Tech

Techmeme Tech Web, page A1

TechCrunch TechCrunch is a group-edited blog that profiles the companies, products and events defining and transforming the new web.

  • Ford acquires Electriphi as it prepares to woo EV fleet customers
    by Kirsten Korosec on June 17, 2021 at 11:00 pm

    Ford has two electric vehicles in the pipeline —  the E-Transit cargo van and F-150 Lighting Pro —aimed at commercial customers. Now, the automaker is rounding out its future EV commercial business with the acquisition of battery management and fleet monitoring software startup Electriphi. Terms of the acquisition weren’t disclosed. Ford is betting that the

  • Delivery service Gopuff acquires rideOS for $115 million
    by Rebecca Bellan on June 17, 2021 at 10:50 pm

    On-demand goods, food and alcohol delivery service Gopuff has acquired fleet management platform rideOS for $115 million, sources familiar with the deal say. This acquisition comes just a few months after the Philadelphia-based startup announced a $1.15 billion funding round at a $8.9 billion valuation, up from $3.9 billion in October. Last fall, the company

  • Spotify acquires Podz, a podcast discovery platform
    by Amanda Silberling on June 17, 2021 at 10:23 pm

    Podcasts are all the rage, but podcast discovery is a challenge. Today, Spotify announced its acquisition of Podz, a startup that’s trying to solve the problem of podcast discovery. “At Spotify, we are investing to build and scale the world’s best (and most personalized) podcast discovery experience,” the company said. “We believe that Podz’ technology

  • KeepTruckin raises $190 million to invest in AI products, double R&D team to 700
    by Rebecca Bellan on June 17, 2021 at 10:13 pm

    KeepTruckin, a hardware and software developer that helps trucking fleets manage vehicle, cargo and driver safety, has just raised $190 million in a Series E funding round, which puts the company’s valuation at over $2 billion, according to CEO Shoaib Makani.  G2 Venture Partners, which just raised a $500 million fund to help modernize existing

  • Daily Crunch: Google’s first retail location opened today in NYC
    by Henry Pickavet on June 17, 2021 at 10:10 pm

    Hello friends and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.

  • Bias isn’t the only problem with credit scores—and no, AI can’t help
    by Will Douglas Heaven on June 17, 2021 at 9:57 am

    We already knew that biased data and biased algorithms skew automated decision-making in a way that disadvantages low-income and minority groups. For example, software used by banks to predict whether or not someone will pay back credit-card debt typically favors wealthier white applicants. Many researchers and a slew of start-ups are trying to fix the…

  • The best places to find extraterrestrial life in our solar system, ranked
    by Neel V. Patel on June 16, 2021 at 6:49 pm

    If you want to believe, now is the time: the hope that we might one day stumble upon alien life is greater than it ever was. No, it’s not going to be little green men speeding through space in flying disks—more likely microbes or primitive bacteria. But a discovery like that would nevertheless be a…

  • Holistic decision-making in a digitized health-care environment
    by Siemens Healthineers on June 16, 2021 at 4:00 pm

    Smart data integration can help to increase the quality of data-based decision-making, especially in scenarios where clinical decision-makers face multiple barriers and challenges along the patient pathway. And this is critically important in today’s digitized health-care environment where the quality of decision-making depends on the quality and availability of the underlying data. In medicine, decision-making…

  • We investigated whether digital contact tracing actually worked in the US
    by Betsy Ladyzhets on June 16, 2021 at 9:00 am

    In the spring of 2020, the first versions of covid-19 exposure notification systems were released to the public. These systems promised to slow the disease’s spread by providing automated warnings to people who came into contact with the virus. Now, over a year later, residents in over 50 countries—including half of US states—can opt into…

  • Uyghurs outside China are traumatized. Now they’re starting to talk about it
    by Andrew McCormick on June 16, 2021 at 8:26 am

    Mustafa Aksu had a bad track record with therapists. Growing up in China, he was bullied by his Han Chinese classmates for being Uyghur. This made him constantly anxious, and his stomach often hurt, so much that sometimes he threw up. A concerned teacher referred him to counseling, but Aksu was skeptical it could help.…

Biz & IT – Ars Technica Serving the Technologist for more than a decade. IT news, reviews, and analysis.

VentureBeat Transformative tech coverage that matters

  • Sen. Kirsten Gillibrand wants to create a new agency to deal with data privacy
    by Sara Morrison on June 17, 2021 at 10:00 am

