Month: June 2017

Once Again, the NSA Makes Us All Less Safe

A new ransomware attack similar to last month’s self-replicating WCry outbreak is sweeping the world with at least 80 large companies infected, including drug maker Merck, international shipping company Maersk, law firm DLA Piper, UK advertising firm WPP, and snack food maker Mondelez International. It has attacked at least 12,000 computers, according to one security company.

PetyaWrap, as some researchers are calling the ransomware, uses a cocktail of potent techniques to break into a network and from there spread from computer to computer. Like the WCry worm that paralyzed hospitals, shipping companies, and train stations around the globe in May, Tuesday’s attack made use of EternalBlue, the code name for an advanced exploit that was developed and used by, and later stolen from, the National Security Agency.

According to a blog post published by antivirus provider Kaspersky Lab, Tuesday’s attack also repurposed a separate NSA exploit dubbed EternalRomance. Microsoft patched the underlying vulnerabilities for both of those exploits in March, precisely four weeks before a still-unknown group calling itself the Shadow Brokers published the advanced NSA hacking tools. The leak gave people with only moderate technical skills a powerful vehicle for delivering virtually any kind of digital warhead to systems that had yet to install the updates.

Besides use of EternalRomance, Tuesday’s attack showed several other impressive improvements over WCry. One, according to Kaspersky, was the use of the Mimikatz hacking tool to extract passwords from other computers on a network. With those network credentials in hand, infected computers would then use PSExec, a legitimate Windows component known as the Windows Management Instrumentation, and possibly other command-line utilities to infect other machines, even when they weren’t vulnerable to the EternalBlue and EternalRomance exploits. For added effectiveness, at least some of the attacks also exploited the update mechanism of a third-party Ukrainian software product called MeDoc, Kaspersky Lab said. A researcher who posts under the handle MalwareTech, speculated here that MeDoc was itself compromised by malware that took control of the mechanism that sends updates to end users.

The fact that the NSA does not do a good job on cybersecurity should surprise no one.  Their job is not to keep our computers safe, but to break into as many systems as it can and hoover up data.

The ACLU has accurately described the problem:

Last month, a massive ransomware attack hit computers around the globe, and the government is partly to blame.

The malicious software, known as “WannaCry,” encrypted files on users’ machines, effectively locking them out of their information, and demanded a payment to unlock them. This attack spread rapidly through a vulnerability in a widely deployed component of Microsoft’s Windows operating system, and placed hospitals, local governments, banks, small businesses, and more in harm’s way.

This happened in no small part because of U.S. government decisions that prioritized offensive capabilities — the ability to execute cyberattacks for intelligence purposes — over the security of the world’s computer systems. The decision to make offensive capabilities the priority is a mistake. And at a minimum, this decision is one that should be reached openly and democratically. A bill has been proposed to try to improve oversight on these offensive capabilities, but oversight alone may not address the risks and perverse incentives created by the way they work. It’s worth unpacking the details of how these dangerous weapons come to be.

………

When researchers discover a previously unknown bug in a piece of software (often called a “zero day”), they have several options:

  1. They can report the problem to the supplier of the software (Microsoft, in this case).
  2. They can write a simple program to demonstrate the bug (a “proof of concept”) to try to get the software supplier to take the bug report seriously.
  3. If the flawed program is free or open source software, they can develop a fix for the problem and supply it alongside the bug report.
  4. They can announce the problem publicly to bring attention to it, with the goal of increasing pressure to get a fix deployed (or getting people to stop using the vulnerable software at all).
  5. They can try to sell exclusive access to information about the vulnerability on the global market, where governments and other organizations buy this information for offensive use.
  6. They can write a program to aggressively take advantage of the bug (an “exploit”) in the hopes of using it later to attack an adversary who is still using the vulnerable code.

Note that these last two actions (selling information or building exploits) are at odds with the first four. If the flaw gets fixed, exploits aren’t as useful and knowledge about the vulnerability isn’t as valuable.

………

The NSA knew about a disastrous flaw in widely used piece of software – as well as code to exploit it — for over five years without trying to get it fixed. In the meantime, others may have discovered the same vulnerability and built their own exploits.

The people handling our offensive cyber capabilities cannot be trusted to protect us, because it is not their jobs.

Their job is to hack into other people’s systems, and any consequences are seen as irrelevant.

It’s blind men and an elephant, and it’s the rest of us who suffer as a result.

More Tech Bros

In light of allegations of sexual harassment and unwanted sexual advances, Binary Capital co-founder and managing partner Justin Caldbeck is taking an indefinite leave of absence, he said in a statement provided to TechCrunch.

In his apology statement, Caldbeck did not outright admit nor deny the allegations of the female founders who came forward. Instead, he directed his apology “first to those women who I’ve made feel uncomfortable in any way, at any time – but also to the greater tech ecosystem, a community that I have utterly failed.”

As Leslie Miley noted on Twitter, the way Caldbeck kicked off his apology letter with words are how hard the last 24 hours have been on him. That’s because women in tech and in the workplace at larger have been dealing with this type of nonsense since forever.

I don’t mean to minimize the sexual harassment, but I think that this is symptomatic of a more general culture of impunity, and I think that if a prosecutor with a background in white collar crime went to town with some forensic accountants, no small number of these “masters of the universe” would find themselves in jail.

There’s Stupid, and There’s Psychopathic, and Then There Is the House of Saud

Just 24 hours after Turkey sent troops to protect Qatar, Saudi officials announced their public support for the Kurds in Syria.

— Leith Abou Fadel (@leithfadel) June 12, 2017

The House of Saud, the Gift that Keeps Giving

I am referring to, of course, the latest kerfuffle between Saudi Arabia and Qatar.

