One of the recurring nightmare scenarios outlined by security experts—a cyberattack on the country's power grid—has inspired lawmakers in both parties to come to rare agreement. A bipartisan energy bill pending in the Senate would give the U.S. energy secretary emergency powers in the event of such an attack and provide for research into digital energy security.
"The Energy Policy Modernization Act is designed to defend our national energy grid from terrorist cyberattacks," Senate Majority Leader Mitch McConnell, R-Ky., told Senate colleagues Tuesday. "It would help prepare us by authorizing additional cybersecurity research, it would help deter attacks by erecting stronger cybersecurity defenses, and it would help provide for faster and more effective responses when threats do arise.
The bill would allow the president to grant the energy secretary emergency authority in the event of a cyberattack on the electric grid, allowing the secretary to order power companies "to take such actions as the Secretary determines will best avert or mitigate the cybersecurity threat."
It would also authorize $100 million in annual funding through 2025 for research into energy grid security.
The proposed law, which The Hillreports is likely to pass the Senate as soon as Thursday, comes as officials have expressed increased concern about cybersecurity threats to the power grid. Officials have said networks tied to the power sector are regularly probed by hackers, including some apparently tied to foreign countries.
The Defense Advanced Research Projects Agency (DARPA) announced in December a program to fund research into efforts to restore power after a major digital attack on the grid. The program, called Rapid Attack Detection, Isolation and Characterization Systems, or RADICS, aims to develop systems to let power companies to restore service within seven days, even after a serious attack.
"If a well-coordinated cyberattack on the nation's power grid were to occur today, the time it would take to restore power would pose daunting national security challenges," said John Everett, DARPA program manager, in a statement at the time.
No power outages in the United States have been tied to hacking attempts. A power outage in Ukraine in December was reportedly the first one to be tied to such an attack.
Get the latest Fast Company stories in your inbox daily
Thank you! Please check your inbox to confirm you subscription to '+ (this.charAt(0).toUpperCase() + this.slice(1)).replace('Fastcompany', 'Fast Company')+ '!
Digital currencies like bitcoin are touted for their anonymity. But in practice, it can be possible to trace transactions across the shared bitcoin ledger known as the blockchain and figure out who's sending bitcoin to whom.
The creators of a new bitcoin alternative dubbed Zcash say that currency—currently in pre-release alpha testing—will make that identification effectively impossible. Zcash will rely on algorithms known as zero-knowledge proofs that will allow users to prove they actually have the money they're sending, without needing to reveal their identities or how much they're sending at any given time.
"Unlike bitcoin, Zcash transactions automatically hide the sender, recipient, and value of all transactions on the blockchain," according to the Zcash website. "Only those with the correct view key can see the contents. Users have complete control and can opt in to provide others with their view key at their discretion."
The currency's creators first proposed the underlying concept in a 2014 academic paper by researchers from the Massachusetts Institute of Technology, Johns Hopkins University and Israel's Technion and Tel Aviv University.
The Zcash team hopes to have a live version of the currency available in July, founder and CEO Zooko Wilcox said in a cryptocurrency forum AMA session last week. In the meantime, potential users and developers can experiment with the alpha version of the currency and its underlying open source software on a "testnet" network, though its creators emphasize that the test version of the currency has no value and holdings can be reset at any time until the actual network's launch.
The added privacy could make Zcash a more viable choice for financial institutions and consumers than other cryptocurrencies, Wilcox wrote in a January blog post.
Other alternative cryptocurrencies, or altcoins, have sought to distinguish themselves by offering enhanced anonymity compared to bitcoin. A number of currencies based on the CryptoNote protocol support so-called ring signatures, intended to make it mathematically impossible to see which of a group, or ring, of users generated a particular transaction. Another currency, called Dash, aims to anonymize spending by bundling together unrelated transactions, so that observers can't tell which of the transaction parties are sending money to each other.
But so far, no rival cryptocurrency, anonymous or not, has come close to gaining the widespread attention and acceptance of bitcoin.
Wilcox, who is also the CEO of encrypted file storage provider Least Authority, argued on the Zcash blog that concerns over the currency's potential use by criminals are misplaced.
"Bad guys use cars, bad guys use the Internet, bad guys use cash, bad guys use the current banking system," he wrote. "Our goal is not to invent something that bad guys can't use, it is to invent something that can empower and uplift the billions of good people on this planet."
"Users should not have to petition companies to implement security or fix egregious vulnerabilities," wrote the microblogging platform's Trust and Security officer Michael Coates. "The protection of sensitive user data should be backed by regulation that has teeth."
Companies should be required to encrypt data in transmission and maintain apps and servers free of security holes, making sure to fix any vulnerabilities in a reasonable time period, he wrote, and he warned against legal attempts to undermine user privacy.
"Ten years from now, I predict that the largest risk to society will be attempts to criminalize or undermine privacy protecting technology," he wrote. "The existence of technologies such as Tor and encryption is crucial to protect individuals living in nations where free expression is not guaranteed and the expression of an idea can place an individual at risk."
