Videos of kids having fun are among the most popular on YouTube. They are also a fast-growing business, one that critics say comes with little regulation and oversight to protect children on either side of the screen. Michelle Quinn reports.
Producer: Michelle Quinn
…

EU regulators accused Apple on Friday of distorting competition in the music streaming market, siding with Spotify in a case that could lead to a hefty fine and changes in the iPhone maker’s lucrative business practices.
 
The preliminary findings are the first time Brussels has leveled anti-competitive charges against Apple, although the two sides have had bruising clashes in the past, most notably a multibillion-dollar tax dispute involving Ireland.
 
Apple, Spotify and other parties can now respond. If the case is pursued, the EU could demand concessions and potentially impose a fine of up to 10% of Apple’s global turnover – as much as $27 billion, although it rarely levies the maximum penalty.
 
Apple found itself in the European Commission’s crosshairs after Sweden-based Spotify complained two years ago that the U.S. tech giant unfairly restricted rivals to its own music streaming service Apple Music on iPhones.
 
The EU competition enforcer, in its so-called statement of objections setting out the charge, said the issue related to Apple’s restrictive rules for its App Store that force developers to use its own in-app payment system and prevent them from informing users of other purchasing options.
 
European Competition Commissioner Margrethe Vestager said there were clear signs Apple’s App Store rules were affecting music streaming rivals’ business development and affecting app developers more widely.
 
“They [app developers] depend on Apple App Store as a gatekeeper to access users of Apple’s iPhones and iPads. This significant market power cannot go unchecked as the conditions of access to the Apple App Store are key for the success of app developers,” she told a news conference.
 
Vestager said Apple should end restrictive practices and refrain from doing anything that would replicate them.
 
She also said other authorities were looking into the issue. “We have contact with other jurisdictions doing similar
cases, that could be the Dutch, the Australians, the Americans,”she said, adding she  also was interested in the app gaming market, although it was early days.
 
Apple rebuffed the EU charge. “Spotify has become the largest music subscription service in the world, and we’re proud of the role we played in that,” it said in a statement.
 
“They want all the benefits of the App Store but don’t think they should have to pay anything for that. The Commission’s argument on Spotify’s behalf is the opposite of fair competition,” it added.  
 Internet Gatekeepers
 
Spotify welcomed the EU move, describing it as “a critical step toward holding Apple accountable for its anticompetitive behavior, ensuring meaningful choice for all consumers and a level playing field for app developers.”
 
Reuters was first to report about the imminent EU antitrust charge in March.
 
Spotify, one of Europe’s few global success stories in consumer technology, is the market leader in music streaming with 356 million active users and 158 million paid subscribers.  
 
Apple Music, launched more recently in 2015, is estimated to have more than 70 million subscribers although the company does not give a separate figure for that part of its business.
 
Competition between the two companies has intensified in recent weeks, with both seeking to build their customer base via supremacy in the market for podcasts.
 
“Europe’s consumers expect and deserve access to a full range of music streaming services without their choices being restricted or prices being inflated unfairly by internet gatekeepers,” said European consumer organization BEUC.
 
The EU charge comes a week before Apple’s face off with Epic Games in a U.S. antitrust trial following a lawsuit by the “Fortnite” creator alleging that Apple has abused its dominance in the market for mobile apps.
 
Epic has complained to the Commission on the same issues. Last month, the UK Competition and Markets Authority opened an investigation into Apple after complaints the iPhone maker’s terms and conditions for app developers were unfair.
…

Videos of kids having fun are among the most popular on YouTube. They are also a fast-growing business, one that critics say comes with little regulation and oversight to protect children on either side of the screen. Michelle Quinn reports.
Producer: Michelle Quinn
…

