TIME Innovation

Five Best Ideas of the Day: February 25

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

1. The U.S. wants to hack your phone because it doesn’t have the real spies it needs.

By Patrick G. Eddington at Reuters

2. Eight universities account for half of all history professors in the U.S. How did that happen?

By Joel Warner and Aaron Clauset in Slate

3. Bill Gates is investing in low-tech impact entrepreneurs in India.

By David Bank in Entrepreneur

4. “Liquid biopsy” can detect cancer from a few drops of blood.

By Michael Standaert in MIT Technology Review

5. Let’s build the infrastructure to make microfinance institutions into true innovation hubs.

By Jessica Collier in Medium

The Aspen Institute is an educational and policy studies organization based in Washington, D.C.

TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email ideas@time.com.

TIME technology

Obama’s New Plan for Online Security Faces Some Big Questions

U.S. President Barack Obama speaks in Washington on Feb. 11, 2015.
Yin Bogu—Xinhua Press/Corbis U.S. President Barack Obama speaks in Washington on Feb. 11, 2015.

President Obama wants Corporate America to work more closely to fend off hackers, but his new plan won’t achieve much unless he can get Congress to work more closely with him.

At a tech conference at Stanford University Friday, Obama is expected to provide more details about a new federal cyber intelligence unit which is designed to better coordinate the analysis of various online threats.

The White House’s plan hinges on the idea that companies should unite in the face of a common threat. The basic idea is that if Anthem, Sony or Home Depot—all companies that have suffered major cyber attacks recently—shared in real-time how their defenses were breached, then other companies and the federal government would be better able to stop similar attacks.

To that end, Obama’s executive order is expected encourage companies to set up voluntary, information sharing and analysis organizations (ISAOs) to help other companies and the U.S. government disseminate information about cyber threats more quickly, according to a White House statement. (That part of the White House’s plan is not totally new. Voluntary Information Sharing and Analysis Centers, ISACs, already exist within many sectors, although in most industries, they’re flimsy at best.)

Senior industry figures as well as advocates and lawmakers concerned about consumer privacy say that while the Obama plan might sound good, it’s riddled with problems. They suggest that emphasizing rapid-fire, real-time information sharing raises a host of major legal questions ranging from privacy to anti-trust issues.

For example, analysts say that the kind of threat that companies would share at these new ISAOs are likely to include customers’ personal information. Privacy advocates say that such information would have to be carefully stripped-out or redacted before it could be shared—a process that would seriously slow down information-sharing efforts and give companies a reason not to share information that may get them in legal trouble later.

The White House, for its part, has gone the opposite route: it has proposed legislation that would legally shield companies sharing cyber threat information at ISAOs, but Congress hasn’t bitten. The executive action is expected to further that effort.

Others opposed to the Obama plan worry that the data shared at ISAOs could include highly-confidential or proprietary information about a company’s security system, which raises anti-trust questions. If two competing companies share proprietary information under the guise of sharing cyber-threat information, are they technically colluding with each other?

Meanwhile, some Republican lawmakers are opposed to the president’s plan because it suggests that the federal government would play too big of a role in the private sector by encouraging companies to communicate with government-monitored clearinghouses. “Unilateral, top-down solutions will not solve America’s cyber problems,” said Speaker John Boehner’s spokesperson, Cory Fritz, in a statement.

The White House has played down concerns about the new executive action, emphasizing that participating in the ISAOs would be entirely voluntary, that protecting civil rights would be a key component of the new sharing framework, and that companies would simply be encouraged to develop a common set of standards for better combatting cyber threats. White House Cybersecurity Coordinator Michael Daniel has said that the federal government can’t prevent cyber threats on its own and needs the private sector to take an active role in improving its own policies and sharing information.

Apple CEO Tim Cook is expected to speak at the conference at Stanford today, although top Google, Yahoo and Facebook executives have said that they will not attend. Their cooperation, as well as Congress’, will be the key to whether Obama’s ambitious new agenda actually happens.

