Tag Archives: SEC

Will the punishment fit the crime?

There are crimes out there, some are small, some are not called crimes, they are labelled as an ‘improper offense‘, these offenses are offenses, yet so small that the CPA might decide not to look into the matter.

The Guardian had an opinion piece on the Arms trade two days ago called ‘Is the government turning a deaf ear to arms deal bribes?‘ (at https://www.theguardian.com/commentisfree/2019/nov/18/attorney-general-geoffrey-cox-gpt-arms-deal-corruption), now this is an article on bribery, one would consider it to be an improper act, optionally a crme, yet the facts do not bear this out. The setting is not that someone enriched themselves, no, they stated that they spend less than an addition 1%, almost 30% less than one percent to secure a contract: “to win a £2bn contract to provide communications and electronic warfare equipment to the Saudi national guard“, the so called former employee of GPT “Ian Foxley. When he was about to blow the whistle, he fled Saudi Arabia overnight fearing that his life was in danger“, the fact that we overlook ‘the fact that he was merely allegedly fearing that his life was in danger‘ is the first part, the fact that the bribery was there would be an issue for the Saudi Government to pursue (one would imagine), we see in the cold light of day that someone spend 1% extra to make sure that the order was accepted, OK, by law it would be an offense, it would be an ‘Improper offense‘, it might be a crime in Saudi Arabia as well, but they are seemingly not pursuing the matter are they? When we look at the black letter law we see that there is optionally a case to go after GPT Special Project Management, a UK-based subsidiary of the European aerospace group Airbus, yet in light of the thousands of cases not touched, and the fact that there is no actual victim here, should we pursue? Don’t get me wrong, corruption is nothing less than the proverbial blight on life, yet the EU gravy train is not stopped is it? Corporations are not being pursued in light of their activities to self-enrich themselves, are they? Yet there are a lot of eyes on anything accomplished in the Middle East, in this case in Saudi Arabia, I wonder if Ian Foxley would have shown the same candour if the buyer was the US, and they have the Foreign Corrupt Practices Act. And there actually have been cases on that combination. Siemens (2008), Marubeni Corporation (2012), Biomet Inc. (2012), Goodyear (2015), and there have been plenty more, yet why is this one case important?

It is not seen immediate, or not until you take a longer look at the UK Bribery Act 2010, The BA 2010 received Royal Assent on 8 April 2010 and entered into force on 1 July 2011 in the UK, a guardian article spent a little time on it in 2013 (at https://www.theguardian.com/world/2013/jun/10/whistleblowers-snowden-truth-sets-free) there we see: In 2010, Ian Foxley was working as the programme director for a British subsidiary of defence giant EADS on a £1.96bn contract to modernise the communications systems for the Saudi Arabian National Guard. When he came across evidence of corruption and bribery he fled the country and reported it to British officials“. There is an overlap, the UK Bribery Act 2010 was not part of law at that point. The act was not entered into law until 1st July 2011 in the UK, this does not make the act of Bribery all right, it merely states that an act that is privy to the Prevention of Corruption Act 1906, and there we will learn that he agent might optionally be held to the dock, but it will not apply as the one bribed was allegedly part of Saudi Arabia, hence not part of England and Wales, Scotland, Northern Ireland, Republic of Ireland. It is the little things that make life satisfying, and the Guardian hiding behind “The delay in making a decision speaks to a deep malaise: suggesting that Britain is simply unwilling to prosecute major companies that are accused of paying bribes to foreign politicians and officials” is both unfair and incorrect, an alleged event took place in the time when the law was being adjusted, is it not interesting on how this one case, a case that should be in the hands of Saudi Arabia to consider prosecution (for the most) seems to get such attention, it seems that Anti-Muslim issues are rearing its ugly head, you see that statement is also alleged, yet I see no such news prosecution regarding Smith & Nephew paid US$22.2 million to the DOJ and SEC in 2012 regarding a deferred prosecution agreement. The idea of “possible improper payments to government-employed doctors” seems to hit people in general, but there is no real overwhelming amount of news there, is it? It seems to me that we are in a larger caser of ignorance when it comes to non-Muslim considerations, oh and that was in the US, how many prosecutions and investigations did Stephen and Nephew face in the UK? I am not telling, I am asking, the news does not seem to make mention of that.

