|From: Glenn Petersen||12/17/2019 8:49:19 PM|
|'They’ve been blindsided’: Silicon Valley wakes up to Sacramento |
By KATY MURPHY
12/16/2019 07:16 PM EST
SACRAMENTO — The powerful tech giants of Silicon Valley may wield some of the biggest lobbying budgets in Washington, but they have been comparatively absent in their home state’s capital — where they are now on the defensive.
California caught the world by surprise last year when it passed the nation’s strongest data privacy law, instantly making Sacramento one of the most important regulators of global tech. As members of the California legislature forged the deal on a defining challenge of the digital age, the internet companies were slow to awaken to the threat, and brought few of their considerable resources to bear.
The combined lobbying firepower of Google, Facebook and two major tech trade associations amounted to just $235,000 in the three months leading up to the vote, compared with $3 million from the four biggest oil interests. Facebook, then mired in the Cambridge Analytica scandal, spent less than $18,000 that quarter, according to disclosure records.
The business community’s recent attempts to roll back parts of the privacy law, which takes effect in January and will give consumers more control over personal data, hasn’t gone much better, further underscoring the disconnect between Silicon Valley and its powerful neighbors a two hours' drive away.
The Washington travails of Mark Zuckerberg and other Silicon Valley czars are well-known, and tech companies have been grappling with aggressive European regulators eager to rein them in for years now — the European Union has the world’s most stringent privacy law. But the companies’ reluctance to plunge into California politics has hurt them, strategists say, as they grapple with proposals from state lawmakers and a ballot initiative system that has produced two data-privacy campaigns in less than three years.
“You just get the sense that they feel that Sacramento is on the other side of the moon,” said Andrew Acosta, a Democratic strategist.
That light touch looks to be changing as California dives deeper into data-privacy regulation. Facebook, Google and the trade groups TechNet and the Internet Association are on track to boost their combined lobbying spending by more than 80 percent this year and next, compared to the last two-year legislative session. Those four groups spent a combined $1.3 million to influence policymakers in the first nine months of the year. And Facebook has just hired a well-connected Sacramento insider, Mona Pasquil Rogers, to run its California policy shop.
But is it too late? Souring public sentiment about tech’s role in society and daily life may undermine companies’ efforts to shape policy in Sacramento, where even business-friendly Republicans have raised alarms. California’s ballot initiative process adds another layer of unpredictability.
This year’s tech lobbying blitz, to the surprise of many, did not yield major carveouts in the new Privacy Act. What’s more, the consumer privacy advocate behind the law, Alastair Mactaggart, said he was so concerned by such efforts to water it down that he decided to advance a second ballot initiative for 2020. The new version would add new consumer protections — and prevent the Legislature from making any changes that would weaken the Privacy Act.
That could explain why tech companies who don’t like California’s new privacy rules are leaning on Washington for regulations that would supersede state laws — an end-run on Sacramento. Last month, a tech and telecom-funded foundation helped send a delegation of California lawmakers to Washington. In meetings with their counterparts in Congress, the tech-friendly caucus discussed the flaws in California’s law and the merits of federal preemption, one of the organizers told POLITICO.
One might assume state politicians facing reelection would shiver at the thought of alienating a company worth the GDP of Argentina or Saudi Arabia. And to be sure, the sector does have friends in the Legislature. But a closer look at campaign finance records shows that Big Tech has not been a big player in candidate races.
Facebook is by far the sector’s biggest spender, with $1.7 million in contributions since 2009 (excluding those made by a former company executive to his own campaign for attorney general in 2010). Google has spent $959,000, state records show, while Apple has given just $256,000.
Compare that to $5.3 million that AT&T funneled into candidates’ coffers during that period, and $6.2 million from labor powerhouse SEIU.
In fact, strategists say, some progressive lawmakers might even welcome opposition from companies like Facebook. “If Facebook did a big independent expenditure against Buffy Wicks,” Acosta said, pointing to a first-term assemblywoman who has championed privacy rights, “Buffy Wicks would say, 'Bring it on!’”
“It’s telling that candidates running for president are now using Mark Zuckerberg in their ads and highlighting him as a negative,” he added. “Facebook’s on the ground and everyone’s kicking them.”
Facebook and Google declined to comment.
Amazon’s foray into local politics offers a cautionary tale. The company suffered a public relations backlash and electoral defeat in November after pouring nearly $1.5 million into a PAC backing business-friendly candidates for Seattle City Council.
But another veteran Sacramento strategist thinks it is even riskier for tech to remain on the sidelines. Steve Maviglio, a ballot initiative consultant, believes the industry’s ambivalence about publicly opposing the 2018 data-privacy initiative created an opening for California’s privacy law.
Maviglio was hired by a tech and telecom coalition to fight the initiative. But rather than pledge millions to defeat it, he said, the companies took a wait-and-see approach, not wanting to be the first to jump. The first contribution didn’t come until February 2018, four months after the initiative was filed, campaign records show. That April, reeling from the Cambridge Analytica fallout, Facebook announced it would no longer fight the privacy measure.
The initiative had strong polling, and in June the Legislature unanimously passed the Privacy Act as part of a deal to get it off the ballot. By passing it in the Capitol, lawmakers regained the power to make changes without going back to the voters.
“There was a fundamental misunderstanding of how the initiative system worked and what they had to do,” Maviglio said. “It was painful to try to get them engaged, and frankly, that’s one of the reasons the Privacy Act passed last year. They simply didn’t know how to engage and head it off.”
Roger Salazar, another veteran Democratic consultant, drew a contrast between the tech startups of today and the hardware and software giants like Hewlett Packard and Apple that ruled Silicon Valley in the 1980s. The valley’s first generation companies tended to hire “old school” executives, he recalled, “types of corporate managers who understood how to deal with government.”
Newer tech businesses don’t tend to have the same kinds of safeguards or relationships, he said, possibly because they’ve grown at such a dizzying rate.
“I think they’ve been blindsided,” Salazar said, “because they didn’t understand the process, they didn’t understand the environment they were operating in, they didn’t understand the political system in California.”
The tipping point for Facebook’s image — in Sacramento and just about everywhere else — was the Cambridge Analytica scandal that exploded in early 2018. The British consulting firm hired by the Trump campaign acquired data from millions of the social network’s users that had been gathered without their knowledge and used it to try to manipulate likely voters with political ads before the 2016 election.
Google’s data-gathering practices and market dominance has also been under the microscope, especially as the company expands into the personal health realm and tries to acquire Fitbit.
In early November, California Attorney General Xavier Becerra revealed an ongoing probe into Facebook’s handling of personal data stemming from Cambridge Analytica. Becerra, a former Southern California congressman, also announced he was suing the company for allegedly stonewalling his investigation.
In a sign of the company’s fall from grace, Becerra’s reelection campaign used the news as fundraising fodder.
“Xavier sued Facebook,” read the email blast. “Big Tech is no longer an infant. These corporations are running at Olympic speed. It’s time for the industry to be treated as an adult.”
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||12/22/2019 10:04:39 AM|
|Triton is the world’s most murderous malware, and it’s spreading|
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
by Martin Giles
MIT Technology Review
Mar 5, 2019
As an experienced cyber first responder, Julian Gutmanis had been called plenty of times before to help companies deal with the fallout from cyberattacks. But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold.
The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.
The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.
The first outage was mistakenly attributed to a mechanical glitch; after the second, the plant's owners called in investigators. The sleuths found the malware, which has since been dubbed “Triton” (or sometimes “Trisis”) for the Triconex safety controller model that it targeted, which is made by Schneider Electric, a French company.
In a worst-case scenario, the rogue code could have led to the release of toxic hydrogen sulfide gas or caused explosions, putting lives at risk both at the facility and in the surrounding area.
Gutmanis recalls that dealing with the malware at the petrochemical plant, which had been restarted after the second incident, was a nerve-racking experience. “We knew that we couldn’t rely on the integrity of the safety systems,” he says. “It was about as bad as it could get.”
In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk. Safety instrumented systems aren’t just found in petrochemical plants; they’re also the last line of defense in everything from transportation systems to water treatment facilities to nuclear power stations.