Saudi Arabia, with the rest of the its toady petty monarchs around the Persian Gulf, have recalled diplomats, expelled Qatari citizens, and blockaded the land border to Qatar:

For years, the tiny, energy-rich country of Qatar has carved out a niche in the Arab world by trying to be everything to everyone. It housed an American military base and flooded the region’s airwaves with its influential media, all while keeping close ties to Iran and a wide selection of Islamist movements.

On Monday, five countries in the region announced that they were forcing Qatar to choose: Its powerful neighbor Saudi Arabia, Egypt and at least three other Arab nations severed all ties with the country, escalating their accusations that the Qatari monarchy supported Sunni Islamist terrorism and Iranian designs on the region.

Those Arab nations not only abruptly suspended diplomatic relations, as they have in the past, but also surprised many by cutting off land, air and sea travel to and from Qatar. All but Egypt, which has 250,000 people working there, ordered their citizens to leave Qatar.

The move created an immediate crisis for Qatar, whose only land border is with Saudi Arabia and which imports about 40 percent of its food from the Saudis. Residents said that people were stocking up on food and cash. And Qatari diplomats and citizens were scrambling to meet a 48-hour deadline to leave some Persian Gulf countries where they had been posted.

Qatar, which in the context of the Gulf monarchies I would describe as the best of a bad lot, has been ruffling feathers in the reason for a while.

It has been generally supportive of the Islamic Brotherhood and its related groups (most notably Hamas), and it has relatively friendly relations with Iran, but the thing that really upsets other regional governments, particularly the House of Saud, is that it operates the Al Jazeera which actually provides relatively impartial news coverage of the region (except, of course, in Qatar, funny how that works).

Further complicating the matter is the fact that Doha has been cultivating a relationship with Turkey, and will be allowing Ankara to construct a military base on the peninsula, which would put a Turkish military presence in the area for the first time since the fall of the Ottoman empire.

This, along with a mammoth air base operated by the US in Qatar means that their military influence is far greater than their (90% expat) population and the size of their military would imply.

In any case, a list of demands was presented to Qatar by Saudi Arabia and the other gulf states:

  • Curb diplomatic ties with Iran and close its diplomatic missions there. Expel members of Iran’s Revolutionary Guard from Qatar and cut off any joint military cooperation with Iran. Only trade and commerce with Iran that complies with U.S. and international sanctions will be permitted.
  • Sever all ties to “terrorist organizations,” specifically the Muslim Brotherhood, the Islamic State group, al-Qaida, and Lebanon’s Hezbollah. Formally declare those entities as terrorist groups.
  • Shut down Al-Jazeera and its affiliate stations.
  • Shut down news outlets that Qatar funds, directly and indirectly, including Arabi21, Rassd, Al Araby Al-Jadeed and Middle East Eye.
  • Immediately terminate the Turkish military presence currently in Qatar and end any joint military cooperation with Turkey inside of Qatar.
  • Stop all means of funding for individuals, groups or organizations that have been designated as terrorists by Saudi Arabia, the UAE, Egypt, Bahrain, the United States and other countries.
  • Hand over “terrorist figures” and wanted individuals from Saudi Arabia, the UAE, Egypt and Bahrain to their countries of origin. Freeze their assets, and provide any desired information about their residency, movements and finances.
  • End interference in sovereign countries’ internal affairs. Stop granting citizenship to wanted nationals from Saudi Arabia, the UAE, Egypt and Bahrain. Revoke Qatari citizenship for existing nationals where such citizenship violates those countries’ laws.
  • Stop all contacts with the political opposition in Saudi Arabia, the UAE, Egypt and Bahrain. Hand over all files detailing Qatar’s prior contacts with and support for those opposition groups.
  • Pay reparations and compensation for loss of life and other, financial losses caused by Qatar’s policies in recent years. The sum will be determined in coordination with Qatar.
  • Align itself with the other Gulf and Arab countries militarily, politically, socially and economically, as well as on economic matters, in line with an agreement reached with Saudi Arabia in 2014.
  • Agree to all the demands within 10 days of it being submitted to Qatar, or the list becomes invalid. The document doesn’t specify what the countries will do if Qatar refuses to comply.
  • Consent to monthly audits for the first year after agreeing to the demands, then once per quarter during the second year. For the following 10 years, Qatar would be monitored annually for compliance.

It’s a laundry list of demands, and I think that some of them were inserted do provide some obfuscation or wiggle room.

I’ve highlighted the items that I think are the the real causus belli, which reduces to Iran, Turkey, and a (relatively) free press being what really upsets Riyadh.

One theory about these demands is that they are not a serious set of demands, but rather they have been issued with the goal of justifying a Saudi invasion.  (Think about the Austrian demands to Serbia that precipitated World War I.)

In any case, the immediate response by Qatar has been to reach out to Turkey and Iran for needed supplies, which also is very clearly a f%$# you to the other members of the GCC:

Qatar is in talks with Iran and Turkey to secure food and water supplies amid concerns of possible shortages two days after its biggest suppliers, the United Arab Emirates and Saudi Arabia, cut trade and diplomatic ties with the import-dependent country.

“We are in talks with Turkey and Iran and other countries,” said the official, who spoke on condition of anonymity due to the sensitivity of the subject, adding that the supplies would be brought in through Qatar Airways cargo flights.

So right now, it looks like Qatar is turning into yet another clusterf%$#, much like its aimless intervention in Yemen.

To quote Dean Vernon Wormer, “Fat, drunk, and stupid is no way to go through life, son.”

Linkage

I cam across an interesting video talking about the political context of the John Carpenter movie They Live. The movie’s message is even more apropos today:


We Sleep: On the Enduring Propheticism of John Carpenter’s THEY LIVE from Daniel Clarkson Fisher on Vimeo.

