Latest
Police seize on COVID-19 tech to expand global surveillance
Published
2 years agoon
Huizhong Wu
China correspondent based in Taiwan
Huizhong_Wu
By GARANCE BURKE, JOSEF FEDERMAN, HUIZHONG WU, KRUTIKA PATHI and ROD McGUIRK
December 20, 2022 GMT
JERUSALEM (AP) — Majd Ramlawi was serving coffee in Jerusalem’s Old City when a chilling text message appeared on his phone.
“You have been spotted as having participated in acts of violence in the Al-Aqsa Mosque,” it read in Arabic. “We will hold you accountable.”
Ramlawi, then 19, was among hundreds of people who civil rights attorneys estimate got the text last year, at the height of one of the most turbulent recent periods in the Holy Land. Many, including Ramlawi, say they only lived or worked in the neighborhood, and had nothing to do with the unrest. What he didn’t know was that the feared internal security agency, the Shin Bet, was using mass surveillance technology mobilized for coronavirus contact tracing, against Israeli residents and citizens for purposes entirely unrelated to COVID-19.
In the pandemic’s bewildering early days, millions worldwide believed government officials who said they needed confidential data for new tech tools that could help stop coronavirus’ spread. In return, governments got a firehose of individuals’ private health details, photographs that captured their facial measurements and their home addresses.
Now, from Beijing to Jerusalem to Hyderabad, India, and Perth, Australia, The Associated Press has found that authorities used these technologies and data to halt travel for activists and ordinary people, harass marginalized communities and link people’s health information to other surveillance and law enforcement tools. In some cases, data was shared with spy agencies. The issue has taken on fresh urgency almost three years into the pandemic as China’s ultra-strict zero-COVID policies recently ignited the sharpest public rebuke of the country’s authoritarian leadership since the pro-democracy protests in Tiananmen Square in 1989.
For more than a year, AP journalists interviewed sources and pored over thousands of documents to trace how technologies marketed to “flatten the curve” were put to other uses. Just as the balance between privacy and national security shifted after the Sept. 11 terrorist attacks, COVID-19 has given officials justification to embed tracking tools in society that have lasted long after lockdowns.
“Any intervention that increases state power to monitor individuals has a long tail and is a ratcheting system,” said John Scott-Railton, a senior researcher at the Toronto-based internet watchdog Citizen Lab. “Once you get it, is very unlikely it will ever go away.”
CODE RED
In China, the last major country in the world to enforce strict COVID-19 lockdowns, citizens have been required to install cell-phone apps to move about freely in most cities. Drawing from telecommunications data and PCR test results, the apps produce individual QR codes that change from green to yellow or red, depending on a person’s health status.
The apps and lockdowns are part of China’s sweeping pandemic prevention policies that have pushed the public to a breaking point. When an apartment fire in Urumqi last month left at least 10 dead, many blamed zero-tolerance COVID policies. That sparked demonstrations in major cities nationwide, the largest display of defiance in decades, after which the government announced it would only check health codes in “special places,” such as schools, hospitals and nursing homes.
Last week, the government went further, saying it would shut down a national-level health code to ease travel between provinces. But cities and provinces have their own codes, which have been more dominant. In Beijing last week, restaurants, offices, hotels and gyms were still requiring local codes for entry.
Over the past few years, Chinese citizens have needed a green code to board domestic flights or trains, and in some cities even to enter the supermarket or to get on a bus. If they were found to have been in close contact with someone who tested positive for COVID-19, or if the government imposed a local quarantine, the code would turn red, and they were stuck at home.
There’s evidence that the health codes have been used to stifle dissent.
______
This story, supported by the Pulitzer Center on Crisis Reporting, is part of an ongoing Associated Press series, “Tracked,” that investigates the power and consequences of decisions driven by algorithms on people’s everyday lives.
_____
In early September, former wealth manager Yang Jiahao bought a train ticket to Beijing, where he planned to lodge various complaints with the central government. The night before, a woman he described as a handler invited him to dinner. Handlers are usually hired by state security as part of “stability maintenance” operations and can require people to meet or travel when authorities worry they could cause trouble. Yang had a meal with the handler, and the next morning Guangzhou health authorities reported a COVID-19 case less than a kilometer from where they dined, he said.
Based on city regulations, Yang’s code should have turned yellow, requiring him to take a few COVID tests to show he was negative.
Instead, the app turned red, even though tests showed that he didn’t have COVID. Yang was ordered to quarantine and a paper seal was placed on his door.
“They can do whatever they want,” he said.
An officer at the Huangcun station of the Guangzhou police referred comment to city-level authorities on Yang’s case, saying he required proof that the caller was from AP. Guangzhou’s Public Security Bureau and the city’s Center for Disease Control and Prevention did not respond to faxed requests for comment.