Triton’s discovery raises questions about how the hackers were able to get into these critical systems. It also comes at a time when industrial facilities are embedding connectivity in all kinds of equipment—a phenomenon known as the industrial internet of things. This connectivity lets workers remotely monitor equipment and rapidly gather data so they can make operations more efficient, but it also gives hackers more potential targets.
Those behind Triton are now on the hunt for new victims. Dragos, a firm that specializes in industrial cybersecurity, and where Gutmanis now works, says it’s seen evidence over the past year or so that the hacking group that built the malware and inserted it into the Saudi plant is using some of the same digital tradecraft to research targets in places outside the Middle East, including North America. And it’s creating new strains of the code in order to compromise a broader range of safety instrumented systems.
News of Triton’s existence was revealed in December 2017, though the identity of the plant’s owner has been kept secret. (Gutmanis and other experts involved in the initial investigation decline to name the company because they fear doing so might dissuade future targets from sharing information about cyberattacks privately with security researchers.)
Some notable cyber-physical threats2010 ?? StuxnetDeveloped by America’s National Security Agency, working in conjunction with Israeli intelligence, the malware was a computer worm, or code that replicates itself from computer to computer without human intervention. Most likely smuggled in on a USB stick, it targeted programmable logic controllers which govern automated processes, and caused the destruction of centrifuges used in the enrichment of uranium at a facility in Iran.2013 ?????? HavexHavex was designed to snoop on systems controlling industrial equipment, presumably so that hackers could work out how to mount attacks on the gear. The code was a remote access Trojan, or RAT, which is cyber-speak for software that lets hackers take control of computers remotely. Havex targeted thousands of US, European, and Canadian businesses, and especially ones in the energy and petrochemical industries.2015 ?? BlackEnergyBlackEnergy, which is another Trojan, had been circulating in the criminal underworld for a while before it was adapted by Russian hackers to launch an attack in December 2015 on several Ukranian power companies that helped trigger blackouts. The malware was used to gather intelligence about the power companies’ systems, and to steal log-in credentials from employees.2016 ?? CrashOverrideAlso known as Industroyer, this was developed by Russian cyber warriors too, who used it to mount an attack on a part of Ukraine’s electrical grid in December 2016. The malware replicated the protocols, or communications languages, that different elements of a grid used to talk to one another. This let it do things like show that a circuit breaker is closed when it’s really open. The code was used to strike an electrical transmission substation in Kiev, blacking out part of the city for a short time.Over the past couple of years, cybersecurity firms have been racing to deconstruct the malware—and to work out who’s behind it. Their research paints a worrying picture of a sophisticated cyberweapon built and deployed by a determined and patient hacking group whose identity has yet to be established with certainty.
The hackers appear to have been inside the petrochemical company’s corporate IT network since 2014. From there, they eventually found a way into the plant’s own network, most likely through a hole in a poorly configured digital firewall that was supposed to stop unauthorized access. They then got into an engineering workstation, either by exploiting an unpatched flaw in its Windows code or by intercepting an employee’s login credentials.
Since the workstation communicated with the plant’s safety instrumented systems, the hackers were able to learn the make and model of the systems’ hardware controllers, as well as the versions of their firmware—software that’s embedded in a device’s memory and governs how it communicates with other things.
It’s likely they next acquired an identical Schneider machine and used it to test the malware they developed. This made it possible to mimic the protocol, or set of digital rules, that the engineering workstation used to communicate with the safety systems. The hackers also found a “zero-day vulnerability”, or previously unknown bug, in the Triconex model’s firmware. This let them inject code into the safety systems’ memories that ensured they could access the controllers whenever they wanted to.
Thus, the intruders could have ordered the safety instrumented systems to disable themselves and then used other malware to trigger an unsafe situation at the plant.
The results could have been horrific. The world’s worst industrial disaster to date also involved a leak of poisonous gases. In December 1984 a Union Carbide pesticide plant in Bhopal, India, released a vast cloud of toxic fumes, killing thousands and causing severe injuries to many more. The cause that time was poor maintenance and human error. But malfunctioning and inoperable safety systems at the plant meant that its last line of defense failed.
More red alerts
There have been only a few previous examples of hackers using cyberspace to try to disrupt the physical world. They include Stuxnet, which caused hundreds of centrifuges at an Iranian nuclear plant to spin out of control and destroy themselves in 2010, and CrashOverride, which Russian hackers used in 2016 to strike at Ukraine’s power grid. (Our sidebar provides a summary of these and other notable cyber-physical attacks.)
However, not even the most pessimistic of cyber-Cassandras saw malware like Triton coming. “Targeting safety systems just seemed to be off limits morally and really hard to do technically,” explains Joe Slowik, a former information warfare officer in the US Navy, who also works at Dragos.
Other experts were also shocked when they saw news of the killer code. “Even with Stuxnet and other malware, there was never a blatant, flat-out intent to hurt people,” says Bradford Hegrat, a consultant at Accenture who specializes in industrial cybersecurity.
It’s almost certainly no coincidence that the malware appeared just as hackers from countries like Russia, Iran, and North Korea stepped up their probing of “critical infrastructure” sectors vital to the smooth running of modern economies, such as oil and gas companies, electrical utilities, and transport networks.
In a speech last year, Dan Coats, the US director of national intelligence, warned that the danger of a crippling cyberattack on critical American infrastructure was growing. He drew a parallel with the increased cyber chatter US intelligence agencies detected among terrorist groups before the World Trade Center attack in 2001. “Here we are nearly two decades later, and I’m here to say the warning lights are blinking red again,” said Coats. “Today, the digital infrastructure that serves this country is literally under attack.”
At first, Triton was widely thought to be the work of Iran, given that it and Saudi Arabia are archenemies. But cyber-whodunnits are rarely straightforward. In a report published last October, FireEye, a cybersecurity firm that was called in at the very beginning of the Triton investigation, fingered a different culprit: Russia.
The hackers behind Triton had tested elements of the code used during the intrusion to make it harder for antivirus programs to detect. FireEye’s researchers found a digital file they had left behind on the petrochemical company’s network, and they were then able to track down other files from the same test bed. These contained several names in Cyrillic characters, as well as an IP address that had been used to launch operations linked to the malware.
That address was registered to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow, a government-owned organization with divisions that focus on critical infrastructure and industrial safety. FireEye also said it had found evidence that pointed to the involvement of a professor at the institute, though it didn’t name the person. Nevertheless, the report noted that FireEye hadn’t found specific evidence proving definitively that the institute had developed Triton.
Researchers are still digging into the malware’s origins, so more theories about who’s behind it may yet emerge. Gutmanis, meanwhile, is keen to help companies learn important lessons from his experience at the Saudi plant. In a presentation at the S4X19 industrial security conference in January, he outlined a number of them. They included the fact that the victim of the Triton attack had ignored multiple antivirus alarms triggered by the malware, and that it had failed to spot some unusual traffic across its networks. Workers at the plant had also left physical keys that control settings on Triconex systems in a position that allowed the machines’ software to be accessed remotely.
Triton: a timeline2014Hackers gain access to network of Saudi plantJune 2017First plant shutdown August 2017Second plant shutdownDecember 2017Cyberattack made publicOctober 2018Fireeye says Triton most likely built in Russian labJanuary 2019More details emerge of Triton incident responseIf that makes the Saudi business sound like a security basket case, Gutmanis says it isn’t. “I’ve been into a lot of plants in the US that were nowhere near as mature [in their approach to cybersecurity] as this organization was,” he explains.
Other experts note that Triton shows government hackers are now willing to go after even relatively obscure and hard-to-crack targets in industrial facilities. Safety instrumented systems are highly tailored to safeguard different kinds of processes, so crafting malware to control them involves a great deal of time and painstaking effort. Schneider Electric’s Triconex controller, for instance, comes in dozens of different models, and each of these could be loaded with different versions of firmware.
That hackers went to such great lengths to develop Triton has been a wake-up call for Schneider and other makers of safety instrumented systems—companies like Emerson in the US and Yokogawa in Japan. Schneider has drawn praise for publicly sharing details of how the hackers targeted its Triconex model at the Saudi plant, including highlighting the zero-day bug that has since been patched. But during his January presentation, Gutmanis criticized the firm for failing to communicate enough with investigators in the immediate aftermath of the attack.
