Connect with us


Car Wash Complexities and AI Autonomous Cars



Having the AI self-driving car successfully navigate a car wash is not a high priority for developers, but it would provide a value for car owners. (GETTY IMAGES)

By Lance Eliot, the AI Trends Insider

The other day I went to my local car wash here in California.

After getting my car washed, I was provided with a coupon that said if it rained within the next 48 hours that I could come back for a free car wash.

When I showed this to a colleague visiting here from the East Coast, he was surprised about the coupon and said he had never heard of such a thing being provided to car wash customers.

I was surprised that he was surprised, since this is a pretty customary offer here in California and has been as long as I can remember.

The basis for the coupon is that though we rarely get rain, there’s a paltry 12 inches of rain per year in Los Angeles and it occurs on only about 35 days of the year (meaning that 90% of the year is no rain!), the car wash businesses want to make sure that locals don’t freak-out and avoid getting a car wash when there’s even a chance of rain.

Indeed, many here would look up at the clouds and if it looks gloomy, they might put off getting a car wash under the belief that why waste money on getting your car washed and then it gets pelted by rain and those pesky rain drops mar your shiny car. The coupon is an easy way to ensure that potential customers feel confident about getting a car wash, regardless whether rain is maybe going to occur or not.

When I was a young child, my parents had me wash our own cars as a means of earning my allowance.

Rather than taking the cars to a professional car wash, they had me, the youthful amateur car washer, do so instead. It was a tedious and laborious task. Put clean water into buckets, have clean sponges and rags, be ready to wax the car after washing it, make sure to vacuum the inside of the car, and so on. I tried to make it into a game, sometimes timing myself to see how fast I could go or coming up with variant ways of doing the washing. To me, it seemed like a misuse of human labor since there were already automated car washes and I failed to see why we would not use “robotics” instead of a human to do the chore (little did I realize then that someday I would become heavily involved in AI and robots!).

Today, there are places in California that have outlawed doing car washing at your home.

This also is a surprise to some out-of-towners.

The basis for the law is that you might tend to waste water when washing your car, and here in parts of California we are water “starved” and required to conserve water. Presumably, a professional car wash is supposed to not only use just the right amount of water but also have provisions to reclaim the water. Furthermore, another reason that home car washes are discouraged is that the run-off from the car wash, which might include grease and oil and other contaminants, might flow into the sewer system and end-up in polluting our oceans. Professional car washes are supposed to have provisions to trap this or otherwise contend with it.

Car Washing Is Big Business

You might be wondering whether professional car washing is much of a business.

We are all used to seeing car washes on various street corners and often associated with gas stations. Is there a lot of money to be made via a car wash? Yes, indeed. In the United States alone, there are an estimated 16,000+ car wash establishments and it is estimated to be a nearly $10 billion-dollar industry, often commanding a hefty profit.

Something seemingly as simple as washing cars is big business.

Maybe I should have continued my amateur car washing and progressed it into a professional car wash!

The industry is dominated by smaller mom-and-pop car washes in the sense that the top 50 car washing firms only have about 20% of the total market.

This means that the market is very fragmented.

There isn’t a handful of massive car wash firms that run things. Instead, there are lots and lots of car wash owners and car wash operators, all vying to compete with each other.

Competing can be fierce in the car wash business.

Generally, the biggest competitive advantage and the one main success criteria for any car wash is its location. Car washes are considered a location-based business. People need to get their cars to your car wash. People don’t want to have to go out of their way to get to the car wash. If there’s a car wash a block from their home, and another one three blocks away, it’s going to require something extraordinary to get those drivers to take their cars those few blocks further to get their cars washed.  If you are the only car wash in-town, you’ve kind of got it made since the alternatives of hand washing yourself is now passé, as I’ve mentioned earlier.

Location is key.

You still need to have a car wash that actually does car washing. Even the best of locations can be undermined by providing shoddy car washes. People will figure this out and word will spread. Other than unsuspecting drivers, you won’t get any repeat business. You need to leverage a good location and make sure that you provide sufficient quality and consistency of your car washes.

Of course, in case your car wash and another one is pretty close in terms of location, you can try to differentiate your car wash.