    Sen. Kirsten Gillibrand (D-NY) is giving her privacy agency bill another try. | Anna Moneymaker/Getty Images The FTC currently enforces federal privacy laws. Gillibrand doesn’t think it’s enough. Sen. Kirsten Gillibrand (D-NY) is introducing a revamped version of her Data Protection Act, which would create a new government agency in charge of regulating and enforcing federal privacy laws — the ones we have now as well as any we might get in the future. “Big Tech companies are free to sell individuals’ data to the highest bidder without fear of real consequences, posing a severe threat to modern-day privacy and civil rights,” Gillibrand said in a statement. “A data privacy crisis is looming over the everyday lives of Americans and we need to hold these bad actors accountable.” The bill builds on her 2020 version in ways that seem to reflect the Biden administration’s agenda and the fact that Democrats now have control over both houses of Congress and are therefore more likely to be able to carry out that agenda. It also includes new sections addressing antitrust and civil rights. The Data Protection Act isn’t a privacy bill in and of itself. Rather, it establishes a Data Protection Agency, whose job would be to regulate and enforce federal data privacy laws. The bill also spells out some prohibited data collection and usage practices, including those that are discriminatory or deceptive, and bans re-identifying users from de-identified data. The agency would also, in this new version, review the privacy implications of any mergers that include transferring the data of at least 50,000 users — think Facebook and Instagram, but also those of data brokers like Oracle’s acquisition of BlueKai. That review would then be sent to the Federal Trade Commission (FTC) and the Department of Justice to be used in determining whether to allow the mergers to go through. The Data Protection Agency would also have its own Office of Civil Rights that ensures data is not collected or used in a way that discriminates against protected classes. Facebook allowing users to place housing ads that exclude certain races and ethnicities is one example of this, but there are myriad ways that data you didn’t even know you were providing can be used against you — and there’s no one agency responsible for overseeing those violations. Currently, enforcing federal privacy laws generally falls to the FTC and state attorneys general. This bill would take that out of the FTC’s purview, and opinions are divided on whether this is a good idea. Some believe the power should stay with an established agency that can be expanded to better take it on. The FTC recently said it needed more people and new units to properly tackle privacy issues. The agency currently only has about 40 people dedicated to privacy matters out of its roughly 1,100 full-time employees. Washington Rep. Suzan DelBene’s privacy bill, introduced in March, would give the FTC significantly more money and employees, which she told Recode she believes is a better way to regulate privacy than a new agency. “There’s nothing wrong with the FTC that can’t be corrected with stronger legal authority and more resources,” Cameron Kerry, a fellow at the Brookings Institution’s Center for Technology Innovation, told Recode last March. “I think it’s got experience. You don’t just stand up a new agency. I think there are advantages to having an agency doing this that also has competition authority.” But others point out that many countries have data protection authorities, and a dedicated body is needed considering the huge companies and ecosystem it would be regulating — data collection is, in many ways, the backbone of the internet and mobile apps. The FTC, many argue, has fallen short on data privacy and is frequently called “toothless” for levying fines against Big Tech companies that are essentially slaps on the wrist — first offenses often don’t even merit a fine. Even the enormous $5 billion fine the FTC handed down to Facebook for privacy violations didn’t seem to make a dent in the company’s bottom line, and only happened because Facebook violated a 2012 settlement that didn’t require it to pay a fine at all. And Gillibrand isn’t the only lawmaker who wants an agency like this: California Reps. Anna Eshoo and Zoe Lofgren’s Online Privacy Act called for a Digital Privacy Agency, and that bill could also make a reappearance this Congress. Ohio Sen. Sherrod Brown’s draft version of his Data Accountability and Transparency Act included a provision establishing an independent agency, and his office told Recode he intends to introduce his bill this Congress. He’s a co-sponsor of Gillibrand’s bill. Meanwhile, California will soon have its own Privacy Protection Agency. It’s also not yet known where data privacy will fall on the FTC’s docket, now that Lina Khan is the agency’s chair. Khan rose to prominence as a Big Tech critic and antitrust expert, and her appointment reflects that the Biden administration wants to prioritize those antitrust matters, as do lawmakers in both parties and both houses of Congress. Khan was a co-author of the House Democrats’ massive antitrust report, which blamed Big Tech’s perceived anti-competitive practices for eroding user privacy. Data privacy will likely be a part of her agenda, but it may not be the focus. Perhaps the biggest issue with this bill is not the bill itself but what the agency it creates would be able to do. While the US does have data privacy laws, almost everyone — including the companies the laws target — agrees that existing regulations aren’t enough and don’t reflect the online-centric way many people live their lives now. They just don’t agree on how to address that problem, so federal privacy bills have historically gone nowhere. And that’s something this bill can’t fix.

  • The problem with Facebook’s attempt to be more like Nextdoor
    by Rebecca Heilweil on June 16, 2021 at 9:40 pm

    Facebook is expanding its reliance on community moderators. | David Paul Morris/Bloomberg via Getty Images Nextdoor’s approach to content moderation doesn’t always work. Facebook is becoming a bit more like Nextdoor in an effort to boost its groups feature. The only problem is that Facebook appears to be borrowing one of Nextdoor’s more controversial concepts: giving more power to community moderators. On Wednesday, the company announced it was making a major enhancement to the powers of its groups’ community moderators. Now, administrators can do a number of new things, like automatically block certain people from commenting in conversations based on factors like how long they’ve been a member of the group. Facebook says the new tools are meant to help “admins play a key role in helping maintain a safe and healthy culture.” The changes are part of Facebook’s broader shift toward relying more on unpaid community admins, who get special privileges in exchange for managing the conversation in individual groups. There are other new powers now at admins’ disposal, like an AI-powered alert that flags “contentious and unhealthy” conversations, and new summaries that moderators can use to review any member’s activity in a particular group. When asked whether the new features were inspired by Nextdoor’s moderation system, Facebook spokesperson Leonard Lam said, “Our product team regularly talks to our admin community to better understand their needs, and the features we announced today reflect direct feedback that we’ve gotten from them.” The approach largely resembles the way Nextdoor, the neighborhood-based media platform, has for years handled moderation. The problem is that Nextdoor’s model hasn’t really worked. Its communities are plagued by a haphazard approach to misinformation and complaints of toxic fights between group members, along with accusations of biased and inconsistent community moderators. Maybe things will work out differently for Facebook. But the new approach to moderation isn’t the only example of Facebook trying to be more like Nextdoor. Facebook is also preparing to launch a Nextdoor-style group feature in the US called Neighborhoods — the feature is already available in Canada — that will allow users to create and join groups that are limited to geographic areas, which is what Nextdoor does. Facebook will also rely on unpaid community moderators to enforce its guidelines for the Neighborhoods feature, which are meant to keep content “relevant and kind.” Nextdoor also does this. Enlisting users to serve as community moderators has its problems, something Nextdoor knows all too well. In recent years, Nextdoor has encountered many of the same moderation issues as Facebook, including the distribution of hate speech, conspiracy theories, and political misinformation. Nextdoor faced criticism last year when unpaid community moderators censored and removed posts in support of Black Lives Matter protests following the murder of George Floyd. The company later emphasized that these posts were permitted speech and, earlier this year, released an anti-racism notification system that’s supposed to prompt users who are about to post potentially racist content. Medical misinformation about Covid-19 is also a problem, users told Recode in February. They also complained that the platform’s community-based moderation system had allowed conspiracy theories to flourish. Nextdoor has also struggled to handle conversations about politics. As Recode reported last year, Nextdoor groups can be overrun with tense political arguments that its unpaid moderators are either unequipped or unmotivated to resolve. The platform’s issues with political speech were on display following the Capitol insurrection on January 6, when Nextdoor quietly stopped recommending political groups (Facebook decided to do this as well at about the same time). Nextdoor’s moderation model is far from perfect, but Facebook is betting that making itself more like Nextdoor — which has become increasingly popular during the pandemic — it might find success. Ultimately, the two platforms seem to be converging into offering groups-based interactions and AI-enhanced community moderation, even though both Facebook and Nextdoor continue to struggle with misinformation, racism, and toxic discourse. Today’s news is just another sign that Nextdoor and Facebook are getting more and more alike, which is probably bad news if you went to Nextdoor to avoid Facebook, or vice versa.

