Schneider’s EVLink car charging stations were easily hackable, thanks to a hardcoded password

Schneider has fixed three vulnerabilities in one of its popular electric car charging stations, which security researchers said could have easily allowed an attacker to remotely take over the unit.

At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a “denial-of-service state,” an attack favored by some threat actors as it’s an effective way of forcing something to stop working.

The bugs were fixed with a software update that rolled out on September 2 shortly after the bugs were first disclosed, and limited details of the bugs were revealed in a supporting document on December 20. Now, a fuller picture of the vulnerabilities, found by New York-based security firm Positive Technologies, were released today — almost a month later.

Schneider’s EVLink charging stations come in all shapes and sizes — some for the garage wall and some at gas stations. It’s the charging stations at offices, hotels, shopping malls and parking garages that are vulnerable, said Positive.

At the center of Positive’s disclosure is Schneider’s EVLink Parking electric charging stations, one of several charging products that Schneider sells, and primarily marketed to apartment complexes, private parking area, offices and municipalities. These charging stations are, like others, designed for all-electric and plug-in hybrid electric vehicles — including Teslas, which have their own proprietary connector.

Because the EVLink Parking station can be connected to Schneider’s cloud with internet connectivity, either over a cell or a broadband connection, Positive said that the web-based user interface on the charging unit can be remotely accessed by anyone and easily send commands to the charging station — even while it’s in use.

“A hacker can stop the charging process, switch the device to the reservation mode, which would render it inaccessible to any customer until reservation mode is turned off, and even unlock the cable during the charging by manipulating the socket locking hatch, meaning attackers could walk away with the cable,” said Positive.

“For electric car drivers, this means not being able to use their vehicles since they cannot be charged,” it said.

Positive didn’t say what the since-removed password was, but, given the curiosity, we asked and will update when we hear back.

The researchers Vladimir Kononovich and Vyacheslav Moskvin also found two other bugs that gives an attacker full access over a device — a code injection flaw and an SQL injection vulnerability. Both were fixed in the same software update.

Schneider did not respond to a request for comment. If that changes, we’ll update.

Additional reporting: Kirsten Korosec.

Flexit lets you pay for gym time on demand

A new company called Flexit lets you pay for gym time by the minute, allowing you to walk into a nearby gym when you’re traveling, for example, and slam out thirty minutes of sweet glute action before dinner. The service is like Uber for gyms in that you only pay for the time you are inside the gym and you don’t need to pay monthly fees or a flat rate per visit.

Created by Michael Rojas, the co-CEO of Iron Grip Barbell Company, the service already has 400 gyms in the United States and plans to expand over the next year. They’ve raised $750,000 in notes.

The company launched today.

“FlexIt’s corporate team has superior industry reach, best-in-class technology and a concept unlike that of its competition,” said CEO Austin Cohen. “FlexIt’s corporate team has deep industry experience in fitness sales and marketing, fitness club ownership, and early-stage venture and venture capital aspects of the business. It’s relationships with C-level leaders at the largest gym chains in the country provide FlexIt with industry insights and access to best position it for success. These relationships have resulted in FlexIt having on-boarded a meaningful club base at a faster rate than any of the competition.”

The fact that Rojas has been selling barbells to gyms for 26 years definitely helped them scale up and the company has gyms in New York, DC, New Jersey, and Illinois as well as three other markets. They are launching an eighth market in two weeks.

Rojas has found that most modern gyms are amenable to the idea and they’re offering everything from classes to personal training via the app. Because it is paid by the minute they also get interesting new data that traditional gym membership plans don’t offer.

“Consumers seek more choice and control over how, when and where they consume, FlexIt is the logical solution to this pain point in the fitness space,” he said.

The Yule Log Channel

My aunt and uncle lived up the hill from Martins Ferry, Ohio, high above the river. My uncle ran a used car lot – Snezek’s – and so it was understood that they had a little bit of money and a bigger house than the rest of the family in the Valley.

We would drive there every year at Christmas, first the two and a half hours to Martins Ferry, a pit-stop at my grandmothers, and then a drive up the woods that covered the winding upper roads like a dark cloud. These were family gatherings before distractions, before everyone carried their lives with them in their pocket, so you had to prepare.

I always brought a few books or some Christmas presents to play with. One year I brought my entire Dungeons & Dragons set in an effort to learn how to play – even though I had no one to play with.

