Department of Justice Won’t Prosecute White Hat Security Researchers

May 20, 2022InformationDepartment of Justice, White HatJenThorpe

The U.S. Department of Justice (DOJ) announced a new policy for charging cases under the Computer Fraud and Abuse Act (CFAA). The purpose appears to be to allow White Hat security researchers to continue doing what they do, without getting arrested for it.

From the DOJ press release:

The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.

Deputy Attorney General Lisa O. Monaco said, “Computer security research is a key driver of improved cybersecurity. The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

The DOJ policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged. This includes: embellishing on an online dating profile contrary to the terms of service of the dating website; creating fictional accounts on hiring, housing, or rental websites; using a pseudonym on a social networking site that prohibits them; checking sports scores at work; paying bills at work; or violating an access restriction contained in a terms of service are not sufficient to warrant federal criminal charges.

In addition, the DOJ made it clear that “the new policy acknowledges that claiming to be conducting security research is not a free pass for those acting in bad faith. For example, discovering vulnerabilities in devices to extort their owners, even if claimed as ‘research’, is not in good faith.”

Vice reported that the new policy addresses decades of uncertainty around the law and security research. According to Vice, the policy comes into effect immediately and all federal prosecutors who wish to charge cases under the CFAA are required to follow the policy.

TechCrunch reported: The Computer Fraud and Abuse Act, or CFAA, was enacted in 1986 and predates the modern internet. The federal law dictates what constitutes computer hacking – specifically “unauthorized” access to a computer system – at the federal level.

According to TechCrunch, CFAA has long been criticized for its outdated and vague language that does little to differentiate between good-faith researchers and malicious actors who set out to extort companies or individuals or otherwise cause harm.

I think the policy change made by the DOJ will help clarify what is considered to be beneficial (such as good-faith research) as compared to those who discover vulnerabilities in devices for the purpose of using to to extort the device’s owner. I’m hoping that the list of things that make courts and commentators confused should now be easier for them to understand.

Twitter Introduces A Crisis Misinformation Policy

May 20, 2022TwitterTwitterJenThorpe

Twitter announced that it is introducing a crisis misinformation policy. It appears to be Twitter’s way of elevating credible information while slowing the spread of misinformation. Twitter announced this policy on May 19, 2022. From the blog post:

Today, we’re introducing our crisis management policy – a global policy that will guide our efforts to elevate, credible, authoritative information, and will help to ensure viral misinformation isn’t amplified or recommended by us during crisis. In times of crisis, misleading information can undermine public trust and cause further harm to already vulnerable communities.

Twitter continued: Alongside our existing work to make reliable information more accessible during crisis events, this new approach will help to slow the spread by us of the most visible, misleading content, particularly that which could lead to severe harms.

Twitter was extremely specific about what it will misinformation during a crisis. The company stated that to determine whether claims are misleading, they require verification from multiple credible, public available sources. Those sources include evidence from conflict monitoring groups, humanitarian organizations, open-source investigators, journalists, and more.

As soon as Twitter has evidence that a claim may be misleading, the company will not amplify or recommend content that is covered by this policy across Twitter. This includes in the Home timeline, Search, and Explore. Twitter will also prioritize adding warning notices to highly visible Tweets and Tweets from high profile accounts, such as state-affiliated media accounts, verified, official government accounts.

Here are examples of Tweets Twitter may add a warning notice to:

False coverage or event reporting, or information that mischaracterizes conditions on the ground as a conflict evolves;
False allegations regarding use of force, incursions on territorial sovereignty, or around the use of weapons;
Demonstrably false or misleading allegations of war crimes or mass atrocities against specific populations;
False information regarding international community response, sanctions, defensive actions, or humanitarian operations.

Strong commentary, efforts to debunk or fact check, and personal anecdotes or first person accounts do not fall within the scope of the policy.

If Twitter finds a Tweet that it concludes is misinformation, the company will put a warning notice on top of that Tweet. The notice will say: This Tweet violated the Twitter Rules on sharing false or misleading info that might bring harm to crisis-affected populations. However, to preserve the content for accountability purposes, Twitter has determined this Tweet should remain available. A person who wants to read the Tweet will be required to click through the warning notice to view the Tweet.

I think it is a good idea for Twitter to put a warning on top of Tweets that violate its crisis misinformation policy. Personally, I don’t want to see graphic violence from a war zone when I’m scrolling through Twitter. As such, if I happen to find a Tweet with the warning on top, I will very likely scroll past it without interacting.

