Connect with us

Tech

Without leadership on vaccine rollout, scams are inevitable

Published

on

Without leadership on vaccine rollout, scams are inevitable


“We have the best logisticians in the world at the Department of Defense, working in conjunction with the CDC, to guide … every logistical detail you could possibly think of,” declared Paul Mango, the deputy chief of staff for policy at the Department of Health and Human Services. Though the military would not be involved in giving injections, he said, it would run an end-to-end system of surveillance to ensure that every dose of vaccine was administered with precision before it expired. 

That supply chain, however, has come under attack. 

In one case a pharmacist in Wisconsin managed to sabotage 500 vaccines, apparently driven by his belief in apocalyptic conspiracy theories. It wasn’t exactly the strike that Interpol warned about when it cautioned nations to remain vigilant against threats to the vaccine supply from organized crime, but it did show that the weaknesses in the system were there—and that they might be the consequence of bad decisions at the top.

Temporary fixes cause trouble

It has become increasingly clear that many hospitals, pharmacies, and other facilities that received vaccine deliveries are on their own: forced to oversee the logistics themselves, organize appointments with patients, and monitor follow-ups. Under pressure, they have started to make hasty or uninformed decisions, or turn to services that weren’t built for such critical purposes.

Reports started to trickle in about how different free websites, like SignUpGenius, were being used for vaccination reservations in Oklahoma. Princeton University sociologist Shamus Khan chronicled how he was frustratedly refreshing Eventbrite, an online event service website, in order to grab a spot for his elderly parents in Florida. Some health departments in the state had decided to use the system because it was “quickest, easiest, and most efficient way” to meet their pressing need. 

Later, however, it was revealed that some people who thought they had paid to secure a spot via Eventbrite had been duped. Fraudsters had created fake listings pages to trick people into handing over their money for appointments that didn’t exist. Phone numbers for county health departments were jammed all day, and websites struggled with demand, compounding the problem. 

The use of third-party websites creates the perfect opportunity for a low-tech supply chain attack. Typically when we think about supply chains and cybercrimes, images of malicious software, stolen passwords, or phishing come to mind. But no hacking was needed in this case. What happened in Florida was media manipulation in the form of impersonation: fraudsters had only to use the website as it was designed in order to run away with desperate seniors’ cash. 

The rule of misinformation

These cases are alarming for a number of reasons. Imposter sites hiding behind suspect domains to sell fake wares have become common during the pandemic. So, too, has the use of social media to conduct low-grade information warfare claiming that the pandemic is a conspiracy. 

But if there is a law of misinformation, it is this: Everything open will be exploited. 



Tech

China’s surging private space industry is out to challenge the US

Published

on

China’s surging private space industry is out to challenge the US


“Xi’s goal was that if China has to become a critical player in technology, including in civil space and aerospace, it was critical to develop a space ecosystem that includes the private sector,” says Namrata Goswami, a geopolitics expert based in Montgomery, Alabama, who’s been studying China’s space program for many years. “He was taking a cue from the American private sector to encourage innovation from a talent pool that extended beyond state-funded organizations.”

As a result, there are now 78 commercial space companies operating in China, according to a 2019 report by the Institute for Defense Analysis. More than half have been founded since 2014, and the vast majority focus on satellite manufacturing and launch services.

For example, Galactic Energy, founded in February 2018, is building its Ceres rocket to offer rapid launch service for single payloads, while its Pallas rocket is being built to deploy entire constellations. Rival company i-Space, formed in 2016, became the first commercial Chinese company to make it to space with its Hyperbola-1 in July 2019. It wants to pursue reusable first-stage boosters that can land vertically, like those from SpaceX. So does LinkSpace (founded in 2014), although it also hopes to use rockets to deliver packages from one terrestrial location to another.

Spacety, founded in 2016, wants to turn around customer orders to build and launch its small satellites in just six months. In December it launched a miniaturized version of a satellite that uses 2D radar images to build 3D reconstructions of terrestrial landscapes. Weeks later, it released the first images taken by the satellite, Hisea-1, featuring three-meter resolution. Spacety wants to launch a constellation of these satellites to offer high-quality imaging at low cost. 

To a large extent, China is following the same blueprint drawn up by the US: using government contracts and subsidies to give these companies a foot up. US firms like SpaceX benefited greatly from NASA contracts that paid out millions to build and test rockets and space vehicles for delivering cargo to the International Space Station. With that experience under its belt, SpaceX was able to attract more customers with greater confidence. 

Venture capital is another tried-and-true route. The IDA report estimates that VC funding for Chinese space companies was up to $516 million in 2018—far shy of the $2.2 billion American companies raised, but nothing to scoff at for an industry that really only began seven years ago. At least 42 companies had no known government funding. 

And much of the government support these companies do receive doesn’t have a federal origin, but a provincial one. “[These companies] are drawing high-tech development to these local communities,” says Hines. “And in return, they’re given more autonomy by the local government.” While most have headquarters in Beijing, many keep facilities in Shenzhen, Chongqing, and other areas that might draw talent from local universities. 

There’s also one advantage specific to China: manufacturing. “What is the best country to trust for manufacturing needs?” asks James Zheng, the CEO of Spacety’s Luxembourg headquarters. “It’s China. It’s the manufacturing center of the world.” Zheng believes the country is in a better position than any other to take advantage of the space industry’s new need for mass production of satellites and rockets alike. 

Making friends

The most critical strategic reason to encourage a private space sector is to create opportunities for international collaboration—particularly to attract customers wary of being seen to mix with the Chinese government. (US agencies and government contractors, for example, are barred from working with any groups the regime funds.) Document 60 and others issued by China’s National Development and Reform Commission were aimed not just at promoting technological innovation, but also at drawing in foreign investment and maximizing a customer base beyond Chinese borders.

“China realizes there are certain things they cannot get on their own,” says Frans von der Dunk, a space policy expert at the University of Nebraska–Lincoln. Chinese companies like LandSpace and MinoSpace have worked to accrue funding through foreign investment, escaping dependence on state subsidies. And by avoiding state funding, a company can also avoid an array of restrictions on what it can and can’t do (such as constraints on talking with the media). Foreign investment also makes it easier to compete on a global scale: you’re taking on clients around the world, launching from other countries, and bringing talent from outside China. 

Although China is taking inspiration from the US in building out its private industry, the nature of the Chinese state also means these new companies face obstacles that their rivals in the West don’t have to worry about. While Chinese companies may look private on paper, they must still submit to government guidance and control, and accept some level of interference. It may be difficult for them to make a case to potential overseas customers that they are independent. The distinction between companies that are truly private and those that are more or less state actors is still quite fuzzy, especially if the government is a frequent customer. “That could still lead to a lack of trust from other partners,” says Goswami. It doesn’t help that the government itself is often very cagey about what its national program is even up to.

And Hines adds that it’s not always clear exactly how separate these companies are from, say, the People’s Liberation Army, given the historical ties between the space and defense sectors. “Some of these things will pose significant hurdles for the commercial space sector as it tries to expand,” he says.

Other challenges

None of these new companies are yet profitable, and it will be quite some time before they are. “There isn’t any sign of indication that this industry will flop,” says Hines. “But many experts do think a lot of these companies will go out of business.” Apart from the challenge of attracting customers outside China, many companies are still trying to figure out who exactly their customers ought to be. 

American companies like SpaceX and Blue Origin had billionaire founders ready to burn cash to take on large risks, push past big failures, and finally get off the ground. And while a Chinese billionaire entered the industry last year“there is no Chinese Elon Musk to push these riskier ventures forward,” says Hines. It’s also unclear whether Chinese companies, even those supported by wealthy backers, will have that appetite for risk.

Zheng says one thing Spacety has offered is exceptional transparency with clients for whom it is developing satellites—something that’s still uncommon for Chinese firms. “Many of them have no kind of spaceflight experience,” he says. “They want to see and learn what goes on, but the large companies won’t allow for that. We’re different.”

Lastly, China needs to figure out a legal framework that can guide the commercial industry in more explicit terms, and specify what’s allowed and what is not. It is the only major space power without a specialized space law. (The American version is Title 51 of the United States Code.) While the hope is that free enterprise can generate innovation, national governments are still liable for whatever space activities a country’s private companies conduct. There’s a need to license and approve these missions, ensuring that governments know what they’ve signed up for. 

Despite all this, China’s space industry is rolling forward. These new startups haven’t just adopted American business practices—they’ve also begun to embrace American startup culture as a way to foster business relationships and grow. During my video call with Spacety’s Zheng, the company’s Beijing CEO, Yang Feng, briefly dropped in to say hello, on his way back from a party where he’d been schmoozing and enjoying drinks with many peers and partners in the industry. “It’s part of the way we do business now,” Zheng said. “Innovation is not just new technology itself—it’s also a new way of doing things.” 

Continue Reading

Tech

A guide to being an ethical online investigator

Published

on

A guide to being an ethical online investigator


But this activity raises some complex ethical and practical issues. How can you, an average person, be an ethical digital activist? What counts as going too far? How can you keep yourself safe? How can you participate in a way that doesn’t put anyone in danger? Below are some guidelines that might help.

Remember, you are not a hacker: There’s a big difference between accessing publicly available information, like a photo from a Facebook profile page that documents illegal activity, and hacking into a person’s otherwise private account to find that photo. That’s crossing the line.In the US, the Computer Fraud and Abuse Act (CFAA) limits the amount of access a person has to another’s information “without authorization,” which is undefined; this lack of clarity has frustrated lawyers who represent activists. “Those who do [violate CFAA] are breaking the law, and they’re criminals,” says Max Aliapoulios, a PhD student and cybersecurity researcher at New York University. It’s worth keeping in mind regional laws as well. In the European Union, “publicly identifying an individual necessarily means processing personally identifiable information; therefore individuals performing such activities need a legal basis to do so [under Article 6 of the GDPR],” says Ulf Buermeyer, the founder and legal director of Freiheitsrechte, a German-based civil rights organization.

Ethical issues abound: It’s not just legal issues that would-be amateur online investigators need to be aware of. Much of the online activity carried out in the wake of the Capitol riots raises ethical questions, too. Should a person who didn’t storm the Capitol but attended the rallies leading up to the riots be identified and risk punishment at work? Do those who were in and around the Capitol on January 6 automatically lose the right to privacy even if they weren’t involved in riots? It’s worth thinking through how you feel about some of these questions before you continue. Few are clear cut.

So, where does the information come from? “Our bread and butter is open source,” Fiorella says. “Open-source media” refers to information that is publicly available for use. Data archivists, or those who collect and preserve information online for historical purposes, accessed such open-source data to save posts before they disappeared as social media companies pushed President Donald Trump and many of his supporters off their platforms. “If you were at the Capitol storming and recorded video and took selfies that anyone can access, and it’s openly available on the internet, it’s fair game,” says Fiorella.

It’s your First Amendment right to access open-sourced information. Hacktivists and digital activists trawling social media alike will agree on this: they say it’s the most important aspect of their work. “Utilizing open-source intelligence isn’t a crime,” says Daly Barnett, an activist and staff technologist at the Electronic Frontier Foundation, a nonprofit digital rights group. “Archiving isn’t a crime. Freedom of information is good.”

Misidentification is a real danger. “Anyone with an internet connection and free time and willingness to do these things can be part of crowdsourcing efforts to clarify what happened,” Fiorella says. But crowdsourced efforts can be problematic, because people may zero in on the wrong individual. “There’s a fundamental tension here,” says Emmi Bevensee, a researcher and founder of the Social Media Analysis Toolkit, an open-source tool that tracks trends across mainstream and fringe social media platforms. “The more people you have working on a problem, the more likely you are to find the needle in the haystack. There’s a risk doing things like this, though. Not everyone has the same research skills or methodological accountability”—and mistakes can be devastating for the person misidentified. Misidentification carries potential legal risks, too.

You can join up with more established investigators instead of going it alone. There is, obviously, the FBI, which has collected images and is seeking the public’s help in identifying domestic terrorists. Bellingcat, one of the most respected, thorough investigatory sites devoted to this purpose, has created a Google spreadsheet for images of suspects that need identifying. Organizations also often have ethical standards put in place to guide new sleuths, like this one Bellingcat created in light of the Black Lives Matters protests.

Don’t doxx. Doxxing—or digging up personal information and sharing it publicly—is illegal. “The majority of doxxing has occurred from open-source intelligence,” Barnett says, and data hygiene is still something many people online struggle with. If you come across passwords, addresses, phone numbers, or any other similar identifier, do not share it—it’s a crime to do so. r/Datahoarder, a Reddit archiving group, notes that its members “do NOT support witch hunting.” 

If you find something online that could be incriminating, ask, “Am I putting this person in danger?” Fiorella says he asks himself that question consistently, particularly in cases where a person might have few followers and is using social media just to share images with friends.

Show your methodology. Just like in middle school math class, show your work and how you got your results. Data researchers who do this work are famously diligent and exhaustive in how they record their work and triple-check their information. That sort of checking is especially important to ensure that people are properly identified and that others can learn from and retrace your steps for subsequent prosecution. (Methodology may take some technical expertise in some cases, and data researching organizations often run workshops and training sessions to help people learn how to do this.)

Do not share names online. Let’s say you see a picture of a possible suspect online and you recognize who it is. While you might be tempted to tag the person, or screenshot the image and put some commentary on your Instagram to get that addictive stream of likes, don’t. This work needs to be deliberate and slow, says Fiorella: “There’s a risk of misidentifying a person and causing harm.” Even if there’s no doubt that you have figured out who a person is, hold back and, at the most, submit your information to an organization like Bellingcat or the FBI to check your work and make sure it is correct.

You will run into situations where things are not clear. Theo shared the story of the viral video in which a Black Los Angeles woman is physically attacked by Trump supporters calling her the n-word. In the video, a man is seen with his arms around the woman amid the violent, jeering crowd. In initial reports, the man was described as part of the mob and harming the woman. Video footage seemed to show him putting her in the way of pepper spray, for example. Then police said the man was actually trying to protect the woman and that she had confirmed this version of events, though she later suggested to BuzzFeed that perhaps he ended up doing as much harm as good. Theo shared the image of the man in the immediate aftermath of the incident, and then he saw the account suggesting he was a good Samaritan. “I felt horrible,” he says. Theo points out that the man was also recorded using xenophobic and racist language, but “that got me to pause a little bit and think about what I’m doing that could impact people,” he says. “It’s a blurred line.” It doesn’t hurt to repeat it again: Do not share names online.

Your safety may be at risk. Theo says he has received death threats and has not felt safe in the past week, consistently looking over his shoulder if he steps out. Bevensee has received multiple death threats. Many digital activists have burner phones and backup computers, and work away from their families to protect them.

Keep your mental health in mind. This work can involve viewing violent images. Theo says he has been dealing with migraine headaches, sleep problems, paranoia, and the distress that comes with trying to keep up with his day job while handling his Instagram accounts and its sister Twitter account, @OutTerrorists. “I’m only one person, and I have to handle DMs and keep everything up to date,” he says, noting that he also updates posts with verified identifications from the FBI, goes through comments, and forwards information to the FBI himself. Take time to process and realize that it’s okay to feel upset. It’s one thing to use this as motivation to right the wrongs of the world, but nearly every expert and activist told me that having a way to deal with disturbing images is important.

Share your information with law enforcement—if it’s appropriate. Bevensee and Aliapoulios said the digital activism movement was a direct response to the perceived lack of official action. Many activists have a strong distrust of US law enforcement, pointing to the difference between how the Capitol rioters and Black Lives Matter protesters were treated. But in the case of the insurrection, which carries federal charges, experts and activists agree that the right thing to do is to take information to the authorities.