We’d shiver in the backseat as we wound through up the hill. House windows faced us, candles aglow. White glowing reindeer and sleighs peeked between pines. At the house we’d coast into the driveway and hop out into the crystalline cold. A few steps more and we would be warm.

Walking into the that house through door next to the garage, into the warmth of a home fired with cooking and laughter, is one of my fondest memories. The family made pierogi and lasagna, two staples in the pot-luck rotation of those old coal and steel towns. There would be plates of cookies and plenty of ginger ale and Buckeyes, the best candy on earth. There were jars of pretzels and nuts here and there, a sprinkling of gumdrops or hard candy for the old folks. There was fried chicken someone made and wedding soup my mother made. As you walked into that warm place you heard the clack of billiard balls and the roar of the game in the other room. My dad cracked a beer. I got kissed by my aunts a few times and then hid, perhaps in a corner or maybe upstairs by their big tree in a darkened room lit only by a fire roaring on a tube television.

That was the height of interactivity, then: a live fire on TV (or, more likely, a looped fire.) You imagined what it must be like on the other end of that picture, how much technology you needed to make something so primal and imperative appear on a glass tube. It was as if we had traversed space into a strange craft outfitted with the comforts of home and none of the discomforts. Nestled on the couch, the TV crackling, you were on a space station and safe, a self-sufficient place where memories of cold were far distant.

They aired the first Yule log in 1966 from New York’s Gracie Mansion. By the time I was watching it it had been around for twenty years. It was a holdover from the early days of broadcast, from the days when the air was dead if there was no one to play in front of the cameras. In a few years the tradition would vanish but in 2001, in the wake of 9/11, it came back, a reminder of simpler times.

There was something about it that could change your outlook. A distant roaring fire was almost as good as one in the house and far less work. I’d curl up, read, and nod off, the voices of the adults below lulling me to sleep.

Now we carry things that burn brightly in our pockets. We don’t need these camera tricks to see fires everywhere. We don’t curl up to the magnet hum of a cathode ray tube and the tinny crackle and pop of facsimile logs. We’re beyond that.

Maybe we aren’t, though. Maybe there’s still a warm place, the umbilicus to get there a crystalline moment between the backseat of car and warm basement rec room. And maybe upstairs there’s a dozing kid watching the last drops of Christmas burn away into the country dark.

I think there still is. I hope there still is.

Merry Christmas.

SEC slaps startups Wealthfront and Hedgeable with fines for making false disclosures

The Securities and Exchange Commission appears to be keeping a close eye on financial services startups, with today’s news that the agency has settled cases with two robo-advisory companies over allegations that they misled investors.

Wealthfront Advisers, one of the darlings of the fintech investment sector with $11 billion under management and roughly $200 million in venture capital backing, was fined $250,000 for making false statements to investors about one of its newer automated financial services products. The company consented to the SEC’s censure without confirming or denying the SEC’s claims.

The SEC also fined New York-based startup Hedgeable, a company with $81 million in assets under management, for inflating performance figures for its service. Hedgeable also agreed to the SEC’s censure order without confirming or denying any wrongdoing.

“Technology is rapidly changing the way investment advisers are able to advertise and deliver their services to clients,” said C. Dabney O’Riordan, Chief of the SEC Enforcement Division’s Asset Management Unit, in a statement.  “Regardless of their format, however, all advisers must take seriously their obligations to comply with the securities laws, which were put in place to protect investors.”

The charges against Redwood City, Calif.-based Wealthfront Advisers stems from alleged false statements the company made about a tax-loss harvesting strategy that the company offered to its clients.

Wealthfront told its customers that it would look for transactions in its automated service that might trigger a “wash sale” — which has tax implications and can limit the benefits of a tax-harvesting strategy.

According to the SEC, the company actually failed to monitor the accounts accurately and roughly 31% of Wealthfront account holders enrolled in the tax harvesting strategy were subject to penalties associated with wash sales.

Additionally the company promoted prohibited client testimonials and paid bloggers for client referrals without disclosing and documenting the payments. The company also failed to maintain appropriate compliance programs designed to prevent violations of securities laws, according to the SEC.

Wealthfront issued the following statement about the SEC action:

“We take our regulatory duties seriously at Wealthfront and are happy to have reached a settlement with the SEC. The settlement order addressed Wealthfront’s retweets of clients’ positive tweets from our corporate account and compensation to some bloggers for client referrals without proper disclosures.

