Category Archives: News

worldwide news

Broadcom’s Tan, CBS’s Moonves Among Highest-Paid CEOs

Here are the highest-paid CEOs for 2017, as calculated by The Associated Press and Equilar, an executive data firm.

The AP’s compensation study covered 339 executives at S&P 500 companies who have served at least two full consecutive fiscal years at their respective companies, which filed proxy statements between January 1 and April 30.

Compensation often includes stock and option grants that the CEO may not receive for years unless certain performance measures are met. For some companies, big raises occur when CEOs get a stock grant in one year as part of a multi-year grant.

  1. Hock Tan

Broadcom

$103.2 million

Change from last year: Up 318 percent

  1. Leslie Moonves

CBS

$68.4 million

Change: flat

  1. W. Nicholas Howley

TransDigm

$61 million

Change: Up 223 percent

(Howley left the CEO position last month.)

  1. Jeffrey Bewkes

Time Warner

$49 million

Change: Up 50 percent

  1. Stephen Kaufer

TripAdvisor

$43.2 million

 

Change: Up 3,400 percent

(Kaufer’s 2017 compensation excludes $4.8 million in incremental fair value relating to the modification of awards granted in 2013.)

  1. David Zaslav

Discovery Communications

$42.2 million

Change: Up 14 percent

  1. Robert Iger

Walt Disney

$36.3 million

Change: Down 11 percent

  1. Stephen Wynn

Wynn Resorts

$34.5 million

Change: Up 23 percent

(Wynn left the CEO position in February.)

  1. Brenton Saunders

Allergan

$32.8 million

Change: Up 693 percent

  1. Brian Roberts

Comcast

$32.5 million

Change: Down 1 percent

$1*/ mo hosting! Get going with us!

Former FBI Director Comey: Agency Cannot Fight Foreign Propaganda

Former U.S. FBI Director James Comey said that social media companies needed to “worry” about foreign political propaganda on their networks, but he had few ideas on how to counter it.

In an interview with Reuters, Comey also said he would be leery of the Federal Bureau of Investigation trying to track propaganda in the United States, let alone take action against it, while acknowledging that it was a major problem for the U.S. political system.

“I don’t have a great answer for them,” Comey said of social media companies including Facebook and Twitter, which were major venues for what U.S. intelligence agencies have said was a Russian-sponsored effort to help President Donald Trump win the 2016 U.S. election.

Comey’s comments on Wednesday follow former Director of National Intelligence James Clapper’s conclusion in a new book that the Russian election meddling, which allegedly included illegal hacking and leaking of stolen information as well as propaganda, had a decisive influence in electing Trump.

Trump fired Comey as the FBI investigated the Russian election interference, setting the stage for the appointment of Special Counsel Robert Mueller and his wide-ranging inquiries.

Comey has been criticized for the FBI’s failure to counter Russia’s election meddling while it was happening.

But Comey said the FBI should not get involved in fighting propaganda because it is a “rule-bound institution,” with strict policies that serve as an appropriate check on its power.

“You’d want to be very thoughtful about having the FBI, without having a predicated investigation, be monitoring speech in the U.S., because it’s often very difficult to tell, is it coming from a nation state?” Comey said. “So, in theory, that might involve collecting more broadly on speech in the United States.”

He said those same concerns had kept the FBI from tracking an influence campaign that included Russian-driven Facebook posts that reached more than 100 million people on that social network alone ahead of the 2016 election.

Spy claims

Comey avoided answering questions about the ongoing Mueller probe and his own role in the earlier version of the investigation, but he scoffed at Trump’s accusation this week that the FBI had planted a spy inside his 2016 campaign.

Comey said he could not comment directly on the claim, floated this week by Trump and Republican supporters in Congress.

More generally, Comey said, “The word ‘spy’ is not an accurate characterization in any case of the FBI’s use of confidential human sources, which are a critical tool in all of our investigations — people telling us things that they know.”

Asked whether he could deny that the FBI sent someone to get a job working full-time inside Trump’s presidential campaign, Comey laughed and said: “I’m tempted, but I’ve got to leave it to the Bureau to comment.”

