Policy

Samsung chair imprisoned and 24 others found guilty in union-busting case

December 18, 2019 by admin

Enlarge / Samsung executive Lee Sang-hoon in November 2017.

Samsung Chairman Lee Sang-hoon yesterday was sentenced to 18 months in prison, following a South Korean court ruling that he violated labor laws with union-busting activities.

Lee “was immediately arrested in court to be sent to jail,” the Financial Times reported.

Lee’s violations came during his time as Samsung chief financial officer between 2012 and 2017; he has been chairman of the board since March 2018. Samsung VP Kang Kyung-hoon also received an 18-month prison sentence for his involvement, the Financial Times wrote. The sentences were handed down by the Seoul Central District Court.

In all, about 25 current and former Samsung executives were found guilty on similar charges of violating labor laws.

“The case largely focused on efforts by Samsung officials, including Mr. Lee, to dismantle the labor union at the company’s customer-service unit,” The Wall Street Journal wrote. “The court convicted Samsung officials on multiple charges, including gathering personal information on some union members, such as their marital status, personal finances, and mental-health histories.”

Samsung admits falling short of “society’s expectations”

Samsung released a statement today saying that the company’s “understanding and view towards labor unions in the past fell short of society’s expectations.”

As Samsung board chairman, Lee Sang-hoon “is responsible for convening quarterly board meetings and reviewing the company’s financial statements before they are sent to shareholders for a vote, among other responsibilities,” the Journal wrote.

State prosecutors found that “Samsung executives used various tactics to discourage union activities, including threatening to cut the wages of employees linked to unions and withdraw business from subcontractors who appeared union-friendly,” the Financial Times wrote.

Prosecutors also alleged that Samsung executives “clos[ed] sub-contracted firms with active unions,” used “sensitive information about union members to convince them to leave,” and “delay[ed] negotiations between labour unions and management,” a BBC article said.

The court found that anti-union activities were “masterminded by executives in the firm’s now-defunct elite strategy group” and that there were “‘countless documents’ detailing tactics to undermine union activities that were distributed to affiliates by the elite unit,” the BBC wrote.

“While Lee claims there were many areas he did not know much about, [we] cannot give him immunity only due to the fact that [he] was not aware of the peripheral areas,” the judge in the case said.

Lee was indicted on the charges in September 2018.

In another case, Samsung de facto leader and Vice Chairman Lee Jae-yong was sentenced to five years in prison after being found guilty of bribery, embezzlement, hiding assets abroad, and perjury. But an appeals court in February 2018 reduced his sentence and suspended some of the charges, letting him walk free after about a year in prison. (There is no relation between Lee Jae-yong and Lee Sang-hoon.)

Hackers steal data for 15 million patients, then sell it back to lab that lost it

December 18, 2019 by admin

Enlarge

US Air Force/Senior Airman Katie Gieratz

Canada’s biggest provider of specialty laboratory testing services said it paid hackers an undisclosed amount for the return of personal data they stole belonging to as many as 15 million customers.

Toronto, Ontario-based LifeLabs Notified Canadian authorities of the attack on November 1. The company said a cyberattack struck computer systems that stored data for about 15 million customers. The stolen information included names, addresses, email addresses, customer logins and passwords, health card numbers, and lab tests.

The incident response, company President and CEO Charles Brown said in a statement, included “retrieving the data by making a payment.” The executive added: “We did this in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals.” The statement didn’t say how much LifeLabs paid for the return of the data. Representatives didn’t immediately respond to an email seeking the amount.

According to an advisory issued by the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia: “LifeLabs advised our offices that cyber criminals penetrated the company’s systems, extracting data and demanding a ransom. LifeLabs retained outside cybersecurity consultants to investigate and assist with restoring the security of the data.”

LifeLabs said that its investigation so far indicates that the accessed test results were from 2016 or earlier and belonged to about 85,000 customers. Accessed health card information was also from 2016 or earlier. So far, there’s no indication any of the stolen data has been distributed to parties other than LifeLabs.

The LifeLabs statement said that company officials have fixed the system that led to the breach. The company is providing a year of free identity theft monitoring and identity theft insurance. Affected customers can sign up for the help here.

