Select Page
A US Bill Would Ban Kids Under 13 From Joining Social Media

A US Bill Would Ban Kids Under 13 From Joining Social Media

While all the major Silicon Valley social media firms—from Instagram to TikTok—say they block children from using their apps, these senators say those efforts have failed. 

“It’s not working,” Schatz says.“There’s no free speech right to be jammed with an algorithm that makes you upset, and these algorithms are making us increasingly polarized and disparaging and depressed and angry at each other. And it’s bad enough that it’s happening to all of us adults, the least we can do is protect our kids.” 

While the measure’s sponsored by progressive Democrats and one of the most ardent conservatives in the Senate, lawmakers from across the ideological spectrum are equally skeptical of the proposal, showing the difficult road ahead for passing any new media measure, including those aimed at children. Many lawmakers are torn between protecting kids online and preserving the robust internet as we know it. Naturally, most senators are looking at their own families for guidance. 

“My grandkids have flip phones. They don’t have smartphones until they get older,” senator Mitt Romney, a Utah Republican, says. Romney—who’s open to the idea, if initially dubious—says there’s not even uniformity in his own family on these issues. 

“I have five sons, so there are five different families and they do have different approaches,” Romney says. “And the youngest son is the one that’s most strict, and the oldest son didn’t really think of it as being such a big deal.”

For Smith, the Minnesota senator worried about her party coming across as Big Sister, there wasn’t even uniformity in her own household when her boys were fighting over the family’s first desktop computer ages ago. And her kids also proved to be (mini)hackers. 

“We were trying to figure out how to monitor their interactions with the computer, and we quickly figured out that, at least for them, it was hard to put hard and fast rules, because kids find a way,” Smith says. “And different parents have different rules for what they think is the right thing for their kids.”

While Smith is open to the new measure, she’s wary. “I tend to be, I guess, a little bit suspicious of hard and fast rules, because I’m not sure that they work and because I sort of think that parents and kids should have the freedom to decide what’s right for their family,” Smith says.

While Smith is a progressive Democrat, on this new measure, she’s currently aligned with senator Rand Paul, a Libertarian-leaning Kentucky Republican. “Parents exercise some oversight of what their kids view on the internet, what they view on television, all these things are important. I’m not sure I want the federal government [involved],” Paul says.

The new measure also has competition. Just last week senators Richard Blumenthal, a Connecticut Democrat, and South Carolina’s Lindsey Graham, the top Republican on the Senate Judiciary Committee, reintroduced their EARN IT Act—the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act. That measure would strip away the current Section 230 protections for any sites that publish online child sexual exploitation content. Section 230 remains a highly controversial law because it protects online businesses from liability for much of what its users post on their platforms. 

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

Google Cloud and Intel released results today from a nine-month audit of Intel’s new hardware security product: Trust Domain Extensions (TDX). The analysis revealed 10 confirmed vulnerabilities, including two that researchers at both companies flagged as significant, as well as five findings that led to proactive changes to further harden TDX’s defenses. The review and fixes were all completed before the production of Intel’s fourth-generation Intel Xeon processors, known as “Sapphire Rapids,” which incorporate TDX. 

Security researchers from Google Cloud Security and Google’s Project Zero bug-hunting team collaborated with Intel engineers on the assessment, which initially turned up 81 potential security issues that the group investigated more deeply. The project is part of Google Cloud’s Confidential Computing initiative, a set of technical capabilities to keep customers’ data encrypted at all times and ensure that they have full access controls.

The security stakes are incredibly high for massive cloud providers that run much of the world’s digital infrastructure. And while they can refine the systems they build, cloud companies still rely on proprietary hardware from chip manufacturers for their underlying computing power. To get deeper insight into the processors they’re depending on, Google Cloud worked with AMD on a similar audit last year and leaned on the longtime trusted relationship between Intel and Google to launch the initiative for TDX. The goal is to help chipmakers find and fix vulnerabilities before they create potential exposure for Google Cloud customers or anyone else.

“It’s not trivial because companies, we all have our own intellectual property. And in particular, Intel had a lot of IP in the technologies that they were bringing to this,” says Nelly Porter, group product manager of Google Cloud. “For us to be able to be incredibly open and trusting each other is valuable. The research that we’re doing will help everybody because Intel Trusted Domain Extension technology is going to be used not only in Google, but everywhere else as well.”

Researchers and hackers can always work on attacking hardware and online systems from the outside—and these exercises are valuable because they simulate the conditions under which attackers would typically be looking for weaknesses to exploit. But collaborations like the one between Google Cloud and Intel have the advantage of allowing outside researchers to conduct black box testing and then collaborate with engineers who have deep knowledge about how a product is designed to potentially uncover even more about how a product could be better secured.