Uncrackable encryption

Comey is best known in Silicon Valley for leading an Obama administration charge against end-to-end encryption uncrackable by law enforcement.

In the interview, he conceded that one of the technology companies’ major objections to giving U.S. authorities special access — that it would then have to do the same for governments in Russia, China and elsewhere — was “reasonable.”

But he said some companies were already aiding such regimes by storing data in those countries and allowing access to source code. If they were sufficiently worried, he said, they could stop doing business in those places.

Comey said his goal was a process under which companies would grant access to authorities only according to strict standards of due process, such as relying on independent judges.

If the companies refused backdoor access until the other countries changed their legal system, “it would be good for the people of China and Russia.”

$1*/ mo hosting! Get going with us!

Former FBI Director Comey: Agency Cannot Fight Foreign Propaganda

Former U.S. FBI Director James Comey said that social media companies needed to “worry” about foreign political propaganda on their networks, but he had few ideas on how to counter it.

In an interview with Reuters, Comey also said he would be leery of the Federal Bureau of Investigation trying to track propaganda in the United States, let alone take action against it, while acknowledging that it was a major problem for the U.S. political system.

“I don’t have a great answer for them,” Comey said of social media companies including Facebook and Twitter, which were major venues for what U.S. intelligence agencies have said was a Russian-sponsored effort to help President Donald Trump win the 2016 U.S. election.

Comey’s comments on Wednesday follow former Director of National Intelligence James Clapper’s conclusion in a new book that the Russian election meddling, which allegedly included illegal hacking and leaking of stolen information as well as propaganda, had a decisive influence in electing Trump.

Trump fired Comey as the FBI investigated the Russian election interference, setting the stage for the appointment of Special Counsel Robert Mueller and his wide-ranging inquiries.

Comey has been criticized for the FBI’s failure to counter Russia’s election meddling while it was happening.

But Comey said the FBI should not get involved in fighting propaganda because it is a “rule-bound institution,” with strict policies that serve as an appropriate check on its power.

“You’d want to be very thoughtful about having the FBI, without having a predicated investigation, be monitoring speech in the U.S., because it’s often very difficult to tell, is it coming from a nation state?” Comey said. “So, in theory, that might involve collecting more broadly on speech in the United States.”

He said those same concerns had kept the FBI from tracking an influence campaign that included Russian-driven Facebook posts that reached more than 100 million people on that social network alone ahead of the 2016 election.

Spy claims

Comey avoided answering questions about the ongoing Mueller probe and his own role in the earlier version of the investigation, but he scoffed at Trump’s accusation this week that the FBI had planted a spy inside his 2016 campaign.

Comey said he could not comment directly on the claim, floated this week by Trump and Republican supporters in Congress.

More generally, Comey said, “The word ‘spy’ is not an accurate characterization in any case of the FBI’s use of confidential human sources, which are a critical tool in all of our investigations — people telling us things that they know.”

Asked whether he could deny that the FBI sent someone to get a job working full-time inside Trump’s presidential campaign, Comey laughed and said: “I’m tempted, but I’ve got to leave it to the Bureau to comment.”

Uncrackable encryption

Comey is best known in Silicon Valley for leading an Obama administration charge against end-to-end encryption uncrackable by law enforcement.

In the interview, he conceded that one of the technology companies’ major objections to giving U.S. authorities special access — that it would then have to do the same for governments in Russia, China and elsewhere — was “reasonable.”

But he said some companies were already aiding such regimes by storing data in those countries and allowing access to source code. If they were sufficiently worried, he said, they could stop doing business in those places.

Comey said his goal was a process under which companies would grant access to authorities only according to strict standards of due process, such as relying on independent judges.

If the companies refused backdoor access until the other countries changed their legal system, “it would be good for the people of China and Russia.”

$1*/ mo hosting! Get going with us!

Amazon’s Alexa Accidentally Tapes, Shares Family Chat With Contact

A Portland, Oregon, family has learned what happens when Amazon.com Inc’s popular voice assistant Alexa is lost in translation.

