News Article | April 15, 2016
It's already one of the major companies dominating website hosting, with advertising that blankets the country from subway cars to print magazines. Now Squarespace is getting even more ambitious, looking to take on GoDaddy and move in on the domain registration business with a new product that allows users to buy and process their desired URLs through the site. The company’s new product, Squarespace Domains, entered soft launch in early April. CEO Anthony Casalena tells Fast Company that he is enthusiastic about the new product while also taking some veiled digs at other domain services. "We looked around at the competitive landscape," Casalena said. "And we were like ‘My God, this industry is so old and has so little innovation,’ and there were very antiquated products for people doing this even though it’s such a fundamental piece of doing a website." Depending on the name of the URL that’s purchased, Squarespace charges between $20 and $70 a year. Pricing is set depending on the top-level domain used and includes an ad-free parking page that follows Squarespace’s aesthetic along with WHOIS privacy. By comparison, the company’s fully hosted plans hover between $96 and $144 yearly for personal accounts. By offering this product, Squarespace is able to offer a workaround for a price point issue that’s challenged them for some time: Customers with a Squarespace account (Disclosure: This writer uses Squarespace to host his own website) have to pay separately for each site they open with the company. No volume discounts or package deals are normally offered. This means that, in the past, a customer such as a small business that’s looking to set up a separate site for something like a pop-up sale had to either buy a separate account (which can be quite pricey) or be lost to competing products such as About.me, Wix, Weebly, or WordPress. Most importantly, those customers registered their domains through third-party providers—even though they were already paid-up Squarespace consumers. It also gives the company a lower-priced product to hook customers who aren’t completely sold on a full-featured website yet. Promotional materials sent to Fast Company mentioned that "a 2014 survey by Vistaprint found that 43% of small businesses choose a domain name before doing anything else online, and anecdotal evidence suggests that many of our customers prefer to start with a domain as well." Casalena added that "domains aren’t the most exciting thing in the world, but we have a good take on it and we’re excited to bring it into the modern age." In the coming months, the company plans to add free SSL certificates—and, crucially for keeping users in their ecosystem—the ability for current Squarespace customers to shift their non-Squarespace domain registrations to the company. Domain hosting is the latest in a number of new product launches that Squarespace has made in the past year to target specific customer niches. In late 2015, the company introduced single-page websites with limited functionality that cost $60 per year at press time (making them cheaper, in some cases, than the domain product) and a new e-commerce product targeted at small businesses that starts at $312 yearly. Squarespace’s goal seems to be simple: Keep their customers in their ecosystem for as long as possible, and introduce progressively lower-priced products with limited functionality to attract customers who’d otherwise use competing products (including free and freemium alternatives). Their hope is that by offering domains, they’ll attract users who will be more than happy to build a full-featured website later on.
A new report suggests that a data-driven tool meant to reduce gun violence was ignored by police and, in a few cases, may have been misused. Can technology be used to predict—and prevent—crime? In the case of Chicago’s recent attempt to prevent gun violence, the answer seems to be no. A new report put together by Jessica Saunders and colleagues at the RAND Corporation examines how the Chicago Police Department implemented a predictive policing pilot project in 2013 and 2014. The city used a computer model to examine data on people with arrest records and come up with a list of a few hundred individuals deemed at elevated risk of being shot (or committing a shooting—the two groups have a striking amount of overlap). The idea was that police would be able to use the list to reach out to people and try to help them out of high-risk situations. But the report, published in the Journal of Experimental Criminology, suggests two big problems with the program. First, the researchers found that in over two-thirds of cases, police throughout the city simply ignored the list (the formal name of which is the Strategic Subjects List, or SSL). They write: Overall, the observations and interview respondents indicate there was no practical direction about what to do with individuals on the SSL, little executive or administrative attention paid to the pilot, and little to no follow-up with district commanders. This suggests that the department’s rank and file were left perplexed by the data in front of them—probably because, as the Verge points out, no fewer than 11 other violence reduction programs