Other participants in the discussion also urged Internet companies to bolster security protections: Sam Quigley, Square's head of information security, warned that some companies aren't doing enough to protect personal information beyond traditional targets like credit card numbers.
"This is a worrisome enough trend in a purely online context, but the rise of connected devices means that we're all carrying tons of sensors around with us all the time," Quigley wrote.
And tools that collect data need to be built from the ground up with data privacy in mind, wrote Joel De La Garza, chief security officer at Box.
"We must have the technical ability to enforce privacy and confidentiality while also enabling innovation that can have profound positive benefits for our lives," he wrote.
Building those secure systems will likely require a greater emphasis on security testing, and turning security research into marketable solutions, wrote Rebecca Bace, the CEO of security firm Infidel.
"For example, we all know we need to ensure that software is adequately tested — perhaps in the way Underwriters Laboratories certifies that new electrical devices are safe to use — yet we've made very little progress towards that goal," she wrote.
Gmail will now warn users when they're exchanging email with someone whose email provider doesn't support server-to-server message encryption, Google announced this week.
Traditionally, email messages were sent from mail server to mail server unencrypted, but in recent years email providers including Gmail have increasingly begun using a security protocol called Transport Layer Security, or TLS, to encrypt messages in transit and to limit opportunities for eavesdropping. But when a server that supports TLS exchanges messages with one that doesn't, it's forced to fall back to the unencrypted standard.
In that case, Gmail will now warn users with a broken lock icon, similar to what's used in Chrome and other browsers to indicate an insecure connection. The company said in 2014 that about 40 to 50 percent of emails between Gmail and other providers weren't encrypted.
Gmail will also warn when users receive an email that can't be cryptographically authenticated, alerting users to potential phishing attacks.
"If you receive a message that can't be authenticated, you'll see a question mark in place of the sender's profile photo, corporate logo, or avatar," according to Google's blog post.
The move is the latest in a series of steps that Google has taken to boost Gmail user privacy, including pushing two-step authentication, warning on suspicious account access attempts, and testing device-based alternatives that could be harder to spoof than password logins.
As the feud between Apple and the government over unlocking an iPhone tied to the San Bernardino killings raises the debate over privacy versus security to a crescendo, one group of experts is seeking to tone down the rhetoric and seek a middle ground via a digital "constitution."
A coalition of security-focused tech firms, former top national security leaders, and privacy advocates plans to develop such an agreement to address privacy and security issues like those now facing Apple and the U.S. Justice Department. The group, called the Digital Equilibrium Project, announced plans Tuesday to release an initial working paper at the security-focused RSA Conference March 1 and to convene a summit of its own later this year to draft the so-called digital constitution.
"The intent of this constitution is to help guide policy creation, broker compromise and serve as the foundation for decision making around cyber security issues," the group said. "Senior executives from the Justice Department, Apple and other technology firms will be invited to participate."
The Digital Equilibrium Project's organizing members include current and former executives from security firms including Verisign, Veracode, and RSA, as well as former National Security Agency director Michael McConnell and former Homeland Security secretary Michael Chertoff. The group also includes Nuala O'Connor, the CEO of Center for Democracy and Technology, a privacy group, as well as Ann Cavoukian, who is the executive director of the Privacy and Big Data Institute at Ryerson University and was formerly Ontario's information and privacy commissioner.
The group says it intends to promote "productive dialogue" to help resolve issues like the current legal struggle between the Justice Department and Apple over Apple's ability and willingness to unlock iPhones potentially containing evidence of criminal activity. That battle is just one part of an ongoing dispute between tech industry leaders and security officials over law enforcement access to encrypted user data.
Billions of wireless keyboards and mice are vulnerable to hijacking with inexpensive radio transmitters, potentially letting hackers type arbitrary commands to computers hooked to the devices from up to 100 meters away, warns security firm Bastille.
The vulnerability, which the company has dubbed MouseJack, lets hackers impersonate certain non-Bluetooth wireless mice and keyboards from companies including Logitech, Dell, and Microsoft, according to Bastille. Hackers could then type commands on the computer as if they were the current user, potentially letting them delete files or install malware, the company says.
"Once infiltrated, which can be done with $15 worth of hardware and a few lines of code, a hacker has the ability to insert malware that could potentially lead to devastating breaches," Bastille engineer Marc Newlin said in a statement Tuesday.
Many of the affected keyboards and mice don't secure connections between the devices and the adaptors that plug into computers, according to Bastille. And some mouse adaptors are configured to receive keyboard commands as well, letting attackers type commands of their choice even into computers that don't have wireless keyboards, the security firm says.
Logitech released a firmware update for its devices to repair the issue, though the company says it hasn't heard of any reports of computers being hacked through the vulnerability.
"Bastille Security identified the vulnerability in a controlled, experimental environment," according to Logitech. "The vulnerability would be complex to replicate and would require physical proximity to the target. It is therefore a difficult and unlikely path of attack."
Users with certain Dell products are also able to use the Logitech patch, according to a report in Forbes.
