Home Tags Resignation

Tag: resignation

Trump voters need fast broadband and net neutrality too, Tom Wheeler...

Enlarge / FCC Chairman Tom Wheeler in his Washington, DC, office in February 2016.Jon Brodkin reader comments 13 Share this story Donald Trump's election has put Republicans in position to eliminate net neutrality rules and gut the Federal Communications Commission's authority to regulate broadband providers. But Trump voters need the consumer protections provided by the FCC as much or more than anyone, said Tom Wheeler, whose resignation as FCC chairman takes effect today. Wheeler, a Democrat appointed to the FCC by President Barack Obama, isn't happy about Trump's victory.

But in making the case for continued net neutrality rules and consumer protections, he pointed out that Trump voters in rural areas are vulnerable to the actions of major broadband providers. "The Trump administration campaigned that they are the voice of the forgotten," Wheeler said in a phone interview with Ars yesterday. "Well you know, the half-dozen major carriers [lobbying against FCC regulations] are hardly forgotten." The people who are forgotten are the "two-thirds of consumers in America who have one or fewer broadband choices," Wheeler said. "Where are those choices most limited? In the areas where Donald Trump got the strongest response, in rural areas, outside of major cities.
If indeed this is an administration that is speaking for those that feel disenfranchised, that representation has to start with saying, 'we need to make sure you have a fast, fair, and open Internet because otherwise you will not be able to connect to the 21st century.'" Wheeler brought up Trump voters again when asked about his own Internet service. Wheeler once noted that he is "a happy Comcast subscriber" but has generally avoided describing his own experiences as an Internet customer. "I’m a privileged consumer, you know? I live in the Georgetown section of Washington, DC.

The problem is what do you do about the non-privileged?" Wheeler said. "Let's talk about Trump voters.

The Trump voters are people who don’t have choices in Internet providers, the Trump voters are folks that don’t have the resources to pay the ever escalating bills for either cable or broadband." Wheeler: Gutting consumer protection is “tragic” But so far, signs point to the Trump-era FCC dismantling consumer protections opposed by Internet service providers. Republicans at the FCC and Congress say they intend to repeal or replace net neutrality rules.

Trump's transition team is also reportedly pushing a proposal to strip the Federal Communications Commission of its role in overseeing competition and consumer protection and to move those functions to the Federal Trade Commission.
Such a major change would require Congressional approval and thus may not happen, but it's worrying to Wheeler nonetheless. "I think it would be tragic," Wheeler said of taking away the FCC's competition and consumer protection authority. "This is tragic for the American consumer and the competitive marketplace." Upon my @FCC departure, I would like to sign off with 3 words of wisdom that guided me well: competition, competition, competition — Tom Wheeler (@TomWheelerFCC) January 20, 2017 The FTC is "a great agency" that does excellent work but has more narrow authority over communications providers than the FCC, Wheeler said.

The FTC "has enforcement authority, not rulemaking authority," he said. "They can say, 'we think this is an unfair and deceptive act or practice,' but they can't say, 'here’s how networks have to operate so they're fast, fair, and open.'" The only companies that would benefit from a weaker FCC and the repeal of net neutrality are the major ISPs, Wheeler said. (That would include Comcast, Charter, AT&T, Verizon, T-Mobile USA, and Sprint.) "We’re talking about a handful of companies who are lobbying for their own self-interest, and trying to say to the new commission, 'you need to listen to us, not to consumers, not to a competitive marketplace, not to those who could be affected by a network where we act as gatekeepers,'" Wheeler said. "And if they are successful, that will put in jeopardy tens of thousands of other companies that rely on open networks and millions of consumers." FTC could be powerless to stop ISP abuses As evidence of the dangers of shifting FCC functions to the FTC, Wheeler pointed to a recent US Court of Appeals for the Ninth Circuit decision that could dramatically limit the FTC's ability to regulate ISPs. The FTC is statutorily forbidden from regulating "common carriers," a designation the FCC has long applied to phone companies like AT&T and Verizon and more recently to all ISPs.

The FTC attempted to punish AT&T for throttling the Internet connections of customers with unlimited data plans before the FCC reclassified broadband as a common carrier service.

The FTC assumed it could punish AT&T for activity that at the time was unrelated to its common carrier services, but judges ruled in favor of AT&T, saying that the carrier is exempt from FTC oversight entirely. ISPs have been pushing the idea of moving FCC authority to the FTC for years, Wheeler said. "The surprise is that they continue with this mantra despite the fact that AT&T sued the FTC alleging that they did not have authority over common carriers," he said. The idea of removing FCC authority has also been pushed by the conservative American Enterprise Institute (AEI), "and lo and behold AEI comes in as the principal force in the Trump transition," Wheeler said.

Three of the advisors Trump appointed to make recommendations about the FCC transition are affiliated with the AEI, and one of them has proposed eliminating most of the FCC. ISPs, competition, and Google Fiber Under Wheeler, the FCC pushed for more competition in part by requiring further broadband construction as a condition for granting the AT&T/DirecTV and Charter/Time Warner Cable mergers.
In May 2015, Wheeler challenged cable companies to compete directly against each other. "I thought [calling for competition] was a conservative message," Wheeler said. "I thought Republicans would be responsive to the idea that a competitive economy is the basic bulwark of how the American economy works and that there ought to be competitive alternatives.
I went to the cable association and I said, 'hey, the costs of building are going down, you guys have to start thinking about competing with each other and not just having an exclusive franchise.'" Cable companies have continued avoiding each other's territory for the most part, but the emergence of Google Fiber was important for boosting competition, Wheeler said.