In another show of how the apps can control lives, in June, a group of bank customers were effectively corralled by the health codes when they tried going to Henan’s provincial capital in Zhengzhou to protest being unable to access their online bank accounts.
A notice said the problem was due to a system upgrade. But the customers soon found out the real reason: a police investigation into stockholders in the parent bank had rendered 40 billion yuan in funds inaccessible, according to local media reports. Frustrated after months of complaints, a group of customers decided to hold a protest in Zhengzhou at the provincial banking commission.
Customer Xu Zhihao uploaded his itinerary to get the Henan province health code after he tested negative for COVID-19 in his coastal city of Tianjin, just south of Beijing. As he got off the train in Zhengzhou, Xu was asked to scan his QR code at the station, and immediately it turned red. The train station employee called security and took him to a police booth.
Xu said police took him to the basement to quarantine. Three other people joined him, and all four realized that they had come to get their money back.
“They had set the net in place, waiting for us,” Xu said.
From a group chat, Xu and others learned that many protesters had met a similar fate, at the high-speed rail train station, at the airport and even on the highway. A government inquiry later found that red codes were given to 1,317 people, many of whom had planned to protest.
China’s National Health Commission, which has led the COVID response, did not reply to a fax requesting comment. The Henan provincial government did not respond either.
Even after China ends lockdowns, some dissidents and human rights activists predict the local-level health codes will stay on as a technological means of social control. Early on, provinces didn’t share data, but in the past few years, that has changed.
Some provincial governments have created local apps that can link health, location and even credit information, which leaves open the possibility for these apps or the national databases they draw from to be used to monitor people in the future, according to an AP review of procurement documents, research and interviews. Xu and Yang, for instance, were both stopped in their tracks by local health codes.
In February, police in northeastern Heilongjiang province sought to upgrade their local health code so they could search PCR test results for anyone in China, in real time, according to procurement documents provided exclusively by ChinaFile, a digital magazine published by the Asia Society. A company whose parent is government-owned won the non-competitive bid to connect that app to a national database of PCR data run by the State Council, China’s Cabinet, fulfilling a national directive, the documents show. The same company, Beijing Beiming Digital Technology, also claims on its website that it has developed more than 30 pandemic apps.
“It’s the governance model, the philosophy behind it is to strengthen social control through technology. It’s strengthened by the health app, and it’s definitely going to stay after COVID is over,” said Yaqiu Wang, a senior researcher with Human Rights Watch. “I think it’s very, very powerful.”
“THERE ARE TWO SETS OF LAWS”
In Jerusalem’s Old City, tourists sipping fresh pomegranate juice, worshippers and locals taking a shortcut home are all monitored by Israeli security forces holding automatic weapons. The labyrinth of cavernous pathways is also lined with CCTV cameras and what authorities have described as “advanced technologies.”
After clashes in May 2021 at the Al-Aqsa Mosque helped trigger an 11-day war with Hamas militants in the Gaza Strip, Israel experienced some of the worst violence in years. Police lobbed stun grenades into the disputed compound known to Jews as the Temple Mount, home to Al-Aqsa, Islam’s third-holiest site, as Palestinian crowds holed up inside hurling stones and firebombs at them.
By that time, Israelis had become accustomed to police showing up outside their homes to say they weren’t observing quarantine and knew that Israel’s Shin Bet security agency was repurposing phone surveillance technology it had previously used to monitor militants inside Palestinian territories. The practice made headlines at the start of the pandemic when the Israeli government said it would be deployed for COVID-19 contact tracing.
A year later, the Shin Bet quietly began using the same technology to send threatening messages to Israel’s Arab citizens and residents whom the agency suspected of participating in violent clashes with police. Some of the recipients, however, simply lived or worked in the area, or were mere passers-by.
Ramlawi’s coffeeshop sits in the ornate Cotton Merchant’s Market outside the mosque compound, an area lined with police and security cameras that likely would have identified the barista had he participated in violence.
Although Ramlawi deleted the message and hasn’t received a similar one since, he said the thought of his phone being used as a monitoring tool still haunts him.
“It’s like the government is in your bag,” said Ramlawi, who worries that surveillance enabled to stop COVID-19 poses a lasting menace for east Jerusalem residents. “When you move, the government is with you with this phone.”
The Shin Bet’s domestic use of the technology has generated an uproar over privacy and civil liberties within Israel, as well as questions about its accuracy. The Ministry of Communications, which oversees Israel’s telecommunications companies, refused a request seeking further details submitted for AP by the Movement for Freedom of Information, a nonprofit that frequently works with media organizations.
Gil Gan-Mor, an attorney with the nonprofit Association for Civil Rights in Israel, estimates that hundreds of Arabs in Jerusalem received the threatening message during the unrest and said the mass text message blast was unprecedented.
“You cannot just say to people, ‘We are watching you … and we will get revenge,” he said. “You cannot use this tool to frighten people. If you have something against someone, you can put them on trial.’”