A Microsoft spokesperson said in an email that "Microsoft has a customer commitment to investigate reported security issues, and will provide resolution as soon as possible."
The shadowy group of hackers behind the infamous Sony Pictures hack in late 2014 have carried out other digital attacks on U.S. and South Korean targets dating back at least to 2009, according to a report released Wednesday.
The report, released by a coalition of security firms led by Novetta, found that hacking software, techniques, passwords, and encryption keys used in the Sony attack can also be tied to a 2009 series of "denial of service" attacks and a number of attacks on South Korean media, financial, and political targets from 2011 to 2013, suggesting the same group of hackers is behind the attacks. Since the Sony attacks, a malware tool apparently developed by the group, which Novetta has dubbed the "Lazarus Group," has been found in apparent phishing emails targeting a South Korean audience, according to the report.
As recently as October 2015, the malware was found linked to a forged Korean-language document "asking speakers at the Society for Aerospace System Engineering's (SASE) 2015 autumn conference to register their papers." The document exploited a bug in a Korean-language word processor to deliver malware, according to the report.
"This same vulnerability, patched in September 2015, was reportedly exploited in zero-day attacks tied by researchers to North Korean threat actors," according to the report.
The Federal Bureau of Investigation has said it believes the North Korean government sponsored the Sony attack.
Novetta and other security firms involved in the report, including Kaspersky Lab, Symantec, AlienVault, and Trend Micro, have begun distributing digital signature data identifying the malware used by the group.
Match's early users and employees shared memories of when they first used their computers to dial up to the outside world—to CompuServe, to the Bay Area's Whole Earth 'Lectronic Link , or to one of the other local bulletin board systems that dotted the country in the late '80s and early '90s.
I was a little too young to have really experienced the BBS era, and I was a little too embarrassed to admit where I first learned that people could use computers to talk to each other: from an oddly futuristic Hardy Boys book I read somewhere around the fourth grade.
But a quick, nostalgic Amazon search turned up the book in question, available for just a penny (plus shipping). Terminal Shock, I rediscovered a few days later, introduced the crime-solving teen brothers and their impressionable fans to designer drugs, top-secret superconducting microchips, and evidence buried in encrypted emails, somehow all within a few square miles of the boys' suburban hometown.
Terminal Shock
In between bursts of G-rated sibling rivalry—the phrase "stick a sock in it" appears by the fourth page—boy detectives Frank and Joe Hardy even wrestle with mass email surveillance, years before high-speed home Internet.
"Glad to hear you've got that AT clone up and running, with that 4800 baud modem," the boys read in an email from a friend. "Bet that 386 processor really screams!"
All that modem talk is just so much gobbledygook to Joe, the younger Hardy. Pages later, the brothers receive an urgent instant message from the operator of their hometown bulletin board. They'll soon find him in a coma, the victim of a genetically engineered "designer poison" doctors say will kill him within a week. The main apparent clue is the email archive for the system, contained on an encrypted floppy disk. When the boy detectives uncover the password to unlock the disk, they continue their investigation in a way that seems oddly topical—and more than a little disturbing—today: reading through each user's private email inbox on the system until they find a clue.
Looking back, the plot line seems not only oddly futuristic for 1990, when the World Wide Web was in its infancy, but also atypically dark for a children's mystery series I generally remember as the literary equivalent of Scooby-Doo.
So I set out to learn how the teen detectives came to take on the not-quite-Net so early, and how its author might feel today about the Hardys' mass-surveillance approach to crime solving.
Like all the Hardy Boys books since the series' debut in the 1920s, Terminal Shock was published under the pen name Franklin W. Dixon. Dixon never really existed—the series was originally written by Canadian journalist Leslie McFarlane under the direction of editor Edward Stratemeyer, who also created the Nancy Drew, Bobbsey Twins, and Tom Swift series at around the same time. (Another Stratemeyer series, called The Motion Picture Chums, has since been studied for its depiction of the early film industry, at a time when movie studios and theaters were the tech startups of the day.)
In the 1980s, the Hardy Boys and Nancy Drew books were being published by Simon & Schuster and written by a new generation of Franklin Dixons. I contacted Simon & Schuster to see if they could put me in touch with the ghostwriter, but a spokeswoman for the publisher wasn't able to locate Hardy Boys records pre-1998. She did mention, though, that the books were put together by New York book packaging firm Mega-Books Inc.
New York state records indicated the company hadn't been active in a decade, but I reached out to the former Mega-Books executives I could locate online. A few weeks later, I got a call from Christopher Lampton, the author of Terminal Shock.
Lampton says he was one of a number of freelancers recruited by Mega-Books editor William McCay to modernize the series for a new generation of readers. "He didn't want to do your father's Hardy Boys," says Lampton, who'd go on to write 11 books for the series.
Lampton had previously written science and technology books for children and adults, as well as some science fiction. He'd even ghostwritten for a Stratemeyer-style series called The Thorne Twins, whose protagonists solved mysteries in accordance with Christian principles. Working with McKay, Lampton says he drew on his own background in science, as well as some experience working in radio and television, for Hardy Boys ideas.
