may shape muni broadband everywhere.

Volkswagen roundup
VW delayed both its earnings report scheduled March 10th and its annual meeting scheduled April 21. The car maker says it needs more time to assess impact of the emissions control scandal on its books. New dates for the report and meeting have not been announced.

Volkswagen Financial Services, the banking arm of VW’s holding company structure which finances auto sales and leases, suffers from the ongoing scandal. Ratings firms have downgraded both the bank and parent firm. Not mentioned in the article: potential negative impact of emissions control scandal on VW’s captive reinsurer, Volkswagen Insurance Company Ltd (VICO).

Both the Justice Department and the Environmental Protection Agency filed a civil suit against VW in Detroit this week. Separate criminal charges are still possible.

That’s a wrap, I’m all caught up on my usual read-feed. Get nasty as you want come 5:00 p.m. because it’s Friday!

In One of His First Major Legislative Acts, Paul Ryan Trying to Deputize Comcast to Narc You Out to the Feds

Screen Shot 2015-12-07 at 7.53.31 PMAs the Hill reports, Speaker Paul Ryan is preparing to add a worsened version of the Cybersecurity Information Sharing Act to the omnibus budget bill, bypassing the jurisdictional interests of Homeland Security Chair Mike McCaul in order to push through the most privacy-invasive version of the bill.

But several people tracking the negotiations believe McCaul is under significant pressure from House Speaker Paul Ryan (R-Wis.) and other congressional leaders to not oppose the compromise text.

They said lawmakers are aiming to vote on the final cyber bill as part of an omnibus budget deal that is expected before the end of the year.

As I laid out in October, it appears CISA — even in the form that got voted out of the Senate — would serve as a domestic “upstream” spying authority, providing the government a way to spy domestically without a warrant.

CISA permits the telecoms to do the kinds of scans they currently do for foreign intelligence purposes for cybersecurity purposes in ways that (unlike the upstream 702 usage we know about) would not be required to have a foreign nexus. CISA permits the people currently scanning the backbone to continue to do so, only it can be turned over to and used by the government without consideration of whether the signature has a foreign tie or not. Unlike FISA, CISA permits the government to collect entirely domestic data.

We recently got an idea of how this might work. Comcast is basically hacking its own users to find out if they’re downloading copyrighted material.

[Comcast] has been accused of tapping into unencrypted browser sessions and displaying warnings that accuse the user of infringing copyrighted material — such as sharing movies or downloading from a file-sharing site.

That could put users at risk, says the developer who discovered it.

Jarred Sumner, a San Francisco, Calif.-based developer who published the alert banner’s code on his GitHub page, told ZDNet in an email that this could cause major privacy problems.

Sumner explained that Comcast injects the code into a user’s browser as they are browsing the web, performing a so-called “man-in-the-middle” attack. (Comcast has been known to alert users when they have surpassed their data caps.) This means Comcast intercepts the traffic between a user’s computer and their servers, instead of installing software on the user’s computer.

[snip]

“This probably means that Comcast is using [deep packet inspection] on subscriber’s internet and/or proxying subscriber internet when they want to send messages to subscribers,” he said. “That would let Comcast modify unencrypted traffic in both directions.”

In other words, Comcast is already doing the same kind of deep packet inspection of its users’ unencrypted activity as the telecoms use in upstream collection for the NSA. Under CISA, they’d be permitted — and Comcast sure seems willing — to do such searches for the Feds.

Some methods of downloading copyrighted content might already be considered a cyberthreat indicator that Comcast could report directly to the Federal government (and possibly, under this latest version, directly to the FBI). And there are reports that the new version will adopt an expanded list of crimes, to include the Computer Fraud and Abuse Act.

In other words, it’s really easy to see how under this version of CISA, the government would ask Comcast to hack you to find out if you’re doing one of the long list of things considered hacking — a CFAA violation — by the Feds.

How’s that for Paul Ryan’s idea of conservatism, putting the government right inside your Internet router as one of his first major legislative acts?

The Common Commercial Services OLC Memo and Zombie CISPA

Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”

That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.

Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked again on September 26.

It appears that Wyden had intended to ask the question of one of the witnesses at an open Senate Intelligence Committee hearing (perhaps Deputy Attorney General James Cole), but — having had warning of his questions (because he sent them to the witnesses in advance) — Dianne Feinstein and Susan Collins ensured there would not be a second round of questions.

