New Report Exposes “Patient Advocacy” Groups as a Big Pharma Scam
David Dayen Dec. 2
The Project on Government Oversight finds that almost all patient advocacy groups engaged in the FDA agency review processes for prescription drugs received funding from pharmaceutical companies.
Big Pharma ビッグ・ファーマ、巨大医薬品企業 The Project on Government Oversight 『政府監視プロジェクト』? patient advocacy group 患者擁護団体、患者会 FDA 【略】=Food and Drug Administration 《米》食品医薬品局 ◆厚生省の一局で、食料品、医薬品、化粧品の検査や取り締まり、認可などを行う。 review process 審査過程? prescription drug 処方薬
Apple, Google and Others at Trump Tech Summit Have Stashed $560 Billion in Profits Overseas
Jon Schwarz December 16 2016, 7:13?a.m.
U.S.-based multinationals are currently holding $2.4 trillion in profits overseas to avoid paying taxes on them. Remarkably enough, the 11 technology companies represented at Wednesday’s summit with President-elect Donald Trump at Trump Tower in New York account for about one-quarter of that total - a staggering $560 billion - all by themselves.
So while some among the technology industry made muted sounds about refusing to attend a summit with someone who so flagrantly violates tech’s supposed values, they were never going to follow through: Trump is worth far much too much money to them. (以下略)
Tech Money Lurks Behind Government Privacy Conference
Sam Biddle Sep. 16 2016, 3:52 a.m.
In January, academic-turned-regulator Lorrie Cranor gave a presentation and provided the closing remarks at PrivacyCon, a Federal Trade Commission event intended to “inform policymaking with research,” as she put it. Cranor, the FTC’s chief technologist, neglected to mention that over half of the researchers who presented that day had received financial support from Google - hardly a neutral figure in the debate over privacy. Cranor herself got an “unrestricted gift” of roughly $350,000 from the company, according to her CV.
Virtually none of these ties were disclosed, so Google’s entanglements at PrivacyCon were not just extensive, they were also invisible. The internet powerhouse is keenly interested in influencing a lot of government activity, including antitrust regulation, telecommunications policy, copyright enforcement, online security, and trade pacts, and to advance that goal, has thrown around a lot of money in the nation’s capital. Ties to academia let Google attempt to sway power less directly, by giving money to university and graduate researchers whose work remains largely within academic circles - until it gains the audience of federal policymakers, as at PrivacyCon.
Dispatches News Awards for 2016 https://dispatchesfromtheedgeblog.wordpress.com/
Each year Dispatches From the Edge gives awards to individuals, companies and governments that make reading the news a daily adventure. Here are the awards for 2016.
Kamala Harris Fails to Explain Why She Didn’t Prosecute Steven Mnuchin’s Bank
David Dayen 6:19 a.m.
The former California attorney general, now a U.S. senator, wouldn't say why she didn't prosecute the bank owned by Trump's treasury secretary nominee.
Homeland Security Pick Gen. John Kelly Fails to Disclose Ties to Defense Contractors
Lee Fang Jan. 18
Last week, we reported that Kelly didn't disclose he was vice chairman at the Spectrum Group. Now we've found him listed on the boards of two defense contractors he didn't disclose either.
Donald Trump Puts Coal Lobbyist in Charge of Prosecuting Environmental Crimes
Lee Fang 5:07 a.m.
Up until last week, Jeffery H. Wood was a lobbyist for Southern Company, a utility company that heavily relies on coal-fueled power plants and has clashed with regulators.
With few exceptions, the most influential players in Silicon Valley failed to say anything of substance against Trump's Muslim immigration ban or do anything about it.
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
・"zero day" exploit 「ゼロデイ」とは「ソフトウエアの不具合や欠陥で、まだ修正プログラムが提供 されていない段階」のことらしい。 zero day exploit(ゼロデイエクスプロイト)は、定義がまだ確立していない模様。 ゼロデイの段階の「欠陥・脆弱性」を意味するとするサイトもあれば、ゼロデイの 段階で、その欠陥・脆弱性を悪用した「攻撃」の意とするサイトもあります。
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include Apple's iPhone, Google's Android and Microsoft's Windows and even Samsung TVs, which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force --- its own substantial fleet of hackers. The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Julian Assange, WikiLeaks editor stated that "There is an extreme proliferation risk in the development of cyber 'weapons'. Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade. But the significance of "Year Zero" goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."
Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.
Wikileaks has also decided to redact and anonymise some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.
訳注 ・原文の in depth analysis は通常 in-depth analysis と表現される。おそらく 単なるミス。 ・同じく ten of thousands of も tens of thousands of の間違いであろう。 ・attack machines の正確な意味はよくわからない。取りあえず「攻撃メンバー」と しておいたが、間違っているかもしれない。後で訂
Vault 7: CIA Hacking Tools Revealed https://wikileaks.org/ciav7p1/ の中の Analysis と題するセクション中の一節
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS. After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
訳注 ・MI5は英国の諜報機関の一つ。「軍事情報活動第5部」(英辞郎)、「秘密情報部」 (ウィキペディア)、「英国諜報部第5部」(Weblio辞書)等、表記が定まっていない。 ・BTSS は British Security Service の略語であるらしいが、MI5との関係は 今一つよくわからない。
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
・「モバイル開発部」は仮訳。 ・原文中の "zero days" とは、複数形になっていることから考えて、上に出た zero day exploits のことであろう。そして、この場合の zero day exploits は、 おそらく「ゼロデイの段階で、その欠陥・脆弱性を悪用した攻撃をするマルウェア」 の意と思われます。>>31の訳注を参照。 ・GCHQ(英政府通信部)は英国の諜報機関。
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (〜85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. "Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
>>62 cloakman(真ん中のcなしで)という表記もあるようですね。cloak(cloakはマント、マントで 姿が見えない=暗号化?)という単語はあるのでこっちが正しいのかもしれません。検索しても よくわからなかったけど、これもメッセージアプリのようです。こんな記述がありました。 Assange claimed that the CIA can bypass encryption in popular messaging programs such as Cloakman, Confide, Weibo, Telegram, Signal and WhatsApp. Weiboまでメッセージアプリに含めてるのでなんとも言えないけど。
they run on のtheyは訳ではThese techniquesを指しているよう見えるけど、WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman などのアプリのことを指してるんじゃないですかね。
they run on の they はおいらも WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman と解釈。 「これらの(暗号化機能が搭載されている)アプリを使用しているスマートフォン」 ということでしょうが、これでは長ったらしいので簡略化した。 「これらの暗号化機能を搭載したスマートフォン」で訳としては十分だと思う。
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( "Brutal Kangaroo") and to keep its malware infestations going.
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section below.
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers. []
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability. If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities. The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts. The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability. As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers. By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone &mdsh; at the expense of leaving everyone hackable.
