Tag Archives: Exclusive
WASHINGTON (Reuters) – The Federal Communications Commission plans to fine Sinclair Broadcasting Corp $ 13.3 million after it failed to properly disclose that paid programming that aired on local TV stations was sponsored by a cancer institute, three people briefed on the matter told Reuters.
The proposed fine, which covers about 1,700 spots including commercials that looked like news stories that aired during newscasts for the Utah-based Huntsman Cancer Institute over a six-month period in 2016, could bolster critics of Sinclair’s proposed $ 3.9 billion acquisition of Tribune Media Co.
Sinclair Broadcasting and a spokesman for the FCC declined to comment. Sinclair, which has told reporters previously the violations were unintentional, disclosed the investigation in financial filings.
Sinclair, which owns more than 170 U.S. television stations and is the largest U.S. operator, announced plans in May to acquire Tribune’s 42 TV stations in 33 markets as well as cable network WGN America and digital multicast network Antenna TV, extending its reach to 72 percent of American households. The FCC and Justice Department are reviewing Sinclair’s proposed acquisition of Tribune.
The proposed fine, which was approved by the five-member FCC earlier this week but has not yet been made public, is significant, officials said. The penalty represents an average fine of about $ 7,700 for each of the improperly aired spots but is significantly less than the maximum fine Sinclair could have faced under the law.
Sinclair will have the opportunity to respond to the proposed fine before it becomes final.
Reporting by David Shepardson; Editing by Nick Zieminski
SAN FRANCISCO/WASHINGTON (Reuters) – A 20-year-old Florida man was responsible for the large data breach at Uber Technologies Inc last year and was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities, three people familiar with the events have told Reuters.
Uber announced on Nov. 21 that the personal data of 57 million passengers and 600,000 drivers were stolen in a breach that occurred in October 2016, and that it paid the hacker $ 100,000 to destroy the information. But the company did not reveal any information about the hacker or how it paid him the money.
Uber made the payment last year through a program designed to reward security researchers who report flaws in a company’s software, these people said. Uber’s bug bounty service – as such a program is known in the industry – is hosted by a company called HackerOne, which offers its platform to a number of tech companies.
Reuters was unable to establish the identity of the hacker or another person who sources said helped him. Uber spokesman Matt Kallman declined to comment on the matter.
Newly appointed Uber Chief Executive Dara Khosrowshahi fired two of Uber’s top security officials when he announced the breach last month, saying the incident should have been disclosed to regulators at the time it was discovered, about a year before.
It remains unclear who made the final decision to authorize the payment to the hacker and to keep the breach secret, though the sources said then-CEO Travis Kalanick was aware of the breach and bug bounty payment in November of last year.
Kalanick, who stepped down as Uber CEO in June, declined to comment on the matter, according to his spokesman.
A payment of $ 100,000 through a bug bounty program would be extremely unusual, with one former HackerOne executive saying it would represent an “all-time record.” Security professionals said rewarding a hacker who had stolen data also would be well outside the normal rules of a bounty program, where payments are typically in the $ 5,000 to $ 10,000 range.
HackerOne hosts Uber’s bug bounty program but does not manage it, and plays no role in deciding whether payouts are appropriate or how large they should be.
HackerOne CEO Marten Mickos said he could not discuss an individual customer’s programs. “In all cases when a bug bounty award is processed through HackerOne, we receive identifying information of the recipient in the form of an IRS W-9 or W-8BEN form before payment of the award can be made,” he said, referring to U.S. Internal Revenue Service forms.
According to two of the sources, Uber made the payment to confirm the hacker’s identity and have him sign a nondisclosure agreement to deter further wrongdoing. Uber also conducted a forensic analysis of the hacker’s machine to make sure the data had been purged, the sources said.
One source described the hacker as “living with his mom in a small home trying to help pay the bills,” adding that members of Uber’s security team did not want to pursue prosecution of an individual who did not appear to pose a further threat.
The Florida hacker paid a second person for services that involved accessing GitHub, a site widely used by programmers to store their code, to obtain credentials for access to Uber data stored elsewhere, one of the sources said.
GitHub said the attack did not involve a failure of its security systems. “Our recommendation is to never store access tokens, passwords, or other authentication or encryption keys in the code,” that company said in a statement.
‘SHOUT IT FROM THE ROOFTOPS’
Uber received an email last year from an anonymous person demanding money in exchange for user data, and the message was forwarded to the company’s bug bounty team in what was described as Uber’s routine practice for such solicitations, according to three sources familiar with the matter.
Bug bounty programs are designed mainly to give security researchers an incentive to report weaknesses they uncover in a company’s software. But complicated scenarios can emerge when dealing with hackers who obtain information illegally or seek a ransom.
Some companies choose not to report more aggressive intrusions to authorities on the grounds that it can be easier and more effective to negotiate directly with hackers in order to limit any harm to customers.
Uber’s $ 100,000 payout and silence on the matter at the time was extraordinary under such a program, according to Luta Security founder Katie Moussouris, a former HackerOne executive.
“If it had been a legitimate bug bounty, it would have been ideal for everyone involved to shout it from the rooftops,” Moussouris said.
Uber’s failure to report the breach to regulators, even though it may have felt it had dealt with the problem, was an error, according to people inside and outside the company who spoke to Reuters.
“The creation of a bug bounty program doesn’t allow Uber, their bounty service provider, or any other company the ability to decide that breach notification laws don’t apply to them,” Moussouris said.
Uber fired its chief security officer, Joe Sullivan, and a deputy, attorney Craig Clark, over their roles in the incident.
“None of this should have happened, and I will not make excuses for it,” Khosrowshahi, said in a blog post announcing the hack last month.
Clark worked directly for Sullivan but also reported to Uber’s legal and privacy team, according to three people familiar with the arrangement. It is unclear whether Clark informed Uber’s legal department, which typically handled disclosure issues.
Sullivan and Clark did not respond to requests for comment.
In an August interview with Reuters, Sullivan, a former prosecutor and Facebook Inc (FB.O) security chief, said he integrated security engineers and developers at Uber “with our lawyers and our public policy team who know what regulators care about.”
Last week, three more top managers in Uber’s security unit resigned. One of them, physical security chief Jeff Jones, later told others he would have left anyway, sources told Reuters. Another of the three, senior security engineer Prithvi Rai, later agreed to stay in a new role.
Reporting by Joseph Menn in San Francisco and Dustin Volz in Washington; Additional reporting by Heather Somerville and Stephen Nellis in San Francisco; Editing by Jonathan Weber and Bill Rigby
NEW YORK/LOS ANGELES (Reuters) – Amazon.com Inc (AMZN.O) has scrapped plans to launch an online streaming service bundling popular U.S. broadcast and cable networks because it believes it cannot make enough money on such a service, people familiar with the matter told Reuters.
The world’s largest online retailer has also been unable to convince key broadcast and basic cable networks to break with decades-old business models and join its a la carte Amazon Channels service, the sources said and has backed away from talks with them.
The reversals come a month after the abrupt departure of Roy Price from his job as head of Amazon Studios, the company’s high-profile television production division, following an allegation of sexual harassment, which he has contested.
They show how difficult it is for Amazon to change entrenched habits in the U.S. entertainment business in the same way that it has done in retail, cloud computing and other areas.
An Amazon spokeswoman declined to comment.
Video has become an important tool for Amazon in generating subscriptions for its U.S. $ 99-a-year Prime membership service. It is on track to spend some $ 4.5 billion or more on video programming this year, analysts estimate.
On Monday it made waves in the entertainment world with the purchase of global television rights to “The Lord of the Rings,” planning a multi-season series to draw more viewers to Prime.
At the same time, Amazon is looking to offer a wide variety of television channels through Prime. It originally aimed to offer a limited bundle of key broadcast and cable networks for a set fee, similar to offerings from Alphabet Inc’s (GOOGL.O) YouTube and Hulu.
Such an offering, known in the industry as a “skinny bundle,” is a way of capturing younger viewers who are dropping traditional, expensive cable or satellite TV packages in favor of channels watchable on smartphones and tablets.
But in recent weeks, Amazon decided not to move ahead with a service on the grounds that it would yield too low a profit margin and did not necessarily indicate the direction the TV business will eventually go, the sources told Reuters.
Amazon could still decide to change course and introduce a skinny bundle, but the talks are over, the sources said.
Instead, Amazon has decided to focus on building out its Amazon Channels service, where Prime customers can subscribe to HBO, Showtime, Starz and other networks on an a la carte basis, according to the sources.
Those networks have standalone subscription services, but the advantage of Amazon Channels is that it groups together separate subscriptions and makes them available through the Amazon Video app.
Amazon has built up Amazon Channels to include more than 140 television and digital-only networks in the United States, but its efforts to get the most-watched TV channels have stalled, the sources told Reuters.
Sources familiar with the talks said Amazon has run up against the same obstacle that has stymied firms such as Apple Inc (AAPL.O) and Verizon Communications Inc (VZ.N) in their efforts to launch TV services: the traditional cable bundle.
Twenty-First Century Fox Inc (FOXA.O), Viacom Inc (VIAB.O) and other media firms typically require cable companies or other partners to take their weaker channels along with their stronger ones, to prevent the weaker ones withering on the vine.
Amazon did not want to do that. It also asked networks for provisions that are foreign to the entertainment business, including discounts based on the volume of subscribers it brings in. “That might be standard in selling, but it is not how it works with content,” said one industry source.
The Seattle-based company, known for taking a long-term view of businesses, is willing to wait, sources told Reuters. It is working on the assumption that as pay-TV subscriptions decline over time, more TV networks will be tempted to go direct to consumers online and therefore be available for Amazon Channels, they said.
TV executives say Amazon is a top-notch marketer of video programming and could eventually help their bottom lines.
“They market our theatrical library better than we have because they have the data,” said an executive at one premium channel, who declined to be named.
Some programmers, including Discovery Communications Inc (DISCA.O), are already using Amazon to test their own streaming services before selling them to the public.
“They are an excellent petri dish,” said Paul Guyardo, chief commercial officer of Discovery.
Reporting By Jessica Toonkel in New York, Lisa Richwine in Los Angeles and Jeffrey Dastin in San Francisco; Editing by Jonathan Weber and Bill Rigby
WASHINGTON (Reuters) – The U.S. government has broadened an interpretation of which citizens can be subject to physical or digital surveillance to include “homegrown violent extremists,” according to official documents seen by Reuters.
The change last year to a Department of Defense manual on procedures governing its intelligence activities was made possible by a decades-old presidential executive order, bypassing congressional and court review.
The new manual, released in August 2016, now permits the collection of information about Americans for counterintelligence purposes “when no specific connection to foreign terrorist(s) has been established,” according to training slides created last year by the Air Force Office of Special Investigations (AFOSI).
The slides were obtained by Human Rights Watch through a Freedom of Information Act request about the use of federal surveillance laws for counter-drug or immigration purposes and shared exclusively with Reuters.
The Air Force and the Department of Defense told Reuters that the documents are authentic.
The slides list the shooting attacks in San Bernardino, California, in December 2015 and Orlando, Florida, in June 2016 as examples that would fall under the “homegrown violent extremist” category. The shooters had declared fealty to Islamic State shortly before or during the attacks, but investigators found no actual links to the organization that has carried out shootings and bombings of civilians worldwide.
Michael Mahar, the Department of Defense’s senior intelligence oversight official, said in an interview that AFOSI and other military counterintelligence agencies are allowed to investigate both active duty and U.S. civilian personnel as long as there is a potential case connected to the military. Investigations of civilians are carried out cooperatively with the Federal Bureau of Investigation, Mahar said.
Executive order 12333, signed by former President Ronald Reagan in 1981 and later modified by former President George W. Bush, establishes how U.S. intelligence agencies such as the CIA are allowed to pursue foreign intelligence investigations. The order also allows surveillance of U.S. citizens in certain cases, including for activities defined as counterintelligence.
Under the previous Defense Department manual’s definition of counterintelligence activity, which was published in 1982, the U.S. government was required to demonstrate a target was working on behalf of the goals of a foreign power or terrorist group.
It was not clear what practical effect the expanded definition might have on how the U.S. government gathers intelligence. One of the Air Force slides described the updated interpretation as among several “key changes.”
‘CLOAK OF DARKNESS’
However, some former U.S. national security officials, who generally support giving agents more counterterrorism tools but declined to be quoted, said the change appeared to be a minor adjustment that was unlikely to significantly impact intelligence gathering.
Some privacy and civil liberties advocates who have seen the training slides disagreed, saying they were alarmed by the change because it could increase the number of U.S. citizens who can be monitored under an executive order that lacks sufficient oversight.
“What happens under 12333 takes place under a cloak of darkness,” said Sarah St. Vincent, a surveillance researcher with Human Rights Watch who first obtained the documents. “We have enormous programs potentially affecting people in the United States and abroad, and we would never know about these changes” without the documents, she said.
The National Security Act, a federal law adopted 70 years ago, states that Congress must be kept informed about significant intelligence activities. But the law leaves the interpretation of that to the executive branch.
The updated interpretation was motivated by recognition that some people who may pose a security threat do not have specific ties to a group such as Islamic State or Boko Haram, Mahar at the Defense Department said.
“The internet and social media has made it easier for terrorist groups to radicalize followers without establishing direct contact,” Mahar said.
“We felt that we needed the flexibility to target those individuals,” he said.
In August 2016, during the final months of former President Barack Obama’s administration, a Pentagon press release announced that the department had updated its intelligence collecting procedures but it made no specific reference to “homegrown violent extremists.”
The revision was signed off by the Department of Justice’s senior leadership, including the attorney general, and reviewed by the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.
Mahar said that “homegrown violent extremist,” while listed in the Air Force training slide, is not an official phrase used by the Defense Department. It does not have a specific list of traits or behaviors that would qualify someone for monitoring under the new definition, Mahar said.
Hunches or intuition are not enough to trigger intelligence gathering, Mahar said, adding that a “reasonable belief” that a target may be advancing the goals of an international terrorist group to harm the United States is required.
The updated Defense Department manual refers to any target “reasonably believed to be acting for, or in furtherance of, the goals or objectives of an international terrorist or international terrorist organization, for purposes harmful to the national security of the United States.”
Mahar said that in counterterrorism investigations, federal surveillance laws, including the Foreign Intelligence Surveillance Act, continue to govern electronic surveillance in addition to the limitations detailed in his department’s manual.
Reporting by Dustin Volz; editing by Grant McCool
SIS, a leading supplier of products and services to the global betting industry, and Genius Sports, the world leader in sports betting and gaming technology, have signed an exclusive partnership for…
(PRWeb May 03, 2016)
Read the full story at http://www.prweb.com/releases/2016/05/prweb13384025.htm
To take security one level higher, Lockr does not allow keys to be copied and used by developers outside the hosting platform. This can be especially important to development teams distributed across the globe. Additionally, Lockr allows site owners to …