No-fiber zone: FCC funds 25Mbps, data-capped satellite in rural areas

December 17, 2019 by admin

Enlarge / Viasat-2, a satellite launched by Viasat in 2017.

Viasat

The Federal Communications Commission is giving $87.1 million in rural-broadband funding to satellite operator Viasat to help the company lower prices and raise data caps.

The FCC’s Connect America Fund generally pays ISPs to expand their networks into rural areas that lack decent home Internet access. Viasat’s satellite service already provides coverage of 98 percent of the US population in 50 states, so it doesn’t need government funding to expand its network the same way that wireline operators do. But Viasat will use the money to offer Internet service “at lower cost to consumers, while also permitting higher usage allowances, than it typically provides in areas where it is not receiving Connect America Fund support,” the FCC said in its announcement yesterday.

Viasat’s $87.1 million is to be used over the next 10 years “to offer service to more than 121,700 remote and rural homes and businesses in 17 states.” Viasat must provide speeds of at least 25Mbps for downloads and 3Mbps for uploads.

While the funding for Viasat could certainly improve access for some people, the project helps illustrate how dire the broadband shortage is in rural parts of many states. Viasat’s service is generally a last-ditch option for people in areas where there’s no fiber or cable and where DSL isn’t good enough to provide a reasonably fast and stable connection. Viasat customers have to pay high prices for slow speeds and onerous data limits.

Future services relying on low-Earth-orbit satellites from companies such as SpaceX and OneWeb could dramatically boost speeds and data caps while lowering latency. But Viasat’s service still relies on satellites in geostationary orbits about 22,000 miles above the planet and suffer from latency of nearly 600ms, much worse than the 10ms to 20ms from fiber services (as measured in customer homes by the FCC in September 2017). Viasat’s service is classified by the FCC’s Connect America Fund as “high latency,” which is less than or equal to 750ms.

The Connect America Fund is paid for by Americans through fees on their phone bills.

Prices and data caps not revealed

A Viasat spokesperson would not tell us what prices and data caps will be applied to the company’s FCC-subsidized plans. Viasat said it will provide the required 25Mbps service “along with an evolving usage allowance, and at FCC-defined prices, to certain areas, where we will be subject to a new range of federal and state regulations.”

The materials released by the FCC yesterday don’t provide price and data-cap information, either. We contacted the FCC and will update this article if we get any answers.

Viasat’s current prices and data allotments are pretty bad, so hopefully there will be a significant improvement. Plans and pricing vary by ZIP code; offers listed on BroadbandNow include $50 a month for download speeds of up to 12Mbps and only 12GB of “priority data” each month. The price rises after a two-year contract expires.

“Once priority data is used up, speeds will be reduced to up to 1 to 5Mbps during the day and possibly below 1Mbps after 5pm,” BroadbandNow’s summary says. Customers can use data without affecting the limit between 3am and 6am.

Other plans include $75 a month for speeds of 12Mbps and 25GB of priority data; $100 a month for 12Mbps and 50GB; and $150 a month for 25Mbps and “unlimited” data. Even on the so-called unlimited plan, speeds “may be prioritized behind other customers during network congestion” after you use 100GB in a month. Because of these onerous limits, Viasat lowers streaming video quality to reduce data usage. Viasat says it provides speeds of up to 100Mbps but only “in select areas.”

Viasat also charges installation fees, a $10-per-month equipment lease fee, and taxes and surcharges. Viasat offers a two-year price lock, but this does not apply to the taxes and surcharges. In order to avoid signing a two-year contract, you have to pay a $300 “No Long-Term Contract” fee.

Sacklers siphoned nearly $11 billion from Purdue amid opioid crisis

December 17, 2019 by admin

Enlarge / A Tufts employee removes letters from signage featuring the Sackler family name in Boston on Dec. 5, 2019. Tufts University stripped the Sackler name from buildings and programs after months-long conversations and a report that censured the school for its relationship with the family behind OxyContin, an opioid blamed for hundreds of thousands of deaths nationwide. The Sackler family gave Tufts $15 million over nearly 40 years and got its name prominently displayed throughout the university’s Boston health sciences campus.

