WEBVTT - Tech News: Hack the Planet

0:00:04.400 --> 0:00:07.800
<v Speaker 1>Welcome to tech Stuff, a production from I Heart Radio.

0:00:12.039 --> 0:00:14.960
<v Speaker 1>Hey there, and welcome to tech Stuff. I'm your host,

0:00:15.080 --> 0:00:18.360
<v Speaker 1>Jonathan Strickland. I'm an executive producer with iHeart Radio and

0:00:18.440 --> 0:00:21.240
<v Speaker 1>I love all things tech and it is time for

0:00:21.320 --> 0:00:26.720
<v Speaker 1>the tech news for Thursday, March eleventh, twenty one. Let's

0:00:26.720 --> 0:00:29.600
<v Speaker 1>get to it. Last week I told you about how

0:00:29.640 --> 0:00:33.480
<v Speaker 1>the social network site gab, known for the right wing

0:00:33.560 --> 0:00:37.839
<v Speaker 1>political philosophy of most of its users, was the victim

0:00:38.000 --> 0:00:41.919
<v Speaker 1>of a data breach as a hacker accessed gab systems

0:00:42.159 --> 0:00:46.920
<v Speaker 1>and stole around seventy gigabytes worth of data, including three

0:00:47.200 --> 0:00:52.480
<v Speaker 1>million private posts. Well earlier this week, gab has been

0:00:52.680 --> 0:00:58.080
<v Speaker 1>hacked again and even went offline temporarily as the administrators

0:00:58.120 --> 0:01:02.200
<v Speaker 1>of the site conducted and investigate into the security vulnerability

0:01:02.360 --> 0:01:06.119
<v Speaker 1>that made this possible. Now, during the downtime, users who

0:01:06.120 --> 0:01:09.399
<v Speaker 1>are trying to go to gab got an error message,

0:01:09.480 --> 0:01:12.400
<v Speaker 1>but the site is back up as of this recording.

0:01:12.920 --> 0:01:16.959
<v Speaker 1>A hacker using the handle captain Jack Sparrow that's j

0:01:17.319 --> 0:01:21.039
<v Speaker 1>A x p A r Oh claims responsibility for both hacks,

0:01:21.600 --> 0:01:24.720
<v Speaker 1>though who knows if that handle represents just one person

0:01:24.920 --> 0:01:27.720
<v Speaker 1>or it's being used by a group. Working together. The

0:01:27.760 --> 0:01:33.280
<v Speaker 1>hacker used authentication tokens that they gathered during the first hack,

0:01:33.959 --> 0:01:36.240
<v Speaker 1>and they used those to carry out the second one.

0:01:36.280 --> 0:01:39.760
<v Speaker 1>They were able to access the systems because those authentication

0:01:39.800 --> 0:01:43.560
<v Speaker 1>tokens were still good, and that showed the GAB failed

0:01:43.600 --> 0:01:47.360
<v Speaker 1>to reset those security tokens. The hacker also left a

0:01:47.360 --> 0:01:51.680
<v Speaker 1>message that claims that this hacker gave GAB CEO Andrew

0:01:51.760 --> 0:01:56.400
<v Speaker 1>Torba and ultimatum cough up eight bitcoins, which is worth

0:01:56.520 --> 0:02:00.880
<v Speaker 1>about four fifty thousand dollars, and the hacker would return

0:02:00.920 --> 0:02:05.040
<v Speaker 1>at least some of that stolen data. Torva apparently refused, which,

0:02:05.080 --> 0:02:07.920
<v Speaker 1>for the record, is what security experts say is the

0:02:08.040 --> 0:02:13.000
<v Speaker 1>right call. Capitulating to hacker demands typically just reinforces that

0:02:13.080 --> 0:02:16.800
<v Speaker 1>hackers decisions, and it also encourages other hackers to follow suit,

0:02:17.360 --> 0:02:20.400
<v Speaker 1>because if you pay the ransom, people know that there's

0:02:20.400 --> 0:02:23.200
<v Speaker 1>money to be made, and it just makes things worse. Plus,

0:02:23.520 --> 0:02:26.320
<v Speaker 1>there's never actually a guarantee that you'll ever get anything

0:02:26.360 --> 0:02:30.000
<v Speaker 1>back anyway, or that there won't be copies of the

0:02:30.040 --> 0:02:32.880
<v Speaker 1>stuff you get back floating around now. I have to

