You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.
The EU Commission is preparing to issue a final ruling that Ireland’s tax deal with Apple represented illegal state aid.
However sources believe the amount of tax Ireland will be asked to collect from the US giant will be much less than the billions of euro which had been originally suggested by some analysts.
The Government and Apple will immediately signal that they will challenge the ruling in the European courts, a process that could take some years. Sources say that government and the US company remain in “lock step” on the issue…
…While the precise terms of the EU Commission decision – and whether it will mention an actual figure – remain unclear, sources believe that the sum involved is likely to be in the hundreds of millions rather than the billions. One suggestion is that Ireland could be pressed to recoup somewhere between €500m and €1bn from Apple. However the final terms of the commission decision are not yet fully clear.
By me and Samuel Gibbs in in September 2014: “Apple may have to repay millions from government tax deal“. The figure suggested then was between €100m and €850m.
link to this extract
Studying the map, Porritt plotted the various routes and developed a hunch that the man [the police wanted to question] lived in Camden. Porritt grew up there, and he decided to go and ask around. He invited Alison Young, an officer who had just joined the unit, to tag along. Young is twenty-nine, with long red hair and an ebullient sense of humor. She had worked as a community-support officer for several years, but one day she was summoned to an auditorium at Scotland Yard, where dozens of officers were instructed to take a facial-recognition exam. Using a laptop, Young found matches in a series of faces that were presented like masks—without hair or other context. When the test was done, she was startled to learn that she had received the second-highest score.
By some estimates, as many as a million CCTV cameras are installed in London, making it the most surveilled metropolis on the planet. Boris Johnson, who before becoming Britain’s Foreign Secretary served as the city’s mayor, once said, “When you walk down the streets of London, you are a movie star. You are being filmed by more cameras than you can possibly imagine.”
Porritt thought that the cameras outside the Camden Road railway station might have caught the groper walking by, so he and Young visited the CCTV office there. As Porritt examined the equipment, Young gazed out a window at scores of rush-hour commuters streaming in and out of the station. Then, suddenly, she shouted, “Oh, my God. That’s him!”
Young was staring at a man just inside the entrance: he had a mustache and wore glasses. She watched him pick up a Metro from a stack on the floor and walk out of the station.
“We ran like maniacs,” Young recalled. They caught him, and after he was in handcuffs he muttered to Porritt, “I’m sorry, I’m sorry.” A fifty-six-year-old clerical worker named Ilhan Karatepe, he subsequently pleaded guilty to three counts of sexual assault and received a suspended sentence. (He was also barred from riding public transportation by himself.)
To see how Xiaomi’s divergence from Chinese consumers played out, you only need to look at the average selling price of new smartphones in China.
As China hits peak smartphone, a significant number of people have been trading up, pushing up the average selling price of new mobiles in the country. It looks like this:
The average new smartphone in China in 2013 cost just US$207 as most people opted for cheap models. That suited Xiaomi with its best-selling Redmi phones ranging from US$105 to US$150. But then, by 2015, IDC figures show that shoppers typically splashed US$257 per new smartphone as more shifted to pricier devices, including some opting for the iPhone 6. At that price point, Xiaomi’s most important phones had been left behind by shoppers.
“While users are slowly moving upstream, there are still significant volumes seen in the low-end market,” observes [IDC senior analyst Tay] Xiaohan.
The new Huawei P9, which costs from US$640, is propelling the Chinese tech giant to the top of the country’s smartphone battle at a time when Chinese consumers are spending more than ever on their smartphones. Photo credit: Huawei.
Xiaomi does have pricier phones, such as the Mi5 from US$270, but there are fewer choices for consumers in its upper ranges. And at a time when Chinese phone owners are going upmarket, Xiaomi’s top-end model, the big-screened Mi Note, has had no refresh for 19 months, putting it at odds with the usual annual upgrade cycle that shoppers now expect of smartphones.
Many in the technology and medical communities say the risk of such hacks is remote at best. But Block, no stranger to drawn-out corporate feuds, says in a 33-page report that St. Jude’s deficiencies are so great – and stand in such sharp contrast to offerings from rivals including Medtronic Plc – that its [pacemaker and defibrillator] equipment should be recalled and sales of the devices that account for 45% of St. Jude’s revenue should be halted until the problem is fixed. That could take years.
“The nightmare scenario is somebody is able to launch a mass attack and cause these devices that are implanted to malfunction,” Block said in an interview with Bloomberg Television. St. Jude “should stop selling these devices until it has developed a new secure communication protocol.”
Muddy Waters became aware of the potential flaws after a startup cybersecurity company, Miami-based MedSec Holdings Inc., approached the short-selling firm three months ago. The hackers had been working for more than a year, ferreting out security flaws in medical devices made by four leading companies. One stood out from the rest: St. Jude’s products had an “astounding” level of problems, including lack of encryption and authentication between devices, which could allow hackers to tap into implanted devices, said MedSec Chief Executive Officer Justine Bone, herself an experienced hacker.