  • Biden says Putin “knows there are consequences” if cyberattacks continue
    by Sara Morrison on June 16, 2021 at 6:45 pm

    Amanda Northrop/Vox Biden and Putin had a long talk about cyberattacks in Wednesday’s meeting. If you found yourself in an hours-long line for expensive gas last month, then you’re probably familiar with the damage that ransomware attacks can do. The federal government certainly is. During President Joe Biden’s much-anticipated first meeting with Russian President Vladimir Putin on Wednesday, the two leaders said they talked about the recent cyberattacks on some of the United States’ most crucial systems and infrastructure, many of which have been traced to Russia. They agreed to further discuss both what critical infrastructure should be considered off-limits to cyberattacks and how to go after ransomware gangs operating within their borders. Last year’s SolarWinds hack was directly attributed to the Russian government, and recent ransomware attacks on industries, including energy, food, and transportation, have been blamed on criminal organizations based in or near Russia — possibly with the country’s knowledge and approval. Putin claimed in a subsequent press conference that Russia had nothing to do with the attacks (he has denied any involvement in the past). In a separate press conference, Biden said he told Putin in no uncertain terms that the cyberattacks couldn’t go on. “He knows there are consequences,” Biden said. Biden also said he told Putin that he expects Russia to act against any criminal ransomware organizations operating within its borders, just as the United States would against any organizations operating within its own. The United States government has already stepped up its response back home. The Biden administration sent a letter to corporations and business leaders with recommendations for how they can better protect themselves from attacks, and a plea that they do so. The DOJ formed a task force dedicated to ransomware, which has already managed to recover part of the ransom Colonial Pipeline paid to its attackers. And FBI director Christopher Wray even compared the ransomware attack epidemic to 9/11. Wray’s comparison might be a bit extreme. There’s no evidence that a ransomware attack has been directly responsible for any deaths, let alone nearly 3,000 of them. But it should now be clear to everyone that ransomware is a serious issue that affects and disrupts even the most critical sectors. The attacks are ramping up in frequency and severity, and the US government is ready to throw everything it can at the problem in order to stop them — including, reportedly, giving ransomware attack investigations the same priority that they do terrorism. But for all that, ransomware isn’t new. There have been several high-profile attacks in the last few months that have given the issue more attention, but ransomware has been a major, and growing, issue for years. Wealthier and more sophisticated criminal organizations, new extortion tactics, and the pandemic have exacerbated the problem. But other factors — cryptocurrency, poor cybersecurity, and the fact that the ransoms often get paid and the attackers get away with it — have been around for a long time. And they may be here for a long time to come. A stern lecture at the leader of the Russian government almost certainly won’t be enough to stop them. Ransomware, explained Ransomware is malware that locks up access to its victim’s systems and then demands a ransom, usually in cryptocurrency, to unlock them. How the malware gets in the systems depends on the type used, but email phishing attacks are one of the most common ways. You may only need one employee out of thousands to open the wrong email and click on the wrong link if a company’s systems are properly secured, and spoofed emails can be pretty convincing. Hackers may also exploit vulnerabilities in a company’s systems or mount a brute force attack, which involves guessing at access credentials (like passwords) until they get one right. “It could be a user with a weak password, it could be a user that clicks on a phishing email, or it could be a vulnerability in the system itself,” Jonathan Katz, a professor of computer science at the University of Maryland, told Recode. “One way or the other, they’re able to get this malware installed on computer systems.” The most common victims have been institutions or companies that are especially vulnerable to an attack and motivated to get their systems back online as soon as possible. The health care sector, for instance, has been one of the most targeted because the consequences of not paying the ransom quickly can be dire, from not being able to provide health care to sensitive patient data being leaked — or even the patients themselves being blackmailed not to have their data released. Municipal or government systems, from school districts to large cities like Atlanta and Baltimore, have also been frequent targets of ransomware. But just because health and government systems have historically been the most likely targets doesn’t mean organizations in other sectors should assume they’re safe. If it wasn’t obvious by now, attacks can and do hit anyone. Bill Clark/CQ Roll Call, Inc/Getty Images Fears of gasoline shortages stemming from the Colonial Pipeline shutdown led many Americans to panic-buy at the pump. Before the gas pumps went dry, you may have been paying for ransomware attacks without realizing it. When government systems are attacked, the cost is ultimately borne by the taxpayer, just as consumers often cover the cost of attacks on large companies (or smaller ones, assuming the attack doesn’t put them out of business first). And the cost of fully recovering from a ransomware attack often far exceeds the ransom itself — it could be months of time and millions of dollars. Cybersecurity Ventures predicts that ransomware damage will cost $20 billion worldwide in 2021, up from $325 million just six years ago. But it can cost even more not to pay the ransom at all, so the victims pay up. The victims are paying more, too: The average ransom amount has increased along with the number of attacks. Due to the fact that the majority of victims never go public, it’s impossible to get an exact number, but one estimate says that the average ransom payment more than doubled between 2019 and 2020, from $115,000 to $315,000. When large companies like Colonial Pipeline, JBS Foods, and CNA Financial get hit, ransom payments are in the millions. It’s believed that ransomware gangs pulled in at least $350 million in 2020. Check Point Software told Recode that the number of attacks doubled between 2020 and 2021. One commonly cited global statistic says businesses will be attacked by ransomware every 11 seconds by the end of 2021, though other estimates are far more conservative. Check Point, for example, says about 1,000 organizations were attacked every week in April 2021 — or, once every 10 minutes. This all suggests that criminals are becoming bolder and, well, greedy. “Not only has there been a huge uptick in the number of attacks, but the amount being demanded of victim companies has just skyrocketed,” Peter Marta, cybersecurity law expert at Hogan Lovells and former head of cybersecurity law at JPMorgan Chase, told Recode. “I don’t think anybody could have predicted a year and a half ago, where we would be today.” And while the US government has issued statements over the years saying that ransomware attacks were a real threat that companies needed to take seriously and protect themselves from, the Colonial Pipeline attack took its response to a new level. The evolution of ransomware Ransomware has actually been around since the 1980s (the first known instance was distributed on floppy disks, with ransom payments made in cashier’s checks or money orders mailed to a post office box in Panama), but it wasn’t until 2013, with the emergence of the CryptoLocker virus, that cybersecurity researchers started to see it as a real and growing threat. CryptoLocker was distributed via spoofed emails with attachments. Once the victim downloaded the attachment, their files were locked up, and they were told to pay a small ransom to unlock them, ideally in bitcoin. “CryptoLocker was the first successful ‘mass distribution’ ransomware,” Lotem Finkelsteen, head of threat intelligence at cybersecurity firm Check Point, explained. “Up until CryptoLocker, it was very rare to see ransomware. … Bitcoin, in a way, assisted in the ransomware blossom. And the rest is history.” Bitcoin, as a global decentralized digital currency, made it much easier for criminals to collect ransom payments and harder for authorities to trace, let alone recover — although, as we’ve recently seen, recovering the ransom is not impossible. Ransoms were