Ivanka Trump's Punk Phase and Ted Cruz's Tweeting Top This Week's Internet News

Following a week in which Twitter announced a schedule to try and make the platform less awful and the Scaramucci Post seemed hellbent on proving all of its critics right, it’s important to take a moment to think about what’s really important in life.

Please remember @catsu as you explore the mixed bag of randomness the internet offered over the last seven days. It might be the only thing that will keep you sane.

Punk as … Huh?

What Happened: Of all the Trump children, which one do you think is the most likely to have listened to Nirvana and really felt bad when Kurt Cobain died? The answer may surprise you, if you were thinking Eric or Donald Jr.

What Really Happened: Even this far into our relationship with the First Daughter, Ivanka Trump knows how to surprise us all, it seems.

The story came from Ivanka’s latest memoir, Raising Trump, in which she writes about her “punk phase in the nineties,” when she was “really into Nirvana.” Twitter was, shall we say, somewhat unconvinced:

While the media reported on Ivanka’s Twitter dragging, someone realized folks could simply go back and look at photos of Ivanka during this punk phase and see the evidence first-hand:

The Takeaway: Oh, it’s easy to mock, but there are always more layers to the truth than people think.

Thank You for Your Service

What Happened: If there was one issue being discussed more than any other on social media last week, it was the ways in which a president should console grieving military families.

What Really Happened: In one of the stranger moments of political theater in recent months—an increasingly competitive space, let’s be honest—President Trump responded to a question about his lack of comment on the deaths of US soldiers in Niger by criticizing President Obama over whether or not he’d called families of fallen soldiers. Trump, of course, said that he would certainly call the families of the dead soldiers when he felt it was appropriate, which seemingly turned the whole incident into an even bigger embarrassment for all involved.

Wait. What? The report came from US congresswoman Frederica Wilson (D-Florida), a friend of the family of Army Sgt. La David Johnson, who heard Trump’s call to his widow on speakerphone. “We were in the car together, in the limousine headed to meet the body at the airport,” Wilson would later tell CNN’s Don Lemon. “So I heard what he said because the phone was on speaker.” Twitter was … not impressed.

While all of this undoubtedly looked bad for the president, it was almost certain that the White House would announce that he didn’t actually say that…

OK, sure; WH spokesperson Sarah Huckabee Sanders might not have denied it, but the president himself certainly did.

How could he have not? After all, it’s the perfect defense for him, considering that the reports had come from a representative of the opposing party. And it’s not as if the widow herself had confirmed the report. Sure, the soldier’s mother did confirm it, but all that really meant was that the back-and-forth was on.

Let’s not forget that the president said he had proof that Wilson was lying. What kind of proof was he talking about?

It would turn out, days later, that there’s apparently an official transcript of the call which, inexplicably, the president’s family has apparently read. But if White House chief of staff John Kelly was present, surely he—a military veteran who has lost his own son in service—would back up the president.

Oh… Good?

The Takeaway: Well, at least the president didn’t speak to any other grieving parents.

Melania, Is That You?

What Happened: As if 2017 wasn’t strange enough already, last week Americans found themselves asking, “What if the First Lady of the United States wasn’t actually the First Lady of the United States?”

What Really Happened: This one is surreal and wonderful. Early last week, the president made a public appearance accompanied by his wife Melania. Except, to some, she didn’t quite look like Melania.

For whatever reason—paranoia, boredom, the sheer glee of starting such a ridiculous meme—the internet quickly embraced the possibility that Melania Trump had been replaced by someone else in public appearances.

Unsurprisingly, mainstream media couldn’t resist joining in on such a dumb, great idea. One report even claimed credit for the Fake Melania idea in general, suggesting that the real deal is currently hiding in “a small town somewhere in Missouri, where she works on a volunteer basis at a center offering counseling and support to refugees and immigrants.” Well, it’s not impossible

The Takeaway: If nothing else, it’s a silly enough idea that people want to believe it.

Here’s Another Clue for You All

What Happened: Sometimes, it might not be the best idea to try and reclaim a meme that involves you being a serial killer.

What Really Happened: Hey, remember that meme that perpetuated the idea that US senator Ted Cruz (R-Texas) was the Zodiac Killer? Well, last week Cruz himself got in on the joke.

…Yes, really. That’s not a mistake, or even the kind of thing that is claimed to be a mistake after the fact; Ted Cruz actually tweeted out a letter from the Zodiac Killer. There is, of course, context for why he did this, but why ruin everything by looking at facts?

Not everyone was a fan of Cruz participating in his own meme, however.

Certainly, while the media was thrilled Cruz was joining in, some believed that he had killed the joke by doing so. Then again, maybe there was an entirely different reason for Cruz to post the meme.

Does he? And how has that worked out for him?

