As anticipation builds for the next-generation mobile communications or 5G, security has become a heated topic. The U.S. government has launched an unprecedented campaign urging countries to ban one of the key makers of equipment for the new network, China-based telecom titan Huawei. But Huawei is vowing to refuse to assist any country in spying and even claims it would rather go out of business. VOA’s Bill Ide recently visited the company’s headquarters in China’s southern city of Shenzhen.
…

A Tesla Model S involved in a fatal crash with a semitrailer in Florida March 1 was operating on the company’s semi-autonomous Autopilot system, federal investigators have determined.

The car drove beneath the trailer, killing the driver, in a crash that is strikingly similar to one that happened on the other side of Florida in 2016 that also involved use of Autopilot.

In both cases, neither the driver nor the Autopilot system stopped for the trailers, and the roofs of the cars were sheared off.

The crash, which remains under investigation by the National Transportation Safety Board and the National Highway Traffic Safety Administration, raises questions about the effectiveness of Autopilot, which uses cameras, long-range radar and computers to detect objects in front of the cars to avoid collisions. The system also can keep a car in its lane, change lanes and navigate freeway interchanges.

Tesla has maintained that the system is designed only to assist drivers, who must pay attention at all times and be ready to intervene.

In a preliminary report on the March 1 crash, the NTSB said that preliminary data and video from the Tesla show that the driver turned on Autopilot about 10 seconds before the crash on a divided highway with turn lanes in the median. From less than eight seconds until the time of the crash, the driver’s hands were not detected on the steering wheel, the NTSB report stated.

“Neither the preliminary data nor the videos indicate that the driver or the ADAS (Advanced Driver Assist System) executed evasive maneuvers,” the report stated.

The Model 3 was going 68 miles per hour when it hit the trailer on U.S. 441, the report said. Jeremy Beren Banner, 50, was killed.

Tesla said in a statement Thursday that Banner did not use Autopilot at any other time during the drive before the crash. Vehicle logs show that he took his hands off the steering wheel immediately after activating Autopilot, the statement said.

Tesla also said it’s saddened by the crash and that drivers have traveled more than 1 billion miles while using Autopilot. “When used properly by an attentive driver who is prepared to take control at all times, drivers supported by Autopilot are safer than those operating without assistance,” the company said.
…

Joyce Huang contributed to this report.

SHENZHEN, CHINA — One day after the United States effectively banned Chinese telecom titan Huawei from building next-generation “5G” mobile networks in the United States, the company warned the move would harm American workers.

“It will do significant harm to the American companies with which Huawei does business,” the company said, and “affect tens of thousands of American jobs.”

The company added it would quickly “find a resolution” to the ban and work to “mitigate” its impact.

On Wednesday, U.S. President Donald Trump signed an executive order that bars American companies from using telecommunications equipment made by companies that pose a national security risk.

The order, which declares a national emergency, is the first step toward formalizing a ban on doing business with Huawei. The United States also warned other countries about Huawei’s national security risks.

Huawei has been making extraordinary pledges to win over its critics and dispel allegations that it is a security threat. The company has said it will quit its business if forced to spy on its customers and its company chairman Liang Hua has offered to sign “no spy” agreements as well.

Speaking through an interpreter during a visit to London, Liang said Huawei is willing “to commit ourselves to making our equipment meet the no-spy, no-backdoors standard.”

It is unclear what Liang means by “no-spy, no-backdoors” since Huawei, like all technology companies, requires users to sign agreements acknowledging that the company may share their personal information if required by local authorities.

Most technology companies, such as Google and Facebook, disclose these government information requests in regular public reports. The companies explain when they comply with the government requests and when they challenge them in court.

Sharing data with Beijing?

There is no information about what data Huawei hands over to Beijing authorities. If Chinese officials determine a matter involves “state secrets” or a criminal investigation, officials can legally justify intercepting any communication. Critics say Beijing defines “state secrets” so loosely that it can cover virtually anything.

In his comments to reporters, Liang says Huawei does not act on behalf of China’s government in any international market.

According to Reuters, he also denies that China’s laws require companies to “collect foreign intelligence for the government or plant back doors for the government.” Liang added that Huawei is also committed to following the laws and regulations of every country where it does business.

​Independent business or state organ?

Huawei says it has signed 40 contracts to build 5G networks, more than 20 of which are in Europe. It has already shipped 70,000 base stations for installation, all to locations outside of China. Base stations are a key component of the infrastructure needed to build the new network.

Huawei spokesperson Joe Kelly that maintaining the trust of its customers is key to the company’s continued success.

“Today, with 4 billion people around the world [using our products], at the scale at which we operate, if we were installing back doors and taking data, our carriers would be aware, they would see it for themselves and then they would stop doing business with us,” he said.

In the 5G debate, Huawei has voiced its willingness to stake the company’s continued success on its commitment to security.

U.S. officials have suggested that if countries choose to trust Huawei for their 5G network, Washington may reassess sharing information with them.

The executive order that was signed by President Trump on Wednesday not only paves the way for a formal ban on Huawei from building networks in the United States.

According to the Commerce Department, Huawei and 70 other affiliates will be added to what is called an “Entity List,” which will make it more difficult for the company and other entities to buy parts and components from U.S. businesses.
…

U.S. lawmakers are pushing legislation that would force the State Department to report what it is doing to control the spread of U.S. hacking tools around the world.

A bill passed in a House of Representatives’ appropriations subcommittee on Tuesday said Congress is “concerned” about the State Department’s ability to supervise U.S. companies that sell offensive cybersecurity products and know-how to other countries.

The proposed legislation, released on Wednesday, would direct the State Department to report to Congress how it decides whether to approve the sale of cyber capabilities abroad and to disclose any action it has taken to punish companies for violating its policies in the past year.

National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology.

The legislation follows a Reuters report in January which showed a U.S. defense contractor provided staff to a United Arab Emirates hacking unit called Project Raven. The UAE program utilized former U.S. intelligence operatives to target militants, human rights activists and journalists.

State Department officials granted permission to the U.S. contractor, Maryland-based CyberPoint International, to assist an Emirate intelligence agency in surveillance operations, but it is unclear how much they knew about its activities in the UAE.

Under U.S. law, companies selling cyber offensive products or services to foreign governments must first obtain permission from the State Department.The new measure was added to a State Department spending bill by Dutch Ruppersberger, a Democrat from Maryland and member of the House Appropriations Committee.

Ruppersberger said in an emailed statement he had been “particularly troubled by recent media reports” about the State Department’s approval process for the sale of cyberweapons and services.

CyberPoint’s Chief Executive Officer Karl Gumtow did not respond to a request for comment. He previously told Reuters that to his knowledge, CyberPoint employees never conducted hacking operations and always complied with U.S. laws.

The State Department has declined to comment on CyberPoint, but said in an emailed statement on Wednesday that it is “firmly committed to the robust and smart regulation of defense articles and services export” and before granting export licenses it weighs “political, military, economic, human rights, and arms control considerations.”

Robert Chesney, a national security law professor at the University of Texas, said the Reuters report raised an alarm over how Washington supervises the export of U.S. cyber capabilities.

“The Project Raven (story) perfectly well documents that there is reason to be concerned and it is Congress’ job to get to the bottom of it,” he said.

The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House.
…

San Francisco supervisors voted Tuesday to ban the use of facial recognition software by police and other city departments, becoming the first U.S. city to outlaw a rapidly developing technology that has alarmed privacy and civil liberties advocates. 

The ban is part of broader legislation that requires city departments to establish use policies and obtain board approval for surveillance technology they want to purchase or are using at present. Several other local governments require departments to disclose and seek approval for surveillance technology. 

“This is really about saying: ‘We can have security without being a security state. We can have good policing without being a police state.’ And part of that is building trust with the community based on good community information, not on Big Brother technology,” said Supervisor Aaron Peskin, who championed the legislation. 

The ban applies to San Francisco police and other municipal departments. It does not affect use of the technology by the federal government at airports and ports, nor does it limit personal or business use. 

The San Francisco board did not spend time Tuesday debating the outright ban on facial recognition technology, focusing instead on the possible burdens placed on police, the transit system and other city agencies that need to maintain public safety. 

“I worry about politicizing these decisions,” said Supervisor Catherine Stefani, a former prosecutor who was the sole no vote. 

The Information Technology and Innovation Foundation, a nonprofit think tank based in Washington, D.C., issued a statement chiding San Francisco for considering the facial recognition ban. It said advanced technology makes it cheaper and faster for police to find suspects and identify missing people. 

Critics were silly to compare surveillance usage in the United States with China, given that one country has strong constitutional protections and the other does not, said Daniel Castro, the foundation’s vice president. 

“In reality, San Francisco is more at risk of becoming Cuba than China — a ban on facial recognition will make it frozen in time with outdated technology,” he said. 

It’s unclear how many San Francisco departments are using surveillance and for what purposes, said Peskin. There are valid reasons for license-plate readers, body cameras, and security cameras, he said, but the public should know how the tools are being used or if they are being abused. 

San Francisco’s police department stopped testing face ID technology in 2017. A representative at Tuesday’s board meeting said the department would need two to four additional employees to comply with the legislation. 

Privacy advocates have squared off with public safety proponents at several heated hearings in San Francisco, a city teeming with tech innovation and the home of Twitter, Airbnb and Uber. 

Those who support the ban say the technology is flawed and a serious threat to civil liberties, especially in a city that cherishes public protest and privacy. They worry people will one day not be able to go to a mall, the park or a school without being identified and tracked. 

But critics say police need all the help they can get, especially in a city with high-profile events and high rates of property crime. That people expect privacy in public space is unreasonable given the proliferation of cellphones and surveillance cameras, said Meredith Serra, a member of a resident public safety group Stop Crime SF. 

“To me, the ordinance seems to be a costly additional layer of bureaucracy that really does nothing to improve the safety of our citizens,” she said at a hearing.
…

Google opened a privacy focused engineering center in Munich, Germany, on Tuesday, its latest move to beef up its data protection credentials as tech companies’ face growing scrutiny of their data collection practices.

CEO Sundar Pichai said the Silicon Valley tech giant is expanding its operations in the southern German city, including doubling the number of data privacy engineers there to more than 200 by the end of 2019.

The new Google Safety Engineering Center will make Munich a global hub for the company’s “cross-product privacy engineering efforts,” Pichai said in a blog post.

Staff will work with Google privacy specialists in other cities to build products for use around the world, Pichai said, adding that Munich engineers built the Google Account control panel as well as privacy and security features for the Chrome browser.

Data privacy and security at Google and its tech rivals including Facebook are increasingly in the spotlight. Both companies dedicated much of their annual developer conferences last week to privacy, with Google unveiling new tools giving people more control over how they’re being tracked while Facebook outlined plans to connect people though more private channels.
…

Spyware crafted by a sophisticated group of hackers-for-hire took advantage of a flaw in the popular WhatsApp communications program to remotely hijack dozens of phones, the company said late Monday. 

The Financial Times identified the actor as Israel’s NSO Group, and WhatsApp all but confirmed the identification, describing hackers as “a private company that has been known to work with governments to deliver spyware.” A spokesman for the Facebook subsidiary later said: “We’re certainly not refuting any of the coverage you’ve seen.”

The malware was able to penetrate phones through missed calls alone via the app’s voice calling function, the spokesman said. An unknown number of people – an amount in the dozens at least would not be inaccurate – were infected with the malware, which the company discovered in early May, said the spokesman, who was not authorized to be quoted by name. 

John Scott-Railton, a researcher with the internet watchdog Citizen Lab, called the hack “a very scary vulnerability.” 

“There’s nothing a user could have done here, short of not having the app,” he said.

The spokesman said the flaw was discovered while “our team was putting some additional security enhancements to our voice calls” and that engineers found that people targeted for infection “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped.”

WhatsApp, which has more than 1.5 billion users, immediately contacted Citizen Lab and human rights groups, quickly fixed the issue and pushed out a patch. He said WhatsApp also provided information to U.S. law enforcement officials to assist in their investigations.

“We are deeply concerned about the abuse of such capabilities,” WhatsApp said in a statement.

NSO said in a statement that its technology is used by law enforcement and intelligence agencies to fight “crime and terror.” 

“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system,” the statement said. A spokesman for Stephen Peel, whose private equity firm Novalpina recently announced the purchase of part of NSO, did not return an email seeking comment.

The revelation adds to the questions over the reach of the Israeli company’s powerful spyware, which takes advantage of digital flaws to hijack smartphones, control their cameras and effectively turn them into pocket-sized surveillance devices.

NSO’s spyware has repeatedly been found deployed to hack journalists, lawyers, human rights defenders and dissidents. Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are currently suing NSO in an Israeli court over the hacking.

Monday, Amnesty International – which said last year that one its staffers was also targeted with the spyware – said it would join in a legal bid to force Israel’s Ministry of Defense to suspend NSO’s export license. 

That makes the discovery of the vulnerability particularly disturbing because one of the targets was a U.K.-based human rights lawyer, the attorney told the AP. 

The lawyer, who spoke on condition of anonymity for professional reasons, said he received several suspicious missed calls over the past few months, the most recent one on Sunday, only hours before WhatsApp issued the update to users fixing the flaw. 

In its statement, NSO said it “would not or could not” use its own technology to target “any person or organization, including this individual.”
…

Facebook’s WhatsApp said on Tuesday a security breach on its messaging app had signs of coming from a private company working on surveillance and it had referred the incident to the U.S. Department of Justice.

WhatsApp, one of the most popular messaging tools, is used by 1.5 billion people monthly and it has touted its high level of security and privacy, with messages on its platform being encrypted end to end so that WhatsApp and third parties cannot read or listen to them.

A WhatsApp spokesman said the attack was sophisticated and had all the hallmarks of a “private company working with governments on surveillance.”

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a spokesman said.

“We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users,” he said. WhatsApp did not elaborate further.

WhatsApp informed its lead regulator in the European Union, Ireland’s Data Protection Commission (DPC), of a “serious security vulnerability” on its platform.

“The DPC understands that the vulnerability may have enabled a malicious actor to install unauthorized software and gain access to personal data on devices which have WhatsApp installed,” the regulator said in a statement.

“WhatsApp are still investigating as to whether any WhatsApp EU user data has been affected as a result of this incident,” the DPC said, adding that WhatsApp informed it of the incident late on Monday.

Cybersecurity experts said the vast majority of users were unlikely to have been affected.

Scott Storey, a senior lecturer in cybersecurity at Sheffield Hallam University, believes most WhatsApp users were not affected since this appears to be governments targeting specific people, mainly human rights campaigners.

“For the average end user, it’s not something to really worry about,” he said, adding that WhatsApp found the vulnerability and quickly fixed it. “This isn’t someone trying to steal private messages or personal details.”

Storey said that disclosing vulnerabilities is a good thing and likely would lead to other services looking at their security.

Incoming call

Earlier, the Financial Times reported that a vulnerability in WhatsApp allowed attackers to inject spyware on phones by ringing up targets using the app’s phone call function.

It said the spyware was developed by Israeli cyber surveillance company NSO Group — best known for its mobile surveillance tools — and affects both Android and iPhones. The FT said WhatsApp could not yet give an estimate of how many phones were targeted.

The FT reported that teams of engineers had worked around the clock in San Francisco and London to close the vulnerability and it began rolling out a fix to its servers on Friday last week and issued a patch for customers on Monday.

Asked about the report, NSO said its technology is licensed to authorized government agencies “for the sole purpose of fighting crime and terror,” and that it does not operate the system itself while having a rigorous licensing and vetting process.

“We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said.

Social media giant Facebook bought WhatsApp in 2014 for $19 billion.

Facebook co-founder Chris Hughes last week wrote in The New York Times that fellow co-founder Mark Zuckerberg had far too much influence by controlling Facebook, Instagram and WhatsApp, three core communications platforms, and called for the company to be broken up.

Facebook’s shares were up 0.8 percent at $183.02 in pre-market trading.
…

President Donald Trump signed an executive order this month designed to strengthen the country’s cybersecurity workforce, the front line against hackers, domestic and foreign. With 7 billion internet-connected devices in the world, and numbers expected to rise, the threat is growing. Faith Lapidus reports, web-connected devices, from smart homes to drones, are vulnerable.
…

A cat who lost his back legs when he was hit by a train got a new lease on life by getting new prosthetic limbs. They were designed by engineering students at the University of Wisconsin-Madison using a 3D printer. VOA’s Deborah Block has more.
…

The question comes up over and over, with extremist material, hate speech, election meddling and privacy invasions. Why can’t Facebook just fix it?

It’s complicated, with reasons that include Facebook’s size, its business model and technical limitations, not to mention years of unchecked growth. Oh, and the element of human nature.

The latest revelation: Facebook is inadvertently creating celebratory videos using extremist content and auto-generating business pages for the likes of Islamic State and al-Qaida. The company says it is working on solutions and the problems are getting better. That is true, but critics say better is not good enough when mass shootings are being live-streamed and online mobs are spreading rumors that lead to deadly violence.

“They have been frustratingly slow in dealing with everything from child sexual abuse to terrorism, white supremacy, bullying, nonconsensual porn” and things like allowing advertisers to target categories such as “Jew hater,” simply because some users had listed the term as an “interest,” said Hany Farid, a digital forensics expert at the University of California, Berkeley.

As new problems crop up, Facebook’s formula has been to apologize and promise to make changes, sometimes also noting that it did not anticipate how malicious actors could so readily misuse its platform. More recently, the company has also emphasized just how much it is improving, both technically in its use of artificial intelligence to detect problems and in terms of focusing more money and effort on fixing them.

“After making heavy investments, we are detecting and removing terrorism content at a far higher success rate than even two years go,” Facebook said Wednesday in response to the revelations about the auto-generated pages. “We don’t claim to find everything, and we remain vigilant in our efforts against terrorist groups around the world.”

It has seen some success. In late 2016, CEO Mark Zuckerberg infamously dismissed as “pretty crazy” the idea that fake news on his service could have swayed the election. He later backtracked, and since then the company has reduced the amount of misinformation shared on its service, as measured by several independent studies.

Zuckerberg has also, by and large, avoided similar gaffes by conceding mistakes and delivering apologies to the public and to lawmakers.

‘Stuck with all this garbage’

But even as the company bats down one problem, others pop up. The reason for that might be baked into its DNA. And that’s not just because its business model relies on as many people as possible using it as much as possible, leaving behind personal details that can then be targeted by advertisers.

“Almost everything Facebook has designed has been designed for good people. People who are nice to each other, who have birthdays to celebrate, who have new puppies and generally like to treat others well,” said Siva Vaidhyanathan, director of the Center for Media and Citizenship at the University of Virginia. “Basically Facebook is made for a better species than ours. If it were made for golden retrievers, everything would be great.”

But if just 1% of the 2.4 billion people on Facebook want to do terrible things to others, that’s 24 million people.

“Every couple of weeks, we hear about Facebook knocking down troublesome pages, making promises about hiring more people, building AI and so on,” Vaidhyanathan said. “But at Facebook’s scale, none of that will matter. We are basically stuck with all this garbage.”

Chris Hughes, a co-founder of Facebook, called for a breakup of the social media giant in a Thursday op-ed. Vaidhyanathan also thinks strong government regulation could be the answer, such as laws that “limit companies’ ability to suck up all our data and use it to target advertising.”

“We really should be addressing the back end of Facebook,” he said. “That’s what you have to attack.”
…

France welcomed Facebook’s Mark Zuckerberg on Friday with a threat of sweeping new regulation.

With Facebook under fire on multiple fronts, Zuckerberg is in Paris to show that his social media giant is working hard to limit violent extremism and hate speech shared online.

But a group of French regulators and experts who spent weeks inside Facebook facilities in Paris, Dublin and Barcelona say the company isn’t working hard enough.

Just before Zuckerberg met French President Emmanuel Macron in Paris, the 10 officials released a report calling for laws allowing the government to investigate and fine social networks that don’t take responsibility for the content that makes them money.

The French government wants the legislation to serve as a model for Europe-wide management of social networks. Several countries have introduced similar legislation, some tougher than what France is proposing.

To an average user, it seems like the problem is intractable. Mass shootings are live-streamed, and online mobs are spreading rumors that lead to deadly violence. Facebook is even inadvertently creating celebratory videos using extremist content and auto-generating business pages for the likes of the Islamic State group and al Qaida.

The company says it is working on solutions, and the French regulators praised Facebook for hiring more people and using artificial intelligence to track and crack down on dangerous content.

But they said Facebook didn’t provide the French officials enough information about its algorithms to judge whether they were working, and that a “lack of transparency … justifies an intervention of public authorities.”

The regulators recommended legally requiring a “duty of care” for big social networks, meaning they should moderate hate speech published on their platforms. They insist that any law should respect freedom of expression, but did not explain how Facebook should balance those responsibilities in practice.

After meeting Macron, Zuckerberg said in a Facebook post that he welcomed governments taking a more active role in drawing up regulations for the internet. He made similar remarks earlier this year but has been vague on what kind of regulation he favors.

Facebook faces “nuanced decisions” involving content that is harmful but not illegal and the French recommendations, which set guidelines for what’s considered harmful, “would create a more consistent approach across the tech industry and ensure companies are held accountable for enforcing standards against this content,” Zuckerberg said.

The regulators acknowledged that their research didn’t address violent content shared on private chat groups or encrypted apps, or on groups like 4chan or 8chan, where criminals and extremists and those concerned about privacy increasingly turn to communicate.

Facebook said Zuckerberg is in France as part of meetings around Europe to discuss future regulation of the internet. Facebook agreed to embed the French regulators as an effort to jointly develop proposals to fight online hate content.

Zuckerberg’s visit comes notably amid concern about hate speech and disinformation around this month’s European Parliament elections.

Next week, the leaders of France and New Zealand will meet tech leaders in Paris for a summit seeking to ban acts of violent extremism and terrorism from being shown online.

Facebook has faced challenges over privacy and security lapses and accusations of endangering democracy — and it came under criticism this week from its own co-founder.

Chris Hughes said in a New York Times opinion piece Thursday that it’s time to break up Facebook. He says Zuckerberg has turned Facebook into an innovation-suffocating monopoly and lamented the company’s “slow response to Russian agents, violent rhetoric and fake news.”
…