Additionally, Wealthfront did not have proper disclosure in its tax-loss harvesting whitepaper concerning monitoring for any and all wash sales that could occur in client accounts.

For example, a wash sale can be triggered by infrequent events outside of tax-loss harvesting trading including a client changing their risk score or a withdrawal. During the period January 1, 2014 to December 31, 2016, wash sales made up approximately 2.3% of tax losses harvested for the benefit of clients. Therefore the average Wealthfront client received 5.67% in total annual harvesting yield versus 5.8%.”

At Hedgeable, another, much smaller robo-advisor, the SEC found that the company had manipulated results it reported to the public by cherry-picking the best-performing accounts it managed. Hedgeable then compared these rates of return with figures that were not based on its competitors training models to skew results in its favor. The company also lacked proper compliance programs that would prevent the company from violating securities laws. 

These penalties follow a crackdown that the SEC imposed on cryptocurrency companies that were also illegally promoting themselves via social media channels and famous influencers like DJ Khaled and Floyd Mayweather.

While Wealthfront and Hedgeable are real companies offering tangible services (unlike many of the obviously fraudulent cryptocurrency schemes that the SEC has been monitoring), the SEC investigations coupled with the botched rollout of brokerage accounts from the free trading service, Robinhood, show that even viable fintech companies are under the regulatory microscope.

As these services become more popular and their assets under management continue to grow, they may find that more regulators will be knocking at startups doors.

Equifax, Western Union, Priceline settle with New York attorney general over insecure mobile apps

New York’s attorney general has settled with five tech and financial giants, requiring each company to implement basic security on their mobile apps.

The settlements force Credit Sesame, Equifax (yes, that Equifax), Priceline, Spark Networks and Western Union to ensure data sent between the app and their servers are encrypted. Specifically, the attorney general said their apps “could have allowed sensitive information entered by users — such as passwords, social security numbers, credit card numbers, and bank account numbers — to be intercepted by eavesdroppers employing simple and well-publicized techniques.”

In other words, their mobile apps “all failed” to properly roll out and implement HTTPS, one of the barest minimum security measures in any modern app’s security.

HTTPS certificates (also known as SSL/TLS certificates) encrypt data between a device, like your phone or computer, and a website or app server, ensuring any sensitive data, like credit card numbers or passwords, can’t be intercepted as it travels over the internet — whether that’s someone on the same coffee shop Wi-Fi network or your nearest federal intelligence agency.

These certificates are more common than ever, not least because when they’re not incredibly cheap, they’re completely free — and most modern browsers these days will bluntly tell you when a website is “not secure.” Apps are no different, but without a green padlock in your browser window, there’s often very little to know for sure on the face of it that your data is traversing the internet securely.

At least, with financial, banking and dating apps — you’d just assume, right? Bzzt, wrong.

“Although each company represented to users that it used reasonable security measures to protect their information, the companies failed to sufficiently test whether their mobile apps had this vulnerability,” the office of attorney general Barbara Underwood said in a statement. “Today’s settlements require each company to implement comprehensive security programs to protect user information.”

The apps were picked out after an extensive batch of app testing in an effort to find security issues before incidents happen. Underwood’s office follows in the footsteps of federal enforcement in recent years by the Federal Trade Commission, which brought action against several app makers — including Credit Karma and Fandango — for failing to properly implement HTTPS certificates.

In taking action, the attorney general gets to keep closer tabs on the companies going forward to make sure they’re not flouting their data security responsibilities.

Apple plans major US expansion including a new $1 billion campus in Austin

Apple has announced a major expansion that will see it open a new campus in North Austin and open new offices in Seattle, San Diego and Los Angeles as it bids to increase its workforce in the U.S. The firm said it intends also to significantly expand its presence in Pittsburgh, New York and Boulder, Colorado over the next three years.

The Austin campus alone will cost the company $1 billion, but Apple said that the 133-acre space will generate an initial 5,000 jobs across a broad range of roles with the potential to add 10,000 more. The company claims to have 6,200 employees in Austin — its largest enclave outside of Cupertino — and it said that the addition of these new roles will make it the largest private employer in the city.

Beyond a lot of new faces, the new campus will include more than 50 acres of open space and — as is standard with Apple’s operations these days — it will run entirely on renewable energy.