0:02:32.919 --> 0:02:37.959
<v Speaker 1>say GAB definitely comes out looking like a terrible steward

0:02:38.120 --> 0:02:43.240
<v Speaker 1>of user security and data like absolutely awful. The company

0:02:43.280 --> 0:02:47.320
<v Speaker 1>has completely failed to protect user assets. And just to

0:02:47.320 --> 0:02:50.520
<v Speaker 1>be clear, while I am about as far away in

0:02:50.600 --> 0:02:56.519
<v Speaker 1>political ideology as you can get from the typical GAB user,

0:02:57.040 --> 0:03:00.840
<v Speaker 1>I also don't really care for hackers who promise sites

0:03:00.960 --> 0:03:04.680
<v Speaker 1>and then issue ransom notices. I don't think that's a

0:03:04.760 --> 0:03:08.080
<v Speaker 1>valid approach either. I don't think anyone comes out of

0:03:08.080 --> 0:03:11.280
<v Speaker 1>this situation looking like a good guy, and that's gonna

0:03:11.320 --> 0:03:14.400
<v Speaker 1>be a kind of common message in today's news items.

0:03:14.440 --> 0:03:17.519
<v Speaker 1>I think my guess is that the leaders at gab

0:03:17.560 --> 0:03:20.920
<v Speaker 1>are kind of in over their heads. They got the

0:03:20.960 --> 0:03:25.480
<v Speaker 1>boot from various other platforms due to the actions of

0:03:25.520 --> 0:03:29.239
<v Speaker 1>their users and different violations of terms of service, so

0:03:29.400 --> 0:03:32.040
<v Speaker 1>they're kind of forced to take whatever they can get,

0:03:32.520 --> 0:03:36.520
<v Speaker 1>which is something we've also seen with Parlor. Moving on

0:03:36.560 --> 0:03:39.640
<v Speaker 1>to a different hacking story, I've covered the Solar Winds

0:03:39.720 --> 0:03:43.720
<v Speaker 1>hack numerous times already about how it looks as though

0:03:44.120 --> 0:03:47.920
<v Speaker 1>Russian backed hackers. I mean, it's all but confirmed that

0:03:47.960 --> 0:03:51.520
<v Speaker 1>they are Russian backed hackers who compromise Solar Winds software

0:03:51.600 --> 0:03:55.200
<v Speaker 1>build system and that let the hackers push out software

0:03:55.320 --> 0:03:59.400
<v Speaker 1>updates as if they were legitimate updates. But those updates

0:03:59.480 --> 0:04:03.720
<v Speaker 1>really carried malware two Solar Winds customers, and that gave

0:04:03.760 --> 0:04:07.760
<v Speaker 1>the hackers the ability to infiltrate thousands of computer systems

0:04:07.840 --> 0:04:10.400
<v Speaker 1>and they could then follow up on that attack. This

0:04:10.600 --> 0:04:14.840
<v Speaker 1>was the supply chain attack, where targeted systems accepted the

0:04:14.880 --> 0:04:18.680
<v Speaker 1>malware because it was coming from a previously trusted source,

0:04:18.839 --> 0:04:23.400
<v Speaker 1>that being Solar Winds. Well, now cybersecurity researchers have published

0:04:23.400 --> 0:04:27.000
<v Speaker 1>a report that shows hackers backed by China we're targeting

0:04:27.040 --> 0:04:30.560
<v Speaker 1>Solar Winds at the same time in a separate operation,

0:04:30.920 --> 0:04:35.760
<v Speaker 1>one that I have previously conflated with the Russian hackers.

0:04:35.839 --> 0:04:38.560
<v Speaker 1>So it's time to set the record straight. Based on

0:04:38.720 --> 0:04:41.760
<v Speaker 1>what these researchers found. While the Russian hack used the

0:04:41.760 --> 0:04:44.800
<v Speaker 1>method I just described a moment ago, it appears that

0:04:44.839 --> 0:04:48.440
<v Speaker 1>it was the Chinese hackers who were specifically targeting a

0:04:48.520 --> 0:04:54.240
<v Speaker 1>software project called Ryan and these hackers, according to the researchers,

0:04:54.680 --> 0:04:59.280
<v Speaker 1>were really going after a specific Solar Winds customer and

0:04:59.320 --> 0:05:04.880
<v Speaker 1>they install a malware shell now called Supernova around that

0:05:04.960 --> 0:05:08.360
<v Speaker 1>Orion software. So this sounds like it was a much

