Previous month:
September 2019
Next month:
November 2019

14 posts from October 2019

Report: Auto Emergency Braking With Pedestrian Detection Systems Fail When Needed Most

Image from AAA report on Emergency braking and pedestrian detection. October 2019. Click to view larger version The American Automobile Association (AAA) reported new research results from tests of automatic emergency braking with pedestrian detection systems in automobiles. The AAA found that these systems work inconsistently and failed when most needed: at night. Chief findings from the report:

"... automatic emergency braking systems with pedestrian detection perform inconsistently, and proved to be completely ineffective at night. An alarming result, considering 75% of pedestrian fatalities occur after dark. The systems were also challenged by real-world situations, like a vehicle turning right into the path of an adult. AAA’s testing found that in this simulated scenario, the systems did not react at all, colliding with the adult pedestrian target every time..."

The testing was performed jointly with the Automotive Club of Southern California’s Automotive Research Center in Los Angeles, California. Track testing was conducted on closed surface streets on the grounds of the Auto Club Speedway in Fontana, California. Four test vehicles were used: 2019 Chevy Malibu, 2019 Honda Accord, 2019 Tesla Model 3 and 2019 Toyota Camry. The testing included four scenarios:

  1. "An adult crossing in front of a vehicle traveling at 20 mph and 30 mph during the day and at 25 mph at night;
  2. A child darting out from between two parked cars in front of a vehicle traveling at 20 mph and 30 mph;
  3. A vehicle turning right onto an adjacent road with an adult crossing at the same time; and
  4. Two adults standing along the side of the road with their backs to traffic, with a vehicle approaching at 20 mph and 30 mph."

For scenario #1: a vehicle moving at 20 mph a collision resulted 60% of the time (= the systems avoided a collision 40 percent of the time). For scenario #2: a collision occurred 89% of the time for vehicles moving at 20 mph For scenario #3, collisions resulted 100 percent of the time. For scenario #4, a collision resulted 80 percent of the time for vehicles moving at 20 mph. Additional test results:

"... the systems were ineffective in all scenarios where the vehicle was traveling at 30 mph. At night, none of the systems detected or reacted to the adult pedestrian."

The October 2019 "Automatic Emergency Braking With Pedestrian Detection" AAA report is available here (Adobe PDF).


Google Has Started Home Deliveries Of Packages By Drones

MediaPost reported:

"The first drone home deliveries of packages from Walgreens have started from Wing, the Alphabet subsidiary. Wing recently received an expanded Air Carrier Certificate from the Federal Aviation Administration allowing the first commercial air delivery service by drone directly to homes in the U.S. The FAA permissions are the first allowing multiple pilots to oversee multiple unmanned aircraft making commercial deliveries to the general public simultaneously. Collaborating with Federal Express and Virginia retailer Sugar Magnolia, Wing began delivering over-the-counter medication, gifts and snacks to residents of Christiansburg, Virginia. FedEx completed the first scheduled ecommerce drone delivery on Friday [October 18th]..."


UPS Announces Expansion Of Its Drone Delivery Program

UPS logo Last week, UPS announced an expansion of its B2B drone delivery program titled UPS Flight. The expansion included three items focused upon the healthcare industry. First, UPS began a:

"... new drone delivery service in support of the University of Utah Health hospital campuses, in partnership with Matternet. The University of Utah campus program will involve drone deliveries of samples and other cargo, similar to the program originally introduced at WakeMed Hospital in North Carolina."

The second item included and agreement with:

"... with CVS Health to develop a variety of drone delivery use cases for business-to consumer applications. The program will include evaluation of delivery of prescriptions and retail products to the homes of CVS customers."

The third item included a partnership:

"... with wholesale pharmaceutical distributor AmerisourceBergen... The collaboration will initially deploy the UPS Flight Forward drone airline to transport certain pharmaceuticals, supplies and records to qualifying medical campuses served by AmerisourceBergen across the United States, with plans to then expand its use to other sites of care."

UPS Chief Strategy and Transformation Officer Scott Price said:

“When we launched UPS Flight Forward, we said we would move quickly to scale this business – now the country’s first and only fully-certified drone airline... We started with a hospital campus environment and are now expanding scale and use-cases. UPS Flight Forward will work with new customers in other industries to design additional solutions for a wide array of last-mile and urgent delivery challenges.”


VPN Service Provider Announced A Data Breach Incident Which Occurred in 2018

Consumers in the United States lost both control and privacy protections when the U.S. Federal Communications Commission (FCC), led by President Trump appointee Ajit Pai, a former Verizon lawyer, repealed in 2017 both broadband privacy and net neutrality protections for consumers. Since then, many people have subscribed to Virtual Private Network (VPN) services to regain protections of their sensitive personal information and online activities.

