Many more people in cities lack broadband access than in rural areas, but lawmakers are primarily focused on extending high-speed access to remote areas.
Changes to the atmosphere caused by carbon dioxide emissions could increase the amount of debris that stays in orbit.
Amazon’s Project Kuiper satellite constellation is one step closer to actually making it to space: The company announced it has secured an agreement with the United Launch Alliance (ULA) to fly its satellites on nine Atlas V rocket launches. Amazon intends to use multiple launch providers and spacecraft to ultimately get the full complement of 3,236 Kuiper satellites into low Earth orbit (LEO), but ULA is the first launch provider that Amazon has signed or announced.
ULA’s Atlas V is a proven workhorse in the space launch industry, having flown 85 prior missions with a perfect track record. The spacecraft was used to launch NASA’s Perseverance rover, for example, as well as Lockheed Martin’s OSIRIS-REx robotic asteroid exploration craft. While Amazon and ULA detailed to total number of launch vehicles that the contract covers, they didn’t share a timeline about when we can expect the launches to take place.
Late last year, I spoke to Amazon SVP of Devices & Services Dave Limp at our TC Sessions: Space events, and I asked him about timelines for launches. Limp said at the time that Amazon was about at the “middle of [its] design phase” for the Project Kuiper satellites, which indicates there’s still work to be done before they enter mass production, which would obviously precede launch.
Limp also pointed out that the clock is ticking for Amazon in terms of its FCC license to operate the constellation, so it essentially has to “have half [its] constellation up in about six years.” That will mean an aggressive launch schedule once the design phase is complete and its actually in the process of building its satellites.
Amazon has invested a lot of capital and time into Project Kuiper, with a commitment to back it with an initial $10 billion investment, and a dedicated staff on the project that now includes 500 people, as well as a dedicated office and research & development facility in Redmond near its global HQ.
“If you build it, they will come” is a mantra that’s been repeated for more than three decades to embolden action. The line from “Field of Dreams” is a powerful saying, but I might add one word: “If you build it well, they will come.”
America’s Lifeline program, a monthly subsidy designed to help low-income families afford critical communications services, was created with the best intentions. The original goal was to achieve universal telephone service, but it has fallen far short of achieving its potential as the Federal Communications Commission has attempted to convert it to a broadband-centric program.
The FCC’s Universal Service Administrative Company estimates that only 26% of the families that are eligible for Lifeline currently participate in the program. That means that nearly three out of four low-income consumers are missing out on a benefit for which they qualify. But that doesn’t mean the program should be abandoned, as the Biden administration’s newly released infrastructure plan suggests.
Now is the right opportunity to complete the transformation of Lifeline to broadband and expand its utilization by increasing the benefit to a level commensurate with the broadband marketplace and making the benefit directly available to end users.
Rather, now is the right opportunity to complete the transformation of Lifeline to broadband and expand its utilization by increasing the benefit to a level commensurate with the broadband marketplace and making the benefit directly available to end users. Instead, the White House fact sheet on the plan recommends price controls for internet access services with a phaseout of subsidies for low-income subscribers. That is a flawed policy prescription.
If maintaining America’s global competitiveness, building broadband infrastructure in high-cost rural areas, and maintaining the nation’s rapid deployment of 5G wireless services are national goals, the government should not set prices for internet access.
Forcing artificially low prices in the quest for broadband affordability would leave internet service providers with insufficient revenues to continue to meet the nation’s communications infrastructure needs with robust innovation and investment.
Instead, targeted changes to the Lifeline program could dramatically increase its participation rate, helping to realize the goal of connecting Americans most in need with the phone and broadband services that in today’s world have become essential to employment, education, healthcare and access to government resources.
To start, Lifeline program participation should be made much easier. Today, individuals seeking the benefit must go through a process of self-enrollment. Implementing “coordinated enrollment” — through which individuals would automatically be enrolled in Lifeline when they qualify for certain other government assistance benefits, including SNAP (the Supplemental Nutrition Assistance Program, formerly known as food stamps) and Medicaid — would help to address the severe program underutilization.
Because multiple government programs serve the same constituency, a single qualification process for enrollment in all applicable programs would generate government efficiencies and reach Americans who are missing out.
Speaking before the American Enterprise Institute back in 2014, former FCC Commissioner Mignon Clyburn said, “In most states, to enroll in federal benefit programs administered by state agencies, consumers already must gather their income-related documentation, and for some programs, go through a face-to-face interview. Allowing customers to enroll in Lifeline at the same time as they apply for other government benefits would provide a better experience for consumers and streamline our efforts.”
Second, the use of the Lifeline benefit can be made far simpler for consumers if the subsidy is provided directly to them via an electronic Lifeline benefit card account — like the SNAP program’s electronic benefit transfer (EBT) card. Not only would a Lifeline benefit card make participation in the program more convenient, but low-income
Americans would then be able to shop among the various providers and select the carrier and the precise service(s) that best suits their needs. The flexibility of greater consumer choice would be an encouragement for more program sign-ups.
And, the current Lifeline subsidy amount — $9.25 per month — isn’t enough to pay for a broadband subscription. For the subsidy to be truly meaningful, an increase in the monthly benefit is needed. Last December, Congress passed the temporary Emergency Broadband Benefit to provide low-income Americans up to a $50 per month discount ($75 per month on tribal lands) to offset the cost of broadband connectivity during the pandemic. After the emergency benefit runs out, a monthly benefit adequate to defray the cost of a broadband subscription will be needed.
In order to support more than a $9.25 monthly benefit, the funding source for the Lifeline program must also be reimagined. Currently, the program relies on the FCC’s Universal Service Fund, which is financed through a “tax” on traditional long-distance and international telephone services.
