“Zoom Bombers” — Illicit Privacy Concerns as the Nation Goes Virtual

Throughout the nation, companies and universities have responded to the coronavirus pandemic by transitioning to virtual classes and meetings. One crucial platform aiding this transition is Zoom, a video conferencing application whose userbase has skyrocketed in the past few weeks. The platform saw a surge in upwards of 200 million daily users in March. Unfortunately, the platform was not entirely prepared for the onslaught of users and security concerns that followed.

Although there are several privacy concerns associated with the rapid growth of Zoom, the recent trend of “Zoombombing” is particularly harmful. Zoombombing has taken the form of simple pranks and coordinated large-scale harassment/disruption efforts. The New York Times recently reported that they discovered “153 Instagram accounts, dozens of Twitter accounts and private chats, and several active message boards on Reddit and 4Chan where thousands of people had gathered to organize Zoom harassment campaigns, sharing meeting passwords and plans for sowing chaos in public and private meetings.”

This chaos includes the projection of pornographic and violent images as well as the use of racial, misogynist, anti-Semitic, threats, and vulgar slurs. Zoom Bombers have utilized other platforms to share Zoom links and create further harmful disruptions. There have been a significant amount of disruptions and threats to Alcoholics Anonymous meetings as well as support groups for trans and nonbinary youth.

Government response to these issues is constantly evolving, but the FBI has attempted to enact harsh penalties to deter Zoombombing. The incidents have been classified as cyber-attacks. A teen in Connecticut was “charged with committing fifth-degree computer crime, fifth-degree conspiracy to commit a computer crime and breach of peace” for a Zoombombing incident. The difficulty comes with the nature of these attacks, as it is often difficult to trace the user or halt the attack once the user has access to the link.

While the platform undoubtedly needs to do more to increase security, there are a few things Zoom hosts can do to increase the safety of their meetings. The following steps, recommended by the FBI, can be taken to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy addresses requirements for physical and information security.
  • Report any abuse to the FBI’s Internet Crime Complaint Center at gov.
  • For a specific threat during a teleconference, please report it at fbi.gov or call the FBI Boston Division at (857) 386-2000.

“Zoom Bombers” — Illicit Privacy Concerns as the Nation Goes Virtual

The Virus Changed the Way We Internet

COVID-19 has impacted lives across the globe and people are spending a lot of their time at home. With no movie theaters, bars, and lively restaurants open, many Americans are finding other ways to deal with this time of uncertainty. In an article written by Ella Koeze and Nathaniel Popper of the New York Times, analysts say our behavior in the United States has shifted to more internet usage for work, play, and communicating on social media. The average daily traffic for social media and entertainment leaders Facebook, Netflix, and YouTube have seen sharp rises since stay at home orders were implemented.

Many Americans are taking this time to focus more on their computer screens rather than being on mobile devices for hours at a time. With social distancing guidelines in place across the country, it is important for the American people to still connect with loved ones. The New York Times says, “we are seeking out new ways to connect, mostly through video chat.” Instead of messaging a friend or family member on their cellphone, more people are shifting to apps like Google’s Duo or Houseparty, where people can play games with one another. To pass the time, news websites have also seen a growth in traffic by more than 50 percent over the last month.

With many people working and going to school from home, apps like Zoom have created a platform for life to continue. A parent whose child started school on Zoom said, “her children definitely miss lunch, school activities and seeing friends and teachers at school.” Many kids across the country are feeling the same way, but during this time many Americans are adapting well to the new circumstances.

Many important business meetings have been conducted on apps like Zoom. Zoom has been under scrutiny lately. In an article on Bloomberg, Peter Blumberg noted that, “Zoom Video Communications was accused by a shareholder of hiding flaws in its video conferencing app, part of  a growing backlash against security loopholes that were laid bare after an explosion in worldwide usage.” Worldwide usage will continue and the internet will continue to be a useful tool.

