The FCC rejects ZTE’s petition to stop designating it a “national security threat”

The Federal Communications Commission has rejected ZTE’s petition to remove its designation as a “national security threat.” This means that American companies will continue to be barred from using the FCC’s $8.3 billion Universal Service Fund to buy equipment and services from ZTE .

The Universal Service Fund includes subsidies to build telecommunication infrastructure across the United States, especially for low-income or high-cost areas, rural telehealth services, and schools and libraries. The FCC issued an order on June 30 banning U.S. companies from using the fund to buy technology from Huawei and ZTE, claiming that both companies have close ties with the Chinese Communist Party and military.

Many smaller carriers rely on Huawei and ZTE, two of the world’s biggest telecom equipment providers, for cost-efficient technology. After surveying carriers, the FCC estimated in September that replacing Huawei and ZTE equipment would cost more than $1.8 billion.

Under the Secure and Trusted Communications Networks Act, passed by Congress this year, most of that amount would be eligible for reimbursements under a program referred to as “rip and replace.” But the program has not been funded by Congress yet, despite bipartisan support.

In today’s announcement about ZTE, chairman Ajit Pai also said the FCC will vote on rules to implement the reimbursement program at its next Open Meeting, scheduled to take place on December 10.

The FCC passed its order barring companies deemed national security threats from receiving money from the Universal Service Fund in November 2019. Huawei fought back by suing the FCC over the ban, claiming it exceeded the agency’s authority and violated the Constitution.

TechCrunch has contacted ZTE for comment.

#asia, #china, #fcc, #federal-communications-commission, #huawei, #tc, #u-s-government, #zte

0

Biden Is Expected to Keep Scrutiny of Tech Front and Center

Issues like antitrust and privacy would remain on the agenda as his administration pursued policies to limit the power of the industry’s giants.

#antitrust-laws-and-competition-issues, #biden-joseph-r-jr, #computers-and-the-internet, #democratic-party, #federal-communications-commission, #federal-trade-commission, #law-and-legislation, #presidential-election-of-2020, #privacy, #trump-donald-j, #united-states-politics-and-government

0

How to Take On the Tech Barons

Something has to be done about the technology sector. Here’s what to keep in mind.

#amazon-com-inc, #antitrust-laws-and-competition-issues, #biden-joseph-r-jr, #computers-and-the-internet, #data-mining-and-database-marketing, #federal-communications-commission, #freedom-of-speech-and-expression, #google-inc, #hawley-josh-d-1979, #huawei-technologies-co-ltd, #microsoft-corp, #politics-and-government, #social-media, #trump-donald-j

0

Trump Allies Amp Up Fight Over Tech’s Legal Shield Before Election

Their animosity is likely to be on full display at a hearing on Wednesday with the leaders of Facebook, Google and Twitter.

#biden-hunter, #biden-joseph-r-jr, #censorship, #commerce-department, #dorsey-jack, #executive-orders-and-memorandums, #federal-communications-commission, #federal-trade-commission, #freedom-of-speech-and-expression, #law-and-legislation, #pichai-sundar, #social-media, #trump-donald-j, #united-states-politics-and-government, #zuckerberg-mark-e

0

Talk Radio Is Turning Millions of Americans Into Conservatives

The medium is at the heart of Trumpism.

#conservatism-us-politics, #federal-communications-commission, #limbaugh-rush, #radio, #savage-michael, #trump-donald-j, #united-states

0

US cell carrier Assist Wireless exposed thousands of customer IDs

U.S. cell carrier Assist Wireless left tens of thousands of personal customer documents on its website by mistake.

Assist provides free government-subsidized cell phones to low-income households across Oklahoma through the Lifeline program, set up by the Federal Communications Commission in 1985. Lifeline helps households on federal assistance programs, like food stamps or public housing, get access to cheap cell phone plans.

But part of the carrier’s website was leaking customer documents — including driver’s licenses, passports and Social Security cards — which customers submit to verify their eligibility to sign up for a free phone and a plan.

The documents are dated between 2019 and 2020.

Security researcher John Wethington found the exposed documents through a simple Google search result, and asked TechCrunch to alert the carrier to the leak. Assist removed the exposed documents from its website a short time later.

Assist told TechCrunch that it traced the issue to a third-party plugin, Imagify, which the carrier uses to optimize images on its website. Assist said that the plugin by default puts a backup of uploaded images in a separate folder, but that the backup location in Assist’s case was not secure.

“We have resolved the issue by turning the backup off and removed the folder from public view,” said Assist.

The carrier told TechCrunch it also submitted an “urgent request” to Google to remove the documents from its cached image search results. (TechCrunch held this story until the images were scrubbed.)

Assist said it is investigating if anyone else found the exposed data before the issue was fixed.

“Assist Wireless takes security and consumer data very seriously. We are hiring a third-party security firm to provide us with a thorough security audit and subsequent consultation on ensuring customer data is as safe as possible moving forward,” the carrier said.

The carrier also said it would notify customers if their data was exposed in the security lapse.

#computer-security, #cryptography, #data-security, #driver, #federal-communications-commission, #food-stamps, #oklahoma, #security, #sim-card

0

Amazon Satellites Add to Astronomers’ Worries About the Night Sky

The F.C.C. approved the company’s 3,236-satellite constellation, which aims to provide high-speed internet service around the world.

#amazon-com-inc, #computers-and-the-internet, #corporate-social-responsibility, #federal-communications-commission, #pollution, #private-spaceflight, #research, #satellites, #space-and-astronomy, #telescopes-and-observatories

0

With Covid-19, Broadband Internet Access Is a Civil Rights Issue

In a pandemic-plagued country, high-speed internet connections are a civil rights issue.

#buses, #clyburn-james-e, #computers-and-the-internet, #coronavirus-2019-ncov, #education-k-12, #federal-communications-commission, #law-and-legislation, #quarantines, #rural-areas, #upton-fred, #wireless-communications

0

Decrypted: Police hack criminal phone network; Randori raises $20M Series A

Last week was, for most Americans, a four-day work week. But a lot still happened in the security world.

The U.S. government’s cybersecurity agencies warned of two critical vulnerabilities — one in Palo Alto’s networking tech and the other in F5’s gear — that foreign, nation state-backed hackers will “likely” exploit these flaws to get access to networks, steal data or spread malware. Plus, the FCC formally declared Chinese tech giants Huawei and ZTE as threats to national security.

Here’s more from the week.


THE BIG PICTURE

How police hacked a massive criminal phone network

Last week’s takedown of EncroChat was, according to police, the “biggest and most significant” law enforcement operation against organized criminals in the history of the U.K. EncroChat sold encrypted phones with custom software akin to how BlackBerry phones used to work; you needed one to talk to other device owners.

But the phone network was used almost exclusively by criminals, allowing their illicit activities to be kept secret and go unimpeded: drug deals, violent attacks, corruption — even murders.

That is, until French police hacked into the network, broke the encryption and uncovered millions of messages, according to Vice, which covered the takedown of the network. The circumstances of the case are unique; police have not taken down a network like this before.

But technical details of the case remain under wraps, likely until criminal trials begin, at which point attorneys for the alleged criminals are likely to rest much of their defense on the means — and legality — in which the hack was carried out.

#advisors, #ceo, #chief-information-security-officer, #china, #computing, #cryptography, #data-breach, #data-protection, #decrypted, #encryption, #extra-crunch, #federal-communications-commission, #huawei, #hunt, #information-technology, #internet-security, #market-analysis, #palo-alto, #security, #series-a, #social, #startups, #u-s-government, #united-kingdom, #united-states, #video-conferencing

0

F.C.C. Designates Huawei and ZTE as National Security Threats

American cellular businesses will no longer be able to spend federal money on equipment from the two Chinese companies.

#5g-wireless-communications, #computers-and-the-internet, #defense-and-military-forces, #federal-communications-commission, #huawei-technologies-co-ltd, #pai-ajit, #politics-and-government, #telephones-and-telecommunications, #zte-corp

0

FCC declares Huawei, ZTE ‘national security threats’

The Federal Communication Commission has declared Chinese telecom giants Huawei and ZTE “national security threats,” a move that will formally ban U.S. telecom companies from using federal funds to buy and install Huawei and ZTE equipment.

FCC chairman Ajit Pai said that the “weight of evidence” supported the decision. Federal agencies and lawmakers have long claimed that because the tech giants are subject to Chinese law, they could be obligated to “cooperate with the country’s intelligence services,” Pai said, claims that Huawei and ZTE have repeatedly rejected.

“We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure,” the Republican-majority FCC said in a separate statement.

The order, published by the FCC on Tuesday, said the designation takes immediate effect, but it’s not immediately clear how the designation changes the status quo.

In November of last year, the FCC announced that companies deemed a national security threat would be ineligible to receive any money from the Universal Service Fund. The $8.5B fund is the FCC’s main way of purchasing and subsidizing equipment and services to improve connectivity across the country.

Huawei and ZTE were “initially designated” as security threats at the time, but the formal process of assigning them that status has taken place in the intervening months, resulting in today’s declaration.

We’ve asked the FCC for comment but did not immediately hear back. In a public statement, FCC commissioner Geoffrey Starks, a Democrat, explained that labeling the companies threats is a start, but that there is a great deal of Huawei and ZTE equipment already in use that needs to be identified and replaced.

“The Commission has taken important steps toward identifying the problematic equipment in our systems, but there is much more to do,” he wrote. “Funding is the missing piece. Congress recognized in the Secure and Trusted Communications Networks Act that many carriers will need support to transition away from untrustworthy equipment, but it still has not appropriated funding for replacements.”

The declaration is the latest move by the FCC to crack down on Chinese technology providers seen. But it puts telecom companies working to expand their 5G coverage in a bind. Huawei and ZTE are seen as leading the way in 5G, far ahead of their American rivals.

Spokespeople for Huawei and ZTE did not immediately comment.

#federal-communications-commission, #huawei, #national-security, #security, #telecoms, #zte

0

SpaceX will have to demonstrate Starlink internet’s low latency within the next month to qualify for up to $16B in federal funding

SpaceX is in the process of building out its Starlink network of low Earth orbit small satellites that will provide the backbone of a global, high-bandwidth, low-latency internet service – but there’s a clock running out in terms of at least one potential source of funding for it to recoup revenue from those efforts: The FCC requires that anyone participating in its $16 billion federal funding auction for rural broadband access demonstrate latency under a 100-million threshold, but anyone who hopes to quality must meet that threshold within the next month.

The FCC has issued a report (via Engadget) on the Phase 1 auction for this lucrative funding, serving as advance notice ahead of its actual auction date of October 29, 2020 – but companies have to submit their applications to compete for said auction by July 15. In the report. the FCC acknowledges that any satellite provider operating at LEO has a potential advantage over providers who are using much higher altitude, geostationary satellites instead, but also qualifies that by noting that in order to pass the stated threshold they must also pass it taking into account delays introduced by relay stations, hubs and destination terminals.

SpaceX, for its part, believes that the FCC needn’t doubt its network’s abilities, and says that in fact it’s aiming for latency times under the 20 millisecond mark, which is better in some cases than traditional terrestrial cable-backed bandwidth networks.

In terms of deployment, SpaceX has been moving fast with Starlink, especially in 2020. Thus far, it has launched seven missions this year for the constellation, sending up a total of 418 satellites – which is actually more than any other private satellite operator even has currently working. The sprint is about building the network to the point where it can begin to serve customers in the U.S. and Canada by sometime later this year, and then expand to more customers globally later on.

SpaceX seems to be on track to make that happen, but the requirements for this more lucrative tranche of government funding might be too soon relative to those goals. Still, there are other federal contracts related to this initiative that it would be eligible for later on.

#aerospace, #canada, #federal-communications-commission, #satellite, #satellites, #spacecraft, #spaceflight, #spacex, #starlink, #tc, #transportation, #united-states

0

Senate Faults Oversight of Chinese Telecom Companies in U.S.

A multiagency group does a “minimal” job of assessing security risks posed by China Unicom, China Telecom and ComNet, investigators said.

#china-mobile-ltd, #china-telecom, #china-unicom-hong-kong-ltd, #federal-communications-commission, #homeland-security-department, #senate-permanent-subcommittee-on-investigations, #telephones-and-telecommunications, #united-states-international-relations

0

Trump’s Order Targeting Social Media Sites, Explained

The president wants to narrow legal protections for companies like Twitter after it began appending fact-check labels to his postings.

#computers-and-the-internet, #executive-orders-and-memorandums, #facebook-inc, #federal-communications-commission, #immunity-from-prosecution, #law-and-legislation, #libel-and-slander, #regulation-and-deregulation-of-industry, #social-media, #trump-donald-j, #twitter, #united-states-politics-and-government, #youtube-com

0

Trump Signs Executive Order on Social Media, Claiming to Protect ‘Free Speech’

The president and his allies have often accused Twitter and Facebook of bias against conservatives, and had resisted taking action until this week, when Twitter fact-checked his own false statements.

#computers-and-the-internet, #executive-orders-and-memorandums, #federal-communications-commission, #social-media, #trump-donald-j, #twitter, #united-states-chamber-of-commerce, #united-states-politics-and-government

0

The real threat of fake voices in a time of crisis

As federal agencies take increasingly stringent actions to try to limit the spread of the novel coronavirus pandemic within the U.S., how can individual Americans and U.S. companies affected by these rules weigh in with their opinions and experiences? Because many of the new rules, such as travel restrictions and increased surveillance, require expansions of federal power beyond normal circumstances, our laws require the federal government to post these rules publicly and allow the public to contribute their comments to the proposed rules online. But are federal public comment websites — a vital institution for American democracy — secure in this time of crisis? Or are they vulnerable to bot attack?

In December 2019, we published a new study to see firsthand just how vulnerable the public comment process is to an automated attack. Using publicly available artificial intelligence (AI) methods, we successfully generated 1,001 comments of deepfake text, computer-generated text that closely mimics human speech, and submitted them to the Centers for Medicare & Medicaid Services’ (CMS) website for a proposed federal rule that would institute mandatory work reporting requirements for citizens on Medicaid in Idaho.

The comments we produced using deepfake text constituted over 55% of the 1,810 total comments submitted during the federal public comment period. In a follow-up study, we asked people to identify whether comments were from a bot or a human. Respondents were only correct half of the time — the same probability as random guessing.

deepfake text question

Image Credits: Zang/Weiss/Sweeney

The example above is deepfake text generated by the bot that all survey respondents thought was from a human.

We ultimately informed CMS of our deepfake comments and withdrew them from the public record. But a malicious attacker would likely not do the same.

Previous large-scale fake comment attacks on federal websites have occurred, such as the 2017 attack on the FCC website regarding the proposed rule to end net neutrality regulations.

During the net neutrality comment period, firms hired by industry group Broadband for America used bots to create comments expressing support for the repeal of net neutrality. They then submitted millions of comments, sometimes even using the stolen identities of deceased voters and the names of fictional characters, to distort the appearance of public opinion.

A retroactive text analysis of the comments found that 96-97% of the more than 22 million comments on the FCC’s proposal to repeal net neutrality were likely coordinated bot campaigns. These campaigns used relatively unsophisticated and conspicuous search-and-replace methods — easily detectable even on this mass scale. But even after investigations revealed the comments were fraudulent and made using simple search-and-replace-like computer techniques, the FCC still accepted them as part of the public comment process.

Even these relatively unsophisticated campaigns were able to affect a federal policy outcome. However, our demonstration of the threat from bots submitting deepfake text shows that future attacks can be far more sophisticated and much harder to detect.

The laws and politics of public comments

Let’s be clear: The ability to communicate our needs and have them considered is the cornerstone of the democratic model. As enshrined in the Constitution and defended fiercely by civil liberties organizations, each American is guaranteed a role in participating in government through voting, through self-expression and through dissent.

search and replace FCC questions

Image Credits: Zang/Weiss/Sweeney

When it comes to new rules from federal agencies that can have sweeping impacts across America, public comment periods are the legally required method to allow members of the public, advocacy groups and corporations that would be most affected by proposed rules to express their concerns to the agency and require the agency to consider these comments before they decide on the final version of the rule. This requirement for public comments has been in place since the passage of the Administrative Procedure Act of 1946. In 2002, the e-Government Act required the federal government to create an online tool to receive public comments. Over the years, there have been multiple court rulings requiring the federal agency to demonstrate that they actually examined the submitted comments and publish any analysis of relevant materials and justification of decisions made in light of public comments [see Citizens to Preserve Overton Park, Inc. v. Volpe, 401 U. S. 402, 416 (1971); Home Box Office, supra, 567 F.2d at 36 (1977), Thompson v. Clark, 741 F. 2d 401, 408 (CADC 1984)].

In fact, we only had a public comment website from CMS to test for vulnerability to deepfake text submissions in our study, because in June 2019, the U.S. Supreme Court ruled in a 7-1 decision that CMS could not skip the public comment requirements of the Administrative Procedure Act in reviewing proposals from state governments to add work reporting requirements to Medicaid eligibility rules within their state.

The impact of public comments on the final rule by a federal agency can be substantial based on political science research. For example, in 2018, Harvard University researchers found that banks that commented on Dodd-Frank-related rules by the Federal Reserve obtained $7 billion in excess returns compared to non-participants. When they examined the submitted comments to the “Volcker Rule” and the debit card interchange rule, they found significant influence from submitted comments by different banks during the “sausage-making process” from the initial proposed rule to the final rule.

Beyond commenting directly using their official corporate names, we’ve also seen how an industry group, Broadband for America, in 2017 would submit millions of fake comments in support of the FCC’s rule to end net neutrality in order to create the false perception of broad political support for the FCC’s rule amongst the American public.

Technology solutions to deepfake text on public comments

While our study highlights the threat of deepfake text to disrupt public comment websites, this doesn’t mean we should end this long-standing institution of American democracy, but rather we need to identify how technology can be used for innovative solutions that accepts public comments from real humans while rejecting deepfake text from bots.

There are two stages in the public comment process — (1) comment submission and (2) comment acceptance — where technology can be used as potential solutions.

In the first stage of comment submission, technology can be used to prevent bots from submitting deepfake comments in the first place; thus raising the cost for an attacker to need to recruit large numbers of humans instead. One technological solution that many are already familiar with are the CAPTCHA boxes that we see at the bottom of internet forms that ask us to identify a word — either visually or audibly — before being able to click submit. CAPTCHAs provide an extra step that makes the submission process increasingly difficult for a bot. While these tools can be improved for accessibility for disabled individuals, they would be a step in the right direction.

However, CAPTCHAs would not prevent an attacker willing to pay for low-cost labor abroad to solve any CAPTCHA tests in order to submit deepfake comments. One way to get around that may be to require strict identification to be provided along with every submission, but that would remove the possibility for anonymous comments that are currently accepted by agencies such as CMS and the Food and Drug Administration (FDA). Anonymous comments serve as a method of privacy protection for individuals who may be significantly affected by a proposed rule on a sensitive topic such as healthcare without needing to disclose their identity. Thus, the technological challenge would be to build a system that can separate the user authentication step from the comment submission step so only authenticated individuals can submit a comment anonymously.