Amazon on Thursday described an “unlikely … string of events” that made Alexa send an audio recording of the family to one of their contacts randomly. The episode underscored how Alexa can misinterpret conversation as a wake-up call and command.

A local news outlet, KIRO 7, reported that a woman with Amazon devices across her home received a call two weeks ago from her husband’s employee, who said Alexa had recorded the family’s conversation about hardwood floors and sent it to him.

“I felt invaded,” the woman, only identified as Danielle, said in the report. “A total privacy invasion. Immediately I said, ‘I’m never plugging that device in again, because I can’t trust it.'”

Alexa, which comes with Echo speakers and other gadgets, starts recording after it hears its name or another “wake word” selected by users. This means that an utterance quite like Alexa, even from a TV commercial, can activate a device.

That’s what happened in the incident, Amazon said. “Subsequent conversation was heard as a ‘send message’ request,” the company said in a statement. “At which point,

Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list.”

Amazon added, “We are evaluating options to make this case even less likely.”

Assuring customers of Alexa’s security is crucial to Amazon, which has ambitions for Alexa to be ubiquitous — whether dimming the lights for customers or placing orders for them with the world’s largest online retailer.

University researchers from Berkeley and Georgetown found in a 2016 paper that sounds unintelligible to humans can set off voice assistants in general, which raised concerns of exploitation by attackers. Amazon did not immediately comment on the matter, but it previously told The New York Times that it has taken steps to keep its devices secure.

Millions of Amazon customers have shopped with Alexa. Customers bought tens of millions of Alexa devices last holiday season alone, the company has said. That makes the incident reported Thursday a rare one. But faulty hearing is not.

“Background noise from our television is making it think we said Alexa,” Wedbush Securities analyst Michael Pachter said of his personal experience. “It happens all the time.”

$1*/ mo hosting! Get going with us!

US Program That Aids Immigrants, Courts Under Review

Imer still has fragments from a bullet in his back. The 43-year-old Mexican immigrant, who asked to be identified only by his first name, fled the Mexican state of Guerrero more than 20 years ago after he was shot in the back by a Mexican drug gang.

He entered the U.S. illegally in 1998 and settled in Norristown, Pennsylvania, where he made a living working in construction. Two months ago he was arrested and put in detention in the York County Prison in south-central Pennsylvania.

“I’ve never committed a crime, not even a traffic ticket,” he said, as he choked up with tears. “Now, I don’t know what’s going to happen to my family if I am deported,” he said. Imer has two American-born children.

Recently, he was among a dozen detained undocumented immigrants, all from Latin America and dressed in orange prison overalls, sitting at a long table in a small room inside the detention center listening to a presentation in Spanish about their legal options. Fernanda Castillo, a staffer from the Pennsylvania Immigration Resources, or PIRC, explained the legal remedies they might pursue.

“Our main goal is to let them know what are their rights, what to expect in immigration court,” Castillo later told VOA. “We’ll talk about a couple of defenses to see if they are eligible for something and we talk about bond and voluntary departure as well.”

PIRC’s orientation class is indirectly funded by the U.S. Justice Department under the Legal Orientation Program, or LOP. Created in 2003 under the Bush administration, the LOP is aimed at giving detained immigrants some understanding of their rights and possible relief under U.S. immigration law. Administered by the Vera Institute of Justice, the $8 million-a-year program is carried out by PIRC and 17 other nonprofits in more than 30 detention centers from California to Virginia.

​Legal orientation program

The orientation class lasts about an hour, as Castillo explained what the detainees could expect when they appear before a U.S. immigration judge. Most wanted to know about getting bail.

“Am I eligible for bond? How low is the bond, how high is the bond,” Castillo said. “We get a lot of voluntary departure questions as well, a lot of people will not know the difference between a voluntary departure and a removal order, which can be an excruciating decision.”

Voluntary departure means someone may be able to return legally someday, though usually years later. With removal, there’s no chance, as Castillo explained to the class.

