Tag: The Washington Post

Posted on

JusticeText raises $2.2M to increase transparency in criminal evidence-gathering

Software company JusticeText today announced the closing of a $2.2 million seed round, with participation from Bloomberg Beta, True Ventures, Reid Hoffman, John Legend and Michael Tubbs.

The company, launched in 2019 by Devshi Mehrotra and Leslie Jones-Dove, stores, catalogs, analyzes and then shares video evidence, hoping to increase transparency around criminal matters such as police interactions and improve overall judicial outcomes for low-income criminal defendants. The product is geared toward public defenders for use in trials.

“As a technologist, I couldn’t necessarily affect policy or legislation, especially as a young person,” Mehrotra told TechCrunch. “But when it comes to helping improve the efficiency of the work that public defenders do, that was very much within my wheelhouse.”

Mehrotra and Jones-Dove met seven years ago as freshmen at the University of Chicago. Both studied computer science and were passionate about campus police reform. Three months into their first year, the video of LaQuan McDonald’s murder went viral. At the time, it was the latest clip to show a young Black man dying at the hands of the police.

Mehrotra and Jones-Dove had grown up watching Trayvon Martin’s death sensationalized on cable television. Days before their first semester of college, the city of Ferguson, Missouri, burned following the murder of Michael Brown. Since 2015, more than 1,500 Black men have been killed by the police, according to The Washington Post.

“I spent a lot of undergrad reflecting on the role of technology in our criminal justice system and how much of the technology that’s being built is disproportionately designed to make it easier to arrest and incarcerate,” Mehrotra said. “We wanted to do something to help our community.”

JusticeText automatically transcribes criminal evidence data, making it searchable by keywords, weapons, drugs and crimes, so attorneys can easily create videos to use in hearings or trials. The company currently works with 50 public defender offices and has around 60 clients who are private criminal defense attorneys.

The duo started their fundraising journey in February, with Mehrotra saying it took around five months to complete. She called the experience “rigorous” and said they depended on other founders and angel investors they met at accelerators to facilitate introductions to big-name investors. The company will use the money to continue building its advanced natural language processing and expand its sales, marketing and communication teams.

“It’s rare to see founders who are both doing something so valuable to the world, like unjamming our legal system, and already getting customers to pay them for that value,” Roy Bahat, the head of Bloomberg Beta, told TechCrunch. “Winning companies need to do right for the world and do well. Devshi and Leslie are doing both.”

Legend, a singer and angel investor, echoed similar sentiments.

“The American criminal justice system disproportionately harms communities of color, and we need to empower our public defenders with cutting-edge tools to prevent and mitigate that damage,” he said. “I’m excited to see how the JusticeText platform contributes to a world where everyone gets the representation they deserve.”

Mehrotra said the reception to JusticeText has been positive so far. Public defenders, in particular, have taken interest in the product, especially given the worsening judicial backlog amid the pandemic. Already, she said attorneys have reached out to note that JusticeText eases the execution of their cases, expanding their bandwidth to take on more.

That’s important because many low-income defendants remain detained in pre-trial due to the lack of available public defenders. The Prison Policy Initiative estimates more than 400,000 people are incarcerated while awaiting trial, many simply because they cannot afford cash bail. Overall, Mehrotra said the company’s goal is to move the needle — even just a tad.

“Hopefully, we can keep more and more people out of the justice system and be an intervention that can redirect them to more rehabilitative programs,” she said. “We are proud to be building technology that surfaces critical insights from video evidence in a matter of minutes — all with the ultimate goal of increasing transparency and enabling fairer outcomes in our judicial system.”

JusticeText raises $2.2M to increase transparency in criminal evidence-gathering by Dominic-Madori Davis originally published on TechCrunch

Posted on

Twitter ex-security head says the social network has ‘deficient moderation’ for Spaces

Twitter’s former head of security Peiter “Mudge” Zatko alleges that the social network’s Spaces feature lacks proper moderation. Zatko made the claim in an explosive whistleblower complaint first obtained by CNN and The Washington Post.

In the complaint, Zatko says a Twitter executive incorrectly told staff and board members in December 2021 that the feature was being appropriately moderated. However, Zatko says he discovered that “about half of Spaces content flagged for review was in a language that the moderators did not speak, and there there was little to no moderation happening,” according to his whistleblower complaint dated July 6, which was filed with the U.S. Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC) and the Justice Department.