Finally, in the second stage of comment acceptance, better technology can be used to distinguish between deepfake text and human submissions. While our study found that our sample of over 100 people surveyed were not able to identify the deepfake text examples, more sophisticated spam detection algorithms in the future may be more successful. As machine learning methods advance over time, we may see an arms race between deepfake text generation and deepfake text identification algorithms.

The challenge today

While future technologies may offer more comprehensive solutions, the threat of deepfake text to our American democracy is real and present today. Thus, we recommend that all federal public comment websites adopt state-of-the-art CAPTCHAs as an interim measure of security, a position that is also supported by the 2019 U.S. Senate Subcommittee on Investigations’ Report on Abuses of the Federal Notice-and-Comment Rulemaking Process.

In order to develop more robust future technological solutions, we will need to build a collaborative effort between the government, researchers and our innovators in the private sector. That’s why we at Harvard University have joined the Public Interest Technology University Network along with 20 other education institutions, New America, the Ford Foundation and the Hewlett Foundation. Collectively, we are dedicated to helping inspire a new generation of civic-minded technologists and policy leaders. Through curriculum, research and experiential learning programs, we hope to build the field of public interest technology and a future where technology is made and regulated with the public in mind from the beginning.

While COVID-19 has disrupted many parts of American society, it hasn’t stopped federal agencies under the Trump administration from continuing to propose new deregulatory rules that can have long-lasting legacies that will be felt long after the current pandemic has ended. For example, on March 18, 2020, the Environmental Protection Agency (EPA) proposed new rules about limiting which research studies can be used to support EPA regulations, which have received over 610,000 comments as of April 6, 2020. On April 2, 2020, the Department of Education proposed new rules for permanently relaxing regulations for online education and distance learning. On February 19, 2020, the FCC re-opened public comments on its net neutrality rules, which in 2017 saw 22 million comments submitted by bots, after a federal court ruled that the FCC ignored how ending net neutrality would affect public safety and cellphone access programs for low-income Americans.

Federal public comment websites offer the only way for the American public and organizations to express their concerns to the federal agency before the final rules are determined. We must adopt better technological defenses to ensure that deepfake text doesn’t further threaten American democracy during a time of crisis.

#ajit-pai, #artificial-intelligence, #column, #coronavirus, #covid-19, #deepfakes, #federal-communications-commission, #harvard-university, #machine-learning, #net-neutrality, #opinion, #policy, #security, #social, #tc

0

Intelsat files for bankruptcy protection

Global satellite operator Intelsat has voluntarily filed for Chapter 11 bankruptcy protection, the company announced late on Wednesday. Intelsat has attempted to position this as a positive moment that sees it embark on a “financial restructuring” project to enable its future growth, but a bankruptcy filing is seldom cause for celebration.

The company cites a need to participate in the FCC’s C-band spectrum clearing for 5G network built out in the U.S. as one of the factors behind its decisions to file, as well as “managing the economic slowdown impacting server of its markets caused by the COVID-19 global health crisis.”

Intelsat notes that its current plan involves no changes to the day-to-day operation of the company, or any reduction in headcount. The company also said that it has secured $1 billion in committed new financing, which will come in the form of debtor-in-position funds, subject to court approval. That just describes any company that plans to continue to operate its business while also undergoing Chapter 11 bankruptcy proceedings.

The company also says it’ll be continuing to launch new satellites, building out its ground network, and adding new services as it continues the process, and that its goal is to to get through the restructuring process “as quickly as possible.” The satellite operator cites GM and American Airlines as models that show is goal with the filing, having also undertaken a similar restructuring in the past and emerged with greater fiscal viability.

Intelsat’s bankruptcy filing isn’t the first noteworthy space co. filing resulting from the global pandemic: Would-be global satellite internet provider OneWeb filed for Chapter 11 protection in March.

#5g-network, #aerospace, #american-airlines, #bankruptcy, #coronavirus, #covid-19, #federal-communications-commission, #finance, #gm, #intelsat, #oneweb, #private-equity, #satellite, #space, #tc, #united-states

0

FCC orders Sinclair to pay $48 million fine related to its failed merger with Tribune

Sinclair Broadcast Group has agreed to pay a $48 million fine to the Federal Communications Communication to close investigations related to its attempted merger with Tribune Media. The FCC said in its announcement that this is the largest civil penalty paid by a broadcaster in the agency’s history. It added that Sinclair will also have to “abide by a strict compliance plan in order to close three open investigations.”

The merger, which was valued at $3.9 billion and would have created one of the largest broadcasters in the United States, was called off by Tribune in August 2018. Tribune also filed a lawsuit accusing Sinclair of breaching contract and misleading regulators “in a misguided and ultimately unsuccessful attempt to retain control over stations that it was obligated to sell.”

In today’s announcement, the FCC said its agreement with Sinclair was related to investigations into the company’s disclosure of information related to the acquisition of Tribune-owned stations, its failure to identify sponsored content it produced for broadcast, and “whether the company has met its obligations to negotiate retransmission consent agreements in good faith.”

In today’s FCC statement, chairman Ajit Pai, who was critical of the deal before it was scrapped, said “Sinclair’s conduct during its attempt to merge with Tribune was completely unacceptable. Today’s penalty, along with the failure of the Sinclair/Tribune transaction, should serve as a cautionary tale to other licensees seeking Commission approval of a transaction in the future.”

He also added that the FCC would not revoke licenses granted to the conservative-leaning broadcaster. “On the other hand, I disagree with those who, for transparently political reasons, demand we revoke Sinclair’s licenses,” Pai said. “While they don’t like what they perceive to be the broadcaster’s viewpoints, the First Amendment still applies around here.”

In a statement, Sinclair Broadcast Group president and CEO Chris Ripley said that the company is “pleased with the resolution announced today by the FCC and to be moving forward. We thank the FCC staff for their diligence in reaching this resolution. Sinclair is committed to continue to interact constructively with all of its regulators to ensure full compliance with applicable laws, rules and regulations.”

#federal-communications-commission, #media, #sinclair-broadcast-group, #tc, #tribune-media, #tv

0

Sinclair Wanted to Rival Fox News. Now It Faces a $48 Million Fine.

The F.C.C. levied the largest civil penalty in its history against a conservative owner of local TV stations, scuttling its ambitious merger plans.

#federal-communications-commission, #fines-penalties, #mergers-acquisitions-and-divestitures, #pai-ajit, #sinclair-broadcast-group-inc

0

Some Trump Officials Take Harder Actions on China During Pandemic

Since the coronavirus spread from a metropolis on the Yangtze River across the globe, hard-liners in both Washington and Beijing have accelerated efforts to decouple elements of the relationship.

#5g-wireless-communications, #china-telecom, #coronavirus-2019-ncov, #federal-communications-commission, #huawei-technologies-co-ltd, #international-trade-and-world-market, #justice-department, #kudlow-lawrence-a, #kushner-jared, #mnuchin-steven-t, #navarro-peter, #pensions-and-retirement-plans, #pillsbury-michael-1945, #pompeo-mike, #pottinger-matthew, #state-department, #trump-donald-j, #united-states-international-relations, #xi-jinping

0

Henry Geller, Who Helped Rid TV of Cigarette Ads, Dies at 96

While at the F.C.C., he used the fairness doctrine to challenge the tobacco industry. He also helped pave the way for televised presidential debates.

#advertising-and-marketing, #deaths-obituaries, #debates-political, #federal-communications-commission, #geller-henry, #smoking-and-tobacco, #television

0

‘Deficiencies’ that broke FCC commenting system in net neutrality fight detailed by GAO

Today marks the conclusion of a years-long saga that started when John Oliver did a segment on Net Neutrality that was so popular that it brought the FCC’s comment system to its knees. Two years later it is finally near addressing all the issues brought up in an investigation from the General Accountability Office.

The report covers numerous cybersecurity and IT issues, some of which the FCC addressed quickly, some not so quickly, and some it’s still working on.

“Today’s GAO report makes clear what we knew all along:  the FCC’s system for collecting public input has problems,” Commissioner Jessica Rosenworcel told TechCrunch . “The agency needs to fully fix this mess because this is the way the FCC is supposed to take input from the public. But as this report demonstrates, we have real work to do.”

Here’s the basic timeline of events, which seem so long ago now:

Then it’s pretty quiet basically until today, when the report requested in 2017 was publicly released. A version with sensitive information (like exact software configurations and other technical information) was internally circulated in September, then revised for today’s release.

The final report is not much of a bombshell, since much of it has been telegraphed ahead of time. It’s a collection of criticisms of an outdated system with inadequate security and other failings that might have been directed at practically any federal agency, among which cybersecurity practices are notoriously poor.

The investigation indicates that the FCC, for instance, did not consistently implement security and access controls, encrypt sensitive data, update or correctly configure its servers, detect or log cybersecurity events, and so on. It wasn’t always a disaster (even well-run IT departments don’t always follow best practices), but obviously some of these shortcomings and cut corners led to serious issues like ECFS being overwhelmed.

More importantly, of the 136 recommendations made in the September report, 85 have been fully implemented now, 10 partially, and the rest are on track to be so.