Danger on the Air
One of his books, called Danger on the Air, is set at a local TV station; another, called Rock 'n Roll Renegades, saw Joe as a disc jockey facing off against nefarious pirate radio broadcasters.
"To tell you the truth, I used it as an excuse to write about all these corny ideas," says Lampton. "Hardy Boys—what a perfect excuse to write about all these ideas I had floating around my head since I was a teenager."
Lampton, who says he's recently focused more on technical and nonfiction writing, started using CompuServe in 1983 and thought that his young readers would enjoy a book set in the digital world.
"Even then, the joke was that kids knew more about computers than adults," he says. "I tried to write about the technology that would be available at the time, because I knew a lot of kids would know about that."
And the plot fit the guidelines of Mega-Books's "series Bible," which Lampton says depicted the elder Frank as "more willing to use his brains" and tools like computers. "We were very careful never to portray them exactly as geeks," he recalls.
Throughout the book, as the boys solve the mystery, Frank pauses frequently to explain tech terminology to technophobic Joe and, of course, to less-than-savvy young '90s readers like myself. "It's kind of like recording tape, except that it's round and flat instead of long and skinny," he says of a floppy disk.
"I assumed some of the audience would relate to that, since some of the people who were running these local bulletin boards in my area were kids," says Lampton.
The wholesome Hardy formula sometimes meshes awkwardly with the book's dark subject matter: At one point, the boys meet the comatose poisoning victim's girlfriend for pizza at "a favorite hangout for Bayport teenagers." She declines a second pepperoni slice, saying she's too worried to have much appetite. "I had to stretch this thing out to the length of a book," Lampton points out, not unfairly. "I'm glad I had the girlfriend make the comment that it was inappropriate."
The technical details were mostly accurate, he recalls, designed to be just slightly ahead of the book's time. The major miscalculation he remembers: the emailed boast about a 4800-baud modem. Modem technology mostly went straight from 2400 baud, or bits per second, to 9600, with few devices sending data at the rate in between, he recalls.
And while indiscriminate warrantless email snooping now feels out of character for the wholesome Hardy Boys, local BBS email was a much less personal medium in 1990 than our email accounts are today, Lampton says.
"Let's put it this way: Hillary Clinton wouldn't be sending emails to one of her embassies over one of these systems," he says.
Jails and prisons are often slow to introduce new technology but thousands of inmates in state institutions across the country are now taking courses on specialized tablets designed for use behind bars, through a unique arrangement with prison tech company JPay.
"We have inmates who are currently earning college credits for the first time ever," says JPay founder and CEO Ryan Shapiro.
JPay has offered tablets and media players since 2008 that let inmates do things like buy music and games and draft emails to loved ones outside the prison, and the company released a learning management system called Lantern for the devices last fall.
Lantern lets inmates read course material and complete quizzes, papers, and other assignments on JPay's tablets, letting them upload and download course materials and messages to instructors using in-prison kiosk computers, Shapiro says.
About 7,000 students in Ohio, Washington, and Georgia prisons are now studying for their high-school equivalency degrees or taking courses offered by local colleges with the help of the devices, he says.
JPay has come under fire in the past for the fees it charges for its various offerings, including transferring funds to prisoners and various digital services that can be dramatically more expensive than outside of prison—at one Ohio prison, for instance, the company advertises that it charges $9.90 for a 30-minute "video visitation" session with loved ones outside the prison and at least 20 cents per page of inbound or outbound email.
That's different from how prisons handle less high-tech forms of communication, notes Alex Friedmann, the associate director of the Human Rights Defense Center, which has criticized JPay and other prison services companies in the past.
"If you want to send them a letter, you don't have to pay the jail some kind of additional fee to deliver the letter to them," he says, adding that the cost for these new services shouldn't become a burden to inmates and their families. "The cost of our criminal justice system should be borne by everyone just like our public school costs is borne by everyone."
Shapiro says that JPay's new educational material is offered free of charge and tablets are sold "at cost."
The locked-down tablets, which have transparent plastic bodies for easy inspection and run a custom version of Android, don't have ordinary Internet access and can only install content approved by JPay and prison officials. But the company announced last week that it's now also offering prisoners free access to Khan Academy educational videos through the Foundation for Learning Equality's KA Lite program,which offers access to the materials without an Internet connection.
JP5 Mini
"In Georgia, we have just eclipsed over 100,000 Khan Academy video downloads," says Buster Evans, the state's assistant commissioner of inmate services. The most popular video so far is an astronomy lesson focusing on the "birth of stars," a subject included in the GED curriculum, he says.
The state plans to use inmate benefit funds, derived from non-taxpayer sources like prison commissary sales, to distribute the tablets to each of Georgia's 37,000 state inmates, he says. The devices also let inmates access a variety of books—some for free and some for pay—and take quizzes to prep for the GED exam, he says.
And in addition to helping inmates study outside of formal classroom programs, which might only run for a couple of hours per day, prison officials have found the tablets help to keep the inmates occupied and well behaved, Evans says.