Though Google Fiber recently downsized, Wheeler said, "I’m thrilled at what Google Fiber did because every time they built something, wasn’t it amazing that the incumbent suddenly decided that it was time for them to build fast fiber as well?" The FCC tried to encourage municipal broadband by preempting state laws that limit the rights of cities and towns to offer Internet service, but it lost in court.

Going forward, Wheeler said local policies should encourage competition by providing easier access to poles, conduits, and rights-of-way. He'd also like to see new ISPs get more affordable access to video programming so they can offer competitive TV-and-Internet bundles. Chairman leaves unfinished business Wheeler regrets not finishing certain initiatives, such as a rulemaking that would have required pay-TV operators to make free TV applications, giving customers an option besides rented set-top boxes.

Also unfinished was a proposed $100 million fine of AT&T for allegedly misleading customers about unlimited data throttling, as well as price cap decreases for business data services. Wheeler told Ars that he didn't have enough Democratic votes to push final versions of those items through.

Though Democrats had a 3-2 majority led by Wheeler, Democrat Jessica Rosenworcel didn't support a final version of the set-top box rules because of concerns over how cable company applications would be licensed to third-party device makers. "We lost. We got outmuscled" on the cable app rules, Wheeler said. "I call it Cablewood: it’s cable and Hollywood in this incestuous relationship... they did an excellent job lobbying the issue both here at the commission and in the Congress." Regarding that $100 million fine, the FCC never was able to negotiate a settlement with AT&T.

Given that, the FCC could have issued a final ruling requiring AT&T to pay the fine, waited for AT&T to sue, and then let a court decide.

But Wheeler said he didn't have enough votes to support that approach, either. Wheeler also ran out of time while challenging major wireless carriers over paid data cap exemptions. Just last week, Wheeler accused AT&T and Verizon Wireless of violating net neutrality rules by letting their own video stream without counting against mobile data caps while charging other video providers for the same data cap exemptions (aka "zero-rating"). Wheeler's statement and a related report by FCC staff won't have any impact in the short term because the FCC's Republicans vowed to ignore the findings and they want to overturn the net neutrality rules altogether. Wheeler said the FCC's net neutrality rules didn't ban zero-rating entirely because free data services can benefit consumers. "Free is good, OK?" he said. "But the problem is that when a carrier decides to favor its non-carrier activity by placing that for free on the network, but anybody who competes with that non-carrier activity has to pay full freight, that is a blatantly anti-competitive activity." This is the sort of behavior that shows "why you have to have an open Internet," Wheeler said. "Unfortunately, we’re not going to be around to do something about it, so we thought it was important to make sure the record was clear." Wheeler won’t be a lobbyist again Wheeler, a former lobbyist for the cable and wireless phone industries, surprised some observers by pushing for more extensive regulation of ISPs during his 39 months as chairman.

As he leaves the FCC, he said, "I’m proud of what we accomplished.
I wish there were other circumstances but the American people had other thoughts about that and I respect that decision." When asked if he might become a lobbyist again, Wheeler answered with an emphatic "no." For now, Wheeler is joining the Aspen Institute as a senior fellow, becoming the sixth consecutive FCC chairman to do so upon leaving the commission.

The nonpartisan policy forum has become "the home for recovering chairmen," Wheeler joked. "What it allows you to do is, while you are chairman, not worry about what you do next, and therefore not have to lose focus, not have to start recusing yourself" from matters that might affect a potential future employer, Wheeler said. That'll be a temporary job for the 70-year-old Wheeler, who said he plans to "decompress" and spend more time with his wife. "I hope to write and teach and maybe do some consulting, but we’ll just see how things develop," he said. "I don't think I'm going to have a 'job' job, if you will."

ISPs seek end of privacy rules just in time for Trump’s...

EnlargeGetty Images | Yuri_Arcurs reader comments 27 Share this story New privacy rules that protect the Web browsing data of broadband subscribers went into effect just two weeks ago, but they could be overturned shortly after Republicans gain a majority at the Federal Communications Commission. The FCC voted on the rules on October 27, and they partially took effect on January 3.

Also on January 3, trade groups representing ISPs filed petitions asking the FCC to reconsider the rulemaking, said an FCC public notice issued today. Normally, these petitions for reconsideration would be rejected by the FCC, and ISPs' next option would be to sue.

But in this case, the privacy rules were passed 3-2, with three Democrats voting for the rules and two Republicans voting against them.

Those two Republicans, Ajit Pai and Michael O'Rielly, will enjoy a 2-1 majority after President-elect Donald Trump's inauguration Friday because Democratic Chairman Tom Wheeler said he will resign, and Democratic Commissioner Jessica Rosenworcel had to leave the FCC when the Republican-controlled Senate refused to reconfirm her for another term. After Trump won the presidential election on November 8, Republicans in Congress asked the FCC to halt any controversial rulemakings until the inauguration and warned that any action taken in the final days of the administration could be more easily overturned.

But that's also true of the privacy order, even though it was passed nearly two weeks before the election. Opponents of new rules are given 30 days to petition for reconsideration, but the clock doesn't start until the rules are published in the Federal Register, which never happens instantaneously.

The privacy rules were published in the Federal Register the first week of December, which gave opponents until January 3 to file petitions. The process for considering the petitions will extend past Wheeler's resignation. Once today's public notice is published in the Federal Register, supporters of the privacy rules will have 15 days to file oppositions to the petitions for reconsideration.

After that, there will be another 10 days allotted for replies to oppositions. Pai and O'Rielly will presumably then get the process for overturning the rules moving. We contacted Pai and O'Rielly today but haven't heard back yet. Even if the FCC does eliminate the privacy rules in response to the petition for reconsideration, that action could be appealed in court by supporters of the privacy rules. Opt-in consent required—for now The new privacy rules require fixed and mobile ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. (This customer approval provision isn't scheduled to take effect until at least December 2017.) Most of the petitions to reconsider the rules were filed by ISP lobby groups, namely the United States Telecom Association, CTIA, the American Cable Association, the Competitive Carriers Association, ITTA-The Voice of Mid-Size Communications Companies, NCTA-The Internet & Television Association, and the Wireless Internet Service Providers Association.

There were also petitions from Oracle, the Association of National Advertisers, the Consumer Technology Association, and Level 3. Wheeler argued when the rules were passed that ISPs are uniquely capable of collecting consumers' Internet traffic because they can monitor everything that goes over the connection and because it is difficult for customers to switch ISPs. "What this item does is to say that the consumer has the right to make a decision about how her or his information is used," Wheeler said. O'Rielly argued at the time that the commission doesn't have the "statutory authority to adopt broadband privacy rules" and that the rules would prevent ISPs from offering "innovative services" and competing against Internet companies in the online advertising market. Pai argued that ISPs shouldn't face stricter rules than companies like Google and Twitter that are regulated separately by the Federal Trade Commission. "Due to the FCC’s action today, those who have more insight into consumer behavior (edge providers) will be subject to more lenient regulation than those who have less insight (ISPs)," Pai said. "This doesn’t make sense... Nothing in these rules will stop edge providers from harvesting and monetizing your data, whether it’s the websites you visit or the YouTube videos you watch or the e-mails you send or the search terms you enter on any of your devices." Pai, who reportedly met with Trump yesterday, seems likely to be appointed the FCC's interim chairman.
In a speech last month, Pai made it clear that he is intent on rolling back some of Wheeler's major initiatives.

The net neutrality rules' "days are numbered," and "during the Trump Administration, we will shift from playing defense at the FCC to going on offense," he said.

The FCC "need[s] to remove outdated and unnecessary regulations" and "fire up the weed whacker and remove those rules that are holding back investment, innovation, and job creation," Pai also said.

Facebook already has a Muslim registry—and it should be deleted

Enlarge / A Hollerith machine used in the 1890 US Census. Hollerith's company later merged with three others to create the company that later became known as IBM, and similar machines were instrumental in organizing the Holocaust.Marcin Wichary reader comments 84 Share this story Since Donald Trump's election, many in the tech industry have been concerned about the way their skills—and the data collected by their employers—might be used. On a number of occasions, Trump has expressed the desire to perform mass deportations and end any and all Muslim immigration. He has also said that it would be "good management" to create a database of Muslims, and that there should be "a lot of systems" to track Muslims within the US. In the final days of his presidency, Barack Obama has scrapped the George W.

Bush-era regulations that created a registry of male Muslim foreigners entering the US—the registry itself was suspended in 2011—but given Trump's views, demands to create a domestic registry are still a possibility. As a result, some 2,600 tech workers (and counting) have pledged both not to participate in any such programs and to encourage their employers to minimize any sensitive data they collect.

The goal is to reduce the chance that such data might be used in harmful ways. The fear in the tech community is of being complicit in some great crime.

The neveragain.tech pledge reads, in part: We have educated ourselves on the history of threats like these, and on the roles that technology and technologists played in carrying them out. We see how IBM collaborated to digitize and streamline the Holocaust, contributing to the deaths of six million Jews and millions of others. We recall the internment of Japanese Americans during the Second World War. We recognize that mass deportations precipitated the very atrocity the word genocide was created to describe: the murder of 1.5 million Armenians in Turkey. We acknowledge that genocides are not merely a relic of the distant past—among others, Tutsi Rwandans and Bosnian Muslims have been victims in our lifetimes. Today we stand together to say: not on our watch, and never again. Their concerns are not unfounded.
IBM, in particular, has a dark history when it comes to assisting with genocides.

The company's punch card-based Hollerith machines were instrumental in enabling the Nazis to efficiently round up Jews, seize their assets, deport them to concentration camps, and then systematically slaughter them. After Trump's election, IBM CEO Ginni Rometty wrote the president-elect to congratulate him on his victory and offer IBM's services in support of his agenda. Oracle co-CEO Safra Catz has joined Trump's transition team, rank and file workers have been outspoken in their unwillingness to cooperate with programs that don't, in their view, respect the Constitution or human rights or which have disturbing historical precedent. Rometty's letter has provoked a petition from current and former IBM staff; Catz's role has resulted in at least one resignation. One company, however, stands head and shoulders above the rest when it comes to collecting personal data: Facebook.

Facebook's business is data collection in order to sell more effectively targeted advertisements. While massive data collection is not new or unique to Facebook—search engines such as Google and Microsoft's Bing have the same feature—Facebook is unusual in that it actively strives to make that information personally identifiable.

Facebook accounts tend to use our legal names, and Facebook relationships tend to reflect our real-life associations, giving the company's data a depth and breadth that Google or Microsoft can only dream about. Among the pieces of personal information that the site asks users for is religion.

As with most pieces of information that Facebook requests, this is of course optional.

But it's an option that many people fill in to ensure that our profiles better reflect who we are. This data collection means that Facebook already represents, among other things, a de facto—if partialMuslim registry.

Facebook has the data already; the company can provide a list of self-attested Muslims in the US simply by writing a query or two.

That data could be similarly queried for anyone who isn't straight. As such, government coercion of Facebook—or even a hack of the company—represents a particular threat to civil liberties.