After Gan-Mor’s organization sued, Shin Bet made no apologies.
“There was a clear security need to send an urgent message to a very large number of people, all of whom had a credible suspicion of being involved in performing violent crimes,” the agency said in a legal filing last year. The filing, signed by “Daniella B.,” the Shin Bet’s legal adviser for the Jerusalem district, also acknowledged that “lessons were learned.”
In February, Israel’s attorney general upheld the continued use of the technology, saying it was a legitimate security tool, while acknowledging glitches in the system and that messages were distributed to a small number of unintended targets. Israel’s Supreme Court is now reviewing the matter.
Sami Abu Shehadeh, a former Arab lawmaker who served in Israel’s parliament at the time Shin Bet sent its warning texts, said the messages demonstrate the broader struggles of Israel’s 20% Arab minority.
“The state does not deal with us as citizens,” he said. “There are two sets of laws — one for Jews and one for Arabs.”
‘360 DEGREE SURVEILLANCE’
Technologies designed to combat COVID-19 were redirected by law enforcement and intelligence services in other democracies as governments expanded their digital arsenals amid the pandemic.
In India, facial recognition and artificial intelligence technology exploded after Prime Minister Narendra Modi’s right-wing Hindu nationalist Bharatiya Janata Party swept into power in 2014, becoming a tool for police to monitor mass gatherings. The country is seeking to build what will be among the world’s largest facial recognition networks.
As the pandemic took hold in early 2020, state and central governments tasked local police with enforcing mask mandates. Fines of up to $25, as much as 12 days’ pay for some laborers and unaffordable for the nearly 230 million people estimated to be living in poverty in India, were introduced in some places.
In the south-central city of Hyderabad, police started taking pictures of people flaunting the mask mandate or simply wearing masks haphazardly.
Police Commissioner C.V. Anand said the city has spent hundreds of millions of dollars in recent years on patrol vehicles, CCTV cameras, facial recognition and geo-tracking applications and several hundred facial recognition cameras, among other technologies powered by algorithms or machine learning. Inside Hyderabad’s Command and Control Center, officers showed an AP reporter how they run CCTV camera footage through facial recognition software that scans images against a database of offenders.
“When (companies) decide to invest in a city, they first look at the law-and-order situation,” Anand said, defending the use of such tools as absolutely necessary. “People here are aware of what the technologies can do, and there is wholesome support for it.”
By May 2020, the police chief of Telangana state tweeted about his department rolling out AI-based software using CCTV to zero-in on people not wearing masks. The tweet included photos of the software overlaying colored rectangles on the maskless faces of unsuspecting locals.
More than a year later, police tweeted images of themselves using hand-held tablets to scan people’s faces using facial recognition software, according to a post from the official Twitter handle of the station house officer in the Amberpet neighborhood.
Police said the tablets, which can take ordinary photographs or link them to a facial recognition database of criminals, were a useful way for officers to catch and fine mask offenders.
“When they see someone not wearing a mask, they go up to them, take a photo on their tablet, take down their details like phone number and name,” said B Guru Naidu, an inspector in Hyderabad’s South Zone.
Officers decide who they deem suspicious, stoking fears among privacy advocates, some Muslims and members of Hyderabad’s lower-caste communities.
“If the patrolling officers suspect any person, they take their fingerprints or scan their face – the app on the tablet will then check these for any past criminal antecedents,” Naidu said.
S Q Masood, a social activist who has led government transparency campaigns in Hyderabad, sees more at stake. Masood and his father-in-law were seemingly stopped at random by police in Shahran market, a predominantly Muslim area, during a COVID-19 surge last year. Masood said officers told him to remove his mask so they could photograph him with a tablet.
“I told them I won’t remove my mask. They then asked me why not, and I told them I will not remove my mask.” He said they photographed him with it in place. Back home, Masood went from bewildered to anxious: Where and how was this photo to be used? Would it be added to the police’s facial recognition database?
Now he’s suing in the Telangana High Court to find out why his photo was taken and to limit the widespread use of facial recognition. His case could set the tone for India’s growing ambition to combine emerging technology with law enforcement in the world’s largest democracy, experts said.
India lacks a data protection law and even existing proposals won’t regulate surveillance technologies if they become law, said Apar Gupta, executive director of the New Delhi-based Internet Freedom Foundation, which is helping to represent Masood.
Police responded to Masood’s lawsuit and denied using facial recognition in his case, saying that his photograph was not scanned against any database and that facial recognition is only used during the investigation of a crime or suspected crime, when it can be run against CCTV footage.
In two separate AP interviews, local police demonstrated both how the TSCOP app carried by police on the street can compare a person’s photograph to a facial recognition database of criminals, and how from the Command and Control Center police can use facial recognition analysis to compare stored mugshots of criminals to video gathered from CCTV cameras.
Masood’s lawyers are working on a response and awaiting a hearing date.