The Verge reported that Twitter’s stronger standards are meant to be limited to specific events. Twitter will initially apply the policy to content concerning the ongoing Russian invasion of Ukraine, but the company expects to apply the rules to all emerging crisis going forward.

TikTok Announces Top Performing Videos Can Become Ads

May 19, 2022Social MediatiktokJenThorpe

TikTok announced that it’s launching a new ad product called “Branded Mission” that will allow creators to connect with brands and possibly receive rewards for videos, TechCrunch reported. According to TechCrunch, with this new ad product, advertisers can crowdsource content from creators and turn top-performing videos into ads.

TikTok posted in its newsroom more information about “Branded Mission”. From the post:

…To make it easier for brands to tap into the creative power of TikTok communities and co-create authentic branded content that resonates with users, we’re launching Branded Mission. Branded Mission is an industry-first ad solution that enables advertisers to crowdsource authentic content from creators on TikTok, turn top-performing videos into ads, and improve brand affinity with media impressions.

According to TikTok, this new form of two-way engagement between brands and creators enables the TikTok community to have a creative hand in the ads that are part of a brand campaign and helps brands discover emerging creators across TikTok.

By using Branded Mission, advertisers can:

Engage the community to participate in branded campaigns: Brands can develop a brief and release it to the creator community to participate in the Branded Mission.

Let creators tell the most relatable brand story in an authentic way: TikTok creators can decide what Branded Missions they are inspired by and choose to participate in the Mission. Brands will select their favorite original creative videos and amplify them through promoted ad traffic.

Discover a diverse ecosystem of creators who are the main drivers of culture on TikTok: Brands now have more opportunities to discover and engage with a broad ecosystem of creative and talented creators. Creators who are at least 18 years old with more than 1,000 followers will be eligible to participate in a Branded Mission.

According to TikTok, eligible creators whose videos are selected by the brand as ads will benefit from a cash payment and boosted traffic. On each Branded Mission page, creators will see the potential earning opportunity before choosing to participate.

It is worth noting that the Federal Trade Commission (FTC) makes it clear that creators have the responsibility to disclose that their content is an advertisement – not the brands responsibility.

“If you endorse a product through social media, your endorsement message should make it obvious when you have a relationship (“material connection”) with the brand. A “material connection” to the brand includes a personal, family, or employment relationship or a financial relationship – such as the brand paying you or giving you free or discounted products or services.”

I think it is a good idea for TikTok to enable a connection between brands and creators. I like that the brands have to be upfront about how much they are willing to pay a creator for allowing the brand to use their creative content. TikTok creators who are looking for a way to increase their income might be ready to create ads for brands.

On the other hand, it is entirely possible that the Branded Mission ads might fail. If the creators do the right thing, and disclose that this is an ad, it could make people decided not to watch it. Some people are going to reject that content specifically because it is yet another ad. In general, people tend to avoid ads as much as possible.

Netflix Lays Off Estimated 150 Staffers

May 18, 2022NetflixnetflixJenThorpe

Netflix is laying off approximately 150 employees across the company, according to an internal memo sent Tuesday and obtained by The Hollywood Reporter. This round of layoffs follows at least 10 full-time staff and contractors working under the editorial division on April 28, 2022. Those workers were part of Tudum Studio, which Netflix launched in December of 2021.

NPR reported that layoffs of employees and contractors for the Netflix site Tudum made waves online. People criticized the company for letting go of staff who had been recently recruited and for the lack of internal marketing of their work.

According to NPR, these layoffs are reflective of a change that Netflix is undergoing. In the wake of controversial programming on its platform, the tech giant recently altered its corporate culture memo to say employees may have to work on projects they find harmful.

Los Angeles Times reported that a spokesperson for Netflix provided the following statement:

“As we explained on earnings, our slowing revenue growth means we are also having to slow our cost growth as a company. So sadly, we are letting around 150 employees go today, mostly U.S.-based. These changes are primarily driven by business needs rather than individual performance, which makes them especially tough as none of us want to say goodbye to such great colleagues. We’re working hard to support them through this very difficult transition.”

According to the Los Angeles Times, a contractor who was part of a team that ran social media content promoting LGBTQ storytelling said, “This felt more of a matter of when, than if.” The contractor, who was not allowed to speak publicly, first became aware of the layoffs through the news, and hours later attended an all-hands on meeting where a group of people were informed they were losing their jobs.

