Steven has lost more bitcoin than most people will ever own.
Raised on the remote Shetland archipelago, he left school at 13 to become a trawlerman before moving into construction, eventually earning £85,000 a year digging tunnels for Crossrail.
Despite his self-made success, compulsive cryptocurrency trading, alcohol and drug use took over his life.
In the fog of multiple addictions, he lost the “addresses” of between five and 10 bitcoins, rendering his digital buried treasure – worth up to £300,000 today – impossible to retrieve.
Steven spotted the potential of bitcoin early and he had a talent for trading. But even if he had that money now, his addiction means it would soon be squandered.
“Trading is gambling, there’s no doubt about it,” he says.
“I studied and studied. I taught myself how to be a good trader and tried really hard to manage my accounts and stick to a set of rules.
“But my mind would twist and I’d go all in, like a poker player that thought he had the perfect hand. I was convinced I was going to be a bitcoin millionaire.”
Now in recovery at the Castle Craig residential treatment clinic in Scotland, Steven fears that legions of young people are being lured into high-risk trading and potentially addiction, based on the same misguided quest for untold riches.
“A whole generation think that with a little mobile phone they can win, that they can … beat the market,” he says.
“It scares the bejesus out of me.”
Steven’s fears are founded partly on crypto’s rapid emergence into the mainstream.
When he started investing in 2015, digital currencies meant nothing to most people.
Now, they are being touted as a more democratic alternative to a monopolistic and exploitative global financial system.
Advertisers included relatively obscure names such as Hex, Kraken and Puglife about whom consumers know little, if anything.
Meanwhile, football clubs and players, not to mention globally recognised celebrities, tout crypto investments on a daily basis via social media.
This week, reality TV star Kim Kardashian West and boxer Floyd Mayweather Jr were named in a lawsuit alleging that they helped promote crypto firm EthereumMax, as it made “false and misleading” statements that left investors nursing heavy losses.
An Instagram post about EthereumMax, to Kardashian’s 250 million followers, may have been the most widely seen financial promotion of all time, according to the head of the UK’s Financial Conduct Authority (FCA).
Yet despite their ascendancy – and warnings that governments could suffer “limitless” losses – cryptoassets remain unregulated in the UK, pending a Treasury review.
That means that the FCA, the UK’s financial regulator, is all but powerless to influence how the industry behaves.
While some trading platforms that offer digital assets are regulated – because they also offer more traditional financial instruments – crypto coins and tokens are not.
Cryptoasset executives do not have to prove that they are fit and proper people to take people’s money. The companies they run are not required to hold enough cash to repay investors if they go bust. Nor must they worry about the FCA’s stipulation that financial promotions, such as those splashed across public transport in London, are fair, clear and not misleading.
“Is bitcoin on its way to a new high?,” it asked, as the slide began. “We’ve seen bitcoin rally before. But could this be the one to take it to the MOON?”
The answer, for the time being at least, was “No”. But holders of crypto portfolios were encouraged to stay positive.
“Your account gained 1.87% yesterday,” one app notification read, as the slump abated. “You had a good day. Share the news with everyone.”
No such invitation appeared on the far more frequent days when the value of the Guardian’s portfolio went down.
“It’s a very strategic marketing ploy,” says Dr Anna Lembke, one of the world’s foremost addiction experts, professor of psychiatry at Stanford University School of Medicine and author of the book Dopamine Nation.
“They’re encouraging you to amplify the wins and ignore the losses, creating a false impression there are more wins.”
Asked about this, eToro says that it is “committed to helping retail investors engage with each other and foster an environment of learning and collaboration”, adding that its platform is not “gamified”.
According to eToro’s UK managing director, Dan Moczulski, some users make their account public so that “all investments are visible to others, whether they are profitable or not”.
The company said it also provides educational tools, performs know-your-customer checks and encourages long-term, diversified investing.
But Dr Lembke is concerned by the potential for the social media element to fuel compulsive behaviour in crypto trading, an activity she says bears the hallmarks of addictive gambling products but without the acknowledged risk.
“When you mix social media with financial platforms, you make a new drug that’s even more potent,” she says.
Social media posts pushing crypto frequently refer to Fomo – the fear of missing out – fuelling an urge to participate.
“You get this herd mentality where people talk to each other about what the market is doing, they have wins together, losses together, … an intense shared emotional experience.”
“We get a little spike in dopamine, followed by a little deficit that has us looking to recreate that state.”
This, she says, echoes characteristics of gambling but with a crucial difference.
“It’s less stigmatised,” she says. “It has this socially sanctioned status as something that maverick smart people do.”
Parallels with gambling are becoming harder to ignore.
As with gambling, where every one addict is estimated to harm seven other people, many were suffering at the hands of someone else’s habit.
One recounted how her partner’s trading obsession was leading them to spend time away from the family. Another said their partner had taken to trading while in recovery from alcoholism, spending every waking hour making trades.
GamCare has even dealt with young patients who bought digital coins in a desperate attempt to make enough money to get on to the property ladder, only to lose life-changing sums.
At Castle Craig, where Steven is receiving treatment, the first crypto addict arrived at the clinic in 2016, followed by more than 100 since then.
“More and more people are isolated and are doing this [trading], especially since Covid,” says Tony Marini, the senior specialist therapist at the clinic and a recovering gambling addict himself.
“It’s tenfold already since 2016, so what’s it going to be like in the next five years?”
The headteacher of Molly Russell’s secondary school has told an inquest into the teenager’s death it is “almost impossible” to keep track of the risks posed to pupils by social media.
North London coroner’s court heard of the “complete and terrible shock” at Molly’s school after the 14-year-old killed herself in November 2017. Molly, from Harrow in north-west London, killed herself after viewing extensive amounts of online content related to suicide, depression, self-harm and anxiety.
Sue Maguire, the headteacher at Hatch End high school in Harrow, was asked how difficult it was for a school to stay on top of dangerous social media content.
She said: “There is a level where I want to say it is almost impossible to keep track of social media but we have to try, and we have to respond to the information as we receive it.”
Describing the school’s “shock” at Molly’s death, Maguire added that teachers had warned students about the “dangers of social media for a long time”.
She said: “Our experience of young people is that social media plays a hugely dominant role in their lives and it causes no end of issues. But we don’t present a stance that they should not use it. But it presents challenges to schools that we simply didn’t have 10 or 15 years ago.”
Oliver Sanders KC, representing the Russell family, asked Maguire whether the school was aware of the suicide and self-harm-related content available to students on sites such as Instagram.
Maguire said: “At the time, we were shocked when we saw it. But to say that we were completely shocked would be wrong because we had been warning young people about the dangers of social media for a long time.”
The deputy headteacher, Rebecca Cozens, who is also head of safeguarding at the school, told the inquest once young people had gone “down the rabbit hole” on social media, it was a “deep one”.
Asked by Sanders whether there was an awareness of the type of material Molly had engaged with, Cozens said: “I don’t think at that time an awareness of the depth of it and how quickly it would snowball … and the intensity then, when you’re going down that rabbit hole it is a deep one.”
On Monday a senior executive at Meta, the owner of Instagram, apologised after acknowledging that Molly had viewed content that breached the platform’s content guidelines. Elizabeth Lagone, the head of health and wellbeing policy at Meta, said: “We are sorry that Molly saw content that violated our policies, and we don’t want that on the platform.”
Last week an executive at Pinterest, another platform Molly interacted with heavily before her death, said the site was not safe when the teenager used it.
The senior coroner, Andrew Walker, told the Russell family he would deliver his conclusions by the end of the week.
In the UK, the youth suicide charity Papyrus can be contacted on 0800 068 4141 or email email@example.com, and in the UK and Ireland Samaritans can be contacted on freephone 116 123, or email firstname.lastname@example.org or email@example.com. In the US, the National Suicide Prevention Lifeline is at 800-273-8255 or chat for support. You can also text HOME to 741741 to connect with a crisis text line counsellor. In Australia, the crisis support service Lifeline is 13 11 14. Other international helplines can be found at befrienders.org
Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online – and will do away with this means for controlling access altogether within a year.
CARs are being replaced with Continuous Access Evaluation (CAE) for Azure Active Directory, which can apparently in “near-real time” pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft’s Exchange Team.
That might be useful if suspicious activity is detected, or a user account needs to be suspended, and changes to access need to be immediate.
“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the advisory read. “We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”
CARs is used by Microsoft 365 administrators to allow or block client connections to Exchange Online based on a variety of characteristics set forth in policies and rules.
“You can prevent clients from connecting to Exchange Online based on their IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect,” according to a Microsoft document from earlier this year.
For example, access can be granted to Exchange resources from specific IP address, and all other clients blocked. Similarly, the system can filter access to Exchange services by department or location, or based on usernames.
Microsoft announced the replacement CAE in January, touting its ability to act fast on account revocation, disablement, or deletion; password or user location changes; the detection of nefarious activity; and other such updates, according to a blog post at the time by Alex Simons, corporate vice president of product management for the Windows giant’s identity and network access division.
“On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy,” Simons wrote. “With CAE, we have introduced a new concept of zero trust authentication session management that is built on the foundation of zero trust principles – verify explicitly and assume breach.”
With this zero-trust focus, session integrity – rather than a set session duration – is what dictates a user’s authentication lifespan, we’re told.
CAE not only aims to give enterprises greater and more immediate control over access and events, but users and managers may appreciate the speed at which changes are adopted, Microsoft claims.
“Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical Azure AD events,” Microsoft added earlier this month. “Those events can then be evaluated and enforced near real time. Critical event evaluation doesn’t rely on Conditional Access policies so it’s available in any tenant.”
Critical events can include a user account being deleted or disabled, a user password is changed or reset, or multifactor authentication is enabled for a user. There also are other events, such as when an administrator explicitly revokes all refresh tokens for a user or a rogue insider is detected by Azure AD Identity Protection.
Finally, for workload identities, CAE enforces token revocation for workloads, among other things, according to Microsoft. ®
The current EU rules around product liability are more than 40 years old, meaning they do not cover harm caused by drones and other AI tech.
The European Commission has outlined a set of new proposals to enable people who are harmed by AI tech products to seek and receive compensation.
The proposals were published today (28 September). They are designed to comply with the EU’s 2021 AI Act proposal, which set out a framework for trust in AI-related technology.
Today’s AI Liability Directive aims to provide a clear and comprehensive structure for all Europeans to claim compensation in the event they are harmed by AI tech products, such as drones and robots.
The EU’s directive includes rules for businesses and consumers alike to abide by. Those who are harmed by AI products or tech can seek compensation just as they would if they were in harmed any other way.
The rules will make it easier for people who have been discriminated against by AI technology as part of the recruitment process, for example, to pursue legal action.
An example of harm that may be caused by tech products is data loss. Robots, drones, smart-home systems and other similar digital products must also comply with cybersecurity regulations around addressing vulnerabilities.
The directive builds on existing rules that manufacturers must follow around unsafe products – no matter how high or low-tech they are.
It is proposing a number of different strategies to modernise and adapt liability rules specifically for digital products. The existing rules around product liability in the EU are almost 40 years old, and do not cover advanced technologies such as AI.
European commissioner for internal market, Thierry Breton, said that the existing rules have “been a cornerstone of the internal market for four decades”.
“Today’s proposal will make it fit to respond to the challenges of the decades to come. The new rules will reflect global value chains, foster innovation and consumer trust, and provide stronger legal certainty for businesses involved in the green and digital transition.”
Vice-president for values and transparency, Věra Jourová, said that for AI tech to thrive in the EU, it is important for people to trust digital innovation.
She added that the new proposals would give customers “tools for remedies in case of damage caused by AI so that they have the same level of protection as with traditional technologies”. The rules will also “ensure legal certainty” for the EU’s internal market.
As well as consumer protection, the proposals are designed to foster innovation. They have laid down guarantees for the AI sector through the introduction of measures such as the right to fight a liability claim based on a presumption of causality.
The AI Liability Directive will need to be agreed with EU countries and lawmakers before it can become law.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.