Schneider responded by saying it had cooperated fully with the company whose plant was targeted, as well as with the US Department of Homeland Security and other agencies involved in investigating Triton. It has hired more people since the event to help it respond to future incidents, and has also beefed up the security of the firmware and protocols used in its devices.
Andrew Kling, a Schneider executive, says an important lesson from Triton’s discovery is that industrial companies and equipment manufacturers need to focus even more on areas that may seem like highly unlikely targets for hackers but could cause disaster if compromised. These include things like software applications that are rarely used and older protocols that govern machine-to-machine communication. “You may think nobody’s ever going to bother breaking [an] obscure protocol that’s not even documented,” Kling says, “but you need to ask, what are the consequences if they do?”
An analog future?
Over the past decade or so, companies have been adding internet connectivity and sensors to all kinds of industrial equipment. The data captured is being used for everything from predictive maintenance—which means using machine-learning models to better anticipate when equipment needs servicing—to fine-tuning production processes. There’s also been a big push to control processes remotely through things like smartphones and tablets.
All this can make businesses much more efficient and productive, which explains why they are expected to spend around $42 billion this year on industrial internet gear such as smart sensors and automated control systems, according to the ARC Group, which tracks the market. But the risks are also clear: the more connected equipment there is, the more targets hackers have to aim at.
To keep attackers out, industrial companies typically rely on a strategy known as “defense in depth.” This means creating multiple layers of security, starting with firewalls to separate corporate networks from the internet. Other layers are intended to prevent hackers who do get in from accessing plant networks and then industrial control systems.
These defenses also include things like antivirus tools to spot malware and, increasingly, artificial-intelligence software that tries to spot anomalous behavior inside IT systems. Then, as the ultimate backstop, there are the safety instrumented systems and physical fail-safes. The most critical systems typically have multiple physical backups to guard against the failure of any one element.
The strategy has proved robust. But the rise of nation-state hackers with the time, money, and motivation to target critical infrastructure, as well as the increasing use of internet-connected systems, means the past may well not be a reliable guide to the future.
Russia, in particular, has shown that it’s willing to weaponize software and deploy it against physical targets in Ukraine, which it has used as a testing ground for its cyber arms kit. And Triton’s deployment in Saudi Arabia shows that determined hackers will spend years of prodding and probing to find ways to drill through all those defensive layers.
Fortunately, the Saudi plant’s attackers were intercepted, and we now know a great deal more about how they worked. But it’s a sobering reminder that, just like other developers, hackers make mistakes too. What if the bug they inadvertently introduced, instead of triggering a safe shutdown, had disabled the plant’s safety systems just when a human error or other mistake had caused one of the critical processes in the plant to go haywire? The result could have been a catastrophe even if the hackers hadn’t intended to cause it.
Experts at places like the US’s Idaho National Laboratory are urging companies to revisit all their operations in the light of Triton and other cyber-physical threats, and to radically reduce, or eliminate, the digital pathways hackers could use to get to critical processes.
Businesses may chafe at the costs of doing that, but Triton is a reminder that the risks are increasing. Gutmanis thinks more attacks using the world’s most murderous malware are all but inevitable. “While this was the first,” he says, “I’d be surprised if it turns out to be the last.”
|RecommendKeepReplyMark as Last Read|
|From: Ron||1/7/2020 6:06:34 PM|
|Bots Are Destroying Political Discourse As We Know It |
They’re mouthpieces for foreign actors, domestic political groups, even the candidates themselves. And soon you won’t be able to tell they’re bots.
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||1/12/2020 3:27:35 PM|
|Hollywood Bets On a Future of Quick Clips and Tiny Screens|
Entertainment startup Quibi has already won over industry A-listers with its vision for short-form mobile streaming. But will it catch on with viewers?
January 8, 2019
Katzenberg says he spent three hours convincing Whitman to be the CEO of Quibi. “If you don’t ask, you don’t get it,” he says.Photograph: Rozette Rago
TV, but on phones! You know—for kids?
That’s it. That’s the pitch.
The company making that pitch is called Quibi—a portmanteau of “quick bites.” Its product: less-than-10-minute fiction, reality-show, and news videos streamed exclusively to mobile devices. The shows will be high-end, glossy even, with the production values that only international news divisions and Hollywood studios can manage, but they’ll have the rough shape of user-generated content. Disney, but YouTube. Amazon Prime, but TikTok.
Even Quibi’s origin story sounds like a pitch, this time for a buddy comedy: Ex-studio mogul partners with a former big-shot tech CEO for one last big score. The mogul is Jeffrey Katzenberg, former chief of Walt Disney Studios, the K in Dreamworks SKG, most Hollywood of Hollywood people. The CEO is Meg Whitman, former CEO of eBay and Hewlett-Packard. In a world dominated by a market of 18- to 44-year-olds, two old pros come out of retirement to show the kids how things are done.
This is What Hollywood Is Talking About Now.
Partially that’s because the entertainment business is very open to innovation in a time of great change—by which I mean, everything is on fire and people are running around screaming. The old studio-and-network, theater, and broadcast system is melting into a bubbling cauldron of subscription-based streaming services and online video, and the younger viewers at whom advertisers always want to flash their logos are fleeing the old transmission systems for newer ones with weirder names.
Amid that chaos, Quibi has raised $1 billion in investment capital from every major Hollywood studio and most of the major tech companies. It has corralled an A-list tsunami to make programs—Steven Spielberg, Steven Soderbergh, Guillermo del Toro, Anna Kendrick, Zac Efron, Chrissy Teigen, Jennifer Lopez, Antoine Fuqua, Sam Raimi, Catherine Hardwicke, Idris Elba, Kevin Hart, Lena Waithe, NBC News, ESPN, BBC. The whole thing launches in April with a year of advertisements already sold. It’ll cost $4.99 a month with ads or $7.99 without, and the phone company T-Mobile has already promised to bundle subscriptions to customers—neither Quibi nor T-Mobile would say how many.
Quibi is a thing that is happening. Whether it is a thing millennials and Gen Zers will actually look at is a whole other question. It’s what Katzenberg and Whitman are pitching, hard, in a keynote address at CES in Las Vegas. But really, it’ll get answered only when Katzenberg and Whitman press the button to turn the thing on.
Ask people why they signed up to make a thing for Quibi, and they’ll talk about the general clustereffery that show business has become, but they’ll also say, simply, “Jeffrey.” That’s Katzenberg, who is a macher. He is late to our meeting in a glassed-in Quibi conference room because his earlier meeting with Spielberg ran long. He has to leave a little early because he has a phone call scheduled with Tommy Hilfiger. Status: signaled.
In between, Katzenberg explains that he and Whitman have known each other for 35 years, since he was running Disney and she was a VP there. Katzenberg led the Disney animation renaissance—Lion King, Beauty and the Beast, etc.—that the company is still revisiting with live-action remakes.
But things change. He got ousted, with acrimony, in 1994, and just weeks later announced he was starting a new studio with Spielberg and David Geffen … sparking a whole other animation renaissance (Shrek, Kung Fu Panda, etc.). And now, he says with perhaps some satisfaction, people in Hollywood are joking that if you’re not on a project with Quibi, you’re not really a people in Hollywood. (This seems like the right time to disclose that Roger Lynch, CEO of WIRED’s parent company, Condé Nast, is on Quibi’s board, and WIRED is in early talks about having a show on the streamer.)
After Disney, Whitman went on to a series of heavy-hitter companies, from Hasbro to eBay—when, as she says, it was nonobvious that people wanted to buy stuff online. She left HP after six years at the helm; Katzenberg says he was on a plane to Silicon Valley that night to offer the CEO job at Quibi. She was planning to go travel; he pitched her for three and a half hours. He needed what she knew. “If you don’t ask, you don’t get it. If you don’t take a swing, kick the ball, run with it, you don’t score,” Katzenberg says. “I’ve always come from the school: Go for the unattainable. This is honestly the second time in my lifetime when I actually got the absolute perfect, unattainable partner.”
“What was the first?” I ask.
“Steven Spielberg and David Geffen,” he says.
The guy can do a meeting, I’m saying. And it was good teeing-up, too, because this is roughly when Whitman joined us in the conference room.