There is also the case CAS-Global Ltd. and the Private Nigerian Coast Guard Fleet (at https://sites.tufts.edu/corruptarmsdeals/cas-global-ltd-and-the-private-nigerian-coast-guard-fleet/), the Independent was seemingly the only paper taking a look at that (at https://www.independent.co.uk/news/uk/crime/two-british-businessmen-arrested-on-suspicion-of-involvement-in-sale-of-naval-vessels-to-nigerian-9991217.html), as I see it, the Guardian might not be guilty, it does have a few explanations to hand out, it will seemingly lash out at Saudi Arabia, but not much beyond that, Nigeria is loving it, I wonder how Saudi Arabia feels about being singled out and let’s face it, I personally perceive the GPT issue what could be set as an ‘Improper Offense‘, so I leave it up to the powers that be to decide, that was Jeremy Wright, trying it again and having Geoffrey Cox decide on it is a little childish, but OK, such are the rules, yet no one is asking questions too loudly on the Nigerian private security company setting up some similar form of payment for services whilst this involved selling 6 Norwegian former naval vessels to a privately owned security firm? And why does it matter, because like me two British business subjects thought it would be lucrative to enter the arms dealer world. It is a whole different level is it not? Robe Evans and David Pegg did write a good piece, and it is an opinion piece and we are and should be asking questions, yet I wonder if the writer intended the questions that are on the mind are the ones he wanted us to have on the mind.

The fact that in this day and age, whilst the UK STILL has not figured out its tax laws on properly taxing corporations filling its pockets in the UK whilst paying so little tax, it should be regard as an insult, are given all the space they need and the laws we see enable them and seemingly set the stage where other cases are not ignored for a decade, all whilst that one case had no real UK victims. OK, I admit that this is the wrong direction to go, but there are cases with an abundance of UK victims that seemingly do not get the attention or the jurisprudence it deserves, should that not be a first for the UK?

It is just one part in all this that we should consider before we consider anything else. And when we compare the Norwegian Navel issue towards private companies and one deal going towards the Saudi Government, where was our focus? That is before we see the elements in the Smith & Nephew deal, so they paid for it in the US, yet how much investigations was done regarding their actions in the UK?

 

Leave a comment

Filed under Finance, Law, Media, Politics

Iterative diversity never goes anywhere

Facebook has been on the minds of many people, so merely on how to procrastinate (a student thing), some on the value of the company and some are investigating on how data issues were reported. CNet reported merely a few hours ago ‘SEC asking if Facebook properly warned investors of data issue‘ (at https://www.cnet.com/news/sec-investigating-if-facebook-gave-investors-enough-warning-about-data-issue-wsj-says/), the origin is the Wall Street Journal. My issue is at the top when we consider the quote “The agency is looking into how much Facebook knew about Cambridge Analytica’s misuse of data, says a report in The Wall Street Journal“, do you think that any evidence is still there to be found? Even if the brightest minds unite to finding anything, by the time all the proper access is granted, the decisionmakers will be facing a new government resetting priorities.

Now, I get it. That is the job of the SEC. With “The SEC has requested information from Facebook to learn how much the social-networking company knew about Cambridge Analytica’s data use, according to the Journal. In addition, the SEC reportedly wants to learn how Facebook analyzed its risk as developers shared data with others against Facebook’s policies“, we see that the SEC is merely doing its job and even if we believe the meida and some of the revelations that passed our screens, the SEC has a clear directive, merely set in factual evidence. Yet the can of goods is seen with “The SEC is also looking into whether the company should’ve told shareholders about Cambridge Analytica’s policy violation when Facebook found out about it, in 2015“, it is not the game, but it is a setting of the stage. In my view there is doubt that this was properly done. The issue is not whether it happened, it is the setting that we must speculate on what would have happened next, and that whilst there is no evidence that something was done. Not the acts of Cambridge Analytica their part is a foregone conclusion. The issue is as long as there is no evidence showing that the data was sold on to other parties. The value of the company would not have been impacted, which would have negatively impacted shareholders. That is the game the SEC is set with that is their duty and they are doing that just fine.

The question becomes on what stage is speculation of something that might have happened set in actionable consideration two years after the fact, that is the setting and that will be a dry bone as far as I can tell. Still the SEC has a duty to perform and they are doing that. Even as Endgadget goes with “the agency might disagree with Facebook’s perspective and find the company at fault for not properly informing shareholders“, the setting is not a given. You see, the impact of value was after the revelation and after the shareholders were spooked by the fear mongering media. As long as there is no evidence that a third party has all the raw data, the value impact is close to nil. The only impact that the SEC should be allowed to consider is the negative impact of value, if proven that data left control of Facebook and only when that evidence is proven to have impacted Facebook before Jan 2018, only at that point is there an optional issue and there is a second tier in all this. If any shareholder is in both companies, it becomes a little murky, because at that point the shareholders themselves will be up for investigation. Whether this is true cannot be said because the first part for the SEC is proving that the second player actually has the raw Facebook data, in all this aggregated data lacks value and interactions on aggregates data is just too shallow for consideration.