were in play at the time. As a result, officers went about the business of everyday police work. And when no one from upper management looked in to see if anyone was using the system’s recommendations, they fell by the wayside. When police did attempt to act on the list, the results weren’t very inspiring. The sample size was small—officers used the list to make just nine arrests. But the researchers found that people on the list were nearly three times as likely to be arrested for a shooting as those who didn’t get flagged by the system: The finding that the list had a direct effect on arrest, rather than victimization, raises privacy and civil rights considerations that must be carefully considered, especially for predictions that are targeted at vulnerable groups at high risk of victimization. The picture this study paints is not of a technology that is about to revolutionize crime-fighting or turn the tide of gun violence in Chicago. It’s of a highly imperfect initiative that, when first implemented, confused officers more than it helped them. Gun violence is a huge problem in Chicago, and it’s understandable that city officials would want to bring technological tools to bear on the problem. But despite our obsession with data, it isn’t a solution. It is, at best, just another tool—one that needs to be handled with extreme care, especially when lives are at stake. Read more: (BoingBoing, The Verge, New York Times, “Data-Toting Cops,” “The Problem with Our Data Obsession”)
News Article | March 18, 2016
On June 9, 2013, a then-unknown intelligence contractor named Edward Snowden revealed himself to be the source behind a series of explosive scoops based on top secret National Security Agency documents. The next day, a secret court in Virginia ordered the owner of a small email provider in Texas to help investigators surveil Snowden’s email communications. That order set off a long legal fight that was mostly shrouded in complete secrecy for two months, until Ladar Levison, the owner of the email provider called Lavabit, decided to shut down his service rather than “become complicit in crimes against the American people,” as he put it at the time. Even then, most details of the case remained under seal until October 2013, when a judge in Alexandria agreed to publish part of the court documents filed in the fight. Finally, in early March of this year, almost three years later, the judge ordered even more documents to be released. Some information in the court documents still remains redacted, such as the basis, or “probable cause,” as to why the US government was interested in Snowden’s email data. In fact, the US government went to great lengths to redact who the case was really about. But a mistake in the redaction process confirms it was indeed about Snowden’s email. But more importantly, read again three years later, the documents shed the light on a case that in many ways shares many similarities with the recent fight between the FBI and Apple. At the heart of both cases there’s the same fundamental question: How far can the US government force tech companies to go to help access their users’ data? After Snowden outed himself, the government wanted to get a bunch of information from Snowden’s Lavabit account, including his IP address and the unique ids (MAC addresses) of the computers he used while sending emails from the service, as well as payment and other records. Part of the court order asking Levison to disclose Snowden’s email metadata. Levison responded to the government’s order by mail on June 11, providing “very little” of the information the government wanted, according to the documents. At that point the US government got another order compelling Levison to install what’s known as a “pen register” to get Snowden’s email metadata in real-time. When the feds showed up at Levison’s door to hand deliver him the order, he said that’d be impossible, because the target of the investigation had paid to have an extra layer of protection on his account, so all that information was encrypted. But the FBI had done its homework, and already had another card under its sleeve: If only Levison agreed to hand over the encryption keys protecting Lavabit’s server, then the feds themselves could “capture the user’s connections, and password in the clear.” A few days later Levison himself admitted that the FBI’s solution was technically possible in an email to the prosecutor. Part of Levison’s email to the prosecutor in the case. In a hearing on July 16, Levison went to court by himself, without the help of a lawyer, arguing he had been ready to comply with the pen register order ever since he met with the FBI agents, but he also said giving up the encryption keys was too much, because it would compromise the privacy of all his customers, not just the one target of this investigation. “Those keys are used to secure the traffic for all users,” Levison said, according to a transcript. “I’ve always been willing to accept the [pen register] device. I just have some concern about ensuring that it’s used properly,” he later added. Levison, who claimed to have brought a copy of Lavabit’s encryption keys in case he was forced to give them up, also asked for the case to be made public. “I