0:05:08.360 --> 0:05:12.320
<v Speaker 1>more targeted attack. The Russian approach was different. It let

0:05:12.480 --> 0:05:18.000
<v Speaker 1>hackers blast out malware two thousands of potential targets, and

0:05:18.040 --> 0:05:21.960
<v Speaker 1>then the hackers could follow up with the specific hits

0:05:22.000 --> 0:05:24.680
<v Speaker 1>that they wanted to. They could look at who they

0:05:24.680 --> 0:05:29.200
<v Speaker 1>were able to capture with that first blast and follow

0:05:29.320 --> 0:05:34.080
<v Speaker 1>up for further infiltration. Whereas the Chinese approach was different.

0:05:34.160 --> 0:05:36.880
<v Speaker 1>They were looking at a specific target and went right

0:05:36.920 --> 0:05:41.279
<v Speaker 1>for them, as opposed to doing that blast attack. And

0:05:41.440 --> 0:05:45.000
<v Speaker 1>we are not done with the hacking stories just yet.

0:05:45.760 --> 0:05:50.279
<v Speaker 1>Vercada or Verkada is a Silicon Valley startup that sells

0:05:50.360 --> 0:05:54.800
<v Speaker 1>security cameras with cloud based services, and they were hacked

0:05:54.880 --> 0:05:58.359
<v Speaker 1>earlier this week. Now I say hacked, but when I

0:05:58.400 --> 0:06:00.520
<v Speaker 1>tell you how it actually happened you, I think that

0:06:01.000 --> 0:06:03.479
<v Speaker 1>hack might be a bit of a generous term for

0:06:04.080 --> 0:06:09.240
<v Speaker 1>this particular thing. For Kado practices terrible security, and for

0:06:09.279 --> 0:06:12.479
<v Speaker 1>a company that's in the security business, that's not great.

0:06:12.839 --> 0:06:16.640
<v Speaker 1>So the hackers responsible belonged to a group called APT

0:06:17.160 --> 0:06:22.960
<v Speaker 1>six nine four to zero arson cats. Okay, but APT,

0:06:23.120 --> 0:06:25.719
<v Speaker 1>by the way, stands for Advanced Persistent Threat. It's a

0:06:25.720 --> 0:06:30.000
<v Speaker 1>common term in the cybersecurity world. Anyway, these hackers discovered

0:06:30.080 --> 0:06:34.360
<v Speaker 1>that Verkada had an Internet portal for the company's internal

0:06:34.440 --> 0:06:38.680
<v Speaker 1>development system away to log in to make changes to

0:06:38.800 --> 0:06:42.320
<v Speaker 1>code and various Arcadia products. You know, it's the way

0:06:42.360 --> 0:06:46.719
<v Speaker 1>that the developers can access stuff. Now, that makes sense,

0:06:47.200 --> 0:06:49.560
<v Speaker 1>particularly in a world where presumably a lot of the

0:06:49.600 --> 0:06:52.800
<v Speaker 1>people working for Vercada are doing so remotely. But what

0:06:53.000 --> 0:06:56.320
<v Speaker 1>does not make sense is that the hackers say that

0:06:56.360 --> 0:07:00.520
<v Speaker 1>this was essentially a publicly accessible portal. There were no

0:07:00.680 --> 0:07:05.760
<v Speaker 1>log in credentials required to get to that portal system,

0:07:05.800 --> 0:07:09.560
<v Speaker 1>so you get there without having to first verify that

0:07:09.640 --> 0:07:13.640
<v Speaker 1>you work for the company, and on that landing page

0:07:13.720 --> 0:07:16.840
<v Speaker 1>or that landing site, they found the login credentials to

0:07:16.880 --> 0:07:21.840
<v Speaker 1>get what they called super admin level access to Arcada's systems.

0:07:21.840 --> 0:07:24.600
<v Speaker 1>So as a result, they were able to access more

0:07:24.720 --> 0:07:28.840
<v Speaker 1>than one hundred thousand cameras the number I frequently see

0:07:28.840 --> 0:07:33.400
<v Speaker 1>a one hundred fifty thousand camera feeds belonging to various

0:07:33.480 --> 0:07:37.120
<v Speaker 1>Arcaded customers. They also got a list that was around

0:07:37.120 --> 0:07:41.280
<v Speaker 1>twenty four thousand entries long that that names those customers,

0:07:41.360 --> 0:07:47.120
<v Speaker 1>and they include businesses, churches, health care facilities, jails, and

0:07:47.280 --> 0:07:51.040
<v Speaker 1>the p g A of all things. Tesla is one

0:07:51.080 --> 0:07:54.720
<v Speaker 1>of their customers. Though Tesla says that the hack really

0:07:54.760 --> 0:07:57.720
<v Speaker 1>just gave the hackers of you into one of Tesla's

0:07:57.880 --> 0:08:03.320
<v Speaker 1>suppliers sites, but not the main manufacturing facility in Shanghai.