As greater use is made of the web for voice communications, coupled with less use of traditional telephones, the tax rate has increased to compensate for the shrinking revenues associated with landline phone services. A decade ago, the tax, known as the “contribution factor,” was 15.5%, but it’s now more than double that at an unsustainable 33.4%. Without changes, the problem will only worsen.
It’s easy to see that the financing of a broadband benefit should no longer be tied to a dying technology. Instead, funding for the Lifeline program could come from a “tax” shared across the entire internet ecosystem, including the edge providers that depend on broadband to reach their customers, or from direct congressional appropriations for the Lifeline program.
These reforms are realistic and straightforward. Rather than burn the program down, it’s time to rebuild Lifeline to ensure that it fulfills its original intention and reaches America’s neediest.
SpaceX has launched another batch of Starlink satellites, keeping up its rapid pace of launches for the broadband constellation it’s deploying in low Earth orbit. This now makes 300 Starlink satellites launched since March 4, with 60 on each of five flights between then and now.
The most recent launch before this one happened on March 24, with prior flights on March 14, March 11 and March 4 , respectively. That pace is intentionally fast, since SpaceX has said it aims to launch a total of 1,500 Starlink satellites over the course of this calendar year. Before that especially busy month, SpaceX also flew four other Starlink missions, including a shared ride on SpaceX’s first dedicated rideshare mission that also carried satellites for other customers.
In total, SpaceX has now launched 1,443 satellites for its Starlink constellation. That doesn’t reflect the total number of satellites on orbit, however, as a handful of those earlier satellites have been deorbited as planned. In total, the eventual planned sizer fo the constellation is expected to include up to 42,000 spacecraft based on current FCC frequency spectrum filings.
SpaceX recently signed a new agreement with NASA that outlines how the two organizations will avoid close approach or collision events between their respective spacecraft. NASA has measures it requires all launchers to follow in order to avoid these kinds of incidents, but the scale and frequency of SpaceX’s Starlink missions necessitated an additional, more extensive agreement.
This launch also included a landing of the Falcon 9 booster used, its seventh so far. The booster touched down as intended on SpaceX’s floating landing pad in the Atlantic Ocean, and will be refurbished for another potential reuse. SpaceX is also going to be looking to recover its fairing halves at sea, which are the two cargo covering shields that encase the satellites during take-off. The company actually just decommissioned two ships it had used to try to catch these out of mid-air as they fell slowed by parachutes, but it’s still looking to retrieve them from the ocean after splashdown for re-use.
The justices said the commission had adequately considered whether easing rules on cross-ownership of radio and TV stations and newspapers would hurt female and minority ownership of media outlets.
President Biden’s infrastructure proposal aims to close the digital divide, which has existed since the Clinton administration.
Broadcast television and talk radio are just as problematic as social media.
A proposal released by the acting chairwoman of the commission is an attempt to close the digital divide.
The money, aimed at low-income households, is part of an effort to bridge the access gap to broadband connectivity amid the pandemic.
Whatever you do, don’t press anything.
Amazon SVP of Devices & Services David Limp joined us at TC Sessions: Space today, and he shared some new details about the company’s Project Kuiper broadband satellite constellation. Limp shared more details on the technical design challenges that the Kuiper team solved with its revolutionary customer terminal, but he also shared more info on the company’s plans around launching its constellation, which will number 3,236 per the current plan approved by the FCC.
“We’re launch agnostic” Limp said. “If you know somebody who has a rocket out there, give us a call. “One of the reasons we thought the time was right to do a constellation now is because of some of the dynamics happening in the launch industry. Every day, we see a new demonstration of reusability every day, we see new demonstration of breakthroughs in better engines, whether that’s Raptor [SpaceX’s engine] or BE-4 [Blue Origin’s].”
Part of the FCC’s approval for Amazon’s constellation requires it to send up around half of its planned total constellation within the next six years, which is a significant volume and will require an aggressive launch pace to achieve. SpaceX’s Starlink, for context, has launched 16 batches of 60 satellites each for its network, with 14 of those happening in 2020 alone. In order to achieve that pace, Limp said that while he hopes Blue Origin (the Jeff Bezos-owned private rocket launch company) can provide some of its launch capacity, they will be looking elsewhere for rides to space as well.
“When you have to put 3,200-plus things into space, you will need will need launch a lot lots of launch capacity,” he said. “Our hope is that it’s not just one provider, that there will be multiple providers.”
Depending on the final Project Kuiper satellite spec, this could be a huge opportunity for new small satellite launchers coming on board, including companies like Astra, Kuiper and Virgin Orbit who spoke earlier today at the event on the progress their launch companies are making. It could also be a windfall for existing providers like Rocket Lab – and even potentially SpaceX. In response to a separate question, Limp noted that he doesn’t believe Project Kuiper is in direct competition with SpaceX’s Starlink, since there’s such a broad addressable market when it comes to connectivity for unserved and underserved customers globally.
Amazon’s Project Kuiper is perhaps one of the company’s most ambitious projects yet: Building a globe-spanning broadband wireless network to deliver affordable connectivity to underserved communities. Project Kuiper has made progress this year with a key FCC approval, and now it’s also created a prototype of a key piece of hardware that will help its future customers take advantage of the satellite network on the ground.
This is actually a big part of what will help make Project Kuiper a service that’s broadly accessible, and a development that puts the Amazon project in an industry-leading position with a unique advantage. The prototype developed by the team communicates on the Ka-band of the wireless spectrum, and is the smallest and lightest piece of hardware that can do that. It’s able to achieve speeds of up to 400 Mbps, and Amazon says that it’ll actually get better through future iterations.