They all pretty much need to be able to wash, clean, and wax, in terms of the services being provided. Those are the basics needed to be playing the game, the so-called table stakes. Time is an important factor for most customers, and so the faster your car wash can complete the service, the better it is perceived. But, you cannot sacrifice the basics for the speed, in the sense that even if you are a faster washer, if the end result is a car not as clean as some other slightly slower car wash, the odds are that people will figure this out and no longer consider your faster speed of much value.

Here’s what the mantra of car washes is, and for which people expect and clamor for out of a car wash: Clean, dry, and shiny.

This can be achieved by providing a hands-off automated service operation.

People drive up their cars, usually enter a code to activate the car wash, drive forward into the car wash, remain in their cars as the car gets washed and waxed, and then proceed out of the car wash when finished. These are the tunnel systems that have become prevalent at most car washes. There are also the full-service operations, consisting of labor that will drive your car forward for you, and do hand drying and vacuuming the inside of your car. Most car washes choose one or the other of the two approaches.

One means to gain some added revenue and profit involves selling merchandise at the car wash.

The full-service car washes especially do this since the human driver usually gets out of their car and has nothing much else to do while the car is being washed. Might as well see if the car wash can make some more bucks off those idle customers. This though also ups the ante on the nature of the experience for the customer. If a customer interacts with a scowling retail clerk, the customer might decide to never come back to the car wash, even though the car wash itself might be doing a wonderful job washing cars.

Speaking of labor, the automated operations have reduced the labor that used to be involved in car washing. There are some that cling to the belief that the labor-based full-service car washes are much better than the automated no-labor ones, but overall the market has shown that the “express” washes have grown like weeds and obviously have satisfied a significant segment of the market.

Car washes will try to encourage loyalty by offering various loyalty cards or clubs to customers. Purchase five car washes and get the sixth one free. Some go the subscription route, wherein you buy a year’s worth of car washes or maybe even unlimited number of annual car washes. There can also be discounts and special programs involved. Veterans get a 10% discount. Or, if your child goes to the local high school, you get a discount on your car wash.

So, in recap, we seem to really want to have our cars washed, as evidenced by the billion dollar industry of professional car washing.

Car washing is more than just an idle concept, it’s a big business and one that consumers seem to relish.

Car Washes And Autonomous Cars

What does this have to do with AI self-driving driverless autonomous cars?

At the Cybernetic AI Self-Driving Car Institute, we are developing AI systems for self-driving cars. One of the “edge” problems involves how AI self-driving cars can handle car washes.

When I refer to an edge problem, it means a type of problem not considered at the core of an otherwise larger problem. In the case of AI self-driving cars, being able to have the AI drive a car is at the core of the driving task. You want to make sure that the AI can properly undertake the driving while the car is on the highway, doing so while in the inner-city areas, and while in the suburbs, etc. That’s the mainstay of the driving tasks for the AI.

For my article about edge problems, see:

For why AI self-driving cars are a moonshot, see my article:

Having the AI be able to properly navigate and undertake a car wash is admittedly quite a bit further down on the list of priorities.

Nonetheless, it is an interesting problem and one that obviously provides some value to car owners, given the rather sizable nature of the car washing industry.

Imagine if you have a brand-new shiny AI self-driving car, but it cannot make its way into and through a car wash. This would seem like a let-down and in fact suggest that the AI is rather weak that it cannot handle something as simple as contending with a car wash. I’ve previously written about how the same thing can apply to other areas of driving tasks, such as being able to handle tolls at bridges.

For my article about weaknesses of AI self-driving cars, see:

For my piece about tolls, see:

The car wash industry would certainly want to be able to tap into doing car washes for AI self-driving cars.

There are an estimated 250+ million conventional cars today in the United States, and presumably ultimately, they will be overtaken by AI self-driving cars. It won’t happen overnight. And, it is most likely that the AI self-driving cars will be new purchases, rather than somehow retrofitting the existing conventional cars. But, if somehow it is difficult or arduous to get AI self-driving cars to enter into and get car washed, this would not be good for the car wash industry.

This point about the AI self-driving cars being new purchases ties again to the topic of car washes in another facet.

The newer the car, the more likely that consumers take their car to the car wash.

The older the car, the less likely they take their car to the car wash.