For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders.  It is the latest supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a steppingstone to sensitive government and corporate computer networks.  The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it.  More than a dozen federal agencies run Pulse Connect Secure on their networks, according to public contract records. An emergency cybersecurity directive last week demanded that agencies scan their systems for related compromises and report back.  The results, collected Friday and analyzed this week, show evidence of potential breaches in at least five federal civilian agencies, said Matt Hartman, a senior official with the U.S. Cybersecurity Infrastructure Security Agency.  “This is a combination of traditional espionage with some element of economic theft,” said one cybersecurity consultant familiar with the matter. “We’ve already confirmed data exfiltration across numerous environments.”  The Ivanti logo and cyber binary codes are seen in this illustration taken April 20, 2021.The maker of Pulse Connect Secure, Utah-based software company Ivanti, said it expected to provide a patch to fix the problem by this coming Monday, two weeks after it was first publicized. Only a “very limited number of customer systems” had been penetrated, it added.  Over the last two months, CISA and the FBI have been working with Pulse Connect Secure’s maker and victims of the hack to kick out the intruders and uncover other evidence, said another senior U.S. official who declined to be named but is responding to the hacks. The FBI, Justice Department and National Security Agency declined to comment.  The U.S. government’s investigation into the Pulse Connect Secure activity is still in its early stages, said the senior U.S. official, who added the scope, impact and attribution remain unclear.  Security researchers at U.S. cybersecurity firm FireEye and another firm, which declined to be named, say they’ve watched multiple hacking groups, including an elite team they associate with China, exploiting the new flaw and several others like it since 2019.  FILE – Security firm FireEye’s logo is seen outside the company’s offices in Milpitas, California.In a statement last week, Chinese Embassy spokesperson Liu Pengyu said China “firmly opposes and cracks down on all forms of cyberattacks,” describing FireEye’s allegations as “irresponsible and ill-intentioned.”  The use of VPNs, which create encrypted tunnels for connecting remotely to corporate networks, has skyrocketed during the COVID-19 pandemic. Yet with the growth in VPN usage so too has the associated risk.  “This is another example in a recent pattern of cyber actors targeting vulnerabilities in widely used VPN products as our nation largely remains in remote and hybrid work postures,” Hartman said.  Three cybersecurity consultants involved in responding to the hacks told Reuters that the victim list is weighted toward the United States and so far includes defense contractors, civilian government agencies, solar energy companies, telecommunications firms and financial institutions.  The consultants also said they were aware of fewer than 100 combined victims so far between them, suggesting a fairly narrow focus by the hackers.  Analysts believe the malicious operation began around 2019 and exploited older flaws in Pulse Connect Secure and separate products made by cybersecurity firm Fortinet before invoking the new vulnerabilities.  Hartman said the civilian agency hacks date to at least June 2020.  Hacking the supplyA recent report by the Atlantic Council, a Washington think tank, studied 102 supply chain hacking incidents and found they surged the last three years. Thirty of the attacks came from government-backed groups, primarily in Russia and China, the report said.  The Pulse Connect Secure response comes as the government is still grappling with the fallout of three other cyberattacks.  FILE – The SolarWinds logo is seen outside its headquarters in Austin, Texas, Dec. 18, 2020.The first is known as the SolarWinds hack, in which suspected Russian government hackers commandeered the company’s network management program to burrow inside nine federal agencies.  A weakness in Microsoft’s email server software, named Exchange, exploited by a different group of Chinese hackers, also required a massive response effort, although there was ultimately no impact to federal networks, according to U.S. officials.  Then a weakness at a maker of programming tools called Codecov left thousands of customers exposed inside their coding environments, the company disclosed this month.  Some government agencies were among the customers whose credentials were taken by the Codecov hackers for further access to code repositories or other data, according to a person briefed on the investigation. Codecov, the FBI and the Department of Homeland Security declined to comment on that case.  The U.S. plans to address some of these systemic issues with an upcoming executive order that will require agencies to identify their most critical software and promote a “bill of materials” that demands a certain level of digital security across products sold to the government.  “We think [this is] the most impactful way to really impose costs on these adversaries and make it that much harder,” said the senior U.S. official. 
…

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday.The department this month announced that it had obtained a warrant from a federal judge in Texas to remove web shells, or malicious code that gives hackers a foothold into networks, from hundreds of vulnerable computers affected by a hack that Microsoft has blamed on a group operating from China.The FBI operation was designed to disrupt the effects of a hack that affected many thousands of servers running the Microsoft Exchange email program. Many victims took steps on their own to safeguard their systems, but for those that who did not, the Justice Department stepped in to do it for them with a judge’s approval.It was the virtual equivalent of police going around the neighborhood locking doors that criminals had opened remotely.”We have a decision to make, which is are we going to go ahead and do that action ourselves or are we just going to leave that malware there, sort of unremediated,” said Assistant Attorney General John Demers, speaking at a virtual discussion hosted by the Project for Media & National Security at George Washington University.He said the operation was one of the very first of its kind and was the subject of extensive discussion by the FBI and the Justice Department. The department is figuring out how it plans to use that capability in the future.”We don’t yet have sort of worked out what our criteria are going to be going forward,” Demers said. “Now that we’ve had this experience, that’s the kind of discussion we’re having internally now.”This is not a tool of first resort that we’re going to be using a couple times a week as different intrusions come up,” he added. “This does require working with the private sector on the right solution. It does require testing to be sure that you’re not going to otherwise disrupt someone’s computer system.”Such operations will be done judiciously in the future, he said.Demers acknowledged concerns from some privacy advocates that the government, without permission of the computer system operators, had gained remote access and removed the web shells.But he pointed out that the department did obtain a judge’s permission and said the government felt compelled to act because, after a period of several weeks, there were still unremediated web shells that continued to serve as access point for “hackers of all stripes.””And so the choice that the government had was just continue to leave those open or take the court-authorized action that we did, and ultimately we decided to move ahead,” Demers said. “But to the extent possible before then, we had been notifying every victim that we could identify of the intrusion.”
…

The decision by global media giants to comply with demands by the Turkish government to open offices in Turkey is prompting concerns about media freedoms. Press freedom advocates say because the companies will now be subject to Turkish laws, that could mean Turkey’s people will no longer have a venue to freely express their views. For VOA, Dorian Jones reports from Istanbul. 
…