"The first couple nights after they've gotten their devices, they say it's the quietest it's ever been," he says.
Younger inmates often help older prisoners, who haven't previously been exposed to tablets and smartphones, learn to use the machines, he says.
In other prison systems, inmates or their families can purchase the tablets, generally for about $50 or $60, Shapiro says. So far, the company has distributed about 70,000 of the devices nationwide.
Friedmann points out that educational materials that make prison authorities more likely to buy tablets for inmates ultimately leads to a larger market for JPay's music, email, and other services.
"The customer is actually the corrections agency," he says. "It's not actually the inmates—they're not the ones buying the tablet."
JPay declined to provide any specifics on its own financials, and company spokeswoman Jade Trombetta said in an email that figures reported in a critical 2014 report by the Center for Public Integrity were "inaccurate and inflated." In one document filed as part of a 2014 bid to provide "inmate banking services" to the West Virginia prison system, the company said it expected to process more than $1 billion in funds transfers that year.
Shapiro says the company's always offered money transfer prices at least as favorable as Western Union, and that its systems are more convenient than previous alternatives like delivering cash to prisons to deposit in inmate accounts.
And while the company charges fees for services that can be had essentially for free in the outside world, like email and video conferencing, Shapiro says JPay generally bears the up-front cost of wiring prisons to provide electrical power and network connectivity to its secured kiosk machines and providing the infrastructure to let prison officials review communications.
"I don't know anyone that builds systems, hires people, spends millions of dollars on infrastructure for free," he says.
The virtual "stamps" inmates and their families spend to send email are cheaper than snail mail, and unlike home users who pay a monthly fee to Internet service providers, inmates only pay for the services they use, he says.
"If [critics] looked at our money and looked at our margins, we don't make more money than any other business in the United States," he says.
The revenue from JPay's existing businesses is effectively subsidizing its free educational offerings, Shapiro says.
"We have a very, very big team currently just dedicated to education," he says. "We're talking about a whole, basically, division that doesn't make any money."
"Any time you have complete non-regulation and a literally captive audience, which is what you've got in this case, you need some regulation to rein that in," he says.
In a pair of interviews on RT and CNN, antivirus pioneer John McAfee implied that the Federal Bureau of Investigation should be able to hack the locked iPhone tied to the San Bernardino shooting suspect in as little as half an hour.
But his explanation for how the phone's content can be accessed—by having a hardware engineer essentially extract the iPhone's onboard software for a software expert to scour for the passcode used to access the phone—is at odds with ordinary security practices and Apple's own description of its passcode features.
"What he is looking for is the first access to the keypad, because that is the first thing you do, when you input your [passcode],"McAfee told RT. "It'll take half an hour. When you see that then he reads the instructions for where in memory this secret code is stored—it is that trivial—a half an hour."
But for McAfee's method to work, the iPhone's passcode would have to be stored as unencrypted text on the device itself to be compared with what the user enters, which violates decades of digital security practices and is unnecessary for the iPhone to operate.
According to Apple's security documents, the passcode entered by the user is combined with a device identifier to create a key used to encrypt and decrypt user data. A built-in time delay prevents an unauthorized user from trying too many passcodes too quickly, and too many bad passcode attempts will cause the phone to erase itself.
The FBI has argued that it needs Apple to create a modified version of the iPhone's software to circumvent that limit and allow it to determine the alleged shooter's passcode by brute force, effectively virtually trying each possible passcode until one unlocks the phone. Apple, along with privacy advocates including McAfee, argue that the modified software could be used by hackers to decrypt other iPhones as well, endangering iPhone users around the world.
"There has never been a single issue of a master key or a backdoor being placed in software that was not accessed within a matter of weeks by foreign agents or black hat hackers," McAfee told CNN.
McAfee, who is currently seeking the Libertarian Party presidential nomination, told critics on YouTube that he simplified his description of the iPhone's security to make it understandable to the press.
"I look like an idiot because I am speaking to idiots,"he wrote. "Can you imagine me explaining the A7 or A6 chip architecture, secure enclave co-processors, isolated memory, UIDs, etc. I did the only thing I could do—drag them, kicking and screaming into the early 1980s."
A coalition of privacy groups including the American Civil Liberties Union, the Electronic Privacy Information Center, and New America's Open Technology Institute wrote to the Federal Communications Commission Monday calling on the telecom regulator to limit how broadband and cable providers use personal data about viewing and browsing habits.
"ISPs currently play a leading role in the complex ecosystem of online behavioral
advertising and related forms of data-driven, targeted marketing," the groups warned. "These companies are showing an increased interest in monetizing the data they collect about their customers, and they are leveraging their position as gatekeepers to the Internet to harness this data in powerful and invasive ways."
Verizon has in place sophisticated ad-targeting and consumer-tracking technology for mobile users, and Comcast has said it would share cable set-top box analytics data with its NBCUniversal content division, the groups said.
"Comcast is able to harvest 'terabytes of unstructured data' from the set-top boxes it controls, which it then enriches with demographic information to provide data 'more meaningful to advertisers,' including those targeted via 'Comcast's IP-based systems,'" the groups wrote.
