Monthly Archives: August 2020

Open Source Projects: Why Security Still Matters – Dice Insights

Posted on by

Open source has been an integral part of the enterprise for decades. With the advent of Agile development methodologies and DevOps practices, open source has never been more important to developers creating the apps that are driving digital transformation.

But where does that leave security?

For years, open source was considered a safe security bet and immune to many of the vulnerabilities associated with Windows and other closed-source software, largely due to the open nature of the community supporting it. That way of thinking, however, needs to change.

A report published in June by security firmRiskSensefound that vulnerabilities in open source software nearly doubled between 2018 and 2019, with nearly 1,000 projects posting year-over-year increases. Some of the biggest offenders include Magento, GitLab, and Jenkins.

The RiskSense reports that one reason for this increase in vulnerabilities is the growing acceptance of open source in many enterprise applications: Between 80 percent to 90 percent of software in use has some type of open-source component. This growing popularity means errors are slipping through the cracks and hackers are there to exploit them.

And while developers want to speed up application development, security is seen as cautious and risk-averse, which can cause frictions between developer and cybersecurity teams when trying to ensure that apps are ready for production and are free of potential vulnerabilities.

When you are focused on building and shipping software, there are benefits of using open source software, Wei Lien Dang, the co-founder and chief strategy officer at StackRox, which makes security tools for containers and Kubernetes, told Dice.

However, organizations need to be careful that they understand how to deal with vulnerabilities and licensing issues that could create exposures, Dang added. Software development practices, regardless of the methodology, that borrow from open source need to account for product security. Its not unique to DevOpsif you overlook the [open source software] patching process, you can easily put your organization at risk.

The non-profitInformation Security Forumrecently published a report on the growing use of open source software in the enterprise driven by the adoption of DevOps and Agile methodologies.

The study notes that, while open source software contains about the same amount of vulnerabilities as proprietary software, there are security issues to consider as well as unique challenges.

In some organizations OSS has been inadvertently included in the IT infrastructure, or the organisation lacks a complete view of all OSS components deployed across their environment, according to the ISF report. If this is the case, [open source software] components may have been implemented in an uncontrolled manner and potentially left in an insecure state, outdated, unpatched and prone to vulnerability exploits. Without adequate knowledge of where and how OSS is used, organisations risk allowing vulnerabilities into their infrastructure that they are unaware of, and therefore cannot proactively address.

One of the biggest security blunders associated with open source software happened in 2017, when Equifaxs IT and security teams did not respond to and patch a vulnerability in theApache Strutsopen-source web application framework, which Chinese hackers allegedly exploited in order to gain access to the companys network and exfiltrate data on over 145 million U.S. citizens. It was one of the largest data breaches in history.

Thomas Hatch, CTO and co-founder of automation security firm SaltStack, believes that many security and IT professionals are focused on protecting and securing high-level components and not checking to see what open source components are finding their way into enterprise applications. This leaves a security gap.

The duties of IT workers vary greatly from organization to organization, but a large number of organizations have very few IT resources that are focused on patching, Hatch told Dice. Modern IT professionals spend much more time managing high-level APIs and UIs. They need to deal with a large group of systems and services and are not as focused on the system and OSS management as they were 10 years ago. The ability to take massive amounts of free, untested, unvalidated, and not necessarily secured software off-the-shelf has created a liability deeply embedded in areas that make heavy use of open source software.

While open source is considered a way to reduce costs, there is still a price to pay to ensure the security of applications that use this code, Wang said.

This comes in the form of experience and/or training to ensure that OSS code is patched and secured, Wang said. This is one of the reasons why organizations go with commercial software or a cloud managed service. In those cases, its the responsibility of the software or cloud provider to make patches available. You get the added benefit of a level of outsourced support and upkeep.

For those organizations that want to use open source and still ensure the security of the applications, there are two core considerations to make: Having the right tooling in place to ensure protection and creating the right processes for patching.

You need to have a way of discovering vulnerabilities, license issues and other risks associated with using open source software, Wang said. The methodology, Agile, DevOps or otherwise, shouldnt make a difference. If you choose to use OSS, you need to understand the security risks and implications of doing so and be prepared to deal with it appropriately.

Hatch, the CTO at SaltStack, has three ways that security and development teams can ensure the integrity of their applications:

Apply Patches:If the Equifax data breaches proved one thing, its that patching matters. In that case, the fault did not lie with Apache Struts but with Equifax not responding to the associated vulnerability alert in a timely manner, Hatch said.

