WYSK: 03/11/22
This Week: 1. Joel Kaplan; 2. Dirty Pipe; 3. Citizen App; 4. Second Families
What you should know from the week of 03/11/22:
- Joel Kaplan: Meta's VP of Global Public Policy lobbies powerfully to help Facebook out of tough spots;
- Dirty Pipe: A critical Linux kernel vulnerability is discovered;
- Citizen App: Part startup, part safety app, 'Citizen' advances for-profit policing;
- Second Families: The rising call for sanctions on Russian politicians' second families.
Joel Kaplan:
A long read, but a very good one from Benjamin Wofford in Wired. Wofford's article centers around Joel Kaplan, Meta's VP of Global Public Policy, while addressing Meta's influence in Washington D.C.
It provides a vital reminder that Meta/Facebook's success is not due solely or primarily to its technical and business brilliance, but to an aggressive and intentional policy of navigating political issues effectively. In short, lobbying:
Having spent $20 million last year, Facebook is now running the second-largest lobbying effort by a public company in the US, only shy of Amazon.
Wofford details a biography of Joel Kaplan, ranging from:
- a liberal college student (and friend of Sherryl Sandberg),
- a Marine Corps officer,
- then a conservative law student,
- friend of Brett Kavanaugh,
- clerk for Antonin Scalia,
- policy aid to Dick Cheney as part of the Bush campaign,
- deputy chief of staff in the Bush whitehouse,
- then Executive VP at Energy Future Holdings (a Texas utility company),
- and finally ending up climbing the ranks at Facebook.
The article paints a picture of a very intelligent and savvy guy, who has—despite a largely Republican political career—carefully maintained close friendships within both political parties. And importantly, has a laser-focus on accomplishing his objectives regardless of morality or right:
In late 2007 the Environmental Protection Agency was on the brink of a historic feat: declaring that greenhouse gases posed a direct threat to the public through climate change. On the afternoon of December 5, an EPA official named Jason Burnett emailed the agency’s official but unpublished Endangerment Finding to the Office of Management and Budget, thus triggering a federal review process that would in all likelihood lead to the first-ever regulations of CO2 emissions from vehicles and, eventually, power stations. A half-hour later, Steven Johnson, Bush’s EPA administrator, walked into Burnett’s office. As Burnett recalls, Johnson had just gotten off the phone: Joel Kaplan was asking them not to send the report to the OMB. When Burnett said he’d already sent it, Johnson left, then came back five minutes later. “Joel is asking whether you can send a follow-on email, saying you sent it in error.”
“And I said, ‘Well, no—because I didn’t,’” Burnett recalls, laughing. “This is the key environmental issue of our time, the evidence is clear. No, I didn’t send it ‘by mistake.’” Johnson went back to the phone and again returned a few minutes later. “OK, Joel is going to tell Susan Dudley”—the OMB official who had received the EPA document—“not to open your email.” Burnett was speechless, and also somewhat impressed at Kaplan’s logic. Under a certain theory, if the email remained unopened, the OMB wasn’t in receipt of its contents. “And if you’re not in receipt of its contents, then you don’t have to take action that would flow from having received this Endangerment Finding—literally, that the public is in danger from climate change.”
Kaplan has applied this focus effectively within Facebook/Meta, allowing Facebook deep access into Congressional deliberations:
The suction of Facebook’s vacuum has created mild paranoia: Congressional staffers recounted stories of sensitive communications leaked to Facebook, sometimes within minutes. [Representative David] Cicilline says that when the committee sent out final drafts of its legislation of Facebook, the company had already possessed them for two weeks. “So they have friends all over,” Cicilline said with a thin smile.
Dirty Pipe:
From Dan Goodin in Ars this week:
Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016...
Linux is an Operating System (like Microsoft Windows or macOS) that is free and open source (unlike Windows or macOS). It is very widely used in both servers (big computers that run the internet) as well as in embedded applications (like in your car or your smart devices).
Dirty Pipe allows malware or a malicious user to take complete control over a Linux system (through "privilege escalation"), and has lasted for several years:
The vulnerability first appeared in Linux kernel version 5.8, which was released in August 2020. The vulnerability persisted until last month, when it was fixed with the release of versions 5.16.11, 5.15.25, and 5.10.102.
Additionally, since Linux is so broadly used, this vulnerability impacts Android phones as well:
Dirty Pipe also afflicts any release of Android based on one of the vulnerable Linux kernel versions. Since Android is so fragmented, affected device models can't be tracked in a uniform way. The latest version of Android for the Pixel 6 and the Samsung Galaxy S22, for instance, is 5.10.43, meaning the devices are vulnerable. A Pixel 4 on Android 12, meanwhile, runs 4.14, which is unaffected. Android users can check which kernel version their device uses by going to Settings > About phone > Android version.
Essentially, any devices running the vulnerable Linux kernel are vulnerable to this attack. Yikes!
Citizen App:
For-profit prisons are a stain on America; now, the world of 'disruptive' tech startups is increasingly entwined with policing.
Citizen is an application that, as Joseph Cox says in his Vice article this week: "sits in a position halfway between a public awareness or safety app, and being a startup driven by metrics and revenue like any other."
Cox's reporting reveals how Citizen has been getting cozy with the Los Angeles Police Department. Much of Citizen's access mirrors what the public would have: access to ride-alongs, tours of the precinct, access to publicly-broadcast police scanner data. But Citizen has been expanding their access. For example, in Baltimore, Citizen is slated to gain access to encrypted police communications the public does not have access to.
Citizen has misrepresented itself in its discussions with police:
“I wanted to reach out with some amazing news!” a Citizen employee wrote to an LAPD officer in June. “Recently, a 12-year-old autistic boy went missing in the Bronx for 2 days. We notified all 1.7 million Citizen users in New York City and encouraged them to help in the search.”
This hunt for the missing child was controversial. Citizen broadcast footage of people who tracked the boy down, asked him to accompany them in a vehicle, and drove him back to his family. While the footage was presented as organic Citizen users, they were actually secretly members of Citizen’s so-called street team, who are paid by the company to film events.
Citizen's vision of its mission continues to expand as it is driven by profit motives with a new focus on working in warzones abroad and getting involved in Ukraine.
Profit is not a bad motive in general, but it is bad when it intersects with public safety and government authority.