So this is the thing Sessions got right. Drug trafficking is violent. It is violent because courts and other traditional nonviolent means of settling disputes aren’t available to anyone involved...

It’s encouraging that Sessions realizes this. What’s puzzling is how Sessions can (a) acknowledge that black markets cause violence, (b) claim to worry about said violence, and yet (c) work behind the scenes to expand black markets. Sessions not only opposes legalizing drugs, but he also wants to return states that have already legalized recreational marijuana — and who seem to be doing just fine — to the days when marijuana was available only on the black market...

Why does Jeff Sessions want people in Washington, Colorado, and the other states that have legalized marijuana to experience increased violence — violence that he himself acknowledges would be inevitable if he were to get his way? Is it really that important to make it more difficult for people to get high? What for Sessions would be an appropriate “dead bodies”-to-“euphorias prevented” ratio?

For the approximately 52,000 Americans who died of a drug overdose in 2015, drug trafficking was a deadly business.

About 18,000 of those deaths involved prescription opioids, which are legally available. About 8,000 involved benzodiazepines, which are also available legally. Both of those types of drugs are made by pharmaceutical companies, prescribed by doctors and sold by pharmacies. Does Sessions believe those are all inherently violent industries? The Journal of the American Medical Association estimates that 88,000 people die each year from alcohol-related deaths. Does Sessions believe that Anheuser-Busch, Diageo and E & J Gallo run “deadly businesses”? What about the 480,000 people who die each year from smoking? Is tobacco a “deadly business”?

Moreover, there’s solid and mounting evidence that marijuana may be an effective substitute for opioids when it comes to treating pain. States that have legalized marijuana have seen a drop in hospitalizations for opioid addiction and overdose, suggesting that if it’s easily available, people prefer to treat pain with marijuana rather than with opioids. Which means that under Sessions’s preferred policy of pot prohibition, we’d almost certainly see much higher numbers of opioid addiction and overdose deaths.

The Congressional Budget Office has released its analysis of the Senate GOP’s Better Care Reconciliation Act, and it’s a bloodbath. The bill is expected to lead to 15 million fewer people with health insurance by 2018 — and 22 million fewer by 2026.

...

A bit of background is helpful. A “silver plan” is an insurance plan that covers 70 percent of a person’s expected health care costs. Obamacare’s subsidies were designed to make silver plans affordable and to limit out-of-pocket costs. The BCRA cuts Obamacare’s subsidies and designs its own subsidies around plans that cover 58 percent of expected health care costs. Those plans, the CBO estimates, will come with deductibles of around $6,000 — which means they would bankrupt many poor people before they ever got through the deductible.

...

This, then, is what the BRCA actually does: It makes health insurance unaffordable for poor people in order to finance a massive tax cut for rich people.

Ransomware isn't new, but it's increasingly popular and profitable.

The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step-by-step instructions on how to pay, sometimes even offering a help line for victims unsure how to buy bitcoin. The price is designed to be cheap enough for people to pay instead of giving up: a few hundred dollars in many cases. Those who design these systems know their market, and it's a profitable one.

...

The lessons for users are obvious: Keep your system patches up to date and regularly backup your data. This isn't just good advice to defend against ransomware, but good advice in general. But it's becoming obsolete.

Everything is becoming a computer. Your microwave is a computer that makes things hot. Your refrigerator is a computer that keeps things cold. Your car and television, the traffic lights and signals in your city and our national power grid are all computers...

It's only a matter of time before people get messages on their car screens saying that the engine has been disabled and it will cost $200 in bitcoin to turn it back on. Or a similar message on their phones about their Internet-enabled door lock: Pay $100 if you want to get into your house tonight. Or pay far more if they want their embedded heart defibrillator to keep working.

This isn't just theoretical. Researchers have already demonstrated a ransomware attack against smart thermostats, which may sound like a nuisance at first but can cause serious property damage if it's cold enough outside. If the device under attack has no screen, you'll get the message on the smartphone app you control it from.

Hackers don't even have to come up with these ideas on their own; the government agencies whose code was stolen were already doing it. One of the leaked CIA attack tools targets Internet-enabled Samsung smart televisions.

...