Visibility:There are more rules and processes in place today for open source projects, and the most mature of these projects follow best practices for security disclosures. When the security issues are disclosed, they are done in a way that users will be able to see exactly what the issues are and how to upgrade the software, Hatch said.

Know What You Have:As open source has proliferated, developers have more choices than ever, which means keeping a better inventory of what components are being used in applications and knowing what bugs can affect them. Open source allows us to have hundreds of thousands of software components to use; keeping track of them all is daunting, Hatch said.

Membership has its benefits. Sign up for a free Dice profile, add your resume, discover great career insights and set your tech career in motion. Register now

View original post here:
Open Source Projects: Why Security Still Matters - Dice Insights

Microsoft, Google, Red Hat and IBM join forces to improve the security of open source software – Explica

Posted on by

The Open Source Security Foundation (OpenSSF) is a new organization founded by GitHub, Google, IBM, Microsoft, Intel, GitLab, HackerOne, and Red Hat, among others. Its goal is to unite initiatives to promote open source software security and accelerate collaboration between industries in one place.

At least thats how the official website of this new project within the Linux Foundation explains it, which has among its members some of the largest technology companies in the world, some that also leverage large-scale open source projects in their commercial productssuch as Microsoft (owner of GitHub), IBM (owner of Red Hat) and Google.

This foundation seeks to be a massive collaboration between software giants to improve response to vulnerabilities in open source software. In fact, Microsoft itself (recently a lover of open source) says it will move many of its resources to this initiative to help identify security threats, establish best practices, develop tools and improve the disclosure of vulnerabilities.

They hope that their vulnerability disclosure system will help developers fix problems with their open source software in minutes instead of months.

This last point is especially interesting given that at the OpenSSF they will collaborate with companies like Google, whose group of cybersecurity specialists (Project Zero) constantly collides with Microsoft for revealing vulnerabilities of the company before they have been able to fix them.

OpenSSF was established on the premise that there is a need for a mechanism for security researchers to collaborate in securing the open source supply chain, and that those researchers in different organizations have common interests and concerns. OpenSSF will seek to facilitate dialogues between these organizations.

Jim Zemlin, the CEO of the Linux Foundation explained it like this:

We believe that open source is a public good and in all industries we have a responsibility to unite to improve and support the security of open source software on which we all depend. Ensuring open source security is one of the most important things we can do and it requires everyone around the world to collaborate with the effort. OpenSSF will provide a forum for a truly collaborative effort across industries.

Other founding members of OpenSSF also include ElevenPaths, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, JPMorgan Chase, NCC Group, OWASP Foundation, Uber, and VMware.

Share OpenSSF: Microsoft, Google, Red Hat and IBM join forces to improve the security of open source software

See the rest here:
Microsoft, Google, Red Hat and IBM join forces to improve the security of open source software - Explica

Bitcoin’s flash crash and recent rally explained – BNN

Posted on by

The notoriously volatile price of Bitcoin is rallying, surging past the US$11,000 mark for the first time this year in late July.

The cryptocurrency set a new record high for 2020 on Sunday when it briefly surpassed US$12,000, marking an important technical and psychological milestone for cryptocurrency investors, before plunging more than US$1,000 within minutes.

There are several key factors fueling this price boost including the so-called Bitcoin Halving, which occurred on May 11. The algorithm that controls market supply of Bitcoin was adjusted to reduce new market supply by half. In the 11 years since its inception, this inflation-fighting feature of Bitcoins programming has historically been a driver of price movement.

Brian Mosoff, CEO of Toronto-based fintech firm Ether Capital, says a big part of the Bitcoin narrative has been a hedge against the inflation of fiat currencies, such as the U.S. dollar.

The timing of COVID and the expansion of government and central bank balance sheets have investors nervous about inflation. Investors are seeking ways to hedge and Bitcoin stands to be an important beneficiary of this, he said in an email.

Bitcoins algorithm dictates that only 21 million Bitcoin will ever be minted, leading many investors to draw the comparison to golds scarcity. Industry watchers say many investors view Bitcoin as a kind of digital gold and for that reason, it has piggy-backed on golds current rally.

According to Bilal Hammoud, CEO and Founder of a Calgary-based cryptocurrency exchange NDAX.io, Bitcoin is the perfect long-term hedge against both monetary policy instability and political instability. In an email he said ongoing trade tensions between the U.S. and China as well as unlimited money-printing stimulus due to the pandemic make the greenback a less attractive safe haven, driving the smart money to anti-inflationary assets such as gold and bitcoin as a hedge.