NordVPN logo NordVPN, a provider of VPN services, announced on Monday a data breach:

"1) One server was affected in March 2018 in Finland. The rest of our service was not affected. No other servers of any type were put at risk. This was an attack on our server, not our entire service; 2) The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake. As soon as we learned of the breach, the server and our contract with the provider were terminated and we began an extensive audit of our service; 3) No user credentials were affected; 4) There are no signs that the intruder attempted to monitor user traffic in any way. Even if they had, they would not have had access to those users’ credentials..."

In 2018, NordVPN operated about 3,000 servers. It now operates about 5,000 servers. The NordVPN announcement includes more information including technical details.

Earlier this month, C/Net and  PC Magazine published their lists of the best VPN services in 2019. PC Magazine's list, which was published before the breach announcement, included NordVPN. So, it is always wise for consumers to do their research before switching to a VPN service.

What to make of this breach? We don't know who performed the attack. My impression: the attack seemed targeted, since few people probably use the single server in Finland. And, this cyberattack seemed very different from the massive retail attacks where hackers seek to steal the payment information (e.g., credit/debit card numbers) of thousands of consumers.

This cyberattack may have targeted a specific person. Perhaps, the attacker was a competitor or the government agency of a country NordVPN has refused to do business with. (Or, maybe this.) Hopefully, investigative journalists with more resources than this solo blogger will probe deeper.

Several things seem clear: a) cybercriminals have added VPN services to their list of high-value targets, b) hackers have identified the outsourcing vendors used by VPN service providers, and c) cyber attacks like this will probably continue. You might say this breach was a warning shot across the bow of the entire VPN industry. Seems like there is lots more news to come.


Court Says Biometric Privacy Lawsuit Against Facebook Can Proceed

Facebook logo MediaPost reported:

"A federal appellate court has rejected Facebook's request for a new hearing over an Illinois biometric privacy law. Unless the Supreme Court steps in, Illinois Facebook users can now proceed with a class-action alleging that Facebook violated Illinois residents' rights by compiling a database of their faceprints... The legal battle, which dates to 2015, when several Illinois residents alleged that Facebook violated the Illinois Biometric Privacy Information Act, which requires companies to obtain written releases from people before collecting “face geometry” and other biometric data, including retinal scans and voiceprints... The fight centers on Facebook's photo-tagging function, which draws on a vast trove of photos to recognize users' faces and suggest their names when they appear in photos uploaded by their friends..."


The National Auto Surveillance Database You Haven't Heard About Has Plenty Of Privacy Issues

Some consumers have heard of Automated License Plate Recognition (ALPR) cameras, the high-speed, computer-controlled technology that automatically reads and records vehicle license plates. Local governments have installed ALPR cameras on stationary objects such as street-light poles, traffic lights, overpasses, highway exit ramps, and electronic toll collection (ETC).

Mobile ALPR cameras have been installed on police cars and/or police surveillance vans. The Houston Police Department explained in this 2016 video how it uses the technology. Last year, a blog post discussed ALPR usage in San Diego and its data-sharing with Vigilant Solutions.

What you probably don't know: the auto repossession industry also uses the technology. Many "repo men" have ALPR cameras installed on their vehicles. The data they collect is fed into a massive, nationwide, and privately-owned database which archives license-plate images. Reporters at Motherboard obtained a private demo of the database tool to understand its capabilities.

Digital Recognition Network logo The demo included tracking a license plate with the vehicle owner's consent. Vice reported:

"This tool, called Digital Recognition Network (DRN), is not run by a government, although law enforcement can also access it. Instead, DRN is a private surveillance system crowdsourced by hundreds of repo men who have installed cameras that passively scan, capture, and upload the license plates of every car they drive by to DRN's database. DRN stretches coast to coast and is available to private individuals and companies focused on tracking and locating people or vehicles. The tool is made by a company that is also called Digital Recognition Network... DRN has more than 600 of these "affiliates" collecting data, according to the contract. These affiliates are paid a monthly bonus for gathering the data..."

ALPR financing image from DRN site on September 20, 2019. Click to view larger version Affiliates are rep men and others, who both use the database tool and upload images to it. DRN even offers financing to help affiliates buy ALPR cameras. The image on the right was taken from the site on September 20, 2019.

When consumers fail to pay their bills, lenders and insurance companies have valid needs to retrieve ( or repossess) their unpaid assets. Lenders hire repo men, who then use the DRN database to find vehicles they've been hired to repossess. Those applications are valid, but there are plenty of privacy issues and opportunity for abuse.

Plenty.