TIME intelligence

Obama to Limit Data Collection by Intelligence Agencies

FILE PHOTO  NSA Compiles Massive Database Of Private Phone Calls
Getty Images This undated photo provided by the National Security Agency (NSA) shows its headquarters in Fort Meade, Maryland.

Modest reforms will also establish White House oversight over surveillance of foreign leaders

Intelligence agencies will have to delete extraneous data on private citizens and limit storage of data on foreigners to five years, the Obama administration is expected to announce Tuesday, as part of a new batch of modest restrictions on intelligence gathering efforts.

The reforms will also initiate regular White House reviews over surveillance programs targeting foreign leaders, the New York Times reports. President Barack Obama abruptly cancelled one such program targeting German Chancellor Angela Merkel in 2013, after leaked documents revealed that the National Security Agency had tapped her cell phone records.

However, the administration stopped short of addressing the scope of the NSA’s collection of “metadata” on cell phone records, which sparked a controversy after it was revealed that the program encompassed millions of Americans’ cell phone records.

Read more at the New York Times.

 

TIME intelligence

Activist Defiant After Sentencing Over Stratfor Hacking

Nikki Loehr—freebarrettbrown.org Activist and journalist Barrett Brown was sentenced to five years in prison.

Barrett Brown, the activist, journalist and one-time associate of hacktivist collective Anonymous who has become an online cause célèbre, isn’t going to let prison silence him.

He was sentenced to five years in prison Thursday for threatening a federal agent on YouTube and interfering with a federal investigation related to the 2011 hack of the private intelligence firm Stratfor. On Friday, he told TIME that he planned to use his sentence to document American prison life from the inside.

“There’s things that go on there that they don’t want to talk about,” Brown told TIME in an interview from prison Friday, “so this is a great opportunity.”

Brown characterized his sentence as part of a larger problem in the United States of unjust laws and misconduct on the part of prosecutors and law enforcement.

“The prosecutor said one thing that was accurate—that I don’t have respect for the laws in this country,” he told TIME. “We have a situation in which the only way we can survive as a free nation is if our laws are not enforced.”

Brown, 33, was sentenced Thursday to five years and three months in prison and ordered to pay $890,000 in restitution and fines on charges stemming from his connection to the hack of private intelligence firm Stratfor in 2011. During the prosecution, he drew support from journalist Glenn Greenwald, WikiLeaks founder Julian Assange and liberal philosopher Noam Chomsky among others on a website called “Free Barrett Brown.”

In a statement released to journalists immediately after his sentence was handed down, Brown sardonically hailed the ruling as “Good news!”

”The U.S. government decided today that because I did such a good job investigating the cyber-industrial complex, they’re now going to send me to investigate the prison-industrial complex,” he said, thanking the government for providing “free food, clothes and housing as I seek to expose wrongdoing by the Bureau of Prisons officials and staff and otherwise report on news and culture in the world’s greatest prison system.”

Brown was arrested in 2012 and initially charged with aggravated identity theft and, most notably, with trafficking in stolen goods because he posted a link online to information others had pilfered in the Stratfor hack, including internal emails and credit card numbers. The latter charge drew widespread condemnation from civil rights groups like the Electronic Frontier Foundation, which called the charge “a serious threat to press freedom” in a statement condemning the sentence. The stolen goods and identity theft charges were later dropped and Brown pleaded to three lesser crimes: accessory after the fact, interfering with an FBI investigation and threatening an FBI agent. The last charge resulted from YouTube rants a visibly distraught Brown posted that included threats to an FBI agent investigating Brown and his mother. The bulk of his sentence is a result of that threat.