This makes sense when you ponder it for a moment. If I have new shiny car, I want it to look new and shiny, and be able to show it off and enjoy the newness of it. If I have an older somewhat beat-up car, scratches included and other divots, it probably wouldn’t matter much to me whether it looks new and shiny. In fact, I suppose the dirt and grime might help to hide the aspect that it is an older and somewhat downtrodden car.

With the gradual sunsetting of conventional cars, people will likely not go to car washes as much.

No need to take in your conventional car that’s becoming gradually and progressively outdated.

Booming Business For Car Washing

With the advent of AI self-driving cars, since those are generally going to be new cars, people will likely want to go to car washes again. Therefore, over time, the car wash industry will see quite an impact of the decreasing interest by consumers of washing their conventional cars, and presumably an arising and increasing interest in getting their AI self-driving cars washed.

There are other factors that might further boost the car washing industry as a result of the advent of AI self-driving cars.

One is that it is anticipated that most AI self-driving cars will be turned into ridesharing services. This makes sense in that if you have a self-driving car that can be driving 24×7, and if you can make money by renting it out, you would likely do so. In that sense, AI self-driving cars will need to look nice, presumably, as a means of appearing attractive to the ridesharing public, and also with the self-driving cars being on-the-go 24×7 there’s heightened chances of them getting dirty or at least dirty looking.

Could be good times for car washes!

Those AI self-driving cars that are involved in ridesharing might be coming to car washes with a high frequency. This keeps the AI self-driving car looking in good shape. And, since the AI self-driving car is on-the-road a lot, it will likely need to get car washed with a higher frequency than today’s conventional cars. As an analogy, some sales people that drive their cars all day long here in Los Angeles area tend to get their cars washed several times a week, wanting to keep the car looking shiny and also to deal with the dust and grime that gets onto their always being driven cars.

Let’s go ahead and assume therefore that there will be interest in having AI self-driving cars go to the car wash.

I think we can all agree to that notion.

You might quibble about the frequency aspects, but in any case, it seems reasonable to believe that owners of AI self-driving cars will want to get those cars washed, from time-to-time or for a lot of the time.

What’s the big deal, you might ask, it’s a car and it’s getting washed. End of story.

Not so fast!

We can dig further into this topic.

First, I’d bet that the times of day that an AI self-driving car will be going to a car wash might differ overall than today’s conventional cars.

Think about that for a moment.

Today’s conventional cars require that a human driver takes the car to the car wash. This generally means that the time chosen is a time best suited to the human driver. I might have a lunch break and use that time to take my car to the car wash. I might do so after work, or on the weekend.

In the case of the AI self-driving car, for a true Level 5 self-driving car, which is one that can drive without any human driver on-board the car, the AI self-driving car can be sent to the car wash at the bidding of the car owner. This can happen any time of the day. If I were ridesharing out my AI self-driving car, I would likely want to have it fully available during the prime time of when people need a ridesharing pick-up. It wouldn’t make sense for me to send my AI self-driving car to the car wash when it could otherwise be making me money by doing ridesharing.

So, the odds are that I’d send my AI self-driving car to the car wash at oddball times, such as say 3:00 a.m. when presumably there is little or no ridesharing opportunities occurring.

This means that car wash owners need to realize that they might see a radical shift of when cars come to their car washes. If you are a labor-based car wash, you might need to reconsider the work shifts of your labor. If you are a fully automated car wash, this change in times might not impact your labor, but it also means that your car wash is going to be in higher use at oddball times, and if it breaks down or needs maintenance, that’s going to happen at oddball times too.

For my article about the levels of AI self-driving cars, see:

For my overall framework about AI self-driving cars, see:

Navigating In A Car Wash Can Be Tricky

Another facet of AI self-driving cars and car washes will be the likelihood that there is no human occupant in the self-driving car when it arrives at the car wash.

This means that the car wash itself cannot rely upon a human being to aid in the process of having the car proceed into and undertake the car wash. It’s going to be done entirely with the AI system of the self-driving car.

This lends itself to technological related solutions.

The car wash might be outfitted with Internet of Things (IoT) devices that can readily electronically communicate with the AI self-driving car. This would allow the AI and the car wash to engage in an electronic dialogue about what needs to be done. It’s almost like having an air-traffic-controller that can guide the self-driving car, such as move to the front of the tunnel, move forward onto the conveyor belt, stop now that you are on the conveyor belt, and so on.