PIRC gets $200,000 a year for the information sessions and one-on-one workshops it conducts at the York County Prison.

PIRC Executive Director Mary Studzinski says the sessions have a direct impact on the immigration court process, now laboring under a backlog of more than 700,000 cases.

“It allows someone when they’re done with that class to have a better sense of whether they have any hope of staying, and if they do, what might be an avenue that they could pursue,” Studzinski told VOA in her office less than 2 kilometers from the prison. 

“If you know you have no remedy under law and there’s no way you can stay, then probably your best answer is that, ‘No, your honor, I would like to leave.’ (LOP) has an impact on the courts; it makes the courts more efficient,” she said.

This kind of impact saves the U.S. Treasury almost $18-million-a-year, according to a 2012 Vera Institute study of the LOP. A U.S. Immigration and Customs Enforcement (ICE) memo last year endorsed the LOP, saying informed detainees complete their cases faster.

Yet U.S. Attorney General Jeff Sessions has expressed concerns about the program. Earlier this year, he suspended funding pending a review. But responding to congressional pressure, Sessions later told a Senate panel last month that funding would continue as the LOP is evaluated.

The judge’s job

A Justice Department spokesperson later told VOA that it is time for a new review.

“We believe the reviews should be done on a more frequent basis,” the spokesperson said. “There’s a question about the (Vera Institute) methodology, and also we maintain that there’s a large overlap between what the LOP does and what the immigration judges do. They (the LOP) explain the rights to the detainees but this is also done by the immigration judges.”

But PIRC’s Studzinski says there’s no comparison. While some judges are more thorough than others, “I’ve seen it done in less than five minutes and they certainly don’t take an hour. … So if you ask me if a judge’s advisal is the same thing as a legal orientation, I would say no. Do I think advisals are important, yes they absolutely should remain in place but they are in no way a substitute for the Legal Orientation Program.”

Studzinski adds that PIRC this year is on track to orient 2,600 detainees, a figure much higher than two years ago.

“The increase we’re seeing is people being swept in from the community who in the previous administration would never have been picked up,” Studzinski said. “These are people who have been in the community for 10, 15, 20 years, who have not violated any laws.”

Like Imer, who is hoping to apply for asylum. During the recent PIRC orientation class Imer said he had paid a lawyer $3,000 but had not heard from him in the two months he has been in jail. PIRC later found out the “lawyer” was simply a notary. The organization is now working to help Imer find legal representation.

$1*/ mo hosting! Get going with us!

US Program That Aids Immigrants, Courts Under Review

Imer still has fragments from a bullet in his back. The 43-year-old Mexican immigrant, who asked to be identified only by his first name, fled the Mexican state of Guerrero more than 20 years ago after he was shot in the back by a Mexican drug gang.

He entered the U.S. illegally in 1998 and settled in Norristown, Pennsylvania, where he made a living working in construction. Two months ago he was arrested and put in detention in the York County Prison in south-central Pennsylvania.

“I’ve never committed a crime, not even a traffic ticket,” he said, as he choked up with tears. “Now, I don’t know what’s going to happen to my family if I am deported,” he said. Imer has two American-born children.

Recently, he was among a dozen detained undocumented immigrants, all from Latin America and dressed in orange prison overalls, sitting at a long table in a small room inside the detention center listening to a presentation in Spanish about their legal options. Fernanda Castillo, a staffer from the Pennsylvania Immigration Resources, or PIRC, explained the legal remedies they might pursue.

“Our main goal is to let them know what are their rights, what to expect in immigration court,” Castillo later told VOA. “We’ll talk about a couple of defenses to see if they are eligible for something and we talk about bond and voluntary departure as well.”

PIRC’s orientation class is indirectly funded by the U.S. Justice Department under the Legal Orientation Program, or LOP. Created in 2003 under the Bush administration, the LOP is aimed at giving detained immigrants some understanding of their rights and possible relief under U.S. immigration law. Administered by the Vera Institute of Justice, the $8 million-a-year program is carried out by PIRC and 17 other nonprofits in more than 30 detention centers from California to Virginia.