Another significant development driving the price of Bitcoin higher is a July 22 letter from the U.S. federal agency responsible for monitoring national banks and federal branches of foreign banks. It states that the Office of the Comptroller of the Currency concluded providing custody of cryptocurrency is a modern form of traditional bank activities related to custody services.

Banks can continue satisfying their customers needs for safeguarding their most valuable assets, which today for tens of millions of Americans includes cryptocurrency, the OCC letter says.

The letter opened the door for all national banks to provide cryptocurrency custody services for customers, according to Taras Kulyk, a senior vice-president at Bellevue, Washington-based blockchain and Artificial Intelligence firm, Core Scientific.

Following the release ofthis letter,the price of Bitcoin jumped 10 per cent in the span of 48 hours. Kulyk said in a phoneinterview that the market realized that this truly was a fundamental shift in regulatory positioning in the United States.

American law firm Sullivan Worcester LLP, which is based in New York City, described the OCCs letter in a July 24 note to clients as a potential turning point in the notorious frenemy relationship between banks and cryptocurrency. It goes on to say its possible that this could lead to a lower barrier for consumer and merchant crypto transactions.

Kulyk said in addition to the OCCs statement, many U.S. consumer-facing fintech apps including Venmo and Paypal have recently announced plans to integrate cryptocurrency in their offerings.

In July, popular Canadian investment app Wealthsimple announced plans to offer cryptocurrency trading on its platform asBitcoin trade volumes reached record highs on major cryptocurrency exchanges around the world.

Mosoff said that historically, the majority of Bitcoin trading is done by retail investors, although institutional capital and interest is increasing.

"It's difficult and often impossible to know what leads to big, short-term price moves in crypto," he said. "Bitcoin is traded globally and traders often employ leverage; with leverage a lot of volatility is possible."

On Sunday, Bitcoin experienced a flash crash, with US$1,000 wiped from its trading price on major platforms within minutes. It has since somewhatrecovered, and the move was attributed to profit-taking by so-called whales who own large amounts of the cryptocurrency.

Bitcoins overall price increase has provided fuel for other major cryptocurrencies, including ether which runs on the Ethereum network, and was pioneered by Canadian Vitalik Buterin. Historically the largest cryptocurrencies tend to move in lockstep, though Mosoff says Ethereum, which marked its fifth anniversary at the end of July, is one to watch.

While Bitcoin is treated as a stock, commodity or store of value, Mosoff says Etheris poised to take a different path.

Later this year, the network will begin to undergo a significant upgrade that will allow investors to generate yield in what weve termed a digital bond, Mosoff said.I believe this upgrade will put substantial upwards pressure on the price.

Originally posted here:
Bitcoin's flash crash and recent rally explained - BNN

Archer Materials to showcase quantum technology during Virtual Trade Mission to London Tech Week – Proactive Investors Australia

Posted on by

As part of its commercial strategy, the companys CEO and senior management will virtually attend London Tech Week from September 1-11, together with international delegations of high-growth-potential technology companies.

() has been invited by the British Consulate-General Department for International Trade to attend and participate in the Virtual Trade Mission to London Tech Week 2020.

As part of the companys commercial strategy, CEOMohammad Choucair and senior management will attend London Tech Week virtually from September 1 to11 with international delegations of high-growth-potential technology companies.

London Tech Week is Europes most influential tech event showcasing the best in tech innovation from across the globeand in 2019 attracted a global audience of 58,000 attendees and an online reach of over 300 million.

Chief executive officerChoucair said: The Trade Mission to London Tech Week follows from our invitation to chair at the Quantum Tech conference this year, also in the UK.

"We are being acknowledged on the world stage due to our success and potential to make a positive impact in the quantum economy.

The focus of our 12CQ activities leading up to London Tech Week is around quantum control of the chip [qubit] components which we recently commenced the quantum in quantum computing.

We look forward to engaging with organisations in sectors that will be disrupted and enabled by quantum computing.

Archer aims to initiate strategic business relationships, identify upcoming opportunities and conduct virtual meetings with key decision-makers in the deep tech economy.

The curated program for delegates spans industries directly relevant to Archers 12CQ quantum computing chip including fintech, healthtech, smart citiesand AI.

12CQ is a world-first technology that Archer aims to build for quantum computing operation at room-temperature and integration onboard modern electronic devices.

In strengtheningthe commercial readiness of its 12CQ chip, the company has recently accomplished a number of achievements.

Archer has progressed patent applications internationally including in the EU, successfully begun assembling chip prototypes and has recently entered into a quantum computing agreement with IBM that supports the companys plans to use IBM's open-source framework, Qiskit, as the software stack for the12CQ chip.