For those car washes that won’t modernize, the AI could try to do the same things that human drivers do today.

This often involves reading signs that describe what to do. The AI could use its sensors to try and figure out where the self-driving car needs to be placed within the washing system. This can be trickier than it seems since if the AI places the self-driving car to the left or right of some obstruction, it could end-up hitting the self-driving car. If you’ve ever driven into an automated car wash, you likely know the “dance” involved of you maneuvering the car and the car wash trying to crudely convey to you where the car needs to be (sometimes they flash lights, sometimes they blare a horn).

For my article about IoT, see:

For my article about reading of signs by AI self-driving cars, see:

For defensive driving tactics of self-driving cars, see my article:

Dealing With Dumb Versus Smart Washes

The effort by the AI to contend with a “dumb” car wash is going to be much greater than a modernized “smart” car wash that can electronically use IoT or the equivalent. As such, those car washes that are slow to modernize might find themselves as a disadvantage in terms of attracting owners of AI self-driving cars not wanting to send their cars to the outdated car wash.

This brings up another significant point about the fundamental nature of car washes, which I’ve mentioned earlier is their location.

Will the location of a car wash still matter in a world of AI self-driving cars?

You might say that it won’t be as important anymore. The AI self-driving car can be sent to wherever the owner opts to send it. This is a factor that will no longer depend on the human driver. We usually go to a car wash near our home or work place. With an AI self-driving car, the owner of the self-driving car can just tell it to go to anyplace that the owner thinks is best to have the car get washed.

It could be that the owner of an AI self-driving car will want to keep it mainly in a geographical area that has the best odds of getting ridesharing. If they are also using it for personal driving purposes, they’d obviously still want the AI self-driving car to come to their home and their workplace. In that sense, there’s some hope for car wash locations of today in that the owners might still want to have the car washed near their home or workplace. But, this is not something quite as guaranteed as it is with today’s conventional cars.

Another facet of car washes will be whether or not they are able to accommodate the physical aspects of an AI self-driving car.

The versions of AI self-driving cars that are being utilized today tend to have a LIDAR system on the top of the car, and have various sensitive cameras, radar, sonic sensors that are embedded just under the skin of the car or sometimes mounted on the exterior of the self-driving car.

For more about LIDAR, see my article:

If you drive an AI self-driving car into a conventional car wash, the ones that have the various brushes and aren’t touchless, the question will be whether the AI self-driving car will survive the car wash. It could be that the lenses might get scratched or some sensors might be sheared off. A car wash that wants to attract AI self-driving cars will need to make sure it can accommodate any of the physical considerations associated with an AI self-driving car.

This also brings up whether the car wash will also be doing anything inside the AI self-driving car.

I would tend to think car washes would perceive the interior cleaning aspects to be a good potential money maker. Here’s why. If you are using your AI self-driving car for ridesharing, and someone drunkenly upchucks while in your AI self-driving car, as the owner you probably don’t want to deal directly with cleaning up the mess, and so instead you would likely route your AI self-driving car to the nearest car wash that can provide that kind of cleaning service.

It would seem like an owner of an AI self-driving car is likely to consider using car washes to help keep the interior of the car clean. This is good news for the car washes. It could be that you might need to route your AI self-driving car to the car wash every day, just to keep it cleaned-up after all the people that have ridden in your self-driving car throughout the day have dirtied it. As owner of the self-driving car, you could do the cleaning yourself, but I’d bet that most AI self-driving car owners would aim to have a car wash do it, if the price is right.

For my article about the affordability of AI self-driving cars, see:

I can imagine that car washes will provide a range of specialized services for AI self-driving cars.

This could be a key differentiator as to why an owner sends their self-driving car to car wash X versus car wash Y.

Some added twists will be that the car owner can presumably be monitoring the car wash while their AI self-driving car is at one. Via the cameras on the AI self-driving car, the owner could presumably on their smartphone bring up what the self-driving car sees and watch as the car wash undertakes the services requested. There are likely inward facing cameras too, and thus when the car wash has someone doing cleaning inside of the self-driving car, the owner can watch that too.