paid, the attackers got away with them, and over time and with more money, they’ve evolved into sophisticated criminal enterprises, offering ransomware-as-a-service to partners and creating what some experts liken to franchises. All of which makes ransomware more accessible to attackers who might otherwise not have had the know-how or payment mechanisms. “The commoditization of ransomware overall … has made this so much easier for anybody to get into the game,” said Steve Turner, a cybersecurity analyst at Forrester. And some, it seems, have become brazen enough to attack massive companies and demand huge ransoms while potentially disrupting the lives of millions all over the world. “There’s no mystery why some of these folks are being targeted,” said Mark Ostrowski, head of engineering at Check Point. “Big bang for the buck. Big interruption, big return.” In cases where hackers are identified and charged for their attacks, they’re usually well out of the reach of US authorities — in North Korea or Iran, for instance. Why we’re seeing so many attacks now With the recent spate of high-profile attacks on companies from different yet important sectors — energy, food, transportation, finance, technology, and communications — it’s understandable that the average person might think the US is under some kind of coordinated attack as part of a brewing cyberwar. That these attacks are coming on the heels of the SolarWinds cyberattack, which is believed to have been orchestrated and carried out by the Russian government, likely contributes to that impression. But SolarWinds was not a ransomware attack, and while it’s true that many ransomware operations are based in or around Russia, possibly with some kind of informal agreement with the Russian government that they can go about their business as long as they don’t attack Russia or its allies, many experts attribute the recent attacks to other factors, and the primary motivation to money. Starting a year and a half ago, two things happened: Attackers started not just holding systems for ransom, but also stealing their victims’ data and holding that for ransom too. Basically, hackers pivoted to data. You can back up and restore your systems without having to pay a ransom, but there’s not much you can do to stop your data from being released — other than paying for it not to be. “Yesterday’s ransomware attacks were just encryption events,” Marta said. “Today you have double extortion, where it’s not just that your files and servers are encrypted, but also the threat actor has stolen a bunch of your sensitive data. And they’re saying if you don’t pay, we are going to dump that data on the dark web.” Bitcoin, as a global decentralized digital currency, made it much easier for criminals to collect ransom payments and harder for authorities to trace The other thing that happened, of course, was the pandemic. This opened up tons of new attack vectors for hackers — not just unsecured remote systems, but an exponential rise in phishing emails that took advantage of the circumstances and collective fear. The situation made people more likely to click on a link that would then infect their computers — and, from there, the rest of the system. “Normally, personnel are physically at the location and do not need remote access,” Prashant Anantharaman, a researcher at Dartmouth’s Institute for Security, Technology, and Society, told Recode. “With the push for remote work, we had to make many of these facilities internet-connected and remotely operable, increasing the attack surface.” It’s hard to know the full extent of ransomware attacks because the vast majority of them aren’t reported. But even before the Colonial Pipeline attack — which introduced many Americans to the concept of ransomware, or at least how it could personally affect them — happened, the FBI had formed its ransomware task force and the Institute for Security and Technology had created a ransomware task force of its own, with an April launch event that featured a keynote speech from Secretary of Homeland Security Alejandro Mayorkas. The Cybersecurity and Infrastructure Security Agency (CISA) has steadily rolled out ransomware guides and fact sheets for everyone from individuals to businesses that run critical infrastructure. What happens next Americans’ shock over the recent spate of attacks may not be so much that ransomware exists or that cyberattacks are a threat, but that even massive companies and large governments can’t or won’t take steps to prevent them from happening in the first place. And that’s a very difficult problem that will probably need several different solutions. “Americans should be concerned about this,” said Michael Hamilton, former chief information security officer (CISO) for the city of Seattle and current CISO of CI Security, which specializes in local government cybersecurity. “But I believe there is help on the way, and I think it’s going to come in a number of parts.” In some cases, the government can — and does — require that certain sectors meet cybersecurity standards. Pipeline cybersecurity, for instance, is overseen by the Transportation Security Administration (TSA), but it did very little to ensure compliance from the companies under its purview. This will supposedly change soon. Colonial was breached through an account that didn’t have multi-factor authentication, which is a basic cybersecurity step. (CEO Joseph Blount told a Senate committee that the password was “complicated.” Any cybersecurity expert — or even a humble data privacy reporter — will tell you passwords, even the most complicated, are not enough. Safe to say that Blount knows this now, too.) Andy Cross/MediaNews Group/The Denver Post/Getty Images JBS Foods was hit by a ransomware attack in June that briefly closed several plants. “Regulations are part of it, but it’s not going to solve the problem,” Ostrowski, of Check Point, said. “How you’re going to solve the problem is actually taking cybersecurity seriously. And I think a lot of verticals don’t take cybersecurity as seriously as they should. They look at cybersecurity as an expense versus as a critical piece of their business. And that’s how you’re going to solve it.” The recent law enforcement crackdown on ransomware — and the results — may go a long way to alleviate the threat. After all, if hackers think they might actually get caught or have their operations shut down or their ransom payments seized, they’ll think twice about who they attack. The FBI was able to break into a crypto wallet and seize much of the ransom Colonial paid, and the group responsible for the attack, DarkSide, claimed its servers had been taken down and that it was disbanding (you can decide if you want to take that claim at face value or not — it’s pretty common for hacker groups to “disband” and then resurface with a different name). This shows that even those sophisticated ransomware-as-a-service organizations aren’t completely immune from some consequences. And, Hamilton points out, there’s a big difference between being a cybercriminal and being labeled a terrorist by the US government. “We change the rhetoric, we let them know we’re coming after you in a much different way now,” he said. On the other hand, the aggressive response could make things worse if hackers are confident enough that they still won’t get caught. “If they’re being targeted now, they’re going to get much more bold on the targets that they’re going after,” Forrester’s Turner said. “It becomes about getting revenge.” New laws could also make it harder to pay and collect ransoms. If organizations are forbidden from paying ransom and cryptocurrencies become better regulated, that could go a long way to cutting off the money stream that is believed to fuel many of these attacks. Of course, both of these things are easier said than done. But it’s not impossible, either: Look at China’s crackdown on cryptocurrencies. Experts are split on whether ransom payments should be banned. One silver lining to all of this is that organizations that haven’t invested in cybersecurity will finally realize that they could be attacked and make cybersecurity a priority — and have better guidance and resources to do so. “I think with CISA finally on its way to getting the funding and resources, I think that there’s a very big opportunity to make security better for everybody,” Turner said. “At the end of the day, all of these folks are chasing the almighty dollar or the almighty bitcoin … And if it continues to be lucrative and there are no penalties or there’s no traceability to what some of these folks are doing, they’re going to continue to do it.” Correction, June 17, 10:45 am: The $20 billion global damage by 2021 was not predicted by AIG, as initially written, but cited by AIG from a CyberSecurity Ventures report.