The Virus Changed the Way We Internet

 

 

 

 

 

Leveraging Artificial Intelligence to Combat Coronavirus and Improve Healthcare

How is artificial intelligence (A.I.) useful to combat a health pandemic? Consider the significance of computer systems that mimic human intelligence to perform difficult tasks – and autonomously self-improve based on information they collect – at a rapid speed. With the recent injection of A.I. in the biotechnology industry, it has become increasingly apparent how useful it will be to beat coronavirus (COVID-19) and dramatically improve the American healthcare system thereafter.

Since its inception, COVID-19 has wreaked significant havoc, having spread to over 100 countries. There has been a reported two million cases with over 100,000 deaths, according to current statistics. Perhaps the most pervasive aspects of the disease are its non-physical effects, such as triggering an economic crisis – with an estimated ten million American jobs lost – and hitting society’s morale with a heavy blow. However, A.I. technology is being used by medical professionals to mitigate, and hopefully eliminate, these harms.

An Israeli biotechnology company, TytoCare Ltd., is using A.I. in at-home medical exams to provide doctors with palatable information to analyze when making a diagnosis. Chinese company, Huawei Technologies Co., is using A.I. as a diagnostic tool to detect signs of COVID-19 from CT scan data. Further, companies are leveraging A.I. algorithms, machine learning, and natural-language processing to analyze social media data to predict human behavior and potential future outbreaks.

Microsoft recently partnered with ImmunityBio to model the movement patterns of the “spike protein” that causes COVID-19 to penetrate human cells. Similarly, Adaptive Biotechnologies is using A.I. to produce a test that provides a detailed map of how the body reacts to COVID-19, which can be analyzed by doctors to better understand the disease. In the Silicon Valley, Zuckerberg San Francisco General Hospital is using biometric sensing “smart rings,” that are worn by healthcare workers to monitor their vital signs – like temperature, heart rate, and oxygen saturation – to predict the early onset of COVID-19.

A.I. that predicts adverse events by collecting and analyzing data from wearable technology will open a wide range of opportunities for preventative medicine. Detecting that someone is ill as early as possible will allow doctors and healthcare professionals to help patients recover faster, avoid suffering, and prevent death. Even beyond the COVID-19 pandemic, the presence of predictive A.I. in the medical industry is crucial for the detection and prevention of adverse health events like cardiovascular disease, Parkinson’s, and ALS, among many others.

I have personally been involved in the use of A.I. in the MedTech sphere, as a co-founder of Enabyl Inc., a cloud-based A.I. company. My colleagues, Jonathan Zia (MD/Electrical Engineering PhD Candidate at Emory Med and Georgia Tech) and Vince Monardo (Electrical Engineering PhD Candidate at Carnegie Mellon) developed an A.I. framework called Foresight that allows IoT-connected devices and apps to update their functionality in real-time in response to patient data. Enabyl’s technology learns to predict a patient’s needs and health risks, and also calibrates to each user to collect more accurate data.

There is a looming fear that A.I., if left unregulated, can be problematic. Concerns about A.I. taking jobs, being weaponized, or used to collect sensitive data that violates privacy rights, are legitimate. However, with proper governmental regulation and the enforcement of ethical practices, A.I. can be leveraged to radically transform the American healthcare system. A.I. technology has the capacity to not only treat patients that are currently suffering from illness, but to also detect and prevent future illness at a low cost. In turn, healthcare can be made far more affordable for millions of uninsured Americans.

Leveraging Artificial Intelligence to Combat Coronavirus and Improve Healthcare

Elliott’s Latest Target: Twitter

Twitter CEO and co-founder Jack Dorsey recently survived activist hedge fund Elliott Management Corp’s efforts to oust him from his position. By increasing its stake in Twitter to over 4%, Elliott leveraged its ownership to compel changes within the company. However, Elliott’s push to remove Dorsey was settled rather quickly, and a Cooperation Agreement that included Dorsey continuing on as CEO was reached in just over a week.