Despite what everyone else I talked to said, Katzenberg’s own hypothesis for why a large fraction of Hollywood signed up to make Quibi shows has little to do with him, or even with technology. Broadly, it’s a little bit “show” and a little bit “business.”
The “show” part is the next turn of the evolution of story structure, he says. Movies are a couple of hours of story meant to be consumed in a gulp; TV shows you can choose to see as either a unit of 22 minutes or 42 minutes (that’s show minus commercials), or as a however-many-hours-long story taking one season or many.
But in all of those formats, the secret, irreducible unit is the act. As in a play, these are story subsections, akin to chapters. Movies have them, though smart screenwriters disagree about how many and how long they ought to be. In radio and broadcast TV, commercials became de facto act breaks—an hour-long show has roughly five, in the modern construction. “And the first act break is always at—” Whitman says. “—eight and a half minutes,” Katzenberg finishes.
So while short online video seems more like the purview of a social network or YouTube, the fact is that TV and moviemakers already understand the qui in Quibi. (It’s short for “quick” in case you’ve forgotten. Yeah, I’m not really sure about the name either.) They’re already making shows with acts of 10 or so minutes.
They can already imagine series with those constraints—whether they’re single stories told over multiple episodes or anthology-type shows like Sam Raimi’s 50 States of Fright, which will tell different scary stories set in every US state. “What Quibi is doing is taking these two proven sciences and actually converging them together for our ‘lighthouses,’” Katzenberg says, “in which we’re telling a two-hour story in chapters that are seven to 10 minutes long.”
There’s further inducement—a quibi pro quo. The rise of multiple streaming networks, restructurings at various studios, and an ongoing fight between TV writers and the agencies that represent them all sum up to lots of new opportunities for writers, producers, actors, and the production folks who make entertainment for screens. The old, predictable systems and schedules for making all that stuff no longer apply.
That’s scary, but it also creates a landscape of experimentation. “It might be worth thinking of Quibi the way we think of Darpa. Darpa’s job is to think of new stuff that might not work, but if it works it’ll be very important,” says John Rogers, a veteran television writer and showrunner (who doesn’t have a Quibi show). “You can’t predict what the audience is going to respond to. If you could, all television would be good and high-rated, and there would be no executives.”
That’s not only true for drama and comedy. At NBC News’ famed New York headquarters in Rockefeller Center, producer Madeleine Haeringer is building a whole new newsroom for Quibi shows—two every weekday, one a day on weekends. She’s hiring new correspondents, producers, editors, and crew. They start rehearsals in February, aiming not for a traditional anchor-throws-to-correspondents structure but something more in-depth. “Working within that construct is actually pretty great for me,” says Haeringer, who started her news career at NBC, launched Vice News on HBO, and came back to run the Quibi shows.
TV news is already about short bites; the freer Quibi format actually gives Haeringer more flexibility to go in depth, she says. “A lot of the evening news shows don’t do [segments of] two minutes or more, and that’s fine. It’s great for them. But if I need seven minutes, I can do it.”
That sounds good for news—but why not do it online, or on NBC's own incipient streaming network Peacock? “It’s an emerging platform,” Haeringer says, “and if that’s where viewers are going to be, we want to get to them.
Phones, you’ll hasten to say, have two orientations—horizontal landscape and vertical portrait. Reasonable online video networks could differ on which is better for the viewing experience.
Quibi will do both. Everything it streams will have two versions, landscape and portrait, and (thanks to some clever buffering technology) your view will smoothly shift from one to the other when you rotate your phone; the audio stream unifies the two. The tech folks at Quibi call this Turnstyle, and they say that one of their business advantages is being able to focus on technological innovation like phone-turning rather than prosaic stuff like content management software to organize video or uninterruptible streaming servers.
Breaching those technological barriers made companies like Netflix and Amazon Prime possible. They also made those companies expensive to launch and maintain. Now, though, what was bespoke wiring under the hood is commodity hardware and software, much of it open source. This is what analysts call “last-mover advantage.”
Turnstyle, though, is new, and creative types are finding interesting uses for it already. Quibi’s tech leads showed me a news program demo where infographics moved from above the talking head’s head in portrait to left-of-screen in landscape. In a more cinematic demo, a long depth-of-field shot revolved into a wide master on the turn.
Quibi uses a technology called Turnstyle to allow seamless transitions between portrait and landscape views. This show, the car-stunt series Elba vs. Block, will premier later this year.
Give directors a new set of tools, and they’ll use them. Catherine Hardwicke directed the teen drama Thirteen and the teen vampire/werewolf drama Twilight, so when her agents brought her the script for Quibi’s Don’t Look Deeper—part girl-coming-of-age and part sci-fi—she was inclined toward it. The opportunity to shoot something in a novel way clinched the deal.
First, Hardwicke and her director of photography did a test. They shot a scene twice—horizontal in the morning and vertical in the afternoon—and tried editing both. Eventually Hardwicke decided they could get good quality from shooting widescreen and then making the portrait view in the edit, reframing shots by panning-and-scanning during post production. “We mostly just went for it, shot the most beautiful, composed horizontal frames we could, and then it took us about three more weeks to compose in vertical,” Hardwicke says.
Don’t Look Deeper will have 14 episodes totaling just under two hours, and her actors have all done movies—Don Cheadle, Emily Mortimer, and relative newcomer Helena Howard. Hardwicke says the resources she had added up to roughly a $10 million budget—sort of midway-ish between Thirteen’s $1.5 million and Twilight’s $37 million. But Don’t Look Deeper doesn’t act like a movie. “It’s more nonlinear and more fun. We have a cold open in each episode, and each episode ends in some kind of cliffhanger, like ‘holy shit, did that just happen? Fuck, what are we going to do next?’” Hardwicke says. “It added an energy I really liked.”
The upcoming sci-fi drama series Don’t Look Deeper also takes advantage of Turnstyle.
The experiments get weirder from there. Steven Soderbergh is shooting Wireless, his cliffhangery suspense thing, his usual way—with a high-end digital camera aimed at actors acting. But since a lot of the character interaction takes place via phone, every actor also shoots their scenes with devices that capture their texting and video chatting. Their phones capture them through the front-facing camera, and another device strapped to the back shoots outward, as if through the rear-facing camera, for the phone’s POV. Soderbergh’s landscape edit will be the traditional one; the portrait edit will use the phone footage. You, the nominal viewer, will flip-flop between the two.
Gimicky or intriguing? Hard to know. I can tell you that WIRED’s original iPad edition had different landscape and portrait versions of every page. They were meticulously executed, and if readers had shrugged any harder they’d have dislocated their shoulders. We had the numbers. It was a different time!
Meanwhile, the Quibi programming grid is full of concepts higher than Brad Pitt at a Snoop Dogg party. On Jennifer Lopez’s reality show, she’ll give $100,000 to someone in her life who influenced her, and then that person has to give half of it to someone who influenced them, and likewise all the way back up the line. (Would it suck to be the 10th person in line, who by my math would get about $95? Eh, that’s a decent night out.)
For a dating show, Quibi will post profiles of prospective daters on Monday, viewers will send back their videos of why they should go on the date on Tuesday, they’ll pick Wednesday, go on the date Thursday, and then show the results in an episode on Friday. Katzenberg says one of his favorites is Barkitecture. “This is Cribs,” he says, “but for dogs.”
Quibi will have 35 high-gloss narrative shows—Katzenberg’s aforementioned “lighthouses”—in the first year, along with 115 “alternative” shows and daily “quick bites.” So that’s one lighthouse, five quick bites, and 25 “essentials” per day, from the jump. “That is over 180 minutes of original content that we put up every day,” Katzenberg says. “A broadcast network in prime time publishes 135 minutes. So we’re 35 percent more original content every day.”
No one in television or online video knows what’s going to happen next, Whitman says: “A lot of what we’re doing here is based on our judgment and our experience and some research.”Photograph: Rozette RagoThat’s the “show” part; now we can talk business. According to Quibi’s research, in 2012 people watched an average of six minutes of video a day on their phones. By 2018 it was 60 minutes, and though the final numbers aren’t in, in 2019 it was 75 minutes. It’s even higher, Whitman says, among younger viewers, though she didn’t share that specific demographic breakdown.