See the original post here:
Archer Materials to showcase quantum technology during Virtual Trade Mission to London Tech Week - Proactive Investors Australia

China Is Waging Cyber-Enabled Economic War on the U.S. How to Fight Back. – Barron’s

Posted on by

For all practical intents, the United States is at war with China. This may come as a surprise since no bullets have been fired nor declarations made. Yet there is little question that, for over a decade, the Chinese government has engaged in a sustained campaign of cyber-enabled economic aggression against us and our allies. They have targeted our most productive economic sectors and are currently winning. But as we restart our economy after Covid-19, we have a unique opportunity to shift this fight decisively back in our favor.

At the heart of this conflict is a series of grand economic competitions across key industries, including telecommunications, advanced computing, robotics, energy generation, resource extraction, aerospace, and the medical sciences, to name just a few. We are currently facing off with China on 5G technology, machine learning, quantum computing, nuclear and solar power, satellites, rare earth metals, biotechnology, and pharmaceuticals. Fundamental to the Chinese strategy for winning in each of these areasand many moreis the rampant theft of American intellectual property.

The Chinese playbook is deceptively simple: Why spend trillions of dollars on basic science or advanced research when it can be stolen with almost no penalties? The Chinese government is stunningly good at this theft. Not only do they employ thousands of government operatives to engage in this effort, a new federal indictment charges that they have fostered a criminal hacker class that works for its personal economic gain as well as for the Chinese state.

This brazen theft is not just limited to intellectual property. It also involves the pilfering of massive amounts of datafrom the likes of the U.S. Office of Personnel Management, Equifax, Marriott, and Anthemthat will fuel intelligence operations and train machine learning algorithms, generating economic and political gain for decades.

Chinese companies also look to acquire American technology through investment, acquisition, litigation, and bankruptcy, turning our own markets and courts against us. They masquerade as American companies while under the control of the Chinese government. Even worse, they take advantage of our companies looking to do business in China by extorting them into creating joint ventures, transferring intellectual property, and providing data to the Chinese Communist Party.

They likewise send students and researchers to our best research universities, all the while pressuring them to steal information for the Chinese state. The recent indictment of a Chinese military officer allegedly masquerading as a researcher at Stanford is but one such example. Chinese intelligence agencies likewise seek to co-opt American academics by providing grant funding for joint research projects and invitations to write for cash.

All of this economic warfare is directed at one key goal: to replace the United States as the global leader. Their agents do this by handing over the spoils of the state-run hacking and extortion campaign to Chinese companies which, in turn, exploit Chinese (and other) workers to make goods at reduced cost, selling them back to us and our allies, making us more reliant upon them.

Weve all now seen the price of this reliance in the difficulty many Americans face in getting medical gear and life-saving drugs. But our reliance is hardly limited to these goods. We also rely on China for all manner of finished goods and key inputs, the loss of which could grind our economy to a virtual halt overnight. Indeed, years ago, the Chinese created a plan to make us reliant on them in a dozen key areas. They now see Covid-19 as an opportunity to surge forward. But it need not be so. We have a chance, in this very moment of economic turmoil, to regain the edge.

First, the U.S. government must stand shoulder-to-shoulder with our private sector to protect and push back. Just as the Chinese back their companies in competition with us, we must do the same for our industry. We should collect and share actionable threat intelligence and actively collaborate with the private sector to protect them through collective defense. We must also push back, using all elements of national power, to end the Chinese campaign of cyber-enabled economic warfare, including through the use of trade measures, sanctions, persistent cyber engagement, and, where necessary, more aggressive actions. We cannot allow trade deals or our desire for cheap Chinese goods to force us to sit on our hands, leaving our private sector alone to fight this war. Doing so means certain defeat.

Second, we must also work with our allies across the globe, including in the Indo-Pacific region, which the administration has identified as the single most consequential region for our future. Indias recent travails at Chinas hands should be a warning to all in the region and we must reject this aggression just as we have in the South China Sea. Likewise, having brought the British back on board on 5G, we must also now convince Germany to join this unified front. America need not stand alone. Making common cause with our longstanding allies is the right approach.

Finally, as we look to restart our economy, we must incentivize Americans to invest their money here and protect our innovation base. We must create tax and regulatory incentives that encourage investment in American companies struggling to survive and protect their intellectual property. These investors should be able to take advantage of low-cost capital to reorganize and reorient companies working on dual-use technologies to accelerate us into recovery and bring manufacturing and jobs back to the United States.

If we are to preserve this nation and remain a global leader, we cannot permit the continued theft of our childrens future right from under our noses. Now is the time to act.

Gen. (Ret) Keith B. Alexander is the former director of the National Security Agency and Founding Commander of United States Cyber Command, and currently serves as chairman, president and co-CEO of IronNet Cybersecurity, a start-up technology company focused on network threat analytics and collective defense and is on the Board of Advisors for the National Security Institute at George Mason Universitys Scalia Law School. Jamil N. Jaffer is the former chief counsel and senior advisor to the Senate Foreign Relations Committee and served in senior national security roles in the George W. Bush Justice Department and White House, and currently serves as senior vice president for strategy, partnerships and corporate development at IronNet Cybersecurity and as the founder and executive director of NSI.

Read the original:
China Is Waging Cyber-Enabled Economic War on the U.S. How to Fight Back. - Barron's

Australias anti-encryption law has damaged the countrys tech industry – Reclaim The Net

Posted on by

Nearly two years after Australia passed its controversial anti-encryption laws, the tech industry is already feeling an impact. Apparently, many non-Australian companies and IT professionals are no longer interested in doing business with Australia.

The typically-inconspicuously named Assistance and Access Act 2018 and Telecommunications and Other Legislation Amendment were supposed to create a safe online environment for Australians. The official description of AAA on Australias government website states that encryption technologies are employed by terrorists, paedophiles, drug smugglers and human traffickers to conceal illicit activities and facilitate crime.

The Australian government denies that these laws would be used to implement backdoors. Meanwhile, Australias Attorney-General Christian Porter has specifically said This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority and oversight, to access the encrypted conversations

As usual, fear-mongering tactics are used to justify authoritarian acts of government overreach that dwindle our freedoms. Then again, given the context its framed in, its no surprise the bill was passed. After all, lawmakers arent known to be the most informed and up to date on the latest technology.

Double your web browsing speed with today's sponsor. Get Brave.

The situation largely mirrors the FESTA/SESTA situation States-side. Initially pushed as anti-human trafficking bills, they in fact made human trafficking worse by forcing many informants underground. In the end, all they did was target innocent, consensual sex work.

But how could you not support a bill that says its against terrorism, pedophilia, and human trafficking? Only a monster wouldnt.

Australian tech giant Atlassian has decided to speak out against the laws, saying they have damaged the reputation of the technology sector, discouraged talent from working in Australia, and harmed an industry that could help drive economic growth in the nations post-Covid-19 recovery.

RELATED: FastMail says its staff are worried about being legally compelled to install secret backdoors in its software

It is my belief that the very rushed nature in which the [TOLA] bill was passed and then also the nature of the rights granted to government under TOLA have had a negative impact on the reputation of the Australian technology sector, said Patrick Zhang, Atlassians policy and government affairs head.

Another criticism is that a backdoor can be exploited not just by the government, but also by foreign governments or malicious actors weakening security as a whole.

He discussed technical capability notices (TCNs), which are basically subpoenas that can force companies to build backdoors into their encrypted services without the knowledge of their customers. Alternatively, they can also be used to compel IT employees to build said backdoors without the knowledge of their company.

That has given a number of our customers concerns. Because I think that the fear is that by working with an Australian company, whether by using its product or as a vendor is that company going to be subject to orders by the government to weaken its security or to build backdoors that will make the product less secure and expose a weak link, if you will, in the technology supply chain that is global in nature?

RELATED: Australias draconian anti-encryption laws mean device makers blacklist Australian telecoms firms

Zhangs fears arent just speculative either. Australias anti-encryption laws have already been used to strip journalists of their protections as we saw last year with the infamous AFP raid on ABC.

In June 2019, Australian federal police officers raided Australian Broadcasting Corporations headquarters with a warrant regarding allegations that Australian special forces were involved in war crimes.

The warrant, posted on Twitter, granted officers the right to add, copy, delete or alter any data in ABCs computers. The warrant further went on to detail the different types of data they were interested in, including handwritten and digital notes and correspondence, graphics, raw footage, documents classified as secret, along with any manual, instruction, password or other thing that assists to gain access to or interpret or decode any of the above things.

Former defence lawyer David McBride was charged with five counts of leaking classified information, on which the war crime allegations were based.

In a world where countries like Switzerland and Norway are considered havens of personal privacy protection, its not difficult to see where Zhang is coming from. China, Russia and India are already considered to be on the opposite end of that scale. Looks like Australia is squarely in the latter list now.