Given Elliott’s track record in successful activist campaigns, the result is somewhat surprising. Paul Singer, Elliott Management’s founder and key investor, has a reputation that precedes him. Bloomberg has called Singer “aggressive, tenacious and litigious to a fault” naming him the “most feared” investor in the world. In spite of these perhaps unpopular tactics, Elliott’s investment in a company is almost always followed by an uptick in stock price as many investors view Elliott’s heavy-handed actions as a leading indicator of future operational improvements. Following this pattern, Twitter was up 7% after Elliott’s holding was announced.

While the agreement between Elliott and Twitter allows Dorsey to remain as CEO, other significant changes will be implemented. Jesse Cohn, a partner at Elliott, and Egon Durban, a managing partner at Silver Lake, will be added to Twitter’s board. The board is also looking to add a third new director, specifically one who brings product development and growth expertise. Additionally, a newly formed independent committee will regularly evaluate the leadership structure and CEO succession plan going forward.

Perhaps the most interesting aspect of the agreement reached between Elliott and Twitter is the introduction of a $2 billion share repurchase program which will in part be funded by a $1 billion investment from Silver Lake. A share repurchase program will likely prohibit Twitter from investing more aggressively in product development and other innovation efforts, which potentially conflicts with some of the growth initiatives Elliott is looking to implement.

The agreement between Twitter and Elliott sets hardline goals that Dorsey is expected to lead the company to meet. Namely, the company is expected to increase daily active users by 20% and accelerate revenue growth to increase its share of digital advertising spend. If Twitter doesn’t rise to the challenge and meet these benchmarks, Dorsey’s days as its standing CEO are likely to be numbered.

Elliott’s Latest Target- Twitter

Music Industry’s New Money Streams

Over the past ten years, the U.S. music industry has completely transformed into a digitally driven business. According to data compiled by the Recording Industry Association of America, in 2009 59% of U.S. music industry revenues were driven by physical CD sales whereas streaming brought in a mere 5%. Fast-forward to 2019 and physical CD sales constitute only 10% of revenues, while streaming is now a solid 79%. In fact, paid streaming raked in an astronomical $8.8 billion of revenue for the industry in 2019. The growth of paid streaming services is the singular driving factor behind the music industry’s recent success.

Platforms such as Spotify, Apple Music, Youtube Music, Amazon Music Unlimited, and Google Play Music have accelerated growth in the music industry by providing on-demand streaming services for a subscription fee. While these platforms are successful at capitalizing on the digitization of content and improving content distribution, many of them are still subject to natural ceilings because they are not the owners of the songs they stream. This has been an ongoing issue for players such as Spotify, who has been scrutinized in the public markets because of its unclear path to profitability despite its scale and relative success. For instance, the music streaming giant now serves 124 million paying subscribers, but shells out nearly 75% of the monthly revenues it generates on those subscribers to music labels, publishers and the like.

With these favorable economics, music labels are receiving heightened interest from investors and strategics. In December 2019, a consortium led by Tencent purchased a 10% stake in Universal Music Group from Vivendi. The transaction valued UMG at €30 billion and allows the consortium to double its stake within a year on the same terms. Subsequent to the minority investment by Tencent, Vivendi noted in public disclosures that it’s considering an IPO for UMG in the near term as the business segment continues to witness strong growth. In doing so, UMG joins Warner Music Group who has also indicated it will be pursuing an IPO.

How well these record labels will perform in the public markets remains unproven. Although labels such as UMG and WMG are directly benefitting from the digitization of content and the surge in streaming, it is unclear whether there is sufficient headroom available for these businesses to continue growing at scale. For example, one researcher cautioned streaming could “slow as it becomes harder to find Americans who are not yet signed up.” In order to continue expanding, streaming platforms will need to look outside of the US and European markets. At the same time, labels are looking beyond content ownership and distribution to ancillary entertainment services such as social media strategy and merchandising. Whatever the outcome, it’s an exciting time for the music industry as it continues to transform itself.