The whistleblower complaint notes that among other responsibilities, Zatko worked with Twitter Service, the company’s internal name for the division tasked with operational enforcement of global content moderation.

The complaint follows a report from The Washington Post published last year that said Twitter knew Spaces could be misused due to a lack of moderation. The report said employees who complained about the lack of moderation were sidelined by the company, as some questioned how the social network planned to make sure the offering didn’t turn into a platform for hate speech and calls to violence.

The report said Twitter executives were aware of the potential for abuse, but refused to slow the roll-out, despite the feature being widely used by white nationalists, Taliban supporters and anti-vaccine activists posting COVID-19 misinformation. Employees who raised concerns about Twitter’s plans to make Spaces available more widely were allegedly told that the technology needed to properly moderate Spaces did not exist, and that its small number of human moderators were unable to listen to tens of thousands of conversations occurring in multiple languages in real-time.

Twitter launched its Clubhouse-like Spaces feature in December 2020 as social audio was steadily growing in popularity. Interest around social audio became increasingly popular at the height of the pandemic, as people around the world were confined to their homes. In October 2021, Twitter rolled out the ability for all anyone to host a Space, opening up the tool to all sorts of groups and people despite a lack of proper moderation.

Zatko also accused his former employer of cybersecurity negligence. During his time at the company, Zatko says he witnessed “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy,” despite his attempts to flag the security lapses with Twitter’s board, which were ignored.

Twitter recruited Zatko, a renown hacker and security researcher, in late 2020 following a breach that allowed hackers to very publicly hijack the Twitter accounts of high profile accounts, including Joe Biden and Elon Musk.

Zatko was let go from the company in January 2022 along with CISO Rinki Sethi.

It’s worth noting that the complaint could impact Twitter’s ongoing legal fight with Tesla CEO Elon Musk, who is trying to get out of a $44 billion agreement to buy the social network. Zatko says Twitter executives don’t have the resources to fully understand the true number of bots on the platform and weren’t motivated to do so.

Twitter spokesperson Madeline Broas told TechCrunch in a boilerplate statement: “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Mudge’s report helps Musk’s legal fight over $44B Twitter deal; says there are ‘millions’ of accounts that could be spam bots

Posted on

Ex-security chief accuses Twitter of cybersecurity mismanagement in an explosive whistleblower complaint

Twitter’s former head of security Peiter “Mudge” Zatko has accused his former employer of cybersecurity negligence in an explosive whistleblower complaint first obtained by CNN and The Washington Post.

Zatko, a well-known hacker, was recruited by Twitter to head up the company’s security division in late-2020, months after a very public breach saw hackers hijack the Twitter accounts of some of the world’s most famous people, including Joe Biden and Elon Musk. He was let go from the company less than two years later.

Though his time at Twitter was brief, Zatko says he witnessed “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy,” according to his whistleblower complaint dated July 6, which was filed with the U.S. Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC) and the Justice Department. He told the Washington Post that his public whistleblowing comes after his attempts to flag the security lapses with Twitter’s board were ignored.

Zatko alleges in the complaint, reviewed by TechCrunch, that Twitter lacked basic security controls. He said thousands of employee laptops contained complete copies of Twitter’s source code and that about one-third of those devices blocked automatic security fixes, had system firewalls turned off, and had remote desktop access enabled for non-approved purposes. Zatko also accused the company of failing to actively monitor what employees were doing on their computers. As a result, “employees were repeatedly found to be intentionally installing spyware on their work computers at the request of external organizations,” the complaint said.

Zatko also alleges that about 5,000 full-time employees had broad access to the company’s internal software and that access was not closely monitored, giving them the ability to tap into sensitive data and alter how the service worked.

During his time at the company, Zatko said he came across a number of vulnerabilities “waiting to be discovered.” He says he discovered that half of the company’s 500,000 datacenter servers run on outdated software that do not support basic security features, such as encryption for stored data, or no longer received regular security updates from their vendors, This meant that Twitter suffered from an “anomalously high rate” of security incidents, Zatko said, and “reasonably feared Twitter could suffer an Equifax-level hack,” referring to the 2017 credit agency breach that resulted in the theft of close to 150 million Americans’ personal information.

