Skip to content

IT News

How to Stop Facebook’s Dangerous App Integration Ploy

Here is a great op. ed. piece by Sally Hubbard who is a former assistant attorney general in the New York State Attorney General’s Antitrust Bureau and an editor at The Capitol Forum, where she covers technology and monopolization. She makes two points 1) Facebook is a monopolist and 2) the FTC is toothless. Both need to change.
Quote

In response to calls that Facebook be forced to divest itself of WhatsApp and Instagram, Mark Zuckerberg has instead made a strategic power grab: He intends to put Instagram, WhatsApp and Facebook Messenger onto a unified technical infrastructure. The integrated apps are to be encrypted to protect users from hackers. But who’s going to protect users from Facebook?

Ideally, that would be the Federal Trade Commission, the agency charged with enforcing the antitrust laws and protecting consumers from unfair business practices. But the F.T.C. has looked the other way for far too long, failing to enforce its own 2011 consent decree under which Facebook was ordered to stop deceiving users about its privacy claims. The F.T.C. has also allowed Facebook to gobble up any company that could possibly compete against it, including Instagram and WhatsApp.

Not that blocking these acquisitions would have been easy for the agency under the current state of antitrust law. Courts require antitrust enforcers to prove that a merger will raise prices or reduce production of a particular product or service. But proving that prices will increase is nearly impossible in a digital world where consumers pay not with money but with their personal data and by viewing ads.

The integration Mr. Zuckerberg plans would immunize Facebook’s monopoly power from attack. It would make breaking Instagram and WhatsApp off as independent and viable competitors much harder, and thus demands speedy action by the government before it’s too late to take the pieces apart. Mr. Zuckerberg might be betting that he can integrate these three applications faster than any antitrust case could proceed — and he would be right, because antitrust cases take years.

Luckily, the F.T.C. has a way to act quickly. Prompted by the Cambridge Analytica scandal, the agency has been investigating Facebook for violating that 2011 consent decree, which required it, among other things, to not misrepresent its handling of user information and to create a comprehensive privacy program. The F.T.C. can demand Facebook stop the integration as one of the conditions for settling any charges related to the consent decree, rather than just imposing an inconsequential fine.

If not stopped, the integration will cement Facebook’s monopoly power by enriching its data trove, allowing it to spy on users in new ways. Facebook might decide to sync data from one app to another so it can better track users. And Facebook needs user data: The reason it commands such a large share of digital advertising is that it tracks users — and even people without Facebook accounts — across millions of sites. It gathers data that allows it to target ads more precisely than many of its rivals for digital ad dollars, including news media sites and content creators.

After stopping Mr. Zuckerberg’s integration plan, the F.T.C. should reverse the WhatsApp and Instagram acquisitions as illegal under the Clayton Act, which prohibits mergers and acquisitions where the effect “may be substantially to lessen competition, or to tend to create a monopoly.” Undoing the mergers would give consumers an alternative to Facebook-owned apps and force Facebook to do better.

Without meaningful competition, Facebook has little incentive to protect users by making changes that could reduce profits. Users unhappy about data collection and algorithms that promote fake news and political polarization don’t have anywhere to go.

Any future Facebook acquisitions, no matter what the size, should be strictly reviewed because of the company’s history of deceiving users. Facebook uses technology, like its Onavo and Research apps, that monitor consumers’ app usage to identify potential rivals even before they are big enough to get on antitrust enforcers’ radars. Internal Facebook documents published by the British Parliament show Facebook used Onavo data to identify WhatsApp as a competitive threat, only to convince regulators otherwise.

Congress also should write legislation to overrule misguided cases that have neutered antitrust enforcement, and pass a strong privacy law with enough resources to enforce it. Only then, perhaps, will we be protected from Facebook.

Avast Highlights the Threat Landscape for 2019

Heads up, it will not get easier.

Quote
The Dawn of Adversarial AI

We foresee the emergence of a class of attacks known as ‘DeepAttacks’, which use AI-generated content to evade AI security controls. In 2018, the team observed many examples where researchers used adversarial AI algorithms to fool humans. Examples include the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences, in a convincing fashion.

We have also seen examples of adversarial AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign.

In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defenses.

IoT Threats Will Become More Sophisticated

The trend toward smart devices will be so pronounced in the coming years that it will become difficult to buy appliances or home electronics that are not connected to the internet.