And this is just one of the settings. The second and main setting is the Diversity report that Facebook has presented. The Verge is all about the focus on ‘Change is coming slowly, if it comes at all‘, which is a given in most companies (Apple and Google are optionally the exception). The setting is however no longer just about optional diversity, it is about bankable value and the national patent value that these places have in that setting diversity be damned and Endgadget knows this the fact that they took a page to focus on ‘diversity’ whilst there are much larger fish swimming in the Facebook pond is to some a total mystery. The IP Watchdog gives us another side and a side that in this day and age are actually really important. There we see (as a small grasp):

  • U.S. Patent No. 8732802, titled: ‘Receiving Information About a User From a Third Party Application Based on Action Types’. Issued to Facebook in May 2014.
  • U.S. Patent No. 8938411, titled: ‘Inferring User Family Connections From Social Interactions’. Issued to Facebook in January 2015.
  • U.S. Patent No. 9740752, titled: ‘Determining User Personality Characteristics From Social Networking System Communications and Characteristics’. Issued to Facebook August 2017.
  • U.S. Patent No. 9798382, titled: ‘Systems and Methods of Eye Tracking Data Analysis’. Issued to Facebook October 2017.
  • U.S. Patent No. 9923981, titled: ‘Capturing Structured Data About Previous Events From Users of a Social Networking System’. Issued to Facebook March 2018.

These are only 5 out of a large basket of patents and the issue is not about diversity of staff, it is about the diversity of the population. The setting does not change that much, because changes might be small, but consider that in this case we have an additional 1 TB a day that can now be used very effectively. So even as the Verge reminds us with “Rep. G.K. Butterfield (D-NC) took some time out of a congressional hearing in the wake of the Cambridge Analytica scandal to grill CEO Mark Zuckerberg about increasing diversity at the company, something that Zuckerberg said that Facebook was “focused on.”“, we can take diversity as stated with ‘increasing diversity at the company‘ as either staff diversity or data diversity, I guess that I am going with number two on that one. You see, even as I tipped on ‘diversity’ we all recollect places like Forbes and the Financial Times on how it leads to better profits. It is the reason it reflects on the shareholders on how that notion gives them an on the spot hard on, male and female shareholders alike. Yet, the much larger revenue boost is seen when we combine the setting of the patents, the data that Facebook has and now we get to yesterday’s story, In yesterday’s article (at https://lawlordtobe.com/2018/07/12/seeking-security-whilst-growing-anarchy/), I left a few screws fall all over the place. With ‘Seeking security whilst growing anarchy‘, I gave a title that could be read in more than one way. The part I just skipped yesterday (as the story would have been too large) was seen with “So now we get the setting of ‘who is exactly waging war on who’, or is that whom?“, as well as “the defense ‘laws governing wars were devised with conflicts between states in mind‘ can no longer be upheld“. These were true settings, yet the setting of the data was partially set in “how many flags were raised by that one person, yet now not on 5 tests, but on dozens of tests, against people, places, actions and locations at specific times“, there we see the issue, but there is a complication, the bulk of the people actively sought all use burner phones, they tend to be nervous and do not call, yet they are closely grouped together and that is a first setting. Now consider that for the most burner phones are useless, now consider these people taking hours to keep busy and some will go for the silliest diversion. A diversion like a simple Candy Crush, now take another look at the 5 patents, consider that the burner phone is useless for intelligence, but now reconsider that value when these patents are used, not merely for tracking needs, but reconsider the ‘Eye Tracking Data Analysis‘ add the camera to take a silent image of the iris, it is almost as good as a fingerprint. Now add ‘Structured Data About Previous Events From Users‘. Two of the five added to the billions of users on Facebook and now we have a system that does a lot more, it is the 32% that Palantir inc. does not have, the patents that Facebook has allows not merely for a diversity growth factor, it will be one of the few times that any company had two massive niches in data, when Combined it allows the US to have a grasp of a system that allows near real time tracking of anyone they seek, this system can void well over 80% of the false flags making the data system well over 10 times as efficient than ever before. So yes, we can argue the truth of “Not to worry, says Facebook VP Allen Lo, head of intellectual property. “Most of the technology outlined in these patents has not been included in any of our products, and never will be,” he told the Times in an email” as a master of IP I do know the length that Facebook has been through with patents and he is telling the truth, the product of Facebook is Facebook, that system will not go there, but will be in all kinds of different technical solutions that allows for new methods of data gathering. Even as it is a burner phone, when they take it for a mere leap into betting solutions and gaming procrastination, they will hit some top 10 app of the month and that is when one element of data is connected to the ones that matter for those seeking these really welcome people for personal one on one interviews. And there we see the link between places like Palantir and Zuckerberg (not Facebook). Sen. Maria Cantwell was asking around the edges for a reason, the April interview had another reason, one that I was never aware off (or considered). It seems that she heard water cooler chats on settings of Palantir, this was about a larger issue and the Patents had clearly indicated options for Facebook, it was not about the setting (as she put it) ‘the talent and the will to solve this problem‘ it is given that Palantir knows that Facebook Inc. can become a contender and with the data that could be available, we see a setting where Palantir would be going up against a new player having 500% of the data that the Palantir customer has and more important, Facebook has the patents to partially solve the burner phone issues much better then Palantir ever had the option for and that is a real new path in this field. So as I personally read it, Sen. Maria Cantwell was asking whether Mark Zuckerberg was ready to become a player in this field.