First, the data collection is indiscriminate and broad. As repo men (and women) drive through cities and towns to retrieve wanted vehicles, the ALPR cameras mounted on their cars scan all nearby vehicles: both moving and parked vehicles. Scans are not limited solely to vehicles they've been hired to repossess, nor to vehicles of known/suspected criminals. So, innocent consumers are caught in the massive data collection. According to Vice:

"... in fact, the vast majority of vehicles captured are connected to innocent people. DRN claims to have more than 9 billion license plate scans, according to a DRN contract obtained by Motherboard..."

Second, the data is archived forever. That can provide a very detailed history of a vehicle's (or a person's) movements:

"The results popped up: dozens of sightings, spanning years. The system could see photos of the car parked outside the owner's house; the car in another state as its driver went to visit family; and the car parked in other spots in the owner's city... Some showed the car's location as recently as a few weeks before."

Third, to facilitate searches metadata is automatically attached to the images: GPS or geolocation, date, time, day of week, and more. The metadata helps provide a pretty detailed history of each vehicle's -- or person's -- movements: where and when a vehicle ( or person) travels, patterns such as which days of the week certain locations are visited, and how long the vehicle (or person) parked at specific locations. Vice explained:

"The data is easy to query, according to a DRN training video obtained by Motherboard. The system adds a "tag" to each result, categorising what sort of location the vehicle was likely spotted at, such as "workplace" or "home."

So, DRN can help users to associate specific addresses (work, home, school, doctors, etc.) with specific vehicles. How accurate might this be? While that might help repo men and insurance companies spot fraud via out-of-state registered vehicles whose owners are trying to avoid detection and/or higher premiums, it raises other concerns.

Fourth, consumers -- vehicle owners -- have no control over the data describing them. Vehicle owners cannot opt out of the data collection. Vehicle owners cannot review nor correct any errors in their DRN profiles.

That sounds out of control to me.

The persons which the archived data directly describes have no say. None. That's a huge concern.

Also, I wonder about single females -- victims of domestic violence -- who have protective orders for their safety. Some states, such as Massachusetts, have Address Confidentiality Programs (ACPs) to protect victims of domestic violence, sexual assault, and stalkers. Does DRN accommodate ACP programs? And if so, how? And if not, why not? How does DRN prevent perps from using its database tool? (Yes, DRN access is an issue. Keep reading.) The Vice report didn't say. Hopefully, future reporting will discuss this.

Fifth, DRN is robust. It can be used to track vehicles near or in real time:

"DRN charges $20 to look up a license plate, or $70 for a "live alert", according to the contract. With a live alert, a user can enter a license plate they wish to receive updates on; when the DRN system spots the vehicle, it'll send an email to the user with the newly discovered location."

That makes DRN highly appealing to both valid users (e.g., police, repo men, insurance companies, private investigators) and bad actors posing as valid users. Who might those bad actors be? The Electronic Frontier Foundation (EFF) warned:

"Taken in the aggregate, ALPR data can paint an intimate portrait of a driver’s life and even chill First Amendment protected activity. ALPR technology can be used to target drivers who visit sensitive places such as health centers, immigration clinics, gun shops, union halls, protests, or centers of religious worship."

Sixth, is the problem of access. Anybody can use DRN. According to Vice:

"... a private investigator, or a repo man, or an insurance company does not need a warrant to search for someone's movements over years; they just need to pay to access the DRN system, or find someone willing to share or leverage their access..."

Users simply need to comply with DRN's policies. The company says that, a) users can use its database tool only for certain applications, and b) its contract prohibits users from sharing search results with third parties. We consumers have only DRN's word and assurances that it enforces its policies; and that users comply. As we have seen with Facebook data breaches, it is easy for bad actors to pose as valid users in order to doo end runs around such policies.

What are your opinions of ALPR cameras and DRN?


Privacy Lawsuit Involving Google Street View Moves Forward

Google logo MediaPost reported:

"Google's $13 million settlement of a privacy lawsuit stemming from data collection by Street View cars moved forward [October 9th], when U.S. District Court Judge Charles Breyer in San Francisco granted the deal preliminary approval. The agreement calls for the company to pay around $10 million to nonprofits that promise to use the money to promote online privacy... The deal also requires Google to destroy some data collected by its Street View cars, and to refrain from using Street View cars to collect or store personal data for at least five years... If granted final approval by Breyer, the settlement will resolve a lawsuit dating to 2010 over revelations that Google's Street View cars collected a host of data -- including URLs, passwords and emails -- sent over unencrypted WiFi networks."

So, this lawsuit has been underway for almost 10 years. Gizmodo provided important historical details:

"... when Google started deploying its little Street View cars around our neighborhoods, the company also ended up collecting about 600 GB of emails, passwords, and other payload data from unencrypted wifi networks in over 30 countries. In a 2010 blog, Google said the data collection was a “mistake” after a German data protection group asked to audit the data collected by the cars... The basis for the class-action lawsuit was that Google was basically infringing on federal wiretapping laws. Google had argued in a separate case on the same issue, Joffe vs Google, that its “mistake” was legal, as unencrypted wifi are a form of radio communication and thereby, readily accessible by the general public. The courts did not agree, and in 2013 ruled Google’s defense was bunk."

