Apple Confronts the Middle Kingdom: Another Joust between a High Tech Country and a Nation State
March 19, 2021
How did Australia fare in its head-to-head death match with Facebook? Readers of this blog know that I declared Facebook the winner over a mere country. Imagine. A country with kangaroos thinking it could win against the digital social kingdom. I declared Facebook the winner and pegged Australia as the equivalent of a company selling used RVs to residents of Silicon Valley who could not afford an apartment.
Now China finds itself in the midst of Apple peels because Chinese iPhone app developers are following Apple’s privacy guidelines. Imagine. Programmers in China have the daring do to veer outside the boundaries of the orchard owner.
“Apple Warns Chinese Apps Not to Dodge Its New Privacy Rules” explains:
But even before introducing the changes, Apple is facing problems in China, where tech companies are testing ways to beat the system and continue tracking users without prompting for their consent. Apple previously said it would reject from its App Store any apps that “are found to disregard the user’s choice”. On Thursday, Apple fired pre-emptive warnings to at least two Chinese apps, telling them to cease and desist after naming a dozen parameters such as “setDeviceName” that could be used “to create a unique identifier for the user’s device”.
The write up explains that Chinese developers are testing technology to put gates in the fence around the Apple app orchard. That’s not what Apple permits. The techniques referenced in the source article smack of breach techniques long in use by specialized software companies. Some of the methods were hinted at in some of the Snowden documents and in the public dump of the Hacking Team’s RCS. Certain government-supported intelware companies employ similar techniques in their solutions as well.
What’s ahead?
- Apple declares victory and makes changes as it did for Russia. Business is business, and the ethical issues are really super important unless the economic hit is a consideration
- Apple declares that China has ruined the apple orchard, so no more digital delicacies will be exported to the Middle Kingdom
- China demonstrates that it can influence behavior by pulling certain supply chain strings, suggesting tariff changes to countries in its orbit, and engaging in face-to-face discussions with Chinese nationals working for the Silicon Valley giant.
Surveillance operates on steroids when app developers have access to the treasure trove of data from users’ actions.
This is another distinctly 21st century issue: A mere country and some of its state backed developers finding that access to the abundance in the Apple orchard hindered.
Stephen E Arnold, March 19, 2021
Palantir and Anduril: Best Buds for Sure
March 12, 2021
I read “Anduril Industries Joins Palantir Technologies’ TITAN Industry Team.” In the good old days I would have been zipping from conference to conference outputting my ideas. Now I sit in rural Kentucky and fire blog posts into the datasphere.
This post calls attention to an explicit tie up between two Peter Thiel-associated entities: Palantir Technologies and Anduril. The latter is an interesting company with some nifty smart technology, including a drone which has the cheerful name “Anvil.”
For details about the new US Army project and the relationship between these two companies, the blog post was online as of March 8, 2021. (Some information may be removed, and I can’t do much about what other outfits do.)
Information about Anduril is available at their Web site. Palantir is everywhere and famous in the intelware business and among some legal eagles. No, I don’t have a Lord of the Rings fetish, but some forever young folks do.
Stephen E Arnold, March 12, 2021
Cyprus: Illuminating Some Interesting Organizations
March 10, 2021
Cyprus, a fine island, can be baffling to first time visitors. Some of the confusion may be reduced if the information in “Cyprus to Life Veil of Secrecy with Register of Company Owners.” Some firms in the specialized services game have offices in Nicosia. Some are housed in what look like fancy villas or zippy apartment buildings. The listing of company owners is not available, but allegedly the list will become available in the near future. Why is this a big deal? Some bad actors use Cyprus as a headquarters and financial resource center. Why not part a super yacht and take care of business in above average anonymity. The list may be called the “Ultimate Beneficial Owner” register. Among the individuals concerned about this new sunlight are quite interesting individuals allied with certain powerful Eastern European leaders and “organizations.” Who is in charge of this project? Cyprus’s Ministry of Energy, Commerce, and Industry. Will that individual exercise some additional caution? We will know and maybe get a chance to learn about the UBO people. Maybe.