  • GameStop. Dogecoin. Now AMC. Do meme traders need to be protected from themselves?
    by Emily Stewart on June 16, 2021 at 12:30 pm

    Amateur investors took the stock market by storm not via Wall Street but via Reddit. Many of them are playing a losing game. Should they be saved from themselves? | Nicolas Economou/NurPhoto via Getty Images “If you’re trading like it’s a game, you’re probably going to lose.” It’s hard to argue that everything going on in financial markets lately is particularly smart. The question is, how silly should we let things get? Meme stocks like GameStop are still swinging wildly as they go in and out of fashion on Reddit. AMC recently told people buying its stock that they’re probably going to lose all their money. People are piling into cryptocurrencies based on memes and learning some hard lessons in volatility, much of which is driven by Elon Musk’s tweets. The NFT bubble might have already popped because it turns out spending hundreds of thousands of dollars on a GIF might not be the soundest investment. Amid the chaos, there’s been quite a bit of hand-wringing among regulators, lawmakers, and finger-waggers on CNBC over what to do about it. Many investors are trading like it’s a game, and one that they are likely to lose — some knowingly, some not. “Is there ever going to be a way to stop people from buying things at stupid prices? No,” said Andrew Park, senior policy analyst at Americans for Financial Reform. “There’s a key difference between people doing stupid things with their money versus being in positions where they’re either being exploited or manipulated.” There’s a fine line between keeping people from taking too big of risks and locking them out of opportunities, between letting people do what they want with their money and keeping them from being swindled. How much to protect investors is a thorny question to answer — especially when sometimes they need to be protected from themselves, or they don’t want the protections at all. When I talk to day traders, the sentiment is often that they want to be able to take more risks, not fewer. Speculation is hardly new; the same goes for gambling. Betting on a newly minted meme stock like Wendy’s or cryptocurrency like dogecoin isn’t all that different from playing blackjack, which is allowed. And Wall Street bigwigs take risks all the time, risks that can have major consequences for everyone. (See: the global financial crisis, or, more recently, the implosion of the hedge fund Archegos Capital that cost it and major banks billions of dollars.) The question regulators are facing right now as more and more people get into trading is which levers to pull and how much. There are plenty of ideas out there regarding what to do, such as increasing disclosures, shortening trade settlement times, or even banning certain practices and vehicles altogether. But new policies can come with certain trade-offs. How much to protect investors is a thorny question to answer — especially when sometimes they need to be protected from themselves, or they don’t want the protections at all For example, people using free trading apps like Robinhood are probably not getting the best execution on their buys and sells, but if you take away the mechanisms that facilitate that — which the Securities and Exchange Commission says it’s looking at — that might mean trading will no longer be commission-free. Reasonable minds can disagree about whether that’s the right move to make. It probably wouldn’t keep tons of people away from investing — day trading existed long before Robinhood — but it might keep some people out. More broadly, there’s a difference between being encouraged to make bad decisions with your money and being allowed to. It’s hard not to think it would be a good idea for newbie investors to have some more friction before making risky bets. Most day traders lose money, and it’s often the case that the more they trade, the worse they do. Risky options trading can be particularly hard to win at in the long run. The problem is, the companies facilitating commission-free trading make more money the more people trade. That there should be strong legal protections for investors and consumers so they’re not taken advantage of shouldn’t be controversial in American politics. After all, no one wants to be part of a system where they don’t have a fair shot of winning. At the same time, it’s hard not to wonder if they already are. “Why are all these meme stocks and crypto really popular? To some degree, there is hope that somehow I can magically make enough money to pay off these student loans, because otherwise, at the pace I’m going, there’s no way I can do that,” Park said. If we want to stop people from YOLOing their savings into bitcoin or putting money into a SPAC (special purpose acquisition company) whose business proposal seems like a blatant lie, we should also ask ourselves why they’re tempted to do so in the first place. The era of meme investing is not necessarily an astute one Some people are investing in meme stocks or cryptocurrencies or other risky assets because they genuinely believe in the underlying thing itself. There are people who really think crypto is the future, or hope GameStop can turn things around. But much of what is going on right now is decidedly not that. Matt Levine at Bloomberg Opinion got into the situation in a recent column: The way to become a meme stock is not just to be good; companies don’t become meme stocks because Redditors endorse a widespread consensus that they are good operators in attractive markets. The way to become a meme stock is to be bad, then good; companies become meme stocks because Redditors get mad at hedge funds for shorting them, so they buy them, so they go up, and it’s fun and more Redditors join in. The party is usually fleeting, but while it’s happening, for those involved, it can be fun. When it’s over, not so much. Some partygoers are left with varying degrees of a rough hangover. Every time there’s a big meme trade cycle, stories emerge of amateurs hitting it big on the upswing and suffering major losses on the downswing, sometimes days apart. When I talk to individual traders, I often hear the same story over and over again: They made some good bets early on, got overconfident, and then got wiped out. The hope is that people are playing with money they can afford to lose, but that’s not always the case. And sometimes, people wind up making trades they don’t even understand, with tragic consequences. Tyler Gellasch, executive director of Healthy Markets, an investor-focused nonprofit, said he has concerns some of the meme stock trading is affecting the overall quality of and confidence in the market, a sentiment he’s not alone in. The whole idea of efficient markets is that capital flows to places where it will be put to good use, not businesses on the verge of bankruptcy. “You invest in companies to make money, but at the same time, we want the good companies to get the money and the bad companies to fail so that the good companies create jobs and things people will use,” he said. The long term impact of $AMC + $GME isn’t about what happens to these companies or their stocks. It is about the public, which views the stock market (and economy) as something that is manipulated and not trusted.