Animation Magazine reported that Netflix was also eliminating two percent of roles from its animation workforce, largely in the U.S. According to Animation Magazine, at the beginning of the month, a trio of animated Netflix Kids & Family projects were nixed from the slate: Jeff King’s Dino Daycare (part of kids’ animation whiz Chris Nee’s initial slate with the streamer), Meghan Markle’s Pearl and Jaydeep Hasrajani’s Boons and Curses.

All of this comes after Netflix cracked down on account sharing (with someone outside of your household).

The Hollywood Reporter stated that in April, during its first-quarter earnings announcement, Netflix revealed it had lost 200,000 subscribers in the quarter and expected to lose an additional 2 million during the second quarter.

Apple Delays And Modifies Its Return To Office Plans

May 18, 2022AppleAppleJenThorpe

Apple, in a blow to its efforts to restore normalcy to its operations, has suspended its requirement that employees return to the office this month for at least three days a week because of a resurgence of COVID-19 cases, The New York Times reported.

According to The New York Times, the reversal was welcome news for thousands of employees who pushed back against the company’s demand that they begin coming to the office three days a week in early May. Earlier this month, the group which calls itself “Apple Together” published a letter calling on the executive team to allow for a hybrid and flexible work schedule, saying they could collaborate remotely using online tools such as Slack and spare themselves hours of commuting.

Personally, I’m not surprised by this change. Apple has a history of changing its COVID policy based on its assessment of what is the right thing to do. For example, in June of 2021, Apple chose to loosen its face mask requirement in Apple Stores as part of its COVID-19 policies in the United States.

Previously, in December of 2020, Apple closed all 53 of its locations in California. In May of 2020, it started gradually reopening stores in South Carolina, Alabama, and Alaska. Later, it began reopening stores with COVID-19 safety measures. In June of 2020, Apple closed 11 stores in Florida, North Carolina, and Arizona out of an abundance of caution. The decisions are made by Apple depended upon the number of COVID cases in a particular area.

9to5Mac noted that, as first reported by Bloomberg, Apple is still requiring employees to work in-person two days per week, but it will not ramp that up to three days per week on May 23 as originally planned.The company is delaying that requirement.

The Verge reported that Bloomberg retail employees in about 100 Apple stores were told that they will again be required to wear a mask.

9to5Mac reported the changes to Apple’s plans come as COVID-19 cases have once again started to increase in the United States and other countries. Hospitalizations are also increasing but at a much slower pace, according to data compiled by The New York Times.

Personally, I think the changes made by Apple are a step in the right direction. Requiring employees to wear masks in Apple stores, and also requiring employees at Apple to wear masks in common spaces (such as meeting rooms and elevators) can help stop the spread of COVID.

The problem I see with Apple’s plan is that it doesn’t really do much to protect workers who are immunocompromised. As someone who is part of that group, I understand how scary it can be to walk into a building that lacks the proper amount of air filtration to keep people like me safe.

Twitter Files Preliminary Proxy Statement for Acquisition by Elon Musk

May 18, 2022TwitterElon Musk, TwitterJenThorpe

There has been a lot of drama since Elon Musk decided to acquire Twitter. This has led to Twitter filing a preliminary proxy statement for acquisition by Elon Musk. It was posted in a press release on May 17, 2022, on PRNewswire.

Twitter Inc. today announced that it has filed its preliminary proxy statement with the U.S. Securities and Exchange Commission in connection with the previously announced agreement for Twitter to be acquired by affiliates of Elon Musk for $54.20 per share in cash.

Twitter is committed to completing the transaction on the agreed price and terms as promptly as practicable.

The preliminary proxy statement contains important information including the background of, and reasons for, Twitter’s transaction with Mr. Musk.

The transaction is subject to the approval of Twitter stockholders, the receipt if applicable regulatory approvals, and the satisfaction of other customary closing conditions, and is expected to close in 2022.

On May 16, 2022: CEO of Twitter Parag Agrawal tweeted a lengthy thread that started with “Let’s talk about spam. And let’s do so with the benefit of data, facts, and context…”

The thread continued with: “First, let me state the obvious: spam harms the experience for real people on Twitter, and therefore can harm our business. As such, we are strongly incentivized to detect and remove as much spam as we possibly can, every single day. Anyone who suggests otherwise is just wrong.”…

Axios reported that Elon Musk responded to Parag Agrawal’s thread with a poop emoji.