Good historical detail. Regular readers of this blog may remember this Google apology to Australia in 2010.

Last, don't cry for Google. The proposed settlement amount is tiny compared to Google's $136.96 billion in sales during 2018.


Survey: Consumers Use Smart Home Devices Despite Finding Them 'Creepy'

Selligent Marketing Cloud logo Last month, Selligent Marketing Cloud announced the results of a global survey about how consumers view various brands. Some of the findings included smart speakers or voice assistants. Key findings:

"Sixty-nine percent of surveyed consumers find it “creepy” when they receive ads based on unprompted cues from voice assistants like Apple’s Siri, Amazon’s Alexa and Google Home. Fifty-one percent are worried that voice assistants are listening to conversations without their consent."

Regarding voice assistants, younger consumers are likely to believe they are being listened to without their knowledge. 58 percent of Gen-Z (ages 18-24) versus 36 percent for Baby Boomers (ages 55-75) held this view. Key findings about privacy and social media: 41 percent of respondents said they have reduced their use of social media due to privacy concerns, and 32 percent said they quit at least one social media platform within the last 12 months.

Selligent surveyed 5,000 consumers in North America and Western Europe. The company provides services to help B2C marketers. To learn more, see the Selligent "Global Connected Consumer Index."


Facebook To Pay $40 Million To Advertisers To Resolve Allegations of Inflated Advertising Metrics

Facebook logo According to court papers last week, Facebook has entered a proposed settlement agreement where it will pay $40 million to advertisers to resolve allegations in a class-action lawsuit that the social networking platform inflated video advertising engagement metrics. Forbes explained:

"The metrics in question are critical for advertisers on video-based content platforms such as YouTube and Facebook because they show the average amount of time users spend watching their content before clicking away. During the 18 months between February of 2015 and September of 2016, Facebook was incorrectly calculating — and consequently, inflating — two key metrics of this type. Members of the class action are alleging that the faulty metrics led them to spend more money on Facebook ads than they otherwise would have..."

Metrics help advertisers determine if the ads they paid for are delivering results. Reportedly, the lawsuit took three years and Facebook denied any wrongdoing. The proposed settlement must be approved by a court. About $12 million of the $40 million total will be used to pay plaintiffs' attorney fees.

A brief supporting the proposed settlement provided more details:

" One metric—“Average Duration of Video Viewed”—depicted the average number of seconds users watched the video; another—–“Average Percentage of Video Viewed”—depicted the average percentage of the video ad that users watched... Starting in February 2015, Facebook incorrectly calculated Average Duration of Video Viewed... The Average View Duration error, in turn, led to the Average Percentage Viewed metric also being inflated... Because of the error, the average watch times of video ads were exaggerated for about 18 months... Facebook acknowledges there was an error. But Facebook has argued strenuously that the error was an innocent mistake that Facebook corrected shortly after discovering it. Facebook has also pointed out that some advertisers likely never viewed the erroneous metrics and that because Facebook does not set prices based on the impacted metrics, the error did not lead to overcharges... The settlement provides a $40 million cash fund from Facebook, which constitutes as much as 40% of what Plaintiffs estimate they may realistically have been able to recover had the case made it to trial and had Plaintiffs prevailed. Facebook’s $40 million payment will... also cover the costs of settlement administration, class notice, service awards, and Plaintiffs’ litigation costs24 and attorneys’ fees."

It seems that besides a multitude of data breaches and privacy snafus, Facebook can't quite operate reliably its core advertising business. What do you think?


FTC To Distribute $31 Million In Refunds To Affected Lifelock Customers

U.S. Federal Trade Commission logo The U.S. Federal Trade Commission (FTC) announced on Tuesday the distribution of about $31 million worth of refunds to certain customers of Lifelock, an identity protection service. The refunds are part of a previously announced settlement agreement to resolve allegations that the identity-theft service violated a 2010 consent order.

Lifelock has featured notable spokespersons, including radio talk-show host Rush Limbaugh, television personality Montel Williams, actress Angie Harmon, and former New York City Mayor Rudy Giuliani, who is now the personal attorney for President Trump.

The FTC announcement explained:

"The refunds stem from a 2015 settlement LifeLock reached with the Commission, which alleged that from 2012 to 2014 LifeLock violated an FTC order that required the company to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC alleged, among other things, that LifeLock failed to establish and maintain a comprehensive information security program to protect users’ sensitive personal information, falsely advertised that it protected consumers’ sensitive data with the same high-level safeguards used by financial institutions, and falsely claimed it provided 24/7/365 alerts “as soon as” it received any indication a consumer’s identity was being used."

