Month: December 2015

FCC Chairman Tom Wheeler. (credit: NCTA)

The Federal Communications Commission has asked Comcast, AT&T, and T-Mobile USA to answer questions about their implementations of "zero-rating," a practice that exempts certain types of content from customers' data caps.

FCC officials wrote to the companies yesterday, pointing out that data cap exemptions can favor some content providers over others, whose content does count against consumers' caps. The letters asked the companies to make "relevant technical and business personnel" available for discussions with FCC staff by January 15.

FCC Chairman Tom Wheeler told reporters today that "this is not an investigation. This is not any enforcement. This is to help us stay informed as to what the practices are, as we said we would do in the Open Internet Order."

(credit: Ryan J. Reilly)

Over the past couple months, there's been an ongoing battle between Congressman Lamar Smith (R-Tex.), chair of the House Science Committee, and the National Oceanic and Atmospheric Administration (NOAA). After a June study published in Science concluded there was no evidence that global warming had slowed in recent years, Rep. Smith accused NOAA climate scientists of manipulating surface temperature data for political reasons.

Rep. Smith has subpoenaed the internal communications of those scientists despite being provided all the data, methods, and rationale behind the work. NOAA replied it does not intend to release e-mails between scientists.

On December 1, Rep. Smith changed tack in a letter reiterating his demands. The letter complained that NOAA’s objections had focused on his requests for scientists’ communications, when he was also requesting communications between other NOAA staff. So he modified his terms—he'd start with e-mails from elsewhere in NOAA. “In order to move the Committee’s work forward and to allow for further discussions on issues related to the subpoenaed communications about which the agency and the Committee disagree, the Committee is willing to accommodate NOAA and prioritize communications sent and received by non-scientific personnel,” the letter read. “However, this prioritization does not alleviate NOAA’s obligation to respond fully to the Committee’s subpoena.”

A LifeLock ad from 2008. (credit: Elf Sternberg)

Today the Federal Trade Commission announced that identity protection company LifeLock will pay $100 million for playing fast and loose with its customers’ sensitive information, including names, social security numbers, credit card numbers, and bank information.

The settlement is the largest payout the FTC has ever won through an enforcement action. Customers who were part of a class-action suit against the company will get $68 million of that. The remainder of the sum "will be provided to the FTC for use in further consumer redress,” the FTC's press release states.

LifeLock was given a slap on the wrist and a $12 million fine in 2010 for falsely advertising its identity theft protection services. The company had advertised that for $10 a month, it would guarantee protection against identity theft, but the FTC charged that LifeLock merely put fraud alerts on its customers' credit files, which did not protect against identity theft from existing accounts, nor did it prevent fraudsters from using a person’s ID to get medical care or to apply for jobs. LifeLock’s CEO, Todd Davis, famously advertised his company’s services by displaying his social security number in ads. That act of hubris reportedly resulted in Davis’ identity being stolen 13 times.

Yesterday, Bloomberg Business published a story about a San Francisco hacker who claims to have built his own self-driving car in just a few months. George Hotz, who was the first person to hack the iPhone, has modified his Acura ILX and taught it to drive on freeways around the Bay Area. According to Bloomberg's article, Hotz had been in talks with Elon Musk about replacing that company's supplier of machine vision systems, Mobileye, until Musk offered Hotz a job, something the hacker did not appreciate.

Tesla, it turns out, did not like the way it and Mobileye were characterized in the article. In an online rebuttal, Tesla wrote "[w]e think it is extremely unlikely that a single person or even a small company that lacks extensive engineering validation capability will be able to produce an autonomous driving system that can be deployed to production vehicles." Mobileye's technology is now used by a host of OEMs and is one of the reasons Musk has said that optical sensors alone should be sufficient for autonomous vehicles.

Hotz's Acura ILX has been modified to contain a glovebox full of electronics, including a lidar puck on the roof and a forward-facing optical camera. Speaking to Bloomberg, Hotz said the secret to his car was the AI, which he has plans to refine while working as an Uber driver.

(credit: UMass Medical Center)

Yesterday, Congressional negotiators released a budget agreement that is likely to be signed by the president if it could pass both houses. The overall outlines of the deal—tax breaks that benefit businesses and increases in spending—will draw opposition from members of both parties, so it's not clear the president will ever see it.

Assuming it passes, however, the deal would be good news for scientific research. The American Association for the Advancement of Science has done an analysis of the bill and finds most research-focused agencies will see a boost. The priorities of many legislators, however, has ensured these boosts are not evenly distributed.

This appears to be a case where each party came in with a number (the president, House, and Senate each had spending bills under consideration), yet in many cases, they compromised by spending more than anybody had asked for. Overall, federal R&D money will go up by 8.1 percent in 2015, to nearly $150 billion. Roughly half of that, $73 billion, will end up being spent on defense research. Of that figure, $15.4 billion will go to basic science and tech research, even though none of the parties had asked for more than $14.6 billion.

Elon Musk views the historic Dragon capsule that returned to Earth on May 31, 2012, after delivering cargo to the International Space Station. (credit: NASA/Bill Ingalls)

A lot of scientists and engineers who study Mars worry about planetary protection, the concern that biospheres on other worlds might be contaminated by microbes from Earth. It’s a bit like Star Trek’s prime directive, and NASA and other space agencies take pains to clean their robotic spacecraft of Earth-based life before launching them to other planets.

The discovery of periodic, briny water on the surface of Mars earlier this year reignited concerns about planetary protection, including whether the Curiosity rover was free enough of Earth-based microbes to investigate these features, known as recurring slope lineae (RSL). The problem becomes even worse when humans are thrown into the mix.

Therefore, some in the scientific community believe astronauts should remain off Mars until rovers and other probes have thoroughly studied the question of life on Mars. After the confirmation of present-day water on Mars, for example, The Planetary Society’s Emily Lakdawalla, wrote, “If we keep our filthy meatbag bodies in space and tele-operate sterile robots on the surface, we'll avoid irreversible contamination of Mars—and obfuscation of the answer to the question of whether we're alone in the solar system—for a little while longer. Maybe just long enough for robots to taste Martian water or discover Martian life.”

One of a heaping collection of critical bug fixes pushed out by Microsoft on December 8 as part of the company's monthly "Patch Tuesday" was an update to the Microsoft Office suite designed to close a vulnerability that would allow an attacker to sneak past Outlook's security features. While the patch addressed multiple vulnerabilities in the way Office manages objects in memory, the most severe of them allows for remote code execution through a "specially crafted Microsoft Office file," Microsoft reported.

Now more details of just how bad that vulnerability is have been provided by security researcher Haifei Li in a paper entitled "BadWinmail: The 'Enterprise Killer' Attack Vector in Microsoft Outlook." The vulnerability allows a crafted attachment to an e-mail to bypass Outlook's layers of security by exploiting Office's Object Linking and Embedding (OLE) capabilities and Outlook's Transport Neutral Encapsulation Format (TNEF)—the e-mail attachment method associated with Outlook messages' winmail.dat attachments.

The winmail.dat file includes instructions on how to handle attachments embedded within it. "When the value of the 'PidTagAttachMethod' [within winmail.dat] is set to ATTACH_OLE (6)," Haifei wrote, "the 'attachment file' (which is another file contained in the winmail.dat file) will be rendered as an OLE object."

(credit: The Intercept)

A secret catalog of cellphone spying gear has been leaked to The Intercept, reportedly by a person inside the intelligence community who is concerned about the growing militarization of domestic law enforcement.

Among the 53 items are the now-familiar Stingray I/II surveillance boxes. They're billed as the "dragnet surveillance workhorse [that] has been deployed for years by numerous local law enforcement agencies across the United States." It has a range of 200 meters and sells for $134,000. A chief selling point is the "ready-made non-disclosure agreements from the FBI and Harris Corp. [that] will provide a pretext for concealing these features from the public." The listing also touts Harris' "next-generation Hailstorm, a must-have for cracking the 4G LTE network."

Besides manufacturing the Stingray brand of surveillance gear, Harris once employed a spokesman name Marc Raimondi. According to an Intercept article accompanying the leaked catalog, Raimondi is now a Department of Justice spokesman who says the agency's use of stingray equipment is legal.