Stephen E Arnold, March 11, 2021
How Quickly Can Facebook, Google, and Twitter Remove Content? 36 Hours or Less?
March 3, 2021
I read “Social Media Sites Must Remove Content in 36 Hours of Order: Govt in Draft Digital, OTT Platform Rules.” The rules will be imposed by India. According to the article in News 18 India:
The central government has finalized the rules to regulate internet-based businesses and organizations – social media companies, OTT streaming services, and digital news outlets, among others – as it plans to introduce a sea change in legislation to assert more control over powerful Big Tech firms. Under the new Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, the government plans to mandate social media companies like Facebook and Twitter to erase contentious content as early as possible, but not later than 36 hours, after a government or legal order.
Pretty clear. India sends an email; the recipient has 36 hours; then the fines begin.
Twitter, headed by a very talented, articulate, and handsome wizard, is allegedly the cause of this decision. Hey, tweet in real time, no problem. Fail to deal with flagged content, big problem.
Sucked into the “go where the money is” process, the inability to move in a sprightly manner could be expensive.
What’s next?
You know those weird motion picture ratings which lured under age limit viewers like roasting burgers in the park on a hot summer day? Ratings, yes. The Indian government wants tags on videos:
While the new rules for social media and other digital platforms will be governed by the IT Ministry, the Information and Broadcasting Ministry will be the governing body for rules concerning streaming platforms. Referring to films and other entertainment, including web-based serials, the draft rules called for a “classification rating” to describe content and advise discretion.
That will allow the Google to demonstrate its ability to do more than create financial hardship for content creators. How long does it take for Google to remove my video interview of Robert David Steele? Answer: About two years. The 36 hour ceiling is obviously going to be no problem for the Googlers.
Like Facebook’s massive victory over Australia, the social media giants will have no difficulty in dealing with another pesky nation state.
Stephen E Arnold, March 3, 2021
US Senator Throws Penalty Flag at Microsoft
February 26, 2021
JEDI foul? I am not sure. The bright yellow flag has been lofted and it is beginning its descent. One player has a look of disbelief, “A foul. You think I did a chop block?” That’s the image that went through my mental machinery as I read “US Senator claims Microsoft Failed to Fix Cloud Holes before SolarWinds Hack.”
The write up asserts:
Microsoft Corp’s failure to fix known problems with its cloud software facilitated the massive SolarWinds hack that compromised at least nine federal government agencies, according to security experts and the office of US Senator Ron Wyden. A vulnerability first publicly revealed by researchers in 2017 allows hackers to fake the identity of authorized employees to gain access to customers’ cloud services. The technique was one of many used in the SolarWinds hack.
The year 2017. I recall that was the time the DarkCyber research team began yammering about use of the wonderful Microsoft software update system, access control policies, and business processes to allow estimable Microsoft-friendly software to run. The idea was seamless, smooth, quick, and flawless interaction among users, software, the cloud, and assorted components. Fast. Efficient. Absolutely.
The elected official is quoted as saying:
The federal government spends billions on Microsoft software. It should be cautious about spending any more before we find out why the company didn’t warn the government about the hacking technique that the Russians used, which Microsoft had known about since at least 2017.
The write up points out that Microsoft does not agree with the senator’s observations. In the subsequent testimony (you can view it at this link), one of the top dog Microsoft professionals pointed out “only about 15 percent of the victims in the Solar Winds campaign were hurt via Golden SAML.” SAML is a a security assertion markup language. The golden part? Maybe it is the idea that a user or process signs on. If okayed somewhere in the system, the user or process is definitely okay again. Fast. Efficient.
The “golden” it turns out is a hack. Get into the SAML approved system, and bingo. Users, processes, whatever are good to go. Get administrator credentials and become an authorizing and verifying service and the bad actor owns the system. The idea is that a bad actor can pump out green light credentials and do many interesting things. Hey, being authorized and trusted is a wonderful thing, right?
Back to JEDI? Is the senator confident that the Department of Defense has not been compromised? What happens if the JEDI system is penetrated by foreign actors as the DoD wide system is being assembled, deployed, and operated? Does the vulnerability still exist in live systems?