Getty | Boston Globe

As the epidemic of opioid abuse and overdoses ravaged the United States—claiming hundreds of thousands of lives—the Sackler family withdrew more than $10 billion from its company, OxyContin-maker Purdue Pharma. That’s according to a new 350-page audit commissioned by Purdue as part of the company’s Chapter 11 bankruptcy restructuring.

The revelation is likely to fuel arguments from some states that say the Sacklers should offer up more cash to settle the more than 2,800 lawsuits accusing them and Purdue of helping to spark the opioid crisis. The plaintiffs in those cases—mostly states and local governments—collectively allege that Purdue and the Sacklers used aggressive and misleading marketing to push their highly addictive painkillers onto doctors and patients.

In a proposed $10-$12 billion settlement, the family has offered at least $3 billion of its own fortune. The family also said it would give up ownership of Purdue, which will transform itself into a public-benefit trust.

While some of the states have tentatively agreed to the deal, 24 states say that the offer isn’t good enough—and that the information in the new audit proves it.

New York Attorney General Letitia James said in a statement:

The fact that the Sackler family removed more than $10 billion when Purdue’s OxyContin was directly causing countless addictions, hundreds of thousands of deaths, and tearing apart millions of families is further reason that we must see detailed financial records showing how much the Sacklers profited from the nation’s deadly opioid epidemic… We need full transparency into their total assets and must know whether they sheltered them in an effort to protect against creditors and victims.

The audit doesn’t reveal the family’s total worth or where all the Purdue money ended up. But what it does reveal doesn’t paint a flattering picture of the Sacklers.

Follow the money

Most strikingly, the audit shows that the family dramatically ramped up its withdrawals as the opioid epidemic raged. Between 1995 and 2007, the family withdrew just $1.3 billion from Purdue. But from 2008 to 2017, the family’s withdrawals totaled $10.7 billion, peaking at $1.7 billion in 2009, as The New York Times points out.

In 2007, Purdue and three of its executives pleaded guilty in federal court to misleading regulators, doctors, and patients about the addictiveness and abuse-potential of OxyContin.

The boost in withdrawals and its timing appear to support the argument from some states that the Sacklers were trying to shield OxyContin profits from the avalanche of litigation they saw coming. As NPR notes, a briefing filed in court and signed by 25 attorneys general read:

The Sacklers knew that the profits were not safe inside Purdue. Richard Sackler warned, in a confidential memo, that the company posed a “dangerous concentration of risk.” Purdue’s CFO stated that a single lawsuit by a state attorney general could “jeopardize Purdue’s long-term viability.” So the Sacklers pulled the money out of the company and took it for themselves. The Sacklers have directed Purdue to pay their family as much as $13 billion.

Where the money ended up is still unclear. As the NYT points out, money was often directed to trusts in places considered tax havens, such as Luxembourg or the British Virgin Islands. The audit also outlined the complex way in which the family sometimes moved money around. In some cases, Purdue money moved through a series of companies, including Rosebay Medical and Beacon Co., holding companies controlled by the family. In 2017, a set of a dozen transactions moved money through several companies before finally directing it to a Japanese division of Mundipharma, the Sacklers’ global pharmaceutical company. The audit does not provide an explanation for the transfers.

Some junk for sale on Amazon is very literally garbage, report finds

December 17, 2019 by admin

Enlarge / The Amazon logo at the entrance of a logistics center in France, July 2019.

Denis Charlet | AFP | Getty

Some days it seems like searching for an item on Amazon just brings up endless pages of junk with no clear pattern. There’s a reason for that, it turns out: dumpster divers are, in fact, literally reselling discarded junk.

Resellers hunt through trash to find and repair treasures, the Wall Street Journal reported today. Those sellers, for understandable reasons, mostly didn’t want to talk to the WSJ, so reporters for the paper tried it themselves.

Writers went digging through the trash in New Jersey and came up with dozens of items to sell, such as “a stencil set, scrapbook paper, and a sealed jar of Trader Joe’s lemon curd.” Setting up a storefront and listing the items for sale was “easy,” the WSJ said.