0:08:03.720 --> 0:08:08.080
<v Speaker 1>A software developer named Tilly Kottman gave details about the hack,

0:08:08.480 --> 0:08:12.320
<v Speaker 1>presumably having played some part in carrying it out. Now,

0:08:12.320 --> 0:08:14.280
<v Speaker 1>what we call this a hack? I would argue that

0:08:14.360 --> 0:08:18.480
<v Speaker 1>finding log in credentials on a publicly accessible landing page

0:08:19.040 --> 0:08:22.680
<v Speaker 1>is pretty much like walking up to someone's password protected

0:08:22.720 --> 0:08:26.240
<v Speaker 1>computer and seeing that they put the log in and

0:08:26.320 --> 0:08:29.640
<v Speaker 1>password on a sticky note and stuck it to the monitor.

0:08:30.120 --> 0:08:32.960
<v Speaker 1>It's not exactly safe. I mean, there's no point in

0:08:33.080 --> 0:08:37.560
<v Speaker 1>having a locked door if you're hanging a key off

0:08:37.600 --> 0:08:41.160
<v Speaker 1>the door. Knob Kottman says that part of the reason

0:08:41.280 --> 0:08:44.760
<v Speaker 1>that the hacker group published the information and shared video

0:08:44.880 --> 0:08:48.800
<v Speaker 1>from various locations you know Varcada customers, is that they

0:08:48.880 --> 0:08:52.920
<v Speaker 1>wanted to point out how widely distributed Varcada's systems actually

0:08:52.960 --> 0:08:57.079
<v Speaker 1>are and how inherently unsafe they are. Now, it's hard

0:08:57.160 --> 0:09:00.000
<v Speaker 1>for me to disagree with those points. I would argue

0:09:00.000 --> 0:09:02.360
<v Speaker 1>you this kind of puts the hackers into a sort

0:09:02.400 --> 0:09:06.360
<v Speaker 1>of gray hat area when it comes to the spectrum

0:09:06.480 --> 0:09:10.320
<v Speaker 1>of hackers, so we typically describe them by hats. So

0:09:10.360 --> 0:09:14.000
<v Speaker 1>you've got white hat hackers. These are hackers who probit systems.

0:09:14.040 --> 0:09:18.000
<v Speaker 1>They look for vulnerabilities, but the intent is to tell

0:09:18.280 --> 0:09:23.559
<v Speaker 1>the respective system administrators about those vulnerabilities, hopefully before someone

0:09:23.600 --> 0:09:26.800
<v Speaker 1>else can exploit them. So the whole goal is to

0:09:26.840 --> 0:09:29.360
<v Speaker 1>find weaknesses and systems and then say, hey, you need

0:09:29.400 --> 0:09:32.680
<v Speaker 1>to fix this. But then you've got your black hat hackers.

0:09:32.679 --> 0:09:35.160
<v Speaker 1>These are the people who are trying to profit from

0:09:35.160 --> 0:09:38.600
<v Speaker 1>being able to access systems and exploit them in some way.

0:09:39.200 --> 0:09:42.560
<v Speaker 1>Gray hats are somewhere in the middle. The hackers didn't

0:09:42.720 --> 0:09:45.880
<v Speaker 1>just go to Rakeda to alert the company of the mistake.