Not only could the owner watch what is happening, they presumably can interact too with whomever is at the car wash. For the inside cleaning of a car, right now it’s mainly a manual effort. The outside cleaning can be readily automated, but the interior cleaning is not so easily automated. As such, assuming that the car wash has labor that goes into the AI self-driving car to clean it, the owner can watch what is being done and likely even interact with the labor (hey, you missed a spot right there on the backseat, please wipe it again).

Another aspect could be the scheduling of having an AI self-driving car go to a car wash. I’m sure you’ve had moments where you drove to a car wash and there were several cars ahead of you. You had to either wait it out, or decide to come back. With an AI self-driving car, if it’s being used for other purposes such as ridesharing, having it sit at a car wash waiting to get washed is not a good use of its time. Therefore, a “smart” car wash would likely put in place an electronically scheduling system.

An AI self-driving car could communicate over the Internet with a car wash scheduling system and indicate that it wants to come to the car wash in twenty minutes and make an appointment to do so.  This could be done via the same mechanism on-board the AI self-driving car for doing OTA (Over the Air) updates.

There might even be the use of blockchain for keeping track of car washes undertaken by AI self-driving cars and be used to aid in the electronic payment for the use of the car wash. All in all, there are a myriad of ways in which automation can make the entire life cycle of seeking a car wash to going there to then getting washed, entirely be something that requires no particular human intervention.

For my article about OTA, see:

For the use of blockchain, see my article:


The famous song by Rose Royce about car washes relates that you might not ever get rich working at a car wash, but it’s at least better than digging a ditch.

Generally, the already reduced use of labor at car washes is likely to continue, though until there’s an automated solution for cleaning of the interior of a car (a robot?), there’s still some amount of labor required.

In any case, the advent of AI self-driving cars will not do away with the need for car washes and to the contrary would seem to bolster the need for car washes. For those out there that are thinking of investing in a car wash, it seems like a reasonably good bet, but you’ll need to be willing to modernize your car wash for it to be well-aligned with the needs of AI self-driving cars and the human owners of those self-driving cars.

See you at the car wash!

Copyright 2020 Dr. Lance Eliot

This content is originally posted on AI Trends.

[Ed. Note: For reader’s interested in Dr. Eliot’s ongoing business analyses about the advent of self-driving cars, see his online Forbes column:]



How 4 Chinese Hackers Allegedly Took Down Equifax



In September 2017, credit reporting giant Equifax came clean: It had been hacked, and the sensitive personal information of 143 million US citizens had been compromised—a number the company later revised up to 147.9 million. Names, birth dates, Social Security numbers, all gone in an unprecedented heist. On Monday, the Department of Justice identified the alleged culprit: China.

In a sweeping nine-count indictment, the DOJ alleged that four members of China’s People’s Liberation Army were behind the Equifax hack, the culmination of a years-long investigation. In terms of the number of US citizens affected, it’s one of the biggest state-sponsored thefts of personally identifiable information on record. It also further escalates already tense relations with China on multiple fronts.

“This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” US attorney general William Barr said at a press conference announcing the charges. “For years we have witnessed China’s voracious appetite for the personal data of Americans.”

That aggression dates back to a hack of the Office of Personnel Management, revealed in 2015, in which Chinese hackers allegedly stole reams of highly sensitive data relating to government workers, up through the more recently disclosed breaches of the Marriott hotel chain and Anthem health insurance.

Even in that group of impactful attacks, Equifax stands out both for the sheer number of those affected and the type of information that the hackers obtained. While some had previously suspected China’s involvement—that none of the information had made its way to the dark web indicated a state actor rather than a common thief—Monday’s DOJ indictment lays out a thorough case.

The Big Hack

On March 7, 2017, the Apache Software Foundation announced that some versions of its Apache Struts software had a vulnerability that could allow attackers to remotely execute code on a targeted web application. It’s a serious type of bug, because it gives hackers an opportunity to meddle with a system from anywhere in the world. As part of its disclosure, Apache also offered a patch and instructions on how to fix the issue.

Equifax, which used the Apache Struts Framework in its dispute-resolution system, ignored both. Within a few weeks, the DOJ says, Chinese hackers were inside Equifax's systems.