Amazon’s screening process seemed to be haphazard, the paper added:

After a later dumpster dive, the Journal was able to go through almost all of the listing process with salvaged breath mints, sunflower seeds, marmalade, crispbread, fig fruit butter, olives, a headband and a Halloween mask—stopping just short of shipping them to the Amazon warehouse, which is required for an item to appear for purchase on the site.

To list a sunscreen lotion, Amazon asked for a safety-data sheet. Attempts to list a protein powder, a pea-powder dietary supplement and a face sheet mask—all from the dive—elicited a request from Amazon for proof of purchase.

Nothing in Amazon’s rules prevented “salvaged” items from being resold, at the time. The policies do require that most goods be new, but the rules also allow for certain product categories to be sold used, including books and electronics, as long as those listings are clear about those items being used.

Amazon updated its seller policies after the WSJ contacted the company about this story to include a prohibition on items “intended for destruction or disposal or otherwise designated as unsellable by the manufacturer or a supplier, vendor, or retailer.”

“Sellers are responsible for meeting Amazon’s high bar for product quality,” a company spokesperson told the WSJ, adding that the company was investigating and such stores were “isolated incidents.”

Not so high a bar

The Amazon sellers who find and repair or clean and sell usable goods from the trash are not a new phenomenon. Any flea market, secondhand shop, or closeout store features “found” items, some of which genuinely are surprisingly high-quality, like-new finds. These sellers are just taking the business model online.

But consumer expectations at a flea market are very different from consumer expectations at Amazon. Most shoppers are going to expect that an item “fulfilled by Amazon” (as many third-party items are) is delivered by an Amazon Prime-branded van, dispatched from an Amazon warehouse, and actually new—especially when it’s described that way on a product page.

Amazon consumers, though, are increasingly having to get used to shopping at their own risk. Counterfeit items, especially imported ones, are rampant on the site, as are listings for recalled, unsafe, or defective goods.

The WSJ analyzed about 45,000 shopper comments left on product listings in 2018 and 2019 and found 8,400 comments on 4,300 food, makeup, and over-the-counter drug items making reference to “unsealed, expired, moldy, unnaturally sticky, or problematic” goods. Of those 4,300 products, 544 had “Amazon’s Choice” flags promoting them to consumers in search results.

Update: Amazon contacted Ars to repeat the statements it issued to the WSJ. The company also added that any “negligent and potentially illegal activity” by some seller is “unfair to the vast majority” of sellers on the site. Additionally, the company says it has “expanded the scope of our existing supply-chain verification efforts including increased spot checks of source documentation to ensure seller compliance with our policies.”

Amazon also said, “sourcing items from the trash has always been inconsistent with Amazon’s high expectations of its sellers and prohibited by the Seller Code of Conduct on Amazon, which requires that sellers act fairly and honestly to ensure a safe buying and selling experience.”

Engineer says Google fired her for browser pop-up about worker rights

December 17, 2019 by admin

Enlarge / A 2018 walkout to protest Google’s handling of sexual misconduct allegations was an early sign of increasing worker assertiveness at the company.

Another former employee has accused Google of violating federal labor law by firing her for activities related to labor organizing. In a Tuesday blog post, Kathryn Spiers says Google terminated her after she created a browser tool to notify employees of their organizing rights.

It’s the latest sign of tension between Google and portions of its workforce. Last month, Google fired four workers who were involved in workplace organizing. Google said that the employees had violated company policies by accessing documents without authorization. The workers say that these charges were trumped up to justify purging employees who had been effectively organizing Google’s workforce. The National Labor Relations Board is investigating those firings.

Back in September, Google reached a settlement with the NLRB over earlier alleged violations of federal labor law. Under the settlement, Google was required to post a list of employee rights in its Mountain View headquarters.

Spiers says she worked on a Google security team that was focused on how Google employees used Chrome within the company. Part of her job was to “write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the Web.”

So when Google hired a consulting company known for its anti-union work, Spiers wrote a notification that would appear whenever Google employees visited the firm’s website. The notification stated that “Googlers have the right to participate in protected concerted activities.” That’s a legal term of art for worker organizing efforts. It also included a link to the worker rights notification mandated by the NLRB settlement.

Google responded swiftly and harshly, according to Spiers. She was suspended from her job pending an investigation. Spiers writes that Google officials “dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace.” She says she wasn’t allowed to consult with a lawyer.