Accordingly, Facebook should take a simple and straightforward protective step: delete that information. Remove the field from our profiles, and discard the historic saved data. Deleting the information will not make Facebook safe.
It will still be a treasure trove of relationships and associations, and an intelligence agency could make all manner of inferences from the data contained within. (Religion, for instance, is likely to be discernible from the content of posts and from images of holidays and religious gatherings, but this would be more difficult to do in bulk—though we know similar inferences are already made about race.) But it would mean that Facebook is no longer so trivially searchable, and it would mean that it ceases to be such a clear database of religious affiliation. Making a change like this should be trivial for Facebook. No doubt it would marginally reduce the company's ability to tailor advertisements to individual users—but it would serve as a clear statement against the threat such a database poses.

‘I told him to cut it out’ – Obama is convinced...

And so what are you gonna do about it, Barry? Analysis Outgoing US President Barack Obama has promised to take action against Russia over its alleged interference in the presidential election campaign. American intelligence agencies have concluded that hackers linked to the Kremlin infiltrated the computer network of the Democratic National Committee as well as the email account of Hillary Clinton’s campaign chief John Podesta with the aim of influencing the November 8 outcome. Russia has dismissed these allegation as baseless (or “amusing rubbish”), a denial that cut little ice with Obama given the consensus among the US intelligence community that the Kremlin ran a dirty tricks campaign.

Even the FBI now accepts, after initial reluctance, the CIA's conclusion that Russia helped miscreants meddle with the election. "I think there's no doubt that when any foreign government tries to impact on the integrity of our elections, that we need to take action and we will, at a time and a place of our own choosing,” Obama told US public radio network NPR. "Some of it may be explicit and publicized; some of it may not be." Obama also gave a press conference today – his final one as US President – in which he discussed the hacking claims and all but pinned the blame on Vladimir Putin's government. "Mr Putin is well aware of my feelings about this, because I spoke to him directly about it ...
I told him to cut it out," said Obama. Youtube Video Republican president-elect Donald Trump dismissed the accusations against Russia as “ridiculous” and motivated by sour grapes. He questioned why the accusations – which had been circulating for months – had resurfaced with such force only after an election the Democrats lost.
In reality, the claims had been aired in the press for months, and discussed privately among diplomats and officials: it was a looming threat rather than an excuse by sore losers. President Obama's proposed “proportional” reprisals for the alleged meddling need to happen before the Democrat leaves office on January 20 – because, clearly, Trump is not interested in causing trouble for Vlad. Exactly how America will exact revenge is unclear.

A range of options – explicit and covert – are on the table and may involve economic sanctions or the release of sensitive data about the hidden wealth of Russian political and business figures, according to various former diplomats and foreign policy pundits. Similarly worded cyber-threats were made against North Korea after the country was blamed for the Sony Pictures mega-hack. By leaking emails stolen from servers, miscreants threw the Democratic Party and the Clinton campaign off balance at crucial points in the election campaign cycle.

The two biggest bombshells were the DNC emails that sparked the resignation of party chairwoman Debbie Wasserman Schultz in July and the online dumping of the John Podesta emails, through WikiLeaks, in October. The release of the messages was likely designed to cast doubt on the legitimacy of US political processes and its leaders in general. Weakening the Clinton campaign by portraying Hillary – a Putin critic – as elitist and out of touch was an obvious goal.

The American administration's indignation is not focused on the hack itself – all intel agencies target foreign political and business leaders – but that the resulting intelligence was “weaponised” through selective leaks. US spies concluded that the Russians also hacked the Republican National Committee (RNC) as well as the DNC but decided not to leak the Republican data trove. The CIA reckoned Russia was motivated by a desire to tilt the election in favor of Putin-friendly and easily manipulatable Donald Trump. Private intelligence biz Crowdstrike attributed the DNC ransacking to two state-backed elite Russian hacker crews – Fancy Bear and Cozy Bear – which are linked to attacks on the German Bundestag and other campaigns. A previously unknown hacker using the moniker Guccifer 2.0 claimed responsibility for the DNC attack.
Infosec experts and the US intel community have dismissed these claims as a “smokescreen.” Uncle Sam's snoopers have "high confidence" that the Russian government hacked the DNC. In October, the US Department of Homeland Security and Office of the Director of National Intelligence had this to say about election security: The US Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations.

The recent disclosures of alleged hacked emails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

These thefts and disclosures are intended to interfere with the US election process.
Such activity is not new to Moscow — the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities. The substance of the allegations isn’t in itself new but has been given fresh currency by Obama’s decision to order the intelligence community to review “malicious cyber activity” during the 2016 election process. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Zynga sues 2 former employees over alleged massive data heist

EnlargeScopely reader comments 28 Share this story On Tuesday, Zynga sued two of its former employees.

The company claims they stole confidential information and took it to their new employer, rival social gaming startup, Scopely. Massimo Maietti and Ehud Barlach worked as higher-up employees for the San Francisco-based Zynga until they left in July and September, respectively.
Scopely, which makes Dice with Buddies, Wheel of Fortune Free Play, and others, is also named as a co-defendant in the case. According to Zynga’s 28-page civil complaint, Maietti was the creative director on “one of Zynga’s most ambitious soon-to-be released games, which goes by the code name ‘Project Mars.’” Barlach, for his part, was the general manager of Hit It Rich! Slots. Neither Scopely, Maietti, nor Barlach immediately responded to Ars’ request for comment. Both men are accused of taking a vast quantity of private data with them and successfully recruited former colleagues to join them at Scopely, which Zynga claimed was a violation of their employment contracts. (Scopely has several Zynga alumni, including Roy Rosenthal, the company’s general counsel. Rosenthal also did not respond to Ars.) In recent months, as Zynga became increasingly aware that “key talent” was leaving the company, it commissioned a “forensic examination” of former employee’s computers, going back to Maietti. As Zynga alleges: On July 4, 2016—during the Independence Day holiday and just one day before he gave notice of his resignation of employment from Zynga–Maietti’s Internet history shows that Maietti used the Google Chrome browser on his Zynga-issued laptop to access a Zynga-owned Google Drive account. His browser history shows that he proceeded to download 10 Google Drive folders that he had permission to access, but only as necessary to perform his duties for Zynga.