Seymour Hersh Has Another Blockbuster

Publishing in Die Welt, Hersh reveals that the US intelligence services were categorically contradicting the story of a Syrian gas attack Khan Sheikhoun which led to a US cruise missile attack on the Shayrat Air Base:

On April 6, United States President Donald Trump authorized an early morning Tomahawk missile strike on Shayrat Air Base in central Syria in retaliation for what he said was a deadly nerve agent attack carried out by the Syrian government two days earlier in the rebel-held town of Khan Sheikhoun. Trump issued the order despite having been warned by the U.S. intelligence community that it had found no evidence that the Syrians had used a chemical weapon.

The available intelligence made clear that the Syrians had targeted a jihadist meeting site on April 4 using a Russian-supplied guided bomb equipped with conventional explosives. Details of the attack, including information on its so-called high-value targets, had been provided by the Russians days in advance to American and allied military officials in Doha, whose mission is to coordinate all U.S., allied, Syrian and Russian Air Force operations in the region.

Some American military and intelligence officials were especially distressed by the president’s determination to ignore the evidence. “None of this makes any sense,” one officer told colleagues upon learning of the decision to bomb. “We KNOW that there was no chemical attack … the Russians are furious. Claiming we have the real intel and know the truth … I guess it didn’t matter whether we elected Clinton or Trump.”

The implication of the last statement, of course, is that the notoriously bellicose Hillary Clinton would seize any pretext for a strike against Syria and the Russians.

To the dismay of many senior members of his national security team, Trump could not be swayed over the next 48 hours of intense briefings and decision-making. In a series of interviews, I learned of the total disconnect between the president and many of his military advisers and intelligence officials, as well as officers on the ground in the region who had an entirely different understanding of the nature of Syria’s attack on Khan Sheikhoun. I was provided with evidence of that disconnect, in the form of transcripts of real-time communications, immediately following the Syrian attack on April 4. In an important pre-strike process known as deconfliction, U.S. and Russian officers routinely supply one another with advance details of planned flight paths and target coordinates, to ensure that there is no risk of collision or accidental encounter (the Russians speak on behalf of the Syrian military). This information is supplied daily to the American AWACS surveillance planes that monitor the flights once airborne. Deconfliction’s success and importance can be measured by the fact that there has yet to be one collision, or even a near miss, among the high-powered supersonic American, Allied, Russian and Syrian fighter bombers.

………

“The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,” a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. “It was an established meeting place,” the senior adviser said. “A long-time facility that would have had security, weapons, communications, files and a map center.” The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.

………

The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”

………

“It was a totally Trump show from beginning to end,” the senior adviser said. “A few of the president’s senior national security advisers viewed the mission as a minimized bad presidential decision, and one that they had an obligation to carry out. But I don’t think our national security people are going to allow themselves to be hustled into a bad decision again. If Trump had gone for option three, [a massive air strike] there might have been some immediate resignations.”

Nothing about the official White House account makes sense in the initial reports:

  • Assad had no reason to use chemical weapons, he was winning decisively at the time.
  • There were no reports of any sort of special handling of the munitions by the crews.
  • The films on the net show actions by the first responders which would have had them contaminated, and effected, as well.
  • The reports of a strong smell indicate that the toxin was not military grade Sarin.

And now we know that this strike had been communicated with US forces days in advance as part of the US-Russia deconfliction protocol, and that the professional staff in the US state security apparatus did not believe that there had actually been a chemical weapons attack.

And Today in Charter Schools………

We have a multi-state charter school chain facing allegations of systematic corruption.

This is not a surprise.  Charter schools as currently structured are a uniquely criminogenic enterprise.

Truth be told, the 18% management fee referenced in the article is rather larcenous in and of itself, since most of the managing is done by the staff on each campus.

If anyone believes that allowing charter schools to “unleash the market” will produce better results for less, I have a bridge in Brooklyn to sell you:

The founder of an Akron-area charter school company is accused of using thousands of dollars parents paid for student lunches and uniforms and millions more from Ohio and Florida taxpayers to fund home mortgages, plastic surgery, extensive world travel, credit card debt and more.

Criminal charges filed last week in Florida against Marcus May also allege he improperly used private and public funds earmarked for students’ education to expand his charter school empire in Columbus, Akron, Cleveland and Dayton.

Florida State Attorney William “Bill” Eddins brought the charges of racketeering and organized fraud against May, the founder of Newpoint Education Partners and Cambridge Education, a Fairlawn company that manages about 20 charter schools in Cincinnati, Dayton, Columbus, Akron, Youngstown, Canton and Cleveland.

In a prepared statement provided to the Beacon Journal on Friday, Cambridge Executive Director John Stack said: “My co-owners and I asked for and today accepted Mr. May’s resignation as managing member of Cambridge. We are now in discussions to remove him completely from ownership in the company because we feel it’s in the best interest of our schools.

“Despite this distraction, my colleagues at Cambridge and I will continue to focus on our core mission and the students we serve as we have always done.”

Cincinnati businessman Steven Kunkemoeller also was charged in the First Judiciary Circuit, a regional court in Florida. Kunkemoeller is a longtime business partner of May, according to a Beacon Journal/Ohio.com report from December and a multi-state investigation that included help from the Summit County Prosecutor’s Office.

………

The Florida prosecutor alleges that the men fabricated invoices, embellished enrollment, misappropriated public funds and created an elaborate network of limited liability companies in order to bilk the federal and state governments, as well as parents and students.

………

School and business records obtained by the Beacon Journal and detailed by a forensic accountant working on the case show that May and Kunkemoeller marked up the price of services and supplies provided to the charter schools they managed in Ohio and Florida, sometimes more than doubling the cost of school uniforms, desks, computers, chairs and website design.