The complaint alleges that the company had approximately one security incident each week serious enough that Twitter was required to report it to government agencies.

“In 2020 alone, Twitter had more than 40 security incidents, 70% of which were access control-related,” the complaint reads. “These included 20 incidents defined as breaches; all but two of which were access control related.”

Beyond claims of serious cybersecurity failings, Zatko also alleges that the Indian government forced Twitter to hire one of its agents and that the company repeatedly violated the terms of a 2011 agreement with the FTC. The complaint alleges Twitter does not reliably delete users’ data — including direct messages — after they cancel their accounts, in some cases because the company has lost track of the information, and that it has misled regulators about whether it deletes the data as it is required to do.

The complaint also has potential implications for Twitter’s legal battle with Musk, who is trying to get out of a $44 billion contract to buy the social media platform. Zatko says Twitter executives don’t have the resources to fully understand the true number of bots on the platform, and weren’t motivated to do so.

Twitter spokesperson Madeline Broas told TechCrunch in a boilerplate statement: “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Twitter fixes security bug that exposed at least 5.4 million accounts

Posted on

Elon Musk tells Twitter he is killing the deal

Elon Musk is formally trying to end his bid to buy Twitter. After hinting heavily that he no longer wanted the company in tweets attacking Twitter over its bot calculations and an ominous story this week reflecting his thinking in The Washington Post, Musk’s legal team is taking steps to terminate his $44 billion deal to buy Twitter.

“Mr. Musk is terminating the Merger Agreement because Twitter is in material breach of multiple provisions of that Agreement, appears to have made false and misleading representations upon which Mr. Musk relied when entering into the Merger Agreement, and is likely to suffer a Company Material Adverse Effect,” Musk’s lawyers wrote in a letter to Twitter’s Chief Legal Officer Vijaya Gadde.

Musk points to his unsubstantiated claims that Twitter is misleading investors and users about the number of automated accounts on its platform, which the company has long estimated to be under 5 percent. Musk had no apparent qualms with Twitter’s bot count prior to inking the deal and actually mentioned that he planned to take on the platform’s spam problem as the company’s new owner.

Bret Taylor, the chairman of Twitter’s board of directors, responded to Musk’s letter Friday by doubling down on the company’s intentions to see the deal through. “The Twitter Board is committed to closing the transaction on the price and terms agreed upon with Mr. Musk and plans to pursue legal action to enforce the merger agreement,” Taylor wrote. Twitter CEO Parag Agrawal retweeted Taylor’s tweet.

Agrawal has previously pushed back on Musk’s accusation that Twitter is undercounting fake accounts, describing the company’s methodology, which generalizes data for the whole platform based on a random sampling of accounts. “We don’t believe that this specific estimation can be performed externally, given the critical need to use both public and private information (which we can’t share),” Agrawal tweeted in May. “Externally, it’s not even possible to know which accounts are counted as mDAUs on any given day.”

It’s far from apparent that Musk’s complaints about Twitter’s bot counts will be deemed a valid enough reason to terminate the deal, particularly given that Twitter is keen to see it through. For better or worse, we’re going to hear a lot more about that argument in the coming days as Musk and Twitter begin to hash out the messy, months-long ordeal in court.

 

The story is developing…

Posted on

It sounds like Elon Musk is still trying to get out of his own Twitter deal

According to a new report from The Washington Post that relies heavily on anonymous sources, the world’s richest man is still looking for a way out of a $44 billion deal of his own making.

The Post reports that we’ll probably be seeing a “change in direction from Musk’s team” soon, according to its unnamed sources familiar with his plans. Further, Musk and friends have reportedly “stopped engaging in certain discussions” pertaining to funding the deal. Oracle co-founder Larry Ellison, Sequoia Capital, Andreessen Horowitz, Binance and Fidelity are all on board for financing after signing on in early May.

Musk appears to again be sowing doubt about Twitter’s bot estimates with these new shenanigans, but how and if those supposed concerns would even impact a deal he’s already signed onto is far from clear. The terms of the merger agreement include a stipulation that Musk would have to cough up $1 billion if he backs out of the deal, though it certainly looks like he’s combing through the fine print here looking for a way out of that too.

