Andrea Peterson

At least the internet hasn't crashed: Ajit Pai on the FCC and COVID-19

In this disorienting and terrifying moment in American history, there's one sliver of good news: The internet seems to be working. Communications networks are surviving an explosion of videoconferencing, distance learning and shelter-in-place streaming. That makes Federal Communications Commission Chairman Ajit Pai very happy. He said his agency has been working with the White House, other federal agencies and private industry to plot out a strategy for keeping Americans connected during this crisis.

What tech wants from Washington amid coronavirus

As the markets crash and foreshadow a potential economic downturn, some people in the tech industry are also asking what Washington can do for them — particularly as Congress weighs stimulus packages to protect future structure of the American economy. Here's what to watch when it comes to the tech industry and the coronavirus recovery effort.

Industry Influence on an FCC Advisory Panel

After high-tech phone network outages hit major US cities in 1991, the Federal Communications Commission chartered an advisory group to help the agency troubleshoot emerging technology issues. Yet instead of helping solve problems, this industry-dominated group has at times been a barrier to strengthening the security of America’s communications. 

Why the US still won’t require SS7 fixes that could secure your phone

Decades later, Signaling System No. 7 (SS7) and other components of the nation’s digital backbone remain flawed, leaving calls and texts vulnerable to interception and disruption. Instead of facing the challenges of our hyper-connected age, the Federal Communications Commission is stumbling, according to documents obtained by the Project On Government Oversight (POGO) and through extensive interviews with current and former agency employees.

President-elect Trump’s pick for attorney general could be bad news for Silicon Valley

President-elect Donald Trump’s pick for attorney general probably wouldn’t have been the tech industry’s first choice. Sen Jeff Sessions (R-AL) is on the opposite side of several issues that are close to Silicon Valley’s heart and related to the Justice Department. Here are some key areas where tech giants could clash with Sen Sessions if his nomination is successful:

Encryption: When Apple and the Department of Justice faced off over an encrypted iPhone used by one of the shooters in a mass killing in San Bernardino (CA), the tech industry rallied around Apple. But Sen Sessions came out strong on the government’s side.

E-mail privacy: Reforming the Electronic Communications Privacy Act to require the government to get a warrant to search the contents of your inbox is something Congress (and the public) generally supports — even if they haven’t managed to get it done yet. But earlier in 2016, Sen Sessions proposed an amendment to an ECPA reform bill that alarmed some privacy advocates.

Immigration: Sen Sessions is a longtime proponent of more limits on immigration. In October, he suggested that the United States may want to do away with the H-1B visa program, which allows companies to recruit foreign workers if they can’t fill positions domestically. That puts him at odds with the tech industry, which generally wants to expand that program. In fact, a group backed by Facebook chief executive Mark Zuckerberg called supports immigration reform — including more H-1B visas. In 2014, an ad campaign from the group rattled Sen Sessions so much that he lashed out at Zuckerberg during a speech on the Senate floor.

Cyberattack that disrupted access to major websites is under investigation

Tens of millions of IP addresses were used to take down popular websites like Twitter and Netflix as part of a massive cyberattack on Oct 21.

Dyn, an Internet middleman company, was the target of the distributed denial-of-service, or DDoS, attack that hit in three waves. Dyn directs traffic when people type a URL into a browser. So the attack on the company caused temporary outages at many of the internet's most widely-trafficked sites. Dyn revealed that a "sophisticated" attack involved "10s of millions of IP addresses." The outages were caused, at least in part, by malware sent by hackers to devices connected to the internet.

Dyn said that the cyberattack is under investigation, and that the company is looking out for other digital assaults. The attack, which Dyn said had been resolved, was notable because the firm says the attackers used an emerging form of malware called "Mirai" to hijack everyday items such as security cameras and DVRs that were connected to the Internet. The attack also highlighted how targeting just one company could create havoc across the Web. "The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and Internet locations," said Kyle York, Dyn’s chief strategy officer. Dyn says it is monitoring for signs of additional attacks. It is still unknown who was behind the attack. The US government is also investigating the incident.

DOS Attack Causes Twitter, Spotify, and Other Major Services To Be Down

Someone attacked a key part of the Internet's infrastructure the morning of Oct 21, causing some major services such as Twitter, Spotify and Airbnb to be inaccessible for some users. The attack targeted Dyn, a company that helps people connect to websites, with a huge amount of traffic in an attempt to knock the service offline, according to Dyn's director of Internet analysis, Doug Madory. The digital assault appears to have started around 7:30 am Eastern, and Dyn said it was resolved at roughly 9:20 am.

dThe service Dyn provides is called the Domain Name System. It works sort of like a phone book for the Internet — it translates URLs into the numerical IP addresses for the servers that actually host sites so your browser can connect to them. This type of attack is commonly known as a distributed denial of service, or DDoS attack. The effects of the attack were intermittent, and many of the details remain scarce, although it appears to have primarily affected users on the East Coast, according to Dyn.

Why Apple can be forced to turn logs of your iMessage contacts over to police

When a user sends someone a message through Apple’s iMessage feature, Apple encrypts that message between Apple devices so that only the sender and recipient can read its contents. But a report from news site the Intercept is a good reminder that not all data related to iMessage has that same level of protection -- and that information can still be turned over to law enforcement authorities. That may be surprising to everyday users who view Apple as a privacy champion after it's legal battle with the Justice Department this year over a court order that would force the company to break its own security measures. But to experts, it's just a fact of how communication systems work. For instance, as security expert and noted iPhone hacker Will Strafach notes, Apple needs to know things such as whom you're chatting with via iMessage so that it can deliver your messages.

According to a document obtained by the Intercept, Apple logs information about whom you're contacting in iMessage while the app figures out if the person you are texting is also using an iOS device. If they are using iOS, the message gets encrypted and routed through iMessage, which is signaled by blue chat bubbles. If the recipient is not using an Apple device, the message gets routed as a standard text without that extra layer of encryption, and messages appear in green bubbles in the iMessage app. According to the document, which the Intercept says originated "from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team," these logs don’t necessarily show that you messaged someone. Instead, they show when you opened up a chat window and selected the contact or entered a phone number.

How this social network for neighborhoods is trying to fix its racism problem

What do you do when your social network ends up revealing racism in users' back yards? That's the problem Nextdoor, a site that connects people who live in the same area, is trying to tackle. Think of Nextdoor as Facebook, but for your neighborhood: People sign up with their address and then share local news, reunite lost puppies with their owners and report potential safety or crime issues.

But Nextdoor has faced criticism for posts from some of the site's more than 10 million registered users that have veered into racial profiling -- especially concerning crime and safety alerts. In some cases, neighbors would flag "suspicious behavior" by noting the race of someone doing something like walking a dog or knocking on doors. Community groups like Neighbors for Racial Justice in Oakland (CA) are fighting back by raising awareness about the issue and rallying local leaders.

NSA’s use of software flaws to hack foreign targets posed risks to cybersecurity

To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant. Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide. Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.