………

Between 2010 and 2015, $350,000 was collected from students and parents for uniforms, and another $11,000 for school lunches, the Florida investigation found. Beyond Newpoint’s 18 percent management fee, millions more have been collected from inflated or allegedly fictitious invoices, according to court filings.

I am So Not Sorry About this Computer Hack………

It turns out that thousands of speed camera reports have been invalidated because a technician was updating machines with a tainted memory stick:

A contractor in the Australian State of Victoria has managed to infect an unknown number of speed cameras with a virus, over sneakernet.

Details aren’t so much sketchy as they are confused: the virus has been identified as WannaCrypt, but the government’s been told it infected both Linux and Windows-based cameras; there was no ransom demand; the main symptom was repeated camera reboots, and; contractors apparently hoped to keep things quiet by patching cameras without telling anyone.

The lid came off on Friday, and Victoria Police decided to cancel 590 fines issued by 55 cameras infected by a contractor visiting the cameras to perform software upgrades with a USB drive that also carried something nasty.

The number of known infections rose to 97 out of the state’s total of 280 speed cameras, after one of the state’s speed camera contractors, Redflex, told the Department of Justice it had identified and patched a further 42 infections earlier in June.

………

In excess of 7,500 fines issued between June 6 and June 22 are to be “quarantined” during the investigation, but may be reissued once the investigation is completed.

I want to state that I have no direct knowledge of any hacking operations, but if, for example, the good folks at 4Chan decided to hack speed cams and red light cams, I would donate to a GoFundMe of their legal defense.

In the United States, at least, these programs are more about revenue generation and getting money to private contractors who operate the systems.

Least Surprising News of the Day

An intelligence evaluation of the Manning leaks has been leaked, and no real harm was caused:

In the seven years since WikiLeaks published the largest leak of classified documents in history, the federal government has said they caused enormous damage to national security.

But a secret, 107-page report, prepared by a Department of Defense task force and newly obtained by BuzzFeed News, tells a starkly different story: It says the disclosures were largely insignificant and did not cause any real harm to US interests.

Regarding the hundreds of thousands of Iraq-related military documents and State Department cables provided by the Army private Chelsea Manning, the report assessed “with high confidence that disclosure of the Iraq data set will have no direct personal impact on current and former U.S. leadership in Iraq.”

So, we’re talking about embarrassment, and little else.

Our culture of over-classification leads to poor decisions and generally stupid sh%$.

I’d really like to see the Swedish concept of Offentlighetsprincipen (openness) written into our constitution:

In the 18th century, after over 40 years of mixed experiences with parliamentarism, public access to public documents was one of the main issues with the Freedom of the Press Act of 1766. Although the novelty was put out of order 1772–1809, it has since remained central in the Swedish mindset, seen as a forceful means against corruption and government agencies’ unequal treatment of the citizens, increasing the perceived legitimacy of (local and central) government and politicians. The Principle of Public Access (Swedish: Offentlighetsprincipen), as the collection of rules are commonly referred to, provides that all information and documents created or received by a “public authority” (local or central government, and all publicly operated establishments) must be available to all members of the public. It also states that all public authorities must provide information promptly (skyndsamt) upon request. 

Secrecy makes the holders of secret information feel unjustifiably exceptional, which builds arrogance, which in turn leads to stupidity and insane plans, which in turn leads to disaster.

It’s a Greek tragedy writ unbelievably small.

More IP Shenanigans

The Department of Defense is planning to grant the pharma giant Sanofi an exclusive license to manufacture and market a vaccine for the Zika virus that the US Army has developed:

………

It concerns something really exciting and important: a vaccine that shows great promise against the devastating Zika virus, which can cause microcephaly, blindness, deafness, and calcification of the brain in children whose mothers were infected during their pregnancy. If effective, such a vaccine could be a tremendous boon not just for developing countries, but for Western ones too, since the Zika virus has already begun to spread in the US, and Europe. The vaccine was developed at the Walter Reed Army Institute for Research, and the Department of the Army funded its development. Great news, you might think: the US public paid for it, so it’s only right that it should have low-cost access to it. Moreover, as an act of compassion — and to burnish its international image — the US could allow other countries to produce it cheaply too. But an article in The Nation reports that the US Army has other ideas:

the Army is planning to grant exclusive rights to this potentially groundbreaking medicine — along with as much as $173 million in funding from the Department of Health and Human Services — to the French pharmaceutical corporation Sanofi Pasteur. Sanofi manufactures a number of vaccines, but it’s also faced repeated allegations of overcharges and fraud. Should the vaccine prove effective, Sanofi would be free to charge whatever it wants for it in the United States. Ultimately, the vaccine could end up being unaffordable for those most vulnerable to Zika, and for cash-strapped states.

The Knowledge Ecology Institute (KEI), led by Jamie Love, made a reasonable suggestion to ensure that those most at need would have access to the drug at a reasonable price. KEI asked that, if Sanofi does get an exclusive deal, it should be obliged to make the vaccine available at an affordable price. The Army said it lacked the ability to enforce price controls, but it would ask those nice people at Sanofi to commit to affordable pricing on a voluntary basis. According to The Nation, those nice people at Sanofi refused. Speaking of nice people at Sanofi, the article notes the following:
………


When there is an entire Web page dedicated to listing Sanofi’s problems going back to 2009, you really have to wonder why the US Army is so keen to give the company a monopoly on this promising new treatment. The usual argument for the sky-high prices of drugs is that firms must be rewarded for taking on the financial risk of drug development, otherwise they won’t proceed, and the world would be the poorer. Except, of course, in this case that risk was entirely borne by the US public, which paid for the early stage development of the vaccine with their taxes. So Sanofi risked nothing, but now looks likely to reap the benefits by being allowed to price the vaccine out of the reach of the people who most need it. You might think there ought to be a law against this kind of behavior. It turns out that there is:

KEI’s Jamie Love pointed out that under the Bayh-Dole Act of 1980, it is already illegal to grant exclusive rights to a federally owned invention unless the license holder agrees to make it available at reasonable pricing. But that provision has rarely, if ever, been enforced.