So, yes. It’s all going swimmingly, if that was his intent. Good job, Ted!

The Takeaway: Before we leave Cruz to ponder how much the senator has embarrassed himself here, let’s appreciate the very best response of all.

(Get it? No? Read this.)

Louder Than Bombs

What Happened: In the case of Florida v. Richard Spencer, the Sunshine State came out on top.

What Really Happened: White supremacist, alt-right leader, and punch receiver Richard Spencer had a public appearance at the University of Florida last Thursday. It was certainly something that seemed like a big deal ahead of time, with the state governor declaring a state of emergency before the event, fearful of violent protests. And, sure enough, ahead of the actual appearance, everyone was very aware of the possibility of something going down.

Sure enough, at the event itself, there were protests—but they didn’t go the way anyone expected.

Also: Campus bells played “Lift Every Voice and Sing” as Spencer prepared to take the stage. Only two arrests were made, according to local police, and Spencer was stymied and humiliated.

The Takeaway: Still. White supremacist speech? There has to be a better way to describe that…

Tech

Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

This is your Cyber Saturday edition of Fortune’s tech newsletter for October 7, 2017.

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business—a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

—Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax. 

ONE MORE THING

The adventures of John Titor.  Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Russian Spies Rush to Exploit the Latest Flash Zero Day and More Security News This Week

There’s nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn’t impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.

Google announced a new tier of account security this week called Advanced Protection that uses physical authentication tokens, advanced scanning, and siloing to help defend particularly at-risk accounts (or anyone who wants to be very cautious). And after its disastrous corporate breach, Equifax is receiving a thorough public shaming. Researchers also discovered that for just $ 1,000 they can exploit mobile advertising networks to track people’s movements in both cyberspace and the real world. Not great!

US-Iranian relations are tense and could nudge Iran’s cyber operations. And crooks have a new favorite hustle called “cryptojacking” that can secretly use your devices to mine cryptocurrency when you visit infected websites. Highs and lows.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Flash Patched Its Recent Zero Day, So Russian Hackers Are Using It While They Can

Kaspersky Labs researchers announced a new Adobe Flash vulnerability on Monday, noting that unidentified hackers exploited the bug in an attack on October 10, using a compromised Microsoft Word document to deliver FinSpy malware. Adobe coordinated with Kaspersky to issue a patch on the day of the disclosure. In the wake of the patch, researchers at the security firm Proofpoint observed the hackers doubling down to exploit the flaw before potential targets widely adopt the fix. The group, which Proofpoint says is the Russia-backed collective Fancy Bear, launched an email spearphishing campaign that targeted state departments and aerospace companies. But researchers say the operation was sloppy, and that the group has followed this pattern in the past.

Microsoft Didn’t Disclose 2013 Breach of a Sensitive Vulnerability Database

Sophisticated hackers breached Microsoft’s internal vulnerability-tracking database more than four years ago, but the company didn’t publicly disclose the incident. Five former Microsoft employees told Reuters that the company was aware of the intrusion in 2013. The database would have contained critical vulnerabilities in Microsoft’s widely used software products, including Windows, and may have even included code for exploiting those flaws. Such information would be a gold mine for foreign government-backed hackers or third-party criminals alike, and could have facilitated breaches and espionage at the time.

Reuters’ sources said in separate interviews that Microsoft never connected the breach to any other attacks, and that the company didn’t disclose the incident, because doing so would have pushed attackers to exploit the vulnerabilities before they were patched. Microsoft presumably patched everything in the compromised database years ago, though. Reuters’ sources say that the Microsoft did at least improve its internal security in response to the hack. The incident was part of a rash of attacks that also hit Apple, Facebook, and Twitter. The group behind these hacks is still unidentified, but is known by different researchers as Morpho, Butterfly, and Wild Neutron, and is still active today.

UK Concludes That Iran, Not Russia or North Korea, Hacked Officials’ Email Accounts

Investigators in the United Kingdom concluded last week that Iranian government-backed hackers were behind a June email network intrusion that targeted numerous members of parliament and Prime Minister Theresa May. Every MP uses the network, but the hackers specifically looked for accounts protected by weak passwords or reused ones that had leaked online after other breaches. The parliamentary digital services team told the Guardian that it was making email security changes in response to the attack. The incident underscores Iran’s ongoing digital offensive initiatives. Though the country has been less focused on Western targets in the last few years, it is still an active threat around the world. Recently, US President Donald Trump has worked to undermine the Iran nuclear deal, but Theresa May and other European leaders say they want to preserve it.

Police Did Social Media Surveillance on New York Black Lives Matter Group

The Black Lives Matter Global Network chapter in the Rockland County, New York filed a federal lawsuit in August claiming that local Clarkstown police conducted illegal surveillance on it throughout 2015. Clarkstown police records from the Strategic Intelligence Unit describe social-media surveillance targeted at BLM members. The documents even show evidence that a lead detective told the Strategic Intelligence Unit supervisor to stop the surveillance, but this didn’t end the program. BLM is alleging that Clarkstown police engaged in racial profiling, and violated the group members’ rights to free speech and assembly.