And even when consumers connect to websites through encrypted connections, Internet providers can still track which sites are visited when, potentially revealing data like "when a user has recently become employed or given birth to a child," the groups warned.
They called upon the FCC to adopt stricter rules than those often imposed by the Federal Trade Commission, which they said typically emphasizes notifying consumers of privacy practices.
"Research shows that consumers rarely read privacy policies; when they do, these complex legal documents are difficult to understand," the groups wrote. "Moreover, emphasizing notice or disclosure favors the interests of businesses over consumers and fails to establish meaningful privacy safeguards."
The FCC has lately expressed an interest in adopting privacy rules for broadband providers. A group of telecom industry groups, including the American Cable Association and CTIA—the Wireless Association, sent their own letter last week to FCC Chairman Tom Wheeler urging the commission to adopt policies similar to those now favored by the FTC for other industries.
"Consumers should have consistent and predictable privacy protections for the information they deem private and sensitive, no matter how or with whom they share it," the industry groups wrote. "Consumers also will benefit from a consistent privacy framework that promotes the emergence of new business models and innovative uses of data that foster increased consumer choice and service customization."
New chip-enabled credit and debit cards can help reduce fraud, but they can't eliminate it, particularly since most card readers are still asking consumers to swipe their cards rather than insert the smart chips, say some industry experts.
Stephanie Ericksen, vice president of risk products at Visa, said that as of the end of last year, only about 766,000 U.S. merchant locations—or slightly less than 20% of the U.S. total—had activated new credit card readers, which read a unique code from the cards' chips on each transaction. Those readers make it more difficult for criminals to create counterfeit cards after data breaches, since they can't duplicate the secret data the chips use to generate those codes, she said.
"It's not data that they can use to create counterfeit cards, because they can't replicate that dynamic code that's different in each transaction," Ericksen said.
Since chips also don't transmit a secret code stored on cards' magnetic strips, it's also hard to use stolen chip transaction data to create fake cards for use on traditional card readers. But hackers and fraudsters can still target those merchants that haven't yet activated their chip readers—and it may be some time before all retailers are up to date, according to Ericksen.
"It takes several years to get to critical mass of adoption," she said.
In other countries that have recently moved to chip-enabled cards, it took two or three years before at least 60% of transactions involved chipped cards and chip readers, Ericksen said. And in the meantime, fraudsters learn to target merchants that haven't switched over from traditional magnetic stripe readers.
"They help prevent only one type of fraud—counterfeit fraud—and even then only when you dip the card as opposed to swiping it," NerdWallet's Sean McQuay said in a statement at the time.
Still, merchants without chip readers—who, since October 1, can often face liability for fraud tied to not switching over—can take some steps to weed out counterfeit cards, like verifying that the final four digits of a card number that print on a receipt are the same as on a physical card, said Ericksen.
Consumers still don't face liability for fraudulent charges on their accounts, but they can also take steps to protect themselves, like enabling new security features some card issuers are offering, including making sure transaction locations match cellphone GPS coordinates.
"If you're using your card in Florida, and your phone is in New York, for example, that might look like a much more suspicious transaction than if both you and your phone are in New Orleans," Ericksen said.
Visa is not, however, requiring consumers to enter secret PINs for credit card transactions—something that was deployed in some other countries in conjunction with chip card rollouts, a measure consumer advocates say could help reduce fraud even in online transactions.
"The PIN requirement adds a distinct layer of security and complexity to each transaction that dramatically reduces fraud," wrote Debra Berlyn, the president of Consumer Policy Solutions, in an email to Fast Company. "That's why I believe chip-enabled cards must be coupled with the requirement that consumers enter a PIN to properly authorize a transaction."
But, Ericksen explained, PINs themselves can be stolen, and other technological advances will offer similar protections—like the fingerprint authentication used by mobile payment apps like Apple Pay. New safeguards have led other countries to raise the limits on transaction sizes that can be completed without a PIN.
"We've seen Australia go up to $100 without a PIN, if it's mobile or contactless—Canada has done the same," Ericksen said. "They're really seeing that mobile and these other technologies are providing enhanced security."
Not so long ago, techno-utopians and mainstream politicians agreed that trying to censor the Internet was essentially impossible.
"The 'Net interprets censorship as damage and routes around it," Electronic Frontier Foundation founder John Gilmore famously said.
And even former President Bill Clinton compared trying to control the Internet to "nailing Jell-O to the wall," according to Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations.
"I think the assumption would be if we got the right technology in the right hands, old bureaucracy and powerful organizations couldn't keep up," Segal told Fast Company. "What we've found is they brought significant resources to the table and they were able to structure their Internet in ways that significantly restrict online freedom."
China's government, in particular, realized early on that the Internet was both vital to the country's economic growth—and a threat to the stability of the Communist regime, he says.
"They always kind of looked at it as a double-edged sword," says Segal, who is also CFR's Maurice R. Greenberg senior fellow for China studies.