Interesting (novel?) monetisation method for zero-day hacks: approach short-sellers so you can make a killing as the stock falls.
link to this extract
Facebook fired its Trending editors, apparently trying to get rid of bias by getting rid of humans • Quartz
A new group of humans will still be involved with Trending, although they’ll be asked to focus on correcting the algorithm’s mistakes, like preventing mundane or repetitive stories from appearing as news, according to a Facebook blog post. The retooled Trending feature will now automatically pull excerpts from news articles, a feature that may force Facebook to compensate news publishers in the European Union in the future, under proposed new rules from the European commission.
According to sources, the Trending team’s editorial staff were alerted at 4pm that they were being fired—as the news of Facebook’s switch to algorithms first broke—and were asked to leave the building by 5pm. The contractors (all of whom were at the company less than 1.5 years) were given severance equal to pay through September 1, plus two weeks, sources say.
However, removing human writers from Trending doesn’t necessarily eliminate bias. Human bias can be embedded into algorithms, and extremely difficult to strip out.
Such delightful hiring practices! And now the engineers will have even more boring tasks than the writers did. I’d be prepping my CV if I were one of those assigned to that.
link to this extract
what I want to talk about is the data. The sophisticated cyberweapons in the data dump include vulnerabilities and “exploit code” that can be deployed against common Internet security systems. Products targeted include those made by Cisco, Fortinet, TOPSEC, Watchguard, and Juniper – systems that are used by both private and government organizations around the world. Some of these vulnerabilities have been independently discovered and fixed since 2013, and some had remained unknown until now.
All of them are examples of the NSA – despite what it and other representatives of the US government say – prioritizing its ability to conduct surveillance over our security. Here’s one example. Security researcher Mustafa al-Bassam found an attack tool codenamed BENIGHCERTAIN that tricks certain Cisco firewalls into exposing some of their memory, including their authentication passwords. Those passwords can then be used to decrypt virtual private network, or VPN, traffic, completely bypassing the firewalls’ security. Cisco hasn’t sold these firewalls since 2009, but they’re still in use today.
Vulnerabilities like that one could have, and should have, been fixed years ago. And they would have been, if the NSA had made good on its word to alert American companies and organizations when it had identified security holes.
Al-Bassam was formerly known as the hacker known as Tflow – a member, in turn, of the hacking group Lulzsec. Strange how things turn out.
link to this extract
In a research paper published in the American Journal of Political Science, Yphtach Lelkes, Gaurav Sood and Shanto Iyengar found depressing proof that the web is fuelling segregation. The rollout of broadband in the US allowed them to conduct a controlled experiment. Access to new broadband services varied wildly because each state had different “rights of way” laws governing the use of the conduits, trenches and towers broadband providers need. The researchers matched the attitudes of those who did and did not have broadband with data on partisan hostility from studies of voters beliefs in the 2004 and 2008 presidential elections.
Greater use of the web ensured that an admirer of Jon Stewart would think that conservatives were not just mistaken but stupid, or a viewer of Fox News would work on the assumption that liberals were wicked. Both sides could dismiss uncomfortable facts as lies. Both sides allowed their politics to become so bound up with their identity, opposing arguments felt almost as if they were physical assaults. As the authors put it in a separate paper: “Partisans discriminate against opposing partisans to a degree that exceeds discrimination based on race.”
This is an important topic – which may have growing importance pre- and post-election in the US. The paper is called “The Hostile Audience: the effect of access to broadband internet on partisan effect”.
link to this extract
On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone.
“New secrets about torture of Emiratis in state prisons,” read the tantalizing message, which came accompanied by a link.
Mansoor, who had already been the victim of government hackers using commercial spyware products from FinFisher and Hacking Team, was suspicious and didn’t click on the link. Instead, he sent the message to Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto’s Munk School of Global Affairs.
As it turned out, the message wasn’t what it purported to be. The link didn’t lead to any secrets, but to a sophisticated piece of malware that exploited three different unknown vulnerabilities in Apple’s iOS operating system that would have allowed the attackers to get full control of Mansoor’s iPhone, according to new joint reports released on Thursday by Citizen Lab and mobile security company Lookout.
How bad was it?
NSO’s malware, which the company codenamed Pegasus, is designed to quietly infect an iPhone and be able to steal and intercept all data inside of it, as well as any communication going through it.
“It basically steals all the information on your phone, it intercepts every call, it intercepts every text message, it steals all the emails, the contacts, the FaceTime calls. It also basically backdoors every communications mechanism you have on the phone,” [Lookout VP of research Mike] Murray explained. “It steals all the information in the Gmail app, all the Facebook messages, all the Facebook information, your Facebook contacts, everything from Skype, WhatsApp, Viber, WeChat, Telegram—you name it.”
A few thoughts on this.
• He received the message August 10; Apple’s update came out 15 days later – is this Apple’s fastest-ever security update?
• Mansoor has been repeatedly targeted, yet clearly he’s also able to shake off the UAE government repeatedly
• it’s a hell of a vindication for Apple’s stance on privacy. But the hackers have a huge monetary incentive to keep finding zero-day flaws.
link to this extract
Errata, corrigenda and ai no corrida: none notified