Millions of Crucial Cryptography Keys Weakened By Trusted Generator

A flaw in how a popular code base generates cryptographic keys has ruined the security of millions of encryption schemes. The generator appeared in two security certification standards used my numerous governments and large corporations worldwide, meaning that the flawed keys are meant to protect particularly sensitive platforms and data. German chipmaker Infineon developed the software, which has included the key generating flaw since 2012 or possibly earlier. Attackers could exploit the bug to figure out the private part of a key from its public component. From there they could do things like manipulate digitally signed software, disable other network protections, or, of course, decrypt sensitive data. The situation affects Estonia’s much-touted secure digital ID system. Infineon, Microsoft, and Google warn that the flaw will undermine their Trusted Platform Module products until customers generate new, more robust keys. Estonia has announced plans to update the keys used for its national IDs.

Tech

Riot Games Esports Co-Head Talks ‘League of Legends’ 2017 World Championship

The world’s top competitive video gamers are facing off in China over the next few weeks for the League of Legends 2017 World Championship, one of the premier tournaments in the fast-growing world of esports.

Hosted by Riot Games, the company that makes the popular League of Legends (LoL) online game, the tournament’s early rounds turned in a fair amount of excitement and upsets, though last year’s champion is still standing. The Korean professional esports team SK Telecom T1 remains a favorite in a field that also features teams like Samsung Galaxy (sponsored by the South Korean electronics giant) and the North American team Cloud 9.

If none of those names ring a bell, then the rapid ascension of esports has likely passed you by. Competitive gaming’s popularity around the world has exploded in recent years, and the esports industry is now expected to generate more than $ 1.5 billion in annual revenue by 2020, according to one estimate.

Meanwhile, major professional sports teams like the New York Yankees and Cleveland Cavaliers are throwing money at esports, while tech giants like Amazon and Google compete to lure gaming fans to stream live gameplay and competitions on their digital video platforms, Twitch and YouTube, respectively. Last year, Riot Games (which is owned by Chinese tech giant Tencent) signed a reported $ 300 million streaming rights deal with Walt Disney’s BAMTech, and this year’s LoL world championship tournament is available for streaming around the world on Twitch and YouTube.

The influx of media rights deals has also opened the door for a range of high-profile corporate sponsors, with Riot Games landing sponsorships in recent years from the likes of Acer Gaming, Coca-Cola, T-Mobile, and Mercedes-Benz.

This week Fortune caught up with Jarred Kennedy, the co-head of esports at Riot Games, to discuss the world championship (the finals will take place Nov. 4 at the Bird’s Nest National Stadium in Beijing) as well as the overall growth of the esports industry and Riot’s plans, much like rival Activision Blizzard, to remodel its own esports league after major professional sports leagues like the NFL and NBA.

The following conversation has been edited and condensed for clarity.

Fortune: What are some of the big storylines fans will be following heading into the quarterfinals of the LoL World Championships this weekend?

Kennedy: Where to begin? We’ve got some great teams that have made it through. Lots of regions are still alive. You’ve got your defending champions, SK Telecom T1, where they always are, which is contending. But, you’ve got teams that are potentially going to give them a run for their money. I think if [Chinese team] Royal Never Give Up and SK Telecom T1 wind up meeting in the semifinals in Shanghai that could be incredible. Honestly, any of the match-ups with the teams we have right now are going to be really fun to watch, because they’ve all proven themselves to get to this stage. And, the competition just keeps getting better and better the deeper we get into the tournament. That’s one of the reasons that worlds is so compelling.

How has the media rights aspect of the esports business expanded in recent years for Riot?

I think what you’re seeing is the maturation of our sport. With esports, I wouldn’t say it’s entered the mainstream, but it is increasingly an option that marketers look to. And, that’s great for us, because what we’re trying to do is build up the overall ecosystem, and having those increases in revenue coming in on that side allows us to invest in the professional players, the teams, and it allows these players to make a career out of this in a really meaningful way.

That leads into the bigger question of the esports industry’s overall growth trajectory. What are the areas of business that you think are most ripe for increasing revenue in the industry?

There are lots of different pools of revenue. Big ones would include media rights, which not unlike the NFL, NBA, or the Premier League, media rights are a large driver. For some games, including ours, there’s in-game content, and that’s something that’s unique to esports, as opposed to stick-and-ball or traditional sports, where there’s an opportunity for teams to participate in some of the in-game revenue streams. I think those are probably the biggest ones, but we’re always on the lookout for new ways to engage with fans of our sport.

