Monthly Archives: January 2022

Flaw?

Posted on by
Reply

The People’s Republic of China government requires everyone attending the Beijing Olympics next month to load a tracking app on their cell phones:

Those who attend the Olympics, including athletes and journalists, are required to download the app and upload their health and vaccination information to track potential outbreaks of COVID-19.

The Citizen Lab, based in the University of Toronto’s Munk School of Global Affairs & Public Policy, has identified what it terms a security flaw.

It turns out that the app, MY2022, fails to validate some SSL certificates. That means it’s a trivial matter for…others…to bypass any security measures, including encryption, that the phone’s owner might have implemented. Those others then can easily intercept and otherwise gain access to the cell phone owner’s sensitive information: all the medical information the PRC government requires to be loaded into the app, ostensibly for Wuhan Virus tracking, along with wholly unrelated information like all traffic in which the phone might be or have been engaged, all passport information, all medical information whether or not related to the Virus, and all other information stored on the cell phone—images and videos, contact lists, other emails, Web sites and bookmarks, and on and on.

The Lab’s key findings are

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
  • MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
  • MY2022 includes features that allow users to report “politically sensitive” content. The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies.
  • While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

It’s doubtful, at least to me, that China’s own laws and national standards pertaining to privacy protection are being violated, though, given the PRC government’s already widespread surveillance of all of its citizens. The PRC’s 2017 national intelligence law, too, requires all entities to cooperate with the government’s intelligence community and provide whatever information that community requires, which means that the app’s spying is no violation of the PRC’s own laws.

And there’s this:

[The] Citizen Lab said it had notified the Chinese organizing committee for the Games in December about the potential issues but had never received a response.

The Beijing Organizing Committee’s refusal to respond is itself instructive.

No, this is no flaw; neither PRC government programmers nor Beijing Organizing Committee programmers, who are the ones who officially built the app, are that amateurish. It’s deliberate, and it’s one more reason to not only skip the Beijing Olympics (including not watching them on NBC), but to skip doing any sort of business with any sort of PRC company.

The Lab’s report can be read here.

Negotiating

Posted on by
Reply

Ex-SEC Chairman Arthur Levitt Jr. had some thoughts on negotiating in his take on the relationship between the Biden-Harris White House and Congress. In one thought in particular, though, Levitt is badly…off.

Governance takes two. If a director opposed the CEO without proposing something better, he’d be ignored. In Washington, Republicans don’t seem interested in negotiating. … Republicans, you can oppose, but if you have an opportunity to shape policy, take it.

Levitt badly misunderstands. Progressive-Democrat Ocasio-Cortez openly hoped for Progressive-Democrat control of Senate explicitly so Party would not need to negotiate with Republicans.

Republicans have often tried to negotiate, only to be told “we won, you lost.” The last time Progressive-Democrats controlled Senate, then-Majority Leader Reid routinely “filled the tree” precisely to prevent Republicans from offering amendments.

Progressive-Democrats have already passed one reconciliation bill so as to exclude Republican amendments, and they’re bent on same a second time. They’re also determined to blow up up the filibuster so they no longer have need even to pay lip service to negotiating.

Where is this “opportunity” of which Levitt wrote for Republicans to shape policy with Progressive-Democrats refusing to negotiate?

President Joe Biden (D) often says it’s his goal to fundamentally change America. How is it possible to negotiate with a Party that refuses to negotiate and that is openly bent on destroying the republican democracy that is the United States and to remake us into their image?

Visitor Logs

Posted on by
Reply

President Joe Biden (D) refuses to release any visitor logs connected to visitors he has when he’s in Delaware—which is as much as a third of his time in office during his first year, just concluding. He’s defending that refusal, using the voice of his Press Secretary, Jen Psaki.

The president goes to Delaware because it’s his home. It’s also where his son and his former wife are buried, and it’s a place that is obviously close to his heart. A lot of presidents go visit their home when they are president.

A responsible press, denied access to visitor logs when the President is at his Delaware home, especially for as much of the year as Biden is, would send reporters and photographers to his home to track those visitors and to keep their own logs of visitations. And publish those logs and images.

However….

“It Depends on Uncle Sam”

Posted on by
Reply

Without more help from Washington, electric-vehicle sales will struggle to live up to the stock-market hype.

That Wall Street Journal lede pretty much tells the tale.

And this:

If the new technology is to live up to high investor expectations, the global record suggests that the US will need to embrace subsidies.

It depends on Uncle Sam. As long as electric vehicles get subsidies of any sort—either on the manufacturing end or to buyers of them on the other end—these battery cars can never be mainstream. As long as they’re getting any sort of subsidy, battery cars are tautologically unready for market.

Inadequate

Posted on by
Reply

Co-President Joe Biden-Kamala Harris are having trouble getting much of their political and (pseudo-)economic agenda passed. (Aside: failure isn’t a done deal; it would behoove the pundits on the right side of center to stop their crowing and predictions of landslide Republican elections in November.)

That’s not a failure of the agenda or of Biden-Harris or of Party managers in the House and Senate, though.

Not at all, insisted Paul Begala.

I think the problem for the Democrats right now is not that they have bad leaders. They have bad followers, okay?

And

In other words, those of us who want to say voting rights– we need to get to work. I do think Biden is putting everything behind this. But he needs– he needs better followers….

This is an example of the contempt Progressive-Democrats have had for us Americans all along. Here is Herb Croly, one of the founders of the modern Progressive movement that has evolved the Democratic Party into its current form as the Progressive-Democratic Party:

But the fault in that case lies with the democratic tradition; and the erroneous and misleading tradition must yield before the march of a constructive national democracy. The national advance will always be impeded by these misleading and erroneous ideas, and, what is more, it always should be impeded by them, because at bottom ideas of this kind are merely an expression of the fact that the average American individual is morally and intellectually inadequate to a serious and consistent conception of his responsibilities as a democrat.