The Apache Struts vulnerability had offered a foothold. From there, the four alleged hackers—Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei—conducted weeks of reconnaissance, running queries to give themselves a better sense of Equifax’s database structure and how many records it contained. On May 13, for instance, the indictment says that one of the hackers ran a Structured Query Language command to identify general details about an Equifax data table, then sampled a select number of records from the database.

Eventually, they went on to upload so-called web shells to gain access to Equifax’s web server. They used their position to collect credentials, giving them unfettered access to back-end databases. Think of breaking into a building: It’s a lot easier to do so if residents leave a first-floor window unlocked and you manage to steal employee IDs.

From there, they feasted. The indictment alleges that the hackers first ran a series of SQL commands to find especially valuable data. Eventually, they located a repository of names, addresses, Social Security numbers, and birth dates. The DOJ says the interlopers ran 9,000 queries in all, not stopping until the end of July.

Amassing that much data is one thing; getting it out undetected is another. China’s hackers allegedly used a few techniques to maintain access to the motherlode.


According to the DOJ, they stored the stolen data in temporary files; especially large files they compressed and broke up into more manageable sizes. (At one point, the indictment says, they split an archive containing 49 directories into 600-megabyte chunks.) That kept their transmissions small enough to avoid suspicion. After they had exfiltrated the data, they deleted the compressed files to minimize the trail. It also helped that they were deep enough inside Equifax’s network that they could use the company’s existing encrypted communication channels to send their queries and commands. It all looked like normal network activity.

The indictment also details how the PLA team allegedly set up 34 servers across 20 countries to infiltrate Equifax, making it difficult to pinpoint them as a potential problem. They used encrypted login protocols to mask their involvement in those servers, and in at least one instance wiped a server’s log files every day. They were effectively ghosts.

Take one incident detailed by the DOJ: On July 6, 2017, one of the hackers accessed the Equifax network from a Swiss IP address. They then used a stolen username and password for a service account to get into an Equifax database. From there, they queried the database for Social Security numbers, full names, and addresses, and stored them in output files. They created a compressed file archive of the results, copied it to a different directory, and downloaded it. Data safely in hand, they then deleted the archive.

Repeat over the course of several weeks, and you wind up with 147.9 million people’s information allegedly in the hands of a foreign government.

While the operation had a certain degree of complexity, Equifax itself made their job much easier than it should have. It should have patched that initial Apache Struts vulnerability, for starters. And an FTC complaint from last summer also found that the company stored administrative credentials in an unsecured file in plaintext. It kept 145 million Social Security numbers and other consumer data in plaintext as well, rather than encrypting them. It failed to segment the databases, which would have limited the fallout. It lacked appropriate file integrity monitoring and used long-expired security certificates. The list goes on. Equifax didn't just let the alleged Chinese hackers into the vault; it left the skeleton key for every safe deposit box in plain sight.

“We are grateful to the Justice Department and the FBI for their tireless efforts in determining that the military arm of China was responsible for the cyberattack on Equifax in 2017,” Equifax CEO Mark Begor said in a statement. “It is reassuring that our federal law enforcement agencies treat cybercrime—especially state-sponsored crime—with the seriousness it deserves.”

"Our goal collectively here, aside from just being sure this doesn’t happen to us again, is really to help to the best degree possible to help reduce the likelihood that it’ll happen with other organizations," Jamil Farshchi, chief information security officer at Equifax, told WIRED.

Name Game

Some elements of the Equifax hack—particularly the role of the Apache Struts vulnerability—had been public for some time. But pinning the attack on China adds an important new dimension, both in terms of the Equifax incident itself and international relations.

The US and China have gone through a turbulent few years on the cybersecurity front. In 2014, the DOJ charged five members of the PLA with hacking crimes against US companies. The following year, the two countries signed what amounted to a digital truce, one that more or less held fast throughout the remainder of the Obama administration.

Recent years, though, have seen indications that the détente is unraveling. The Marriott and Anthem hacks both began in 2014, prior to the Obama truce. But China has of late increasingly focused on cyberattacks in service of corporate espionage. That includes compromising the CCleaner security tool to create a backdoor into enterprise networks, and using its APT10 hackers to infiltrate so-called Managed Service Providers as a springboard to dozens of vulnerable companies.