So yes, even as we see that some steps are small (like diversity and torts law), Facebook has an optional setting to take a leap forward, not by a mere length, but by an entire class of data options, which is new and that is where those investigating Cambridge Analytica never looked at, or so we were meant to believe, Sen. Maria Cantwell might be the first through orders or insight to do just that.

That setting is now still under debate, not because of the tech, but because of a case of OIL STATES ENERGY SERVICES, LLC v. GREENE’S ENERGY GROUP, LLC, ET AL. No. 16–712 (decided April 24th, 2018), this case changes the game all over, because until overruled by the US Congress, we now have a setting where we see that the possibility that patents are no longer property rights is close to an absolute. Patents are not property rights and will not be property rights until Congress overrules the case, so in this the entire patents side is now a new setting that it is set as a government franchise, so in all this Facebook has the one play to set themselves apart from the rest of the data players, and some might state that the setting of the decision of the Supreme Court was a forgone conclusion close to two weeks earlier, so Sen. Maria Cantwell was either on the ball or asked the perfect questions two weeks in advance, I wonder who ended up with a boatload of speculated wealth, because someone definitely got rich in that process (happy speculation with a smile from the writer).

In all this it was not merely the setting of diversity and how to see it, but the fact that a place like Facebook might think iterative within its Facebook app, it has options and therefor opportunities in a much larger field than merely the Facebook app. So if Palantir is not worried on what comes next, they are more asleep at the wheel than you imagine; a small spoiler alert here: the people at Palantir are a lot of things, they have never ever been asleep so they know what is coming and as the path of Facebook is allegedly on now is regarded as government Franchise terrain, we need to wonder where this goes next as they are still all about finding those illusive extremists, all depending on burner smart phones.

I wonder when the rest realises what the patent holders have been able to achieve in mobile communications, now consider 350% of speed increase and 700% of data markers with the release of 5G, now revaluate the Patents that the Facebook corporation has and consider how much larger they could optionally become by 2021. Now reconsider the Forbes list of ‘The World’s Most Valuable Brands‘ and consider its position in 2021. I doubt that it will be #1 at that time, but it will be equal if not bigger then Google by then taking its #2 position away from them, and leaving Microsoft a distant #4. Although Microsoft is doing plenty to diminish its value all by themselves, they do not need to rely on Google and Facebook to reduce their position for them.

Iterative act never go anywhere, it is the setting of new stages where true fortunes are gathered.

Happy Friday 13th everyone! (Please don’t meet a guy named Jason today)

 

Leave a comment

Filed under Finance, IT, Law, Military, Politics, Science

The Face of a book

So when we thought that the entire Cambridge Analytica was the tip of the iceberg, we were not kidding. The Washington Post (at https://www.washingtonpost.com/technology/2018/07/02/federal-investigators-broaden-focus-facebooks-role-sharing-data-with-cambridge-analytica-examining-statements-tech-giant) is giving us right now: “Representatives for the FBI, the SEC and the Federal Trade Commission have joined the Department of Justice in its inquiries about the two companies and the sharing of personal information of 71 million Americans“, that writing was always on the wall and it seems that it is pushing forward now, so even as Mark Zuckerberg thought that his day in court was done with a mere senate hearing, it seems that there is a much larger issue under the waterline and it is not merely data of a personal nature. The next parts that matters were: “Facebook discovered in 2015 that Cambridge Analytica, which later worked for the Trump campaign and other Republican candidates, had obtained Facebook data to create voter profiles. Yet Facebook didn’t disclose that information to the public until March, on the eve of the publication of news reports about the matter“, now this is nothing new but for some it is only now sinking in that the issue was known for two years. So when exactly did Facebook give us those goods? Two years of inaction, there are plenty of political players in the Democratic party who gotten results faster than that (which is saying a lot). So now we get to the first part, which is the SEC. The Securities and Exchange Commission will focus on “The questioning from federal investigators centres on what Facebook knew three years ago and why the company didn’t reveal it at the time to its users or investors”. You see, when a companies is valued on data, the setting that 20% of the details of the American people makes it into the public domain, that will impact a multi-billion value and that is now part of what could become a criminal investigation.