As it happens, Wyden made the request for the memo two days after DiFi told The Hill she was preparing to advance her version of CISPA, and the day after Keith Alexander started calling for cybersecurity legislation again.

In a brief interview with The Hill in the U.S. Capitol on Tuesday, Feinstein said she has prepared a draft bill and plans to move it forward.

The legislation would be the Senate’s counterpart to the Cyber Intelligence Sharing and Protection Act, known as CISPA, which cleared the House in April.

CISPA would remove legal barriers that prevent companies from sharing information with each other and the government about cyber attacks. It would also allow the government to share more information with the private sector.

Since then, Alexander has pitched new cybersecurity legislation in an “interview” with the NYT, admitting he needs to be more open about his places for cybersecurity.

Now, the Executive Branch’s unwillingness to actually share the law as it interprets it with us mere citizens prevents us from understanding precisely what relationship this OLC memo has with proposed cybersecurity legislation — but Wyden made it clear in January that it does have one. But here are some things we might surmise about the memo:

  • The Administration is currently relying on this memo. If it weren’t using it, after all, it wouldn’t need to be revoked. That means that since at least January 14, 2011 (before which date Wyden and Russ Feingold first asked it be revoked), the Administration has had a secret interpretation of law relating in some way to cybersecurity.
  • The interpretation would surprise us. As Wyden notes, “this opinion is inconsistent with the public’s understanding of the law” (he doesn’t say what that law is, but I’ll hazard a guess and say it pertains to information sharing). It’s likely, then, that some form of online provider has been sharing cyber-intelligence with the federal government under some strained interpretation of our privacy protections (and, probably, some kind of Attorney General assurances everything’s cool).

Let’s use the lesson we learned during the FISA Amendments Act where the telecoms were clambering for the legislation and the retroactive immunity, but the Internet companies were grateful for “clarity,” but explicitly opposed to retroactive immunity. When we learned the telecoms had been turning over the Internet companies metadata and content, this all made more sense. The Internet Companies wanted the telecoms to be punished for stealing their data.

In this case, in the first round of CISPA (which had broad immunity protections), Facebook and Microsoft were supporters. But in this go-around (which has still generous but somewhat more limited immunity), the big supporters consist of:

  • Telecoms (AT&T, Verizon; interestingly, Sprint did not sign a letter of support)
  • Broadband and other backbone providers (Boeing, Cisco, Comcast, TimeWarner, USTelecom)
  • Banks and financial transfer
  • Power grid operators and other utilities

Now, who knows with which of these entities the government is already relying on this common commercial services memo, which of our providers we believe have made some assurances to us but in fact they’ve made entirely different ones.

But I will say the presence of the telecoms, again, angling for immunity for information sharing, along with their analogues the broadband providers does raise questions. Especially considering Verizon Exec’s trash talking about consumer-centric Internet companies that don’t prioritize national security.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

After all, the telecoms have a history of willingly cooperating with the government, even if it bypassed the protections offered by Internet companies, even if it violated the law. Have they been joined by big broadband?

Well, DOJ could clear all this up by revoking and releasing the memo. Until they do, though, my wildarsed guess is that those operating the Toobz in the country — the telecom and broadband companies — have already started sharing consumers’ data that a plain reading of the law seemingly wouldn’t permit them to do.

Winter™ — Property of The Weather Channel®

(photo: Blizzard 2010 by *Low* via Flickr)

With a lot of self-justifying, back-patting hoopla today, The Weather Channel announced it’s decided unilaterally to assign names to winter storms.

During the upcoming 2012-13 winter season The Weather Channel will name noteworthy winter storms. Our goal is to better communicate the threat and the timing of the significant impacts that accompany these events. The fact is, a storm with a name is easier to follow, which will mean fewer surprises and more preparation.

Yes, fewer surprises. Just the one about winter’s natural disasters being branded by The Weather Channel.

There’s no indication that any federal government entity, including NOAA, has sanctioned this scheme let alone the names.

…until now, there has been no organized naming system for these storms before they impact population centers.