That aggression, combined with allegations of rampant intellectual property theft and an ongoing trade war, have further stressed the US-China relationship. Adding Equifax to the pile is uniquely troubling.

“This data has economic value, and these thefts can feed China’s development of artificial intelligence tools as well as the creation of intelligence targeting packages,” Barr said. “Our cases reveal a pattern of state-sponsored computer intrusion and thefts by China targeting trade secrets and confidential business information.”

Monday's announcement marks only the second time that the US has indicted Chinese military hackers by name. (Linked with China’s Ministry of State Security, APT10 is considered non-military.) The first time was in 2014. As then, and as has increasingly been the case with named Russian hackers in DOJ allegations, the step has potential downsides.

“I worry that the Chinese will engage in tit-for-tat behavior,” says former National Security Agency analyst Dave Aitel. “It would be good to have a clear signal in terms of doctrine.”

There’s also the practicality of ever bringing the accused to face justice, given that they’re Chinese citizens working in the service of that government. “Some might wonder what good it does when these hackers are seemingly beyond our reach,” FBI deputy director David Bowdich said at Monday’s press conference. “We’ll use our unique authorities, our experiences, and our capabilities, with the help of our partners both at home or abroad, to fight this threat each and every day, and will continue to do so.”

For victims of the Equifax hack—nearly half of all US citizen—the apparent revelation that China was behind it doesn’t change much unless you’re someone the country might target for intelligence-gathering purposes. Personally identifiable information is leverage, after all. But for most people, the playbook remains the same: Keep an eye on your accounts, and get your settlement money.

The real concern is more existential. It’s unclear the extent to which this will exacerbate already troubled relationships between two global powers. Regardless, it’s unsettling how seemingly easy it was to pull off a data heist of such unprecedented proportion.

“There's a lot of interesting, mind-bending stuff here,” says Aitel. “Like that it only took four people to gather the private information of half of the United States population.”

Additional reporting by Lily Hay Newman

Read more:

Continue Reading


Mark Zuckerberg: Facebook must accept some state regulation



Co-founder says site sits between telephone company and newspaper as content provider

Facebook must accept some form of state regulation, acknowledging its status as a content provider somewhere between a newspaper and a telephone company, its co-founder Mark Zuckerberg has said.

He also claimed an era of clean democratic elections, free of interference by foreign governments, is closer due to Facebook now employing 35,000 staff working on monitoring content and security.

He admitted Facebook had been slow to understand the scale of the problem of foreign interference. He also defended his company from claims that it is leading to political polarisation, saying its purpose is to bring communities together.

Speaking at the Munich Security Conference, an annual high-level gathering of politicians, diplomats and security specialists, Zuckerberg sought to dispel the notion that his company had undermined democracy, weakened the social fabric or contributed to the weakening of the west through spreading distrust.

He said he supported state regulations in four fields covering elections, political discourse, privacy and data portability. He said: We dont want private companies making so many decision-balancing social equities without democratic processes.

Zuckerberg, who is due to have fresh discussions with the EU commission regulators on Monday said, so long as enough people have weighed in to come up with an answer on regulation, the answer will not necessarily be right, but the process by which the decision is taken will in itself help build greater trust in the internet.

By contrast, he said authoritarian states were introducing highly controlled forms of internet that limited free expression. I do think that there should be regulation in the west on harmful content theres a question about which framework you use for this, Zuckerberg said during a question-and-answer session at the event.

Right now there are two frameworks that I think people have for existing industries theres newspapers and existing media, and then theres the telco-type model, which is the data just flows through you, but youre not going to hold a telco responsible if someone says something harmful on a phone line. I actually think where we should be is somewhere in between, he said.

He pointed out Facebook publishes 100bn pieces of content every day, adding: It is simply not possible to have some kind of human editor responsible to check each one.

Facebooks responsibility for its content was not analogous to that of a newspaper editor, he said. Without expanding, he said some kind of third regulatory structure was required settled somewhere between newspapers and telephones.

Denying Facebooks choice of content led to confirmatory bias by only giving its subscribers information with which they agree, he said: We try to show some balance of views.