The Google Chrome browser “zipped” those ten files and downloaded them to his File Downloads folder. Once downloaded, forensic analysis shows that Maietti copied nine of those folders to a connected external USB device.

The external USB device was disconnected from the computer, and Maietti then placed the .zip files in the Trash, while they remained on the USB device. On July 7, 2016, over 20,000 files and folders were located within the Trash but were subsequently deleted in a failed attempt by Maietti to cover his tracks. The lawsuit goes on to explain that those zipped files “have identical names to those in Zynga’s Google Drive account” and consist of “extremely sensitive, highly confidential Zynga information,” including “wholesale copying of the Project Mars folder.” Those documents also allegedly included “hundreds of detailed design specifications,” “unreleased game design documents,” and “financial-related information." For his part, while he was still at Zynga, Barlach is accused of engaging in similar data copying and even telling a Scopely recruiter whom to target at Zynga. In response, Scopely recruiter Christina Dunbar responded to Barlach by text: “Thanks!! I was saving that for your first day! LOL I would be happy to hear about anyone you think I should be trying to speak with. Obviously I know you have that clause about not taking people so I am always careful. :-)” Scopely ended up hiring Derek Heck, a product manager at Wizard of Oz Slots and Willy Wonka Slots.

The lawsuit also claims that Heck even “deleted more than 24,000 files and folders in the last month of his employment with Zynga, and referenced articles entitled ‘How to erase my hard drive and start over’ and ‘How to Erase a Computer Hard Drive - How To Articles.’” Zynga settled a similar case filed against a former employee in 2013, but the new case against Scopely seems to be far larger in scale. Steph Hess, vice president of communications for Zynga, declined to respond to Ars’ questions on the record and simply referred us to the lawsuit itself.

Director of National Intelligence James Clapper resigns

Enlarge / James Clapper testifying to a House committee today in Washington DC. He said he has submitted his letter of resignation.reader comments 62 Share this story The nation's top intelligence official, who became a controversial figure in the wake of the Edward Snowden revelations about mass surveillance, has said he's stepping down. This morning, Director of National Intelligence James Clapper told the House Select Committee on Intelligence that he submitted his resignation letter, "which felt pretty good." Clapper's resignation was not unexpected, but it does leave a key role for the new Trump Administration to fill. Clapper had over 50 years of military and intelligence service. His office was created after the events of 9/11 to oversee 17 other intelligence agencies.

Clapper had moved into the private sector, but he rejoined government service in September 2001. He became the fourth director of ODNI in 2010. After the Snowden revelations of mass spying, Clapper became a controversial figure. In 2014, several members of Congress said Clapper should be fired, but President Barack Obama decided to keep him on. The source of the controversy dated to 2013, before the Snowden leaks.
Senator Ron Wyden asked Clapper directly: Did the NSA gather "any type of data at all on millions or hundreds of millions of Americans?" Clapper responded: "Not wittingly." He later went on to explain that answer as the "least untruthful" response he could have given. Earlier this year, Clapper was asked by key members of Congress for even a "rough estimate" of how many Americans are being spied on. He didn't provide one. "If such an estimate were easy to do—explainable without compromise—we would’ve done it a long time ago," he said. "I will leave this job concerned about the impact of so-called lone wolves and home grown violent extremism," Clapper told the committee today. "That is a very complex problem."

Network security company CEO resigns after “joking” about killing Trump

Enlarge / Ragequit.redditor chipotlemcnuggies reader comments 118 Share this story Matt Harrigan, the CEO of San Diego-based network security startup PacketSled, resigned yesterday after a flurry of comments he made on Facebook went viral over the weekend, prompting the company to place him on administrative leave and to report his comments to the Secret Service. Harrigan's comments weren't the usual sort of executive meltdown—they amounted to a declaration that Harrigan was going to assassinate President-elect Donald Trump. In a Facebook thread about last week's presidential election, Matt Harrigan wrote, "I'm going to kill the President Elect." "Bring it secret service," he wrote. While those may have been rage posts stemming from the election last week, Harrigan went on to describe how he was going to buy a sniper rifle and hunt down Trump when he moved into the White House. "Getting a sniper rifle and perching myself where it counts," he wrote in one of a series of comments on a thread about the election. "Find a bedroom in the whitehouse [sic] that suits you motherfucker.
I'll find you." The comments went viral in screenshots, being posted first on Reddit's The_Donald subreddit. On Sunday, Harrigan apologized on his company's blog for the comments, saying that his rant "was intended to be a joke, in the context of a larger conversation, and only privately shared as such." But the apology was taken down yesterday by PacketSled and replaced by a post from a company spokesperson that read: PacketSled takes recent comments made by our CEO seriously. Once we were made aware of these comments, we immediately reported this information to the secret service and will cooperate fully with any inquiries.