Continued here:
Australias anti-encryption law has damaged the countrys tech industry - Reclaim The Net

Senators Graham And Blumenthal Can’t Even ‘Earn’ The EARN IT Act: Looking To Sneak Vote Through Without Debate – Techdirt

Posted on by

from the don't-let-them dept

Senator Lindsey Graham very badly wants to push the extremely dangerous EARN IT Act across the finish line. He's up for re-election this fall, and wants to burnish his "I took on big tech" creds, and sees EARN IT as his path to grandstanding glory. Never mind the damage it will do to basically every one. While the bill was radically changed via his manager's amendment last month, it's still an utter disaster that puts basically everything we hold dear about the internet at risk. It will allow for some attacks on encryption and (somewhat bizarrely) will push other services to more fully encrypt. For those that don't do that, there will still be new limitations on Section 230 protections and, very dangerously, it will create strong incentives for internet companies to collect more personal information about every one of their users to make sure they're complying with the law.

It's a weird way to "attack" the power of big tech by forcing them to collect and store more of your private info. But, hey, it's not about what's actually in the bill. It's about whatever bullshit narrative Graham and others know the press will say is in the bill.

Either way, we've heard that Graham and his bi-partisan supporter for EARN IT, Senator Richard Blumenthal, are looking to rush EARN IT through with no debate, via a process known as hotlining. Basically, it's a way to try to get around any floor debate, by asking every Senator's office (by email, apparently!) if they would object to a call for unanimous consent. If no Senator objects, then they basically know they can skip debate and get the bill approved. If Senators object, then (behind the scenes) others can start to lean on (or horse trade) with the Senators to get the objections to go away without it all having to happen on the floor of the Senate. In other words, Graham and Blumenthal are recognizing that they probably can't "earn" the EARN IT Act if it has to go through the official process to have it debated and voted on on the floor, and instead are looking to sneak it through when no one's looking.

While Senator Wyden (once again) has said he'll do whatever he can to to block this, it would help if other Senators would stand up as well. Here's what Wyden had to say about it:

The EARN IT Act will not protect children. It will not stop thespread of child sexual abuse material, nor target the monsters whoproduce and share it, and it will not help the victims of these evilcrimes. What it will do is threaten the free speech, privacy, andsecurity of every single American. This is because, at its core, theamended EARN IT Act magnifies the failures of the Stop Enabling SexTraffickers Act--SESTA--and its House companion, the Fight Online SexTrafficking Act--FOSTA. Experts believe that SESTA/FOSTA has donenothing to help victims or stop sex trafficking, while creatingcollateral damage for marginalized communities and the speech of allAmericans. A lawsuit challenging the constitutionality of FOSTA onFirst Amendment grounds is proceeding through the courts, and there isbicameral Federal legislation to study the widespread negative impactsof the bill on marginalized groups.

Yet, the authors of the EARN IT Act decided to take this kind ofcarveout and expand it further to State civil and criminal statutes. Byallowing any individual State to set laws for internet content, thisbill would create massive uncertainty, both for strong encryption andconstitutionally protected speech online. What is worse, the flood ofState laws that could potentially arise under the EARN IT Act raisesstrong Fourth Amendment concerns, meaning that any CSAM evidencecollected could be rendered inadmissible in court and accused CSAMoffenders could get off scot-free. This is not a risk that I am willingto take.

Let me be clear: The proliferation of these heinous crimes againstchildren is a serious problem. However, for these reasons and more, theEARN IT Act is not the solution. Moreover, it ignores what Congress canand should be doing to combat this heinous crime. The U.S. has a numberof important evidence-based programs in existence that are proven tokeep kids safe, and they are in desperate need of funding to do theirgood work. Yet the EARN IT Act doesn't include a single dollar offunding for these important programs. It is time for the U.S.Government to spend the funds necessary to save children's lives now.

While a Wyden hold would block any attempt to get unanimous consent via the hotlining process, it would help quite a lot if other Senators were willing to speak up and stand with him as well. If it's just Wyden, then he'll face tremendous pressure to remove the hold. If more Senators join Wyden in saying this isn't okay, then Graham and Blumenthal will realize they have a bigger challenge in front of them.

Again, if you haven't been following this debate closely, everything that Wyden says above is accurate. EARN IT is an attack on both free speech and privacy (a twofer) without doing anything to actually deal with the problem of child sexual abuse material online. That is very much a law enforcement issue, and it's one which Congress has failed to provide the funds to law enforcement that it promised on this issue, and (even worse) the DOJ has simply ignored its requirement mandates to deal with this issue as required by Congress. The DOJ seems more focused on attacking tech companies and blaming them for its own failure to do its job.