Avast research has shown that security is often an afterthought in the manufacturing of these devices. While the big name smart devices often do come with embedded security options, some producers skimp on security either to keep costs low for consumers or because they are not experts in security. Considering a smart home is only as secure as its weakest link, this is a mistake. History tends to repeat itself, so we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed.

Router Attacks Will Advance

Routers have proven to be a simple and fertile target for a growing wave of attacks. Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks.

In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile. This new element could ask mobile users to install a new banking app, for instance, and this malicious app will then capture authentication messages. Routers will continue to be used as targets of an attack, not just to run malicious scripts or spy on users, but also as an intermediate link in chain attacks.

The Evolution of Mobile Threats

In 2019, well known tactics such as advertising, phishing and fake apps will continue to dominate the mobile threat landscape. In 2018, we tracked and flagged countless fake apps using our apklab.io platform. Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal. They will continue to persist as a trend in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.

In 2018, the return of banking Trojans was also particularly pronounced on the mobile side, growing 150 percent year-on-year, from three percent to over seven percent of all detections we see worldwide. While perhaps not a big shift in terms of the overall volume, we believe that cybercriminals are finding banking to be a more reliable way to make money than cryptomining.

“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

“PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.”

These trends form part of Avast’s annual Threat Report. To download the full report please click here.

Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted

Just maybe, I am not saying for sure, but just maybe, that reason for such stupidity is the companies like Marriot are hiring too many newbies to save money and ignoring the more senior members of the IT community. Or maybe that there is no real hard financial penalties for breaches. Maybe both.

But the real story here is not only Marriot, but the continued onslaught from China. No surprise.

Quote

WASHINGTON — Marriott International said on Friday that the biggest hacking of personal information in history was not quite as big as first feared, but for the first time conceded that its Starwood hotel unit did not encrypt the passport numbers for roughly five million guests. Those passport numbers were lost in an attack that many outside experts believe was carried out by Chinese intelligence agencies.

What made the Starwood attack different was the presence of passport numbers, which could make it far easier for an intelligence service to track people who cross borders. That is particularly important in this case: In December, The New York Times reported that the attack was part of a Chinese intelligence gathering effort that, reaching back to 2014, also hacked American health insurers and the Office of Personnel Management, which keeps security clearance files on millions of Americans.

Taken together, the attack appeared to be part of a broader effort by China’s Ministry of State Security to compile a huge database of Americans and others with sensitive government or industry positions — including where they worked, the names of their colleagues, foreign contacts and friends, and where they travel.

“Big data is the new wave for counterintelligence,” James A. Lewis, a cybersecurity expert who runs the technology policy program at the Center for Strategic and International Studies in Washington, said last month.

One top official of the Chinese Ministry of State Security was arrested in Belgium late last year and extradited to the United States on charges of playing a central role in the hacking of American defense-related firms, and others were identified in a Justice Department indictment in December. But those cases were unrelated to the Marriott attack, which the F.B.I. is still investigating.

China has denied any knowledge of the Marriott attack. In December, Geng Shuang, a spokesman for its Ministry of Foreign Affairs, said, “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law.”

Do make me laugh

The Marriott investigation has revealed a new vulnerability in hotel systems: What happens to passport data when a customer makes a reservation or checks into a hotel, usually abroad, and hands over a passport to the desk clerk. Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files — meaning they were easily read by anyone inside the reservation system. An additional 20.3 million passport numbers were kept in encrypted files, which would require a master encryption key to read. It is unclear how many of those involved American passports, and how many come from other countries.

Yes you read that correctly. Morons asleep at the switch

Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files — meaning they were easily read by anyone inside the reservation system.

It was not immediately clear why some numbers were encrypted and others were not — other than that hotels in each country, and sometimes each property, had different protocols for handling the passport information. Intelligence experts note that American intelligence agencies often seek the passport numbers of foreigners they are tracking outside the United States, which may explain why the United States government has not insisted on stronger encryption of passport data worldwide.

Asked how Marriott was handling the information now that it has merged Starwood’s data into the Marriott reservations system — a merger that was just completed at the end of 2018 — Connie Kim, a company spokeswoman, said: “We are looking into our ability to move to universal encryption of passport numbers and will be working with our systems vendors to better understand their capabilities, as well as reviewing applicable national and local regulations.”


