Menu

Timesdelhi.com

May 26, 2019
Category archive

Ron Wyden

TurboTax and H&R Block hide their free tax filing tools from Google on purpose

in Delhi/Finance/India/Internal Revenue Service/Intuit/Politics/Ron Wyden/search engines/search results/Tax/TC/Turbotax by

Low-income Americans can file their taxes for free, but odds are they ended up paying anyway.

ProPublica found that tax-filing giant Intuit is deliberately concealing search results for its free filing service, instead pointing all consumers toward its paid products. While users visiting TurboTax’s homepage will be greeted with what looks like free tax software, the software’s parent company usually finds a way to charge anyone using the product. The manipulative design choice echoes recent conversation around dark pattern design and likely explains why free filing services remain underutilized.

Intuit’s true free filing software is called TurboTax Free File. Compared to the company’s main TurboTax portal, TurboTax Free File is much more difficult to find. That service, designed to make the process free for low-income filers individually making less than $34,000 a year, is part of an agreement between tax-filing companies and the IRS stipulating that a free option must be provided for lower-income filers. In the course of reporting, ProPublica found that Intuit competitor H&R Block uses the same tactic to bury its own free service, H&R Block Free File.

To effectively bury its free filing service, TurboTax included a snippet of code in the page’s robots.txt file instructing search engines not to index it. The code was spotted by a Twitter user Larissa Williams and Redditor ethan1el.

Screenshot via ProPublica

Instead of pointing users toward its free file tool, TurboTax funnels the vast majority of users toward its paid and premium services, whether they qualify for free filing or not. The Senate Finance Committee’s top Democrat Ron Wyden denounced the tactic as “outrageous” in a statement to ProPublica, indicating that he intended to bring up the issue with the IRS.

What business leaders can learn from Jeff Bezos’ leaked texts

in Column/computing/cryptography/data protection/data security/Delhi/European Union/Facebook/General Data Protection Regulation/Google/human rights/India/jeff bezos/Microsoft/national security/online security/oregon/Politics/privacy/Ron Wyden/terms of service/United States/Wickr by

The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.

It’s a good assumption, but a troubling conclusion.

I worry that moments like these will drag serious cryptography down to the level of the National Enquirer. I’m concerned that this media cycle may lead people to view privacy and cryptography as a safety net for billionaires rather than a transformative solution for data minimization and privacy.

We live in the chapter of computing when data is mostly unprotected because of corporate indifference. The leaders of our new economy – like the vast majority of society – value convenience and short-term gratification over the security and privacy of consumer, employee and corporate data.  

We cannot let this media cycle pass without recognizing that when corporate executives take a laissez-faire approach to digital privacy, their employees and organizations will follow suit.

Two recent examples illustrate the privacy indifference of our leaders…

  • The most powerful executive in the world is either indifferent to, or unaware that, unencrypted online flirtations would be accessed by nation states and competitors.
  • 2016 presidential campaigns were either indifferent to, or unaware that, unencrypted online communications detailing “off-the-record” correspondence with media and payments to adult actor(s) would be accessed by nation states and competitors.

If our leaders do not respect and understand online security and privacy, then their organizations will not make data protection a priority. It’s no surprise that we see a constant stream of large corporations and federal agencies breached by nation states and competitors. Who then can we look to for leadership?

GDPR is an early attempt by regulators to lead. The European Union enacted GDPR to ensure individuals own their data and enforce penalties on companies who do not protect personal data. It applies to all data processors, but the EU is clearly focused on sending a message to the large US based data processors – Amazon, Facebook, Google, Microsoft, etc. In January, France’s National Data Protection Commission sent a message by fining Google $57 million for breaching GDPR rules. It was an unprecedented fine that garnered international attention. However, we must remember that in 2018 Google’s revenues were greater than $300 million … per day! GPDR is, at best, an annoying speed-bump in the monetization strategy of large data processors.

It is through this lens that Senator Ron Wyden’s (Oregon) idealistic call for billions of dollars in corporate fines and jail time for executives who enable privacy breaches can be seen as reasonable. When record financial penalties are inconsequential it is logical to pursue other avenues to protect our data.

Real change will come when our leaders understand that data privacy and security can increase profitability and reliability. For example, the Compliance, Governance and Oversight Council reports that an enterprise will spend as much as $50 million to protect 10 petabytes of data, and that $34.5 million of this is spent on protecting data that should be deleted. Serious efficiencies are waiting to be realized and serious cryptography can help.  

So, thank you Mr. Bezos for igniting corporate interest in secure communications. Let’s hope this news cycle convinces our corporate leaders and elected officials to embrace data privacy, protection and minimization because it responsible, profitable and efficient. We need leaders and elected officials to set an example and respect their own data and privacy if we have any hope of their organizations to protect ours.

Tall Poppy aims to make online harassment protection an employee benefit

in Abuse/American Civil Liberties Union/behavior/bill de blasio/bullying/Canada/cyberbullying/cybercrime/Delhi/Department of Education/Donald Trump/eventbrite/Facebook/harassment/Honeywell/India/law enforcement/linux/Mayor/Microsoft/New York/online abuse/online communities/online harassment/Politics/Ron Wyden/Salesforce/Security/Sexual harassment/slack/social network/Startups/TC/teacher/ticketfly/United States/Y Combinator by

For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back.

Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work that Honeywell, a security specialist, had been doing to hunt down trolls in online communities since at least 2008.

That was the year that Honeywell first went after a particularly noxious specimen who spent his time sending death threats to women in various Linux communities. Honeywell cooperated with law enforcement to try and track down the troll and eventually pushed the commenter into hiding after he was visited by investigators.

That early success led Honeywell to assume a not-so-secret identity as a security expert by day for companies like Microsoft, Salesforce, and Slack, and a defender against online harassment when she wasn’t at work.

“It was an accidental thing that I got into this work,” says Honeywell. “It’s sort of an occupational hazard of being an internet feminist.”

Honeywell started working one-on-one with victims of online harassment that would be referred to her directly.

“As people were coming forward with #metoo… I was working with a number of high profile folks to essentially batten down the hatches,” says Honeywell. “It’s been satisfying work helping people get back a sense of safety when they feel like they have lost it.”

As those referrals began to climb (eventually numbering in the low hundreds of cases), Honeywell began to think about ways to systematize her approach so it could reach the widest number of people possible.

“The reason we’re doing it that way is to help scale up,” says Honeywell. “As with everything in computer security it’s an arms race… As you learn to combat abuse the abusive people adopt technologies and learn new tactics and ways to get around it.”

Primarily, Tall Poppy will provide an educational toolkit to help people lock down their own presence and do incident response properly, says Honeywell. The company will work with customers to gain an understanding of how to protect themselves, but also to be aware of the laws in each state that they can use to protect themselves and punish their attackers.

The scope of the problem

Based on research conducted by the Pew Foundation, there are millions of people in the U.S. alone, who could benefit from the type of service that Tall Poppy aims to provide.

According to a 2017 study, “nearly one-in-five Americans (18%) have been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.”

The women and minorities that bear the brunt of these assaults (and, let’s be clear, it is primarily women and minorities who bear the brunt of these assaults), face very real consequences from these virtual assaults.

Take the case of the New York principal who lost her job when an ex-boyfriend sent stolen photographs of her to the New York Post and her boss. In a powerful piece for Jezebel she wrote about the consequences of her harassment.

As a result, city investigators escorted me out of my school pending an investigation. The subsequent investigation quickly showed that I was set up by my abuser. Still, Mayor Bill de Blasio’s administration demoted me from principal to teacher, slashed my pay in half, and sent me to a rubber room, the DOE’s notorious reassignment centers where hundreds of unwanted employees languish until they are fired or forgotten.

In 2016, I took a yearlong medical leave from the DOE to treat extreme post-traumatic stress and anxiety. Since the leave was almost entirely unpaid, I took loans against my pension to get by. I ran out of money in early 2017 and reported back to the department, where I was quickly sent to an administrative trial. There the city tried to terminate me. I was charged with eight counts of misconduct despite the conclusion by all parties that my ex-partner uploaded the photos to the computer and that there was no evidence to back up his salacious story. I was accused of bringing “widespread negative publicity, ridicule and notoriety” to the school system, as well as “failing to safeguard a Department of Education computer” from my abusive ex.

Her story isn’t unique. Victims of online harassment regularly face serious consequences from online harassment.

According to a  2013 Science Daily study, cyber stalking victims routinely need to take time off from work, or change or quit their job or school. And the stalking costs the victims $1200 on average to even attempt to address the harassment, the study said.

“It’s this widespread problem and the platforms have in many ways have dropped the ball on this,” Honeywell says.

Tall Poppy’s co-founders

Creating Tall Poppy

As Honeywell heard more and more stories of online intimidation and assault, she started laying the groundwork for the service that would eventually become Tall Poppy. Through a mutual friend she reached out to Dean, a talented coder who had been working at Ticketfly before its Eventbrite acquisition and was looking for a new opportunity.

That was in early 2015. But, afraid that striking out on her own would affect her citizenship status (Honeywell is Canadian), she and Dean waited before making the move to finally start the company.

What ultimately convinced them was the election of Donald Trump.

“After the election I had a heart-to-heart with myself… And I decided that I could move back to Canada, but I wanted to stay and fight,” Honeywell says.

Initially, Honeywell took on a year-long fellowship with the American Civil Liberties Union to pick up on work around privacy and security that had been handled by Chris Soghoian who had left to take a position with Senator Ron Wyden’s office.

But the idea for Tall Poppy remained, and once Honeywell received her green card, she was “chomping at the bit to start this company.”

A few months in the company already has businesses that have signed up for the services and tools it provides to help companies protect their employees.

Some platforms have taken small steps against online harassment. Facebook, for instance, launched an initiative to get people to upload their nude pictures  so that the social network can monitor when similar images are distributed online and contact a user to see if the distribution is consensual.

Meanwhile, Twitter has made a series of changes to its algorithm to combat online abuse.

“People were shocked and horrified that people were trying this,” Honeywell says. “[But] what is the way [harassers] can do the most damage? Sharing them to Facebook is one of the ways where they can do the most damage. It was a worthwhile experiment.”

To underscore how pervasive a problem online harassment is, out of the four companies where the company is doing business or could do business in the first month and a half there is already an issue that the company is addressing. 

“It is an important problem to work on,” says Honeywell. “My recurring realization is that the cavalry is not coming.”

Russian indictments show that the U.S. needs federal oversight of election security

in America/Column/Congress/cybercrime/defcon/Delhi/democratic party/Department of Homeland Security/Election Assistance Commission/election security/elections/federal election/Federal government/Florida/Government/helsinki/India/national security/operating systems/Politics/president/presidential election/Ron Wyden/Russia/Trump/United States by

President Trump’s Helsinki summit with Vladimir Putin, on the heels of twelve Russian intelligence officials indicted for hacking the 2016 election, made it clear that this administration has zero commitment to protect our elections from future Russian attacks.

These events should remind us of an alarming fact we can no longer afford to ignore: our elections are not secure.

As a nation, we underfund and neglect election security. So, much like our aging infrastructure, our election infrastructure is severely outdated and crumbling before our eyes.

Unfortunately, in today’s hyper-partisan environment, even concerns over election security are divided along party lines. Case in point: after his trip to Russia last week, Republican Senator Ron Johnson declared “It’s very difficult to really meddle in our elections. It just is.”

To effectively safeguard our elections, we need to consider yet another conservative taboo: the federal government should have more power in setting election security standards. Our current decentralized, disjointed state-based system is no longer adequate for protecting our elections against foreign interference in the 21st century.

TechCrunch/Bryce Durbin

Right now, the federal government plays a very limited role in the oversight of election security. The Election Assistance Commission and Department of Homeland Security offer optional resources and issue non-binding guidelines for best practices, and states are free to come up with their own standards as they please. The results, unsurprisingly, are abysmal.

In 2016, for example, over two-thirds of all counties in the U.S. used voting machines that were over a decade old. Many machine used outdated softwares and ran in absurdly old operating systems such as Windows 2000. Thirteen states still use machines that are completely electronic, which makes themprone to glitches, and with no paper trails, the results cannot be audited.

Many experts have pointed out that our current machines could be hacked in a matter of minutes. Recently, a 14 year-old participant at DefCon breached a voting machine in 90 minutes, and was able to change the vote tally in the machine remotely, from anywhere.

Besides the machines, there are other major vulnerabilities in many states’ election security standards that would make hacking our elections a breeze for the Russians. Our voter registration databases are outdated and prone to infiltration. Many states have no post-election auditing requirements at all, and those that do are often insufficient, severely undermining our ability to identify and correct an attack.

While federalizing election security has long been castigated as an infringement of state rights, politicians are beginning to acknowledge its necessity. Senator Ron Wyden, for instance, recently introduced The Protecting American Votes and Elections Act of 2018, whichwould require every state to use election machines with paper ballots and mandate risk-limiting post-election audits (the “gold standard” of election auditing).

As Wyden argues: “Americans don’t expect states, much less county officials, to fight America’s wars. The Russians have attacked our election infrastructure and leaving our defenses to states and local entities, in my view, is not an adequate response. Our country needs baseline, mandatory, federal election security standards.”

TechCrunch/Bryce Durbin

Rather than providing concrete solutions, this Republican Congress continues to pretend that all of our election security problems can be solved by tiny, poorly designed federal grant programs alone. In this year’s omnibus spending bill, a bipartisan compromise provided a meager, but much needed $380 million federal grant to states for strengthening election security ahead of the 2018 election. However, the effectiveness of this grant is questionable, given it was earmarked for broad purposes and allocated by a formula that is not competitive or need-based.

Worse still, since states are not required to spend the federal grant allocated to them, some stateshave not even applied to collect their shares. Several state governments are impeding the use of this grant through a combination of delayed action and inaction. For example, Florida’s Republican-led state legislature has refused to authorize their election officials to use the grant before the 2018 election, even when the state is in desperate need for more election security funding.

While inadequate funding is a serious concern that needs to be addressed — House Democrats estimated that we will need $1.4 billion over the next decade to bring our entire election system in line with best practices — increasing federal grants alone would not be enough to secure elections in every state. The Secure Elections Act, a bill currently with the most broad-based, bipartisan support, will provide much needed federal funding to make up for the current shortfall, but as with this year’s federal grant, there is no guarantee states would use the funding in a timely and effective fashion — or at all — given state participation will remain voluntary under this bill.

Our representative democracy cannot survive if we fail to preserve the fairness and integrity of our elections. While it’s too late to implement binding federal guidelines to secure the 2018 midterm, we should accept nothing less for the 2020 presidential election, as we can be certain the Russians will hack that election in order to help their preferred candidate, yet again.

Too many states have proven they are unwilling to take election security seriously. It’s time for the federal government to step in.

Bipartisan bill seeks to reform a law that allows spy agencies to surveil US citizens

in Congress/Delhi/fisa/Government/India/Policy/Politics/Ron Wyden/Section 702/surveillance/TC by

On Tuesday, a bipartisan group in Congress proposed legislation to rein in a controversial loophole in the Foreign Intelligence Surveillance Act (FISA) that provisions U.S. spy agencies with a legal loophole to conduct warrantless surveillance on American citizens.

The bill, co-sponsored by Senate privacy hawk Ron Wyden, big government skeptic Rand Paul and 11 other senators, including Bernie Sanders and Elizabeth Warren, is known as the USA Rights Act. A companion piece of legislation is proposed in the House, sponsored by Reps. Beto O’Rourke, Ted Poe and  Zoe Lofgren.

“The American people deserve better from their own government than to have their internet activity swept up in warrantless, unlimited searches that ignore the Fourth Amendment,” Sen. Paul said. “Our bill institutes major reforms that prove we can still protect our country while respecting our Constitution and upholding fundamental civil liberties.”

The timing comes on the day of a closed Senate Intelligence Committee session debating a bill that would reauthorize the controversial and not widely understood law, which is set to expire at the end of this year unless renewed by Congress.

The legislation seeks to limit Section 702 surveillance with several specific stipulations, but most meaningfully it would require intelligence agencies to obtain a warrant to surveil “private
communications to, from and about Americans.” It would specifically forbid the collection of communications from any Americans talking about a foreign target, a practice known as “about” collection, as well as banning the use of Section 702 to authorize any domestic communications. The bill also would beef up FISA court oversight and build in a sunset date of four years, after which time the legislation would need to be reauthorized.

The legislation debated today in the Senate Intel committee, introduced by committee chair Richard Burr, would uncritically reauthorize Section 702 as we know it through 2025 while making it even easier for spy agencies to potentially infringe on the rights of American citizens. Beyond extending the sunset date, Burr’s draft would allow intelligence agencies to resume spying on communications that make mention of a specific foreign target, widening the scope of surveillance well beyond current interpretations of the law that allow only for intercepting communications sent to or from a named target.

The Electronic Frontier Foundation, one of Section 702’s strongest critics and online privacy’s staunchest defenders, recently questioned new FBI Director Christopher Wray’s defense of the surveillance loophole, particularly the government’s unwillingness to publish numbers about how many Americans have been swept up in the process of 702 surveillance or to provide any evidence that the practice is in fact making the country safer in a quantifiable way.

“Section 702 needs review, and many parts of it—including the backdoor search—do not measure up to Wray’s justifications,” the EFF writes. “If the government can prove that warrantless search of American communications keeps Americans safe, why does Wray rely on hypotheticals?”

Section 702 is hotly contested for its role in a surveillance practice known as incidental collection, in which communications unrelated to a surveillance target are swept up in the process. This can result in government spy efforts indirectly targeting American citizens, a process that under normal lawful practice would require a search warrant.

“Requiring a warrant for a search of information or personal data if the inquiry is about an American citizen is simply the constitutional and right thing to do,” said Rep. O’Rourke, a sponsor of the House version of the bill. “The USA RIGHTS Act is a bipartisan, bicameral and basic, commonsense piece of legislation that safely reforms Section 702.”

Featured Image: Bryce Durbin

Go to Top