For technical details on how this was accomplished and what it means for the final design, Amazon explains from a blog post describing the design process:
Our phased array antenna takes a different approach. Instead of placing antenna arrays adjacent to one another, we used tiny antenna element structures to overlay one over the other. This has never been accomplished in the Ka-band. The breakthrough allows us to reduce the size and weight of the entire terminal, while operating in a frequency that delivers higher bandwidth and better performance than other bands. Our design uses a combination of digital and analog components to electronically steer Ka-band beams toward satellites passing overhead.
The result is a single aperture phased array antenna that measures 12 inches in diameter, making it three times smaller and proportionately lighter than legacy antenna designs. This order of magnitude reduction in size will reduce production costs by an equal measure, allowing Amazon to offer customers a terminal that is more affordable and easier to install.
The bottom line is that Amazon’s design for Kuiper can greatly reduce the cost and complexity of building the ground-based infrastructure that will be required in order to provide access to its network to end-users. It’s also low-latency, and Amazon has found that it can provide 4K streaming capabilities even during its testing with geostationary satellites today – which are as much as 50 times further out from where Project Kuiper satellites will eventually be positioned in low-Earth orbit.
Amazon isn’t yet sharing specific pricing information about what the terminal will eventually cost, beyond touting its affordability relative to existing solutions. I’ll be talking to Amazon SVP of Devices and Services Dave Limp at TC Sessions: Space today, and we’ll discuss the antenna along with everything else about the project.
The Federal Communications Commission has rejected ZTE’s petition to remove its designation as a “national security threat.” This means that American companies will continue to be barred from using the FCC’s $8.3 billion Universal Service Fund to buy equipment and services from ZTE .
The Universal Service Fund includes subsidies to build telecommunication infrastructure across the United States, especially for low-income or high-cost areas, rural telehealth services, and schools and libraries. The FCC issued an order on June 30 banning U.S. companies from using the fund to buy technology from Huawei and ZTE, claiming that both companies have close ties with the Chinese Communist Party and military.
Many smaller carriers rely on Huawei and ZTE, two of the world’s biggest telecom equipment providers, for cost-efficient technology. After surveying carriers, the FCC estimated in September that replacing Huawei and ZTE equipment would cost more than $1.8 billion.
Under the Secure and Trusted Communications Networks Act, passed by Congress this year, most of that amount would be eligible for reimbursements under a program referred to as “rip and replace.” But the program has not been funded by Congress yet, despite bipartisan support.
In today’s announcement about ZTE, chairman Ajit Pai also said the FCC will vote on rules to implement the reimbursement program at its next Open Meeting, scheduled to take place on December 10.
The FCC passed its order barring companies deemed national security threats from receiving money from the Universal Service Fund in November 2019. Huawei fought back by suing the FCC over the ban, claiming it exceeded the agency’s authority and violated the Constitution.
TechCrunch has contacted ZTE for comment.
Issues like antitrust and privacy would remain on the agenda as his administration pursued policies to limit the power of the industry’s giants.
Something has to be done about the technology sector. Here’s what to keep in mind.
Their animosity is likely to be on full display at a hearing on Wednesday with the leaders of Facebook, Google and Twitter.
The medium is at the heart of Trumpism.
U.S. cell carrier Assist Wireless left tens of thousands of personal customer documents on its website by mistake.
Assist provides free government-subsidized cell phones to low-income households across Oklahoma through the Lifeline program, set up by the Federal Communications Commission in 1985. Lifeline helps households on federal assistance programs, like food stamps or public housing, get access to cheap cell phone plans.
But part of the carrier’s website was leaking customer documents — including driver’s licenses, passports and Social Security cards — which customers submit to verify their eligibility to sign up for a free phone and a plan.
The documents are dated between 2019 and 2020.
Security researcher John Wethington found the exposed documents through a simple Google search result, and asked TechCrunch to alert the carrier to the leak. Assist removed the exposed documents from its website a short time later.
Assist told TechCrunch that it traced the issue to a third-party plugin, Imagify, which the carrier uses to optimize images on its website. Assist said that the plugin by default puts a backup of uploaded images in a separate folder, but that the backup location in Assist’s case was not secure.
“We have resolved the issue by turning the backup off and removed the folder from public view,” said Assist.
The carrier told TechCrunch it also submitted an “urgent request” to Google to remove the documents from its cached image search results. (TechCrunch held this story until the images were scrubbed.)
Assist said it is investigating if anyone else found the exposed data before the issue was fixed.
“Assist Wireless takes security and consumer data very seriously. We are hiring a third-party security firm to provide us with a thorough security audit and subsequent consultation on ensuring customer data is as safe as possible moving forward,” the carrier said.
The carrier also said it would notify customers if their data was exposed in the security lapse.
The F.C.C. approved the company’s 3,236-satellite constellation, which aims to provide high-speed internet service around the world.
In a pandemic-plagued country, high-speed internet connections are a civil rights issue.
Last week was, for most Americans, a four-day work week. But a lot still happened in the security world.
The U.S. government’s cybersecurity agencies warned of two critical vulnerabilities — one in Palo Alto’s networking tech and the other in F5’s gear — that foreign, nation state-backed hackers will “likely” exploit these flaws to get access to networks, steal data or spread malware. Plus, the FCC formally declared Chinese tech giants Huawei and ZTE as threats to national security.
Here’s more from the week.
THE BIG PICTURE
How police hacked a massive criminal phone network
Last week’s takedown of EncroChat was, according to police, the “biggest and most significant” law enforcement operation against organized criminals in the history of the U.K. EncroChat sold encrypted phones with custom software akin to how BlackBerry phones used to work; you needed one to talk to other device owners.
But the phone network was used almost exclusively by criminals, allowing their illicit activities to be kept secret and go unimpeded: drug deals, violent attacks, corruption — even murders.
That is, until French police hacked into the network, broke the encryption and uncovered millions of messages, according to Vice, which covered the takedown of the network. The circumstances of the case are unique; police have not taken down a network like this before.
But technical details of the case remain under wraps, likely until criminal trials begin, at which point attorneys for the alleged criminals are likely to rest much of their defense on the means — and legality — in which the hack was carried out.
American cellular businesses will no longer be able to spend federal money on equipment from the two Chinese companies.
The Federal Communication Commission has declared Chinese telecom giants Huawei and ZTE “national security threats,” a move that will formally ban U.S. telecom companies from using federal funds to buy and install Huawei and ZTE equipment.
FCC chairman Ajit Pai said that the “weight of evidence” supported the decision. Federal agencies and lawmakers have long claimed that because the tech giants are subject to Chinese law, they could be obligated to “cooperate with the country’s intelligence services,” Pai said, claims that Huawei and ZTE have repeatedly rejected.
“We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure,” the Republican-majority FCC said in a separate statement.
The order, published by the FCC on Tuesday, said the designation takes immediate effect, but it’s not immediately clear how the designation changes the status quo.
In November of last year, the FCC announced that companies deemed a national security threat would be ineligible to receive any money from the Universal Service Fund. The $8.5B fund is the FCC’s main way of purchasing and subsidizing equipment and services to improve connectivity across the country.
Huawei and ZTE were “initially designated” as security threats at the time, but the formal process of assigning them that status has taken place in the intervening months, resulting in today’s declaration.
We’ve asked the FCC for comment but did not immediately hear back. In a public statement, FCC commissioner Geoffrey Starks, a Democrat, explained that labeling the companies threats is a start, but that there is a great deal of Huawei and ZTE equipment already in use that needs to be identified and replaced.
“The Commission has taken important steps toward identifying the problematic equipment in our systems, but there is much more to do,” he wrote. “Funding is the missing piece. Congress recognized in the Secure and Trusted Communications Networks Act that many carriers will need support to transition away from untrustworthy equipment, but it still has not appropriated funding for replacements.”
The declaration is the latest move by the FCC to crack down on Chinese technology providers seen. But it puts telecom companies working to expand their 5G coverage in a bind. Huawei and ZTE are seen as leading the way in 5G, far ahead of their American rivals.
Spokespeople for Huawei and ZTE did not immediately comment.
SpaceX is in the process of building out its Starlink network of low Earth orbit small satellites that will provide the backbone of a global, high-bandwidth, low-latency internet service – but there’s a clock running out in terms of at least one potential source of funding for it to recoup revenue from those efforts: The FCC requires that anyone participating in its $16 billion federal funding auction for rural broadband access demonstrate latency under a 100-million threshold, but anyone who hopes to quality must meet that threshold within the next month.
The FCC has issued a report (via Engadget) on the Phase 1 auction for this lucrative funding, serving as advance notice ahead of its actual auction date of October 29, 2020 – but companies have to submit their applications to compete for said auction by July 15. In the report. the FCC acknowledges that any satellite provider operating at LEO has a potential advantage over providers who are using much higher altitude, geostationary satellites instead, but also qualifies that by noting that in order to pass the stated threshold they must also pass it taking into account delays introduced by relay stations, hubs and destination terminals.
SpaceX, for its part, believes that the FCC needn’t doubt its network’s abilities, and says that in fact it’s aiming for latency times under the 20 millisecond mark, which is better in some cases than traditional terrestrial cable-backed bandwidth networks.
In terms of deployment, SpaceX has been moving fast with Starlink, especially in 2020. Thus far, it has launched seven missions this year for the constellation, sending up a total of 418 satellites – which is actually more than any other private satellite operator even has currently working. The sprint is about building the network to the point where it can begin to serve customers in the U.S. and Canada by sometime later this year, and then expand to more customers globally later on.
SpaceX seems to be on track to make that happen, but the requirements for this more lucrative tranche of government funding might be too soon relative to those goals. Still, there are other federal contracts related to this initiative that it would be eligible for later on.
A multiagency group does a “minimal” job of assessing security risks posed by China Unicom, China Telecom and ComNet, investigators said.
The president wants to narrow legal protections for companies like Twitter after it began appending fact-check labels to his postings.
The president and his allies have often accused Twitter and Facebook of bias against conservatives, and had resisted taking action until this week, when Twitter fact-checked his own false statements.
As federal agencies take increasingly stringent actions to try to limit the spread of the novel coronavirus pandemic within the U.S., how can individual Americans and U.S. companies affected by these rules weigh in with their opinions and experiences? Because many of the new rules, such as travel restrictions and increased surveillance, require expansions of federal power beyond normal circumstances, our laws require the federal government to post these rules publicly and allow the public to contribute their comments to the proposed rules online. But are federal public comment websites — a vital institution for American democracy — secure in this time of crisis? Or are they vulnerable to bot attack?
In December 2019, we published a new study to see firsthand just how vulnerable the public comment process is to an automated attack. Using publicly available artificial intelligence (AI) methods, we successfully generated 1,001 comments of deepfake text, computer-generated text that closely mimics human speech, and submitted them to the Centers for Medicare & Medicaid Services’ (CMS) website for a proposed federal rule that would institute mandatory work reporting requirements for citizens on Medicaid in Idaho.
The comments we produced using deepfake text constituted over 55% of the 1,810 total comments submitted during the federal public comment period. In a follow-up study, we asked people to identify whether comments were from a bot or a human. Respondents were only correct half of the time — the same probability as random guessing.
The example above is deepfake text generated by the bot that all survey respondents thought was from a human.
We ultimately informed CMS of our deepfake comments and withdrew them from the public record. But a malicious attacker would likely not do the same.
Previous large-scale fake comment attacks on federal websites have occurred, such as the 2017 attack on the FCC website regarding the proposed rule to end net neutrality regulations.
During the net neutrality comment period, firms hired by industry group Broadband for America used bots to create comments expressing support for the repeal of net neutrality. They then submitted millions of comments, sometimes even using the stolen identities of deceased voters and the names of fictional characters, to distort the appearance of public opinion.
A retroactive text analysis of the comments found that 96-97% of the more than 22 million comments on the FCC’s proposal to repeal net neutrality were likely coordinated bot campaigns. These campaigns used relatively unsophisticated and conspicuous search-and-replace methods — easily detectable even on this mass scale. But even after investigations revealed the comments were fraudulent and made using simple search-and-replace-like computer techniques, the FCC still accepted them as part of the public comment process.
Even these relatively unsophisticated campaigns were able to affect a federal policy outcome. However, our demonstration of the threat from bots submitting deepfake text shows that future attacks can be far more sophisticated and much harder to detect.
The laws and politics of public comments
Let’s be clear: The ability to communicate our needs and have them considered is the cornerstone of the democratic model. As enshrined in the Constitution and defended fiercely by civil liberties organizations, each American is guaranteed a role in participating in government through voting, through self-expression and through dissent.
When it comes to new rules from federal agencies that can have sweeping impacts across America, public comment periods are the legally required method to allow members of the public, advocacy groups and corporations that would be most affected by proposed rules to express their concerns to the agency and require the agency to consider these comments before they decide on the final version of the rule. This requirement for public comments has been in place since the passage of the Administrative Procedure Act of 1946. In 2002, the e-Government Act required the federal government to create an online tool to receive public comments. Over the years, there have been multiple court rulings requiring the federal agency to demonstrate that they actually examined the submitted comments and publish any analysis of relevant materials and justification of decisions made in light of public comments [see Citizens to Preserve Overton Park, Inc. v. Volpe, 401 U. S. 402, 416 (1971); Home Box Office, supra, 567 F.2d at 36 (1977), Thompson v. Clark, 741 F. 2d 401, 408 (CADC 1984)].
In fact, we only had a public comment website from CMS to test for vulnerability to deepfake text submissions in our study, because in June 2019, the U.S. Supreme Court ruled in a 7-1 decision that CMS could not skip the public comment requirements of the Administrative Procedure Act in reviewing proposals from state governments to add work reporting requirements to Medicaid eligibility rules within their state.
The impact of public comments on the final rule by a federal agency can be substantial based on political science research. For example, in 2018, Harvard University researchers found that banks that commented on Dodd-Frank-related rules by the Federal Reserve obtained $7 billion in excess returns compared to non-participants. When they examined the submitted comments to the “Volcker Rule” and the debit card interchange rule, they found significant influence from submitted comments by different banks during the “sausage-making process” from the initial proposed rule to the final rule.
Beyond commenting directly using their official corporate names, we’ve also seen how an industry group, Broadband for America, in 2017 would submit millions of fake comments in support of the FCC’s rule to end net neutrality in order to create the false perception of broad political support for the FCC’s rule amongst the American public.
Technology solutions to deepfake text on public comments
While our study highlights the threat of deepfake text to disrupt public comment websites, this doesn’t mean we should end this long-standing institution of American democracy, but rather we need to identify how technology can be used for innovative solutions that accepts public comments from real humans while rejecting deepfake text from bots.
There are two stages in the public comment process — (1) comment submission and (2) comment acceptance — where technology can be used as potential solutions.
In the first stage of comment submission, technology can be used to prevent bots from submitting deepfake comments in the first place; thus raising the cost for an attacker to need to recruit large numbers of humans instead. One technological solution that many are already familiar with are the CAPTCHA boxes that we see at the bottom of internet forms that ask us to identify a word — either visually or audibly — before being able to click submit. CAPTCHAs provide an extra step that makes the submission process increasingly difficult for a bot. While these tools can be improved for accessibility for disabled individuals, they would be a step in the right direction.
However, CAPTCHAs would not prevent an attacker willing to pay for low-cost labor abroad to solve any CAPTCHA tests in order to submit deepfake comments. One way to get around that may be to require strict identification to be provided along with every submission, but that would remove the possibility for anonymous comments that are currently accepted by agencies such as CMS and the Food and Drug Administration (FDA). Anonymous comments serve as a method of privacy protection for individuals who may be significantly affected by a proposed rule on a sensitive topic such as healthcare without needing to disclose their identity. Thus, the technological challenge would be to build a system that can separate the user authentication step from the comment submission step so only authenticated individuals can submit a comment anonymously.
Finally, in the second stage of comment acceptance, better technology can be used to distinguish between deepfake text and human submissions. While our study found that our sample of over 100 people surveyed were not able to identify the deepfake text examples, more sophisticated spam detection algorithms in the future may be more successful. As machine learning methods advance over time, we may see an arms race between deepfake text generation and deepfake text identification algorithms.
The challenge today
While future technologies may offer more comprehensive solutions, the threat of deepfake text to our American democracy is real and present today. Thus, we recommend that all federal public comment websites adopt state-of-the-art CAPTCHAs as an interim measure of security, a position that is also supported by the 2019 U.S. Senate Subcommittee on Investigations’ Report on Abuses of the Federal Notice-and-Comment Rulemaking Process.
In order to develop more robust future technological solutions, we will need to build a collaborative effort between the government, researchers and our innovators in the private sector. That’s why we at Harvard University have joined the Public Interest Technology University Network along with 20 other education institutions, New America, the Ford Foundation and the Hewlett Foundation. Collectively, we are dedicated to helping inspire a new generation of civic-minded technologists and policy leaders. Through curriculum, research and experiential learning programs, we hope to build the field of public interest technology and a future where technology is made and regulated with the public in mind from the beginning.
While COVID-19 has disrupted many parts of American society, it hasn’t stopped federal agencies under the Trump administration from continuing to propose new deregulatory rules that can have long-lasting legacies that will be felt long after the current pandemic has ended. For example, on March 18, 2020, the Environmental Protection Agency (EPA) proposed new rules about limiting which research studies can be used to support EPA regulations, which have received over 610,000 comments as of April 6, 2020. On April 2, 2020, the Department of Education proposed new rules for permanently relaxing regulations for online education and distance learning. On February 19, 2020, the FCC re-opened public comments on its net neutrality rules, which in 2017 saw 22 million comments submitted by bots, after a federal court ruled that the FCC ignored how ending net neutrality would affect public safety and cellphone access programs for low-income Americans.
Federal public comment websites offer the only way for the American public and organizations to express their concerns to the federal agency before the final rules are determined. We must adopt better technological defenses to ensure that deepfake text doesn’t further threaten American democracy during a time of crisis.
Global satellite operator Intelsat has voluntarily filed for Chapter 11 bankruptcy protection, the company announced late on Wednesday. Intelsat has attempted to position this as a positive moment that sees it embark on a “financial restructuring” project to enable its future growth, but a bankruptcy filing is seldom cause for celebration.
The company cites a need to participate in the FCC’s C-band spectrum clearing for 5G network built out in the U.S. as one of the factors behind its decisions to file, as well as “managing the economic slowdown impacting server of its markets caused by the COVID-19 global health crisis.”
Intelsat notes that its current plan involves no changes to the day-to-day operation of the company, or any reduction in headcount. The company also said that it has secured $1 billion in committed new financing, which will come in the form of debtor-in-position funds, subject to court approval. That just describes any company that plans to continue to operate its business while also undergoing Chapter 11 bankruptcy proceedings.
The company also says it’ll be continuing to launch new satellites, building out its ground network, and adding new services as it continues the process, and that its goal is to to get through the restructuring process “as quickly as possible.” The satellite operator cites GM and American Airlines as models that show is goal with the filing, having also undertaken a similar restructuring in the past and emerged with greater fiscal viability.
Intelsat’s bankruptcy filing isn’t the first noteworthy space co. filing resulting from the global pandemic: Would-be global satellite internet provider OneWeb filed for Chapter 11 protection in March.
Sinclair Broadcast Group has agreed to pay a $48 million fine to the Federal Communications Communication to close investigations related to its attempted merger with Tribune Media. The FCC said in its announcement that this is the largest civil penalty paid by a broadcaster in the agency’s history. It added that Sinclair will also have to “abide by a strict compliance plan in order to close three open investigations.”
The merger, which was valued at $3.9 billion and would have created one of the largest broadcasters in the United States, was called off by Tribune in August 2018. Tribune also filed a lawsuit accusing Sinclair of breaching contract and misleading regulators “in a misguided and ultimately unsuccessful attempt to retain control over stations that it was obligated to sell.”
In today’s announcement, the FCC said its agreement with Sinclair was related to investigations into the company’s disclosure of information related to the acquisition of Tribune-owned stations, its failure to identify sponsored content it produced for broadcast, and “whether the company has met its obligations to negotiate retransmission consent agreements in good faith.”
In today’s FCC statement, chairman Ajit Pai, who was critical of the deal before it was scrapped, said “Sinclair’s conduct during its attempt to merge with Tribune was completely unacceptable. Today’s penalty, along with the failure of the Sinclair/Tribune transaction, should serve as a cautionary tale to other licensees seeking Commission approval of a transaction in the future.”
He also added that the FCC would not revoke licenses granted to the conservative-leaning broadcaster. “On the other hand, I disagree with those who, for transparently political reasons, demand we revoke Sinclair’s licenses,” Pai said. “While they don’t like what they perceive to be the broadcaster’s viewpoints, the First Amendment still applies around here.”
In a statement, Sinclair Broadcast Group president and CEO Chris Ripley said that the company is “pleased with the resolution announced today by the FCC and to be moving forward. We thank the FCC staff for their diligence in reaching this resolution. Sinclair is committed to continue to interact constructively with all of its regulators to ensure full compliance with applicable laws, rules and regulations.”
The F.C.C. levied the largest civil penalty in its history against a conservative owner of local TV stations, scuttling its ambitious merger plans.
Since the coronavirus spread from a metropolis on the Yangtze River across the globe, hard-liners in both Washington and Beijing have accelerated efforts to decouple elements of the relationship.
While at the F.C.C., he used the fairness doctrine to challenge the tobacco industry. He also helped pave the way for televised presidential debates.
Today marks the conclusion of a years-long saga that started when John Oliver did a segment on Net Neutrality that was so popular that it brought the FCC’s comment system to its knees. Two years later it is finally near addressing all the issues brought up in an investigation from the General Accountability Office.
The report covers numerous cybersecurity and IT issues, some of which the FCC addressed quickly, some not so quickly, and some it’s still working on.
“Today’s GAO report makes clear what we knew all along: the FCC’s system for collecting public input has problems,” Commissioner Jessica Rosenworcel told TechCrunch . “The agency needs to fully fix this mess because this is the way the FCC is supposed to take input from the public. But as this report demonstrates, we have real work to do.”
Here’s the basic timeline of events, which seem so long ago now:
- May 2017: John Oliver’s segment airs, and the next day the FCC claims it was hit by denial-of-service attacks that took down its comment system, ECFS. (In fact it was merely the sheer volume of people who wanted to share their opinion of the FCC’s plan to kill net neutrality.)
- July 2017: Despite calls for details, the FCC refuses to release any details on the cyberattack, despite Congressional demands, saying the threat was “ongoing.” (Its investigations had not in fact determined malicious intent and its official account was in doubt internally from the start.)
- August 2017: Congress calls for an independent investigation of the FCC’s claims and its comment system. (That’s the report released today. Also around this time another improbable “hack” was found to have (not) happened in 2014.)
- October 2017: FCC’s chief information officer, David Bray, who claimed the attacks took place both in 2017 and 2014, leaves the FCC.
- December 2017: The FCC votes along party lines to kill net neutrality.
- June 2018: A watchdog group acquires 1,300 pages of emails, which (though very heavily redacted) show that the DDoS claims were essentially false and known to be so.
- August 2018: The FCC finally admits that it was never hacked, and the next day its own internal report comes out showing that it really was just overwhelming interest from people wanting to be heard. Members of Congress accuse Chairman Ajit Pai of “dereliction of duty” in perpetuating this dangerously incorrect narrative.
Then it’s pretty quiet basically until today, when the report requested in 2017 was publicly released. A version with sensitive information (like exact software configurations and other technical information) was internally circulated in September, then revised for today’s release.
The final report is not much of a bombshell, since much of it has been telegraphed ahead of time. It’s a collection of criticisms of an outdated system with inadequate security and other failings that might have been directed at practically any federal agency, among which cybersecurity practices are notoriously poor.
The investigation indicates that the FCC, for instance, did not consistently implement security and access controls, encrypt sensitive data, update or correctly configure its servers, detect or log cybersecurity events, and so on. It wasn’t always a disaster (even well-run IT departments don’t always follow best practices), but obviously some of these shortcomings and cut corners led to serious issues like ECFS being overwhelmed.
More importantly, of the 136 recommendations made in the September report, 85 have been fully implemented now, 10 partially, and the rest are on track to be so.
That should not be taken to mean that the FCC has waited this whole time to update its commenting and other systems. In fact it was making improvements almost immediately after the event in May of 2017, but refused to describe them. Here are a few of the improvements listed in the GAO report:
Representative Frank Pallone (D-NJ), who has dogged the FCC on this issue since the beginning, issued the following statement:
I requested this report because it was clear, after the net neutrality repeal comment period debacle, that the FCC’s cybersecurity practices had failed. After more than two years of investigating, GAO agrees and found a disturbing lack of security that places the Commission’s information systems at risk… Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse.
SpaceX is launching another batch of 60 of its broadband internet satellites today – its fourth Starlink launch of 2020, and its seventh launch of a large batch of the satellites in total. This will put its total operational constellation size at 418, extending its lead as the world’s largest private satellite operator.
The launch is set to take place at 3:37 PM EDT (12:37 PM PDT) from Cape Canaveral in Florida, and the live stream above should kick off at around 15 minutes prior to that takeoff time, or at around 3:22 PM EDT (12:22 PM PDT). The launch will also include an attempt to land and recover the Falcon 9 booster used for this mission, using SpaceX’s ‘Of Course I Still Love You’ drone ship stationed in the Atlantic ocean.
The Falcon 9 used in this mission has previously been used, during the first flight of SpaceX’s astronaut spacecraft Crew Dragon to the International Space Station during an uncrewed demonstration mission, as well as during a RADARSAT launch and a previous Starlink launch. It’s not the only part of the launch vehicle that’s being reused, either: The fairing that protects the Starlink satellites was flown before on SpaceX’s AMOS-17 mission.
SpaceX is still actively launching despite the COVID-19 pandemic, and still intends to bring its Starlink broadband service online for its first customers starting later this year, with initial coverage available in the northern U.S. and Canada. Through subsequent launches, it hopes to then expand to “near global coverage” by sometime next year.
This week, the company asked the FCC for permission to move its satellites to a lower operational orbital as part of its efforts to reduce the constellation’s potential to contribute to space debris. This could also help address complaints that SpaceX’s Starlink satellites interfere with ground-based night-sky observation and science, since a lower orbit would mean the spacecraft appear less bright.
Apple is said to be developing its own competitors to popular over-ear noise-cancelling headphones like those made by Bose and Sony, Bloomberg reports, but with similar technology on board to that used in the AirPod and AirPod Pro lines. These headphones would also include a design with interchangeable parts that would allow some modification with customizable accessories for specific uses like workouts and long-term wear, for instance.
The prototype designs of the new headphones, which are set to potentially be released some time later this year (though timing is clearly up in the air as a result of the ongoing COVID-19 crisis, and Apple’s general tendency to move things around depending on other factors), are said to feature a “retro look” by Bloomberg, and include oval ear cups which connect directly to thin arms that extend to the headband. The swappable parts include the ear pads and headband cushion, both of which are said to attach to the headphone frame using magnetic connectors.
These will support Siri on board, along with active noise cancellation and touch controls, but most importantly for iOS and Mac users, they’ll also feature the simple connection across multiple devices that are featured on AirPods and some of Apple’s Beats line of headphones.
Apple has already released Beats over- and on-ear headphone models with AirPod-like features, including cross-connectivity, and that feature onboard noise cancellation. The Bloomberg report doesn’t seem to indicate these new models would be Beats-branded, however, and their customization features would also be new in terms of Apple’s available existing options.
Bloomberg also previously reported that Apple was working on a smaller HomePod speaker as part of its forthcoming product lineup, and a new FCC filing made public this week could indicate the impending release of a success to its PowerBeats Pro fully wireless in-ear sport headphones.
Lawmakers and security experts have long warned of security flaws in the underbelly of the world’s cell networks. Now a whistleblower says the Saudi government is exploiting those flaws to track its citizens across the U.S. as part of a “systematic” surveillance campaign.
It’s the latest tactic by the Saudi kingdom to spy on its citizens overseas. The kingdom has faced accusations of using powerful mobile spyware to hack into the phones of dissidents and activists to monitor their activities, including those close to Jamal Khashoggi, the Washington Post columnist who was murdered by agents of the Saudi regime. The kingdom also allegedly planted spies at Twitter to surveil critics of the regime.
The Guardian obtained a cache of data amounting to millions of locations on Saudi citizens over a four-month period beginning in November. The report says the location tracking requests were made by Saudi’s three largest cell carriers — believed to be at the behest of the Saudi government — by exploiting weaknesses in SS7.
SS7, or Signaling System 7, is a set of protocols — akin to a private network used by carriers around the world — to route and direct calls and messages between networks. It’s the reason why a T-Mobile customer can call an AT&T phone, or text a friend on Verizon — even when they’re in another country. But experts say that weaknesses in the system have allowed attackers with access to the carriers — almost always governments or the carriers themselves — to listen in to calls and read text messages. SS7 also allows carriers to track the location of devices to just a few hundred feet in densely populated cities by making a “provide subscriber information” (PSI) request. These PSI requests are typically to ensure that the cell user is being billed correctly, such as if they are roaming on a carrier in another country. Requests made in bulk and excess can indicate location tracking surveillance.
But despite years of warnings and numerous reports of attacks exploiting the system, the largest U.S. carriers have done little to ensure that foreign spies cannot abuse their networks for surveillance.
One Democratic lawmaker puts the blame squarely in the Federal Communication Commission’s court for failing to compel cell carriers to act.
“I’ve been raising the alarm about security flaws in U.S. phone networks for years, but FCC chairman Ajit Pai has made it clear he doesn’t want to regulate the carriers or force them to secure their networks from foreign government hackers,” said Sen. Ron Wyden, a member of the Senate Intelligence Committee, in a statement on Sunday. “Because of his inaction, if this report is true, an authoritarian government may be reaching into American wireless networks to track people inside our country,” he said.
A spokesperson for the FCC, the agency responsible for regulating the cell networks, did not respond to a request for comment.
A long history of feet-dragging
Wyden is not the only lawmaker to express concern. In 2016, Rep. Ted Lieu, then a freshman congressman, gave a security researcher permission to hack his phone by exploiting weaknesses in SS7 for an episode of CBS’ 60 Minutes.
Lieu accused the FCC of being “guilty of remaining silent on wireless network security issues.”
The same vulnerabilities were used a year later in 2017 to drain the bank accounts of unsuspecting victims by intercepting and stealing the two-factor authentication codes necessary to log in sent by text message. The breach was one of the reasons why the U.S. government’s standards and technology units, NIST, recommended moving away from using text messages to send two-factor codes.
Months later the FCC issued a public notice, prompted by a raft of media attention, “encouraging” but not mandating that carriers make efforts to bolster their individual SS7 systems. The notice asked carriers to monitor their networks and install firewalls to prevent malicious requests abuse.
It wasn’t enough. Wyden’s office reported in 2018 that one of the major cell carriers — which was not named — reported an SS7 breach involving customer data. Verizon and T-Mobile said in letters to Wyden’s office that they were implementing firewalls that would filter malicious SS7 requests. AT&T said in its letter that it was in the process of updating its firewalls, but also warned that “unstable and unfriendly nations” with access to a cell carrier’s SS7 systems could abuse the system. Only Sprint said at the time that it was not the source of the SS7 breach, according to a spokesperson’s email to TechCrunch.
T-Mobile did not respond to a request for comment. Verizon (which owns TechCrunch) also did not comment. AT&T said at the time it “continually works with industry associations and government agencies” to address SS7 issues.
Fixing the problems with SS7 is not an overnight job. But without a regulator pushing for change, the carriers aren’t inclined to budge.
Experts say those same firewalls put in place by the cell carriers can filter potentially malicious traffic and prevent some abuse. But an FCC working group tasked with understanding the risks posed by SS7 flaws in 2016 acknowledged that the vast majority of SS7 traffic is legitimate. “Carriers need to be measured as they implement solutions in order to avoid collateral network impacts,” the report says.
In other words, it’s not a feasible solution if it blocks real carrier requests.
Cell carriers have been less than forthcoming with their plans to fix their SS7 implementations. Only AT&T provided comment, telling The Guardian that it had “security controls to block location-tracking messages from roaming partners.” To what extent remains unclear, or if those measures will even help. Few experts have expressed faith in newer systems like Diameter, a similar routing protocol for 4G and 5G, given there have already been a raft of vulnerabilities found in the newer system.
End-to-end encrypted apps, like Signal and WhatsApp, have made it harder for spies to snoop on calls and messages. But it’s not a panacea. As long as SS7 remains a fixture underpinning the very core of every cell network, tracking location data will remain fair game.