Now would be a really great time to start enforcing that law.

Indeed.

I’m inclined to believe that Bayh Dole is a bad law, and it has been made far worse through the rather lackadaisical attitude toward applying any sort of public benefit to technologies that were developed at public expense.

It would be nice if  the law’s march in rights, which allow for compulsory licensing, had been applied even once.

Trump is a Real Friend of the Jews

Trumps State Department is shutting down its anti-Semitism monitoring office:

The U.S. State Department’s office to monitor and combat anti-Semitism will be unstaffed as of July 1.

A source familiar with the office’s workings told JTA that its remaining two staffers, each working half-time or less, would be reassigned as of that date.

The Trump administration, which has yet to name an envoy to head the office, would not comment on the staffing change. At full staffing, the office employs a full-time envoy and the equivalent of three full-time staffers.

So not a surprise.

Trump is dancing with what brung him.

Fasten Your Seatbelts, Europe

Because European regulators just shut down two Italian banks:

Friday, in another sign that the eurozone financial system remains vulnerable even as the economy improves.

The central bank said in a statement that Veneto Banca and Banca Popolare di Vicenza, both based in northern Italy, had failed or were likely to fail because they did not have enough capital to meet regulatory requirements.

They become the second and third banks to be declared effectively dead by the central bank, which acquired power to supervise eurozone banks at the end of 2014.

The first, earlier this month, was Banco Popular, Spain’s fifth biggest bank.

Shareholders of the two Italian banks will lose their money, as will investors in so-called junior bonds that are intended to absorb losses first.

But deposits in the bank will be protected, as will investors in so-called senior bonds.

After 3 years, 3 banks in a month.

I’m wondering what is going to happen when (and it’s when, not if) the ECB actually tries to down a German bank.

A New Definition of Chutzpah………

The Orange County Sheriff is now defending endemic lying by her staff in sworn testimony by saying that deputees did not know that they were required to tell the truth.

I guess that whole oath, where they swear to, “Tell the truth, the whole truth and nothing but the truth,” just wasn’t clear enough:

The Orange County (CA) District Attorney’s office remains in the news. It’s not often an entire prosecutors’ office gets booted off a high-profile murder case, but that’s what happens when misconduct occurs on a massive scale. An open-and-shut murder case with eight victims is now the DA’s perpetual nightmare. Judge Thomas Goethals kicked the agency to the curb after uncovering repeated discovery violations committed by prosecutors.

But the problems go back further than this case. The office has hidden the existence of a law enforcement database from defense lawyers (and judges) for a quarter century — a database holding all sorts of information about jailhouse snitches that may have made the difference in a number of cases.

………

Those in charge of the sheriff’s snitch program have been asked to testify in response to perjury allegations. They have chosen not to, with each sheriff’s office witness called pleading the Fifth. This chain of events has led to the most jaw-dropping law enforcement statement I have ever read, and that includes arguments made in support of setting toddlers on fire with carelessly-tossed flashbang grenades.

Sheriff Sandra Hutchens claims the veteran officers were unaware they were required to testify honestly during prior court appearances for the death penalty case marred by astonishing degrees of government cheating.

Officers, especially veteran ones, are aware they are required to testify honestly. This is why they’re sworn in before testimony. There’s a promise made at that point. Not testifying honestly is called “perjury,” as the officers are surely aware. High school students taking civics classes are aware of this. No one’s really unclear on the whole “tell the truth in court” thing.

The whole of Orange County law enforcement apparatus needs to be disbanded and taken over by outside agencies.

Damn!

While we are on the subject of immoral companies, Mylan Pharmaceuticals board was reelected, and the vote limiting executive compensation is almost certain to be ignored:

Mylan shareholders today did not unseat the drug maker’s board of directors, despite calls for an ouster over the EpiPen pricing scandals and remarkably large executive salaries.

In a vote during an annual meeting in Amsterdam, shareholders approved all incumbent nominees, including Chief Executive Heather Bresch, President Rajiv Malik, and Chairman Robert Coury, who earned a nearly $100 million salary last year amid intense backlash over EpiPen price hikes. The majority of shareholders did, however, reject such executive compensation plans—in a nonbinding vote.

………

However, analysts say the vote is unlikely to have any effect. Speaking to Bloomberg Markets, Ronny Gal, an analyst with Sanford C. Bernstein & Co., said: “There’s no way for this to be enforced.” He noted that, when shareholders have pushed back on salaries in the past, “Mylan’s position was that they need to educate shareholders more on the drivers of why they compensate management the way they do. I would be surprised if they pursue a different path here.” 

It should be noted that binding shareholder votes on compensation are illegal under US law.

This is something that needs to be changed, because control fraud is a staple of the MBA class of managers these days.

It needs to stop.

Your Uber Dead Pool

Uber’s week from hell is over, and it starts with Uber’s psychopath in chief Travis Kalanick has been forced out by investors following revelations that he was trafficking in stolen medical records of a rape victim in order to discredit her claims:

Travis Kalanick stepped down Tuesday as chief executive of Uber, the ride-hailing service that he helped found in 2009 and built into a transportation colossus, after a shareholder revolt made it untenable for him to stay on at the company.

Mr. Kalanick’s exit came under pressure after hours of drama involving Uber’s investors, according to two people with knowledge of the situation, who asked to remain anonymous because the details were confidential.