It is very likely that the SEC will focus primarily on TOPIC 8 – Non-GAAP Measures of Financial Performance, Liquidity, and Net Worth. Here we see:

8120.3 Measures of operating performance or statistical measures that fall outside the scope of the definition set forth above are not “non-GAAP financial measures”. Additionally, “non-GAAP financial measure” excludes financial information that does not have the effect of providing numerical measures that are different from the comparable GAAP measure.  Examples of measures that are not non-GAAP financial measures include:

  1. Operating and statistical measures (such as unit sales, number of employees, number of subscribers)
  2. Measures of profit or loss and total assets for each segment that are consistent with disclosures made in accordance with ASC Topic 280. (Non-GAAP C&DI Questions 104.01 through 104.06)

So, whilst we think it is merely data, the multi-billion dollar value of Facebook is data and they lost 20% of the Americans (and a chunk of Brits and Australians), so that reporting was not there for 3 years, and the SEC is slightly miffed on the subject.

And even as we see: “The Department of Justice and the other federal agencies declined to comment. The FTC in March disclosed that it was investigating Facebook over possible privacy violations” the setting that Justice is mulling over the impact and how to act (which is perfectly understandable), every person with their share of issues that can hide outstanding debts through ‘identity theft’ has optional paths to consider and the Justice department is not ready for the worst case scenario where 20% of all Americans filling for economic loss through identity theft, and the part where the financial systems on a flawed usage (authentication versus non-repudiation) now opens the optional flood gates, so the Justice department is taking everything very cautiously (whilst pussyfooting on a (path of commitment).

The next comment we see is: ““The fact that the Justice Department, the FBI, the SEC and the FTC are sitting down together does raise serious concerns,” said David Vladeck, former director of the FTC’s Bureau of Consumer Protection and now a Georgetown Law professor. He said he had no direct knowledge of the investigation but said the combination of agencies involved “does raise all sorts of red flags.”“. It goes a little further than the settings we considered. Vox gives part of that setting (at https://www.vox.com/policy-and-politics/2017/10/16/15657512/cambridge-analytica-facebook-alexander-nix-christopher-wylie) last year, yet the one part I missed here is that such systems require profiles to be made so that there is interaction. It can be done without is, but having the profiles makes it easier and better. The second source is Wired (at https://www.wired.com/story/cambridge-analytica-execs-caught-discussing-extortion-and-fake-news/) gives us “Britain’s Channel 4 News caught executives at Cambridge Analytica appear to say they could extort politicians, send women to entrap them, and help proliferate propaganda to help their clients“, as well as “They probed them on all manner of underhanded tactics, from deliberately spreading fake news to making up false identities. According to the video, the Cambridge executives took the bait” and there we have the reason why Justice is playing it slow. It is not merely about what was done, planned or enacted. Such profiles are complete enough to give rise or other uses as well, and if they have been used to acquire goods or services, we have ongoing settings towards corporate fraud. It will not matter whether they did, if anyone previously had access to those profiles, it could still fall on the lap of Cambridge Analytica. So, apart from finding those profiles (and there will be more likely than not way beyond a dozen), which profiles are they and how much interaction was used or given? With the honey trap we have an optional case of solicitation; we get identity fraud, optional Synthetic Identity Theft, all requiring investigation. The Justice Department will require time for that, not merely on whether things were done, but the likelihood of a conviction.

The final setting I gave is given weight with the quote: “Facebook also made Cambridge sign a legally binding agreement that it had deleted the data that year, but over the weekend, sources close to the company told WIRED that data was still visible to employees within Cambridge in early 2017“, which gives us that people had access and there is absolutely no evidence that no criminal acts were committed.

So we have two additional considerations. The first is can we work on the premise of guilty until proven innocent? In these cases of identity theft that is often the only path to take to shown innocence. The second is that there have been clear indications that the data was available to Russians, which now opens a path to organised crime as well. One source gives “A 2013 survey from Javelin Strategy and Research estimates that the annual total loss to Americans due to identity theft was roughly $20 billion“, now this is not merely criminal gains, also the cost that the crimes brought onto others is part of this, yet in that if there is even one link that gives us that Cambridge Analytica data was used, the bucket of consideration will become a lot messier for the Justice department and even more intense on scrutiny; that is one step as organised crime and compromised national security seem to be two sides of the same coin, there is a decade of evidence on that, so yes, this mess will become a whole lot less nice soon enough.