— Andrew Ross Sorkin (@andrewrsorkin) June 2, 2021 To be sure, deciphering what is a good company and a bad company is not easy — there’s a reason stock-pickers tend to underperform indexes like the S&P 500. Sometimes, the bankrupt companies turn around. And if I want to toss my latest paycheck into a thing I saw float by on r/WallStreetBets, to a certain extent, who’s to stop me? Many day traders seem to believe they’re in on the joke; they know they’re speculating, and they want to keep their right to it. Plenty of people look at a stock or a cryptocurrency and think they can get in and out and leave someone else holding the bag, and whether that’s good is much more of a moral question than a legal one. “You’ve got to be realistic,” said Tom Gorman, a securities expert and partner at the law firm Dorsey & Whitney. “If you’re trading like it’s a game, you’re probably going to lose.” One big issue now is whether investors actually realize the game’s rules and how it may or may not be stacked against them. There’s a difference between people doing silly things and people being taken advantage of The house always wins in Las Vegas. On Wall Street, that’s often true, too: Nobody offering you a financial product or touting some new investment is really doing it for your health. The recent boom in retail investing and day trading has opened up some important questions about whether people are being taken advantage of. In some cases, they may be falling victim to outright lies, scams, and fraud. In others, they’re being nudged in directions they shouldn’t be, or the guardrails are off. Gary Gensler, the new SEC chair, has said he plans to take a look at what’s going on in the markets with regard to free trading apps, volatility, and individual investors to make sure traders are being protected. That means scrutinizing the gamification of apps such as Robinhood that sometimes encourage people to trade more, which often translates to losing more money. Gensler and multiple others have also raised concerns about payment for order flow, where big market-makers such as Citadel Securities and Virtu pay brokers like Robinhood to process trades, in turn presumably making money off the spread, which is the price difference between the buy and the sell. It’s how a lot of apps offer “free” trading, though the trading isn’t really free. “If you’re trading like it’s a game, you’re probably going to lose” “Somebody is paying for yours, my order flow. Secondly, they’re getting our data; the data is very valuable,” Gensler said in a recent appearance on CNBC. “So it is zero commission but not necessarily free.” “That’s what enabled Robinhood to do what they do,” Gorman said. “It’s having the beneficial effect of encouraging these small investors to get in. Now, they’re not getting, maybe, the world’s best execution. They’re getting okay execution.” In the weeks and months to come, regulators will be working out just how much gamification, if any, should be allowed, or whether payment for order flow is a solid business model, even though without it, commission-free trading might disappear. How much risk people should be able to take, and how knowingly, is a tough needle to thread. Some traders are getting into super-risky options, which is basically gambling, or using margin, meaning they’re playing with money that’s not theirs. And some technologies aren’t just allowing this behavior, they’re encouraging it, even when it’s unclear whether people fully understand the mechanisms in play. “It’s great to have a lot of new entrants to the market, but that won’t end well if we don’t have any guardrails. We require driver’s licenses and seat belts for cars, but what should we have for financial markets? Clicking the box to say you read a 200-page disclosure isn’t going to protect anyone,” Gellasch said. Many amateurs have been caught by surprise by how some investment systems work. Some people were shocked when Robinhood shut down trading during the GameStop boom. Those new to bitcoin may have been unaware of its past booms and busts. Much of the time, these types of risks show up in disclosures (though not so much for crypto, which is pretty lightly regulated), but hardly anyone reads the fine print. SPACs, which are public entities that are expected to eventually merge with a private company and generate money (Recode has an explainer on what they are), are allowed to promise kind of whatever to potential investors. And so many of them do. The rocket builder Astra just went public via SPAC and says it will be launching rockets daily by 2025. It doesn’t even expect to make money in 2021. “If SPACs blew up a few years earlier, it’s possible that Theranos would have been bought up by a SPAC at an absurd valuation,” Park said, referring to the blood-testing startup run by Elizabeth Holmes that turned out to be a fraud. The SEC has said it’s taking a look at SPACs, too. Much of the debate here gets at an underlying tension around access to opportunity, even if the chances of things going wrong with said opportunity are greater than the chances of things going right. Many of the most potentially lucrative investments in the private markets are limited to accredited investors, meaning those who are sophisticated enough to take on more risk. “How do they define accredited? If you’re sophisticated. How do they define sophisticated? You’re rich,” said Michael Piwowar, executive director of the Milken Institute Center for Financial Markets and a former Republican member of the SEC. If there were better opportunities in the economy, maybe people wouldn’t be gambling on AMC Last year, I talked to a bunch of individual investors for a story on the retail trading boom. Some of them seemed to be making informed decisions; others, not so much. My line was always the same: I hope you’re not playing with money you can’t afford to lose (and if you have gains, they’re not just on paper). But did I hope they couldn’t play at all? Harder to say. The typical and probably soundest investment advice people get is to put their money into an index fund and never look at it again until it’s time to retire. It is really impossible to time the market or to know where stocks and assets are headed next. If you caught onto bitcoin in 2012 and are now a bitcoin millionaire, good for you. But you are not most people. Still, it’s hard not to wonder if some of the frenzy around meme stocks and crypto and the like is a reflection of the current economic moment, where for so many people, mobility feels really out of reach. It’s of course bad for investors to be taken advantage of, to lose their shirts, and to wind up in financial distress. Margin trading for a day trader maybe shouldn’t be allowed; perhaps neither should an ATM at a casino. But you can’t really blame the anonymous traders on Reddit for their financial nihilism when the whole system feels stacked against them. The stock market soared during the pandemic. It’s not the worst thing in the world that some regular people were along for the ride.