0:09:46.320 --> 0:09:49.240
<v Speaker 1>They didn't go to say, hey, you've got this massive

0:09:49.280 --> 0:09:52.400
<v Speaker 1>security vulnerability, you need to fix it right now. They

0:09:52.440 --> 0:09:56.720
<v Speaker 1>went public with this revelation, which definitely makes the company

0:09:56.760 --> 0:09:59.319
<v Speaker 1>look bad, And honestly, I think you can make a

0:09:59.360 --> 0:10:02.720
<v Speaker 1>good argument that there's some merit in that, considering that

0:10:02.760 --> 0:10:07.080
<v Speaker 1>the whole value proposition for a security company is that

0:10:07.600 --> 0:10:11.360
<v Speaker 1>it's safe. This is also a good reminder that security

0:10:11.360 --> 0:10:15.400
<v Speaker 1>systems that include ways to access a camera feed remotely

0:10:15.960 --> 0:10:19.920
<v Speaker 1>represents a potential security vulnerability. It's always a good idea

0:10:20.400 --> 0:10:23.839
<v Speaker 1>to do your research before you choose a security solution

0:10:24.440 --> 0:10:27.880
<v Speaker 1>on a related note, Jason Cobler and Joseph Cox over

0:10:27.920 --> 0:10:30.680
<v Speaker 1>at Vice dot Com pointed out that another really big

0:10:30.679 --> 0:10:34.760
<v Speaker 1>issue with this hack is that Verkada offers facial recognition

0:10:34.920 --> 0:10:39.280
<v Speaker 1>solutions in their security camera technologies, and that means that

0:10:39.360 --> 0:10:42.000
<v Speaker 1>hackers weren't just able to look at video feeds, they

0:10:42.040 --> 0:10:45.560
<v Speaker 1>could potentially identify the people who showed up in those

0:10:45.640 --> 0:10:49.040
<v Speaker 1>video feeds, And as they pointed out, quote, the breach

0:10:49.200 --> 0:10:53.040
<v Speaker 1>shows the astonishing reach of facial recognition enabled cameras in

0:10:53.160 --> 0:10:59.000
<v Speaker 1>ordinary workplaces, bars, parking lots, schools, stores, and more. End quote.

0:10:59.520 --> 0:11:02.640
<v Speaker 1>I think that that's putting it lightly because honestly, while

0:11:03.000 --> 0:11:06.240
<v Speaker 1>this is all about security cameras and a company that

0:11:06.720 --> 0:11:10.440
<v Speaker 1>has this kind of proprietary approach to facial recognition, we

0:11:10.480 --> 0:11:13.280
<v Speaker 1>have to remember that just about everybody carries a camera

0:11:13.400 --> 0:11:17.320
<v Speaker 1>with them, and depending upon the apps being used, a

0:11:17.360 --> 0:11:20.440
<v Speaker 1>lot of these companies are able to take advantage of

0:11:20.600 --> 0:11:25.040
<v Speaker 1>massive amounts of data and do facial recognition on their own.

0:11:25.360 --> 0:11:29.040
<v Speaker 1>So yeah, this is a very acute UH case that

0:11:29.120 --> 0:11:32.479
<v Speaker 1>we can point to, but it's by no means an outlier.

0:11:32.800 --> 0:11:35.760
<v Speaker 1>It is easy to imagine a scenario in which malicious

0:11:35.760 --> 0:11:39.400
<v Speaker 1>hackers would not only breach a system like Verkada, but

0:11:39.480 --> 0:11:42.880
<v Speaker 1>also keep it quiet, right, They might never come forward

0:11:43.120 --> 0:11:45.880
<v Speaker 1>letting people know that they got access, and then in

0:11:45.920 --> 0:11:48.480
<v Speaker 1>the meantime they could use these surveillance cameras for their

0:11:48.480 --> 0:11:52.800
<v Speaker 1>own purposes and perhaps even spy and potentially blackmail specific people.

0:11:53.360 --> 0:11:57.880
<v Speaker 1>The facial recognition genie is out of the bottle, and

0:11:57.920 --> 0:12:00.440
<v Speaker 1>the fact that there are numerous big companies are making

0:12:00.559 --> 0:12:03.880
<v Speaker 1>use of the technology in a widely distributed way means

0:12:03.920 --> 0:12:08.040
<v Speaker 1>that whenever you're on camera, you are potentially identifiable in

0:12:08.120 --> 0:12:11.880
<v Speaker 1>real time, and you're pretty much always just moments away

0:12:11.880 --> 0:12:14.960
<v Speaker 1>from being on camera if you're out and about. So

0:12:15.080 --> 0:12:18.320
<v Speaker 1>fun times. So hey, let's stay on this topic for

0:12:18.360 --> 0:12:21.760
<v Speaker 1>a little bit. The United States Army Research Laboratory has

0:12:21.760 --> 0:12:25.240
<v Speaker 1>been working on image recognition AI applications that will be

0:12:25.280 --> 0:12:28.360
<v Speaker 1>able to identify faces even if those images were taken

0:12:28.960 --> 0:12:33.360
<v Speaker 1>in darkness. So this research team took half a million

0:12:33.400 --> 0:12:37.120
<v Speaker 1>pictures of three people, which is a pretty small sample size,

0:12:37.120 --> 0:12:39.439
<v Speaker 1>believe it or not. Now, some of those photos were

0:12:39.480 --> 0:12:43.160
<v Speaker 1>taken in normal conditions, normal lighting conditions using a standard camera.