From the mere setting of organised crime as well as national security settings where people from all walks of life use Facebook and the setting that even those in denial had ‘blackmail’ in their operational minds, the cards that gone wide and available to a whole range of non-intentional people will be a growing farm of identities and connections.
This now gets us to last week’s issue of the Washington Examiner. The issue shown (at https://www.washingtonexaminer.com/news/facebook-dhs-fbi-help-russian-interference-future-elections-report) is not the one we need to focus on. You see with “Though Facebook has yet to find any serious interference in the current election cycle from the agencies guilty of social media meddling in 2016, the giant company was burnt just enough that year to warrant what amounted to a cry for help from the private tech sector to the government“, we aren’t actually supposed to look, the setting of ‘Facebook has yet to find any serious interference in the current election cycle‘ is the wrong one. The evidence that other sources had shown is that Facebook had not acted for well over two years on the Cambridge Analytica setting, in addition, the fact that more sources confirmed that staff members had access to the data to well into 2017 and most of that was kept quiet to all parties and shareholders, is a larger issue for the simple reason that there is optional evidence that Facebook wiped whatever data was against them from the data carriers. When Facebook was willing to keep people in the dark for three years and the setting that we get in addition to the Senate hearings implies that it is in the best interest of Facebook to get rid of bulk data settings on any election tampering. The mention of ‘bulk’ is actually intentional. You see, editing evidence is hard and in the end in a system as complex as the one Facebook has, people get found out. Wiping entire index settings and wiping complete profiles with all the connected usage is more efficient. A data dump that is lost can be regained with old backups (like a 2015 backup), editing the evidence will never ever work, not on a system as wide as the one Facebook has. So there is clearly the consideration that this has been happening, the two year silence, as well as the Bloomberg quote we can use in this content. With: “Christopher Ailman, chief investment officer of the California State Teachers’ Retirement System, said Wednesday that he deactivated his personal account due to the “offensive” lack of oversight and poor management at Facebook. CalSTRS has owned shares of the company since its initial public offering in 2012.” Now consider that all reference to ‘Christopher Ailman‘ seems to be gone, now consider the 100 profiles (speculated number) that was used to spike the Russian way of life to Americans. The moments that these profiles are gone, so is the rest, so as it is all wiped, the images the meme’s all go the way of the Dodo. Consider that some sources give 9% of profiles deleted in America (another source gave us 14% as a number), when it includes the fake ones, what are the chances that anything will be found? I am adding the dangers of intent here, because when a company like Facebook keeps quiet for well over 2 years that setting becomes very realistic.

So what other evidence has now been wiped? If the justice department wants a full log of all deletions together with interaction, engagement and images, how much could be retrieved? That becomes the question and even as we all signed up for it, we definitely did not agree to the slightest that it was to be used to turn us into tools.

so when we see ‘Facebook turns to Homeland Security, FBI for help‘ in the Washington Examiner, was that to actually seek help, or merely to see if the data was cleaned out (accidentally overwritten) as complete as possible?

Is it a given? No, it is not, yet the different sources from the US and UK newspapers should leave you with this thought, if not for the CNBC quote ‘Executives at Cambridge Analytica were caught on camera suggesting that the firm could use sex workers, bribes, ex-spies and fake news to help candidates win votes around the world‘, than for the mere realisation that Facebook cannot afford getting included in the setting that they were the tools for blackmail, fake mail and solicitation as empowering sides to any election, so the given side of ‘if it moves shoot it, if it doesn’t move shoot it to be certain‘ is a setting that also applies to data centres, although there we use the term ‘overwriting‘ which is a lot more efficient than merely deleting stuff.

I reckon that by the end of this year there will be a lot of limelight that includes executives of Facebook and a court of law, I have no idea if they can avoid it, but there you merely need to wonder if they should be allowed to avoid it, two years of silence nullifies and voids most of the goodwill they thought they created in the Senate hearing.

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics, Science

CISA and Privacy are not opposites

There is a view that many hold, this view is not educated. A view which was given to us from the moment we spawned as a living person. Some got this knowledge as they went to their church or temple. They were told about good and evil. When we started to go to school we got to learn about order and chaos. This last one matters, you see, the opposite that order and chaos represent has been used in books, in videogames, in TV shows and in movies. In the Avengers movie ‘Age of Ultron’, near the end of the film we hear a quote from Vision, played by Paul Bettany that matters: “Humans are odd. They think order and chaos are somehow opposites“.