You used to work at Sony Pictures Television. Would it benefit esports to make that leap to being more of a presence on traditional TV networks?

We don’t feel the need to go to TV as a point of validation. We’ve found that a lot of our fans of this sport are online, they tend to consume digitally, and thus the BAMTech deal and some other things we’ve done—negotiations with Twitch, YouTube, etc.—is just to serve them where they are. But, we’re not looking to be on NBC at 8 p.m. on a Saturday broadcasting to all of America, because we don’t think that’s where our fans want to watch, and we think it would probably be casting too wide of a net.

Why model Riot Games’ North American League of Legends Championship Series league after major professional sports leagues with revenue-sharing and a players association?

We’ve always looked at professional sports, not because we want to model exactly what other sports do, but even when you’re attempting to innovate, sometimes there are things that already exist in the world that work really well and work for a reason, and we shouldn’t be afraid to use some of that. Our goal is to have sophisticated owners of teams that can operate at a high level, know how to build businesses, know how to build sports, and who aren’t going to be working against each other, but are going to be collaborating in the best interests of fans around the world.

Going back to your point about esports not yet being in the mainstream, what needs to happen to put esports on the same level as one of the major professional sports leagues?

It takes time to get to the scale of where major sports are today, and I don’t think we have any illusions that we’re going to be able to do that overnight. We do have the advantage of being a digital property that tends to grow faster and can grow more virally. Friends tend to bring their friends into the sport, we found. We’re looking to build the best ecosystem for our fans that we can and we hope that by doing that it will thrive and grow, and over time we’ll have a chance to be as big as some of the major sports that exist today. But our primary goal is delivering value to fans day in and day out. And, if we can do that, then the rest will take care of itself.

Tech

Equifax Deserves the Corporate Death Penalty

Equifax is in trouble. The credit reporting company failed to protect the personal financial data of as many as 143 million Americans. Equifax’s failure exposed not just names and addresses, but also Social Security numbers, birth dates, drivers’ license numbers, and credit card numbers. The Federal Trade Commission, Congress, and about 40 state attorneys general are investigating the data breach, and both the Massachusetts attorney general and the city of San Francisco are suing on behalf of residents whose information was compromised.

WIRED OPINION

ABOUT

Ron Fein (@ronfein) is the legal director of Free Speech for People, a national non-partisan nonprofit organization that advocates for democracy reform and corporate accountability.

That’s a start. But it’s not enough. Equifax’s failure calls for the corporate death penalty, through a rare but vital procedure called judicial dissolution.

Under the law of Georgia, where Equifax is incorporated, the state attorney general may file a lawsuit in state court to dissolve a corporation if the corporation “has continued to exceed or abuse the authority conferred upon it by law.” (All 50 states have similar provisions.) State attorneys general don’t invoke these corporate death penalty statutes often, especially not against large, well-known corporations. But Equifax could not have obtained its unusually important position in our economy without the privileges of a corporate charter conferred by law, and it has forfeited its claim to those privileges.

Equifax’s entire reason for existence is to collect and maintain private financial data about individuals who are not customers of the company. This isn’t like other data breaches, such as the 2012 credit card data breach at Barnes & Noble, or the 2015 hack of frequent-flyer account data at British Airways. Those breaches were bad. But they affected people who had chosen to do business with these companies by buying books or airplane trips. Most of the people whose data was compromised by Equifax’s lax security don’t even know that Equifax exists, let alone that it maintains their private financial data.

While there’s never an excuse for major companies to be sloppy with customer data, Barnes & Noble and British Airways aren’t in the business of securely storing private financial data. They’re in the businesses of selling books and flying airplanes. When a bookstore or airline doesn’t manage customer data well, then the company needs to compensate its customers for its negligence, accept its punishment, and reform. But when a company’s entire reason for being is managing individuals’ most sensitive private financial data, and it fails spectacularly, it should not be further entrusted with that important responsibility.

Equifax’s conduct after the breach has given little comfort. Before revealing the breach to the public, senior executives sold $ 2 million worth of stock. Meanwhile, after the breach was made public, Equifax offered consumers free credit monitoring—but tried to force them to accept a mandatory arbitration provision clause buried in the fine print.

In fact, Equifax wasn’t even competent enough to close the stable door after the horse had bolted. Over a week after the US breach was revealed, a small computer company in Milwaukee noticed that in one Equifax computer system based in South America, customer records could still be accessed by entering the username “admin” and the password…”admin.”

This is not the conduct of a company that deserves to continue to be entrusted with a critical role in our economy. State laws enable the creation of corporations because they are thought to confer a benefit on society. But not in this case. Equifax had one job, and it failed. More than half of American adults woke up one day to learn that a corporation that few had ever heard of had lost control of financial data that they never knowingly gave it.