0:12:43.559 --> 0:12:46.200
<v Speaker 1>Others were taken in low light conditions, and some with

0:12:46.320 --> 0:12:49.960
<v Speaker 1>thermal cameras. I think it's pretty obvious to see where

0:12:49.960 --> 0:12:53.240
<v Speaker 1>the benefits are from a military perspective of having technology

0:12:53.280 --> 0:12:56.760
<v Speaker 1>that can identify a person even in low lighting conditions,

0:12:57.120 --> 0:13:00.120
<v Speaker 1>But there is no denying the idea is more or

0:13:00.120 --> 0:13:03.480
<v Speaker 1>than a little creepy. That being said, half a million photos,

0:13:03.520 --> 0:13:05.800
<v Speaker 1>like I said, is a very small sample size, and

0:13:05.840 --> 0:13:08.800
<v Speaker 1>the team says they're making progress, but they are nowhere

0:13:08.800 --> 0:13:12.080
<v Speaker 1>near a level where anything is sophisticated enough for deployment.

0:13:12.440 --> 0:13:15.160
<v Speaker 1>The system is still struggling to identify images and low

0:13:15.240 --> 0:13:18.840
<v Speaker 1>lighting conditions. Thermal cameras produce very different kinds of photos

0:13:18.880 --> 0:13:21.840
<v Speaker 1>than our normal cameras do, and the computer systems haven't

0:13:21.880 --> 0:13:25.360
<v Speaker 1>quite figured out how to reliably map those thermal images

0:13:25.640 --> 0:13:29.040
<v Speaker 1>to specific people. Also, they said that just a small

0:13:29.160 --> 0:13:32.000
<v Speaker 1>change in the camera's viewing angle, like the angle between

0:13:32.120 --> 0:13:34.280
<v Speaker 1>the person's face and the camera, can make it a

0:13:34.320 --> 0:13:37.079
<v Speaker 1>lot harder for a computer to suss out who they

0:13:37.120 --> 0:13:41.440
<v Speaker 1>are looking at. I've often talked about image recognition by

0:13:41.520 --> 0:13:44.080
<v Speaker 1>using coffee mugs as kind of an example. If you

0:13:44.120 --> 0:13:47.240
<v Speaker 1>were to feed millions of images of red coffee mugs

0:13:47.240 --> 0:13:49.559
<v Speaker 1>to a computer, but every single one of those images

0:13:50.000 --> 0:13:53.280
<v Speaker 1>showed the red coffee mug having it's handled pointing off

0:13:53.280 --> 0:13:56.160
<v Speaker 1>to the right side in some way, then the computer

0:13:56.280 --> 0:13:59.599
<v Speaker 1>might balk at seeing that same red coffee mug. But

0:13:59.679 --> 0:14:02.240
<v Speaker 1>what they handle pointed to the left side that could

0:14:02.240 --> 0:14:05.079
<v Speaker 1>be enough to throw the computer off. Computers are remarkable,

0:14:05.360 --> 0:14:08.400
<v Speaker 1>but they can still be pretty dumb in some ways. Still,

0:14:08.440 --> 0:14:11.559
<v Speaker 1>this area of research is a bit scary, particularly since

0:14:11.840 --> 0:14:14.120
<v Speaker 1>we already live in a world where lots of entities

0:14:14.880 --> 0:14:19.240
<v Speaker 1>like law enforcement agencies, rely on facial recognition technologies. And

0:14:19.280 --> 0:14:22.160
<v Speaker 1>that's without even getting into the existing problems we already

0:14:22.160 --> 0:14:25.720
<v Speaker 1>have with facial recognition, like racial and gender bias that

0:14:25.720 --> 0:14:29.720
<v Speaker 1>can lead to inaccurate results. And gosh, I wish I

0:14:29.760 --> 0:14:32.560
<v Speaker 1>had a happier story I could segue too. But I