Some of that digital video is movies or series television—premium longform. Some of it is user-generated or “semiprofessional,” whether long or short. But none of it, Katzenberg and Whitman believe, is premium but also short-form. Or at least, none that’s curated in one place. The trends tend toward that kind of content, Whitman says, and the business area is a “white space,” new customer behavior that opens an opportunity for a business that latecomer entrants would have a hard time copying. It also has a large potential market cap. “I’ve seen every business plan in Silicon Valley for the last 20 years, and virtually none of the time are those four all at work,” Whitman says. “Those four are all at work here.”
Some dollar figures might prove it. By Whitman’s accounting, user-generated or semipro video gets made for anywhere from pennies per minute to thousands of dollars per minute. Premium longform shows cost $10,000 to $100,000 per minute. That means 10 minutes of show can cost $1 million—uneconomical for the vast majority of what’s on YouTube. “YouTube can’t sell a million dollars’ worth of advertising to cover that piece of content,” Whitman says. “That’s why our monetization model is subscription plus advertising, because we have to generate enough funds to go buy this quality of content in its short form.”
Quibi provides the (high) budget, paying creators or other studios the cost of production plus 20 percent, which is nice. That content gets licensed to run on Quibi only for seven years, but the rights belong to the creators, who never lose ownership of their intellectual property. Theoretically that means whether Quibi launches successful shows with cultural oomph or merely goes pfft, the creators can eventually take their ball to some other court. “We have given people a financial incentive and ownership in their own work that they have never had before in this town,” Katzenberg says. “Or at least they haven’t had it for a really, really long time.”
The pitch to advertisers is designed to be just as compelling: brand safety. Quibi’s year of pre-sold pre-roll comes from heavyweight transnational brands like Walmart, Pepsi, Google, Progressive, and ABInBev (so Budweiser or some other beer). Those companies are watching the demographics they covet flee ad havens like prime-time TV, magazines, and newspapers for the web.
But putting an ad up alongside user-generated content can be algorithmic roulette. Today’s Twitch narrator or Instagram make-up applier could be tomorrow’s Nazi or #metoo-villain. “If you think about the tens of billions of dollars that are still spent on network broadcast television, in prime time, every one of those advertisers knows they have to move those dollars elsewhere as the audience is moving,” says Tom Conrad, Quibi’s chief product officer. “And so you say, well, where do you go with that money that has the same characteristics of that network?”
Not to be grandiose, but dealmaking like this suggests a new direction for television (or whatever we’re going to call video entertainment transmitted via the wireless internet). Quibi is a Hollywood startup, a studio-like entity doing something interesting with the internet, as opposed to a Silicon Valley tech business doing something interesting with content. The technology might be cool, but it’s not important (as long as it works). The dealmaking, though? That could make Quibi, um, quibiquitous.
I leave the well-appointed offices of Quibi, two floors of open-plan in the heart of Hollywood’s industrial studio zone, in the frame of mind one should have on leaving a good pitch meeting. I’m thinking, well, maybe it could work (and I’m regretting slightly my decision not to fill my pockets at the Candy Wall). Then, when I get downstairs, I have to sidestep a film crew striking a shoot in the building’s ground floor, and I remember that until something in this town is concrete, it’s filigree. A Hollywood "yes" generally means "no."
Just up the street I walk past a soundstage under construction, open to the world, a featureless white box with curved corners empty of everything except stardust, potential, and a couple of scissor lifts. Maybe Jeffrey Katzenberg and Meg Whitman are running the Big Con, and if I went back to the building today I’d find two empty floors, a couple of broken chairs, and wires dangling from the ceiling.
I mean, almost certainly not. But believing that Quibi is the next big thing does require buying into a few basic concepts. You have to believe, for example, that the people watching more video on mobile devices want video optimized for those devices as opposed to just, like, pressing pause. “The under-25 crowd has grown up with short-form video, from YouTube to Snapchat to really short form on Vine and TikTok,” says Ben Carlson, senior vice president and general manager of streaming platforms at the analytics company MarketCast.
But, he adds, when successful iterations in those media like Between Two Ferns or Awkward Black Girl moved to more “grown-up” media, that leveling-up—leveling-over?—came with increases in length and more traditional formats. “There is ample evidence of a desire for short-form content on a mobile device,” Carlson says. “What is as yet unproven is what happens when you set Hollywood professional storytellers out to do content specifically for that.”
One possible advantage Quibi has—and I’m just spitballing here—is that because its shows have a unique format and delivery mechanism, people will remember where they watched. Carlson says people often have trouble attributing which streamer carries which show, as when people protested the show Good Omens at Netflix even though it ran on Amazon Prime.
Maybe a Quibi show won’t be subject to the same kind of network brand confusion suffered by each of the other 75 bazillion TV programs. Quibi will need that kind of differentiation if it’s going to succeed; HBO Max powers up in May, and NBCUniversal’s Peacock unfurls in April. Quibi is launching into a crowded sky.
Maybe phones-only quick bites are a brand differentiator, but that won’t help if Quibi doesn’t have a hit. For now, Carlson says that Quibi shows like the documentary series on the rivalry between DC and Marvel Comics, produced by the Russo Brothers—makers of the last two Avengers movies—and a Reno 911 revival have gotten the most chatter. The Spielberg and Del Toro shows? Not so much. Of course, that could all change once they actually debut.
You further have to believe that people will pay for something they already get for free. You can already watch short videos on your phone, for the cost of your mobile subscription. To be fair, consumers have made that transition before, with music and television. Now, potential paying customers will have to ask whether it's worth adding another $60 a year to a credit card bill already laden with entertainment options? Amazon Prime video is essentially a perk that comes with faster delivery, so maybe you keep that. Cable often comes with home internet. Netflix … maybe. Disney+ is a yes for families and nerds; DC Universe even more so. CBS Online is using Star Trek as a wedge into new TV business models, a tradition in the industry. And that’s not even counting music services, videogames, newspapers, and magazines. At some point, people are going to start to say no. If Quibi is that point, the company has a problem.
Quibi (or something like it) isn’t the only possible answer to all these questions. The this-is-fine fire in which Hollywood now burns extends at least as far north as Mountain View, where YouTube, that maximalist provider of video-to-mobile, is preparing for a future that’s the opposite of the one Quibi pitches. Fully 70 percent of YouTube watch time is on mobile, but the company’s fastest-growing locus is the big screen at the front of the living room—250 million hours of video watched a day on a billion devices as an approximate replacement for cable TV.
Relative to mobile, what people are watching on that screen is a higher-than-usual proportion of premium stuff like full TV episodes, movies, and livestreamed events. “As more and more folks are getting smart TVs, they’re all HD-capable, and YouTube has the largest library, so it sort of makes sense,” says Kurt Wilms, head of living room at YouTube. (His official title is project manager.) “Folks are looking for content similar to traditional television, so we’re trying to make it easier for a viewer to select content and lean back.” (Yes, it’s harder to search with a scroll wheel and a remote than with a phone keypad. YouTube technologists are spending a lot of money on voice search, Wilms says.)
No one in television or online video knows what’s going to happen next. Whitman and Katzenberg have been good at seeing the future a few times already. “A lot of what we’re doing here is based on our judgment and our experience and some research. I think it’s hard to research products that don’t exist,” Whitman says. “But once we launch, it’s all about the data. We have no legacy tech platform and we have no legacy data platform. So all this is being built de novo, purpose built. Which is actually really fun.”
That’s why people are willing to spend money to try something as manifestly outlandish as Quibi. Young people are watching a lot of free video on their phones. They might be willing to pay for it if it was better. So why not?
That’s it. That’s the pitch.
Updated 1-9-20, 1:45PM ET: An earlier version of this story incorrectly stated that 215 million hours of YouTube are watched on televisions a day. It's 250 million hours.
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||2/2/2020 11:03:40 AM|
|The man who changed disruption—and saw his own theories get disrupted|
What I learned from Clayton Christensen, the author of The Innovator’s Dilemma.
by Christian Sandström
MIT Technology Review
Jan 29, 2020
I met Clayton Christensen only once. It was 2012, and thousands of business scholars were gathering in downtown Boston for the Academy of Management, the industry’s biggest conference of the year. People from all around the world presented papers, networked, applied for jobs. Keynotes were delivered in gigantic lecture halls packed with hundreds of curious PhD students, aspiring postdocs, and tenured professors.