And they successfully took a three-pronged approach, implementing the technological filters collectively known as the Great Firewall, giving Internet providers and web hosts a powerful incentive to censor content by holding them liable for their users' posts and by simply introducing uncertainty about what's allowed online, leading everyday users to censor themselves, Segal argues.
Legal uncertainty has also helped curtail potentially seditious posts even in countries like Russia with less stringent technological controls, he says.
"Once you actually instill a bit of uncertainty in users, they begin to self-censor," Segal says.
There's still a bit of an ongoing cat-and-mouse game: "Even in China, there's still a lot of ways to get things around the censors," he says, like using homophones of banned words and phrases to evade filtering until censors catch up.
Chinese Internet freedom activists have famously posted references to a mythical animal called the "grass mud horse," a name that forms an obscene pun in Chinese, and its conflicts with "river crabs," whose name evokes the Chinese censorship regime.
"I think there's been a lot of work with civil society [groups] in other countries so they can make that argument in their own society," he says. "We can try to make the economic argument that it's in the countries' own interest to keep the Internet open."
But ultimately, the future Internet is more likely to look like the fragmented network of today than the freewheeling system predicted in the '90s, Segal predicts.
"I just think a lot of people really thought about the implications of technology but didn't really think about how all of these things are still rooted in a place and [there's still] a jurisdiction and sovereignty over them," he says. "Companies still had people that could be arrested, and users still could be arrested."
Nest smart-home products can now figure out if anyone's home.
With a new software update, Nest's cameras, thermostats, and other home automation devices will begin using a mix of phone geolocation data, built-in sensors, and machine learning techniques to figure out if anyone's at home and adjust settings accordingly, the company said.
"Geofencing alone can get it wrong—turn the lights off when someone's home," the Alphabet unit said in a blog post. "Or run the heat when no one is."
The new feature, called Home/Away Assist, will let Nest Cam security cameras turn on when the house is unattended, Nest thermostats turn up the heat when someone comes home, and Nest Protect smoke detectors run audible tests when nobody's home, the company said. The company won't keep track of where users are—only if they're in or out, according to the blog post.
"Home/Away Assist only needs to know if you're home or not," the company says. "And we keep your information safe and secure by encrypting our connections and staying up to date on the latest threats."
The company also announced a new Family Account feature, letting multiple people under the same roof control Nest devices from their phones without sharing logins and passwords. That will also help the company keep better track of whether any family member is in the house, according to Nest.
BuzzFeed has debuted a new ad format called Swarm, which will let advertisers simultaneously target viewers across BuzzFeed's website, mobile apps, and six top social networks, according to Adweek. The product was unveiled at South by Southwest Interactive, during a keynote on Saturday by BuzzFeed CMO Frank Cooper.
Swarm, currently in beta, will allow advertising campaigns to reach consumers through Vine, YouTube, Facebook, Instagram, Tumblr, and Snapchat's Discover channels, Cooper said, as per Adweek's report. BuzzFeed, which boasts more than 5 billion monthly content views, allegedly draws more than half of those views from content posted directly to Facebook and Snapchat.
Comcast's NBCUniversal reportedly first tested the ad format in December to promote Sisters, the comedy starring Tina Fey and Amy Poehler. As a result of that campaign, BuzzFeed's content comprised three out of the top 10 Facebook posts tagged with the movie's hashtag, according to Adweek.
"We're going to open this up for other clients because we think this is a unique proposition for advertisers," Cooper said during the keynote.
One thing Cooper acknowledged, however, is that it can be difficult for advertisers to know how many people are actually seeing their content across different platforms—a challenge BuzzFeed itself has faced in attempting to measure its reach, as outlined in a recent blog post by publisher Dao Nguyen. "We estimate that our current comScore metric of about 80 million UVs represents less than one-fifth of our actual global reach, based on ad hoc data provided by partners," Nguyen wrote in the post.
To give advertisers a more accurate picture of their audience, Cooper said BuzzFeed is using third-party measurement tools to better represent viewership across social media platforms.
Move over, Siri. Dag Kittlaus, the creator of Apple's iconic virtual assistant, is working on a next-generation "global brain" called Viv that's said to be more intelligent and adaptable than Siri and her current competitors.
"Siri was chapter one, and now it's almost like a new Internet age is coming," Kittlaus said in a talk at South by Southwest Interactive, according to a USA Today report. "Viv will be a giant brain in the sky."
Viv will be able to answer more complex queries, and learn over time based on the questions it's given, the company has said. In a discussion at SXSW with tech writer Steven Levy, who profiled the Viv team for Wired in 2014, Kittlaus said the app will be able to answer questions like "What's the weather near the Super Bowl?" by first determining where the football game is taking place, then searching for weather reports, according to USA Today.
The title of the panel was "Will AI Augment or Destroy Humanity?" and Kittlaus is also working on a science fiction novel about an out-of-control AI bot, according to the report. Viv itself will be more tightly connected to the rest of the online world than Siri, with the company intending to support communication with the system through multiple devices and allowing third-party developers to connect their own services to Viv, according to a recent report in The Guardian. That sounds similar to how third-party companies can integrate with text chat tools like Slack, Facebook Messenger, and Telegram. Uber and online flower delivery service Florist One have already signed on, according to The Guardian.