  • Lina Khan will be chair of the Federal Trade Commission
    by Rebecca Heilweil on June 15, 2021 at 8:08 pm

    Lina Khan, an expert in antitrust and a critic of Amazon’s power, is joining the Federal Trade Commission. | Graeme Jennings/Getty Images Democrats and Republicans came together to confirm the antitrust expert to the FTC. The Senate has voted to appoint Lina Khan, an antitrust law expert and a major critic of Big Tech’s power, to the Federal Trade Commission (FTC). The vote was 68 in favor and 28 opposed, which represents a stunning level of bipartisanship in a highly polarized, Democrat-controlled Senate. Even more significantly, news came later on Tuesday afternoon that Khan will be the chair of the FTC. During an afternoon hearing focused on smart home speakers and competitiveness, Sen. Amy Klobuchar announced that Khan would be taking on the FTC’s leading role. A source familiar with the White House’s plans confirmed the news, and Sen. Elizabeth Warren celebrated Khan’s appointment in a statement Tuesday afternoon. Khan’s appointment as FTC chair signals that, under President Biden, the FTC is likely to become more critical and aggressive in regulating the digital markets that have been created by the tech giants. At age 32, Khan is also the youngest person ever to join — and lead — the FTC. Khan’s confirmation also highlights the growing number of Big Tech critics joining the Biden administration and pushing Washington to change its approach to large technology companies. It’s also more evidence of the growing consensus among Republicans and Democrats that companies like Google and Amazon have become too powerful. Just a few days before Khan’s confirmation, House Democrats announced a slew of antitrust bills designed to curb the dominance of big technology companies, all of which have Republican co-sponsors. Taken together, all of these developments seem in line with where the country stands: Polls indicate that most Americans think Big Tech companies should be broken up. “I think it’s clear that in some instances the agencies have been a little slow to catch up to the underlying business realities and the empirical realities of how these markets work,” Khan told senators during her confirmation hearing in April. “At the very least, ensuring that the agencies are doing everything they can to keep pace is going to be important.” During the confirmation hearing, Khan also emphasized the need for regulators to understand black box algorithms, and gaps in knowledge between lawmakers and large tech companies, which hold massive troves of data. Khan first became widely known for her 2017 paper, “Amazon’s Antitrust Paradox,” which found that current antitrust laws weren’t capable of addressing the harm caused by dominant platforms and focused specifically on Amazon. Before her nomination, Khan helped put together the House Antitrust Report, released last year, which found that Apple, Facebook, Google, and Amazon had engaged in anti-competitive behavior. The report also determined that Congress would need to pass new antitrust legislation. Recode reported back in January that Khan was a top contender for an FTC appointment. Ahead of her confirmation, Khan had received a wide range of support from liberals and progressives. Earlier this year, Sen. Elizabeth Warren called Khan the “leading intellectual force in the modern anti­trust movement,” and her nomination was supported by small-business advocates and consumer protection groups. Khan seemed to be somewhat popular with conservatives, too, with Sen. Ted Cruz (R- TX) saying during her confirmation hearing, “I look forward to working with you.” But her appointment as the leader of the agency came as a surprise on Tuesday. Khan will be one of five voting members of the FTC, a government agency whose broad powers include enforcing consumer protection laws, overseeing mergers, and initiating cases against companies for anti-competitive behavior. As a commissioner, she can serve a term of up to seven years. Exactly how the FTC might change with Khan on board remains to be seen. But her joining the agency just as Congress takes up antitrust reform seems to signal trouble on the horizon for Big Tech. It’s not yet clear what cases will come before Khan — or how she’ll vote — but all signs indicate that Amazon, Apple, Facebook, and Google should be worried. Update, June 15, 4 pm ET: This piece was updated to note that Lina Khan has also been appointed the next chair of the FTC.

The Vergecast Hello! This is The Vergecast, the flagship podcast of The Verge… and your life. Every Friday, Nilay Patel and Dieter Bohn make sense of the week’s tech news with help from our wide-ranging staff. And on Tuesdays, Nilay hosts in-depth, one-on-one interviews with major technology leaders. Join us every week for a fun, deeply nerdy, often off-the-rails conversation about what’s happening now (and next) in technology and gadgets.

  • WWDC 2021: Apple’s iOS 15, spatial audio, macOS Monterey, and more
    by The Verge on June 11, 2021 at 10:00 am

    Nilay Patel, Dieter Bohn, Alex Cranz, and Chris Welch discuss all the announcements from Apple’s Worldwide Developers Conference that took place this week. All the links: COVID-19 hospitalization rates in adolescents went up during March and April Where did the COVID microchip conspiracy theory come from anyway? The pandemic might cut down e-waste but widen the digital divide Apple WWDC 2021: the 15 biggest announcements Apple previews iOS 15 at WWDC 2021 The best features of iOS, iPadOS, and macOS that Apple didn’t announce onstage Apple’s Siri will finally work without an internet connection with on-device speech recognition Watch Apple’s Siri blaze through requests with on-device processing You’ll soon be able to use your iPhone as ID at the airport Apple adds welcome privacy features to Mail, Safari Apple’s iCloud Plus bundles a VPN, private email, and HomeKit camera storage With iCloud Plus, Apple’s privacy promise is paired with an upsell Apple’s privacy-focused Private Relay feature isn’t coming to China Apple Music’s spatial audio is sometimes amazing but mostly inconsistent  macOS and tvOS are getting spatial audio support with the AirPods Pro and Max Apple Music begins rolling out lossless streaming and Dolby Atmos spatial audio Apple introduces Siri for third-party devices macOS Monterey lets you run Shortcuts and share files between Macs and iPads Apple may have done the coolest drag and drop demo ever How Universal Control on macOS Monterey works FaceTime is coming to Android and Windows via the web Apple is building video and music sharing into FaceTime Apple announces watchOS 8 with new health features Apple’s new health features bring new focus to elder care technology  Apple lets users see family members’ Health data Apple announces iPadOS 15 with homescreen and multitasking improvements Microsoft announces Xbox TV app and its own xCloud streaming stick Facebook plans first smartwatch for next summer with two cameras, heart rate monitor Sony WF-1000XM4 earbuds announced / review Google’s first folding Pixel is apparently still on track for a 2021 reveal Clubhouse and its clones have an accessibility problem Biden revokes Trump bans on TikTok and WeChat Learn more about your ad choices. Visit podcastchoices.com/adchoices

  • Microsoft’s next gen Windows / Huawei’s HarmonyOS arrives / Apple’s WWDC preview
    by The Verge on June 4, 2021 at 8:00 am

    Co-hosts Nilay Patel and Dieter Bohn talk with Verge senior editor Tom Warren and managing editor Alex Cranz about operating systems — what’s coming up at Apple’s developer conference next week, where Microsoft will take Windows next, and the debut of some new systems like HarmonyOS and Fuchsia OS. Further reading: The pandemic showed that big tech isn’t a public health savior The future of COVID-19 immunity looks good We have bigger problems than COVID-19’s origins Apple TV 4K (2021) review: much better remote, slightly faster box Of course repairing the new Apple TV remote is harder than simply unscrewing it Apple TV app comes to Nvidia Shield For Apple TV Plus to succeed, it has to be everywhere — even Android TV Microsoft looks ready to launch Windows 11 Microsoft to reveal its next generation of Windows on June 24th Huawei announces HarmonyOS update for its smartphones Huawei teases its upcoming P50 flagship phone Huawei’s HarmonyOS arrives on tablets with the new MatePad Pro Huawei’s Watch 3 is its first HarmonyOS smartwatch  Google’s new Fuchsia OS arrives first on old Nest Hub AMD announces the Radeon RX 6000M series with RDNA 2 architecture Nvidia announces new RTX 3080 Ti, priced at $1,199 and launching June 3rd Nvidia GeForce RTX 3080 Ti review: more 4K for more of your wallet Nvidia’s RTX 3080 Ti is available online right now Amazon buys MGM for $8.45 billion Why on Earth did Amazon spend $8 billion on a zombie studio?  Discovery announces new name of WarnerMedia merger: Warner Bros. Discovery The Great Wings Rush Why Spotify’s Horacio Gutierrez thinks Apple behaves like a monopolist Learn more about your ad choices. Visit podcastchoices.com/adchoices

  • Tim Cook’s bad day in Epic vs Apple
    by The Verge on May 22, 2021 at 12:06 am

    In part 2 of this week’s episode, Nilay talks with Adi Robertson about the judge’s harsh questioning of Tim Cook on the last day of testimony in Epic vs Apple. Further reading: Apple said Roblox developers don’t make games, and now Roblox agrees Apple’s Phil Schiller gives Epic iPhone testimony At the Epic trial, Phil Schiller got away clean The level of Mac malware is not acceptable, says Apple’s Craig Federighi at Epic trial Apple wants users to trust iOS, but it doesn’t trust iOS users Tim Cook faces harsh questions about the App Store from judge in Fortnite trial Learn more about your ad choices. Visit podcastchoices.com/adchoices

  • Google I/O announcements and iPad Pro M1 review
    by The Verge on May 21, 2021 at 8:00 am

    In part 1 of this week’s episode, Nilay and Dieter talk with deputy editor Dan Seifert about Google I/O and reviews for the M1 iMac and iPad Pro.  Further reading: Google I/O 2021: the 14 biggest announcements Android 12 preview: first look at Google’s radical new design Android 12 public beta is now available: here’s how to install it Google showed off its next-generation AI by talking to Pluto and a paper airplane Apple iMac M1 review: the all-in-one for almost everyone iPad Pro (2021) review: Mini LED, major improvement Apple’s redesigned MacBook Pros with next-gen in-house chips could arrive early this summer Apple’s $549 AirPods Max can’t play lossless Apple Music — even when plugged in Learn more about your ad choices. Visit podcastchoices.com/adchoices

  • Starlink, Epic v. Apple, and laptops laptops laptops
    by The Verge on May 14, 2021 at 8:00 am

    The Epic v. Apple trial continues with big drama about naked bananas and weird game definitions. Nilay tries to get Starlink space internet working, and there’s new Intel chips. Adi Robertson and Monica Chin join this week. Epic and Apple are now fighting over a naked banana Roku removes YouTube TV from channel store as dispute with Google escalates Apple employees circulate petition demanding investigation into ‘misogynistic’ new hire A Big Map of America’s Broadband problem Secretary Pete Butitgieg on the future of transportation Intel’s flagship Tiger Lake-H mobile chips are here to take on Ryzen 5000 Razer claims its new Blade 15 is the ‘thinnest’ 15-inch RTX gaming laptop Asus’ new Zephyrus M16 has a 16:10 screen and Intel Tiger Lake H processor How a university got itself banned from the Linux kernel University of Minnesota banned from contributing to Linux kernel Watch Elon Musk play Wario, parody SpaceX, and hype dogecoin on Saturday Night Live Tesla stops taking Bitcoin for vehicle purchases, citing environmental harm Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wired The latest from www.wired.com

BBC News – Technology BBC News – Technology