​Legal orientation program

The orientation class lasts about an hour, as Castillo explained what the detainees could expect when they appear before a U.S. immigration judge. Most wanted to know about getting bail.

“Am I eligible for bond? How low is the bond, how high is the bond,” Castillo said. “We get a lot of voluntary departure questions as well, a lot of people will not know the difference between a voluntary departure and a removal order, which can be an excruciating decision.”

Voluntary departure means someone may be able to return legally someday, though usually years later. With removal, there’s no chance, as Castillo explained to the class.

PIRC gets $200,000 a year for the information sessions and one-on-one workshops it conducts at the York County Prison.

PIRC Executive Director Mary Studzinski says the sessions have a direct impact on the immigration court process, now laboring under a backlog of more than 700,000 cases.

“It allows someone when they’re done with that class to have a better sense of whether they have any hope of staying, and if they do, what might be an avenue that they could pursue,” Studzinski told VOA in her office less than 2 kilometers from the prison. 

“If you know you have no remedy under law and there’s no way you can stay, then probably your best answer is that, ‘No, your honor, I would like to leave.’ (LOP) has an impact on the courts; it makes the courts more efficient,” she said.

This kind of impact saves the U.S. Treasury almost $18-million-a-year, according to a 2012 Vera Institute study of the LOP. A U.S. Immigration and Customs Enforcement (ICE) memo last year endorsed the LOP, saying informed detainees complete their cases faster.

Yet U.S. Attorney General Jeff Sessions has expressed concerns about the program. Earlier this year, he suspended funding pending a review. But responding to congressional pressure, Sessions later told a Senate panel last month that funding would continue as the LOP is evaluated.

The judge’s job

A Justice Department spokesperson later told VOA that it is time for a new review.

“We believe the reviews should be done on a more frequent basis,” the spokesperson said. “There’s a question about the (Vera Institute) methodology, and also we maintain that there’s a large overlap between what the LOP does and what the immigration judges do. They (the LOP) explain the rights to the detainees but this is also done by the immigration judges.”

But PIRC’s Studzinski says there’s no comparison. While some judges are more thorough than others, “I’ve seen it done in less than five minutes and they certainly don’t take an hour. … So if you ask me if a judge’s advisal is the same thing as a legal orientation, I would say no. Do I think advisals are important, yes they absolutely should remain in place but they are in no way a substitute for the Legal Orientation Program.”

Studzinski adds that PIRC this year is on track to orient 2,600 detainees, a figure much higher than two years ago.

“The increase we’re seeing is people being swept in from the community who in the previous administration would never have been picked up,” Studzinski said. “These are people who have been in the community for 10, 15, 20 years, who have not violated any laws.”

Like Imer, who is hoping to apply for asylum. During the recent PIRC orientation class Imer said he had paid a lawyer $3,000 but had not heard from him in the two months he has been in jail. PIRC later found out the “lawyer” was simply a notary. The organization is now working to help Imer find legal representation.

$1*/ mo hosting! Get going with us!

Jury: Samsung Owes Apple $539M for Copying iPhone

A jury has decided Samsung must pay Apple $539 million in damages for illegally copying some of the iPhone’s features to lure people into buying its competing products.

The verdict reached Thursday is the latest twist in a legal battle that began in 2011. Apple contends Samsung wouldn’t have emerged as the world’s leading seller of smartphones if it hadn’t ripped off the technology powering the pioneering iPhone in developing a line of similar devices running on Google’s Android software.

Patents infringed

Previous rulings had determined that Samsung infringed on some of Apple’s patents, but the amount of damages owed has been in legal limbo. Another jury convened for a 2012 trial had determined Samsung should pay Apple $1.05 billion, but U.S. District Judge Lucy Koh reduced that amount to $548 million.

The issue escalated to the U.S. Supreme Court , which determined in 2016 that a lower court needed to re-examine $399 million of the $548 million. That ruling was based on the concept that the damages shouldn’t be based on all the profits that the South Korean electronics giant rung up from products that copied the iPhone because its infringement may only have violated a few patents.