Earlier on Tuesday, five of Uber’s major investors demanded that the chief executive resign immediately. The investors included one of Uber’s biggest shareholders, the venture capital firm Benchmark, which has one of its partners, Bill Gurley, on Uber’s board. The investors made their demand for Mr. Kalanick to step down in a letter delivered to the chief executive while he was in Chicago, said the people with knowledge of the situation.

In the letter, titled “Moving Uber Forward” and obtained by The New York Times, the investors wrote to Mr. Kalanick that he must immediately leave and that the company needed a change in leadership. Mr. Kalanick, 40, consulted with at least one Uber board member, and after long discussions with some of the investors, he agreed to step down. He will remain on Uber’s board of directors.

………

The move caps months of questions over the leadership of Uber, which has become a prime example of Silicon Valley start-up culture gone awry. The company has been exposed this year as having a workplace culture that included sexual harassment and discrimination, and it has pushed the envelope in dealing with law enforcement and even partners. That tone was set by Mr. Kalanick, who has aggressively turned the company into the world’s dominant ride-hailing service and upended the transportation industry around the globe.

………

In the letter, in addition to Mr. Kalanick’s immediate resignation, the five shareholders asked for improved oversight of the company’s board by filling two of three empty board seats with “truly independent directors.” They also demanded that Mr. Kalanick support a board-led search committee for a new chief executive and that Uber immediately hire an experienced chief financial officer

That last bit about, “Truly independent directors,” seems to me to be a critique of Uber board member Arianna Huffington, who has been a steadfast defender of Kalanick.

Meanwhile, as soon as Travis is out the door, Uber adds tipping to the app, a policy whose only justification was that it would make it harder to claim that its drivers are not its employees.

BTW, in addition to the above, a recent court filing states that Kalanick knew that the recent head of its autonomous driving division had stolen documents and data from his previous employer:

Uber’s recently fired CEO, Travis Kalanick, knew that his top self-driving car engineer had Google files in his possession in March 2016, according to newly filed court documents.

The admission was made by Uber lawyers as part of a response to Waymo discovery demands. Uber lawyers served the response on June 8, and it was revealed in a public court motion (PDF) filed by Waymo lawyers late yesterday.

According to Uber, former self-driving car chief Anthony Levandowski told Kalanick that “he had identified five discs in his possession containing Google information.” Kalanick told Levandowski not to bring any Google information into Uber. Levandowski later told Uber he destroyed the discs, and Uber never got the discs, according to Uber lawyers.

Waymo sued Uber in February, claiming that the company had trade secrets brought in by Levandowski, an engineer who once worked at Google but quit abruptly in January 2016. Levandowski went on to found his own self-driving car startup, which was purchased by Uber for $680 million. Google has accused Levandowski, who is not a defendant in the case, of downloading more than 14,000 files that contained Google trade secrets and taking them with him. Levandowski has not denied those allegations and has declined to answer most questions, instead asserting his Fifth Amendment rights.

It’s no wonder that the Harvard Business Review is calling for Uber to be shut down:

………

But I suggest that the problem at Uber goes beyond a culture created by toxic leadership. The company’s cultural dysfunction, it seems to me, stems from the very nature of the company’s competitive advantage: Uber’s business model is predicated on lawbreaking. And having grown through intentional illegality, Uber can’t easily pivot toward following the rules.

Uber’s Fundamental Illegality

Uber brought some important improvements to the taxi business, which are at this point well known. But by the company’s launch, in 2010, most urban taxi fleets used modern dispatch with GPS, plus custom hardware and software. In those respects, Uber was much like what incumbents had and where they were headed.

Nor was Uber alone in realizing that expensive taxi medallions were unnecessary for prebooked trips — a tactic already used by other entrepreneurs in many cities. Uber was wise to use smartphone apps (not telephone calls) to let passengers request vehicles, and it found major cost savings in equipping drivers with standard phones (not specialized hardware). But others did this, too. Ultimately, most of Uber’s technical advances were ideas that competitors would have devised in short order.

Uber’s biggest advantage over incumbents was in using ordinary vehicles with no special licensing or other formalities. With regular noncommercial cars, Uber and its drivers avoided commercial insurance, commercial registration, commercial plates, special driver’s licenses, background checks, rigorous commercial vehicle inspections, and countless other expenses. With these savings, Uber seized a huge cost advantage over taxis and traditional car services. Uber’s lower costs brought lower prices to consumers, with resulting popularity and growth. But this use of noncommercial cars was unlawful from the start. In most jurisdictions, longstanding rules required all the protections described above, and no exception allowed what Uber envisioned. (To be fair, Uber didn’t start it — Lyft did. More on that later on.)

………

Rotten to the Core

Uber faced an important challenge in implementing this strategy: It isn’t easy to get people to commit crimes. Indeed, employees at every turn faced personal and professional risks in defying the law; two European executives were indicted and arrested for operating without required permits. But Uber succeeded in making lawbreaking normal and routine by celebrating its subversion of the laws relating to taxi services. Look at the company’s stated values — “super-pumped,” “always be hustlin’,” and “bold.” Respect for the law barely merits a footnote.

Uber’s lawyers were complicit in building a culture of illegality. At normal companies, managers look to their attorneys to advise them on how to keep their business within the law. Not at Uber, whose legal team, led by Chief Legal Officer Salle Yoo, formerly its general counsel, approved its Greyball software (which concealed the company’s practices from government investigators) and even reportedly participated in the hiring of a private investigator to interview friends and colleagues of litigation adversaries.

Having built a corporate culture that celebrates breaking the law, it is surely no accident that Uber then faced scandal after scandal. How is an Uber manager to know which laws should be followed and which ignored?