These comments do not reflect the views or opinions of PacketSled, its employees, investors, or partners. Our CEO has been placed on administrative leave. That notice was followed up today with an announcement that PacketSled's board of directors had accepted Harrigan's resignation "effective immediately." The company's CTO, Fred Wilmot, will serve as interim CEO until a replacement is found. "We want to be very clear," the spokesperson wrote, "PacketSled does not condone the comments made by Mr. Harrigan, which do not reflect the views or opinions of the company, its employees, investors, or partners."  

FBI Director Comey in hot seat in wake of Clinton e-mail...

Enlarge / WASHINGTON, DC - JULY 07: FBI Director James Comey testifies during a hearing before House Oversight and Government Reform Committee July 7, 2016 on Capitol Hill in Washington, DC.

The committee held a hearing "Oversight of the State Department," focusing on the FBI's recommendation not to prosecute Democratic presidential candidate Hillary Clinton for maintaining a private e-mail server during her time as secretary of state.Alex Wong via Getty Images reader comments 207 Share this story James Comey, the FBI director, has been facing intense criticism for days now following his Friday revelations that the bureau has started investigating newly discovered e-mails said to have passed through Hillary Clinton's private server. The Friday revelation sent heads spinning, from the left and the right, since there is less than two weeks before the presidential election. (Clinton, the Democratic nominee, faces Donald Trump on the GOP ticket on November 8.) The development came three months after Comey publicly said Clinton or any member of her staff while she was secretary of state were cleared of any criminal wrongdoing in connection to Clinton's use of a private e-mail server at her New York home.

But on Friday, Comey wrote members of Congress that the bureau had recently discovered e-mail that might have passed through that server while conducting a separate investigation.

The bureau was looking into Anthony Weiner, a politician and the husband of top Clinton aide Huma Abedin, in an unrelated sexting scandal. The Internet, radio news, and broadcast and cable TV fiercely debated the timing, the nature, and the legality of the fresh inquiry announced by Comey, who was a deputy attorney general under President George W.

Bush and who was appointed as bureau director by President Barack Obama. The Senate's minority leader, Harry Reid of Nevada, suggested that Comey's "partisan" action breached a federal law designed to prevent the bureau from influencing elections. "My office has determined that these actions may violate the Hatch Act, which bars FBI officials from using their official authority to influence an election.

Through your partisan action, you may have broken the law," Reid wrote the director. The Hatch Act, also known as An Act to Prevent Pernicious Political Activities, essentially is designed to limit political activities of federal employees.
It prohibits them from using their powers to influence, interfere, or "affect the result of an election." The first polls post the Comey announcement, however, showed Clinton ahead of Trump by three percentage points—46 percent to 43 percent. Polling before the e-mail news showed a similar margin. Meanwhile, former Attorney General Eric Holder and other former federal prosecutors wrote a letter obtained by The Associated Press late Sunday. "We cannot recall a prior instance where a senior Justice Department official—Republican or Democrat—has, on the eve of a major election, issued a public statement where the mere disclosure of information may impact the election's outcome yet the official acknowledges the information to be examined may not be significant or new," the letter said. Several Senate Democrats demanded a private briefing on the issue. One Democratic senator even demanded the director's resignation. Unsurprisingly, the Clinton and Trump camps offered divergent statements over the issue.

Clinton campaign chairman John Podesta said that the FBI should have determined the relevance of the e-mail before going public. "He might have taken the first step of actually having looked at them before he did this in the middle of a presidential campaign, so close to the voting," Podesta said. Podesta also called on the FBI to release more information.

Trump said the latest e-mail flap underscored that Clinton was unfit for president because of a "criminal scheme." Comey told fellow staffers Friday that he was obligated to tell Congress about the renewed inquiry because he had publicly stated months ago that the inquiry was over. This morning I sent a letter to Congress in connection with the Secretary Clinton email investigation. Yesterday, the investigative team briefed me on their recommendation with respect to seeking access to emails that have recently been found in an unrelated case.

Because those e-mails appear to be pertinent to our investigation, I agreed that we should take appropriate steps to obtain and review them. Of course, we don’t ordinarily tell Congress about ongoing investigations, but here I feel an obligation to do so given that I testified repeatedly in recent months that our investigation was completed.
I also think it would be misleading to the American people were we not to supplement the record.

At the same time, however, given that we don’t know the significance of this newly discovered collection of emails, I don’t want to create a misleading impression.
In trying to strike that balance, in a brief letter and in the middle of an election season, there is significant risk of being misunderstood, but I wanted you to hear directly from me about it. Jim Comey That brief letter to lawmakers said that the FBI "in connection with an unrelated case" has "learned of the existence of e-mails that appear to be pertinent to the investigation." The bureau, Comey said, is taking "appropriate investigative steps to determine whether they contain classified information." Comey said he did not know how long the investigation would take. Comey also told lawmakers in the letter that the FBI "cannot yet assess" whether the newly discovered e-mail is "material" or "significant." The bureau is examining e-mails discovered after it seized electronic devices belonging to Abedin and her estranged husband.

The agency is investigating Weiner over illicit text messages he sent to a 15-year-old girl. The Wall Street Journal said there are as many as 650,000 e-mails in all, and perhaps thousands of those have crossed Clinton's server. In July, Comey issued a harsh assessment of Clinton's use of a private e-mail server during her tenure as secretary of state. He said her handling of classified data was  "extremely careless." But Comey at the time closed the case, saying he would recommend no criminal charges.

The director said there was a lack of evidence that Clinton had intended to expose or transmit classified data or that she mishandled information in a willful oversight of her responsibilities.