$1 billion or $28 million?

Apple had argued it was owed more than $1 billon while Samsung contended the $399 million should be slashed to $28 million. The revised damages figure represents a victory for Apple, even though it isn’t as much as the Cupertino, California, company had sought.

“Today’s decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages,” Samsung said in a statement. “We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers.”

An eight-person jury came up with the new amount following a one-week trial and four days of deliberation in a San Jose, California, federal courthouse.

Apple expressed gratitude to the jury for agreeing “that Samsung should pay for copying our products.”

“This case has always been about more than money,” a company statement said. “Apple ignited the smartphone revolution with iPhone and it is a fact that Samsung blatantly copied our design.”

$1*/ mo hosting! Get going with us!

Jury: Samsung Owes Apple $539M for Copying iPhone

A jury has decided Samsung must pay Apple $539 million in damages for illegally copying some of the iPhone’s features to lure people into buying its competing products.

The verdict reached Thursday is the latest twist in a legal battle that began in 2011. Apple contends Samsung wouldn’t have emerged as the world’s leading seller of smartphones if it hadn’t ripped off the technology powering the pioneering iPhone in developing a line of similar devices running on Google’s Android software.

Patents infringed

Previous rulings had determined that Samsung infringed on some of Apple’s patents, but the amount of damages owed has been in legal limbo. Another jury convened for a 2012 trial had determined Samsung should pay Apple $1.05 billion, but U.S. District Judge Lucy Koh reduced that amount to $548 million.

The issue escalated to the U.S. Supreme Court , which determined in 2016 that a lower court needed to re-examine $399 million of the $548 million. That ruling was based on the concept that the damages shouldn’t be based on all the profits that the South Korean electronics giant rung up from products that copied the iPhone because its infringement may only have violated a few patents.

$1 billion or $28 million?

Apple had argued it was owed more than $1 billon while Samsung contended the $399 million should be slashed to $28 million. The revised damages figure represents a victory for Apple, even though it isn’t as much as the Cupertino, California, company had sought.

“Today’s decision flies in the face of a unanimous Supreme Court ruling in favor of Samsung on the scope of design patent damages,” Samsung said in a statement. “We will consider all options to obtain an outcome that does not hinder creativity and fair competition for all companies and consumers.”

An eight-person jury came up with the new amount following a one-week trial and four days of deliberation in a San Jose, California, federal courthouse.

Apple expressed gratitude to the jury for agreeing “that Samsung should pay for copying our products.”

“This case has always been about more than money,” a company statement said. “Apple ignited the smartphone revolution with iPhone and it is a fact that Samsung blatantly copied our design.”

$1*/ mo hosting! Get going with us!

US Bill Would Force Tech Companies to Disclose Foreign Software Probes

U.S. tech companies would be forced to disclose if they allowed American adversaries, like Russia and China, to examine the inner workings of software sold to the U.S. military under proposed legislation, Senate staff told Reuters on Thursday.

The bill, approved by the Senate Armed Services Committee on Thursday, comes after a year-long Reuters investigation found software makers allowed a Russian defense agency to hunt for vulnerabilities in software that was already deeply embedded in some of the most sensitive parts of the U.S. government, including the Pentagon, the Federal Bureau of Investigation and intelligence agencies.

Security experts say allowing Russian authorities to conduct the reviews of internal software instructions — known as source code — could help Russia find vulnerabilities and more easily attack key systems that protect the United States. 

The new source code disclosure rules were included in Senate version of the National Defense Authorization Act, the Pentagon’s spending bill, according to staffers of Democratic Senator Jeanne Shaheen.

​Details of bill, which passed the committee 25-2, are not yet public. And the legislation still needs to be voted on by the full Senate and reconciled with a House version of the legislation before it can be signed into law by President Donald Trump.

If passed into law, the legislation would require companies that do business with the U.S. military to disclose any source code review of the software done by adversaries, staffers for Shaheen told Reuters. If the Pentagon deems a source code review a risk, military officials and the software company would need to agree on how to contain the threat. It could, for example, involve limiting the software’s use to non-classified settings.