Dissolving Equifax would not require putting innocent people out of work or demolishing its office buildings. Working with a court-appointed receiver, the Georgia attorney general could develop a plan to deconstruct Equifax’s current corporate structure. It could continue to operate and pay its staff and vendors while dissolution is pending in court, and legitimate business lines could operate successfully afterwards under new ownership.

Equifax’s core customer data business, meanwhile, has some assets that could be sold to competitors or other new owners. Some of the main so-called assets, however, are questionable: the private financial data, which the company can no longer be entrusted to maintain; the computer code that maintains and protects that data, which evidently is inadequate to the task; and the intangible value of Equifax as a going concern, known in accounting as “goodwill.” Dissolving the company would certainly eliminate any remaining goodwill. But frankly, Equifax doesn’t have much goodwill these days anyway.

To be fair, Georgia’s attorney general, Chris Carr, hasn’t ignored the Equifax breach. He signed a group letter to Equifax along with over 30 other state attorneys general, and joined the larger multi-state investigation. Yet Carr has been content simply to participate in a broader coalition, emphasizing his duty to protect Georgia’s consumers. That’s a start, but not the end. Because of his office’s unique oversight powers over Georgia corporations, Carr needs to ask larger questions—including whether Equifax’s abuse of its state-granted corporate powers justifies revoking its corporate charter.

A few years ago—starting soon after the Supreme Court’s 2010 Citizens United decision, which held that corporations have the same right as people to spend money to influence elections—a popular bumper sticker proclaimed, “I’ll believe corporations are people when Texas executes one.”

We shouldn’t use the corporate death penalty lightly. But at this point, Equifax has lost its justification for existence.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.

Tech

SoftBank's big checks are stalling tech IPOs

LAGUNA BEACH, Calif. (Reuters) – Big cash infusions for startups from an ever-expanding group of financiers, led by SoftBank Group Corp (9984.T) and Middle East sovereign wealth funds, have extinguished hopes that the technology IPO market would bounce back this year.

These deep-pocketed financiers, which have traditionally invested in the public markets but are seeking better returns from private tech companies, have enabled startups to raise more money, stay private longer and spurn the regulatory hassles of an IPO even as they become larger than many public companies.

At The Wall Street Journal D.Live conference this week in Southern California, a number of venture capitalists, entrepreneurs, IPO experts and dealmakers spoke with Reuters about the surprisingly low number of IPOs and pointed to investors such as SoftBank for changing the business of startup financing.

“It’s not surprising if these companies get 10 term sheets,” said Nicole Quinn, an investing partner with Lightspeed Venture Partners, referring to formal offers of investment.

The result is a protracted IPO slump that has contributed to a 50 percent drop in the number of U.S. public companies over the last two decades, according to the Nasdaq. IPOs have fallen especially precipitously since 2014 – the year public market investors, including mutual funds, ramped up investment in private tech companies.

There are some signs of a more active fall for IPOs. Tech companies Switch (SWCH.N), MongoDB (MDB.O) and Roku (ROKU.O) have gone public in the past few weeks, with debuts from ForeScout and Zscaler ahead.

CORRECTION AHEAD?

Yet many investors are bracing for a market tumble after a sustained rally, raising questions about IPO opportunities for 2018.

Just 12 venture capital-backed tech companies went public in the United States in the first three quarters this year, compared to 27 for the same time period in 2014, according to IPO investment adviser Renaissance Capital.

The drought continues even though both the Dow Jones Industrial Average .DJI and Nasdaq Composite .IXIC are up more than 26 percent in the last year and market volatility is low, normally ideal conditions for an IPO.

Wall Street stock indexes have posted a string of record highs in recent weeks, and the Dow closed above 23,000 for the first time on Wednesday. [.N]

But Barry Diller, a longtime dealmaker and chairman of InterActiveCorp and Expedia Inc (EXPE.O), said the huge funding rounds had eliminated the traditional reason for an IPO.

“There is no reason to be public unless you need capital, and almost all these companies do not need capital,” Diller said.

SOFTBANK-UBER DEAL EYED

Increasingly, the big checks are coming from SoftBank, which in May closed a $ 93 billion investment fund.

So far this year, it has announced at least 14 investments in technology companies globally, including a $ 500 million deal with fintech company Social Finance and a $ 3 billion investment in shared workspace company WeWork, both private and already worth billions of dollars.

SoftBank is in the next week expected to finalize a highly anticipated deal with Uber Technologies Inc [UBER.UL] in which it, along with other investors, would purchase as much as $ 10 billion in Uber shares, most of them from employees and existing investors in a so-called secondary offering.

“This is the third liquidity option,” said Larry Albukerk, who runs secondary market firm EB Exchange and spoke to Reuters by phone. “It used to be IPO or acquisition.”