In a statement to the judge before his sentence was handed down, Brown called the videos “idiotic” and expressed contrition over what he characterized as a lapse in judgment. “Although I made them in a manic state brought on by sudden withdrawal from Paxil and Suboxone, and while distraught over the threats to prosecute my mother, that’s still me in those YouTube clips talking nonsense about how the FBI would never take me alive,” Brown told the court in a prepared statement. In that statement and in conversation with TIME Friday, Brown accused prosecutors and law enforcement of repeatedly committing perjury over the course of his case.

Including the more than two years Brown has spent in prison since his arrest he could serve an additional three years, though he is reported to be up for supervised release after one year.

“I’m a very monastic individual anyway. I spend a lot of time reading and writing,” Brown told TIME. “People don’t want to be in prison of course but some people benefit from it. Dostoyevsky. Solzhenitsyn. I’m one of those people.”

TIME intelligence

U.S. Journalist Receives Five Years in Jail for Linking to Hacked Data

Europe Hacking Startfor
Cassandra Vinograd—AP The home page of the Stratfor website is seen on a computer monitor in London Wendesday Jan 11, 2012.

Barrett Brown must also pay $890,000 in restitution

An American journalist loosely affiliated with the Anonymous hacking collective was sentenced to 63 months in jail by a Dallas federal judge on Thursday for linking to hacked data from private global intelligence firm Stratfor in 2011.

Barrett Brown, 33, initially faced a sentence of over 100 years until he pled guilty last year to three reduced charges of obstructing a police search, issuing online threats and involving himself in the sharing of Stratfor data, reports the BBC.

“The government exposed me to decades of prison time for copying and pasting a link to a publicly available file that other journalists were also linking to without being prosecuted,” Brown said in a statement before the hearing.

Free speech activists allege Brown’s prosecution is based on his investigations into U.S. cybersecurity and intelligence contractors. He created Project PM in 2010 to probe intelligence leaks on a crowdsourcing platform.

“The U.S. government decided today that because I did such a good job investigating the cyber-industrial complex, they’re now going to send me to investigate the prison-industrial complex,” Brown said in a public statement after the sentencing, according to The Guardian.

The hacker responsible for the Stratfor data breach, Jeremy Hammond, 30, is currently serving a 10-year prison sentence.

TIME intelligence

U.S. Cracked North Korea’s Computer Systems

Kim Jong Un North Korea
KCNA/Reuters North Korean leader Kim Jong Un looks through a pair of binoculars as he guides the multiple-rocket launching drill of women's sub-units under KPA Unit 851, in Pyongyang in this undated photo released on Dec. 30, 2014.

It reportedly happened before the devastating Sony hack

Comments by top U.S. officials, including President Barack Obama, that blamed North Korea for the Sony Pictures cyberattack were apparently rooted in a top-secret penetration of North Korea’s computer systems by the National Security Agency, according to The New York Times — a report independently confirmed by NBC News.

The Times reported that the penetration occurred before the hack of Sony, but U.S. intelligence officials would not discuss the report Sunday or confirm its details. But the Times report says the evidence gleaned from the U.S. penetration of North Korean government hackers’ activities persuaded Obama and other top officials that North Korea was behind the attack…

Read the rest of the story from our partners at NBC News

TIME intelligence

FBI Accuses North Korea in Sony Hack

North Korean leader Kim inspects the Artillery Company under the KPA Unit 963, in this undated photo released by North Korea's KCNA in Pyongyang
KCNA/Reuters North Korean leader Kim Jong Un inspects the Artillery Company under the Korean People's Army Unit 963 in Pyongyang on Dec. 2, 2014

Fallout led Sony to pull The Interview

The FBI on Friday accused the North Korean government of being behind the devastating hack on Sony Pictures Entertainment that eventually prompted it to cancel the release of The Interview, the first formal statement that the U.S. government has concluded the isolated nation is responsible for the cyberattack.

“The FBI now has enough information to conclude that the North Korean government is responsible,” the bureau said in a statement. “Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.”