The details of the foreign source code reviews, and any steps the company agreed to take to reduce the risks, would be stored in a database accessible to military officials, Shaheen’s staffers said. For most products, the military notification will only apply to countries determined to be cybersecurity threats, such as Russia and China.

Shaheen has been a key voice on cybersecurity in Congress. The New Hampshire senator last year led successful efforts in Congress to ban all government use of software provided by Moscow-based antivirus firm Kaspersky Lab, amid allegations the company is linked to Russian intelligence. Kaspersky denies such links.

In order to sell in the Russian market, tech companies including Hewlett Packard Enterprise Co, SAP and McAfee have allowed a Russian defense agency to scour software source code for vulnerabilities, Reuters found. In many cases, Reuters found that the software companies had not previously informed U.S. agencies that Russian authorities had been allowed to conduct the source code reviews. In most cases, the U.S. military does not require comparable source code reviews before it buys software, procurement experts have told Reuters. 

The companies have said the source code reviews were conducted by the Russians in company-controlled facilities, where the reviewer could not copy or alter the software. McAfee announced last year that it no longer allows government source code reviews. Hewlett Packard Enterprise has said none of its current software offerings have gone through the process.

$1*/ mo hosting! Get going with us!

US Bill Would Force Tech Companies to Disclose Foreign Software Probes

U.S. tech companies would be forced to disclose if they allowed American adversaries, like Russia and China, to examine the inner workings of software sold to the U.S. military under proposed legislation, Senate staff told Reuters on Thursday.

The bill, approved by the Senate Armed Services Committee on Thursday, comes after a year-long Reuters investigation found software makers allowed a Russian defense agency to hunt for vulnerabilities in software that was already deeply embedded in some of the most sensitive parts of the U.S. government, including the Pentagon, the Federal Bureau of Investigation and intelligence agencies.

Security experts say allowing Russian authorities to conduct the reviews of internal software instructions — known as source code — could help Russia find vulnerabilities and more easily attack key systems that protect the United States. 

The new source code disclosure rules were included in Senate version of the National Defense Authorization Act, the Pentagon’s spending bill, according to staffers of Democratic Senator Jeanne Shaheen.

​Details of bill, which passed the committee 25-2, are not yet public. And the legislation still needs to be voted on by the full Senate and reconciled with a House version of the legislation before it can be signed into law by President Donald Trump.

If passed into law, the legislation would require companies that do business with the U.S. military to disclose any source code review of the software done by adversaries, staffers for Shaheen told Reuters. If the Pentagon deems a source code review a risk, military officials and the software company would need to agree on how to contain the threat. It could, for example, involve limiting the software’s use to non-classified settings.

The details of the foreign source code reviews, and any steps the company agreed to take to reduce the risks, would be stored in a database accessible to military officials, Shaheen’s staffers said. For most products, the military notification will only apply to countries determined to be cybersecurity threats, such as Russia and China.

Shaheen has been a key voice on cybersecurity in Congress. The New Hampshire senator last year led successful efforts in Congress to ban all government use of software provided by Moscow-based antivirus firm Kaspersky Lab, amid allegations the company is linked to Russian intelligence. Kaspersky denies such links.

In order to sell in the Russian market, tech companies including Hewlett Packard Enterprise Co, SAP and McAfee have allowed a Russian defense agency to scour software source code for vulnerabilities, Reuters found. In many cases, Reuters found that the software companies had not previously informed U.S. agencies that Russian authorities had been allowed to conduct the source code reviews. In most cases, the U.S. military does not require comparable source code reviews before it buys software, procurement experts have told Reuters. 

The companies have said the source code reviews were conducted by the Russians in company-controlled facilities, where the reviewer could not copy or alter the software. McAfee announced last year that it no longer allows government source code reviews. Hewlett Packard Enterprise has said none of its current software offerings have gone through the process.

$1*/ mo hosting! Get going with us!