One of the reasons this may be true is that there is no national center, such as the National Hurricane Center, to coordinate and communicate information on a multi-state scale to cover such big events. The National Centers for Environmental Prediction’s Hydrologic Prediction Center (HPC) does issue discussions and snowfall forecasts on a national scale but it does not fill the same role as the NHC in naming storms. …

At this point The Weather Channel’s management breaks their arms with back-patting, lauding their efforts while calling it a bunch of euphemisms for team-playing:

…it would be a great benefit for a partner in the weather industry to take on the responsibility of developing a new concept.

This is where a world-class organization such as The Weather Channel will play a significant role. We have the meteorological ability, support and technology to provide the same level of reporting for winter storms that we have done for years with tropical weather systems. …

In the absence of any government inputs, the selected storm names for this season appear to be intellectual property of The Weather Channel.

Bet you didn’t think that natural disasters could be co-opted, branded, and marketed!  Read more

The Global Crisis of SOME Institutional Legitimacy

Felix Salmon has a worthwhile (but, IMO, partly mistaken) post on what he deems “the global crisis of institutional legitimacy.” I think he’s right to see this as a significant challenge to our current political economy.

While watching another Arab government get toppled on Sunday evening — this time that of Muammar Gaddafi, in Libya — I was also reading George Magnus’s excellent note for UBS, entitled “The Convulsions of Political Economy”; you can find it chez Zero Hedge.

Convulsions is right — not only in the Arab world, of course, but also in Europe and the US. And the result is arguably the most uncertain outlook, in terms of the global political economy, since World War II ended and the era of the welfare state began.

As Magnus says:

It seems that we are having sometimes esoteric tiffs between Keynesians and Austrians about if and how governments should sustain jobs and growth. But, deep down, we are having a much more significant debate as we are being forced to redefine what we think about the rights and obligations of citizens and the State.

Most fundamentally, what I’m seeing as I look around the world is a massive decrease of trust in the institutions of government.

But I think Salmon makes two mistakes. First, he maintains an unwarranted distinction between the Arab Spring and the UK riots.

Where those institutions are oppressive and totalitarian, the ability of popular uprisings to bring them down is a joyous and welcome sight. But on the other side of the coin, when I look at rioters in England, I see a huge middle finger being waved at basic norms of lawfulness and civilized society, and an enthusiastic embrace of “going on the rob” as some kind of hugely enjoyable participation sport. The glue holding society together is dissolving, whether it’s made of fear or whether it’s made of enlightened self-interest.

From the perspective of the underclass in our society, it has been some time since “enlightened self-interest” counseled compliance. And from most perspectives, it’s clear that the elites, not the underclass, were the first to wave a huge middle finger at basic norms of lawfulness.

A more problematic error, though, is Salmon’s claim that corporations have retained their legitimacy.

Looked at against this backdrop, the recent volatility in the stock market, not to mention the downgrade of the US from triple-A status, makes perfect sense. Global corporations are actually weirdly absent from the list of institutions in which the public has lost its trust, but the way in which they’ve quietly grown their earnings back above pre-crisis levels has definitely not been ratified by broad-based economic recovery, and therefore feels rather unsustainable.

As a recent Pew poll shows, Americans are just as disgusted with banks and other large corporations as they are with their government.

While anti-government sentiment has its own ideological and partisan basis, the public also expresses discontent with many of the country’s other major institutions. Just 25% say the federal government has a positive effect on the way things are going in the country and about as many (24%) say the same about Congress. Yet the ratings are just as low for the impact of large corporations (25% positive) and banks and other financial institutions (22%). And the marks are only slightly more positive for the national news media (31%) labor unions (32%) and the entertainment industry (33%).

Notably, those who say they are frustrated or angry with the federal government are highly critical of a number of other institutions as well. For example, fewer than one-in-five of those who say they are frustrated (18%) or angry (16%) with the federal government say that banks and other financial institutions have a positive effect on the way things are going in the country.

But there are institutions that Americans still trust: colleges, churches, small businesses, and tech companies.

Distinguishing between those institutions (government and big corporations) people distrust and those (churches, small businesses, and tech companies) they do is important for several reasons. First, because it prevents us from assuming (as big corporations might like us to) that Americans will be content with corporatist solutions. People may or may not like the the post office, but there’s no reason to believe they like FedEx, Comcast, AT&T, or Verizon any more, particularly the latter three, which all score very badly in customer satisfaction. (Update: as joberly points out, Pew found that the postal service was by one measure the most popular government agency, with 83% of respondents saying they had a favorable view of the postal service.)