“We are looking into our ability to move to universal encryption of passport numbers and will be working with our systems vendors to better understand their capabilities, as well as reviewing applicable national and local regulations.”

 

Which means 1) they are still NOT encrypted and 2) They need to fire the person(s) managing the vendors and the vendors themselves (assuming vendors haven’t been screaming at Marriot to do something which may indeed be plausible.)

The State Department issued a statement last month telling passport holders not to panic, because the number alone would not enable someone to create a fake passport. Marriott has said it would pay for a new passport for anyone whose passport information, hacked from their systems, was found to be involved in a fraud. But that was something of a corporate sleight of hand, since it provided no coverage for guests who wanted a new passport simply because their data had been taken by foreign spies.

So far the company has ducked addressing that issue by saying it has no evidence about who the attackers were, and the United States has not formally accused China in the case. But private cyberintelligence groups that have looked at the breach have seen strong parallels with the other, Chinese-related attacks underway at the time. The company’s president and chief executive, Arne Sorenson, has not answered questions about the hacking in public, and Marriott said he was traveling and declined a request from The Times to talk about hacking.

The company also said that about 8.6 million credit and debit cards were “involved” in the incident, but those are all encrypted — and all but 354,000 cards had expired by September 2018, when the hacking, which went on for years, was discovered.

So far, there are no known cases in which stolen passport or credit card information was found in fraudulent transactions. But to cyberattack investigators, that is just another sign that the hacking was conducted by intelligence agencies, not criminals. The agencies would want to use the data for their own purposes — building databases and tracking government or industrial surveillance targets — rather than exploiting the data for economic profit.

Idiots, And the U.S. and State Governments are just as culpable. We need very strong laws that mandate extremely stiff penalties for breaches.

Google shifted $23bn to tax haven Bermuda in 2017, filing shows

“Do No Harm” …errh should be “behave like pigs”

Quote
Google’s owner, Alphabet, has seen an effective tax rate in the single digits on non-US profits for more than a decade.

Google moved €19.9bn ($22.7bn) through a Dutch shell company to Bermuda in 2017, as part of an arrangement that allows it to reduce its foreign tax bill, according to documents filed at the Dutch chamber of commerce.

The amount channelled through Google Netherlands Holdings BV was about €4bn more than in 2016, the documents, filed on 21 December, showed.

“We pay all of the taxes due and comply with the tax laws in every country we operate in around the world,” Google said in a statement.

“Google, like other multinational companies, pays the vast majority of its corporate income tax in its home country, and we have paid a global effective tax rate of 26% over the last 10 years.”

For more than a decade the arrangement has allowed Google’s owner, Alphabet, to enjoy an effective tax rate in the single digits on its non-US profits, about a quarter of the average tax rate in its overseas markets.

The subsidiary in the Netherlands is used to shift revenue from royalties earned outside the US to Google Ireland Holdings, an affiliate based in Bermuda, where companies pay no income tax.

The tax strategy, known as the “double Irish, Dutch sandwich”, is legal and allows Google to avoid triggering US income taxes or European withholding taxes on the funds, which represent the bulk of its overseas profits.

However, under pressure from the European Union and the United States, Ireland in 2014 decided to phase out the arrangement, ending Google’s tax advantages in 2020.

Google Netherlands Holdings BV paid €3.4m in taxes in the Netherlands in 2017, the documents showed, on a gross profit of €13.6m.

Asleep at the Switch

Quote

Facebook Data Scandals Stoke Criticism That a Privacy Watchdog Too Rarely Bites

Last spring, soon after Facebook acknowledged that the data of tens of millions of its users had improperly been obtained by the political consulting firm Cambridge Analytica, a top enforcement official at the Federal Trade Commission drafted a memo about the prospect of disciplining the social network.

Lawmakers, consumer advocates and even former commission officials were clamoring for tough action against Facebook, arguing that it had violated an earlier F.T.C. consent decree barring it from misleading users about how their information was shared.

But the enforcement official, James A. Kohm, took a different view. In a previously undisclosed memo in March, Mr. Kohm — echoing Facebook’s own argument — cautioned that Facebook was not responsible for the consulting firm’s reported abuses. The social network seemed to have taken reasonable steps to address the problem, he wrote, according to someone who read the memo, and most likely had not broken its promises to the F.T.C.