Axios also posted a screenshot of a tweet from Elon Musk in which he wrote: “20% fake/spam accounts, while 4 times what Twitter claims, could be *much* higher. My offer was based on Twitter’s SEC filings being accurate. Yesterday, Twitter’s CEO publicly refused to show proof of the <5%. This deal cannot move forward until he does.”

According to Axios, analysts believe Musk is using allegations that Twitter’s user base has more bots than the company claims to either back out of the deal or negotiate down a price, especially now that Twitter’s stock price has plummeted amid a broader market downturn.

What’s really going on? Matt Levine at Bloomberg offered some potential possibilities in a post titled: “Elon Musk Does Not Care About Spam Bots”. From the article:

“…I think it is important to be clear here that Musk is lying. The spam bots are not why he is backing away from the deal, as you can tell from the fact that the spam bots are why he did the deal. He has produced no evidence at all that Twitter’s estimates are wrong, and certainly not that they are materially wrong or made in bad faith. (Musk can only get out of the deal if Twitter’s filings are wrong in a way that would cause a “material adverse effect on Twitter, which is vanishingly unlikely)”…

According to Matt Levine, “…Twitter has published the same qualified estimate – that fewer than 5% of monetizable accounts are fake – for the last eight years. Musk knew those estimates, and declined to do any nonpublic due diligence before signing the merger agreement. He knew about the spam bot problem before signing the merger, as we know, because he talked about it constantly while announcing the merger agreement…

In addition, Matt Levine wrote: “What has happened in the last three weeks? Well, the prices of stocks have gone down, making the $54.20 price that Musk agreed to look a bit rich….”

In my opinion, Elon Musk is having a very expensive temper tantrum because of the reasons Matt Levine explained in his article. It’s not a good look, especially for someone as rich as Elon Musk is. To me, it sounds like Elon Musk is having “buyers remorse” about his decision to buy Twitter.

Don’t Run Your Government On Cryptocurrency

May 17, 2022Informationcrypto crash, cryptocurrencyJenThorpe

On February 2, 2022, Mayor Francis Suarez tweeted: “I’m so excited to announce that the @CityofMiami has received it’s first-ever disbursement from @mineCityCoins totaling $5.25M. This is a historic moment for our city to collaborate with an innovative project that creates resources for our city through innovation not taxation.”

Quartz reported (on May 16, 2022) that MiamiCoin’s creator, an organization called CityCoins, has been no less enthusiastic, portraying the coin as a financial experiment that will empower citizens with a “community-driven revenue stream” while spurring new digital city services.”

According to Quartz, CityCoins announced a similar cryptocurrency for New York in November 2021, and plans to release a coin for Austin, Texas soon. Other cities have launched their own crypto ventures: Fort Worth, Texas, for example, will soon be running bitcoin mining rigs in city hall.

How did cryptocurrency work out for Miami? Quartz explains: Over the last nine months, however, MiamiCoin has lost nearly all of its value, falling about 95% from its September peak to just $0.0032 as of May 13. Its rapid descent has burned investors on the way down, muting the dreams of Miami’s city leaders, and possibly raising red flags for regulators now investigating cryptocurrency transactions.

On April 19, 2022, Mayor Francis Suarez tweeted: “As President of the @usmayors,we’re leaning into this next era of American innovation. Today’s eGov Summit Crypto Panel at @eMergeAmericas welcomes everyone to learn the fundamentals of crypto and the impact this technology will have on democracy!”

Houston Chronicle reported that The Electric Reliability Council of Texas (ERCOT), which manages the state’s electrical grid, is projecting that the explosion in cryptocurrency and other “large load” operators could bring as many as 16 gigawatts of new electricity demand by 2026. That’s about a quarter of the grid’s current capacity and enough to power 3 million homes on a summer day.

Will that work? According to Houston Chronicle – For a state that failed so spectacularly to secure the power supply during last year’s winter blackouts, piling on more demand will be a critical new test, especially in the face of climate change. Last week alone, unseasonably high temperatures drove electricity demand to midsummer levels. Late Friday, the state asked Texans to conserve power after six natural gas-fired power plants tripped offline.

The Atlantic reported about the recent “Crypto Crash”. From the article: …As fear and interest rates spike, investors are selling off their positions and billions of dollars of value are being erased from the industry. By one estimate, more than $200 billion of stock-market wealth has been destroyed within crypto alone, in just a matter of days…

In my opinion, if that much crypto wealth can be so quickly erased, there is absolutely no valid reason for state (or federal) governments to decide to make cryptocurrency into the thing that is going to – supposedly – fund everything. All of it could be gone in the blink of an eye, depending on the market.