Music Industry’s New Money Streams

CCPA: California’s Take on Data Privacy

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020 granting California consumers new rights regarding the commercial use of their personal data. Specifically, the CCPA gives Californians the right to: request a copy of the personal data a company has collected about them, ask the company to delete their personal data, and prohibit the sale of their personal data to third parties. While the CCPA only covers California residents, companies such as Netflix and Microsoft are proactively allowing all Americans to assert the rights contained in the CCPA.

Naturally, the CCPA reminds people of the General Data Protection Regulation (GDPR), the European Union’s consumer privacy act which went into effect summer 2018. However, there are important differences between the two acts. First, the CCPA only covers companies that make at least $25 million per year in revenue or collect data on over 50,000 people, whereas GDPR does not have any minimum scale requirements. Second, CCPA’s primary focus is to give consumers access to their personal data whereas GDPR focuses on regulating businesses’ handling of consumer data. CCPA places the onus on the consumer to be diligent about where their personal data sits rather than holding businesses accountable for how they collect, manage, and share that consumer’s data. In practice, consumers must opt-out of personal data collection that businesses are already gathering under CCPA, but under GDPR, businesses must have opt-in from consumers prior to collecting any data and must have a commercial reason to collect it. While the CCPA certainly gives consumers greater transparency and control over their data, it does not necessarily require companies to take greater care when handling such information.

Despite regulations such as GDPR and CCPA laying the groundwork for stronger consumer privacy rights, critics such as Frederick Lee, CISO at Gusto, argue these regulations fall short of addressing the entitlement some businesses, especially within the technology sector, claim to have over consumers’ data. According to Lee, these regulations merely lead to businesses doing the bare minimum and resorting to a “check-the-box” approach to compliance rather than fundamentally shifting their data management processes to place the consumer’s best interest at the forefront. Lee urges fellow business executives to “build data policies with privacy in mind” and remember that “protecting consumer data is a moral obligation, not just a legal one.”

While a step in the right direction in terms of elevating the importance of privacy, it’s unclear how many California residents will take full advantage of their rights under CCPA or which businesses will actively prioritize the interests of their customers. With enforcement of the CCPA beginning in July 2020 we may have to wait until then to see just how much impact this new regulation will have going forward.

It remains to be seen how many consumers will take full advantage of their rights under the CCPA and actively engage in monitoring companies’ use of their personal data. Additionally, it’s unclear what enforcement will entail. Once enforcement of the CCPA begins in July we will see what the state attorney general’s office addresses and if ambiguities in the law become clearer.

CCPA California’s Take on Data Privacy – Christina Scully

Virgin Galactic Makes Progress on Regulatory Front, Clearing the Way for Private Space Flights

Before Virgin Galactic can send private individuals into space, it must emerge from a complex regulatory web.  The company, led by Richard Branson, has made significant progress on this front in 2020, receiving the majority of the approvals it needs for its commercial license to go into effect.

Virgin Galactic Holdings, Inc. is a commercial space flight company that aims to construct infrastructure to enable private space exploration.  In the near term, that means building high altitude planes and offering tourists and researchers flights to the lower thermosphere.  Customers entering this region of earth’s atmosphere, where the International Space Station orbits, will experience several minutes of weightlessness.  Tickets cost $250,000.  Though in the long run, the company hopes its investments will push down launch prices, so even more individuals can experience space travel.

To make space tourism a reality, Virgin Galactic is focusing on commercial viability and approval of its launch mechanism.  The company must work closely with the Federal Aviation Administration, which governs space tourism.  The FAA regulates launch sites, payload, and reentry, and grants experimental and commercial flight permits.  In 2016, the FAA issued Virgin Galactic a commercial operating license.  Still, after four years, the license is not yet validated.