Such polling also suggests where Americans might turn during this convulsion. Barring Apple buying out the federal government, it seems likely Americans, at least, will turn to local institutions: to their church, their neighborhood, their local businesses.

That’s got some inherent dangers–particularly if people decide they want to change my governance with their church. But it also provides a nugget of possible stability amid the convulsion, one that might have salutary benefits for our environment and economy.

Apple aside, it’s the big institutions that have lost their institutional legitimacy. But we’re not entirely without institutions with which to rebuild.

ComcastSucks Got Suckier So FCC Commish Could Get a Swank New Job

Our entire country’s mediascape will no doubt get suckier as Comcast returns to its typical bad behavior after having eaten NBC. We will become less well-informed. We will fall further behind the rest of the world for broadband access. And we will continue to wait for ComcastSucks repairmen.

And all so Meredith Attwell Baker could get a swank new job at ComcastSucksNBC.

Meredith Attwell Baker, one of the two Republican Commissioners at the Federal Communications Commission, plans to step down—and right into a top lobbying job at Comcast-NBC.

The news, reported this afternoon by the Wall Street Journal, The Hill, and Politico, comes after the hugely controversial merger of Comcast and NBC earlier this year. At the time, Baker objected to FCC attempts to impose conditions on the deal and argued that the “complex and significant transaction” could “bring exciting benefits to consumers that outweigh potential harms.”

Four months after approving the massive transaction, Attwell Baker will take a top DC lobbying job for the new Comcast-NBC entity, according to reports.

In ComcastSucksNBC’s announcement, Baker boasted about how excited she is to start her new job.

I’ve been privileged to serve in government for the past seven years under President Obama at the FCC and President Bush at NTIA, I’m excited to embark on a new phase of my career with Comcast and NBCUniversal,

Somehow, she forgot to mention how proud she is about personally contributing to the decline of her country to serve her own greed.

Media Giants for Health Care

I said on Twitter yesterday that Comcast was endorsing health care reform as a sop designed to butter up Obama’s regulators who must approve the Comcast-NBC deal. But that becomes even more clear when you look at the letter Comcast’s CEO Brian Roberts wrote.

Roberts starts with an utterly shameless suck up. Congratulations, Mr. President, you rock! But as part of that suck up, Roberts appeals to the themes–job creation, investment, and innovation–taht Comcast will mobilize to justify its acquisition of NBC. (He does not, for some reason, mention the real reason behind the deal: profits.)

Congratulations on today’s Summit on Jobs and Economic Growth. I believe that hosting a thoughtful and vibrant discussion with the Vice President, members of your Cabinet, business leaders, scholars, and other public officials about the persistent economic challenges confronting America and the path we must forge to foster job creation, investment, and innovation is a really important initiative.

Then, Roberts uses his non-attendance at the summit as his excuse for making his transparent bid to suck up to Obama.

Because of our announcement today that we have formed a joint venture with General Electric consisting of NBCU’s businesses and Comcast’s cable networks, I am unable to attend the Summit. I very much appreciate the outreach to the business community, and want to express one of the thoughts I intended to make at the Summit –that enactment of comprehensive health care reform legislation is, in my judgment, critical to putting this country on a path of sustained growth and prosperity.

“I can’t attend because I’m busy becoming an even bigger media behemoth and oh by the way I’m sorry I haven’t mentioned yet that I support your signature policy issue but I do.”

From there, Roberts goes on to prove that he has been paying attention to Obama’s talking points, citing the cost and the amount by which it reduces deficits–which Roberts labels “a strong dose of fiscal responsibility.”

Then Roberts’ letter gets really interesting. He makes a sustained pitch for the digital technology aspects of reform.

I also strongly support the development of standards and protocols to promote the digitization of health records and documents, electronic data matching, and the interoperability of systems for enrollment in health services programs. Such steps could revolutionize how health centers and hospitals operate and enrich how health providers and patients communicate. Telemedicine and  distant health services will literally transform the delivery and monitoring of health care services and the training of health care professionals. As a leading information and communications technology company, Comcast understands the generative power of broadband technology and its potential to improve the overall quality of health care, while stimulating job creation and restoring our economy.

Notice that Roberts assumes this will all be done via broadband and not–say–satellite.

Read more