SoftBank’s deals are causing venture capitalists to “prepare for more M&A exits,” and fewer IPOs over the long term, said Jenny Lee, managing partner at GGV Capital.

Meanwhile, Nasdaq’s private market business, set up in 2014, facilitated more than $ 1 billion in secondary market transactions last year, according to Bruce Aust, vice chairman of Nasdaq.

Secondary transactions allow employees and investors to get some cash by selling to other private investors, removing a significant pressure to go public.

The flood of private capital, and the lofty valuations that have come with it, have, paradoxically, created another reason for avoiding an IPO, said Chris Clapp, a managing director with consulting group MorganFranklin.

“Many times with my clients I don’t think they would achieve the same valuation in the public markets,” Clapp said in a phone interview.

Meal delivery company Blue Apron Holdings Inc (APRN.N) took a 27 percent haircut when it went public in June and software company Cloudera Inc (CLDR.N) lost 53 percent of its valuation in its April IPO.

Snap Inc (SNAP.N), the owner of messaging app Snapchat, is down more than 10 percent from its IPO price in March.

Reporting by Heather Somerville; editing by Jonathan Weber and G Crosse

Tech

To Survive the Streets, Self-Driving Cars Must Learn to Think Like Humans

Next time you’re driving down the road or walking down the street, pause to consider how you read your surroundings. How you pay extra attention to the kid kicking a soccer ball around her front lawn and the slightly wobbly, nervous looking cyclist. How you deprioritize the woman striding toward the street, knowing she’s heading for the group of friends waving to her from the sidewalk.

You make these calls by drawing on a lifetime of social and cultural experience so ingrained you hardly need to think about it. But imagine you’re an autonomous car trying to do the same thing, without that accumulated knowledge or the shared humanity that lets you read others’ nuanced behavioral cues. Treating every pedestrian, cyclist, and vehicle as an obstacle to be avoided might keep you from hitting anything, but it could just as easily keep you from getting anywhere.

“We call it the freezing robot problem,” says Anca Dragan, who studies autonomy in UC Berkeley’s electric engineering and computer sciences department. “Anything the car could do is too risky, because there is some worst-case human action that would lead to a collision.”

Expect a thaw. Researchers like Dragan are tackling the challenges of interpreting—and predicting—human behavior to make self-driving cars safer and more efficient, but also more assertive. After all, if every machine screeches to a stop for every unpredictable human, we’ll have soon millions of terrified robots choking the streets.

To prevent the clog, those researchers are leaning on artificial intelligence and the ability to teach driving systems, through modeling and repetitive observation, what behaviors mean what, and how the system should react to them.

TU Delft

That begins with recognizing that people are not, in fact, obstacles. “Unlike, say, a tumbleweed moving along the street under the wind’s effect, people move because they make decisions,” Dragan says. “They want to do something, and they act to achieve it. We’re first looking into inferring what people want based on the actions they’ve been taking so far. So their actions are rational when seen from [that perspective], and would appear irrational when seen from the perspective of other intentions.”

Say a driver in the right lane of the freeway accelerates. The computer knows people should slow down as they approach exits, and can infer this person is likely to continue straight ahead instead of taking that upcoming off ramp. It’s a basic example that makes the point: Once computers can estimate what humans want and how they might achieve it, they can reasonably predict what they’ll do next, and react accordingly.

Machines en Scene

The key, even with machine learning, is to look beyond the individual elements of a scene. “It’s important to make strides there, but it’s only seeing part of what’s going on in a roadway setting,” says Melissa Cefkin, a design anthropologist at Nissan’s Silicon Valley R&D center. “We’re really good as human beings at recognizing certain kinds of behaviors that look one way to a machine, but in our social lens, it’s something else.”

Imagine you’re driving down a city block when you see a man walking toward the curb. The robot driver might calculate his speed and trajectory, determine he’s about to cross the street, and stop to avoid hitting him. But you see he’s holding car keys, and realize he’s stepping into the street to reach the driver’s side door of his parked car. You’ll slow down to be sure, but no need to stop traffic.

“The ways people move through the environment are already culturally and socially encoded,” Cefkin says. “It’s not always people-to-people interactions, but people interacting with things, too.”

Again, that’s a simple example. Cefkin points to what she calls the “multi-agent problem,” in which pedestrians and other drivers react to everyone around them. “If a pedestrian is going to cross in front of me, rather than looking at me they’re just as likely to look out into traffic for a gap,” Cefkin says. “So now I’m trying to figure out whether or not it’s safe to keep going based on what the rest of the traffic is going to do.”