The FAA hold-up may be attributed to a 2014 crash of an experiential flight backed by the company.  The crash prompted the National Transportation Safety Board to criticize the FAA’s review process.  In its report, the NTSB blamed the agency for failing to provide sufficient oversight and for rushing to approve experimental flight permits.  But after six years, Virgin received 20 of the 29 approvals it needs to validate its license.

Barring another mishap, it appears that Virgin Galactic is on its way to providing customers $250,000 tickets to the thermosphere.  All seats for the first flights are reserved.

Virgin Galactic Makes Progress on Regulatory Front, Clearing the Way for Private Space Flights

 

The Balance between Surveillance and Privacy in the Fight Against COVID-19

Surveillance is a powerful tool in the fight against the COVID-19, but such techniques can infringe on privacy.  Throughout the world, countries have implemented aggressive surveillance programs to combat the disease.  But for now, the United States has resisted taking this approach, choosing instead to only gather anonymized data.

Outside of the United States, countries are using intrusive surveillance measures to contain the pandemic.  In Israel and Italy, authorities are monitoring mobile phone location data to identify exposure and assess compliance with lockdown orders.  Singapore and South Korea post detailed information about where infected citizens live, work, and commute.  Governments do not post names online, but the available data has been used to personally identify and harass those infected.  And authorities in the People’s Republic of China are using a smartphone app that assigns green, yellow, and red codes to classify citizens by their contagion risk.  The government scans citizens’ smartphones when they enter public spaces and tracks their location.  This system limits movement and imposes quarantines on high-risk individuals.  Observers fear that this infrastructure could be used for continued social control after the pandemic.

The United States is collecting aggregate, anonymized data to stem infection and better understand the disease.  This approach does not weigh on privacy to the degree seen in other countries.  Google said it will begin generating “COVID-19 mobility reports” for public health officials, which will contain anonymized, county-level movement data to identify high traffic areas.  Already, companies are pinpointing locations where people are experiencing symptoms and mapping the location of atypical illnesses, indicative of spread.  In addition, companies are considering using geolocation data to track the availability of hospital beds. And the C3.ai Digital Transformation Institute hopes to use artificial intelligence to forecast the disease’s progression.

While the United States has not instituted surveillance programs like those seen in China, the government can use its broad authority during emergencies in this capacity.  For example, normally the government cannot obtain precise user data from telecom or internet companies without user consent or a court order.  But during an emergency, the government can circumvent these protections.  These steps may not be far off.  The federal government is in talks with MIT about implementing an app that tracks COVID-19 patients and the people they come in contact with.

Surveillance measures have the potential to contain the virus and save lives, but these measures come with high costs to civil liberties.  While individuals may be willing to trade off privacy in the short term, there is a risk that such technology will remain in place after the pandemic fades.

The Balance between Surveillance and Privacy in the Fight Against COVID-19

Coronavirus Sickens the Retail Supply Chain

Coronavirus is at the top of the news around the globe. For most it means buying some more masks and hand sanitizer, getting groceries delivered, and recently, staying home. For some regions and groups of people the impact is higher. But for those who are under contractual obligations to provide manufactured goods, the impact of coronavirus will be felt for months, if not longer.

China is the largest exporter of textiles and clothing, producing hundreds of billions of dollars worth. Clothing is bought by wholesalers and retailers, and textiles are what enable the clothing industry to create new product. If Chinese factories will remain closed for the foreseeable future, fall product that has not yet shipped to distribution centers may not even get bought or made.

In the fashion industry, at least twice a year buyers for every category descend upon showrooms to look at the new season. Those meetings are now shifting to videochat and browsing line sheets and lookbooks, orders are being cancelled, and discounts being sought. Whether they will stop doing that, for lack of demand from consumers unwilling or unable to browse, or for inability to get new orders filled, remains to be seen.