You might not realise it but the gem that we have here is in the foundations of many issues that have been plaguing us in several ways. Let’s take a look at this in two parts. The first is a Guardian article (at http://www.theguardian.com/world/2015/oct/01/blackphone-release-data-protection-privacy-surveillance) called ‘Blackphone: privacy-obsessed smartphone aims to broaden its appeal‘. The very first paragraph is a quote that shows issues on more than one side “Privacy company Silent Circle has released a second version of its signature handheld, a smartphone designed to quell the data scraping and web tracking that’s become such an integral part of the digital economy in the last few years (and whose results might well end up with the NSA, if the Cybersecurity Information Sharing Act passes)“, now I have no issue with the data scraping part and for the most the term ‘whose results might well end up with the NSA’ is less of an issue, but the overall taste is about privacy, I have no issue with this. The next quote is an interesting one, which will matter soon enough “In the beginning, Janke said, the Blackphone project was just a way for people working for his security firm SOC, since sold, to call home without having their communications intercepted“.

You see, there is no issue with the message shown here, but what is linked to all this is the message that is not shown here. You see, this device should now be regarded as the most excellent tool for hedge funds managers, organised crimes and all other kinds of non-mentioned criminals, who will now get to do with ease and freedom the things they had to steeplechase around the block for. This device will allow financial advisors to take certain steps that they were too scared to do, all out of fear of getting caught. This device will be opening doors.

There is no issue with the approach Janke had, he was submerged (read: drowning) in a world where any slip up could mean the death of him, his comrades and perhaps even his family. So his need for security was a given. There is a need for such a device. I have written about the need for this device as early as 2009, so the fact that someone picks this up is not a surprise, so why are we looking at this?

You see, it is the mention of CISA that is part of all this. CISA or better stated the Cybersecurity Information Sharing Act is sponsored by Republican Senator Richard Burr (North-Carolina). Why would anyone oppose ‘the bill makes it easier for companies to share cyber threat information with the government‘? Let’s be clear this is about dealing with Cyber Threats!

So what is a Cyber Threat? A Cyber threat is defined as ‘a malicious attempt to damage or disrupt a computer network or system‘, so we have the fact that this is about malicious attempts! So why would there be an issue? Well, there is because people and as it seems to be especially criminals, terrorists and Organised Crime seem to be allowed a lot more privacy than their victims, so in all this I see little issues pop up all over the place. This sounds all emotional, but what does the official text state? Well, the complete text is at https://www.congress.gov/bill/114th-congress/senate-bill/754, so let’s take a look at some parts.

Permits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to: (1) an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction; or (2) crimes involving serious violent felonies, fraud and identity theft, espionage and censorship, or trade secrets“, How can we be opposed to this? Is this not the foundation of growing fair play?

Well, that is partially the question. You see, the issue is in part the language. Consider this paraphrase which remains correct in light of the previous statement: “Permits local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prosecute offenses relating to serious economic harm“. Which is now the floodlight of all this.

Now we get to the second part in all this, which is offenses relating to serious economic harm. Serious economic harm tends to be seen as pure economic loss, but it is not limited to that. For this we can look at the element ‘Loss of production suffered by an enterprise whose electricity supply is interrupted by a contractor excavating a public utility‘, which we see in Spartan Steel & Alloys Ltd v Martin & Co (Contractors) Ltd. In here the legislatively famous Lord Denning raised the issue of ‘Duty to mitigate loss’. Yet today, in the world of data and digital media, how can we measure that element? Let me show this through an exaggerated fictive example.

Microsoft raises the issue that as they required an investigation into acts that are causing serious economic harm to Microsoft. Unique software has been released that directly negatively impacts they trademarked business. The CISA could now be in effect to investigate data and data sources, but who minds that store? Who has that knowledge? Now consider that the person investigated would be Markus Persson, because his program ‘Minecraft’ is now stopping all people who are part of the Microsoft Gaming brand to continue.

So who will make that call? You might think that this is a ludicrous example, but is that so? Microsoft ended up paying more than 2 billion for it, so someone implying ‘Serious Economic Harm’ is not that far-fetched. This now becomes an issue for a timeline. What timeline is in effect here? With an imminent threat of death this is a simple matter, with serious economic harm that matter is far from simple, moreover will the claim be valid? I used the ludicrous Minecraft and Microsoft Games brand. Yet what happens when this is a lot more ‘grey’, what happens when this is Raytheon versus the Belgium based TTN Verhaert? A Technology Transfer Network (TTN) that has innovated the latest classified satellite navigation systems. Is it still a clear call as to what constitutes serious economic harm?