How 'Security Fatigue' Impacts Our Online Decisions

NEWS ANALYSIS: A new study claims many users suffer from 'security fatigue,' which affects the choices we make online. What's the real answer and where does the root cause sit? An overabundance of security news and alerts has led to "security fatigue," which is causing users to make bad choices when it comes to online security, suggests a report from the National Institute of Standards and Technology (NIST).Although the report just came out Oct. 4, the data collection for the study took place from January to March 2011 and included 40 interviews with participants, including men and women from the Washington, D.C., metropolitan area and central Pennsylvania.

The report is one of many that are likely to debut this month, which has been dubbed National Cyber-Security Awareness Month (NCSAM)."We were completely surprised by the findings," report co-author and NIST computer scientist Mary Theofanos said in a video discussing the results. "We found this underlying theme of fatigue and weariness, which came with dread and resignation."Theofanos explained that the more decisions an individual makes in the course of the day, the harder it is to make decisions. When individuals get tired of making decisions, their brains go into another mode to either avoid decisions or fall back on existing habits, she said. This so-called security fatigue phenomena is a key reason users are reusing passwords and perhaps not taking all the right measures to stay safe online. The idea of security fatigue is not surprising to me, and it's a challenge that I grapple with every day as the volume of data breaches and security exploits seems to be never-ending.With so much bad news, it's almost understandable why some people might just resign themselves to the fact that online security is out of reach.A defeatist attitude, however, is not the right answer.
It's just a symptom of security fatigue. People reuse passwords not because they want to get hacked but because it's easier to remember a password they already use.

The internet and technology, in general, are adopted by consumers not because it is hard to consume, but rather because it is easy and useful.NIST has three primary suggestions to help reduce security fatigue: Limit the number of security decisions users need to make; Make it simple for users to choose the right security action; and Design for consistent decision making whenever possible. All of those suggestions are clearly valuable, as they place the onus of responsibility on application developers and vendors to enable users to make the right choices.

Although that's helpful, it can also potentially remove users from elements of the security decision-making process.Back in 2014, Alex Stamos, Yahoo's chief information security officer at the time, told attendees at the Black Hat USA conference that to keep users secure, big vendors like Yahoo needed to take a "security paternalistic" approach in which the vendor knows how to protect users.Stamos left Yahoo in 2015, and this past week, we learned that his departure may have been tied to an effort from Yahoo to scan user emails at the request of the National Security Agency.As such, can or should users really trust big vendors and service providers to know and do what's best?It's not an easy question to answer.

The simple fact, though, is that application developers and internet sites like Yahoo have more resources and expertise than any one individual user is likely to have.

As NIST suggests, there are steps that vendors can take to reduce security fatigue, but users for their own safety still must take some responsibility.It is the right thing for developers to build applications that are secure by design—that limit the risks of exploitation and enforce strong authentication principles. User experience must not be considered a higher priority than security, and vice versa.Typically, my own smart-aleck response whenever someone talks to me about fatigue is to tell them to simply sleep more and get some rest.
In the modern always-on world, the constant need to be connected and stay secure doesn't allow for rest.

But maybe, just maybe, if application developers and vendors follow NIST's three suggestions, users will get the short respite they need to avoid security fatigue.Sean Michael Kerner is a senior editor at eWeek and InternetNews.com.

Follow him on Twitter

NIST: People have given up on cybersecurity – it’s too much...

Fine, go ahead, cyber-crook – cyber-steal my muffin cyber-recipe Online security for the general public is just too much bother.

According to a study released on Tuesday by the US National Institute of Standards and Technology (NIST) and published in IEEE's IT Professional, people are overwhelmed with messages about online perils and have just given up. The result, as the study puts it, is security fatigue that leads to risky behavior. Mulling the possibility of a compromised account, one survey participant remarked, "It is not the end of the world.
If something happens it is going to happen." That attitude might go unnoticed on Yahoo's security team, but it concerns Mary Theofanos, a computer scientist in the material measurement laboratory at NIST and lead author of the report. In a phone interview with The Register, Theofanos said she and her colleagues interviewed about 40 people to understand how non-technical people think about computer security. That's not exactly a significant sample.

But Theofanos said the study was qualitative rather than quantitative, with interviews lasting 45 minutes to an hour for each person. "The idea was to inform our team of the baseline," Theofanos said, noting that the intent was to advance the goals of the National Initiative for Cybersecurity Education (NICE). The interview participants revealed an unexpected level of fatalism and resignation. "We were reading through the results and we saw this overwhelming sense of not being able to keep up," said Theofanos. People believe that security has become too complex and they don't see the benefit of making an effort, Theofanos explained. Some interviewees appear to be under the impression that they don't have any information worth stealing. One respondent said, "I don't work for the State Department, and I am not sending sensitive information in an email.
So, if you want to steal the message about [how] I made blueberry muffins over the weekend, then go ahead and steal that." Theofanos said the attitude was different among the few subjects who had actual experience with cyber crime. "Some had experienced identity theft problems, as they described it," she said. "They were much more aware of security." To help change people's mental models so that they will participate in cybersecurity, Theofanos said technology professionals have to do more work for the people using their products, so that people don't need to make too many decisions. "We need to make it easy for them to do the right thing," she said. "We need to make these things habits, so they don't really have to think about it." Thinking about these issues just doesn't produce great results, it seems. ®

New batch of leaked Colin Powell e-mails lambasts Trump and Clinton

reader comments 27 Share this story Add former Secretary of State Colin Powell to the list of high-ranking Washington insiders whose leaked e-mails are rankling their peers with just weeks to go before the US presidential election. DC Leaks, a site that researchers at security firm ThreatConnect have linked to the Russian government, has published 26 months of Powell's e-mails, spanning from June 2014 to last month, news organizations reported Wednesday.