“They have been asleep at the switch,” said Senator Richard Blumenthal, the Connecticut Democrat and ranking member of the subcommittee charged with overseeing the agency.

The Cambridge Analytica data leak set off a reckoning for Facebook and a far-reaching debate about the tech industry, which has collected more information about more people than almost any other in history. At the same time, the F.T.C., which is investigating Facebook, is under growing attack for what critics say is a systemic failure to police Silicon Valley’s giants and their enormous appetite for personal data.

Almost alone among industrialized nations, the United States has no basic consumer privacy law. The F.T.C. serves as the country’s de facto privacy regulator, relying on more limited rules against deceptive trade practices to investigate Google, Twitter and other tech firms accused of misleading people about how their information is used.

But many in Washington view the agency as a watchdog that too rarely bites. In more than 40 interviews, former and current F.T.C. officials, lawmakers, Capitol Hill staff members, and consumer advocates said that as evidence of abuses has piled up against tech companies, the F.T.C. has been too cautious. Now, as the Trump administration and Congress debate whether to expand the agency and its authority over privacy violations, the Facebook inquiry looms as a referendum on the F.T.C.’s future.

“They have been asleep at the switch,” said Senator Richard Blumenthal, the Connecticut Democrat and ranking member of the subcommittee charged with overseeing the agency. “It’s a lack of will even more than paucity of resources.”

Long Overdue: It is time for the US to develop strong data privacy along the lines of the EU GDPR ( General Data Protection Regulation). It is also time for US “Netizens” to demand strong data privacy protect laws with extremely stiff penalties for non compliance.

Our Cellphones Aren’t Safe

Great article by Cooper Quintin og the Electronic Frontier Foundation with one glaring omission. Even if the cell networks were 100% secure, the apps people install are an even larger source of malware and privacy leaks.

Quote

America’s cellular network is as vital to society as the highway system and power grids. Vulnerabilities in the mobile phone infrastructure threaten not only personal privacy and security, but also the country’s. According to intelligence reports, spies are eavesdropping on President Trump’s cellphone conversations and using fake cellular towers in Washington to intercept phone calls. Cellular communication infrastructure, the system at the heart of modern communication, commerce and governance, is woefully insecure. And we are doing nothing to fix it.

This should be at the top of our cybersecurity agenda, yet policymakers and industry leaders have been nearly silent on the issue. While government officials are looking the other way, an increasing number of companies are selling products that allow buyers to take advantage of these vulnerabilities.

Spying tools, which are becoming increasingly affordable, include cell-site simulators (commonly known by the brand name Stingray), which trick cellphones into connecting with them without the cellphone owners’ knowledge. Sophisticated programs can exploit vulnerabilities in the backbone of the global telephone system (known as Signaling System 7, or SS7) to track mobile users, intercept calls and text messages, and disrupt mobile communications.

These attacks have real financial consequences. In 2017, for example, criminals took advantage of SS7 weaknesses to carry out financial fraud by redirecting and intercepting text messages containing one-time passwords for bank customers in Germany. The criminals then used the passwords to steal money from the victims’ accounts.

How did we get here, and why is our cellular infrastructure so insecure?

The international mobile communications system is built on top of several layers of technology, parts of which are more than 40 years old. Some of these old technologies are insecure, others have never had a proper audit and many simply haven’t received the attention needed to secure them properly. The protocols that form the underpinnings of the mobile system weren’t built with security in mind.

SS7, invented in 1975, is still the protocol that allows telephone networks all over the world to talk to one another. It was built on the assumption that anyone who can connect to the network is a trusted network operator. When it was created, there were only 10 companies using SS7. Today, there are hundreds of companies all over the world connected to SS7, making it far more likely that credentials to the system will be leaked or sold. Anyone who can connect to the SS7 network can use it to track your location or eavesdrop on your phone calls. A more recent alternative to SS7 called Diameter suffers from many of the same problems.

Another protocol, GSM, invented in 1991, allows your cellphone to communicate with a cell tower to make and receive calls and transmit data. The older generation of GSM, known as 2G, doesn’t verify that the tower that your phone connects to is authentic, making it easy for anyone to use a cell-site simulator and impersonate a cell tower to obtain your location or eavesdrop on your communications.