0:14:32.560 --> 0:14:35.560
<v Speaker 1>should also mention that the Los Angeles Times published an

0:14:35.600 --> 0:14:39.520
<v Speaker 1>article titled clear View AI uses your online photos to

0:14:39.640 --> 0:14:44.440
<v Speaker 1>instantly I du that's a problem, lawsuit says, And yeah,

0:14:44.520 --> 0:14:46.960
<v Speaker 1>the headline pretty much tells the story. So you've got

0:14:46.960 --> 0:14:50.840
<v Speaker 1>this company, clear View AI, and they have an an

0:14:50.960 --> 0:14:55.240
<v Speaker 1>enormous image database, and they created it by scraping various

0:14:56.000 --> 0:15:00.240
<v Speaker 1>websites and services, particularly social networking platforms like face Book

0:15:00.240 --> 0:15:04.240
<v Speaker 1>and Twitter, but also other types of services like Google,

0:15:04.320 --> 0:15:07.960
<v Speaker 1>and Venmo, and they started gathering photos that way. According

0:15:07.960 --> 0:15:10.240
<v Speaker 1>to the l A Times, that means that the company

0:15:10.320 --> 0:15:13.880
<v Speaker 1>has a database of more than three billion photos and

0:15:13.920 --> 0:15:17.200
<v Speaker 1>has software that creates a digital faceprint of each person

0:15:17.320 --> 0:15:21.200
<v Speaker 1>based on those photos, which allows for faster facial recognition

0:15:21.240 --> 0:15:25.480
<v Speaker 1>identification if the system encounters a new image of someone

0:15:25.520 --> 0:15:28.920
<v Speaker 1>who is already in the database somewhere. So all those

0:15:28.920 --> 0:15:31.760
<v Speaker 1>photos that people share on different sites without really thinking

0:15:31.760 --> 0:15:34.400
<v Speaker 1>about it, and I include myself in this group of people,

0:15:35.120 --> 0:15:38.200
<v Speaker 1>you could be part of that massive database. That means

0:15:38.240 --> 0:15:41.400
<v Speaker 1>this company could potentially be using those photos to make

0:15:41.440 --> 0:15:44.800
<v Speaker 1>it possible for a clear view customers like once again,

0:15:45.040 --> 0:15:49.040
<v Speaker 1>law enforcement agencies to use it in real time with

0:15:49.160 --> 0:15:53.120
<v Speaker 1>the various solutions. Now, this prompted some civil liberties activists

0:15:53.160 --> 0:15:56.640
<v Speaker 1>to file a lawsuit against the company in California. They

0:15:56.680 --> 0:16:00.480
<v Speaker 1>said that the company's practices violate privacy and create a

0:16:00.560 --> 0:16:05.080
<v Speaker 1>chilling effect on protected activities such as the right to assembly. Now,

0:16:05.160 --> 0:16:07.360
<v Speaker 1>right now, we're in a pandemic. People shouldn't really be

0:16:07.400 --> 0:16:10.960
<v Speaker 1>assembling in public and big numbers anyway. But they're specifically

0:16:11.000 --> 0:16:14.760
<v Speaker 1>talking about things like the Black Lives Matter movement. So

0:16:15.000 --> 0:16:19.280
<v Speaker 1>the people who have had their accounts scraped, were never

0:16:19.320 --> 0:16:22.520
<v Speaker 1>given any notice that that was happening, let alone ever

0:16:22.640 --> 0:16:26.800
<v Speaker 1>given the chance to give consent for it. Now, the

0:16:26.840 --> 0:16:29.360
<v Speaker 1>flip side of that argument is that you could say,

0:16:29.520 --> 0:16:32.480
<v Speaker 1>someone posting to Facebook or whatever is doing so in

0:16:32.520 --> 0:16:35.920
<v Speaker 1>a semi public way, right if they haven't protected their

0:16:35.920 --> 0:16:40.000
<v Speaker 1>account in any way, then anyone could potentially see those photos.