A Race to the Bottom

The 16th-century financier Sir Thomas Gresham famously observed that bad money drives out good. The same, I’d suggest, is true about illegal business models. If we allow an illegal business model to flourish in one sector, soon businesses in that sector and others will see that the shrewd strategy is to ignore the law, seek forgiveness rather than permission, and hope for the best.

………

But because Uber’s problem is rooted in its business model, changing the leadership will not fix it. Unless the model itself is targeted and punished, law breaking will continue. The best way to do this is to punish Uber (and others using similar methods) for transgressions committed, strictly enforcing prevailing laws, and doing so with little forgiveness. Since its founding, Uber has offered literally billions of rides in thousands of jurisdictions, and fines and penalties could easily reach hundreds of dollars for each of these rides.

In most jurisdictions, the statute of limitations has not run out, so nothing prevents bringing claims on those prior violations. As a result, the company’s total exposure far exceeds its cash on hand and even its book value. If a few cities pursued these claims with moderate success, the resulting judgments could bankrupt Uber and show a generation of entrepreneurs that their innovations must follow the law.

Uber fans might argue that shutting down the company would be throwing the baby out with the bathwater — with passengers and drivers losing out alongside Uber’s shareholders. But there’s strong evidence to the contrary.

Take the case of Napster. Napster was highly innovative, bringing every song to a listener’s fingertips, eliminating stock-outs and trips to a physical record store. Yet Napster’s overall approach was grounded in illegality, and the company’s valuable innovations couldn’t undo the fundamental intellectual property theft. Under pressure from artists and recording companies, Napster was eventually forced to close.

But Napster’s demise did not doom musicians and listeners to return to life before its existence. Instead, we got iTunes, Pandora, and Spotify — businesses that retained what was great and lawful about Napster while operating within the confines of copyright law.

On top of all of this, it appears that Lyft has spent years waiting for the rocks at Uber to be turned over revealing the putrescence underneath, and has hit the ground running:

There was nothing inevitable about discomfort with Uber’s scandals driving a rush to Lyft. But Lyft, consciously or not, had correctly identified Uber’s weakness years ago. Uber was unfriendly, so Lyft would be friendly. Uber’s logo was sleek and silver and black, and so Lyft’s would be a bright pink mustache. Uber’s vision of driverless cars sounded like Skynet. Lyft painted a picture of a world with wider sidewalks and more parks.

Some of this was embedded in the company’s origins. Lyft originally distinguished itself by trying to make ride hailing a social experience. You sat in the front seat and fist-bumped the driver. Payment was made through “donations.” This was, in part, Lyft’s way of sidestepping the taxi regulations that Uber simply bulldozed past. And, to be honest, it was annoying — today, Lyft offers much the same frictionless, professionalized ride-hailing experience Uber does. But it seeded an idea of Lyft as a gentle, human company, and Lyft continued to build on that brand.

To Uber, Lyft’s business model was maddening. It took an Uber to pound through the regulations, to take the risks, to build the future. Then Lyft rolled behind with its dumb mustaches and friendly PR operation and did much of what Uber did without incurring the reputational cost.

But the wisdom of that strategy is apparent now. The risk with Uber wasn’t that it would fail at ride hailing. It was that it would lose the public’s trust. For a competitor to benefit from that stumble, it would have to be able to give anxious riders what they wanted: a ride-hailing company that really did seem nice enough, an Uber alternative you could actually trust.

I’m not sure that Lyft consciously positioned itself as an alternative to the deep inhumanity of Ubers Randian vision, but that is where it stands now, and it is in most of same markets, and right now, at least on the basis of the ads I see, Uber is begging for drivers, and Lyft is not.  (I’ve seen at least 20 Uber ads, and non from Lyft) for drivers over the past week.)

It sucks to be Uber right now, not because Uber has had a bad week, or because the future of the enterprise is in serious doubt, but because Uber is simply evil, much like the SS in that hysterically funny Mitchell and Webb sketch.

It sucks to be Uber right now because being Uber simply sucks.

This is Beyond Contempt

You know that someone is doing something very wrong when Facebook is the hero of the story.

In this case, Facebook refused a warrant from Minnesota cops against Philando Castile’s girlfriend after they shot him to death in what is clearly an attempt to dig up dirt on the young woman: (There was no similar review of Jeronimo Yanez who shot Castile)

Everything anyone has ever said about staying safe while interacting with the police is wrong. That citizens are told to comport themselves in complete obeisance just to avoid being beaten or shot by officers is itself bizarre — an insane inversion of the term “public servant.” But Philando Castile, who was shot five times and killed by (now former) Officer Jeronimo Yanez, played by all the rules (which look suspiciously like the same instructions given to stay “safe” during an armed robbery). It didn’t matter.

Castile didn’t have a criminal record — or at least nothing on it that mattered. Otherwise, he wouldn’t have been allowed to own a weapon, much less obtain a permit to conceal the gun. Castile told Yanez — as the permit requires — he had a concealed weapon. He tried to respond to the officer’s demand for his ID, reaching into his pocket. For both of these compliant efforts, he was killed.

Castile’s shooting might have gone unnoticed — washed into the jet stream of “officer-involved killings” that happen over 1,000 time a year. But his girlfriend, Diamond Reynolds, immediately live-streamed the aftermath via Facebook. Her boyfriend bled out while responding officers tried to figure out what to do, beyond call for more backup to handle a dead black man sitting in his own vehicle. Only after Yanez fired seven bullets into the cab of the vehicle did officers finally remove his girlfriend’s four year old daughter.

To “win” at killing citizens, you must start the spin immediately. Yanez spun his own, speaking to a lawyer less than two hours after killing Castile. Local law enforcement did the same thing. Documents obtained by Tony Webster show Special Agent Bill O’Donnell issued a warrant to Facebook for “all information retained” by the company on Diamond Reynolds, Castile’s girlfriend. This was to include all email sent or received by that account, as well as “chat logs,” which presumably means the content of private messages. The warrant also demands any communications that may have been deleted by Reynolds, as well as metadata on photos or videos uploaded to Facebook. It came accompanied with an indefinite gag order.