Buying Time

If it seems the world is now headed for some sort of drivers-ed hellscape, don’t worry. Teaching AI-based autonomous systems to navigate the eternal weirdness of the human wilderness is tough, Cefkin says, but hardly impossible. In the Netherlands, where cities buzz with pedestrians and cyclists, researchers are doing the work. Dariu Gavrila, who researches intelligent vehicles at Delft University of Technology, training computers for the challenges like road debris, traffic police, and, things as unusual as someone pushing a cart down the middle of the street. The goal, he says, is to develop a more adaptive driving style for the machines—and thus enhancing social acceptance of the new hardware.

That work means factoring in the context around pedestrian traffic—proximity to curbs, the presence of driveways or public building entrances—and the norms of behavior in these environments. It extends all the way to individual movement, such as a person’s head looking one direction while their torso is pointing in another, and what that might mean. “Recognizing pedestrian intent can be a life saver,” Gavrila says. “We showed in real vehicle demonstration that an autonomous system can react up to one second faster than a human, without introducing false alarms.”

TU Delft

There are practical limits to what the computers can do, though. “This is no Minority Report,” Gavrila says—no one’s telling the future. “Uncertainty in future pedestrian or cyclist position rapidly increases with the prediction horizon, how many seconds in the future we’re trying to model. Basic behavior models already stop being useful after one second. More sophisticated behavior models might give us up to two seconds of predictability.”

Still, that second or two of warning might be all a computerized system needs, since it’s well within the scope of the human response times. But other autonomy experts think we might be setting our machines up to actually overthink every microsecond of driving.

“When you’re essentially trying to predict the future, that’s a massive computational task, and of course it just produces a probabilistic guess,” says Jack Weast, Intel’s chief systems architect for autonomous drive systems. “So rather than throw a supercomputer into every car, we just want to ensure that the car’s never going to hit any of those people anyway. It’s a much more economically scalable way of doing things.”

Getting Aggressive

There’s another wrinkle here. The ideal robocar won’t just comprehend its surroundings, it will understand how it itself changes the scene. Many robotic systems, Dragan says, come with a built-in flaw: Their makers assume the presence of an autonomous car won’t change how other actors move. “An autonomous car’s actions will influence human actions, whether we like it or not,” she says. “Cars need to start accounting for this influence.”

That’s why Dragan and her team have built a system that includes a model of human drivers’ responses to the car. “Our car is no longer ultra-defensive, because it knows it can trigger reactions from people, too,” she says. “Like other vehicles slowing down when our car merges in front of them. We’ve also looked at actively estimating human intentions, again by leveraging the autonomous car’s actions. In that case, our car might slow down gently to see if the person wants to be let in.”

That sort of assertiveness training will likely be key to traffic flow in the future. The key to a working robocar may be giving it not just human-like awareness, but a healthy dose of human-like entitlement.

Tech

Fed to step-up focus on payment security with study, working groups: Fed's Powell

WASHINGTON (Reuters) – The U.S. Federal Reserve is stepping-up its focus on payment security as the industry reaches a “critical juncture” driven by new technologies, Federal Reserve board governor Jerome Powell said on Wednesday.

Speaking at a conference in New York, Powell said the U.S. central bank would early next year launch a study analyzing payment security vulnerabilities and also planned to create new working groups focused on reducing the industry costs associated with securing payments.

“Rapidly changing technology is providing a historic opportunity to transform our daily lives, including the way we pay. Fintech firms and banks are embracing this change, as they strive to address consumer demands for more timely and convenient payments,” said Powell.

“It is essential, however, that this innovation not come at the cost of a safe and secure payment system that retains the confidence of its end users.”

The Fed does not have complete authority over the U.S. payment system, but it has led industry efforts to make it faster and easier to use. The central bank also leads the 160-member Secure Payments Task Force.

Powell’s comments underline growing concerns among financial market participants and regulators about the risks cyber thieves pose to the financial system following a series of recent incidents.

Last year, SWIFT, the global financial messaging system, disclosed it had suffered hacking attacks on its member banks including the high-profile $ 81 million heist at Bangladesh Bank.

During that incident, hackers broke into the computers of Bangladesh’s central bank and sent fake payment orders, tricking the Federal Reserve Bank of New York into transferring the funds. [here]

Powell said on Wednesday new fintech payment companies posed “significant challenges to traditional banking business models” and that the payment system was reaching a “critical juncture.”

His comments echoed those of Barclays Chief Executive Officer Jes Staley who on Saturday warned payments would be the next battleground for banks amid increasing competition from fintech players and tech giants including Amazon and Facebook.

Reporting by Michelle Price; Editing by Chris Reese

Tech

Apple and GE team up on software to track power plants, machinery

(Reuters) – Apple Inc and General Electric Co say they are working together to make it easier to write software that can track power plants and jet engines on Apple’s iPhones and iPads.

The companies have come up with a tool for app developers to connect Apple’s iOS operating system more easily to Predix, the cloud-based software at the heart of GE’s effort to turn itself into a “digital industrial” company.