Privacy advocates in India believe that such stepped-up actions under the pandemic could enable what they call 360 degree surveillance, under which things like housing, welfare, health and other kinds of data are all linked together to create a profile.
“Surveillance today is being posed as a technological panacea to large social problems in India, which has brought us very close to China,” Gupta said. “There is no law. There are no safeguards. And this is general purpose deployment of mass surveillance.”
‘THE NEW NORMAL’
What use will ultimately be made of the data collected and tools developed during the height of the pandemic remains an open question. But recent uses in Australia and the United States may offer a glimpse.
During two years of strict border controls, Australia’s conservative former Prime Minister Scott Morrison took the extraordinary step of appointing himself minister of five departments, including the Department of Health. Authorities introduced both national and state-level apps to notify people when they had been in the vicinity of someone who tested positive for the virus.
But the apps were also used in other ways. Australia’s intelligence agencies were caught “incidentally” collecting data from the national COVIDSafe app. News of the breach surfaced in a November 2020 report by the Inspector-General of Intelligence and Security, which said there was no evidence that the data was decrypted, accessed or used. The national app was canceled in August by a new administration as a waste of money: it had identified only two positive COVID-19 cases that wouldn’t have been found otherwise.
At the local level, people used apps to tap their phones against a site’s QR code, logging their individual ID so that if a COVID-19 outbreak occurred, they could be contacted. The data sometimes was used for other purposes. Australian law enforcement co-opted the state-level QR check-in data as a sort of electronic dragnet to investigate crimes.
After biker gang boss Nick Martin was shot and killed at a speedway in Perth, police accessed QR code check-in data from the health apps of 2,439 drag racing fans who attended the December 2020 race. It included names, phone numbers and arrival times.
Police accessed the information despite Western Australia Premier Mark McGowan’s promise on Facebook that the COVID-related data would only be accessible to contact-tracing personnel at the Department of Health. The murder was eventually solved using entirely traditional policing tactics, including footprint matching, cellphone tracking and ultimately a confession.
Western Australia police didn’t respond to requests for comment. Queensland and Victoria law enforcement also sought the public’s QR check-in data in connection with investigations. Police in both states did not address AP questions regarding why they sought the data, and lawmakers in Queensland and Victoria have since tightened the rules on police access to QR check-in information.
In the U.S., which relied on a hodge-podge of state and local quarantine orders to ensure compliance with COVID rules, the federal government took the opportunity to build out its surveillance toolkit, including two contracts in 2020 worth $24.9 million to the data mining and surveillance company Palantir Technologies Inc. to support the U.S. Department of Health and Human Services’ pandemic response. Documents obtained by the immigrant rights group Just Futures Law under the Freedom of Information Act and shared with AP showed that federal officials contemplated how to share data that went far beyond COVID-19.
The possibilities included integrating “identifiable patient data,” such as mental health, substance use and behavioral health information from group homes, shelters, jails, detox facilities and schools. The U.S. Centers for Disease Control does not use any of that individual-level information in the platform CDC now manages, said Kevin Griffis, a department spokesman. Griffis said he could not comment on discussions that occurred under the previous administration.
The protocols appeared to lack information safeguards or usage restrictions, said Paromita Shah, Just Futures Law’s executive director.
“What the pandemic did was blow up an industry of mass collection of biometric and biographical data,” Shah said. “So, few things were off the table.”
Last year, the U.S. Centers for Disease Control purchased detailed cellphone location data revealing people’s daily whereabouts, nationwide. “Mobility insights” data from at least 20 million devices could be used to “project how much worse things would have been without the bans,” such as stay-at-home orders and business closures, according to a July 2021 contract obtained by the nonprofit group Tech Inquiry and shared with AP.
The contract shows data broker Cuebiq provided a “device ID,” which typically ties information to individual cell phones. The CDC also could use the information to examine the effect of closing borders, an emergency measure ordered by the Trump administration and continued by President Joe Biden, despite top scientists’ objections that there was no evidence the action would slow the coronavirus.
CDC spokeswoman Kristen Nordlund said the agency acquired aggregated, anonymous data with extensive privacy protections for public health research, but did not address questions about whether the agency was still using the data. Cuebiq did not immediately respond to a request for comment.
For Scott-Railton, that sets a dangerous precedent.
“What COVID did was accelerate state use of these tools and that data and normalize it, so it fit a narrative about there being a public benefit,” he said. “Now the question is, are we going to be capable of having a reckoning around the use of this data, or is this the new normal?”
___
Former AP video journalist Rishabh R. Jain contributed to this report from Hyderabad, India. AP staffers Lori Hinnant contributed from Paris; Maria Verza from Mexico City; Astrid Suarez from Bogotá, Colombia; Edna Tarigan from Jakarta, Indonesia; Tong-hyung Kim from Seoul, South Korea; and Eileen Ng from Singapore. Daria Litvinova and retired Associated Press Afghanistan and Pakistan Bureau Chief Kathy Gannon also contributed. Deputy Editor of The Mail & Guardian Athandiwe Saba assisted from Johannesburg. Burke reported from San Francisco; Federman from Jerusalem; McGuirk from Canberra, Australia; Pathi from Hyderabad, India; and Wu from Taipei, Taiwan.
___
This reporting was produced in collaboration with researcher Avani Yadav with support from the Human Rights Center Investigations Lab at the University of California, Berkeley. It was partially supported by the Starling Lab for Digital Integrity, co-founded by the University of Southern California and Stanford University, where Burke was a journalism fellow.
___
Follow Garance Burke on Twitter at @garanceburke. Contact AP’s global investigative team at Investigative@ap.org or https://www.ap.org/tips/
Latest
How a faulty CrowdStike update crashed computers around the world
Published
2 months agoon
July 20, 2024
Airlines, banks, hospitals and other risk-averse organizations around the world chose cybersecurity company CrowdStrike to protect their computer systems from hackers and data breaches.
But all it took was one faulty CrowdStrike software update to cause global disruptions Friday that grounded flights, knocked banks and media outlets offline, and disrupted hospitals, retailers and other services.
“This is a function of the very homogenous technology that goes into the backbone of all of our IT infrastructure,” said Gregory Falco, an assistant professor of engineering at Cornell University. “What really causes this mess is that we rely on very few companies, and everybody uses the same folks, so everyone goes down at the same time.”
The trouble with the update issued by CrowdStrike and affecting computers running Microsoft’s Windows operating system was not a hacking incident or cyberattack, according to CrowdStrike, which apologized and said a fix was on the way.
But it wasn’t an easy fix. It required “boots on the ground” to remediate, said Gartner analyst Eric Grenier.
“The fix is working, it’s just a very manual process and there’s no magic key to unlock it,” Grenier said. “I think that is probably what companies are struggling with the most here.”
While not everyone is a client of CrowdStrike and its platform known as Falcon, it is one of the leading cybersecurity providers, particularly in transportation, healthcare, banking and other sectors that have a lot at stake in keeping their computer systems working.
“They’re usually risk-averse organizations that don’t want something that’s crazy innovative, but that can work and also cover their butts when something goes wrong. That’s what CrowdStrike is,” Falco said. “And they’re looking around at their colleagues in other sectors and saying, ‘Oh, you know, this company also uses that, so I’m gonna need them, too.’”
Worrying about the fragility of a globally connected technology ecosystem is nothing new. It’s what drove fears in the 1990s of a technical glitch that could cause chaos at the turn of the millennium.
“This is basically what we were all worried about with Y2K, except it’s actually happened this time,” wrote Australian cybersecurity consultant Troy Hunt on the social platform X.
Across the world Friday, affected computers were showing the “blue screen of death” — a sign that something went wrong with Microsoft’s Windows operating system.
But what’s different now is “that these companies are even more entrenched,” Falco said. “We like to think that we have a lot of players available. But at the end of the day, the biggest companies use all the same stuff.”
Founded in 2011 and publicly traded since 2019, CrowdStrike describes itself in its annual report to financial regulators as having “reinvented cybersecurity for the cloud era and transformed the way cybersecurity is delivered and experienced by customers.” It emphasizes its use of artificial intelligence in helping to keep pace with adversaries. It reported having 29,000 subscribing customers at the start of the year.
The Austin, Texas-based firm is one of the more visible cybersecurity companies in the world and spends heavily on marketing, including Super Bowl ads. At cybersecurity conferences, it’s known for large booths displaying massive action-figure statues representing different state-sponsored hacking groups that CrowdStrike technology promises to defend against.
CrowdStrike CEO George Kurtz is among the most highly compensated in the world, recording more than $230 million in total compensation in the last three years. Kurtz is also a driver for a CrowdStrike-sponsored car racing team.
After his initial statement about the problem was criticized for lack of contrition, Kurtz apologized in a later social media post Friday and on NBC’s “Today Show.”
“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” he said on X.
Richard Stiennon, a cybersecurity industry analyst, said this was a historic mistake by CrowdStrike.
“This is easily the worst faux pas, technical faux pas or glitch of any security software provider ever,” said Stiennon, who has tracked the cybersecurity industry for 24 years.
While the problem is an easy technical fix, he said, it’s impact could be long-lasting for some organizations because of the hands-on work needed to fix each affected computer. “It’s really, really difficult to touch millions of machines. And people are on vacation right now, so, you know, the CEO will be coming back from his trip to the Bahamas in a couple of weeks and he won’t be able to use his computers.”
Stiennon said he did not think the outage revealed a bigger problem with the cybersecurity industry or CrowdStrike as a company.
“The markets are going to forgive them, the customers are going to forgive them, and this will blow over,” he said.
Forrester analyst Allie Mellen credited CrowdStrike for clearly telling customers what they need to do to fix the problem. But to restore trust, she said there will need to be a deeper look at what occurred and what changes can be made to prevent it from happening again.
“A lot of this is likely to come down to the testing and software development process and the work that they’ve put into testing these kinds of updates before deployment,” Mellen said. “But until we see the complete retrospective, we won’t know for sure what the failure was.”
___
Associated Press writer Alan Suderman in Richmond, Virginia, contributed to this report.
Business
Worldwide IT outage: Airlines rush to get back on track
Published
2 months agoon
July 20, 2024
Transport providers, businesses and governments on Saturday are rushing to get all their systems back online after long disruptions following a widespread technology outage.
The biggest continuing effect has been on air travel. Carriers canceled thousands of flights on Friday and now have many of their planes and crews in the wrong place, while airports facing continued problems with checking in and security.
At the heart of the massive disruption is CrowdStrike, a cybersecurity firm that provides software to scores of companies worldwide. The company says the problem occurred when it deployed a faulty update to computers running Microsoft Windows, noting that the issue behind the outage was not a security incident or cyberattack.
Here’s the Latest:
Microsoft: 8.5 million devices on its Windows system were affected
Microsoft says 8.5 million devices running its Windows operating system were affected by a faulty cybersecurity update Friday that led to worldwide disruptions.
A Saturday blog post from Microsoft was the first estimate of the scope of the disruptions caused by cybersecurity firm CrowdStrike’s software update.
“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines,” said the blog post from Microsoft cybersecurity executive David Weston.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.”
Weston said such a significant disturbance is rare but “demonstrates the interconnected nature of our broad ecosystem.” Windows is the dominant operating system for personal computers around the world.
Austrian doctors’ group calls for better data protection for patients
In Austria, a leading doctors organization said the global IT outage exposed the vulnerability of health systems reliant on digital systems.
“Yesterday’s incidents underscore how important it is for hospitals to have analogue backups” to safeguard patient care, Harald Mayer, vice president of the Austrian Chamber of Doctors, said in a statement on the organization’s website.
The organization called on governments to impose high standards in patient data protection and security and on health providers to train staff and put systems in place to manage crises.
“Happily, where there were problems, these were kept small and short-lived and many areas of care were unaffected” in Austria, Mayer said.
Germany warns of scams after major IT outage
BERLIN — The German government’s IT security agency says numerous companies are still struggling with the consequences of a far-reaching technology outage.
“Many business processes and procedures have been disturbed by the breakdown of computer systems,” the BSI agency said on its website.
But the agency also said Saturday that many impacted areas have returned to normal.
It warned that cybercriminals were trying to take advantage of the situation through phishing, fake websites and other scams and that “unofficial” software code was in circulation.
The agency said it was not yet clear how faulty code ended up in the CrowdStrike software update blamed for triggering the outage.
European airports appear to be close to normal
LONDON — Europe’s busiest airport, Heathrow, said it is busy but operating normally on Saturday. The airport said in a statement that “all systems are back up and running and passengers are getting on with their journeys smoothly.“
Some 167 flights scheduled to depart from U.K. airports on Friday were canceled, while 171 flights due to land were axed.
Meanwhile, flights at Berlin Airport were departing on or close to schedule, German news agency dpa reported, citing an airport spokesman.
Nineteen flights took off in the early hours of Saturday after authorities exempted them from the usual ban on night flights.
On Friday, 150 of the 552 scheduled inbound and outbound flights at the airport were canceled over the IT outage, disrupting the plans of thousands of passengers at the start of the summer vacation season in the German capital.
German hospital slowly restoring its systems after widespread cancellations
BERLIN — The Schleswig-Holstein University Hospital in northern Germany, which on Friday canceled all elective surgery because of the global IT outage, said Saturday that it was gradually restoring its systems.
In a statement on its website, it forecast that operations at its two branches in Kiel and Luebeck would return to normal by Monday and that “elective surgery can take place as planned and our ambulances can return to service.”
Britain’s transport system still trying to get back on track
LONDON — Britain’s travel and transport industries are struggling to get back on schedule after the global security outage with airline passengers facing cancellations and delays on the first day of summer holidays for many school pupils.
Gatwick Airport said “a majority” of scheduled flights were expected to take off. Manchester Airport said passengers were being checked in manually and there could be last-minute cancellations.
The Port of Dover said it was seeing an influx of displaced air passengers, with hourlong waits to enter the port to catch ferries to France.
Meanwhile, Britain’s National Cyber Security Center warned people and businesses to be on the lookout for phishing attempts as “opportunistic malicious actors” try to take advantage of the outage.
The National Cyber Security Center’s former head, Ciaran Martin, said the worst of the crisis was over, “because the nature of the crisis is that it went very wrong very quickly. It was spotted quite quickly and essentially it was turned off.”
He told Sky News that some businesses would be able to get back to normal very quickly, but for sectors such as aviation it would take longer.
“If you’re in aviation, you’ve got people, planes and staffs all stranded in the wrong place… So we are looking at days. I’d be surprised if we’re looking at weeks.”
Germany airline expects most of its flights to run normally
BERLIN — Eurowings, a budget subsidiary of Lufthansa, said it expected to return to “largely scheduled” flight operations on Saturday.
On Friday, the global IT outage had forced the airline to cancel about 20% of its flights, mostly on domestic routes. Passengers were asked to take trains instead.
“Online check-in, check-in at the airport, boarding processes, booking and rebooking flights are all possible again,” the airline said Saturday on X. “However, due to the considerable extent of the global IT disruption there may still be isolated disruptions” for passengers, it said.
Delta Air Lines and its regional affiliates have canceled hundreds of flights
DALLAS — Delta Air Lines and its regional affiliates canceled more than a quarter of their schedule on the East Coast by midafternoon Friday, aviation data provider Cirium said.
More than 1,100 flights for Delta and its affiliates have been canceled.
United and United Express had canceled more than 500 flights, or 12% of their schedule, and American Airlines’ network had canceled 450 flights, 7.5% of its schedule.
Southwest and Alaska do not use the CrowdStrike software that led to the global internet outages and had canceled fewer than a half-dozen flights each.
Portland, Oregon, mayor declares an emergency over the outage
PORTLAND, Ore. — Mayor Ted Wheeler declared an emergency Friday after more than half of the city’s computer systems were affected by the global internet outage.
Wheeler said during a news conference that while emergency services calls weren’t interrupted, dispatchers were having to manually track 911 calls with pen and paper for a few hours. He said 266 of the city’s 487 computer systems were affected.
Border crossings into the US are delayed
SAN DIEGO — People seeking to enter the U.S. from both the north and the south found that the border crossings were delayed by the internet outage.
The San Ysidro Port of Entry was gridlocked Friday morning with pedestrians waiting three hours to cross, according to the San Diego Union-Tribune.
Even cars with people approved for a U.S. Customers and Border Protection “Trusted Traveler” program for low-risk passengers waited up to 90 minutes. The program, known as SENTRI, moves passengers more quickly through customs and passport control if they make an appointment for an interview and submit to a background check to travel through customs and passport control more quickly when they arrive in the U.S.
Meanwhile, at the U.S.-Canada border, Windsor Police reported long delays at the crossings at the Ambassador Bridge and the Detroit-Windsor tunnel.
Latest
Biden pushes for party unity as more Dems call for him to step aside…
Published
2 months agoon
July 19, 2024
WASHINGTON (AP) — A rapidly growing chorus of Democratic lawmakers called Friday for President Joe Biden to drop his reelection bid, even as the president insisted he’s ready to return to the campaign trail next week to counter what he called a “dark vision” laid out by Republican Donald Trump.
As more Democratic members of Congress urged him to drop out — bringing the total since his disastrous debate against Trump to nearly three dozen — Biden remained isolated at his beach house in Delaware after being diagnosed with COVID-19. The president, who has insisted he can beat Trump, was huddling with family and relying on a few longtime aides as he resisted efforts to shove him aside.
Late Friday, Ohio Sen. Sherrod Brown, a Democrat who is in a tough race for reelection, called for Biden to step aside.
Brown said in a statement that he agrees with “the many Ohioans” who have reached out to him. “I think the president should end his campaign,” he said.
And in a statement later Friday, Rep. Morgan McGarvey, D-Ky., also called on Biden to drop out while saying, “there is no joy in the recognition he should not be our nominee in November. But the stakes of this election are too high.”
Biden said Trump’s acceptance speech at the Republican National Convention showcased a “dark vision for the future.” The president, seeking to move the political conversation away from his fate and onto his rival’s agenda, said Friday he was planning to return to the campaign trail next week and insisted he has a path to victory over Trump, despite the worries of some of his party’s most eminent members.
“Together, as a party and as a country, we can and will defeat him at the ballot box,” Biden said. “The stakes are high, and the choice is clear. Together, we will win.”
Earlier in the day, his campaign chair, Jen O’Malley Dillion, acknowledged “slippage” in support for the president but insisted he’s “absolutely” remaining in the race and the campaign sees “multiple paths” to beating Trump.
“We have a lot of work to do to reassure the American people that, yes, he’s old, but he can win,” she told MSNBC’s “Morning Joe” show. She said voters concerned about Biden’s fitness to lead aren’t switching to vote for Trump.
Meanwhile, the Democratic National Committee’s rulemaking arm held a meeting Friday, pressing ahead with plans for a virtual roll call before Aug. 7 to nominate the presidential pick, ahead of the party’s convention later in the month in Chicago.
What to know about the 2024 Election
- Read the latest: Follow AP’s live coverage of this year’s election.
- Democracy: American democracy has overcome big stress tests since 2020. More challenges lie ahead in 2024.
- AP’s Role: The Associated Press is the most trusted source of information on election night, with a history of accuracy dating to 1848. Learn more.
- Stay informed. Keep your pulse on the news with breaking news email alerts. Sign up here.
“President Biden deserves the respect to have important family conversations with members of the caucus and colleagues in the House and Senate and Democratic leadership and not be battling leaks and press statements,” Sen. Chris Coons of Delaware, Biden’s closest friend in Congress and his campaign co-chair, told The Associated Press.
It’s a pivotal few days for the president and his party: Trump has wrapped up an enthusiastic Republican National Convention in Milwaukee on Thursday. And Democrats, racing time, are considering the extraordinary possibility of Biden stepping aside for a new presidential nominee before their own convention.
Among the democrats expressing worries to allies about Biden’s chances were former President Barack Obama and Speaker Emerita Nancy Pelosi, who has privately told Biden the party could lose the ability to seize control of the House if he doesn’t step aside.
New Mexico Sen. Martin Heinrich called on Biden to exit the race, making him the third Senate Democrat to do so.
“By passing the torch, he would secure his legacy as one of our nation’s greatest leaders and allow us to unite behind a candidate who can best defeat Donald Trump and safeguard the future of our democracy,” said Heinrich, who’s up for reelection.
And Reps. Jared Huffman, Mark Veasey, Chuy Garcia and Mark Pocan, representing a wide swath of the caucus, together called on Biden to step aside.
“We must defeat Donald Trump to save our democracy,” they wrote.
Separately, Rep. Sean Casten of Illinois wrote in an op-ed that with “a heavy heart and much personal reflection” he, too, was calling on Biden to “pass the torch to a new generation.”
Campaign officials said Biden was even more committed to staying in the race. And senior West Wing aides have had no internal discussions or conversations with the president about dropping out.
On Friday, Biden picked up a key endorsement from the political arm of the Congressional Hispanic Caucus. CHC BOLD PAC said the Biden administration has shown “unwavering commitment” to Latinos and “the stakes couldn’t be higher” in this election.
But there is also time to reconsider. Biden has been told the campaign is having trouble raising money, and key Democrats see an opportunity as he is away from the campaign for a few days to encourage his exit. Among his Cabinet, some are resigned to the likelihood of him losing in November.
The reporting in this story is based in part on information from almost a dozen people who insisted on anonymity to discuss sensitive private deliberations. The Washington Post first reported on Obama’s involvement.
Biden, 81, tested positive for COVID-19 while traveling in Las Vegas earlier this week and experienced “mild symptoms” including “general malaise” from the infection, the White House said.
White House doctor Kevin O’Connor said Friday that the president still had a dry cough and hoarseness, but that his COVID symptoms had improved.
Biden noted his illness while making a joke about Trump on social media Friday night, posting: “I’m stuck at home with COVID, so I had the distinct misfortune of watching Donald Trump’s speech to the RNC. What the hell was he talking about?”
In Congress, Democratic lawmakers have begun having private conversations about lining up behind Harris as an alternative. One lawmaker said Biden’s own advisers are unable to reach a unanimous recommendation about what he should do. More in Congress are considering joining the others who have called for Biden to drop out. Some prefer an open process for choosing a new presidential nominee.
“It’s clear the issue won’t go away,” said Vermont Sen. Peter Welch, the other Senate Democrat who has publicly said Biden should exit the race. Welch said the current state of party angst — with lawmakers panicking and donors revolting — was “not sustainable.”
However, influential Democrats including Senate Majority Leader Chuck Schumer and House Democratic Leader Hakeem Jeffries are sending signals of concern.
“There is of course work to be done, and that in fact is the case because we are an evenly divided country,” Jeffries said in an interview on WNYC radio Friday.
But he also said, “The ticket that exists right now is the ticket that we can win on. … It’s his decision to make.”
To be sure, many want Biden to stay in the race. But among Democrats nationwide, nearly two-thirds say Biden should step aside and let his party nominate a different candidate, according to an AP-NORC Center for Public Affairs Research poll. That sharply undercuts Biden’s post-debate claim that “average Democrats” are still with him.
Amid the turmoil, a majority of Democrats think Vice President Kamala Harris would make a good president herself.
A poll from the AP-NORC Center for Public Affairs Research found that about 6 in 10 Democrats believe Harris would do a good job in the top slot. About 2 in 10 Democrats don’t believe she would, and another 2 in 10 say they don’t know enough to say.
___
Associated Press writers Joey Cappelletti in Lansing, Michigan, Ellen Knickmeyer in Aspen, Colorado, Steve Peoples in Milwaukee, and Josh Boak, Will Weissert, Mary Clare Jalonick, Seung Min Kim and Stephen Groves in Washington contributed to this report.