Not everything felt like a rock concert, though. Two years earlier, I’d defended my doctoral thesis on Christensen’s theory of disruption, and I was keen to present some of my arguments to anyone who would listen. Our paper was assigned to a small seminar room. There were hundreds of such backwater sessions, and usually only the coauthors and a few acquaintances from last night’s cocktail party showed up.
A few minutes before the session started, Christensen entered the room. I was stunned. Why would someone of his status even bother to find our paper in this haystack of academic research? But he listened carefully, and his presence was calm and focused. After our presentation, Christensen made a couple of remarks—most of them reflective and self-critical—and acknowledged some of our arguments.
This man was clearly not in the game to gain prestige or try to push an agenda. He came across as humble, thoughtful, and curious in a way that left me astonished and impressed.
When I heard that Clayton Christensen had died—aged 67, from complications caused by the leukemia he had been fighting for some time—I thought about my experience in Boston back in 2012. After all, if we are going to discuss his legacy, that first and only impression seems as a good point to start as any.
Christensen’s own doctoral dissertation, defended at Harvard Business School in 1992, concerned the disk drive industry from the early 1970s up until the 1990s. He investigated every technological change during this era and tried to relate these shifts to changes in industrial leadership. The data told an interesting—and initially confusing—story.
Previous research had tried to answer the question of why organizations found success so difficult to keep going over long periods, but it mostly looked at a company’s internal capabilities. If a business built on what it was good at, went the received wisdom, then it could defend itself against new, smaller entrants unless they came up with some entirely novel approach.
Christensen’s data suggested otherwise. It wasn’t the emergence of radically new technology that helped David outsmart Goliath. Rather, it was the emergence of a new generation of smaller disk drives that created insurmountable problems for established players. Why?
Over the coming years, Christensen developed and refined his thoughts on what was happening. Invoking some out-of-favor concepts from the 1960s and 1970s, he highlighted how the demand to serve current, profitable customers in the short-to-medium term seemed to captivate companies. The needs of these customers made it seem irrational to invest in other initiatives, and so, he contended, these firms ended up brittle and vulnerable to being blindsided. He argued that companies were being misled by the very same practices—such as listening to their customers, or designing next-generation products for existing users—that had made them successful in the first place. Firms performed well by adhering to the needs of key actors in the environment, but over time, the environment started to impose a great indirect control over firms, eventually putting them in deep trouble. The theory was beautifully counterintuitive.
These ideas were clarified into a coherent framework in his famous 1997 book The Innovator’s Dilemma, and, as they say, the rest is history. Christensen’s ideas spread like a wildfire. They were intriguing and exciting to everyone who came across them, both in academia and in industry.
By the 2000s, Christensen had reached academic stardom. He was an outstanding communicator and author, and his books about disruption had a huge impact: Intel’s acclaimed CEO Andy Grove notably said The Innovator’s Dilemma was the most important book he had read in a decade, and Christensen was celebrated regularly as the world’s greatest management thinker. But as the work became more widespread, his original ideas became more diluted. By 2010 or so, “disruptive innovation” meant the same thing “radical” had meant in the 1990s. At conferences and corporate events, among startups and in tech media coverage, “disruption” became omnipresent—at the expense of its original meaning and identity.
On several occasions, Christensen tried to restore the original ideas behind the disruption concept, but ironically, his ideas now faced a form of innovator’s dilemma themselves. Their meaning was beyond the control of the mind where they were born.
As “disruption” became progressively more well known, the concept increasingly faced another threat: becoming too powerful. Christensen’s theory of disruption was never the only one that suggested when and why entrants displace incumbents in business—after all, decades had been spent studying how such things took place. But as his work was watered down, many scholars, consultants, and corporations began to focus on only this one framework, disregarding the entire edifice of knowledge that his work was part of.
For sure, the “Christensen effect” mattered when one company pushed another out of the limelight, but there were many other factors that mattered too. And you could produce an interesting analysis if you applied the theories of The Innovator’s Dilemma to business—but the conclusions would often be invalid if they did not pay enough attention to the rest of reality. A company’s capabilities, organizational routines, managerial cognition, and network effects were just some of the factors that clearly mattered—and yet, time and again, experts tried to make predictions based solely upon Christensen’s theories. I know I am guilty of several such mistakes.
For those of us who did this, the natural and unfortunate reaction was then to blame Christensen’s work for our failed assessment or inaccurate forecast. But the problem was less the theory of disruptive innovation and more our collective will to attribute more explanatory power to a single theory than is possible.
Christensen’s work was one theory concerning industrial dynamics and technological change. It was never the theory. Elevate any idea to that sort of position and you are bound to generate disappointment. Combine it with other concepts and theories and you can find a much greater impact.
So the innovator’s dilemma faced an innovator’s dilemma of its own. It’s not just companies that are dependent on and vulnerable to an environment beyond anyone’s direct control. Ideas are too.
Keys to success
Clayton Christensen was not the first brilliant scholar or charismatic professor to write and speak about technology and innovation, and he will not be the last. So why was he so remarkably successful? What was the true source of competitive advantage that separated him from others?
He inspired a generation of scholars, including me, to think seriously about how businesses are affected by technology; he helped countless companies and provided valuable knowledge to hundreds of thousands of students who read his books and related papers.
My moment with him suggests an answer. His accomplishments were enabled by the same character that cast its light across that tiny, half-empty seminar room in Boston. You can only speak about failure if you are humble and graceful. You can only explain why well-managed firms fail by being thoughtful. And you can only develop truly remarkable concepts by being self-critical, curious, and open-minded.
Christian Sandström is associate professor of innovation management at Chalmers University of Technology and the Ratio Institute in Sweden.
|RecommendKeepReplyMark as Last Read|
|From: Glenn Petersen||2/8/2020 2:20:18 PM|
|A dark web tycoon pleads guilty. But how was he caught?|
The FBI found Eric Marques by breaking the famed anonymity service Tor, and officials won’t reveal if a vulnerability was used. That has activists and lawyers concerned.
by Patrick Howell O'Neill
MIT Technology Review
Feb 8, 2020
Illustration by Caroline Matthews, Creative Commons Attribution 4.0 International License.\
When the enterprising cybercriminal Eric Eoin Marques pleaded guilty in an American court this week, it was meant to bring closure to a seven-year-long international legal struggle centered on his dark web empire.
In the end, it did anything but.
Marques faces up to 30 years in jail for running Freedom Hosting, which temporarily existed beyond reach of the law and ended up being used to host drug markets, money-laundering operations, hacking groups, and millions of images of child abuse. But there is still one question that police have yet to answer: How exactly were they able to catch him? Investigators were somehow able to break the layers of anonymity that Marques had constructed, leading them to locate a crucial server in France. This discovery eventually led them to Marques himself, who was arrested in Ireland in 2013.
Marques was the first in a line of famous cybercriminals to be caught despite believing that using the privacy-shielding anonymity network Tor would make them safe behind their keyboards. The case demonstrates that government agencies can trace suspects through networks that were designed to be impenetrable.
Marques has blamed the American NSA’s world-class hackers, but the FBI has also been building up its efforts since 2002. And, some observers say, they often withhold key details of their investigations from defendants and judges alike—secrecy that could have wide-ranging cybersecurity implications across the internet.
“The overarching question is when are criminal defendants entitled to information about how law enforcement located them?” asks Mark Rumold, a staff attorney at the Electronic Frontier Foundation, an organization that promotes online civil liberties. “It does a disservice to our criminal justice system when the government hides techniques of investigation from public and criminal defendants. Oftentimes the reason they do this kind of obscuring is because the technique they use is questionable legally or might raise questions in the public’s mind about why they were doing it. While it’s common for them to do this, I don’t think it benefits anyone.”
Freedom Hosting was an anonymous and illicit cloud computing company running what some estimated to be up to half of all dark web sites in 2013. The operation existed entirely on the anonymity network Tor and was used for a wide range of illegal activity, including the hacking and fraud forum HackBB and money-laundering operations including the Onion Bank. It also maintained servers for the legal email service Tor Mail and the singularly strange encyclopedia Hidden Wiki.