The Predix software connects sensor-laden industrial machines like wind turbines, jet engines and elevators to data centers, so that streams of information from the machines can be analyzed to help predict failures and make the machines run more cost effectively.

GE expects the software to help generate $ 12 billion in digital revenue by 2020, though it took a two-month “time-out” earlier this year to iron out technical problems.

Now with the help of the new software built with Apple, which GE plans to release on Oct. 26, more information from Predix will be available to the on-the-ground managers of factories and power plants who work most closely with GE’s equipment, said Kevin Ichhpurani, executive vice president of global ecosystem and channels at GE Digital.

For example, Ichhpurani said, a power plant manager might be debating the best time to take a generator offline for scheduled maintenance. With the Predix software, the manager can see data on the machine and could share notes and photographs from an iPad at the site of the generator and even start a video call.

“These decisions can be made at the power plant or on the factory floor, as opposed to being made at corporate,” Ichhpurani told Reuters in an interview.

As part of arrangements between the two companies, GE plans to make iPhones and iPads the standard mobile devices for its 330,000 employees and will also offer Mac desktop computers as a choice for them.

In return, Apple will help promote GE’s Predix software to Apple’s enterprise customers. Apple’s salespeople will be trained on Predix’s capabilities and will promote the software in sales situations alongside iOS devices, Susan Prescott, vice president of product market at Apple, told Reuters.

Over the past several years, Apple has courted business software firms such as Accenture PLC, International Business Machines Corp, Cisco Systems Inc, Deloitte and SAP SE in an effort to move business applications over to iOS devices and make them easier to use in corporate settings.

Reporting by Stephen Nellis; Editing by Leslie Adler

Tech

U.S. senator probes Pentagon on Russian source code reviews

WASHINGTON (Reuters) – A U.S. senator on Tuesday asked the Defense Department to explain how it manages the risks when it uses software that has been scrutinized by foreign governments, saying the practice may represent a national security threat.

Reuters reported earlier this month that Hewlett Packard Enterprise Co allowed a Russian defense agency to review the source code or inner workings of cyber defense software known as ArcSight, which is used by the Pentagon to guard its computer networks.

”HPE’s ArcSight system constitutes a significant element of the U.S. military’s cyber defenses,” Democratic Senator Jeanne Shaheen wrote in a letter to Defense Secretary James Mattis seen by Reuters.

Shaheen, a member of the Senate Armed Services Committee, said disclosure of ArcSight’s source code to the Russian agency presented an “opportunity to exploit a system used on [Defense Department] platforms.”

Shaheen questioned whether the Trump administration was pushing back on demands for source code from Russia and elsewhere that are imposed on U.S. companies as a condition for entry into foreign markets.

Such reviews highlight a quandary for U.S. technology companies, as they weigh U.S. cyber security protections while pursuing business with some of Washington’s adversaries, including Russia and China, according to security experts.

“I understand that individual businesses must make decisions weighing the risk of intellectual property disclosure against the opportunity of accessing significant overseas markets,” Shaheen wrote. “However, when such products undergird [Defense Department] cyber defenses, our national security may be at stake in these decisions.”

The Pentagon and HPE did not immediately respond to requests for comment about the letter.

Cyber security experts, former U.S. intelligence officials and former ArcSight employees said the review of ArcSight’s core instruction, also known as source code, could help Moscow discover weaknesses in the software, potentially helping hackers to blind the U.S. military to an attack.

HPE has said in the past that such reviews, by a Russian government-accredited testing company, have taken place for years at a research and development center it operates outside of Russia.

The software maker has also said it closely supervises the process and that no code is allowed to leave the premises, ensuring it does not compromise the safety of its products. A company spokeswoman said last week that no current HPE products have undergone Russian source code reviews.

HPE was spun off from Hewlett-Packard Inc as a separate software company in 2015.

Shaheen’s letter asked Mattis whether he foresaw risks associated with the disclosure of ArcSight’s code and whether the Pentagon was monitoring whether technology vendors share source code or “other sensitive technical data.”

She also asked how frequently vendors disclose the source code of products used by the Pentagon to foreign governments.

Shaheen recently led successful efforts in Congress to ban all government use of software provided by Moscow-based antivirus firm Kaspersky Lab, amid allegations the company is allied with Russian intelligence. Kaspersky vehemently denies such links.

Tech companies have been under increasing pressure to allow the Russian government to examine source code in exchange for approvals to sell products in Russia. While many Western firms have complied, some, including California-based cyber firm Symantec, have refused.

ArcSight was sold to British tech company Micro Focus International Plc in a deal completed in September.

The company said last week that while source code reviews were a common industry practice, it would restrict future reviews by “high-risk” governments and subject them to chief executive approval.

Reporting by Dustin Volz and Joel Schectman; Editing by Jonathan Weber and Tom Brown

Tech