Lifelock logo The 2015 settlement agreement with the FTC required LifeLock agreed to pay $100 million to affected customers. About $68 million has been paid to customers who were part of a class action lawsuit. The FTC is using the remaining money to provide refunds to consumers who were LifeLock members between 2012 and 2014, but did not receive a payment from the class action settlement.

The FTC expects to mail about one million refund checks worth about $29 each.

If you are a Lifelock customer and find this checkered history bothersome, Consumer Reports has some recommendations about what you can do instead. It might save you some money, too.


Report: World Shipments Of Smart Home Devices Forecasted To Grow To 815 Million In 2019, And To 1.39 Billion in 2023

International Data Corporation logo A report by the International Data Corporation (IDC) has forecasted worldwide shipments of devices for smart homes to grown 23.5% in 2019 over 2018 to nearly 815 million. The report also forecasted a 14.4 percent annual compound growth rate to about 1.39 billion shipments in 2023.

According to the announcement about the report:

"Video entertainment devices are expected to maintain the largest volume of shipments, accounting for 29.9% of all shipments in 2023... Home monitoring/security devices like smart cameras and smart locks will account for 22.1% of the shipments in 2023... Growth in smart speakers and displays is expected to slow to single digits in the next few years... as the installed base of these devices approaches saturation and consumers look to other form factors to access smart assistants in the home, such as thermostats, appliances, and TVs to name a few."

The report, titled "Worldwide Quarterly Smart Home Device Tracker," includes familiar products such as Amazon Echo, Google Home, Philips Hue bulbs, smart speakers, smart thermostats, and connected doorbells. The report covers Asia/Pacific, Canada, Central and Eastern Europe, China, Japan, Latin America, the Middle East and Africa, the United States, and Western Europe.

Surveys in 2018 found that most consumers are satisfied with in-home voice-controlled assistants, and performance issues hinder trust and device adoption. A survey in 2017 found that 90 percent of consumers want security built into smart-home devices. Also in 2017, researchers warned that a hacked Amazon Echo could be turned into always-on surveillance devices.

And, consumers should use these privacy tips for smart speakers in their homes.

Today's smart homes contain a variety of internet-connected appliances -- televisions, utility meters, hot water heaters, thermostats, refrigerators, security systems, solar panels -- and internet-connected devices you might not expect:  mouse traps, water bowls and feeders for your pets, wine bottles, crock pots, toy dolls, trash/recycle bins, vibrators, orgasm trackers, and adult sex toys. It is a connected world, indeed.


3 Countries Sent A Joint Letter Asking Facebook To Delay End-To-End Encryption Until Law Enforcement Has Back-Door Access. 58 Concerned Organizations Responded

Plenty of privacy and surveillance news recently. Last week, the governments of three countries sent a joint, open letter to Facebook.com asking the social media platform to delay implementation of end-to-end encryption in its messaging apps until back-door access can be provided for law enforcement.

Facebook logo Buzzfeed News published the joint, open letter by U.S. Attorney General William Barr, United Kingdom Home Secretary Priti Patel, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton. The letter, dated October 4th, was sent to Mark Zuckerberg, the Chief Executive Officer of Facebook. It read in part:

"OPEN LETTER: FACEBOOK’S “PRIVACY FIRST” PROPOSALS

We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.

In your post of 6 March 2019, “A Privacy-Focused Vision for Social Networking,” you acknowledged that “there are real safety concerns to address before we can implement end-to-end encryption across all our messaging services.” You stated that “we have a responsibility to work with law enforcement and to help prevent” the use of Facebook for things like child sexual exploitation, terrorism, and extortion. We welcome this commitment to consultation. As you know, our governments have engaged with Facebook on this issue, and some of us have written to you to express our views. Unfortunately, Facebook has not committed to address our serious concerns about the impact its proposals could have on protecting our most vulnerable citizens.

We support strong encryption, which is used by billions of people every day for services such as banking, commerce, and communications. We also respect promises made by technology companies to protect users’ data. Law abiding citizens have a legitimate expectation that their privacy will be protected. However, as your March blog post recognized, we must ensure that technology companies protect their users and others affected by their users’ online activities. Security enhancements to the virtual world should not make us more vulnerable in the physical world..."

The open, joint letter is also available on the United Kingdom government site. Mr. Zuckerberg's complete March 6, 2019 post is available here.

Earlier this year, the U.S. Federal Bureau of Investigation (FBI) issued a Request For Proposals (RFP) seeking quotes from technology companies to build a real-time social media monitoring tool. It seems, such a tool would have limited utility without back-door access to encrypted social media accounts.