President Barack Obama, asked Friday about Sony’s decision to pull The Interview, said: “Yes, I think they made a mistake”

The FBI said it determined North Korea was responsible based on an analysis of the malware involved and its similarities to previous attacks the U.S. government has attribute to North Korean-allied hackers, including an assault on South Korean banks and media outlets in 2013. These include “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” the FBI said in its statement. According to the FBI, the malware used in the attack communicated with known North Korean computers. The FBI didn’t furnish evidence to back its assertion that North Korea was involved. North Korea has denied being behind the hack.

Read more: The 7 most outrageous things we learned from the Sony hack

Bureau investigators have been working for weeks with Sony executives and private security experts to investigate the scale and origins of the attack. For Sony, the hack has been devastating: It crippled the studio’s infrastructure, leaked sensitive documents about tens of thousands of employees and contractors, embarrassed executives and resulted in the studio’s decision to pull, The Interview, a movie whose plot centers around the assassination of North Korean leader Kim Jong Un. The film incensed the North Korean government.

Read more: 4 things every single person can learn from the Sony hack

The FBI did not say whether the attack was coordinated from within North Korea or through allies outside the hermit kingdom. The FBI said it could only provide limited information to the public to protect its sources and methods.

President Barack Obama is expected to address the incident on Friday afternoon in a White House news conference. On Thursday, White House Press Secretary Josh Earnest said the administration was treating the incident as a “serious national security matter.”

White House officials have convened daily meetings to discuss the attack and to devise options for a “proportional response,” Earnest said, not ruling out an American counter-attack on North Korean systems.

“The FBI’s announcement that North Korea is responsible for the attack on Sony Pictures is confirmation of what we suspected to be the case: that cyber terrorists, bent on wreaking havoc, have violated a major company to steal personal information, company secrets and threaten the American public,” Chris Dodd, who heads the trade group Motion Picture Association of America, said in a statement. “It is a despicable, criminal act.”

See the full FBI statement:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

· Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

· The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

· Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

TIME intelligence

White House Doesn’t Rule Out Cybercounterattack in Sony Hack

Calls it a "serious national security matter"

The White House is treating the massive hack of Sony Pictures Entertainment as a “serious national security matter” and is currently devising a “proportional response” to the cyberattack, press secretary Josh Earnest said Thursday.

Earnest said there have been a number of daily meetings at the White House about the hack, and that there are “a range of options that are under consideration right now” for a response. Earnest would not rule out a U.S. cybercounterattack on those behind the Sony hack, saying officials are mindful of the need for a “proportional response.”

“This is something that’s being treated as a serious national security matter,” he said. “There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor.”

Read more: Everything we know about Sony, The Interview and North Korea

Earnest would not publicly name the “sophisticated actor” behind the attack, even as U.S. officials have linked North Korea to the hack — something Pyongyang has denied. “I’m not in a position to confirm any attribution at this point,” Earnest said.

The incident remains under investigation by the FBI and the National Security Division of the Department of Justice, and Earnest said those efforts are “progressing.” Earnest said it’s unlikely officials will be able to fully disclose the eventual response. “I don’t anticipate that we’ll be in a position where we’re gonna be able to be completely forthcoming about every single element of the response that has been decided upon,” he said.

Asked about Sony’s decision to pull the film The Interview from distribution in response to threats of 9/11-style attacks from hackers, Earnest said: “The White House stands squarely on the side of artists and other private citizens who want to freely express their views.”

Read more: You can’t see The Interview, but TIME’s movie critic did

“This is a decision that Sony should make,” Earnest added. “This is a private company.”

The hack exposed reams of employees’ data and embarrassing email exchanges between executives. It came as Sony was preparing to release The Interview, which has been fiercely criticized by North Korea for depicting a fictional assassination attempt of the country’s leader, Kim Jong Un. With a growing number of movie theaters saying they wouldn’t screen the film amid the threads of attack, Sony canceled its release late Wednesday.