Larger carriers have already begun dismantling their 2G systems, which is a good start, since later generations of GSM such as 3G, 4G and 5G solve many of its problems. Yet our phones all still support 2G and most have no way to disable it, making them susceptible to attacks. What’s more, research has shown that 3G, 4G, and even 5G have vulnerabilities that may allow new generations of cell-site simulators to continue working.

Nobody could have envisioned how deeply ingrained cellular technology would become in our society, or how easy and lucrative exploiting it would be. Companies from China, Russia, Israel and elsewhere are making cell-site simulators and providing access to the SS7 network at prices affordable even to the smallest criminal organizations. It is increasingly easy to build a cell-site simulator at home, for no more than the cost of a fast-food meal. Spies all over the world — as well as drug cartels — have realized the power of these technologies.
Editors’ Picks
Forget the Suburbs, It’s Country or Bust
Dorm Living for Professionals Comes to San Francisco
This Town Once Feared the 10-Story Waves. Then the Extreme Surfers Showed Up.

So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August encouraging the Department of Justice to “be forthright with federal courts about the disruptive nature of cell-site simulators.” No response has ever been published.

The lack of action could be because it is a big task — there are hundreds of companies and international bodies involved in the cellular network. The other reason could be that intelligence and law enforcement agencies have a vested interest in exploiting these same vulnerabilities. But law enforcement has other effective tools that are unavailable to criminals and spies. For example, the police can work directly with phone companies, serving warrants and Title III wiretap orders. In the end, eliminating these vulnerabilities is just as valuable for law enforcement as it is for everyone else.

As it stands, there is no government agency that has the power, funding and mission to fix the problems. Large companies such as AT&T, Verizon, Google and Apple have not been public about their efforts, if any exist.

This needs to change. To start, companies need to stop supporting insecure technologies such as 2G, and government needs a mandate to buy devices solely from companies that have disabled 2G. Similarly, companies need to work with cybersecurity experts on a security standard for SS7. Government should buy services only from companies that can demonstrate that their networks meet this standard.

Finally, this problem can’t be solved by domestic regulation alone. The cellular communications system is international, and it will take an international effort to secure it.

We wouldn’t tolerate gaping potholes in our highways or sparking power lines. Securing our mobile infrastructure is just as imperative. Policymakers and industries around the world must work together to achieve this common goal.

Cooper Quintin is a senior staff technologist with the Electronic Frontier Foundation, where he investigates digital privacy and security threats to human-rights defenders, journalists and vulnerable populations.

Microsoft Issues Emergency Fix for IE Zero Day

Quote

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers.

The software giant said it learned about the weakness (CVE-2018-8653) after receiving a report from Google about a new vulnerability being used in targeted attacks.

Satnam Narang, senior research engineer at Tenable, said the vulnerability affects the following installations of IE: Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012, 2016 and 2019; IE 9 on Windows Server 2008; and IE 10 on Windows Server 2012.

“As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said.

According to a somewhat sparse advisory about the patch, malware or attackers could use the flaw to break into Windows computers simply by getting a user to visit a hacked or booby-trapped Web site. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft says users who have Windows Update enabled and have applied the latest security updates are protected automatically. Windows 10 users can manually check for updates this way; instructions on how to do this for earlier versions of Windows are here.

ZipRecruiter has been flying low: User email addresses exposed to unauthorised accounts

Quote

Looking for work? Spammers could well be looking for you

Lesson: use throw away emails if you must, but better, just say no to job search aggregators. Of course that may be impossible as many clueless employers use them to aggregate CV/Resumes, do initial screen, etc.

Tinder for job-seekers ZipRecruiter has copped to a data breach after the names and email addresses of job-seekers were flung to the wind in a permissions screw-up.

The company – which claims over seven million active job-seekers each month and 40 million job alert email subscribers – has been running since 2010 with operations in the US and UK. In 2012 it had helped 10,000 employers fill positions. By 2017 that number had exceeded one million.

But with impressive growth comes impressive growing pains, and a permissions cock-up at ZipRecruiter has meant that hopeful job-seekers, having uploaded their CV, have had their personal details shared in a way they might not have expected.

In the email, sent to those lucky users and seen by The Register, the company says:

On October 5th, we discovered that certain employer user accounts that were not intended to have access to the CV Database were able to obtain access to information including the first name, last name and email addresses of some job seekers who had submitted their CVs to our CV database.

Whoops!

The problem is with the part of ZipRecruiter’s site that allows an employer with permission to access the database of CVs to contact a candidate. Obviously, having admired the sheen of a turd buffed to a high gloss CV of a candidate, an employer will want to get in touch. To that end, ZipRecruiter provides a contact form, helpfully populated with the name and email address of the hopeful individual.

It appears that the Email Candidate form can also be accessed by users who have not ponied up the cash for access to the CV library. Those users can still search for job-seekers, but only see limited information depending on what a candidate has volunteered. This could be the candidate’s first name, last three employers and city and country.

But thanks to the permissions whoopsie, that unauthorised user could also potentially get to the candidate’s full name and email address.

ZipRecruiter professed itself “not certain of the purpose of the unauthorised access” but speculated with breathtaking insight that the information “could be utilised to send you spam or phishing emails”.

The company was quick to point out that the information accessed does not include any login credentials or financial information, and that its security team stomped on the bug 90 minutes after it was found. The ICO was notified on 9 October and the company has been picking through its records ever since, working out which users have had the spotlight of spammers shone on their details.

As for what to do, well, the company has told affected users:

The goal of this communication is not to alarm you or deter you from responding to potential employers; rather, we want you to be a little more vigilant when considering whether or not to respond to a potential communication, in light of the unauthorised access to your full name and email address.

So that’s alright then.

We contacted ZipRecruiter to find out how many users had been affected, but other than a slightly nasal recording telling us our call may be recorded before abruptly hanging up, the company has remained incommunicado. We can but hope ZipRecruiter is a tad more helpful when it comes to paying customers.

As for the UK’s Information Commissioner’s Office (ICO), a spokesperson told us: “ZipRecruiter, Inc has made us aware of an incident and we will consider the facts.”

Register reader Steve, who was one of the lucky job hunters to receive an “oopsie” email, observed: “It’s always so f*cking special to get pwned when you’re looking for work.”

It is indeed, Steve. It is indeed. ®

Dutch court rejects man’s request to be 20 years younger

Well although not exactly IT news, I wanted to post this. I sort of get it. As I read the article, I immediately thought of the rampant age discrimination in IT/ICT (as well as other industries). Sure, not all seniors have kept up, but many have and they have a tremendous amount to contribute. It is tragedy that they are kicked to the curb of Walmart greaters.

Yeah yeah – maybe Emile Ratelband is not the best example, but his bid does shed light on a deeply troubling subject, especially in the IT/ICT industry.

Quote

A Dutch court has rejected the request of a self-styled “positivity guru” to shave 20 years off his age, in a case that drew worldwide attention.

Last month Emile Ratelband asked the court in Arnhem to formally change his date of birth to make him 49. He said his official age did not reflect his emotional state and it was causing him to struggle to find work and love.

He claimed he did not feel 69 and said his request was consistent with other forms of personal transformation gaining acceptance around the world, such as the right to change name or gender.

In a written ruling on Monday, the court said Dutch law assigned rights and obligations based on age “such as the right to vote and the duty to attend school. If Mr Ratelband’s request was allowed, those age requirements would become meaningless.”

In a press statement, the court said: “Mr Ratelband is at liberty to feel 20 years younger than his real age and to act accordingly. But amending his date of birth would cause 20 years of records to vanish from the register of births, deaths, marriages and registered partnerships. This would have a variety of undesirable legal and societal implications.”

The court said it acknowledged “a trend in society for people to feel fit and healthy for longer, but did not regard that as a valid argument for amending a person’s date of birth”.

It said Ratelband failed to convince the court that he suffered from age discrimination, adding that “there are other alternatives available for challenging age discrimination, rather than amending a person’s date of birth”.

Ratelband was undeterred by the court’s rejection and vowed to appeal. “This is great!” he said. “The rejection of {the] court is great … because they give all kinds of angles where we can connect when we go in appeal.”

He said he was the first of “thousands of people who want to change their age”.

Break up Facebook (and while we’re at it, Google, Apple and Amazon)

Reich concludes “We must resurrect antitrust” – yes and we need to do that very fast.

