Connect with us

Technology

Billion-dollar US broadband bonanza awaits Biden’s blessing • The Register

Voice Of EU

Published

on

US broadband is about to get a major cash injection through the $1.2tr bipartisan infrastructure bill approved by the House of Representatives on Friday.

The bill, passed by the Senate in August, is expected to be signed by President Biden in the next few days.

“The Bipartisan Infrastructure Deal will deliver $65 billion to help ensure that every American has access to reliable high-speed internet through a historic investment in broadband infrastructure deployment,” the White House said in a statement. “The legislation will also help lower prices for internet service and help close the digital divide, so that more Americans can afford internet access.”

The infrastructure bill includes:

  • $42.5bn for the Broadband Equity, Access and Deployment program, which provides grants to help internet service providers develop broadband connectivity in underserved areas in the US States, Washington DC, Puerto Rico and other US territories. The program will be administered by the National Telecommunications and Information Administration (NTIA).
  • $14.2bn for the Emergency Broadband Benefit program, which has subsidized broadband access during the pandemic and has been renamed the Affordable Connectivity program to reflect that it’s no longer pegged to a specific public health event. It now provides a $30 monthly discount, down from $50, on internet service for qualifying households and applies to all service tiers, so as to prevent ISPs from offering it selectively to steer customers toward more profitable plans.
  • $2.75bn for the Digital Equity Act, to help states ensure underserved communities have equal access to the internet and to fund projects that make the internet more accessible to a broad range of people.
  • $2bn for Tribal Connectivity, to improve broadband in areas governed by Native American tribes.
  • $1bn for Middle Mile Connectivity, to improve network interconnection points (leased dark fiber, interoffice transport, backhaul, carrier-neutral internet exchange facilities, and so on).

The infrastructure bill also forbids Digital Discrimination by internet service providers, which means that access should not be based on income level, race, ethnicity, color, religion, or national origin. It also calls for the restoration of Consumer Broadband Labels, which disclose broadband service prices and features.

The Obama administration unveiled broadband service labels in 2016, based on a 2015 FCC net neutrality order that expanded disclosures established in 2010, only to see them tossed by the Trump administration.

The bill supports projects that will provide broadband speeds of at least 100Mbps down and 20Mbps up, with sufficient latency for real-time interactive applications. And it defines “underserved locations” to mean less than 25Mbps down and 3Mbps up, or lacking the latency to support real-time interactive applications.

“Implemented properly, this investment should go great distances toward connecting the millions of rural consumers who still need reliable, sustainable and affordable access – improving economic opportunity, job creation, education, healthcare and civic engagement,” said Shirley Bloomfield, CEO of the Rural Broadband Association, in a statement.

The Benton Institute for Broadband and Society has summarized the broadband enhancements and describes the process by which states should woo NTIA for funds. ®

Source link

Technology

Nvidia’s Arm deal faces another blow, this time from the US FTC

Voice Of EU

Published

on

The US Federal Trade Commission wants to block Nvidia’s Arm takeover as it believes the combined company will stifle competition.

Nvidia’s contentious acquisition of UK chip designer Arm continues to face roadblocks as the US Federal Trade Commission’s (FTC) is suing Nvidia to block the deal.

The acquisition, which is now valued at $54bn, has been fighting an uphill battle since it was first announced more than a year ago, first from the UK’s competition watchdog in January 2021 and then from the EU.

Now, the FTC wants to block the acquisition. In a statement, the FTC said Arm’s technology is a critical input that enables competition between Nvidia and its competitors in several markets.

Therefore, it believes the proposed merger would give Nvidia the ability and incentive to use its control of this technology to undermine its competitors, reducing competition and ultimately resulting in reduced product quality, reduced innovation, higher prices and less choice.

The FTC’s bureau of competition director, Holly Vedova, said the proposed deal would allow the combined company to stifle the innovation pipeline for next-generation technologies.

“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets. This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals,” she said.

“The FTC’s lawsuit should send a strong signal that we will act aggressively to protect our critical infrastructure markets from illegal vertical mergers that have far-reaching and damaging effects on future innovations.”

Opposition from all sides

The Competition and Markets Authority (CMA) in the UK raised similar concerns in August when it said the deal would require an in-depth investigation.

“We’re concerned that Nvidia controlling Arm could create real problems for Nvidia’s rivals by limiting their access to key technologies, and ultimately stifling innovation across a number of important and growing markets,” said Andrea Coscelli, chief executive of the CMA.

In October, Nvidia’s planned purchase hit another roadblock from the European Commission launching an in-depth antitrust investigation into the deal at the end of October, with a decision expected by 15 March 2022.

“While Arm and Nvidia do not directly compete, Arm’s IP is an important input in products competing with those of Nvidia, for example in data centres, automotive and internet of things,” said executive vice-president Margrethe Vestager, who is responsible for competition policy.

“Our analysis shows that the acquisition of Arm by Nvidia could lead to restricted or degraded access to Arm’s IP, with distortive effects in many markets where semiconductors are used.”

Despite opposition from several watchdogs, Nvidia has been confident the deal will go through.

“Although some Arm licensees have expressed concerns or objected to the transaction, and discussions with regulators are taking longer than initially thought, we are confident in the deal and that regulators should recognise the benefits of the acquisition to Arm, its licensees and the industry,” Nvidia CFO Colette Kress said earlier this year.

And in a letter to the Financial Times a month after the deal was first announced, Nvidia founder and CEO Jensen Huang said the company will maintain Arm’s open licensing model. “We have no intention to ‘throttle’ or ‘deny’ Arm’s supply to any customer.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading

Technology

Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU

Published

on

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!