Some retailers maintain a diverse supply chain for precisely this reason. Zara, for example, is well known for keeping its supply chain (based mostly in Spain) underutilized to be able to respond to the market and changing trends. While other countries like Bangladesh and Vietnam can and will fill some of the shifting demand, it’s clear that flexibility will be necessary in order for retailers and the vertical to continue operating. The retailers that have a less diverse supply chain, or more specialized need that can’t be easily transferred to another factory, will inevitably suffer. Larger retailers like Wal-Mart and Target have been so far unwilling to significantly lower their forecasts as they are flexible and better able to absorb the risks. However, they still need to make decisions about how to allocate the product they can get, and plan for an uncertain future.

The panic and illness already spreading will inevitably lead to litigation over breach of contract. Companies are now examining their force majeure provisions and are making decisions about how and when to mitigate damages, make declarations and responses to customers, and whether they will change terms of the agreement or simply not perform. Middlemen, who are facing breaches from their manufacturers and having to alert their customers, may be able to claim a defense based on frustration of purpose or show that they were prevented or hindered from fulfilling the terms of their contract. Insurance might help, if companies included such risk protection, but certainly not every firm that needs it has it. The terms and the statutory law that governs each case will be fact-specific, but will affect both relationships between parties and how companies craft force majeure clauses for years to come.

Everyone is doing the best they can, given the information and uncertainty at hand. That effort will have to last just a bit longer than expected to get through the ripple effect and whatever else happens.

Coronavirus Sickens the Retail Supply Chain

Toasting with Take-out Alcohol Won’t Save Local Business

The California Alcoholic Beverage Control (“ABC”) recently announced a temporary relaxation of regulations that allow bars and restaurants to sell alcohol for takeout, delivery, and drive-thru. This move is intended to help to make up some of the revenue lost due to mandatory coronavirus closures. California isn’t the only one; in the same week, states across the country announced similar changes.

New York, for example, released similar laws, stating that “under the Governor’s direction, the manufacture, distribution and sale of alcoholic beverages are deemed essential.”

However, these changes generally only apply to “bona fide eating places,” with food prepared and served by the establishment. Bars that only serve alcohol seem to be out of luck. Online, those bars appear closed until the shelter-in-place mandate is lifted.

Meanwhile on Caviar and other delivery platforms, many restaurants have enthusiastically added a cocktail section to their menu. One bar in NY will throw in a bag of chips ($3 on their limited bar menu) with each cocktail delivery to comply with the rule. The irony? That bar is a speakeasy, designed for another time in history when people were not supposed to frequent bars.

One Bay Area bar bought a bottling machine to deliver tiki drinks to customers with the required caps. The bars that are struggling to pay rent though, might not be able to afford this investment, or invest in infrastructure to deliver. Some are calling for a 10% cap on the fees that delivery platforms charge, indicating a need for more regulation that helps out an industry in a time of desperate need.

In addition, cities might not lift local regulations, and it is unclear if each city will continue to enforce the law as is. In California at least, the ABC’s action does not preempt local laws. In that case, then business in certain cities will not be able to take advantage of the relaxed regulations.

The ABC’s regulatory relief helps in a meaningful way. But it doesn’t help everyone, and won’t be enough to bring operations back to what they were. Someone has to bear the loss, and someone has to make the difficult choices: whether it’s the landlord who collects rent from the shuttered businesses, or the proprietors deciding whether or not to take on debt. Without more awareness and marketing, customers may not even be aware that the restaurants and bars are open for delivery; they might assume everything is closed or not bother to check each establishment’s status, thus increasing the industry’s reliance on platforms like Caviar and DoorDash.

It will take purposeful steps to get the hospitality industry through this; something will be needed to support the small businesses– perhaps no-interest loans, rent freezes, or temporary debt forbearance. Without additional investment in the local economy, residents might emerge from social distancing to find that their neighborhood simply can’t go back to the way it was.

Toasting with Take-out Alcohol Won’t Save Local Business