These devices will be around for a long time. Unlike our phones and computers, which we replace every few years, cars are expected to last at least a decade. We want our appliances to run for 20 years or more, our thermostats even longer.

What happens when the company that made our smart washing machine -- or just the computer part -- goes out of business, or otherwise decides that they can no longer support older models? WannaCry affected Windows versions as far back as XP, a version that Microsoft no longer supports. The company broke with policy and released a patch for those older systems, but it has both the engineering talent and the money to do so.

That won't happen with low-cost IoT devices.

...

Solutions aren't easy and they're not pretty. The market is not going to fix this unaided. Security is a hard-to-evaluate feature against a possible future threat, and consumers have long rewarded companies that provide easy-to-compare features and a quick time-to-market at its expense. We need to assign liabilities to companies that write insecure software that harms people, and possibly even issue and enforce regulations that require companies to maintain software systems throughout their life cycle. We may need minimum security standards for critical IoT devices. And it would help if the NSA got more involved in securing our information infrastructure and less in keeping it vulnerable so the government can eavesdrop.

I know this all sounds politically impossible right now, but we simply cannot live in a future where everything -- from the things we own to our nation's infrastructure ­-- can be held for ransom by criminals again and again.

Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.

But more important than any of this, we need to better secure our election systems going forward. We have significant vulnerabilities in our voting machines, our voter rolls and registration process, and the vote tabulation systems after the polls close. In January, DHS designated our voting systems as critical national infrastructure, but so far that has been entirely for show. In the United States, we don't have a single integrated election. We have 50-plus individual elections, each with its own rules and its own regulatory authorities. Federal standards that mandate voter-verified paper ballots and post-election auditing would go a long way to secure our voting system. These attacks demonstrate that we need to secure the voter rolls, as well.

Democratic elections serve two purposes. The first is to elect the winner. But the second is to convince the loser. After the votes are all counted, everyone needs to trust that the election was fair and the results accurate. Attacks against our election system, even if they are ultimately ineffective, undermine that trust and ­-- by extension ­-- our democracy. Yes, fixing this will be expensive. Yes, it will require federal action in what's historically been state-run systems. But as a country, we have no other option.

The world is filled with information in various shades or right and wrong. I highly recommend reading through the list of techniques for evaluating it. The first couple:

Recognize that bullshitters are different from liars, and be alert for both. To paraphrase the philosopher Harry Frankfurt, the liar knows the truth and leads others away from it; the bullshitter either doesn’t know the truth or doesn’t care about it, and is most interested in showing off his or her advantages.

Upon encountering a piece of information, in any form, ask, “Who is telling me this? How does he or she know it? What is he or she trying to sell me?” (Journalists have their own versions of these questions.) If you’d ask it at a car dealership, West suggested to the students, you should ask it online, too.

And one of my favorite:

Remember that if a data-based claim seems too good to be true, it probably is. Conclusions that dramatically confirm your personal opinions or experiences should be especially suspect...

We are moving toward a world where privacy may not exist, and security will be incredibly difficult. More of us need to be involved in the debate on how technology may be changing society, and what we should do about it. Bruce Schneier, quoted in full:

LyreBird is a system that can accurately reproduce the voice of someone, given a large amount of sample inputs. It's pretty good -- listen to the demo here -- and will only get better over time.

The applications for recorded-voice forgeries are obvious, but I think the larger security risk will be real-time forgery. Imagine the social engineering implications of an attacker on the telephone being able to impersonate someone the victim knows.

I don't think we're ready for this. We use people's voices to authenticate them all the time, in all sorts of different ways.

We've always been subject to propaganda from state and private powers, but now it's faster, in some ways more subtle... and potentially easier to study and counteract, because of the kinds and amount of data which big social networking companies now own. The author argues for Facebook to become more involved in countering other countries' interference, which is an admirable goal, though difficult to see how that might work for a company which wants to be friendly with every country in the world.

And it raises another issue we should all be watching very carefully: every change Facebook makes to what we see in our feeds significantly impacts what our society talks about. In fact, Facebook's released studies of how it can change people's moods. So what's Facebook's (and other social networks') responsibilities to the rest of society, and how do we ensure they're not abusing their power?