Musk has made a lot of noise in recent months with the claim that Twitter misled him about the number of bots and spam accounts running wild on the platform. Twitter hosted a press call Thursday to review its bot-counting methodology, which has long found that fewer than 5% of the platform’s accounts aren’t real people.

Sequoia, Binance and a16z back Elon Musk’s $44 billion Twitter bid

Musk offered to buy Twitter back in April and the company soon accepted the offer. After that — and after the economic winds shifted, taking his Tesla stock with them — the SpaceX and Tesla CEO claimed that the deal he already agreed to with Twitter was “on hold,” a status not corroborated by any filings or external realities beyond Musk’s tweets.

The whole thing seems like a thin charade for a guy hoping to weasel out of a badly timed acquisition. But unfortunately for Musk and the Twitter employees who’ve been on this multimonth acquisition roller coaster, the ink is already dry on the deal.

Last month, Musk participated in a companywide call with Twitter employees — a rare instance of actually engaging with the entity he’s on the hook to buy and a gesture that signaled he was moving forward with the deal he has to move forward with.

Since he began maneuvering to purchase Twitter this spring, a few things have changed. In the intervening time, markets dove off a cliff and reports surfaced that Musk exposed himself to a SpaceX flight attendant who later received a quarter of a million dollars in hush money. Oh, and Musk apparently recently fathered children with a Neuralink employee who reports directly to him — not exactly an inspiring leadership profile. Nonetheless, Musk is on track to take over at Twitter.

Elon Musk tells Twitter employees he wants to be involved in product

Twitter investors sue Elon Musk over acquisition shenanigans

Posted on

Twitter will reportedly hand over internal data to soothe Musk’s bot fears

Elon Musk’s wishes for more information about Twitter bots might just get granted. Twitter is planning to offer its presumptive buyer its full “firehose,” or a comprehensive stream of data on tweets, according to a report from the Washington Post.

After agreeing to buy Twitter for $44 billion without doing much due diligence, the Tesla and SpaceX CEO has thrown an extended, public temper tantrum in an apparent effort to back out of the deal. While some theorize that Musk’s cold feet are a result of the macroeconomic downturn, the billionaire mogul has used the issue of automated bot accounts as a potential way out of the deal.

On Monday, Twitter shared a letter from Musk’s legal team in an SEC filing, declaring that Musk needed more transparency around “spam and fake accounts” on the service before he could move forward with the deal. Twitter estimates that bots make up less than 5% of accounts on the site, but “lame duck” CEO Parag Agrawal said that he doesn’t think this calculation could be verified externally, since it requires use of private company data (and that’s when Musk sent the CEO a poop emoji).

Apparently, Musk will now gain access to this data, which Twitter initially didn’t want to turn over. The “firehose” contains information about every tweet that’s sent, what device it is sent on and other information about the account.

According to the contract for the $44 billion deal, Musk has to go through with the purchase unless if he can prove that Twitter had deceived him about the true value of the company. If it turned out that Twitter is actually much more bot-dense than previously believed, that could be a route out of the deal — but it’s unlikely that Twitter’s disclosures are even wrong. The Post reported that at least two dozen companies outside of Twitter already pay for access to this sought-after data, and if there were any major discrepancies, it’s hard to imagine that we wouldn’t have caught wind of them by now.

But U.K.-based GlobalData published a study this morning alleging that at least 10% of Twitter users could be bots. It’s not clear if their data came from the “firehose” or publicly accessible data (TechCrunch asked the firm for clarification), but the study analyzed about 4 million tweets from 20,976 unique handles. GlobalData chose these accounts by collecting data from Twitter once every 3 hours for 22 iterations, then selected a sample size. Still, this data could be interpreted in different ways depending on the definition of spam.

“Incessant tweeting of non-original content can be considered spam, but some may choose to see it as a very active user sharing articles/opinions,” explained data scientist Sidharth Kumar. Kumar means that an account that only retweets news articles might be flagged as a bot, but in practice, it may be a real user who just doesn’t post original content.

Since filing to go public in 2013, Twitter has consistently claimed that only about 5% of accounts are spam.