0:16:40.040 --> 0:16:42.000
<v Speaker 1>But then you have to ask, what about people who

0:16:42.040 --> 0:16:45.480
<v Speaker 1>don't have a Facebook account. Maybe their friends have taken

0:16:45.520 --> 0:16:47.880
<v Speaker 1>photos of them and put those photos up on their

0:16:47.920 --> 0:16:52.040
<v Speaker 1>own account. Maybe those photos even have identifiable information in them,

0:16:52.080 --> 0:16:54.040
<v Speaker 1>And then you've got someone who doesn't even have a

0:16:54.080 --> 0:16:57.520
<v Speaker 1>Facebook account who had their picture scraped for this kind

0:16:57.520 --> 0:17:01.520
<v Speaker 1>of thing doesn't matter in that case. So the plaintiffs

0:17:01.560 --> 0:17:05.480
<v Speaker 1>are focusing just on California and California's citizens for this

0:17:05.520 --> 0:17:09.439
<v Speaker 1>particular lawsuit, and they are seeking an injunction that would

0:17:09.520 --> 0:17:13.960
<v Speaker 1>force clear View AI to stop collecting biometric information on

0:17:14.200 --> 0:17:17.159
<v Speaker 1>people in California, But they also want the company to

0:17:17.240 --> 0:17:20.760
<v Speaker 1>delete all the biometric data that it has already collected.

0:17:21.200 --> 0:17:25.200
<v Speaker 1>Clear View AI faces a similar lawsuit in Illinois. That

0:17:25.240 --> 0:17:27.720
<v Speaker 1>one is being brought against it by the American Civil

0:17:27.800 --> 0:17:30.679
<v Speaker 1>Liberties Union. I'm sure. I will be following up on

0:17:30.720 --> 0:17:33.720
<v Speaker 1>this story later on in the year as it plays out.

0:17:34.320 --> 0:17:39.800
<v Speaker 1>It really is indicative of how people are becoming aware

0:17:40.400 --> 0:17:44.560
<v Speaker 1>that the early choices we made when we were building

0:17:44.560 --> 0:17:51.160
<v Speaker 1>out stuff like social networking sites, we're rather shortsighted and

0:17:51.240 --> 0:17:55.720
<v Speaker 1>have had bigger consequences than we anticipated back then. I mean, heck,

0:17:55.760 --> 0:18:00.200
<v Speaker 1>Facebook started as a website for students to rate how

0:18:00.240 --> 0:18:04.560
<v Speaker 1>hot each other happened to be, So that's kind of

0:18:04.560 --> 0:18:07.120
<v Speaker 1>creepy all on its own. It doesn't have the same

0:18:07.160 --> 0:18:09.720
<v Speaker 1>sort of weight as this is a site that some

0:18:09.800 --> 0:18:12.439
<v Speaker 1>company is going to use later down the road to

0:18:12.600 --> 0:18:17.800
<v Speaker 1>build out an identification engine that law enforcement agencies might

0:18:17.840 --> 0:18:22.199
<v Speaker 1>be using ethically or otherwise in the future. Uh. And

0:18:22.280 --> 0:18:25.120
<v Speaker 1>because of those consequences, we now have to revisit those

0:18:25.119 --> 0:18:27.840
<v Speaker 1>early decisions we made and ask questions like, how can

0:18:27.880 --> 0:18:30.800
<v Speaker 1>we address this? Are there any ways to fix it?

0:18:31.200 --> 0:18:34.160
<v Speaker 1>Will it require us to create a ban on the

0:18:34.200 --> 0:18:40.120
<v Speaker 1>private use of facial recognition technologies? Honestly, those are big

0:18:40.200 --> 0:18:42.280
<v Speaker 1>questions that we don't have answers to yet, and I

0:18:42.320 --> 0:18:45.119
<v Speaker 1>don't know what answers we will arrive at, but I

0:18:45.160 --> 0:18:49.720
<v Speaker 1>will continue to cover the cases. That's it for today's news.

0:18:49.760 --> 0:18:52.919
<v Speaker 1>I hope you guys stay safe and healthy. If you

0:18:52.960 --> 0:18:55.040
<v Speaker 1>have anything you want to share with me, the best

0:18:55.040 --> 0:18:57.760
<v Speaker 1>place to do it is over on Twitter the handle

0:18:57.800 --> 0:19:00.639
<v Speaker 1>I use this tech stuff. H S double you and

0:19:00.680 --> 0:19:08.560
<v Speaker 1>I'll talk to you again really soon. Y Text Stuff

0:19:08.640 --> 0:19:11.800
<v Speaker 1>is an I Heart Radio production. For more podcasts from

0:19:11.800 --> 0:19:15.600
<v Speaker 1>my Heart Radio, visit the I Heart Radio app, Apple Podcasts,

0:19:15.680 --> 0:19:17.679
<v Speaker 1>or wherever you listen to your favorite shows