After years of scrambling to remediate the security fallout from design flaws in the processor feature known as “speculative execution,” chipmakers have invested more in advanced security testing. For TDX, Intel’s in-house hackers conducted their own audits, and the company also put TDX through its security paces by inviting researchers to vet the hardware as part of Intel’s bug bounty program.

Anil Rao, Intel’s vice president and general manager of systems architecture and engineering, says the opportunity for Intel and Google engineers to work as a team was particularly fruitful. The group had regular meetings, collaborated to track findings jointly, and developed a camaraderie that motivated them to bore even deeper into TDX.

Trump’s Indictment Marks a Historic Reckoning

Trump’s Indictment Marks a Historic Reckoning

The literally unprecedented indictment against Donald Trump marks an outright dangerous—and politically fraught—moment for the United States and serves as a reminder of the unparalleled level of criminality and conspiracy that surrounded the 2016 election.

It’s easy to look back at the 2016 election as though its outcome was inevitable—that Hillary Clinton was too weak of a candidate, one whose years of high-priced speeches had made her lose touch with the working-class voters of Wisconsin and Pennsylvania; that “but her emails” and Jim Comey’s repeated, inappropriate, and misguided meddling in the election turned the tide. But the new indictment of Trump is an important historical corrective, a moment that makes clear how the US, as a country, must reckon with the fact that Trump’s surprise victory was aided by not one but two separate criminal conspiracies.

In the 2016 race’s final push, in an election that came down to incredibly narrow victories in just three states—10,704 voters in Michigan, 46,765 in Pennsylvania, and 22,177 in Wisconsin—and where Trump lost the overall popular vote by some 3 million votes, he was helped along by a massive and wide-ranging official Russian government operation. That effort was funded in part by oligarch Yevgeny Prigozhin, who is now behind the brutal combat of his Wagner Group mercenary army in Ukraine, which targeted US social media companies and activists on the ground. According to the US Department of Justice’s exhaustive report, in the second arm of the Russian operation, the military intelligence service GRU hacked top Democratic officials, leaked their emails, and shifted the national narrative around Clinton and other Democrats. (Not to mention that this gave rise to the Pizzagate conspiracy theory and, arguably, QAnon.) 

Then there was the separate criminal conspiracy that was the subject of today’s new indictment in New York: the plot in the final weeks of the 2016 election by Trump’s campaign, Trump family fixer Michael Cohen, and the National Enquirer to pay hush money to bury stories of two of the candidate’s affairs, including infamously one with porn star Stormy Daniels. 

While it may seem like news of such an affair would have ended up being a nothingburger amid the campaign’s final weeks, it’s worth remembering the specific context that Cohen and the Trump orbit faced in those finals hours of the campaign. They were performing a fraught and knife’s-edge balancing act to hold onto support from conservatives and evangelicals in the wake of the devastating Access Hollywood tape, a moment where vice presidential nominee Mike Pence seriously considered throwing in the towel himself. The follow-on of more non-family-values-friendly stories might well have begun an unrecoverable spiral. (It’s also worth remembering the still-suspicious interplay of these two threads: how, on a single Friday in October 2016, US intelligence leaders announced publicly for the first time that Russia was behind the election meddling, the Washington Post scooped the existence of the lewd Access Hollywood tape, and then, hours later, Wikileaks began dumping a fresh set of stolen emails from Clinton campaign chair John Podesta.)

The new criminal case related to that second Stormy Daniels conspiracy, brought by Manhattan district attorney Alvin Bragg, also is a reminder of the historic mistake by the US Justice Department to not pursue its own charges against Trump in the same matter. This was a mind-boggling abdication of responsibility given that the Justice Department—in the midst of Donald Trump’s own presidency, no less!—prosecuted Cohen for the same conspiracy, naming Trump in the charges against Cohen as “Individual 1” and, according to a new book by Elie Honig, outlined in a draft indictment Trump’s personal direction and involvement in the case.

How a Catholic Group Doxed Gay Priests

How a Catholic Group Doxed Gay Priests

In a statement released a day before the investigation’s release, Jayd Henricks, the group’s president, said, “It isn’t about straight or gay priests and seminarians. It’s about behavior that harms everyone involved, at some level and in some way, and is a witness against the ministry of the church.”

No national US data privacy laws prohibit the sale of this kind of data.

On Wednesday, the District of Columbia’s health insurance exchange confirmed that it was working with law enforcement to investigate an alleged leak after a database containing personal information of about 170,000 individuals was offered for sale on a hacker forum popular with cybercriminals. The reported breach in DC Health Link, as the exchange is known, could expose sensitive personal data of lawmakers, their employees, and their families. Thousands of the exchange’s participants work in the US House and Senate, and a sample of the stolen data set reviewed by CyberScoop indicates that the victims of the breach also range from lobbyists to coffee shop employees. 

According to a letter to the head of the DC Health Benefit Exchange Authority from House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries, the FBI has apparently purchased some of the stolen data from the dark web. While the FBI had not yet determined the extent of the breach, according to the letter, “the size and scope of impacted House customers could be extraordinary.”

A report by Politico published March 7 details how Ring, Amazon’s home-surveillance company, handed law enforcement videos captured by an Ohio man’s 20 Ring cameras against his will. In December, the Hamilton Police Department sought a warrant for camera footage—including from inside the man’s house—while investigating his neighbor. According to the report, after he willingly providing video to the police that showed the street outside his home, police used the courts to access more footage against his will.

While law enforcement often seeks warrants for digital data, those warrants typically pertain to the subject of a particular investigation. However, as networked home surveillance cameras have become increasingly popular, sometimes blanketing city blocks, law enforcement is increasingly turning to individuals who are completely unaffiliated with a case to provide data. According to Politico, the lack of legal controls on what police can ask for opens the door for a bystander’s indoor home footage to be lawfully acquired by police.

Following Politico’s story, Gizmodo reported that a customer service agent for Ring told a concerned customer that the Politico story was a “hoax” perpetrated by a competitor. In response, an Amazon spokesperson told Gizmodo that the company does not in fact think the story was a hoax and the statement was the result of a misunderstanding on the part of the customer support agent. “We will ensure the agent receives the appropriate coaching,” the spokesperson said.

A former roommate of noted fabulist George Santos told federal authorities that the US congressman from Long Island, New York, had orchestrated a credit card skimming operation in Seattle in 2017. In a declaration submitted to authorities and obtained by Politico, the Brazilian man—convicted of credit card fraud and deported from the US—told the FBI, “Santos taught me how to skim card information and how to clone cards. He gave me all the materials and taught me how to put skimming devices and cameras on ATM machines.” 

According to the declaration, Gustavo Ribeiro Trelha met Santos in 2016 when he rented a room from him in his Florida apartment. There Santos reportedly taught Trelha how to use credit card cloning equipment and eventually flew him to Seattle to begin stealing financial information. “My deal with Santos was 50 percent for him, 50 percent for me,” Trelha wrote. 

The FBI Just Admitted It Bought US Location Data

The FBI Just Admitted It Bought US Location Data

The United States Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. While the practice of buying people’s location data has grown increasingly common since the US Supreme Court reined in the government’s ability to warrantlessly track Americans’ phones nearly five years ago, the FBI had not previously revealed ever making such purchases. 

The disclosure came today during a US Senate hearing on global threats attended by five of the nation’s intelligence chiefs. Senator Ron Wyden, an Oregon Democrat, put the question of the bureau’s use of commercial data to its director, Christopher Wray: “Does the FBI purchase US phone-geolocation information?” Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes. 

“To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray said. “I understand that we previously–as in the past–purchased some such information for a specific national security pilot project. But that’s not been active for some time.” He added that the bureau now relies on a “court-authorized process” to obtain location data from companies. 

It’s not immediately clear whether Wray was referring to a warrant—that is, an order signed by a judge reasonably convinced a crime has occurred—or another legal device. Nor did Wray indicate what motivated the FBI to end the practice. 

In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment’s guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring “loophole” that allows the government to simply purchase whatever it cannot otherwise legally obtain. US Customs and Border Protection (CBP) and the Defense Intelligence Agency are among the list of federal agencies known to have taken advantage of this loophole. 

The Department of Homeland Security, for one, is reported to have purchased the geolocations of millions of Americans from private marketing firms. In that instance, the data were derived from a range of deceivingly benign sources, such as mobile games and weather apps. Beyond the federal government, state and local authorities have been known to acquire software that feeds off cellphone-tracking data. 

Asked during the Senate hearing whether the FBI would pick up the practice of purchasing location data again, Wray replied: “We have no plans to change that, at the current time.”

Sean Vitka, a policy attorney at Demand Progress, a nonprofit focused on national security and privacy reform, says the FBI needs to be more forthcoming about the purchases, calling Wray’s admission “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” he says, adding that Congress should also move to ban the practice entirely.