believe it’s important for the industry and the people to understand what the government is requesting by demanding that I turn over these encryption keys for the entire service,” he added. The prosecutor snarkily dismissed this request, arguing that all Levison wanted was to get the industry “to come in and litigate as a surrogate for him.” “I don’t think he’s entitled to try to make this a public proceeding to invite others in to litigate those issues on his behalf,” said Assistant US Attorney James Trump, adding that by industry he meant groups and others “who have litigated issues like this in the WikiLeaks context and others.” Judge Claude Hilton didn’t directly weigh on the merits of Levison’s argument, but eventually rejected it, simply saying that “this was a criminal investigation” and it required secrecy. The prosecutor reiterated that this was just about one account, and dismissed Levison’s concern that the FBI could spy on all his 400,000 customers saying there wouldn’t be any agents “looking through the 400,000 other bits of information, customers, whatever.” In a previous filing, the US government had also argued that giving up SSL keys wasn’t a big deal because Levison could just change them after the government was done intercepting data from Snowden’s email account. Eventually, Judge Hilton ordered Levison to turn over the keys in 24 hours. Within the deadline, Levison complied with the order, but delivered the 2,560 characters making up the keys in an extremely small font spread over an 11-page printout. A portion of the Lavabit encryption keys Levison printed in a tiny font on 11 pages. Then the government complained and got the court to impose a sanction of $5,000 per each day of delay until Levison delivered the keys in an electronic form. Two days and $10,000 later, Levison apparently gave up, sending a “usable version of Lavabit’s encryption keys” to the government. The next day, however, he shut down his service, making those keys completely useless. THE SHADOW OF LAVABIT OVER THE APPLE VS FBI CASE While many circumstances in the Lavabit case are different than the case of the San Bernardino shooters’ iPhone, there are also obvious similarities. In the Lavabit case, the feds argued it was just about one account; in the Apple case, the US government claims this is just about one phone. In both cases, the feds argued that it’s not too burdensome to simply hand over some code. Given Lavabit’s precedent, some are worried that what happened with Levison and his small email provider could happen again with the giant Apple. That’s not just speculation—the Justice Department explicitly cited the Lavabit case in a footnote in its most recent filing in the case. The government’s argument is essentially that its current order, which asks Apple to undermine some security features of the iPhone’s operating system so that it can hack into it, is just a friendly request that could very well anticipate a more unkind one: get Apple to surrender its developer encryption keys so that investigators can write and install their own version of Apple’s operating system to get around its security measures. “Such a move would signal a race to the bottom of the slippery slope that has haunted privacy advocates: A world where companies can be forced to sign code developed by the government to facilitate surveillance,” Julian Sanchez, a surveillance expert and fellow at the Cato Institute, wrote in a blog post on Thursday. Sanchez also notes that what’s even more worrying is that such a request could potentially rely on firmer legal ground that the FBI’s current one, which relies on an obscure and controversial 1789 law. “‘Give us your dev key’ is probably on firmer ground legally than ‘write custom code for us’ but arguably way, way scarier,” Sanchez said earlier. Furthermore, several tech companies have been forced to give up their source code in the past, as a ZDNet investigation published on Thursday revealed. It’s unclear if those cases involved encryption keys, but it wouldn’t be a stretch for the US government to argue that it makes no difference. Whether the judge in the Apple case, and the judges who will hear the inevitable appeals, will side with the government—if it ever decides to request Apple’s keys—remains to be seen. In the meantime, Levison, who’s been working on a more secure replacement for email since shutting down Lavabit, chastised the government for trying to draw a parallel with his case, calling it “disturbing.” In a statement published on Wednesday, Levison highlighted the fact that the appeals court that held up the sanctions against him for refusing to comply with the pen register order based his decision “on a contrived procedural technicality,” not on the merits of the original request. In other words, according to him, Lavabit’s case shouldn’t be considered a precedent, although it does have something in common with the Apple case. “The current Apple case, together with the Lavabit case, join a growing litany of recent court decisions which have eroded away our personal liberties,” he wrote. “Taken together, these rulings force us to ask difficult questions. Specifically, can the federal government be trusted to defend our rights, and protect our freedom?”