The average Facebook subscriber has about 200 friends, most of whom share similar views. It is not a technology problem, it is a social affirmation problem, he argued. The choice of what you see is based on the balance of what you share, rather than by choosing what you see. If your cousin has had a baby we had better make sure that is near the top, he said.

He said his firm had been slow to see how foreign powers were interfering in elections, but Facebook was now spending an amount on security and content equivalent to the total value of the company in 2012, and claimed this massive effort was producing a greater understanding about how to protect the integrity of elections. Nearly 1m accounts had been taken down, he said.

But he warned new domestic actors, as well as foreign powers, were seeking to disrupt elections. The outside forces were also becoming more sophisticated in covering their tracks by pretending their messages were coming from a variety of IP addresses in different countries.

Facebook was also offering election campaigns a new free service where the candidate provides the internet details of its staff, and if one or more of the staff is hacked, the campaigns security can be increased to a higher state of protection.

He said the firm had shifted from a reactive to proactive model, so much so that 99% of terrorist content is taken down before any external complaint is made. In the case of hate speech, 80% of content is removed without notification, but Facebooks Artificial Intelligence was still struggling to distinguish the small nuances between content that was hate speech, or content that was condemning the hate speech, he said.

AAsked by Ronen Bergman of the New York Times about Facebook and WhatsApps lawsuit against Israeli spyware company NSO Group, Zuckerberg shrugged off the idea that the case could damage governments ability to work against terrorism. They can defend themselves in court if what they think is legal, he said, but our view is that people should not be trying to hack into software that billions of people around the world use to try to communicate securely.

Read more:

Continue Reading


No, Clearview AI’s creepy plan to spy on us is not ‘free speech’ | Jake Laperruque



This mass surveillance is misguided and sinister. We must push back before its too late

Law enforcement agencies around the world are enthusiastically adopting the services of Clearview AI, a tech company whose powerful software scrapes several billion open-source images for the purposes of facial recognition.

As the company confronts mounting criticism over its disturbing surveillance practices, its chief executive, Hoan Ton-That, is rolling out an audacious new defense: he claims that Clearviews practices are protected by the first amendment. Ton-Thats upside-down views of civil liberties are, it seems, just as Orwellian as his companys surveillance apparatus.

Fortunately, he is dead wrong. The constitution does not shield Clearview AI from accountability. We can, and must, pass laws to limit it and other facial recognition systems.

Facial recognition is extremely dangerous. It offers us the horrible choice between dysfunction and dystopia. On the one hand, studies have repeatedly shown that facial recognition can have serious accuracy problems, especially for people of color. Even when these systems do work, however, they give the government unprecedented power to catalog and track the activities and interactions of people everywhere. No wonder the technology is employed most frequently by authoritarian states like China, which reportedly uses facial recognition to spy on its persecuted Muslim minority.

The unrestricted use of facial recognition technology is clearly incompatible with a democratic society. The first amendment does not give companies the unassailable right to engage in speech that involves sending out the intimate details of our lives.

Laws have existed for decades which prevent companies from sharing sensitive user information for example, the Electronic Communications Privacy Act prohibits companies from voluntarily sharing the contents of our text messages or emails, except for narrow exceptions such as emergencies. Phone companies have long been prohibited from handing out or selling our phone records, and more recent rules similarly prohibit the sale of our phones GPS data (although lax FCC enforcement has caused serious harm).

Just because images or information were hypothetically obtained from public sources doesnt totally nullify our right to privacy. The supreme court recently ruled that the fourth amendment bars the police from tracking our cellphone locations without a warrant, even when you are traveling in public. And just as the fourth amendment already protects us from warrantless cellphone tracking, future laws can guard us from facial recognition surveillance technologies that effortlessly catalog our location in much the same way.

Ton-That specifically defended his companys ability to scrape our public photos off social media. Web scraping isnt always bad academics, researchers, and journalists all employ scraping in highly beneficial ways. But we dont need to totally ban scraping in order to stop bad actors like Clearview AI. We can enact policies that limit how our personal data is shared and used.

We must pass laws that restrict facial recognition technologies, both in the private sector and when used by government. Attempts to defend mass surveillance under the auspices of free speech are misguided at best and sinister at worst. All Americans should push back.

  • Jake Laperruque is senior counsel at the Project on Government Oversights Constitution Project

Read more:

Continue Reading