Echoing Elon Musk, Texas AG is investigating Twitter over bots

Everything you wanted to know about Elon Musk and Twitter (but didn’t want to ask)

Posted on

Apple issues friendly reminder that it’s employees’ right not to unionize

As a handful of Apple retail locations begin the process of unionizing, the trillion-dollar company’s vice president of people and retail Deirdre O’Brien delivered a warning to 58,000 retail staff in a video that was leaked to The Verge.

“I want to start off by saying that it is your right to join a union, and it’s equally your right not to join a union,” O’Brien began her address.

Since April, Apple stores in New York, Maryland and Atlanta have announced their intent to unionize, and earlier today, the Apple store at Oxmoor Center Mall in Louisville, Kentucky announced its union campaign.

Workers at these Towson, Maryland and Atlanta, Georgia stores have successfully filed to hold union elections. This means that even if Apple won’t voluntarily approve their union, they can still achieve formal recognition by earning more than 50% of votes in an election facilitated by the National Labor Relations Board (NLRB). The Atlanta store at the Cumberland Mall will likely be first to hold a vote, which is expected to begin June 2. When filing for an election, over 70% of the store’s employees were in favor, which means the odds of their formal union seem promising. But not if the ubiquitous corporate behemoth that lives in our pockets can stop it.

Apple, which has been accused of illegal union busting tactics, is working with Littler Mendelson, the same law firm working with Starbucks’ anti-union push. Last week, Motherboard leaked a document of anti-union talking points that has been circulating among managers at some Apple stores. The document argues that unionizing would limit workers’ opportunities for career advancement, endanger Apple’s culture by bringing in a third party and take away employees’ ability to speak up. O’Brien echoed these points in her video to retail staff, which Motherboard reports is watermarked, likely so that Apple can identify any employee who leaks it.

“I worry that because the union would bring its own legally mandated rules, that would determine how we work through issues,” O’Brien said. “It could make it harder for us to act to swiftly address things that you raise.”

O’Brien also claims that the relationship between Apple and its workers would become worse under the representation of a union, arguing that Apple has a deeper commitment to its workers than a union.

“We have a relationship that’s based on an open and collaborative and direct engagement which I feel could fundamentally change if a store is represented by a union under a collective bargaining agreement,” O’Brien added. “And I worry about what it would mean to put another organization in the middle of our relationship.”

But these sentiments don’t hold up very well — if Apple wanted to make a change in policy, then they would pose the change to the union. Then, the workers who make up the union could choose how to respond. Unions like the Communications Workers of America, which represents the workers at the Cumberland Mall store in Atlanta, don’t make decisions independent of employees. Instead, they help support the workers and advocate for them as they bargain for better working conditions.

Workers at the Atlanta store are seeking more equitable pay. Their union said in a statement that retail workers at Apple have been denied a living wage, cost of living adjustments or equitable stock options.

Fruit Stand Workers United (FSWU), the union at the Grand Central Terminal store, shares this feeling. They are seeking a minimum pay of $30 per hour, more robust benefits including increased tuition reimbursement, more vacation time and better retirement options like higher 401(k) matching.

“Year over year, the cost of living in New York City has not kept pace with our wages,” the FSWU mission statement reads. “Meanwhile, Apple has grown to be the most valuable company in the world. Why should its retail workers live precariously?”

Right now, wages range between $20 and $30 per hour, plus some Apple stock. Apple retail workers also have access to healthcare and tuition reimbursement benefits.

Apple did not respond to a request for comment on this story, but provided this statement to TechCrunch two weeks ago: “We are fortunate to have incredible retail team members and we deeply value everything they bring to Apple. We are pleased to offer very strong compensation and benefits for full time and part time employees, including health care, tuition reimbursement, new parental leave, paid family leave, annual stock grants and many other benefits.”

So far, no Apple retail stores have gained formal union recognition, but in February, the Washington Post reported that at least two stores were backed by major national unions and were prepared to file paperwork with the NLRB, while at least six more stores were in earlier stages of attempting to unionize. Around the same time, Apple doubled paid sick days for both full-time and part-time workers following reports from The Verge about the struggles of frontline Apple workers.

“I love the saying that feedback is a gift. It truly is,” O’Brien concluded her speech. “I want you to know that we are listening and will continue to listen so that we can support you and make your experience at Apple even better.”

An Apple Store in Atlanta is the first to file for a union election

Apple retail workers at the Grand Central store are trying to unionize

Posted on

Google Play launches its own privacy ‘nutrition labels,’ following similar effort by Apple

Google Play is today officially launching its own version of privacy-related “nutrition labels” for apps. The company says it will begin to roll out the new Google Play Data safety section to users on a gradual basis, ahead of the July 20th deadline that requires developers to properly disclose the data their app collects, if and how it’s shared with third parties, the app’s security practices, and more.

The company’s plan to introduce app privacy labels on Google Play was first announced last spring, months after Apple’s App Store introduced privacy labels on its own app marketplace.

While both sets of labels focus on informing users about how apps collect and manage data and user privacy, there are some key differences. Apple’s labels largely focus on what data is being collected, including data used for tracking purposes, and on informing the user what’s linked to them. Google’s labels, meanwhile, put a bigger focus on whether or not you can trust the data that’s collected is being handled responsibly by allowing developers to disclose if they follow best practices around data security.

The labels also give Android developers a way to make their case as to why they collect the data directly on the label, so users can understand how the data is used — for app functionality, personalization, etc. — to help inform the user’s decision to download the app. They can also see if the data collection is required or optional.

Google says that it heard from app developers that simply displaying the data an app collects without additional context was not enough, which is what prompted the label’s design.

At launch, the Google Play Data safety section will specifically detail the following, says Google:

  • Whether the developer is collecting data and for what purpose.
  • Whether the developer is sharing data with third parties.
  • The app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted.
  • Whether a qualifying app has committed to following Google Play’s Families Policy designed to better protect children in the Play Store.
  • Whether the developer has validated their security practices against a global security standard (more specifically, the MASVS).

Alongside the launch, Google will also now finally introduce permission requests — a feature iOS has had for years. These prompts will appear when an app needs access to a sensitive permission, like your location, the camera, or the microphone. The user will see the prompt on the screen, then make a decision as to whether to grant the app access. They can also review existing data access by apps on the Android Privacy dashboard.

Image Credits: Google

Since introducing its plan for the labels, Google says it’s only made minor tweaks to the developer guidance and the store’s user interface and experience. This includes updates like encouraging developers to refer to their SDK providers’ data safety information and a new question about System services, among other clarifications and rewordings.

 

While the addition of the labels could, in theory, help Android users make better decisions about which apps they want to use, it’s not clear there’s an effort to actually check the data for accuracy at the time of submission. Asked how the data would be vetted, Google told us that developers are responsible for the information they provide. Google also said that if it finds a developer has misrepresented the data they’ve provided in violation of the policy, it won’t immediately remove the app — it will just ask the developer to fix it. Only if the app doesn’t comply would an action later be taken.

App privacy labels have already been accused of being an unreliable source of information following their launch on the App Store. According to a report by The Washington Post last year, many of the labels they reviewed in a spot-check provided false information. For instance, apps claiming they collected no data were actually found to be doing the opposite — collecting it and sharing it.

Image Credits: Google

In other words, the labels functioned to give users a false sense of security about how their data was accessed and used, rather than a real way to take action. Apple, however, had told The Washington Post it would routinely audit labels for accuracy. Google makes no such claims today.

Google has given developers until July 20 to complete their Data Safety section, but the Data safety section is already rolling out. That means many users will see apps without labels even as the product launches. That staggered release could also be by design, as it dissuades users from immediately going to check their favorite apps’ privacy and security practices; and by the time those labels arrive, users may have forgotten they had wanted to do this.

Users will begin to see the labels appear on their Android phones at some point over the next few weeks as the labels reach global users.

Posted on

Apple retail workers at the Grand Central store are trying to unionize

From Activision to Amazon, historic union elections are changing the way that Americans think about work. Now, Apple is the next tech giant to reckon with an employee-driven labor movement.

Calling themselves the Fruit Stand Workers United (FSWU), employees at Apple’s Grand Central Terminal retail location launched a website designed to educate their fellow workers about why they want to unionize their store.

“Year over year, the cost of living in New York City has not kept pace with our wages,” the FSWU’s mission statement reads. “Meanwhile, Apple has grown to be the most valuable company in the world. Why should its retail workers live precariously?”

The collective will be affiliated with Workers United, the same group that has helped over 20 Starbucks locations form unions since December.

The FSWU is seeking a minimum of $30 per hour for all workers. Right now, wages range between $17 and $30 per hour, plus some Apple stock. They also want better benefits, including increased tuition reimbursement, more vacation time, better retirement options and higher match rates for 401(k)s. Since the Grand Central store faces unique challenges due to its location, they want to conduct research about the health effects from the dust, building materials and noise pollution in the busy landmark.

“Grand Central is an extraordinary store with unique working conditions that make a union necessary to ensure our team has the best possible standards of living in what have proven to be extraordinary times with the ongoing COVID-19 pandemic and once-in-a-generation consumer price inflation,” the website reads.

The collective has begun the card signing process, which is a step toward filing for a union election with the National Labor Relations Board (NLRB). If at least 30% of workers sign cards indicating that they want a union, then the NLRB will conduct an election.

TechCrunch has reached out to Apple for comment, but did not hear back before publication.

So far, no Apple retail stores have unionized, but in February, the Washington Post reported that at least two stores were backed by major national unions and were prepared to file paperwork with the NLRB, while at least six more stores were in earlier stages of attempting to unionize. Around the same time, Apple doubled paid sick days for both full-time and part-time workers following reports from The Verge about the struggles of frontline Apple workers.

Tech workers at Apple have also participated in campaigns for better conditions, like the #AppleToo movement, which collects stories from workers who have experienced harassment or discrimination at Apple. Apple Maps program manager Janneke Parrish, an organizer of #AppleToo, was fired for “non-compliance” when she deleted personal files from her phone and computer before turning them over to Apple for investigation. She told the New York Times that she felt she was experiencing retaliation for her organizing. Another organizer of #AppleToo, software engineer Cher Scarlett voluntarily left Apple and received a settlement after withdrawing a complaint she submitted to the NLRB. In that complaint, she had alleged that Apple had interfered with organizing efforts among employees.

Staten Island Amazon workers vote to unionize

The rise of the tech workers union and what comes next

Posted on

REvil hacker accused of Kaseya ransomware attack arrested and extradited to the US

An alleged key member of the REvil ransomware group, who federal authorities say is responsible for the Kaseya hack that encrypted thousands of its customers’ networks, has been arrested and extradited to Texas to face U.S. charges.

Ukrainian national Yaroslav Vasinskyi, 22, was arrested in Poland on October 8 and held until he was extradited and arraigned on Wednesday in a Dallas federal court to face accusations of computer hacking and fraud, according to an indictment filed in August but unsealed this week.

For a time, the REvil gang (also known as Sodinokibi) was one of the most active and prolific ransomware groups, encrypting the computers of victims in exchange for often hefty ransom demands. The Russian-speaking ransomware-as-a-service operation allows affiliates to rent access to their infrastructure in return for a cut of the profits. Since it first emerged, the group caused food production delays following the attack on meat processing plant JBS and leaked private information from companies like computer maker Acer and energy giant Invenergy,

But it was the attack on IT and network monitoring software company Kaseya that drew the most attention after the ransomware spread downstream to thousands of its customers’ networks, prompting the U.S. government to launch a $10 million bounty for information that would bring the hackers to justice.

Weeks after the Kaseya attack, the company obtained the universal decryption key to allow its customers to skirt millions of dollars worth of ransom payments to unlock their systems. According to the Washington Post, the FBI secretly obtained the key and was planning a takedown, which never happened, after the hackers vanished from the internet a short time after it was blamed for the Kaseya attack.

By October, the U.S. government said it was behind a multinational effort to force the gang offline, followed by arrests by Romanian and Russian law enforcement, which saw the group largely dismantled and millions of cash and cryptocurrency seized.

“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said U.S. deputy attorney general Lisa Monaco in a statement. “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”

Vasinskyi is one of two alleged REvil members that have been charged by U.S. prosecutors in relation to the Kaseya attack, the second is Russian national Yevgeniy Polyanin, 28.

Vasinskyi faces over 100 years in jail if convicted.

The year the tide turned on ransomware