Two weeks later, on December 13, Spiers was fired. She was told that she had violated Google’s policies but couldn’t get more details about which policies she had violated.

The Communications Workers of America, a union active in the telecommunications industry, has filed an NLRB complaint on Spiers’ behalf. The complaint argues that her firing was an “attempt to quell Spiers and other employees from asserting their right to engage in concerted protected activities.”

Update: Google executive Royal Hansen explained Spiers’ firing in an email Google shared with several media outlets.

“She misused a security and privacy tool to create a pop-up that was neither about security nor privacy,” Hansen wrote. “She did that without authorization from her team or the Security and Privacy Policy Notifier team, and without a business justification. And she used an emergency rapid push to do it.”

Hansen argued that the firing had nothing to do with the content of the message. “The decision would have been the same had the pop-up message been on any other subject,” he argued.

Russian media group Rambler attempting to hold Nginx hostage

December 16, 2019 by admin

Enlarge / This listing image is slightly hyperbolic—Nginx co-founders Sosoev and Konovalov didn’t do time in jail, they were “just” detained and interrogated at gunpoint in their homes at 7am local time.

Maxim Konovalov and Igor Sysoev—founders and creators of the popular Web server software Nginx—were arrested, detained, and interrogated last Thursday. Sysoev’s former employer, Rambler—Russia’s third-largest Internet company, which occupies a roughly similar position in Russian-language Internet to Yahoo or AOL at their height in the English-speaking world—alleged that it owned the rights to Nginx’s source code, due to Sysoev having originally developed it while an employee at Rambler.

In an interview with Meduza.io—a news site focusing on Russian and former Soviet Union reporting—founder Konovalov decried Rambler’s move as “a typical racket, simple as that,” and he went on to state that no attempt had been made to negotiate with or even notify him or Sysoev before the raid happened. Their first indication of a problem came with the police raids which detained the two, seized IT equipment from them, and interrogated them early that morning. Konovalov described the raid as “professional and polite, if you exclude the fact that special forces agents were standing around with automatic weapons… then there were interrogations. Generally speaking, the questions weren’t particularly interesting or pleasant.”

Konovalov characterized the move as a money-grabbing shakedown from the current leadership at Rambler, inspired by Nginx’s $670 million acquisition by American tech giant F5 Networks approximately six months earlier.

He told Meduza:

Nginx was officially registered in 2011, and it’s now 2019, and in all this time Rambler never raised any issues… there was the deal with F5, the big money became palpable, and then we see the desire to grab a piece of it for themselves. It’s a typical racket. Simple as that.

Konovalov and Sysoev were not even certain what criminal charges were filed against them. But earlier today, Rambler requested the Russian courts to drop the criminal charges and instead turned to civil litigation. This follows Konovalov’s earlier prediction that the criminal charges were merely being used as an excuse to go on a fishing expedition for leverage to use in a civil case. Rambler further claimed it was cutting ties with the “Lynwood” law firm which had filed criminal charges; but this seems likely to be a move for show only, since Lynwood Investments is tied to Alexander Mamut—a Russian billionaire who is co-owner of Rambler itself.

A simple cash grab?

Although Nginx co-founder Konovalov characterizes the move by Rambler as a simple cash grab inspired by Nginx’s $670 million acquisition, the potential ramifications are far wider-reaching than ~42 billion rubles in cold hard cash. A successful, retroactive acquisition of the rights to Nginx would not just give Rambler access to that cash—it would also provide the ability to declare the entire open source license of the Nginx platform invalid.

This would, in turn, open up effectively the entire developed world’s tech industry to shakedowns for licensing fees—both for continued operation, and in theory, retroactively for more than a decade of “unlicensed” usage.

Since the Nginx license was a weak, permissive license—largely akin to the BSD license, requiring nothing but acknowledgement of the original copyright notice in source code and documentation—Nginx has not just proliferated directly as a Web server used on general purpose computers but also as a key embedded component of many other solutions. For instance, Symantec’s Blue Coat appliances, Sophos’ Email Appliances, and Netflix’s Open Connect Appliances all depend on Nginx.

Moving back to “simple” software deployments, UK Internet services company Netcraft lists Nginx as the single-most common Internet-facing Web server on the planet in its Q3 2019 Web server survey, with more than 31 percent of all sites surveyed detected as Nginx. Filtering to only “active” sites seemingly reduces Nginx to the second-most common server, with Apache at 30 percent and Nginx at 20 percent. But this conveniently ignores a whopping 37 percent of “other” results, representing Web servers locked down in production too tightly to be easily classified. Many of those “other” servers will also be Nginx or Nginx derivatives.

Enlarge / As of December 2019, Nginx is even more popular than Apache. Netcraft confirms it.

If Russian courts were to grant a civil victory to Rambler and award it ownership of the rights to Nginx, the sweeping impact on the entire global technical industry is difficult even to estimate. A simple self-hosted blog might be able to swap out Nginx for Apache in a few hours. A more complex and heavily optimized site, designed to field a lot of traffic, might get back on its feet nearly as quickly but operate at reduced capacity for a week.

Meanwhile, the industry giants which depend on Nginx include Facebook, Netflix, and WordPress. Add in Cloudflare‘s Content Distribution Network and DDoS protection service, and it becomes easier to discuss what portion of the Internet wouldn’t stop working without Nginx than which ones would.

It seems difficult to believe that this fact is lost on the Rambler executives who initiated this grab. But it also seems difficult to believe that the rest of the world would tolerate it and honor a Russian-court decision with such far-ranging effects. Adding to the already ham-handed obviousness of the grab—which comes more than a decade after Nginx established itself as both a service company and a significant part of the global Internet infrastructure—Igor Ashmanov, a Rambler chief executive from the time Sysoev worked at the company, declared on Facebook that “developing software wasn’t part of [Sysoev’s] job description at all,” and “Rambler [probably can’t] come up with a single piece of paper, never mind a non-existent task to develop a web server.”

This author believes that it would be difficult to find a court outside Russia’s direct control that would issue injunctions based on such a decision which would necessarily bind the entire visible Internet from operation. As dark as politics has become, I believe sanctioning corruption this immediately and obviously visible and damaging to both tech industry giants and everyday citizens—No cat memes today? No pictures of each others’ lunches? Sacrilege!—would represent immediate political suicide no elected official would likely believe they could ignore.

Amazon bans third-party merchants from shipping with FedEx

December 16, 2019 by admin

Enlarge / Amazon’s going to need some bigger boxes to ship those Outpost racks next year.

If you’re cramming last-minute Christmas or Hanukkah shopping online ahead of next week’s holidays, and it absolutely, positively has to be there overnight, don’t count on FedEx being the service to get it there for you. Not only is Amazon no longer working with the carrier, but now third-party merchants are banned from using the service, too.

The Wall Street Journal obtained a copy of a message Amazon sent to its third-party vendors Sunday night explaining the prohibition. Starting this week, marketplace vendors offering Prime shipments will not be allowed to use FedEx Ground or Home services. This ban will persist “until the delivery performance of these ship methods improves.”

Third-party retailers accounted for about 58% of Amazon’s retail activity in 2018, company CEO Jeff Bezos said earlier this year, and sold a cumulative $160 billion worth of goods. The vendor marketplace is on track to be at least as large a share of Amazon’s retail business in 2019.

FedEx ended its last domestic contract with Amazon in August in part due to that in-house business. “High-volume shippers such as Amazon “are developing and implementing in-house delivery capabilities and utilizing independent contractors for deliveries, and may be considered competitors,” FedEx wrote in an investor document earlier this year. The company added that Amazon in particular is “investing significant capital to establish a network of hubs, aircraft, and vehicles.”

A FedEx representative told the WSJ that the impact to the shipping firm is “minuscule,” while admitting that Amazon’s directive “limits the options for those small businesses on some of the highest shipping days in history.”

Marketplace sellers selling items marked for Amazon Prime delivery can use UPS services, FedEx’s Express service (which is pricey), or Amazon’s own in-house logistics business (which the company heavily encourages vendors to use). That encouragement is so heavy, in fact, that at least one merchant has complained to Congress that the shipping business should be considered one of Amazon’s many potential antitrust violations.