That should not be taken to mean that the FCC has waited this whole time to update its commenting and other systems. In fact it was making improvements almost immediately after the event in May of 2017, but refused to describe them. Here are a few of the improvements listed in the GAO report:

Representative Frank Pallone (D-NJ), who has dogged the FCC on this issue since the beginning, issued the following statement:

I requested this report because it was clear, after the net neutrality repeal comment period debacle, that the FCC’s cybersecurity practices had failed. After more than two years of investigating, GAO agrees and found a disturbing lack of security that places the Commission’s information systems at risk… Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse.

You can read the final GAO report here.

#ajit-pai, #chairman, #chief-information-officer, #computer-security, #congress, #fcc, #federal-communications-commission, #gao, #government, #jessica-rosenworcel, #john-oliver, #net-neutrality, #techcrunch, #telecommunications

0

Watch SpaceX launch its next batch of 60 Starlink broadband satellites live

SpaceX is launching another batch of 60 of its broadband internet satellites today – its fourth Starlink launch of 2020, and its seventh launch of a large batch of the satellites in total. This will put its total operational constellation size at 418, extending its lead as the world’s largest private satellite operator.

The launch is set to take place at 3:37 PM EDT (12:37 PM PDT) from Cape Canaveral in Florida, and the live stream above should kick off at around 15 minutes prior to that takeoff time, or at around 3:22 PM EDT (12:22 PM PDT). The launch will also include an attempt to land and recover the Falcon 9 booster used for this mission, using SpaceX’s ‘Of Course I Still Love You’ drone ship stationed in the Atlantic ocean.

The Falcon 9 used in this mission has previously been used, during the first flight of SpaceX’s astronaut spacecraft Crew Dragon to the International Space Station during an uncrewed demonstration mission, as well as during a RADARSAT launch and a previous Starlink launch. It’s not the only part of the launch vehicle that’s being reused, either: The fairing that protects the Starlink satellites was flown before on SpaceX’s AMOS-17 mission.

SpaceX is still actively launching despite the COVID-19 pandemic, and still intends to bring its Starlink broadband service online for its first customers starting later this year, with initial coverage available in the northern U.S. and Canada. Through subsequent launches, it hopes to then expand to “near global coverage” by sometime next year.

This week, the company asked the FCC for permission to move its satellites to a lower operational orbital as part of its efforts to reduce the constellation’s potential to contribute to space debris. This could also help address complaints that SpaceX’s Starlink satellites interfere with ground-based night-sky observation and science, since a lower orbit would mean the spacecraft appear less bright.

#aerospace, #astronaut, #broadband, #falcon, #falcon-9, #federal-communications-commission, #florida, #international-space-station, #outer-space, #science, #space, #spacecraft, #spaceflight, #spacex, #starlink, #tc, #united-states

0

Apple said to be working on modular, high-end, noise-cancelling over-ear headphones

Apple is said to be developing its own competitors to popular over-ear noise-cancelling headphones like those made by Bose and Sony, Bloomberg reports, but with similar technology on board to that used in the AirPod and AirPod Pro lines. These headphones would also include a design with interchangeable parts that would allow some modification with customizable accessories for specific uses like workouts and long-term wear, for instance.

The prototype designs of the new headphones, which are set to potentially be released some time later this year (though timing is clearly up in the air as a result of the ongoing COVID-19 crisis, and Apple’s general tendency to move things around depending on other factors), are said to feature a “retro look” by Bloomberg, and include oval ear cups which connect directly to thin arms that extend to the headband. The swappable parts include the ear pads and headband cushion, both of which are said to attach to the headphone frame using magnetic connectors.

These will support Siri on board, along with active noise cancellation and touch controls, but most importantly for iOS and Mac users, they’ll also feature the simple connection across multiple devices that are featured on AirPods and some of Apple’s Beats line of headphones.

Apple has already released Beats over- and on-ear headphone models with AirPod-like features, including cross-connectivity, and that feature onboard noise cancellation. The Bloomberg report doesn’t seem to indicate these new models would be Beats-branded, however, and their customization features would also be new in terms of Apple’s available existing options.

Bloomberg also previously reported that Apple was working on a smaller HomePod speaker as part of its forthcoming product lineup, and a new FCC filing made public this week could indicate the impending release of a success to its PowerBeats Pro fully wireless in-ear sport headphones.

#airpods, #apple, #apple-inc, #audio-engineering, #beats-electronics, #electrical-engineering, #federal-communications-commission, #gadgets, #hardware, #headphones, #iphone-accessories, #noise-cancelling, #noise-cancelling-headphones, #powerbeats-pro, #siri, #sony, #tc

0

Saudi spies tracked phones using flaws the FCC failed to fix for years

Lawmakers and security experts have long warned of security flaws in the underbelly of the world’s cell networks. Now a whistleblower says the Saudi government is exploiting those flaws to track its citizens across the U.S. as part of a “systematic” surveillance campaign.