The trove, which contains highly candid comments lambasting presidential candidates Donald Trump and Hillary Clinton, are part of a new batch that's separate from Powell e-mails leaked a few years ago. Powell aides reportedly confirmed the new compromise, telling The New York Times that the leaked messages "are his e-mails." In the e-mails, Powell describes Trump as a "national disgrace" and portrays the candidate as someone who is unfit to be president. As reported by Politico, Powell wrote in a June 23 e-mail to former Secretary of State Condoleezza Rice that "if Donald were to somehow win, by the end of the first week in office he'd be saying 'What the hell did I get myself into?'" The e-mails also castigate Clinton aides for linking Clinton's use of a private e-mail server during her tenure as secretary of state to Powell's use of a private e-mail address while he held the same post. The Clinton campaign’s “email ploy this week didn't work and she once again looks shifty if not a liar,” Powell wrote on August 20 to someone he worked with at the White House. “Trump folks having fun with her.” There are many more highly critical remarks on a range of people and highly charged issues.
It remains unclear how the 26 months of e-mail, which all appear to have been sent to or received from Powell's Gmail account, were compromised. Many of the similar leaks attributed to Russian hackers, including one from Tuesday involving the World Anti-Doping Agency, have stemmed from spear phishing attacks, which use personalized e-mails to trick a target into inadvertently revealing login credentials to the attacker. Another possibility is that Powell used the same password to protect both his Gmail account and a separate account from a server that was compromised in the past.
Indeed, Powell's e-mail address and password hash are contained in the list of 68 million Dropbox accounts compromised in 2012 that was made public two weeks ago, an independent security researcher said. The leak comes a few months after a person or group with the name Guccifer 2.0 published e-mails taken from one or more hacks of the Democratic National Committee.
Some of the contents that appeared to show Democratic officials denigrating former Democratic candidate Bernie Sanders before he was defeated in the primaries led to the resignation of DNC Chair Debra Wasserman Schultz. Powell's e-mails were published on a password-protected portion of DC Leaks that was available only to select news outlets.
So far, there have been no definitive reports on precisely how the messages were obtained by DC Leaks. Listing image by DoD News

US athletes’ doping tests published by Russian hackers, agency says

EnlargeFernando Frazão/Agência Brasil reader comments 34 Share this story The World Anti-Doping Agency confirmed Tuesday that hackers accessed a database of confidential medical data and released the drug regimens of gymnast Simone Biles and three other top US Olympians.

The agency went on to say the Russian government was behind the move. The organization, which screens Olympic athletes for performance-enhancing substances, said the attack was carried out by "Fancy Bear," one of the same Russian government-sponsored hacking groups that security experts say broke into Democratic National Committee servers and made off with confidential documents.

Fancy Bear members used a technique known as spear phishing to gain access to the Anti-Doping Administration and Management System (ADAMS) database through an account that was created by the International Olympic Committee, the agency said in a statement. "WADA has been informed by law enforcement authorities that these attacks are originating out of Russia," agency Director General Olivier Niggli said in the statement that also named Fancy Bear as the group. "Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report." The McLaren investigation refers to an inquiry into allegations of Russian government-sponsored doping at the 2014 Sochi Olympics.

The investigation has been a major source of controversy between Russia and Olympics organizers. The statement came shortly after the discovery of Fancy Bear, a site that published medical reports belonging to Biles; Elena Delle Donne, who led the US women's basketball team to a gold medal with a perfect 6–0 record; and Serena and Venus Williams, two former winning US Olympians in Tennis who were eliminated in the most recent Olympics games.

The leaked documents appeared to show that all four US athletes tested positive for substances that are restricted by the International Olympic Committee but were given medical exemptions. According to the documents, Biles tested positive for the psychostimulant methylphenidate and was also taking amphetamine.

Donne, meanwhile, took hydrocortisone, while Serena Williams purportedly took oxycodone and hydromorphone, prednisone, prednisolone, and methylprednisolone, and her sister Venus used to take prednisone, prednisolone, triamcinolone, and formoterol. The Fancy Bear site used the documents to challenge the performance of US athletes, who won 46 gold, 37 silver, and 38 bronze medals, and the lack of impartiality of the International Olympic Committee. One section of the Fancy Bear site stated: After detailed studying of the hacked WADA databases we figured out that dozens of American athletes had tested positive.

The Rio Olympic medalists regularly used illicit strong drugs justified by certificates of approval for therapeutic use.
In other words they just got their licenses for doping.

This is other evidence that WADA and IOC's Medical and Scientific Department are corrupt and deceitful. The site claimed the leaked data was only "the tip of the iceberg" and hinted that more leaks may follow. The Fancy Bear leak continues a trend that started with the hack on the Democratic National Committee in which potentially sensitive data is leaked, presumably in an attempt to publicly discredit opponents.
Some of the published DNC documents, for instance, led to the resignation of DNC Chair Debra Wasserman Schultz and has acted as a wedge to divide Democratic Party members. While Guccifer 2.0—the person taking credit for the DNC hack and the leaks that stemmed from it—claims to be a Romanian who acted alone, multiple security experts have found Russian fingerprints on much of the published data. Russian Prime Minister Vladimir Putin has denied Russian government involvement but has spoken in favor of the hacks. Last month, WADA said that the ADAMS password for Russian runner Yuliya Stepanova was illegally obtained by a perpetrator who used it to access her account.

Two years ago, she accused Russian athletes of engaging in large-scale doping fraud.