The EARN IT Act is an incredibly dangerous piece of legislation, but it's also a complicated one -- one that many people don't understand. But Senators see something that says "protect the children" and they immediately think "well, of course we support that." But this bill doesn't protect children. It attacks free speech and privacy online in very insidious ways. Please call your Senators and ask them not to let this through.

Filed Under: debate, earn it, earn it act, encryption, free speech, lindsey graham, privacy, richard blumenthal, section 230, senate

Read this article:
Senators Graham And Blumenthal Can't Even 'Earn' The EARN IT Act: Looking To Sneak Vote Through Without Debate - Techdirt

"Fear of Authoritarian Regimes Is Pushing the Film Industry to Self-Censor" – Reason

Posted on by

A very interesting article in Foreign Affairs by my UCLA School of Law colleague Kal Raustiala; here's an excerpt:

What sets the United States apart from the rest of the world is and has always been its soft power. The Soviets may have equaled the Americans in nuclear capability, but they could never rival the appeal of the "American way of life." And even as China tries to spread its culture across the globe, its rise tends to inspire more trepidation than admiration.

Many ingredients combine to give U.S. soft power its strength and reach, but entertainment and culture have always been central to the mix. Film and television have shaped how the world sees the United Statesand how it perceives the country's adversaries. Yet that unique advantage seems to be slipping away. When it comes to some of the great questions of global power politics today, Hollywood has become remarkably timid. On some issues, it has gone silent altogether.

The most glaring example is the growing wariness of U.S. studios to do anything that might imperil their standing with the Chinese government. China's box office is as large as the American one, and entertainment is above all a business. So Hollywood sanitizes or censors topics that Beijing doesn't like. But the phenomenon is not limited to China, nor is it all about revenue. Studios, writers, and producers increasingly fear they will be hacked or harmed if they portray any foreign autocrats in a negative light, be it Russian President Vladimir Putin or North Korean dictator Kim Jong Un.

It wasn't always this way. In the 1930s, Charlie Chaplin'sThe Great Dictatortook on Adolf Hitler. Later, Martin Scorsese'sKundunshone a light on the fate of Tibet, andThe Unbearable Lightness of BeingandThe Hunt for Red Octobermade the Cold War come alive. Today,the market power of Chinaand the cyberpower of some rogue statesis making studios and creatives think twice about producing such daring, overtly political films. And as the retreat from the kind of films that once bolstered American soft power accelerates, Hollywood is running out of real-life antagonists.

View post:

"Fear of Authoritarian Regimes Is Pushing the Film Industry to Self-Censor" - Reason

Pence Says Administration Will ‘Lean Into’ Issue of Tech Censorship – Newsmax

Posted on by

Vice President Mike Pence said Tuesday the Trump administration is continuing to "lean into"investigatingthe claimsocial media and other tech companies are censoring content and opinions contrary to liberal doctrine, promising to preserve the freedom of speech and freedom of press on the Internet.

Speaking with Breitbart News Editor-in-Chief Alex Marlow on SiriusXM's "Breitbart News Daily," Pence addressed in broad terms the actions of tech companies such as Facebook, Google and particularly Twitter.

Last week, Twitter removed a Breitbart's livestream news conference of the medical group America's Frontline Doctors held on the steps of the U.S. Supreme Court regarding what it said was misinformation on the novel coronavirus.

It was also removed from YouTube.

Twitter claimed the livestream was a violation of its "COVID-19 misinformation policy," Breitbart News reported. Among the claims made by some of the participants of the event was the promotion of the half-century old anti-malaria drug hydroxychloroquine as possible treatment for the novel coronavirus.

The group's website has been removed by the tech company squarespace.com.

"We're going to do our very best every day between now and election day and for four more years after that to make sure that we preserve the freedom of speech and freedom of the press on the Internet," Pence said.

Marlow also said one of Breitbart News' Twitter accounts was "shuttered" until the video of the press conference was deleted.

Pence said the Trump administration was working to ensure freedom of opinion on social media platforms, which have enjoyed liability protection under the 1996 Communications Decency Act by claiming they are merely "passive bulleting boards" of information.

He referred to last week's action by President Donald Trump, which formally requested the Federal Communication Commission reinterpret the law particularly in regard to social media companies which selectively choose which user content to allow and which to block, edit or censor.

"Well, freedom of speech is the bedrock of American democracy, that's why our founding fathers enshrined the freedom of speech, freedom of the press, in the first amendment of the constitution and I want all your listeners to know as they've seen this president and our administration take action to prevent online censorship in the past, that we're going to continue to lean into this effort," Pence said.