In 2016, the Federal Bureau of Investigation (FBI) filed a lawsuit to force Apple Inc. to build "back door" software to unlock an attacker's iPhone. Apple refused as back-door software would provide access to any iPhone, not only this particular smartphone. Ultimately, the FBI found an offshore tech company to build the backdoor. Later that year, then FBI Director James Comey suggested a national discussion about encryption versus safety. It seems, the country still hasn't had that conversation.

According to BuzzFeed, Facebook's initial response to the joint letter:

"In a three paragraph statement, Facebook said it strongly opposes government attempts to build backdoors."

We shall see if Facebook holds steady to that position. Privacy advocates quickly weighed in. The Electronic Frontier Foundation (EFF) wrote:

"This is a staggering attempt to undermine the security and privacy of communications tools used by billions of people. Facebook should not comply. The letter comes in concert with the signing of a new agreement between the US and UK to provide access to allow law enforcement in one jurisdiction to more easily obtain electronic data stored in the other jurisdiction. But the letter to Facebook goes much further: law enforcement and national security agencies in these three countries are asking for nothing less than access to every conversation... The letter focuses on the challenges of investigating the most serious crimes committed using digital tools, including child exploitation, but it ignores the severe risks that introducing encryption backdoors would create. Many people—including journalists, human rights activists, and those at risk of abuse by intimate partners—use encryption to stay safe in the physical world as well as the online one. And encryption is central to preventing criminals and even corporations from spying on our private conversations... What’s more, the backdoors into encrypted communications sought by these governments would be available not just to governments with a supposedly functional rule of law. Facebook and others would face immense pressure to also provide them to authoritarian regimes, who might seek to spy on dissidents..."

The new agreement the EFF referred to was explained in this United Kingdom announcement:

"The world-first UK-US Bilateral Data Access Agreement will dramatically speed up investigations and prosecutions by enabling law enforcement, with appropriate authorisation, to go directly to the tech companies to access data, rather than through governments, which can take years... The current process, which see requests for communications data from law enforcement agencies submitted and approved by central governments via Mutual Legal Assistance (MLA), can often take anywhere from six months to two years. Once in place, the Agreement will see the process reduced to a matter of weeks or even days."

The Agreement will each year accelerate dozens of complex investigations into suspected terrorists and paedophiles... The US will have reciprocal access, under a US court order, to data from UK communication service providers. The UK has obtained assurances which are in line with the government’s continued opposition to the death penalty in all circumstances..."

On Friday, a group of 58 privacy advocates and concerned organizations from several countries sent a joint letter to Facebook regarding its end-to-end encryption plans. The Center For Democracy & Technology (CDT) posted the group's letter:

"Given the remarkable reach of Facebook’s messaging services, ensuring default end-to-end security will provide a substantial boon to worldwide communications freedom, to public safety, and to democratic values, and we urge you to proceed with your plans to encrypt messaging through Facebook products and services. We encourage you to resist calls to create so-called “backdoors” or “exceptional access” to the content of users’ messages, which will fundamentally weaken encryption and the privacy and security of all users."

It seems wise to have a conversation to discuss all of the advantages and disadvantages; and not selectively focus only upon some serious crimes while ignoring other significant risks, since back-door software can be abused like any other technology. What are your opinions?


Transcripts Of Internal Facebook Meetings Reveal True Views Of The Company And Its CEO

Facebook logo It's always good for consumers -- and customers -- to know a company's positions on key issues. Thanks to The Verge, we now know more about Facebook's views. Portions of the leaked transcripts included statements by Mr. Zuckerberg, Facebook's CEO, during internal business meetings. The Verge explained the transcripts:

"In two July meetings, Zuckerberg rallied his employees against critics, competitors, and Senator Elizabeth Warren, among others..."

Portions of statements by Mr. Zuckerberg included:

"I’m certainly more worried that someone is going to try to break up our company... So there might be a political movement where people are angry at the tech companies or are worried about concentration or worried about different issues and worried that they’re not being handled well. That doesn’t mean that, even if there’s anger and that you have someone like Elizabeth Warren who thinks that the right answer is to break up the companies... I mean, if she gets elected president, then I would bet that we will have a legal challenge, and I would bet that we will win the legal challenge... breaking up these companies, whether it’s Facebook or Google or Amazon, is not actually going to solve the issues. And, you know, it doesn’t make election interference less likely. It makes it more likely because now the companies can’t coordinate and work together. It doesn’t make any of the hate speech or issues like that less likely. It makes it more likely..."

An October 1st post by Mr. Zuckerberg confirmed the transcripts. Earlier this year, Mr. Zuckerberg called for more government regulation. Given his latest comments, we now know his true views.