Why would law enforcement want (much less need) information from the victim’s girlfriend’s Facebook account? It appears officers were looking to justify the killing after the fact. The following sworn statement was contained in the affidavit:

………

The only upside — and it’s incredibly small given the surrounding circumstances — is Facebook refused to hand over the information on the grounds that the indefinite gag order was unconstitutional. Faced with this pushback, Minnesota police withdrew the warrant. But in the end, Yanez was acquitted and Philando Castile is still dead — a man who did nothing more than try to comply with an officer’s orders.

Seriously, law enforcement in the United States is deeply and profoundly broken.

Quote of the Day

While Richard Florida’s recommendation that the Democratic Party should target the “service class” makes perfect sense, it presupposes that the Democrats have exercising political power as their main objective. In fact, their real overarching goal is maximizing political patronage opportunities.

Yves Smith

It does explains an awful lot about Democratic Party dysfunction.

Yeah, It’s a Sh%$ Show. Anyone Surprised?

After developing the bill in secret, Senate Republicans has revealed their proposal for Trump Care, and it ain’t pretty:

The health-care proposal unveiled by Senate Majority Leader Mitch McConnell on Thursday came under immediate attack from conservative and centrist Republican senators as well as industry officials, casting the bill’s viability into doubt even as GOP leaders plan to bring it to a final vote next week.

The 142-page bill, which McConnell (R-Ky.) released after weeks of drafting it in secrecy, drew swift criticism from hard-right senators who argued it does not go far enough in undoing Barack Obama’s signature health-care law, the Affordable Care Act. It also prompted an outcry from centrist senators and medical organizations worried that it takes on the law, known as Obamacare, too aggressively and would lead to millions losing their health care or receiving fewer benefits.

These critics effectively delivered their opening bids in what is expected to be a contentious week of negotiations. McConnell is trying to pass the bill before the July 4 recess, with Republican leaders seeking to quickly learn whether they will be able to fulfill years of promises to roll back the law or whether it’s time to turn to other items on their legislative agenda, such as overhauling the tax code.

The plan here is to get a vote on the bill before anyone has a chance to read it.

The reports that I have read is that the McConnell’s version is worse than the house version, (it basically destroys Medicaid, for example) but a bit more back loaded, so as to push the outrage past the next election.

This isn’t surprising:  The political calculus here makes it essential to repeal Obamacare and cut taxes for the rich, but actually keeping people from dying is irrelevant.

Good Point

In discussing Brexit, Ian Welsh notes that it presents a conundrum for Labour, “You Can’t Stay in the EU or Single Market And Be For Labour’s Manifesto.”

The EU is structured in an aggressively Neoliberal framework, and as such, is incompatible social democracy, which is why support of the EU by the left is fundamentally self destructive.

Money quote:

The EU is a barrier against horrible things the Tories want to do, but it is a roadblock against basic social-democratic policies that Corbyn wants.

One need only look at what has happened to Greece, where an entire country was sacrificed on the alter of neoliberalism to know this.

The EU can work, and the EU can progress, but it needs a healthy dose of fairness and democracy to do so, and the current structure, which cares more about  Deutsche Bank than it does about people, and sees democratic concerns regarding the EU expansion as something to be subverted.

It’s a truly toxic mix.

A Coda to the Ossoff Loss

When people talk about how Jon Ossoff outperformed the previous candidate in GA-6, though (as I have previously noted, he did poorly to relative to Hillary Clinton in that election), they noted that he picked up about 20 points on the prior Democratic candidate for Congress.

The interesting thing here is that even though Jon Ossoff ran a generally empty campaign, he actually existed, while the candidate in November, one Rodney Stooksbury, may actually not exist:

As far as I know, Rodney Stooksbury is an actual living human being. I have even spoken with someone who has spoken with someone who swears he exists.

Certain people, however, are convinced that Rodney Stooksbury does not exist. This is because, even though Rodney Stooksbury was the 2016 Democratic congressional candidate in Georgia’s 6th District, nobody could ever actually seem to find a photograph of the guy. Or a campaign website. Or any campaign material. Or anyone who has actually met Rodney Stooksbury. News outlets tried to track down Stooksbury, to no avail. According to one investigation, “when reporters went to his town house in Sandy Springs, no one answered the door. When they inquired with the neighbors, no one had heard of him. He apparently had run no campaign, and had raised no money.” Stooksbury, if not a literal ghost, might as well have been one. In November, shortly before leaving to become Donald Trump’s Secretary of Health and Human Services, Republican incumbent Tom Price was re-elected with approximately 62% of the vote. Rodney Stooksbury, whoever he was, came second. He received 38% of the vote.

This week, the special election to replace Price was held. Republican Karen Handel defeated Democrat Jon Ossoff, 52 to 48, in the most expensive House race in the history of the United States. Over $56 million was spent in total, enough to prevent nearly 17,000 children from dying of malaria. Because Ossoff had positioned himself as a centrist, running mainly on a platform of reducing government spending, a lot of heated debate is now occurring among Democrats. What does this mean for the party? Should it heed the Berniecrats and appeal to the progressive base? If throwing money at a race won’t win it, what will? Might having actual principles and policies do the trick?

Mr. Stooksbury, if indeed that is his name, literally spent no money at all in the election.

Zero ……… Zip ……… Nada.

He was never seen in public ……… No campaigning at all.

Think about the status of party infrastructure after a few years of that.

We really need to go back to the 50 state strategy, if just because the national DNC is so f%$#ing incompetent.