"As you know, last summer the Department of Justice launched a broad antitrust review of big tech, that's ongoing. The president this summer signed an executive order that set into motion a series of actions that launched a tech bias reporting tool at the White House and called on the FTC to consider action whenever is appropriate to prohibit unfair or deceptive acts affecting commerce, etc."

2020 Newsmax. All rights reserved.

Continued here:

Pence Says Administration Will 'Lean Into' Issue of Tech Censorship - Newsmax

South Park: Why Episodes "200" and "201" Were Banned – Screen Rant

Posted on by

South Park is well known for its crude and controversial material, however, some episodes have caused such an uproar that they are now banned.

South Park is well known for its crude and controversial material;however, there are some episodes that have caused suchan uproar that they are now banned from Comedy Central, South Park Studios website, and any streaming platform that airs the show. While there are five episodes banned in total, season 14 episodes "200" and "201" sparked an enormous outcry from Middle-Eastern terrorism groups over their planned depiction of the Prophet Muhammad.

Released in 1997,South Park became known for its crude animation and subject matter, before pivoting to more political, current-events-based satire. Still, despite its offensive material, the show has earned itself an array of awards and accolades, such as Primetime Emmy Awards, and its success has not waivered, remaining one of Comedy Central's most-watched shows.

Related:Why Winnie The Pooh Is Banned In China

Censorship was at the heart of episodes "200" and "201," with series creators Trey Parker and Matt Stone taking a strong stance against it. The episodes upon airing, however, were censored; even the dialogue at the end of "201" was completely bleeped. The creators weren't happy with the network's decision (as per a statement South Park Studios released), which was no doubt increased by the fact that an image of Muhammad had already aired in 2001 during season 5 episode 3's "Super Best Friends."

Ross Douthat of The New York Timesstated thatthe move to censorSouth Park was a result of the Danish newspaper,Jyllands-Posten,running unflattering images of the Prophet Muhammad in 2005, which lead to global riots and death threats. In Islam traditions, the Prophet is not allowed to be depicted in any way. Despite this, the newspaper ran the images, and even with outcries from several prominent Muslim groups, the paper did not back down.

In the United States, tensions were high between the West and Islamic people due to the 9/11 terrorist attack. While US news outlets covered the controversy, they did not reprint any of the depictions of Muhammad, even though the US values freedom of speech and the press. For the US, religious sensitivity along with a larger population of people of the Islamic faith was a more important factor.

Episodes "200" and "201" revolve around pastSouth Parkepisodes, storylines, and controversies, with Trey Parker and Matt Stone pushing the boundaries of censorship, especially in the case of Muhammad. Irritated that they could show Jesus and other religious icons, the inability to display Muhammad becomes a focal point of the episode. Throughout the story, past celebrities, angered by the town of South Park for continually ridiculing and mocking them, want to steal the powers Muhammad has to not be shown or insulted.

Related:South Park: Every Celebrity Guest Star

After episode "200" aired, threats were leveled against both creators of the show and Comedy Central if they depicted the image of Muhammad further. Revolution Muslim, a group known for advocating the end of western imperialism, had an author post to Twitter wishing death and Hell for both Trey Parker and Matt Stone. Additional threats and veiled references were made comparing the creators to Dutch director Theo Van Gogh, who was murdered after a film he made portrayed violence against women in some Islamic societies.

While Trey Parker and Matt Stone continued to advocate against censorship and defended their work, Comedy Central heavily censored the episode in order to protect its employees. Further, they went back and removed "Super Best Friends" from the South Park lineup, as well as censored "Cartoon Wars Parts 1 and 2." WhileSouth Park has released episodes in the past that have pushed the boundaries enough to warrantcensorship, episodes "200" and "201" are notable due to their focused plot points, as well as the threats that were leveled against both show creators before the episodes even aired.

More:Is South ParkOn Netflix, Hulu Or Prime? Where To Watch Online

Friends: Every Character The Show Totally Forgot About

Jeff lives and breathes TV shows, movies, and video games. He's built his own media/gaming PC to house all of his media. Trained as a Screenwriter, Jeff dreams of being a Showrunner one day. His encyclopedic knowledge of TV shows allows him to write on a wide array of topics. Recently, he's been exploring Screenwriting for Virtual Reality. He draws from his love of science fiction, horror, drama, fantasy, and real-world politics/religion to craft his stories. In addition to writing, he has a passion for teaching, as well as Technology, Science, and Space Exploration.

Read the original:

South Park: Why Episodes "200" and "201" Were Banned - Screen Rant