But it was the hosting of sites used for photos and videos of child exploitation that attracted the most hostile government attention. When Marques was arrested in 2013, the FBI called him the “largest facilitator” of such images “on the planet.”
While in control of Freedom Hosting, the agency then used malware that probably touched thousands of computers. The ACLU criticized the FBI for indiscriminately using the code like a “ grenade.”
The FBI had found a way to break Tor’s anonymity protections, but the technical details of how it happened remain a mystery.
“Perhaps the greatest overarching question related to the investigation of this case is how the government was able to pierce Tor’s veil of anonymity and locate the IP address of the server in France,” Marques’s defense lawyers wrote in a recent filing.
In the original indictment, there is little information beyond references to an “investigation in 2013” that found a key IP address linked to Freedom Hosting (referred to in the document as the “AHS,” or anonymous hosting service).
Marques’s defense lawyers said they received only “vague details” from the government, and that “this disclosure was delayed, in part, because the investigative techniques employed were, until recently, classified.”
Peter Carr, a Justice Department spokesperson, said the letter is “not in the public record.” The defense attorneys did not respond to questions.
The NSA found a dangerous flaw in Windows and told Microsoft to fix itThe secretive security agency identified the vulnerability and is taking public credit as part of an effort to “build trust.”
US government agencies regularly find software vulnerabilities in the course of their security work. Sometimes these are disclosed to technology vendors, while at other times the government decides to keep these exploits for use as weapons or in investigations. There is a formal system for deciding whether an issue should be shared, known as the Vulnerabilities Equities Process. This is meant to default toward disclosure, under the belief that any bug that affects the “bad guys” also has the potential to be used against American interests; an agency that wants to use a major bug in an investigation has to get approval, or else the bug will be publicly disclosed. US officials say the vast majority of such vulnerabilities end up disclosed so that they can be fixed, ideally increasing internet security for everyone.
But if the FBI used a software vulnerability to find Freedom Hosting’s hidden servers and didn’t disclose the details, it could still potentially use it against others on Tor. This has observers concerned.
“It’s not uncommon to play these games where they hide the ball about the source of their information,” the EFF’s Rumold says.
Tor is free software designed to let anyone use the internet anonymously by encrypting traffic and bouncing it through various nodes to obfuscate connections to the original users. Users could include Americans sick of being tracked by advertising companies, Iranians attempting to circumvent censorship, Chinese dissidents escaping national surveillance, or criminals like Marques attempting to stay ahead of international police. The users are diverse in every way, but software vulnerabilities can affect all of them.
In a 2017 criminal case, the US government put the secrecy of its hacking tools above all else. Prosecutors chose to drop all charges in a case of child exploitation on the dark web rather than reveal the technological means they used to locate the anonymized Tor user.
Freedom Hosting’s closure was the first in a series of stunning successes by international law enforcement that shut down some of the most high-profile criminal websites in history.
Two months after Marques was caught, the free-wheeling marketplace Silk Road was shut down in another FBI-led operation. After facilitating at least hundreds of millions of dollars in sales, Silk Road became a symbol of the apparent invulnerability of the criminals inhabiting the dark web. Although it lasted less than three years, it was clear that Silk Road’s founder, nicknamed Dread Pirate Roberts, felt invincible. Close to the end, the anonymous figure was giving interviews to magazines like Forbes and writing political essays about his cause and the ideology behind it.
Then, in October 2013, Ross Ulbricht—a 29-year-old online bookseller—was arrested in San Francisco and charged with running Silk Road. He was eventually sentenced to life in prison, a punishment that far exceeds whatever Marques might receive at his sentencing date in May.
Freedom Hosting and Silk Road were just the most well-known dark web sites that were brought down by law enforcement despite the anonymity that Tor is meant to provide.
“We can’t have a world where a government is allowed to use a black box of technology from which spring these serious criminal prosecutions,” Rumold says. “Defendants have to have the ability to test and review and look at the methods that are used in criminal prosecutions.”
|RecommendKeepReplyMark as Last ReadRead Replies (1)|
|To: Glenn Petersen who wrote (6582)||2/10/2020 10:17:57 PM|
|From: Glenn Petersen|
|What Happens When QAnon Seeps From the Web to the Offline World|
By Mike McIntire and Kevin Roose
New York Times
Published Feb. 9, 2020
Updated Feb. 10, 2020, 1:55 a.m. ET
A rally in Washington in September for QAnon, an online conspiracy theory that has steadily migrated offline.Credit...Tom Brenner for The New York Times
A city council member in California took the dais and quoted from QAnon, a pro-Trump conspiracy theory about “deep state” traitors plotting against the president, concluding her remarks, “God bless Q.”
A man spouting QAnon beliefs about child sex trafficking swung a crowbar inside a historic Catholic chapel in Arizona, damaging the altar and then fleeing before being arrested.
And outside a Trump campaign rally in Florida, people in “Q” T-shirts stopped by a tent to hear outlandish tales of Democrats’ secretly torturing and killing children to extract a life-extending chemical from their blood.
What began online more than two years ago as an intricate, if baseless, conspiracy theory that quickly attracted thousands of followers has since found footholds in the offline world. QAnon has surfaced in political campaigns, criminal cases, merchandising and at least one college class. Last month, hundreds of QAnon enthusiasts gathered in a Tampa, Fla., park to listen to speakers and pick up literature, and in England, a supporter of President Trump and the Brexit leader Nigel Farage raised a “Q” flag over a Cornish castle.
Most recently, the botched Iowa Democratic caucuses and the coronavirus outbreak have provided fodder for conspiracy mongering: QAnon fans shared groundless theories online linking the liberal billionaire George Soros to technological problems that hobbled the caucuses, and passed around bogus and potentially dangerous “treatments” for the virus.
About a dozen candidates for public office in the United States have promoted or dabbled in QAnon, and its adherents have been arrested in at least seven episodes, including a murder in New York and an armed standoff with the police near the Hoover Dam. The F.B.I. cited QAnon in an intelligence bulletin last May about the potential for violence motivated by “fringe political conspiracy theories.”
Matthew Lusk, who is running unopposed in the Republican primary for a Florida congressional seat and openly embraces QAnon, said in an email that its anonymous creator was a patriot who “brings what the fake news will not touch without slanting.” As for the theory’s more extreme elements, Mr. Lusk said he was uncertain whether there really was a pedophile ring associated with the deep state.
“That being said,” he added, “I do believe there is a group in Brussels, Belgium, that do eat aborted babies.”
The seepage of conspiracy theorizing from the digital fever swamps into life offline is one of the more unsettling developments of the Trump era, in which the president has relentlessly pushed groundless conspiracies to reshape political narratives to his liking. In promoting fringe ideas about deep state schemes, Mr. Trump has at times elevated and encouraged QAnon followers — recirculating their posts on Twitter, posing with one for a photograph in the Oval Office, inviting some to a White House “social media summit.” Recently, during a daylong Twitter binge, Mr. Trump retweeted more than 20 posts from accounts that had trafficked in QAnon material.
QAnon began in October 2017, when a pseudonymous user of the online message board 4chan started writing cryptic posts under the name Q Clearance Patriot. The person claimed to be a high-ranking official privy to top-secret information from Mr. Trump’s inner circle. Over two years and more than 3,500 posts, Q — whose identity has never been determined — has unspooled a sprawling conspiracy narrative that claims, among other things, that Mr. Trump was recruited by the military to run for office in order to break up a global cabal of pedophiles, and that Special Counsel Robert S. Mueller III’s investigation would end with prominent Democrats being imprisoned at Guantánamo Bay.
The anonymous posts subsequently moved to 8chan, where they remained until August, when that site was taken offline after the El Paso mass shooting. They now live on 8kun, a new website built by 8chan’s owner.
Some QAnon fans are hardened conspiracy buffs who previously believed other fringe theories, such as the bogus claim that the Sept. 11 terrorist attacks were an “inside job.” But many QAnon adherents are everyday Americans who have found in Q’s messages a source of partisan energy, affirmation of their suspicions about powerful institutions or a feeling of having special knowledge. Some are older adults who discovered the theory through partisan Facebook groups or Twitter threads, and were drawn in by the movement’s promises of inside information from the White House (some QAnon devotees even believe that Mr. Trump posts himself, under the code name “Q+”). Others are seduced by the movement’s wild, often violent fantasies, including claims that Hollywood celebrities are part of a satanic child-trafficking ring.