Viv has declined to say when exactly the product will launch, though Kittlaus has said that 2016 will be a significant year for the company and implied that Viv will continue to grow smarter and more powerful after its launch.
"Viv is taught by the world, knows more than it is taught, and learns every day," according to the Viv website.
Honda is adding features to its $20,000 Honda Civic LX that will make the entry-level car able to drive itself down the highway, reports the Wall Street Journal.
Drivers can take their hands off the wheel and their feet off the pedals when the car's driving in highway conditions with clearly visible lane markings and a vehicle in front for the Civic to follow, according to the report. Carmakers are increasingly adding features such as automatic lane-keeping assistance, adaptive cruise control and automatic breaking to lower-end models, according to the Journal. General Motors is reportedly set to launch a version of the Chevrolet Cruze with similar features later this year.
While manufacturers emphasize that the cars aren't intended to be fully self-driving like the vehicles famously being tested by Google, federal regulators are interested in making the technologies, collectively known as "advanced driver assistance systems," available in more vehicles to help prevent accidents often caused by increasingly distracted drivers, according to the report.
The National Highway Traffic Safety Administration plans to soon include crash-avoidance technologies in its 5-Star Safety Rating program, the agency said in December. The program already includes a checklist of recommended features designed to boost driver awareness, including rear-facing cameras and warnings when the car is about to depart its lane or have a forward collision, according to the agency.
"NHTSA's 5-Star Safety Ratings have set the bar on safety since it began in 1978, and today we are raising that bar," U.S. Transportation Secretary Anthony Foxx said in announcing the changes in December. "The changes provide more and better information to new-vehicle shoppers that will help accelerate the technology innovations that saves lives."
With the amount of content on Medium rapidly growing, the publishing site is adding curated "Collections" to the platform, letting users find posts and writers focusing on a particular topic.
"Discovery is a really big topic, and is something we're continuously working toward trying to improve," says Katie Zhu, the product manager for the feature.
Users of Medium's smartphone apps will now be able to touch tab headers for Collections tied to particular topics—say politics or culture—or events in the news, like the Oscars or Apple's encryption dispute with the government. That will bring them to a set of posts on the topic and give them the chance to follow Medium writers they might not have previously known.
The Collections can also contain links to outside sources, which is something the company took advantage of in a sample post about Apple's battle with the FBI, says Zhu.
"Apple had posted a customer letter on their own website which provided a lot of valuable context and understanding for readers of the story, so we linked to that," she says.
At the beginning, only a small set of Medium "trusted testers" will be able to create new Collections, though the goal is to gradually open up the feature, ultimately potentially allowing all users to create and share their own Collections.
In the meantime, the company will track how the new feature affects the time that users spend reading content on the site—one of the company's most watched metrics—and how it drives interactions, like users following new writers and recommending posts to friends, Zhu says.
"With Collections, this is really just the beginning of what we want to do," she says.
A pilot app from Ford will merge crowdsourced data and information on parking regulations to help guide drivers to a place they're able to park, the company said.
The app, called GoPark, will collect data on parking and traffic conditions from cars whose owners have agreed to install a special tracking device, and use that data to suggest where spots are available.
"With explicit permission from participants, Ford will collect data from cars coming and going from parking spaces in a defined area to predict available spots," the company said. "The predictions are based on available city data plus observed parking patterns such as time of day and location."
The app will also use data on parking regulations in Islington, an area of London where the app is being tested, to indicate whether a parking space is valid and for how long.
Ford has also said it will offer drivers access to parking information through its FordPass app. Drivers will be able to book parking spaces through the ParkWhiz parking marketplace and access parking data through Parkopedia, a crowdsourced parking database.
The Mexican restaurant chain is considering reducing the use of DNA-based testing to detect pathogens in certain ingredients, according to the report. The company, long known for its use of fresh ingredients, has shifted to having some beef products precooked before it arrives in restaurants, where it is marinated and heated on a grill, according to the report.
"Our food safety program is fine and our commitment to food safety remains strong," Chipotle spokesman Chris Arnold wrote in an email to Fast Company. "The sum of the actions we have already taken greatly reduce risk and are we are implementing a very advanced food safety system."
Precooking the beef should reduce the risk of contamination, and Chipotle has also shifted to preparing lettuce and tomatoes outside of restaurants, according to the report. Beef for barbacoa dishes and pork for carnitas items has long been prepared off-site, and the company is considering precooking chicken before it arrives at restaurants, as well, according to the Journal.
"Over the last few months, we have made a number of changes to food safety programs—prepping some produce items in central kitchens, blanching some produce items in our restaurants, testing of ingredients, and several procedural changes in our restaurants—and we are continuing to implement additional measures," Arnold wrote. "Our efforts in this area may include changes from time to time, but anything we change we are changing for the better."