Continue Reading

Tech

Police are flying surveillance over Washington. Where were they last week?

Published

on

Police are flying surveillance over Washington. Where were they last week?


Nor were resources an issue. The United States Capitol Police, or USCP, is one of the most well-funded police forces in the country. It is responsible for security across just 0.4 square miles of land, but that area hosts some of the most high-profile events in American politics, including presidential inaugurations, lying-in-state ceremonies, and major protests. The USCP is well-staffed, with 2,300 officers and civilian employees, and its annual budget is at least $460 million—putting it among the top 20 police budgets in the US. In fact, it’s about the size of the Atlanta and Nashville police budgets combined. For comparison, the DC Metropolitan Police Department—which works regularly with the USCP and covers the rest of the District’s 68 square miles—has a budget of $546 million

The USCP is different from state and local departments in other important ways, too. As a federal agency that has no residents inside its jurisdiction, for example, it answers to a private oversight board and to Congress—and only Congress has the power to change its rules and budgets. Nor is it subject to transparency laws such as the Freedom of Information Act, which makes it even more veiled than the most opaque departments elsewhere in the country. 

All of this means there is little public information about the tools and tactics that were at the USCP’s disposal ahead of the riots. 

But “they have access to some pretty sophisticated stuff if they want to use it,” says Stoughton. That includes the resources of other agencies like the Secret Service, the FBI, the Department of Homeland Security, the Department of the Interior, and the United States military. (“We are working [on technology] on every level with pretty much every agency in the country,” the USCP’s then-chief said in 2015, in a rare acknowledgment of the force’s technical savvy.)

What should have happened

With such resources at its disposal, the Capitol Police would likely have made heavy use of online surveillance ahead of January 6. Such monitoring usually involves not just watching online spaces, but tracking known extremists who had been at other violent events. In this case, that would include the “Unite the Right” rally in Charlottesville, Virginia, in 2017 and the protest against coronavirus restrictions at the Michigan state capitol in 2020. 

Exactly what surveillance was happening before the riots is unclear. The FBI turned down a request for a comment, and the USCP did not respond. “I’d find it very hard to believe, though, that a well-funded, well-staffed agency with a pretty robust history of assisting with responding to crowd control situations in DC didn’t do that type of basic intelligence gathering,” says Stoughton. 

Ed Maguire, professor of criminal justice at Arizona State University, is an expert on protests and policing. He says undercover officers would usually operate in the crowd to monitor any developments, which he says can be the most effective surveillance tool to manage potentially volatile situations—but that would require some preparedness and planning that perhaps was lacking. 

Major events of this kind would usually involve a detailed risk assessment, informed by monitoring efforts and FBI intelligence reports. These assessments determine all security, staffing, and surveillance plans for an event. Stoughton says that what he sees as inconsistency in officers’ decisions to retreat or not, as well as the lack of an evacuation plan and the clear delay in securing backup, point to notable mistakes. 

This supports one of the more obvious explanations for the failure: that the department simply misjudged the risk. 

What seems to have happened

It appears that Capitol Police didn’t coordinate with the Park Police or the Metropolitan Police ahead of the rally—though the Metropolitan Police were staffed at capacity in anticipation of violence. Capitol Police Chief Steven Sund, who announced his resignation in the wake of the riots, also asserts that he requested additional National Guard backup on January 5, though the Pentagon denies this.

The USCP has also been accused of racial bias, along with other police forces. Departments in New York, Seattle, and Philadelphia are among those looking into whether their own officers took part in the assault, and the Capitol Police itself suspended “several” employees and will investigate 10 officers over their role.

But one significant factor that might have altered the volatility of the situation, Maguire says, is that police clashes with the Proud Boys in the weeks and days before the event, including a violent rally in Salem, Oregon, and the arrest of the white supremacist group’s leader, Henry Tarrio, fractured the right wing’s assumption that law enforcement was essentially on their side. On January 5, Maguire had tweeted about hardening rhetoric and threats of violence as this assumption started to fall apart. 



Continue Reading

Copyright © 2020 Diliput News.