Uber and Barclays team up to compete in U.S. card rewards war

(Reuters) – Uber Technologies Inc and a unit of Barclays plc are teaming up to offer a rewards-enriched credit card in the United States through the ride-service company’s mobile phone app.

FILE PHOTO: An Uber sign is seen in a car in New York, U.S. June 30, 2015. REUTERS/Eduardo Munoz/File Photo

Uber and bank officials said on Wednesday the card will be free and offer a $ 100 starting bonus, plus an annual $ 50 credit on digital subscription services, such as Netflix. It would also offer cash back on spending, including 4 percent for dining, 3 percent for airfare and 2 percent for Uber rides and many other online transactions.

Curt Hess, chief executive officer of Barclaycard US, said the Uber card spending rewards were set high to attract customers and encourage them to favor it ahead of other cards that they may have.

“Given that it is no-fee, it has some of the best reward points out there,” said Hess.

Barclays’ Uber offer is another gambit in the post-financial crisis bidding between credit card issuers for customers who will bring in transaction fees from merchants and pay to borrow at interest rates upwards of 15 percent.

Citigroup Inc, for example, has attracted customers with its no-fee Double Cash card which pays 2 percent back on all purchases. And, JPMorgan Chase & Co has challenged American Express Co for people willing to lay out annual fees of $ 450 or more in exchange for rich rewards and travel perks.

FILE PHOTO – A Barclays bank building is seen at Canary Wharf in London, Britain May 17, 2017. REUTERS/Stefan Wermuth/File Photo

With the Uber deal, Barclays gets to pitch directly to potential new card customers using the ride service app.

Hess said he expected the offers to be more effective than sending promotions through the mail and asking people to fill out applications with basic information that they have already put into the Uber app.

Uber will not offset Barclays’ costs to attract customers, Hess said.

Barclays is the ninth biggest card issuer in the United States by spending volume and outstanding balances, according to The Nilson Report.

The card is first under the Uber name. It comes out on Nov. 2.

Judy Zhu, an Uber business development executive, said the card was a way to encourage customers to use Uber for more than rides.

“We are really starting to think about how to connect Uber to the things you are doing before and after riding,” Zhu said.

Reporting by David Henry in New York

Our Standards:The Thomson Reuters Trust Principles.

Tech

Distrustful U.S. allies force spy agency to back down in encryption row

SAN FRANCISCO (Reuters) – An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

The NSA has now agreed to drop all but the most powerful versions of the techniques – those least likely to be vulnerable to hacks – to address the concerns.

The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck.

The U.S. delegation to the ISO on encryption issues includes a handful of NSA officials, though it is controlled by an American standards body, the American National Standards Institute (ANSI).

The presence of the NSA officials and former NSA contractor Edward Snowden’s revelations about the agency’s penetration of global electronic systems have made a number of delegates suspicious of the U.S. delegation’s motives, according to interviews with a dozen current and former delegates.

A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions stem largely from internal NSA documents disclosed by Snowden that showed the agency had previously plotted to manipulate standards and promote technology it could penetrate. Budget documents, for example, sought funding to “insert vulnerabilities into commercial encryption systems.”

More than a dozen of the experts involved in the approval process for Simon and Speck feared that if the NSA was able to crack the encryption techniques, it would gain a “back door” into coded transmissions, according to the interviews and emails and other documents seen by Reuters.

“I don’t trust the designers,” Israeli delegate Orr Dunkelman, a computer science professor at the University of Haifa, told Reuters, citing Snowden’s papers. “There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”

The NSA, which does not confirm the authenticity of any Snowden documents, told Reuters it developed the new encryption tools to protect sensitive U.S. government computer and communications equipment without requiring a lot of computer processing power.

NSA officials said via email they want commercial technology companies that sell to the government to use the techniques, and that is more likely to happen when they have been designated a global standard by the ISO.

Asked if it could beat Simon and Speck encryption, the NSA officials said: “We firmly believe they are secure.”

THE CASE OF THE DUAL ELLIPTIC CURVE

ISO, an independent organization with delegations from 162 member countries, sets standards on everything from medical packaging to road signs. Its working groups can spend years picking best practices and technologies for an ISO seal of approval.

As the fight over Simon and Speck played out, the ISO twice voted to delay the multi-stage process of approving them.

In oral and written comments, opponents cited the lack of peer-reviewed publication by the creators, the absence of industry adoption or a clear need for the new ciphers, and the partial success of academics in showing their weaknesses.

Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.

ISO’s approval of Dual EC was considered a success inside the agency, according to documents passed by Snowden to the founders of the online news site The Intercept, which made them available to Reuters. The documents said the agency guided the Dual EC proposal through four ISO meetings until it emerged as a standard.

In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $ 10 million to include Dual EC in a software development kit that was used by programmers around the world.

The ISO and other standards groups subsequently retracted their endorsements of Dual EC. The NSA declined to discuss it.

In the case of Simon and Speck, the NSA says the formulas are needed for defensive purposes. But the official who led the now-disbanded NSA division responsible for defense, known as the Information Assurance Directorate, said his unit did not develop Simon and Speck.