These are good questions? I am not sure the answers are as well crafted.
Stephen E Arnold, February 27, 2021
What’s a Golden SAML?
Facebook: The Great Victory
February 25, 2021
“Facebook Says It Will Pay News Industry $1 Billion over 3 Years” makes clear the magnitude of Facebook’s “victory” over a mere nation state. The “real” news report reveals:
Facebook announced Wednesday it plans to invest $1 billion to “support the news industry” over the next three years and admits it “erred on the side of over-enforcement” by banning news links in Australia.
The admission does nothing to diminish the greatness of Facebook and its decision to unfriend or non-like Australia. A member of the Five Eyes, Australia did not reference Facebook’s alleged “bully boy” behavior. The country’s government was delighted to modify its laws in order to accommodate the digital nation state’s wishes.
Beyond Search’s art unit created the “new” flag for the mere nation state of Australia. Here it is:
An Australian official revealed:
The Morrison Government’s world-leading news media bargaining code has just passed the Parliament. This is a significant milestone.
Beyond Search has learned that changes to the school curricula, including replacing existing non-Facebook flags has begun immediately.
Facebook’s diplomatic skill, its management team’s acumen, and the incredible personal warmth of Mr. Zuckerberg (affectionately known as the Zuck) appear to have forced a mere nation state to reverse course.
Australia is no longer “unfriended” by the digital power house.
Stephen E Arnold, February 25, 2021
Facebook Demonstrates It Is More Powerful Than a Single Country
February 23, 2021
I read “Facebook to Reverse News Ban on Australian Sites, Government to Make Amendments to Media Bargaining Code.” It’s official. Google paid up. Facebook stood up and flexed its biceps. The Australian government swatted at the flies in Canberra, gurgled a Fosters, and rolled over. The write up states:
Facebook will walk back its block on Australian users sharing news on its site after the government agreed to make amendments to the proposed media bargaining laws that would force major tech giants to pay news outlets for their content.
The after party will rationalize what happened. But from rural Kentucky, it certainly seems as if Facebook is now able to operate as a nation state. Facebook can impose its will upon a government. Facebook can do what it darn well pleases, thank you very much.
The write-up has a great quote attributed to Josh Frydenberg, the Australian government treasurer:
Facebook is now going to engage good faith negotiations with the commercial players.
Are there historical parallels? Sure, how about Caesar and the river thing?
Turning point and benchmark.
Stephen E Arnold, February 23, 2021
SolarWinds: Woulda, Coulda, Shoulda?
February 17, 2021
The SolarWinds security breach had consequences worldwide. The bad actors, supposed to be Russian operatives, hacked into systems at the Department of Homeland Security, the Treasury Department, the National Institutes of Health, the Department of Justice, and other federal agencies as well as those of some major corporations. The supply-chain attack went on for months until it was finally discovered in December; no one is sure how much information the hackers were able to collect during that time. Not only that, it is suspected they inserted hidden code that will continue to give them access for years to come.
Now ProPublica tells us the government paid big bucks to develop a system that may have stopped it, if only it had been put into place. Writers Peter Elkind and Jack Gillum report that “The U.S. Spent $2.2 Million on a Cybersecurity System that Wasn’t Implemented—and Might Have Stopped a Major Hack.” Oops. We learn:
“The incursion became the latest — and, it appears, by far the worst — in a string of hacks targeting the software supply chain. Cybersecurity experts have voiced concern for years that existing defenses, which focus on attacks against individual end users, fail to spot malware planted in downloads from trusted software suppliers. Such attacks are especially worrisome because of their ability to rapidly distribute malicious computer code to tens of thousands of unwitting customers. This problem spurred development of a new approach, backed by $2.2 million in federal grants and available for free, aimed at providing end-to-end protection for the entire software supply pipeline. Named in-toto (Latin for ‘as a whole’), it is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University. … Cappos and his colleagues believe that the in-toto system, if widely deployed, could have blocked or minimized the damage from the SolarWinds attack. But that didn’t happen: The federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.”
Other experts also believe in-toto, which is free to use, would have been able to stop the attack in its tracks. Some private companies have embraced the software, including SolarWinds competitor Datadog. That company’s security engineer, in fact, contributed to the tools’ design and implementation. We are not sure what it will take to make the government require its vendors implement in-toto. Another major breach? Two or three? We shall see. See the write-up for more details about supply-chain attacks, the SolarWinds attack specifically, and how in-toto works.
Cynthia Murrell, February 17, 2021
Microsoft and the Covid: Microsoft 0. The Covid. 1.
February 16, 2021
I believe that everything on Yahoo is true. The write up “Microsoft System Blamed for N.J. Vaccine-Booking Glitches” must be viewed as providing direct insight into the excellence of Microsoft’s engineering. In this week’s DarkCyber, I gave my interpretation of Microsoft’s explanation of the SolarWinds’ affair, and I am delighted to have a different topic about the Redmond behemoth. (I am aware that the odd folding phone has been discounted and that Microsoft thinks Australia’s approach to the Google is the best thing since Windows 3.11.
The New Jersey story is that Microsoft software does not allow the state to schedule Covid injections. I noted:
Five weeks of stumbles by Microsoft Corp. on New Jersey’s Covid-19 vaccine-booking software have left the state pushing for daily fixes on almost every part of the system and doubting it will ever operate as intended…
The write up points out that New Jersey’s love affair with Microsoft was in bloom in May 2021:
“To everyone at Microsoft, who has been a vital partner to our information technology team, New Jersey thanks you,” Murphy [Governor of the great state] said at a May 9 virus briefing in Trenton.
Now the love birds are pecking at one another:
Eight months later, though, on Jan. 6, Persichilli [New Jersey Health Commissioner]called out Microsoft by name in one of the governor’s press briefings. She said “enormous interest in receiving the vaccine” caused “capacity challenges” with the state’s Microsoft-run system.
Some questions crossed my mind:
- Has Microsoft shifted from delivering stable solutions to talking about solutions which require additional work to make licensees bubble with enthusiasm?
- Are the issues with the Covid system similar to those which allowed Windows Defender and its Azure complement to overlook the SolarWinds’ breach for more than a six months, a year, maybe more?
- What are the implications of the Covid system hiccup and the JEDI solution which Microsoft has captured from the Bezos bulldozer and other outfits jockeying for a chunk of the multi-billion dollar US government contract?
If anyone from Microsoft is reading this essay, please, push back using the comments function of the blog. At age 77, I really don’t want to engage with thumbtypers in a text message, email, or phone call joust.
Giblets! Goose feathers! What does New Jersey get for dinner on the Jersey shore sitting fix feet apart and wearing a really nifty MSFT mask?
Stephen E Arnold, February 16, 2021
Does Nevada Want to Channel the Google Toronto Set Up?
February 12, 2021
I read a surprising write up called “Bill Would Allow Tech Companies to Create Local Governments.” The article asserts:
According to a draft of the proposed legislation, obtained by the Review-Journal but not yet introduced in the Legislature, Innovation Zones would allow tech companies like Blockchains, LLC to effectively form separate local governments in Nevada, governments that would carry the same authority as a county, including the ability to impose taxes, form school districts and justice courts and provide government services, to name a few duties.
Interesting. Visualize a Googlopolis. What about Facebookity? I like Appleorchards. These could be in the great state of Nevada. I am not sure that Toronto, Ontario, Canada, will be embracing corporation cities. One of my friends pointed out that Google wanted to drive the bus, collect the fares in the form of a tax kickback, and implement helpful surveillance systems. Maybe this person was off base, but Nevada perceives an opportunity to allow a good corporate citizen to create its own city.
What if a Tesla in Facebookity drives over a citizen? No problem. The corporate entity will point out that the citizen’s estate would be held responsible for damage to the vehicle. (I am assuming that the Tesla terminated the human behaving outside the envelope of the smart software.) Corporations are people too, and when a company is a city, many opportunities exist to innovate.
Yes, Nevada, a great state. I think it has given up trying to convince people in Harrod’s Creek that it not just a gambling hub. It is much, much more. (Bring your own water if you visit.)
Stephen E Arnold, January 12, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