“Administration officials were consulted about the film prior to its release at the request of the company that was producing the movie,” Earnest said, confirming that officials had screened the film.

TIME intelligence

U.S. Sees North Korea as Culprit in Sony Hack

Fallout prompted studio to pull The Interview

American officials have determined the government of North Korea is connected to the hack that left Sony Entertainment Pictures reeling and eventually prompted it to pull a movie critical of the country’s leader, a U.S. official confirmed Wednesday.

Much remains unclear about the nature of North Korea’s involvement. The country, while lauding the hack against Sony, has denied being behind it. There were conflicting reports Wednesday evening, and officials are expected to unveil their findings Thursday. But the U.S. official confirmed to TIME that intelligence officials have indeed determined North Korea was behind the hack, one of the worst cyberattacks ever against an American company.

The New York Times, citing senior Obama Administration officials, reported that intelligence officials have determined North Korea was “centrally involved.” NBC News, also citing unnamed U.S. officials, reported that the Americans believe the hacking came from outside North Korea itself, but that the hackers were acting on orders from Pyongyang.

MORE: The 7 most outrageous things we learned from the Sony hack

The hack exposed reams of company data, including employees’ emails and salaries. A group calling itself the Guardians of Peace claimed credit. And analysts have speculated North Korea was behind an attack that came before the scheduled release of The Interview, a Sony movie that depicts American journalists enlisted by the CIA to assassinate North Korean leader Kim Jong Un. (North Korean officials have criticized the movie.) Threats of 9/11-style attacks against theaters that show the movie led many theaters to say this week that they wouldn’t screen it, which prompted Sony to cancel the scheduled Christmas Day release altogether.

“We are deeply saddened by this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees and the American public,” Sony said in a statement. “We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.”

In an interview with ABC News on Wednesday, President Barack Obama called the hack against Sony “very serious,” but suggested authorities have yet to find any credibility in the threat of attacks against theaters.

“For now, my recommendation would be that people go to the movies,” Obama said.

TIME intelligence

Attorney General Allows Limited Subpoena of New York Times Journalist

A man crosses the Central Intelligence A
Saul Loeb—AFP/Getty Images A man crosses the Central Intelligence Agency (CIA) logo in the lobby of CIA Headquarters in Langley, Virginia, on August 14, 2008.

Attorney General Eric Holder has given federal prosecutors permission to subpoena New York Times reporter James Risen for some information regarding his connection to a former employee of the Central Intelligence Agency.

Though New York Times reporter James Risen has been adamant about not revealing his sources and the Department of Justice indicated last week it would not force the Pulitzer Prize winner to reveal who his sources were, prosecutors announced Tuesday they will be seeking his testimony in the case of Jeffery Sterling.

The Department of Justice charged Sterling, a former agent, of unlawfully obtaining documents and spilling national secrets in 2010, and subsequently accused him of being a source in Risen’s 2006 book State of War.

Information regarding confidentiality agreements for Risen’s book, whether articles and chapters from his book, “accurately reflect information provided to him by his source (or sources), that statements attributed to an unnamed source were, in fact, made by an unnamed source, and that statements attributed to an identified source were, in fact, made by an identified source” will be sought during the trial, scheduled to begin on Jan. 12.

According to a court filing, prosecutors needed approval in regard to the subpoena given new Department of Justice guidelines on seeking information from the news media. The guidance, issued in July, provides some protection from members of the media in civil and criminal proceedings. The guidance came following scandals involving the DOJ seizing phone records and emails of reporters from the Associated Press and Fox News.

Media organizations and advocacy groups including the Newspaper Association of America have been calling on Congress to pass a law that would protect journalists from having to reveal their confidential sources in criminal and civil proceedings without having to face legal consequences.

A federal judge in Virginia requested last week that the federal attorneys come to a clear decision on whether or not they would subpoena Risen by Tuesday.

Requests for comment from Risen’s attorneys were not immediately answered.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser