Connect with us

Technology

Facebook boss ‘not willing to protect public from harm’ | Facebook

Voice Of EU

Published

on

The Facebook whistleblower whose revelations have tipped the social media giant into crisis has launched a stinging new criticism of Mark Zuckerberg, saying he has not shown any readiness to protect the public from the harm his company is causing.

Frances Haugen told the Observer that Facebook’s founder and chief executive had not displayed a desire to run the company in a way that shields the public from the consequences of harmful content.

Her intervention came as pressure mounted on the near-$1tn (£730bn) business following a fresh wave of revelations based on documents leaked by Haugen, a former Facebook employee. The New York Times reported that workers had repeatedly warned that Facebook was being flooded with false claims about the 2020 presidential election result being fraudulent and believed the company should have done more to tackle it.

Haugen, who appears before MPs and peers in Westminster on Monday, said Zuckerberg, who controls the business via a majority of its voting shares, has not shown any willingness to protect the public.

“Right now, Mark is unaccountable. He has all the control. He has no oversight, and he has not demonstrated that he is willing to govern the company at the level that is necessary for public safety.”

She added that giving all shareholders an equal say in the running of the company would result in changes at the top. “I believe in shareholder rights and the shareholders, or shareholders minus Mark, have been asking for years for one share one vote. And the reason for that is, I am pretty sure the shareholders would choose other leadership if they had an option.”

Facebook founder and  and chief executive Mark Zuckerberg
The Facebook founder and and chief executive Mark Zuckerberg is accused of failing to protect the public. Photograph: Mandel Ngan/AFP/Getty Images

Haugen, who quit as a Facebook product manager in May, said she had leaked tens of thousand of documents to the Wall Street Journal and to Congress because she had realised that the company would not change otherwise.

She said: “There are great companies that have done major cultural changes. Apple did a major cultural change; Microsoft did a major cultural change. Facebook can change too. They just have to get the will.”

This weekend, a consortium of US news organisations released a fresh wave of stories based on the Haugen documents. The New York Times reported that internal research showed how, at one point after the US presidential election last year, 10% of all US views of political material on Facebook – a very high proportion for Facebook – were of posts falsely alleging that Joe Biden’s victory was fraudulent. One internal review criticised attempts to tackle Stop the Steal groups spreading claims on the platform that the election was rigged. “Enforcement was piecemeal,” said the research.

The revelations have reignited concerns about Facebook’s role in the 6 January riots, in which a mob seeking to overturn the election result stormed the Capitol in Washington. The New York Times added that some of the reporting for the story was based on documents not released by Haugen.

A Facebook spokesperson said: “At the heart of these stories is a premise which is false. Yes, we’re a business and we make profit, but the idea that we do so at the expense of people’s safety or wellbeing misunderstands where our commercial interests lie. The truth is we’ve invested $13bn and have over 40,000 people to do one job: keep people safe on Facebook.”

Facebook’s vice-president of integrity, Guy Rosen, said the company had put in place multiple measures to protect the public during and after the election and that “responsibility for the [6 January] insurrection lies with those who broke the law during the attack and those who incited them”.

It was also reported on Friday that a new Facebook whistleblower had come forward and, like Haugen, had filed a complaint to the Securities and Exchange Commission, the US financial regulator, alleging that the company declined to enforce safety rules for fear of angering Donald Trump or impacting Facebook’s growth.

Haugen will testify in person on Monday to the joint committee scrutinising the draft online safety bill, which would impose a duty of care on social media companies to protect users from harmful content, and allow the communications regulator, Ofcom, to fine those who breach this. The maximum fine is 10% of global turnover, so in the case of Facebook, this could run into billions of pounds. Facebook, whose services also include Instagram and WhatsApp, has 2.8 billion daily users and generated an income last year of $86bn.

As well as issuing detailed rebuttals of Haugen’s revelations, Facebook is reportedly planning a major change that would attempt to put some distance between the company and its main platform. Zuckerberg could announce a rebranding of Facebook’s corporate identity on Thursday, according to a report that said the company is keen to emphasise its future as a player in the “metaverse”, a digital world in which people interact and lead their social and professional lives virtually.

Haugen said Facebook must be compelled by all regulators to be more transparent with the information at its disposal internally, as detailed in her document leaks. She said one key reform would be to set up a formal structure whereby regulators could demand reports from Facebook on any problem that they identify.

“Let’s imagine there was a brand of car that was having five times as many car accidents as other cars. We wouldn’t accept that car company saying, ‘this is really hard, we are trying our best, we are sorry, we are trying to do better in the future’. We would never accept that as an answer and we are hearing that from Facebook all the time. There needs to be an avenue where we can escalate a concern and they actually have to give us a response.”

Source link

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading

Technology

Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU

Published

on

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading

Technology

Limerick’s Serosep crowned Irish Medtech Company of the Year 2021

Voice Of EU

Published

on

Other winners at the Irish Medtech Association awards included Alcon Ireland, West, Vertigenius, Luminate Medical, BioMEC, Jabil Healthcare, Cook Medical and Aerogen.

Limerick-headquartered business Serosep has been named Irish Medtech Company of the Year at a virtual conference hosted today (2 December) by The Irish Medtech Association with Enterprise Ireland and IDA Ireland.

The Irish Medtech Association which represents the medtech sector in Ireland made the announcement at its annual Medtech Rising conference. This year’s awards ceremony was the first to feature new categories. Alcon Ireland won the Sustainable Medtech company of the Year, while West scooped the Best Medtech Talent Strategy Award.

According to the association’s director Sinéad Keogh, the annual awards ceremony offers the medtech community a chance to “recognise and celebrate the strength and importance of the industry in improving life.”

“The sector has remained resilient despite the challenges of the Covid pandemic, with over 42,000 people now working in the industry, across 450 companies,” she added.

The overall winner, Serosep, is a self-funded, family run business, which manufactures clinical diagnostic products at its base in Annacotty, Co Limerick. It serves more than 35 different countries spread over 5 continents. The company is 25 years in business and employs 114 people. Earlier this year, it announced a five-year contract to supply its gastroenteritis diagnostic system to Liverpool University Hospital. The company already supplies the NHS.

Serosep CEO and founder Dermot Scanlon, said he was “humbled” to receive the award, adding that the company’s innovative diagnostic test tools have “changed the way gastroenteritis is tested in clinical laboratories.”

“We are currently manufacturing in excess of one million tests in our state-of-the-art facility,” he said, explaining that the award would motivate the whole company to “continue forging ahead, achieving bigger and better things.”

Other award winners included:

Trinity College Dublin spin-out Vertigenius, winner of the eHealth Innovation of the Year Award. Vertigenius is a platform which aims to enhance clinical and patient engagement in the treatment of balance problems.

Luminate Medical, winners of the Emerging Medtech Company of the Year Award. The NUI Galway spin-out has developed a technology to prevent chemotherapy induced hair loss.

NUI Galway’s Biomechanics Research Centre (BioMEC) won the Academic Contribution to Medtech Award. The company’s technology integrates the latest in silico computational models to simulate the mechanical performance of implanted coronary stents.

Bray-based Jabil Healthcare scooped the Medtech Partner/Supplier of the Year Award for its new Covid-19 PCR testing device.

Cook Medical received the Women in Leadership Company initiative Award for its commitment to gender balance in the workplace.

The Covid-19 Response Recognition Award was awarded to Aerogen which has developed an inhaled vaccine station. The company’s products have been used on more than 3m critically ill people since March 2020, according to Enterprise Ireland’s head of life sciences, Deirdre Glenn. Aerogen won last year’s Medtech Company of the Year award.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!