Quote

Big tech has ushered in a second Gilded Age. We must relearn the lessons of the first, writes the former US labor secretary

Last week, the New York Times revealed that Facebook executives withheld evidence of Russian activity on their platform far longer than previously disclosed. They also employed a political opposition research firm to discredit critics.

There’s a larger story here.

America’s Gilded Age of the late 19th century began with a raft of innovations – railroads, steel production, oil extraction – but culminated in mammoth trusts owned by “robber barons” who used their wealth and power to drive out competitors and corrupt American politics.

We’re now in a second Gilded Age – ushered in by semiconductors, software and the internet – that has spawned a handful of giant hi-tech companies.

Facebook and Google dominate advertising. They’re the first stops for many Americans seeking news. Apple dominates smartphones and laptop computers. Amazon is now the first stop for a third of all American consumers seeking to buy anything.

“Amazon the first stop..” — The main reason is that they have allowed illegal predatory pricing to drive out competition. And Amazon is usually never a good deal. Check it out carefully: Prime products are always more expansion than elsewhere even on the Amazon site. With Prime you pay twice. Brilliant!

This consolidation at the heart of the American economy creates two big problems.

First, it stifles innovation. Contrary to the conventional view of a US economy bubbling with inventive small companies, the rate at which new job-creating businesses have formed in the United States has been halved since 2004, according to the census.

A major culprit: big tech’s sweeping patents, data, growing networks and dominant platforms have become formidable barriers to new entrants.

The second problem is political. These massive concentrations of economic power generate political clout that’s easily abused, as the New York Times investigation of Facebook reveals. How long will it be before Facebook uses its own data and platform against critics? Or before potential critics are silenced even by the possibility?

America responded to the Gilded Age’s abuses of corporate power with antitrust laws that allowed the government to break up the largest concentrations.

President Teddy Roosevelt went after the Northern Securities Company, a giant railroad trust financed by JP Morgan and John D Rockefeller, the nation’s two most powerful businessmen. The US supreme court backed Roosevelt and ordered the company dismantled.

In 1911, President William Howard Taft broke up Rockefeller’s sprawling Standard Oil empire.

It is time to use antitrust again. We should break up the hi-tech behemoths, or at least require they make their proprietary technology and data publicly available and share their platforms with smaller competitors.

There would be little cost to the economy, since these giant firms rely on innovation rather than economies of scale – and, as noted, they’re likely to be impeding innovation overall.

But is this politically feasible? Unlike the Teddy Roosevelt Republicans, Trump and his enablers in Congress have shown little appetite for antitrust enforcement.

Republicans rhapsodize about the “free market” but have no qualms about allowing big corporations to rig it at the expense of average people. Yet as the late Robert Pitofsky, former chairman of the Federal Trade Commission, once noted: “Antitrust is a deregulatory philosophy. If you’re going to let the free market work, you’d better protect the free market.”

But the Democrats, for their part, have shown no greater appetite for antitrust – especially when it comes to big tech.

In 2012, the staff of the FTC’s bureau of competition submitted to the commissioners a 160-page analysis of Google’s dominance in the search and related advertising markets, and recommended suing Google for conduct that “has resulted – and will result – in real harm to consumers and to innovation”.

But the commissioners, most of them Democratic appointees, chose not to pursue the case.

The Democrats’ recent “better deal” platform, which they unveiled a few months before the midterm election, included a proposal to attack corporate monopolies in industries as wide-ranging as airlines, eyeglasses and beer. But, notably, the proposal didn’t mention big tech.

Maybe the Democrats are reluctant to attack the industry because it has directed so much political funding to Democrats. In the 2018 midterms, the largest recipient of big tech’s largesse, ActBlue, a fundraising platform for progressive candidates, collected nearly $1bn, according to the Center for Responsive Politics.

As the New York Times investigation makes clear, political power can’t be separated from economic power. Both are prone to abuse.

Antitrust law was viewed as a means of preventing giant corporations from undermining democracy. “If we will not endure a king as a political power,” thundered Ohio’s Senator John Sherman, the sponsor of the nation’s first antitrust law in 1890, “we should not endure a king over the production, transportation and sale” of what the nation produced.

In the second Gilded Age as in the first, giant firms at the center of the American economy are distorting the market and our politics.

We must resurrect antitrust.