Also, C/Net reported:

"In an interview with the Today show that aired Wednesday, Instagram CEO Adam Mosseri said he generally agrees with the comments Zuckerberg made during the meetings, adding that the company's large size can help it tackle issues like hate speech and election interference on social media."

The claim by Mosseri, Zuckerberg and others that their company needs to be even bigger to tackle issues is frankly -- laughable. Consumers are concerned about several different issues: privacy, hacked and/or cloned social media accounts, costs, consumer choice, surveillance, data collection we can't opt out of, the inability to delete Facebook and other mobile apps, and elections interference. A recent study found that consumers want social sites to collect less data.

Industry consolidation and monopolies/oligopolies usually result with reduced consumer choices and higher prices. Prior studies have documented this. The lack of ISP competition in key markets meant consumers in the United States pay more for broadband and get slower speeds compared to other countries. At the U.S. Federal Trade Commission's "Privacy, Big Data, And Competition" hearing last year, the developers of the Brave web browser submitted this feedback:

""First, big tech companies “cross-use” user data from one part of their business to prop up others. This stifles competition, and hurts innovation and consumer choice. Brave suggests that FTC should investigate..."

Facebook is already huge, and its massive size still hasn't stopped multiple data breaches and privacy snafus. Rather, the snafus have demonstrated an inability (unwillingness?) by the company and its executives to effectively tackle and implement solutions to adequately and truly protect users' sensitive information. Mr. Zuckerberg has repeatedly apologized, but nothing ever seems to change. Given the statements in the transcripts, his apologies seem even less believable and less credible than before.

Alarmingly, Facebook has instead sought more ways to share users' sensitive data. In August of 2018, reports surfaced that Facebook approached several major banks and offered to share its detailed financial information about consumers in order, "to boost user engagement." Reportedly, the detailed financial information included debit/credit/prepaid card transactions and checking account balances. Also last year, Facebook's Onavo VPN App was removed from the Apple App store because the app violated data-collection policies. Not good.

Plus, the larger problem is this: Facebook isn't just a social network. It is also an advertiser, publishing platform, dating service, and wannabe payments service. There are several anti-trust investigations underway involving Facebook. Remember, Facebook tracks both users and non-users around the internet. So, claims about it needing to be bigger to solve problem are malarkey.

And, Mr. Zuckerberg's statements seem to mischaracterize Senator Warren's positions by conflating and ignoring (or minimizing) several issues. Here is what Senator Warren actually stated in March, 2019:

"America’s big tech companies provide valuable products but also wield enormous power over our digital lives. Nearly half of all e-commerce goes through Amazon. More than 70% of all Internet traffic goes through sites owned or operated by Google or Facebook. As these companies have grown larger and more powerful, they have used their resources and control over the way we use the Internet to squash small businesses and innovation, and substitute their own financial interests for the broader interests of the American people... Weak antitrust enforcement has led to a dramatic reduction in competition and innovation in the tech sector. Venture capitalists are now hesitant to fund new startups to compete with these big tech companies because it’s so easy for the big companies to either snap up growing competitors or drive them out of business. The number of tech startups has slumped, there are fewer high-growth young firms typical of the tech industry, and first financing rounds for tech startups have declined 22% since 2012... To restore the balance of power in our democracy, to promote competition, and to ensure that the next generation of technology innovation is as vibrant as the last, it’s time to break up our biggest tech companies..."

Senator Warren listed several examples:

"Using Mergers to Limit Competition: Facebook has purchased potential competitors Instagram and WhatsApp. Amazon has used its immense market power to force smaller competitors like Diapers.com to sell at a discounted rate. Google has snapped up the mapping company Waze and the ad company DoubleClick... Using Proprietary Marketplaces to Limit Competition: Many big tech companies own a marketplace — where buyers and sellers transact — while also participating on the marketplace. This can create a conflict of interest that undermines competition. Amazon crushes small companies by copying the goods they sell on the Amazon Marketplace and then selling its own branded version. Google allegedly snuffed out a competing small search engine by demoting its content on its search algorithm, and it has favored its own restaurant ratings over those of Yelp."

Mr. Zuckerberg would be credible if he addressed each of these examples. In the transcript from The Verge, he didn't.

And, there is plenty of blame to spread around on executives in both tech companies and anti-trust regulators in government. Readers wanting to learn more can read about hijacked product pages and other chaos among sellers on the Amazon platform. There's plenty to fault tech companies for, and it isn't a political attack.

Plenty of operational failures, data security failures, and willful sharing of consumers' data collected. What are your opinions of the transcript?


Vancouver, Canada Welcomed The 'Tesla Of The Cruise Industry." Ports In France Consider Bans For Certain Cruise Ships

For drivers concerned about the environment and pollution, the automobile industry has offered hybrids (which run on gasoline, and electric battery power) and completely electric vehicles (solely on electric battery power). The same technology trend is underway within the cruise industry.