This act opens up a can of intellectual property, the one can everyone wants to swim in and the elected official channels do not even have a fraction of the minimum required insight to make such a call.

Section 9 gives us “Directs the DNI to report to Congress regarding cybersecurity threats, including cyber-attacks, theft, and data breaches. Requires such report to include: (1) an assessment of current U.S. intelligence sharing and cooperation relationships with other countries regarding cybersecurity threats to the U.S. national security interests, economy, and intellectual property; (2) a list of countries and non-state actors that are primary threats; (3) a description of the U.S. government’s response and prevention capabilities; and (4) an assessment of additional technologies that would enhance U.S. capabilities, including private sector technologies that could be rapidly fielded to assist the intelligence community

When we consider both A and B, we should look at ‘U.S. SEC drops Onyx insider trading lawsuit against Dubai men’ (at http://finance.yahoo.com/news/u-sec-drops-onyx-insider-230111643.html) from September 15th. The quote here is “Smith said the Newman decision was ‘helpful,’ but that the SEC ‘never had a tipper’ or evidence that his clients received inside information”, one would think that this is where CISA could now step in. Alas, apart from the side that is implied by the CISA text: ‘assessment of additional technologies that would enhance U.S. capabilities, including private sector technologies that could be rapidly fielded to assist the intelligence community’, which according to Blackphone is not an option, we now see that this opens a door to ‘patsy management’ on how two unsecured parties, could be set-up through the use of Blackphone through encrypted conversations and when the two unsecured parties talk, they could be setting each other up thanks to the other two parties that were using a Blackphone. Blackphone here has no blame whatsoever, they would be offering the one part criminals desperately want, a secured phone. This now sets a dangerous precedence, not a legal one, because Blackphone is behaving itself as it should, the provider of secure communications, it is what people do with it that matters that part cannot be guaranteed by the Cybersecurity Information Sharing Act. In addition, S. 754 has one additional flaw. That flaw is seen in the definitions, where we see that the earlier mentioned definition ‘serious economic harm’ is not specified in the definitions at all, so what definition applies?

Beyond that, we see the definition of a cybersecurity threat. In here it is important to take a look at part A and part B.

part a gives us: “IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system” and part B gives us “EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement“, which sounds nice, yet how does it help stem cybersecurity threats?

You see, when you consider the letter send by UCLA to Chairman Dianne Feinstein in June last year, we see: “CISA’s inadequate use limitations risk turning the bill into a backdoor for warrantless use of information the government receives for investigations and prosecutions of crimes unrelated to cybersecurity“, which could be regarded as the biggest failure, but it is not, it is the part we see in “CISA requires that cyber threat indicators shared from the private sector with the Department of Homeland Security (DHS) be immediately disseminated to the Department of Defense, which includes the NSA and U.S. Cyber Command. This new flow of private communications information to NSA is deeply troubling given the past year’s revelations of overbroad NSA surveillance“. It is the ‘be immediately disseminated to the Department of Defense’ that comes into play now. When we consider ‘Overbroad Liability Protection‘, which can now hide by giving that function to an intern so that “good faith” reliance remains is a potential risk that could be pushed by big business to hide behind the ‘dope’ who acts in ‘good faith’.

Is that truly the blackness we face? Well, that is hard to say, the fact that this act relies on ambiguity and is lacking certain rules of restraint, or at least certain safeguards so that data cannot leave the intelligence office is reasons enough to have a few more discussions on this topic. What is interesting is that CISA would create a fear, which Black phone addresses, yet in similar method other players will now receive an option allowing them to play large dangerous games whilst not becoming accountable, that new Blackphone could address several issues the shady commercial interest guy is very happy to exploit.

The question becomes, how does any of this make us any safer?

So now we get back to the Age of Ultron line. As we see that crime is becoming an orderly event, the fact that we tend to hide in chaos the issues that should be open for all is part of the dilemma we now face. Again we are confronted with laws that remain inadequate to deal with the issues that needed to be dealt with. CISA takes in my view a chaotic approach to keep a level of order that was delusional from the very start, from missing definitions to application of methodology. It is a cog not linked to any machine, proclaiming soon to be of use to all machines and in the end, as I see it will only hinder progress on many levels, mainly because it tries to circumvent the accountability of some. And this is not just an American issue. In that regard laws and the protection of the victims have been an issue for a longer time. We only need to look to the Tesco grocery store on the corner to comprehend that part of the equation.

 

 

1 Comment

Filed under IT, Law, Military, Politics, Science