“There are probably some legitimate questions around whether these ciphers are actually needed,” said Curtis Dukes, who retired earlier this year. Similar encryption techniques already exist, and the need for new ones is theoretical, he said.

ANSI, the body that leads the U.S. delegation to the ISO, said it had simply forwarded the NSA proposals to the organization and had not endorsed them.

FROM JAIPUR TO HAMILTON

When the United States first introduced Simon and Speck as a proposed ISO standard in 2014, experts from several countries expressed reservations, said Shin’ichiro Matsuo, the head of the Japanese encryption delegation.

Some delegates had no objection. Chris Mitchell, a member of the British delegation, said he supported Simon and Speck, noting that “no one has succeeded in breaking the algorithms.” He acknowledged, though, that after the Dual EC revelations, “trust, particularly for U.S. government participants in standardization, is now non-existent.”

At a meeting in Jaipur, India, in October 2015, NSA officials in the American delegation pushed back against critics, questioning their expertise, witnesses said.

A German delegate at the Jaipur talks, Christian Wenzel-Benner, subsequently sent an email seeking support from dozens of cryptographers. He wrote that all seven German experts were “very concerned” about Simon and Speck.

“How can we expect companies and citizens to use security algorithms from ISO standards if those algorithms come from a source that has compromised security-related ISO standards just a few years ago?” Wenzel-Benner asked.

Such views helped delay Simon and Speck again, delegates said. But the Americans kept pushing, and at an October 2016 meeting in Abu Dhabi, a majority of individual delegates approved the techniques, moving them up to a country-by-country vote.

There, the proposal fell one vote short of the required two-thirds majority.

Finally, at a March 2017 meeting in Hamilton, New Zealand, the Americans distributed a 22-page explanation of its design and a summary of attempts to break them – the sort of paper that formed part of what delegates had been seeking since 2014.

Simon and Speck, aimed respectively at hardware and software, each have robust versions and more “lightweight” variants. The Americans agreed in Hamilton to compromise and dropped the most lightweight versions.

Opponents saw that as a major if partial victory, and it paved the way to compromise. In another nation-by-nation poll last month, the sturdiest versions advanced to the final stage of the approval process, again by a single vote, with Japan, Germany and Israel remaining opposed. A final vote takes place in February.

Reporting by Joseph Menn; Editing by Jonathan Weber and Ross Colvin

Our Standards:The Thomson Reuters Trust Principles.

Tech

Why the U.S. should give tax breaks to cloud adopters

To promote the use of cloud computing by small businesses in India, the Indian government is planning to introduce a subsidy for cloud usage. The hope is that the use of the cloud will make small businesses more successful, thus increasing both employment and tax revenues to the government.

In the United States we see the opposite approach, with the government more interested in taxing cloud computing than promoting its use.   

Subsidies or not, the cloud does make it easier to start a small business because it makes IT resources both affordable and available. Before the cloud, those resources could cost millions of dollars.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing

EU prepares to raise Privacy Shield over data transfers to U.S.

European Union officials are set to give final approval to a new EU-U.S. data transfer agreement early next week, after member states gave their approval to an updated text on Friday.

Privacy Shield is intended to replace the Safe Harbor Agreement as a means to legalize the transfer of EU citizens’ personal information to the U.S. while still respecting EU privacy laws.

A new deal is needed because the Court of Justice of the EU invalidated the Safe Harbor Agreement last October, concerned that it provided Europeans with insufficient protection from state surveillance when companies exported their personal data to the U.S. for processing.

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

EU prepares to raise Privacy Shield over data transfers to U.S.

European Union officials are set to give final approval to a new EU-U.S. data transfer agreement early next week, after member states gave their approval to an updated text on Friday.

Privacy Shield is intended to replace the Safe Harbor Agreement as a means to legalize the transfer of EU citizens’ personal information to the U.S. while still respecting EU privacy laws.

A new deal is needed because the Court of Justice of the EU invalidated the Safe Harbor Agreement last October, concerned that it provided Europeans with insufficient protection from state surveillance when companies exported their personal data to the U.S. for processing.

The first draft of Privacy Shield agreement presented by the European Commission in January lacked key assurances from U.S. officials on the same matters that had concerned the CJEU about Safe Harbor.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Cloud will make U.S. immigration agency more agile

Improving the delivery of services to citizens has been one of the driving goals of government IT reform, in particular as consumers seek out more services through agency websites or applications.

At the U.S. Citizenship and Immigration Services (CIS), a unit of the Department of Homeland Security, CIO Mark Schwartz is helping lead an overhaul of the way the agency approaches software and application development

[ Related: Government wants to increase IT spending 13% in proposed budget ]

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

IDG Contributor Network: U.S. Postal Service will scan your mail and email you images before delivering

Who else has ambled down to the mailbox only to find it full of junk, or disappointingly devoid of eBay purchases?

I have, and although I enjoy the chance for a gasp of fresh air after an electron-infested session at the computer, the sojourn can often be a bit of a waste of time.

That may be about to change, though.

The U.S. Postal Service has caught on to this often-failed, bizarre ritual for possibly millions of people each day, and is now sending scanned images of the actual mail pieces as it processes them to some customers’ inboxes.

Those customers can see the outside of the actual items being delivered before they make it to the mailbox.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing