The Guardian view on securing the internet: collective action needed

 

‘The attack serves, among other things, as a warning that nothing and nowhere is really secure.’ Photograph: Yui Mok/PA

Europol and the NHS are both warning people going back to work after the weekend to start up their computer with care. The cyber-attack on the UK health service, which also brought down systems in at least 150 countries, is an illustration of the vulnerability of the networks and software on which societies and economies now depend. In an ironical twist, it appears that the unknown writers of the “WannaCry” malware had themselves left a security holein their creation, which allowed the attack to be halted once their mistake was discovered.

We do not yet know how much damage WannaCry caused. People may have died; trauma units have been shut down and operations postponed. The attack serves, among other things, as a warning that nothing and nowhere is really secure.

The crucial weakness in Microsoft Windows that allowed the infection to spread had been identified years ago by the National Security Agency in Washington (and no doubt shared with Britain’s surveillance agency GCHQ). It seems to have informed no one else. Had it seen its duty primarily as defending friendly computer networks, as Edward Snowden has suggested it does, it might have issued a warning. It did not. Only when the hacking toolkit was itself stolen and published on the web did Microsoft respond with a patch that offered protection.A patient appointment letter from a London NHS hospital, next to a virus and spyware warning message on a laptop screen at a home in London,

Up-to-date computer systems were safe, but many others were not. The NHS, which has tens of thousands of computers running the obsolete Windows XP system, had not renewed its support contract with Microsoft. Despite the demand of the national data guardian, Dame Fiona Caldicott, they had not been upgraded. It’s clear from Dame Fiona’s letter that some of the system’s insecurities are the results of its users working their way around measures they find obstructive; but some must also be the result of financial pressure, which does not just affect the cost of software licences but the enormous expense of retraining and supporting users. The blame for software failures is thus widely distributed.

However, the costs fall entirely on the victims. In no other industry could the manufacturers take so little legal responsibility for the safety and reliability of the goods they sell. If the NHS had bought a fleet of ambulances whose only flaw was that the left front wheel fell off every time it hit a pothole, the makers would be sued. But if the manufacturer were a software company, it would simply charge extra for upgrading the wheels.

Computer software is difficult and complex. In the case of some neural networks, not even the programmers can trace, still less understand, how the conclusions emerge from the inputs. Yet we live in a world that depends on it. The connectivity that makes us vulnerable also knits the economy together. The strong encryption that is used to lock the files so that a ransom can be paid also underlies the security of a properly administered banking system.

The assault on the NHS is part of a growing pattern of international lawlessness that shows how optimistic were the libertarian dreams of the early internet culture. What has emerged instead is a kind of feudal system, where not just individuals but even powerful companies, banks and government agencies in their operations in cyberspace are no more than unarmed peasants dependent on Microsoft, Google or the other great baronies to protect them from the robbers and bandits waiting to exploit weakness. In exchange for this vital protection, they own our virtual lives. All of the obvious measures to guard us against the next attack – which is certainly coming – must be taken.

This is not the first ransomware attack on the NHS but it must be the last one that is successful. Though it will cost money, it is essential that the government takes digital security as seriously as it takes hygiene in hospitals. In the long run, however, we must also work for democratic control over the wider system of digital feudalism.

 

Net Neutrality: What happened during the July 12 Internet-Wide Day of Action protest

 

Updated July 14: The Internet-Wide Day of Action to Save Net Neutrality on July 12 enjoyed a healthy turnout.Thousands of companies and some visible tech celebrities united against the FCC proposal called Restoring Internet Freedom, by which the new FCC chairman Ajit Pai hopes to loosen regulations for the ISPs and telecom companies that provide Internet service nationwide. The public has until mid-August to give comments to the FCC.

The protests took many forms. Organizations including the American Civil Liberties Union, Reddit, The Nation, and Greenpeace placed website blockers to imitate what would happen if the FCC loosened regulations. Other companies participating online displayed images on their sites that simulated a slowed-down Internet, or demanded extra money for faster access.

net neutrality the nation

Haley Velasco/IDG

For the July 12 Internet-Wide Day of Action advocating net neutrality, sites including The Nation displayed images showing people what the web would be like if corporations operated it for a profit.

Tech giant Google published a blog post in defense of net neutrality. “Today’s open internet ensures that both new and established services, whether offered by an established internet company like Google, a broadband provider or a small startup, have the same ability to reach users on an equal playing field.”

net neutrality sheryl sandberg facebook post

Melissa Riofrio/IDG

Facebook COO Sheryl Sandberg posted to her page about net neutrality as part of the July 12 Internet-Wide Day of Action.

Facebook joined in with Sheryl Sandberg posting her message on Facebookas well as Facebook CEO Mark Zuckerberg.“Keeping the internet open for everyone is crucial. Not only does it promote innovation, but it lets people access information that can change their lives and gives voice to those who might not otherwise be heard,” Sandberg said.

In Washington, FCC Commissioner Mignon Clyburn said in a statement that she supports a free and open internet. “Its benefits can be felt across our economy and around the globe,” she said. “That is why I am excited that on this day consumers, entrepreneurs and companies of all sizes, including broadband providers and internet startups, are speaking out with a unified voice in favor of strong net neutrality rules grounded in Title II. Knowing that the arc of success is bent in our favor and we are on the right side of history, I remain committed to doing everything I can to protect the most empowering and inclusive platform of our time.”