In online chat rooms, Facebook groups and Twitter threads, QAnon followers discuss the hidden messages and symbols they believe to be exposed in Q’s posts, or “drops” — for example, because Q is the 17th letter of the alphabet, a reference by Mr. Trump to the number 17 is seen as a possible signal of his support for them.
They watch “Patriots’ Soapbox,” a YouTube call-in show devoted to coverage of QAnon, and other niche media projects that have popped up to fill the demand for Q-related content. Reddit barred a cluster of QAnon groups from its platform in 2018, after a spate of violent threats from members, and Apple pulled a popular QAnon app from its app store. But other social platforms, including Facebook, Twitter and YouTube, still host large amounts of QAnon content. In general, these platforms do not prohibit conspiracy theories unless their adherents break other rules, such as policies against hate speech or targeted harassment.
The frequent introduction of new symbols and arcane plot points to dissect and decipher has given QAnon the feel of a theological study group, or a massive multiplayer online game. In interviews, several adherents described QAnon as a “lifestyle” or a “religion,” and said it had become their primary source of political news and analysis.
“It’s more of a cult than other conspiracy theories,” said Joseph Uscinski, a political-science professor at the University of Miami who studies fringe beliefs. “QAnon is not just an idea; it’s an ongoing thing that people can sort of get into and follow along with that keeps them entertained.”
With its core belief that the president is heroically battling entrenched evildoers, QAnon may be the ultimate manifestation of Trump-inspired conspiracy mongering. From the start, it was inexorably bound up with “Make America Great Again” communities online: The New York Times found last year that some 23,000 of Mr. Trump’s Twitter followers had QAnon references in their profiles.
But QAnon has steadily migrated offline to Trump campaign rallies, where dozens of supporters can be found with Q paraphernalia, carrying signs and commiserating about the theory. In recent months, QAnon adherents have complained that security officials keep people from bringing their gear into the rallies; the campaign said it permitted only approved signs and licensed merchandise at its events.
Harry Formanek, a 65-year-old retiree who attended Mr. Trump’s Florida rally in November wearing a QAnon T-shirt, said he learned about the theory after hearing allegations that top Democrats were running a child-sex ring out of a Washington pizza parlor — the hoax known as “Pizzagate,” which was something of a precursor to QAnon. Now, he said, he spends roughly an hour a day on QAnon-related websites and believes, among other things, that Mr. Trump signals his support with Q-shaped hand gestures during public appearances.
“My friends think I’m crazy,” Mr. Formanek said. “I mean, the proofs are just undeniable.”
With its growth in popularity, QAnon’s tangible presence is not limited to clothes, bumper stickers and campaign signs, all of which can be found for sale on Amazon and at other retailers. The theory also showed up at Mesa Community College in Arizona, where an adjunct professor of English, Douglas Belmore, began working it into classroom lectures. He was fired last summer after students complained.
Mr. Belmore announced his dismissal on Twitter, saying, “Why aren’t more professors, teachers, cops, pastors, and woke Americans everywhere NOT talking about this?” Later, he tweeted, “I pray that you see The Truth about POTUS and Q and their War against the trafficking of children,” and posted a video clip of Mr. Trump at a rally pointing to a baby wearing a Q onesie.
On the campaign trail during the past two years, at least six Republican congressional candidates, as well as several state and local politicians, have signaled some level of interest in QAnon. Danielle Stella, a Republican congressional candidate in Minnesota whose campaign’s Twitter account has “favorited” QAnon material and used a QAnon-related hashtag, was suspended from the platform in November after suggesting that the Democratic incumbent, Ilhan Omar, be hanged for treason.
In an email responding to questions about her position on QAnon, Ms. Stella said through a campaign aide: “The decision to side with Twitter regarding my suspension for advocating for the enforcement of federal code proves that The New York Times and Twitter will always side with and fight to protect terrorists, traitors, pedophiles and rapists.”
In San Juan Capistrano, Calif., Pam Patterson, a city council member, invoked QAnon in her farewell speech to the body in December 2018, reciting a Q posting as if it were Scripture.
“To quote Q No. 2436,” she said, “for far too long, we have been silent and allowed our bands of strength that we once formed to defend freedom and liberty to deteriorate. We became divided. We became weak. We elected traitors to govern us.”
Lin Bennett, a state legislator in South Carolina, spoke approvingly of QAnon on social media but later backed away from it, telling Charleston’s Post and Courier newspaper in May, “I got tired of looking at that stuff.”
And in Montana, an elected justice of the peace, Michael Swingley, was reprimanded in November by a state judicial board for using his official email account to send an angry message to a journalist who had written an article skeptical of QAnon. Mr. Swingley wrote that, regardless of “whether Q is real,” patriots were uniting because of it and “your world of fake news and liberal agendas that give away our country to foreigners and protect the Clintons and Obamas is coming to an end.”
Beyond the mainstreaming of QAnon in certain Republican circles, a bigger concern for researchers who track conspiracy theories is the potential for violence by unstable individuals who fall under its sway, particularly in the fraught political climate of the 2020 election. In its intelligence bulletin identifying QAnon as a potential domestic terror threat, the F.B.I. warned that partisan conspiracy mongering in the United States was being exacerbated by “the uncovering of real conspiracies or cover-ups” by political leaders. Social media was serving as an incubator for groundless theories and inspiring followers to take action, it said.
“Although conspiracy-driven crime and violence is not a new phenomenon,” the bulletin said, “today’s information environment has changed the way conspiracy theories develop, spread and evolve.”
Mr. Uscinski said that because some people with a conspiracy mind-set are willing to entertain political violence, it was perhaps inevitable that as QAnon attracted a bigger following, it would eventually come to include a dangerous, if tiny, subset of adherents.
“Once you reach a threshold of people,” he said, “that particular apple is going to show up in the barrel.”
The F.B.I. bulletin cited two episodes it said involved QAnon followers. In one, a 30-year-old Nevada man, Matthew Wright, armed himself with an AR-15-style rifle, a handgun and extra ammunition, and drove an armored truck onto a bridge near the Hoover Dam in June 2018. There, he engaged in a 90-minute standoff with police officers while demanding the release of an inspector general’s report on the government investigation of Hillary Clinton’s email practices.
After his arrest, Mr. Wright wrote letters to Mr. Trump and other officials, calling himself a “humble patriot” and making references to the QAnon slogans “Great Awakening” and “Where we go one, we go all.”
“I simply wanted the truth on behalf of all Americans,” Mr. Wright wrote, adding that he hoped those “responsible for purposely damaging our beloved country be held accountable and be brought to justice.”
In Arizona, the leader of a local veterans-aid group in Tucson, Michael Lewis Arthur Meyer, 39, was arrested in July 2018 after occupying a tower at a cement plant that he insisted was sheltering a child-sex-trafficking ring. Mr. Meyer “alleged a law enforcement cover-up and referenced the QAnon conspiracy theory as he and armed group members searched” for the nonexistent ring, according to the F.B.I. bulletin.
After the bulletin was prepared, there were additional incidents in Arizona and Colorado. Timothy Larson, 41, was accused in September of taking a crowbar to the altar inside the Chapel of the Holy Cross in Sedona, while yelling about the Catholic Church and sex trafficking. Mr. Larson’s social media posts are filled with QAnon references and pro-Trump memes.
And in December the police in Parker, Colo., charged Cynthia Abcug, 50, with conspiring with fellow QAnon believers to kidnap one of her children, who had been removed from her custody. Ms. Abcug believed her child was being held by Satan worshipers and pedophiles, according to her arrest warrant.
Also recently, Anthony Comello, 25, said in a New York City court in December that his belief in QAnon had led him to murder a mob boss, Francesco Cali, who he asserted was part of the deep state cabal working against Mr. Trump. Mr. Comello’s defense lawyer, Robert C. Gottlieb, said in a court filing that after the 2016 election, his client’s family “began to notice changes to his personality” that worsened over time.
“Mr. Comello’s support for QAnon went beyond mere participation in a radical political organization,” Mr. Gottlieb wrote. “It evolved into a delusional obsession.”
|RecommendKeepReplyMark as Last Read|