It’s the latest tactic by the Saudi kingdom to spy on its citizens overseas. The kingdom has faced accusations of using powerful mobile spyware to hack into the phones of dissidents and activists to monitor their activities, including those close to Jamal Khashoggi, the Washington Post columnist who was murdered by agents of the Saudi regime. The kingdom also allegedly planted spies at Twitter to surveil critics of the regime.

The Guardian obtained a cache of data amounting to millions of locations on Saudi citizens over a four-month period beginning in November. The report says the location tracking requests were made by Saudi’s three largest cell carriers — believed to be at the behest of the Saudi government — by exploiting weaknesses in SS7.

SS7, or Signaling System 7, is a set of protocols — akin to a private network used by carriers around the world — to route and direct calls and messages between networks. It’s the reason why a T-Mobile customer can call an AT&T phone, or text a friend on Verizon — even when they’re in another country. But experts say that weaknesses in the system have allowed attackers with access to the carriers — almost always governments or the carriers themselves — to listen in to calls and read text messages. SS7 also allows carriers to track the location of devices to just a few hundred feet in densely populated cities by making a “provide subscriber information” (PSI) request. These PSI requests are typically to ensure that the cell user is being billed correctly, such as if they are roaming on a carrier in another country. Requests made in bulk and excess can indicate location tracking surveillance.

But despite years of warnings and numerous reports of attacks exploiting the system, the largest U.S. carriers have done little to ensure that foreign spies cannot abuse their networks for surveillance.

One Democratic lawmaker puts the blame squarely in the Federal Communication Commission’s court for failing to compel cell carriers to act.

“I’ve been raising the alarm about security flaws in U.S. phone networks for years, but FCC chairman Ajit Pai has made it clear he doesn’t want to regulate the carriers or force them to secure their networks from foreign government hackers,” said Sen. Ron Wyden, a member of the Senate Intelligence Committee, in a statement on Sunday. “Because of his inaction, if this report is true, an authoritarian government may be reaching into American wireless networks to track people inside our country,” he said.

A spokesperson for the FCC, the agency responsible for regulating the cell networks, did not respond to a request for comment.

A long history of feet-dragging

Wyden is not the only lawmaker to express concern. In 2016, Rep. Ted Lieu, then a freshman congressman, gave a security researcher permission to hack his phone by exploiting weaknesses in SS7 for an episode of CBS’ 60 Minutes.

Lieu accused the FCC of being “guilty of remaining silent on wireless network security issues.”

The same vulnerabilities were used a year later in 2017 to drain the bank accounts of unsuspecting victims by intercepting and stealing the two-factor authentication codes necessary to log in sent by text message. The breach was one of the reasons why the U.S. government’s standards and technology units, NIST, recommended moving away from using text messages to send two-factor codes.

Months later the FCC issued a public notice, prompted by a raft of media attention, “encouraging” but not mandating that carriers make efforts to bolster their individual SS7 systems. The notice asked carriers to monitor their networks and install firewalls to prevent malicious requests abuse.

It wasn’t enough. Wyden’s office reported in 2018 that one of the major cell carriers — which was not named — reported an SS7 breach involving customer data. Verizon and T-Mobile said in letters to Wyden’s office that they were implementing firewalls that would filter malicious SS7 requests. AT&T said in its letter that it was in the process of updating its firewalls, but also warned that “unstable and unfriendly nations” with access to a cell carrier’s SS7 systems could abuse the system. Only Sprint said at the time that it was not the source of the SS7 breach, according to a spokesperson’s email to TechCrunch.

T-Mobile did not respond to a request for comment. Verizon (which owns TechCrunch) also did not comment. AT&T said at the time it “continually works with industry associations and government agencies” to address SS7 issues.

Fixing SS7

Fixing the problems with SS7 is not an overnight job. But without a regulator pushing for change, the carriers aren’t inclined to budge.

Experts say those same firewalls put in place by the cell carriers can filter potentially malicious traffic and prevent some abuse. But an FCC working group tasked with understanding the risks posed by SS7 flaws in 2016 acknowledged that the vast majority of SS7 traffic is legitimate. “Carriers need to be measured as they implement solutions in order to avoid collateral network impacts,” the report says.

In other words, it’s not a feasible solution if it blocks real carrier requests.

Cell carriers have been less than forthcoming with their plans to fix their SS7 implementations. Only AT&T provided comment, telling The Guardian that it had “security controls to block location-tracking messages from roaming partners.” To what extent remains unclear, or if those measures will even help. Few experts have expressed faith in newer systems like Diameter, a similar routing protocol for 4G and 5G, given there have already been a raft of vulnerabilities found in the newer system.

End-to-end encrypted apps, like Signal and WhatsApp, have made it harder for spies to snoop on calls and messages. But it’s not a panacea. As long as SS7 remains a fixture underpinning the very core of every cell network, tracking location data will remain fair game.

#chairman, #computer-security, #federal-communications-commission, #roaming, #security, #signaling-system-7, #u-s-government, #united-states, #wireless-networks

0