News Article | March 21, 2016
As a general rule, spying equipment always gets smaller and easier to handle as companies continue to improve and develop their products. Now, it looks like one surveillance vendor has managed to cram a device that promises to remotely steal targets' social media passwords from smartphones into a backpack-sized bag. “Small lightweight solution for Tactical Operational Field Team following target,” a brochure from Israeli company Magen 100 reads. The brochure itself is undated, but was distributed as part of Interpol World 2015, a trade event that took place in Singapore. The item described is the “MABIT Scope,” part of Magen's range of “app and cloud interception” products, and is accompanied by a photograph of a black backpack. These devices can supposedly be used to “scan for all smartphones within range,” and then steal passwords to cloud data from target devices. Magen gives the example of Gmail, Hotmail, and Google Drive. It is not totally clear how the device is supposed to work, and the same goes for similar products. Rayzone Group offers the “InterApp,” which it claims is able to steal the data of “any phone user” within its proximity, and relies on “smartphone application vulnerabilities,” according to the company’s website. And Wintego sells a product called “WINT”. This Mabit Scope model, however, purports to be small and portable enough to fit into a backpack. Earlier this year our colleagues at VICE News saw similar spy tech, you can see a demo around the 2:44 mark in the above video. When asked whether this was the case, Avi Yariv, marketing manager for Magen, simply told Motherboard in an email “We provide the good guys tools to fight bad guys, some things should be kept secret.” Magen is approved to export products under the government of Israel and international law, according to another document from Interpol World 2015. Richard Tynan, a technologist from Privacy International, said that the company's claims did seem legitimate. “A laptop or tablet could perform this task but would be limited by how much data it could process,” he told Motherboard in an email. He added that more companies will likely start advertising similar products, and new dangers may come along with this. “For example, intercepting app and cloud communications that are secured with SSL may require the installation of a fake root certificate which may compromise multiple aspects of the device, including its update mechanisms,” he wrote. Indeed, other companies are advertising backpack-sized interception devices too. According to a photo of a brochure shared with Motherboard by Privacy International, defense contractor Netline Communications Technologies markets the “ManPack,” a fairly clunky piece of kit that can intercept “WiFi communications.” Netline seemingly pitches this as technology for the military. Magen's products on the other hand, are for the police, intelligence, government and the military, according to its brochure. The company's website also suggests to clients that its products can be used to counter illegal protests and riots, or monitor borders. “Who do you really want to let into your country?” the website reads. The Magen brochure lists potential targets as “crime and vandalism,” as well as terrorism and drug trafficking.
News Article | May 22, 2015
CHICAGO--(BUSINESS WIRE)--Marcus & Millichap (NYSE: MMI), a leading commercial real estate investment services firm with offices throughout the United States and Canada, announced the sale of a nine-building, 401,428-square-foot medical office portfolio. The portfolio sold for $131 million. The portfolio is anchored by the Illinois Bone and Joint Institute (IBJI). All of the properties are located within the Chicago metropolitan area. John Smelter, senior director of Marcus & Millichap’s Healthcare Real Estate Group, along with Scott Niedergang, associate vice president investments, and Gino Lollio, associate vice president investments, represented the seller, a partnership consisting of a local developer and a number of physicians affiliated with IBJI. Smelter, Niedergang and Lollio procured the buyer, a joint venture fund managed by MBRE Healthcare, a Chicago-based full-service real estate company that develops, acquires, leases and manages healthcare real estate across the United States. “The portfolio is 54-percent leased by the non-credit rated IBJI - occupying eight of the nine properties - and they are one of the largest orthopedic groups in the country,” says Smelter. “IBJI has a strong foothold in the Chicagoland market with 20 locations. IBJI’s long-term leases and financial strength allowed us to generate significant interest from private equity, institutions and REITs looking to acquire an extremely stable, institutional-quality investment.” “The sellers did an outstanding job accumulating this portfolio over the years by acquiring, repositioning and developing these buildings for IBJI and the other tenants,” adds Niedergang. “The portfolio is currently 95 percent occupied on triple-net leases, the majority of which call for annual rental escalations ranging from two to three percent. Almost half of the rent roll has 10-plus years remaining. Additionally, many of the properties are strategically positioned in Chicago’s affluent North Shore markets like Wilmette, Glenview, Lincolnwood, Des Plaines and Morton Grove.” “Our company's platform and specialized marketing campaign generated a tremendous amount of activity, but in the end the portfolio was acquired by a well-qualified and experienced local healthcare investment group,” says Lollio. “MBRE Healthcare is the perfect buyer for this offering, as it appreciates the considerable value in owning and managing such a significant healthcare real estate investment in its own backyard.” A few key assets within the portfolio are the 86,503-square-foot, two-story steel and brick medical facility in Morton Grove, Ill.; the 60,500-square-foot Des Plaines, Ill. building; and lastly, the 40,011-square-foot Chicago, Ill. building that has excellent visibility and signage from the Kennedy Expressway (I-90/94). Other tenants in the portfolio include Advocate Health Care, NorthShore University HealthSystem, Resurrection Health Care (Presence Health), Metro Infectious Disease Consultants, and Pain Specialists of Greater Chicago. With nearly 1,500 investment professionals located throughout the United States and Canada, Marcus & Millichap is a leading specialist in commercial real estate investment sales, financing, research and advisory services. Founded in 1971, the firm closed over 7,600 transactions in 2014 with a value of approximately $33.1 billion. The company has perfected a powerful system for marketing properties that combines investment specialization, local market expertise, the industry’s most comprehensive research, state-of-the-art technology, and relationships with the largest pool of qualified investors. To learn more, please visit: www.MarcusMillichap.com