Sen. Ron Wyden, D-Ore., and Sen. Brian Schatz, D-Hawaii, wrote a letter to the FCC Tuesday – one day early — to make sure the FCC’s system was ready to withstand a cyberattack, as well as the large volume of calls expected Wednesday.

What led up to the protest

The July 12 Internet-Wide Day of Action strove to highlight how the web would look if telecom companies were allowed to control it for profit. Organizing groups such as Fight for the Future, Free Press Action Fund, and Demand Progress want their actions to call attention to the potential impact on everyday users, such as having to pay for faster internet access.

Where net neutrality stands: Under the Open Internet Order enacted by the FCC in 2015, internet service providers cannot block access to content on websites or apps, interfere with loading speeds, or provide favoritism to those who pay extra. However, FCC Chairman Ajit Pai, selected by President Trump in January, has been advocating a completely open internet, where the ISPs could control access or charge fees without regulation. A Senate bill that would relax regulations, called Restoring Internet Freedom (S.993), was introduced in May and was referred to the Committee on Commerce, Science, and Transportation.

What this protest is for: The July 12 protest, which organizers are calling the Internet-Wide Day of Action to Save Net Neutrality, will fight for free speech on the internet under Title II of FCC’s Communications Act of 1934. On that date, websites and apps that support net neutrality will display alerts to mimic what could happen if the FCC rolled back the rules.

Who will come together for the protest: More than 180 companies including Amazon, Twitter, Etsy, OkCupid, and Vimeo, along with advocacy groups such as the ACLU, Change.org, and Greenpeace, will join the protest and urge their users and followers to do the same.

net neutrality fight for net neutrality

Courtesy Fight for the Future

Where the protest will take place: Sites that support net neutrality will call attention to their cause by simulating what users would experience if telecom companies were allowed to control web access. Examples will include a simulated “spinning wheel of death” (when a webpage or app won’t load), blocked notifications, and requests to upgrade to paid plans. Organizers are also calling on supporters to stage in-person protests at congressional offices and post protest selfies on social media with the tag #savethenet.

Who opposes the protest: FCC Chairman Ajit Pai and large telecom companies, such as Verizon and Comcast, want to relax net neutrality rules. Some claim that an unregulated internet will allow for more competition in the marketplace, as well as oversight of privacy and security measures.

Why this protest matters: The July 12 protest is projected to be one of the largest digital protests ever planned, with more than 50,000 people, sites, and organizations participating. If successful, it would be reminiscent of a 2012 blackout for freedom of speech on the internet to protest the Stop Online Piracy Act and the PROTECT IP Act, and an internet slowdown in 2014 to demand discussions about net neutrality.

BlackBerry taking action to fix ‘pop-out’ screen – namely more glue

 

BlackBerry Mobile reps have confirmed the manufacturing process for its KEYone flagship will be tweaked so the display doesn’t pop out so easily.

In June, the torture-testing YouTube channel JerryRigEverything found that the display popped out when the phone was being bent, with relatively little pressure.

“Most other screens, like Samsung’s, have so much adhesive behind them it takes a high-powered heat gun or an industrial hot plate to remove them,” noted YouTuber Zack Nelson. It was Nelson who found that the iPhone 7 display scratched more easily than it should, and that the “liquid cooling” boasted by Microsoft’s Lumia 950 XL didn’t actually use any liquid (it used a conventional copper heat sink instead).

 BlackBerry KeyONE Android smartphone

BlackBerry Mobile – a new venture housed within TCL – responded that only a small handful of customers had been affected. The device had been widely praised for the robustness of its all-metal design, something your reporter can confirm, until the display separation issue arose.

However, TCL’s best brains have now stumped up for some glue.

“In a further effort to ensure all our BlackBerry Mobile customers and fans have an outstanding experience, we’re implementing additional measures that add even greater strength and adhesive to the BlackBerry KEYone display,” writes a rep at CrackBerry, which hosts the official user forums.

“These new measures are already being implemented on new KEYones and are beginning to hit our retailer and carrier inventories – and will continue to come in stock throughout the summer.”

Owners with problems will get a replacement while the unit is under warranty.

Read our 24-hour test here. We’ll post a long-term review in, um, the long term.

 

Here’s a look at Walmart Pay in action

151210 walmart pay 1

This time last year, just as Apple Pay was being launched, tech enthusiasts were pouring scorn on rival payments system CurrentC, because it depends on barcodes rather than the newer NFC wireless technology picked up by Apple.

The jury is still out on CurrentC — a year on, it still hasn’t launched — but on Thursday Walmart announced a payment system of its own that uses barcodes, and it doesn’t look too clumsy.

In a video provided by the retailer, a customer starts an app on an Android phone with a credit card and a gift card stored in it. The customer selects Walmart Pay on a self-serve checkout machine and a barcode displays on the machine. He points his phone at the barcode and the two link-up, identifying the customer. To complete the identification, the phone needs some kind of network connection.

151210 walmart pay 3Walmart Pay being used in a company store

The customer then scans his purchases, hits the “I’m Done” button and the payment is processed.

The advantage of using barcodes is that the system can work on any smartphone, not just one with an NFC chip and antenna. Most high-end smartphones have the NFC hardware, but many older or cheaper phones do not. Shoppers then require only the Walmart app, which is available for iOS and Android.

Walmart Pay will launch in some stores this month and be in all stores by the middle of 2016. Only when it gets into the hands of consumers will a real test be possible.

While Walmart is one of the backers of CurrentC, it’s keen to point out that its system was developed in-house. It said it remains committed to CurrentC and will try out the technology when its ready.