On September 26, the Port of Vancouver welcomed the MS Roald Amundsen. Some call this cruise ship the "Tesla of the cruise industry." The International Business Times explained:

"MS Roald Amundsen can be called Tesla of the cruise industry as it is similar to the electrically powered Tesla car that set off a revolution in the auto sector by running on batteries... The state of the art ship was unveiled earlier this year by Scandinavian cruise operator Hurtigruten. The cruise ship is one of the most sustainable cruise vessels with the distinction of being one of the two hybrid-electric cruise ships in the world. MS Roald Amundsen utilizes hybrid technology to save fuel and reduce carbon dioxide emissions by 20 percent."

Hurtigruten logo With 15 cruise ships, Hurtigruten offers sailings to Norway, Iceland, Alaska, Arctic, Antarctica, Europe, South America, and more. Named after the first man to cross Antarctica and reach the South Pole, the MS Roald Amundsen carries about 530 passengers.

View of solar panels on the Celebrity Solstice cruise ship in March, 2019. Click to view larger version While some cruise ships already use onboard solar panels to reduce fuel consumption, this is the first hybrid-electric cruise ship. It is an important step forward to prove that large ships can be powered in this manner.

Several ships in Royal Caribbean Cruise Line's fleet, including the Oasis of the Seas, have been outfitted with solar panels. The image on the right provides a view of  the solar panels on the Celebrity Solstice cruise ship, while it was docked in Auckland, New Zealand in March, 2019. The panels are small and let sunlight through.

The Vancouver Is Awesome site explained why the city gave the MS Roald Amundsen special attention:

"... the Vancouver Fraser Port Authority, the federal agency responsible for the stewardship of the port, has set its vision to be the world’s most sustainable port. As a part of this vision, the port authority works to ensure the highest level of environmental protection is met in and around the Port of Vancouver. This commitment resulted in the port authority being the first in Canada and third in the world to offer shore power, an emissions-reducing initiative, for cruise ships. That said, a shared commitment to sustainability isn’t the only thing Hurtigruten has in common with our awesome city... The hybrid-electric battery used in the MS Roald Amundsen was created by Vancouver company, Corvus Energy."

Port Of Vancouver, Canada logo Reportedly, the MS Roald Amundsen can operate for brief periods of time only on battery power, resulting in zero fuel usage and zero emissions. The Port of Vancouver's website explains its Approach to Sustainability policy:

"We are on a journey to meet our vision to become the world’s most sustainable port. In 2010 we embarked on a two-year scenario planning process with stakeholders called Port 2050, to improve our understanding of what the region may look like in the future... We believe a sustainable port delivers economic prosperity through trade, maintains a healthy environment, and enables thriving communities, through meaningful dialogue, shared aspirations and collective accountability. Our definition of sustainability includes 10 areas of focus and 22 statements of success..."

I encourage everyone to read the Port of Vancouver's 22 statements of success for a healthy environment and sustainable port. Selected statements from that list:

"Healthy ecosystems:
8) Takes a holistic approach to protecting and improving air, land and water quality to promote biodiversity and human health
9) Champions coordinated management programs to protect habitats and species. Climate action
10) Is a leader among ports in energy conservation and alternative energy to minimize greenhouse gas emissions..."

"Responsible practices:
12) Improves the environmental, social and economic performance of infrastructure through design, construction and operational practices
13) Supports responsible practices throughout the global supply chain..."

"Aboriginal relationships:
18) Respects First Nations’ traditional territories and value traditional knowledge
19) Embraces and celebrates Aboriginal culture and history
20) Understands and considers contemporary interests and aspirations..."

In separate but related news, government officials in the French Riviera city of Cannes are considering a ban of cruise ships to curb pollution. The Travel Pulse site reported:

"The ban would apply to passenger vessels that do not meet a 0.1 percent sulfur cap in their fuel emissions. Any cruise ship that attempted to enter the port that did not meet the higher standards would be turned away without allowing passengers to disembark."

During 2018, about 370,000 cruise ship passengers visited Cannes, making it the fourth busiest port in France. Officials are concerned about pollution. Other European ports are considering similar bans:

"Another French city, Saint-Raphael, has also instituted similar rules to curb the pollution of the water and air around the city. Other European ports such as Santorini and Venice have also cited cruise ships as a significant cause of over-tourism across the region."

If you live and/or work in a port city, it seems worthwhile to ask your local government or port authority what it is doing about sustainability and pollution. The video below explains some of the features in this new "expedition ship" with itineraries and activities that focus upon science:


Video courtesy of Hurtigruten

[Editor's note: this post was updated to include a photo of solar panels on the Celebrity Solstice cruise ship.]