Apple already has 6,200 employees in Austin, but its new campus could add up to 15,000 more

The investment was lauded by Texas Governor Greg Abbott.

“Their decision to expand operations in our state is a testament to the high-quality workforce and unmatched economic environment that Texas offers. I thank Apple for this tremendous investment in Texas, and I look forward to building upon our strong partnership to create an even brighter future for the Lone Star State,” he said in a statement shared by Apple.

But Austin isn’t the only focal point for Apple growth in the U.S.

Outside of the Austin development, the iPhone-maker plans to expand to over 1,000 staff Seattle, San Diego and LA over the next three years, while adding “hundreds” of staff in Pittsburgh, New York, Boulder, Boston and Portland, Oregon.

More broadly, Apple said it added 6,000 jobs to its U.S. workforce this year to take its total in the country to 90,000. It said it remains on track to create 20,000 new jobs in the U.S. by 2023.

Rudy Giuliani, a Trump cybersecurity adviser, doesn’t understand the internet

Welcome back to the latest edition of politicians don’t get technology! Our latest guest is Rudy Giuliani, former New York mayor and current cybersecurity adviser to President Trump.

Rudy Giuliani doesn’t understand Twitter or the internet.

It’s embarrassing enough that Giuliani inadvertently tweeted a link to a website criticizing Trump, but now he is doubling down on cyberstupidity by claiming that “someone to invade my text with a disgusting anti-President message.”

Ignorant as to what had happened, he latched on to apparent anti-Republican bias within Twitter, a theme that Trump and other Republicans have pushed despite no evidence.

“Don’t tell me they are not committed cardcarrying anti-Trumpers,” added Giuliani, who — we repeat — is a cybersecurity adviser to the White House .

The explanation is quite simple.

Giuliani’s original tweet on November 30 (above) didn’t contain a period between sentences, which created a hyperlink to G-20.in. An eagle-eyed member of the public — named by the BBC as Atlanta-based marketing director Jason Velazquez — clicked through the link and, finding that it was blank, quickly registered the domain and created a website carrying the “a disgusting anti-President message” that Giuliani referred to.

The G-20.in website that appears in Giuliani’s tweet

“When I realised that the URL was available, my heart began to race a bit. I remember thinking: ‘This guy — Giuliani — has no idea,'” Velazquez told the BBC. “I quickly upload my files, tweeted about what I had done, and left my apartment.”

The tweet itself was well-covered by media, but Giuliani absurd return to the topic has given the site even more coverage.

Both of Giuliani’s tweets remain online and undeleted — as of 22:40 PST — but, in the positive count, it does appear that he has figured out how to create Twitter threads by replying to previous tweets.

This incident follows another moment of Twitter-based comedy from Giuliani when he sent a curious message following news that Trump’s ex-attorney Michael Cohen had made a plea agreement.

That tweet recalled Trump’s own ‘covfefe’ typo last year.

Oath agrees to pay $5M to settle charges it violated children’s privacy

TechCrunch’s Verizon-owned parent, Oath, an ad tech division made from the merging of AOL and Yahoo, has agreed to pay around $5 million to settle charges that it violated a federal children’s privacy law.

The penalty is said to be the largest ever issued under COPPA.

The New York Times reported the story yesterday, saying the settlement will be announced by the New York attorney general’s office today.

At the time of writing the AG’s office could not be reached for comment.

We reached out to Oath with a number of questions about this privacy failure. But a spokesman did not engage with any of them directly — emailing a short statement instead, in which it writes: “We are pleased to see this matter resolved and remain wholly committed to protecting children’s privacy online.”

The spokesman also did not confirm nor dispute the contents of the NYT report.

According to the newspaper, which cites the as-yet unpublished settlement documents, AOL, via its ad exchange, helped place adverts on hundreds of websites that it knew were targeted at children under 13 — such as Roblox.com and Sweetyhigh.com.

The ads were placed used children’s personal data, including cookies and geolocation, which the attorney general’s office said violated the Children’s Online Privacy Protection Act (COPPA) of 1998.

The NYT quotes attorney general, Barbara D. Underwood, describing AOL’s actions as “flagrantly” in violation of COPPA.

The $5M fine for Oath comes at a time when scrutiny is being dialled up on online privacy and ad tech generally, and around kids’ data specifically — with rising concern about how children are being tracked and ‘datafied’ online.

Earlier this year, a coalition of child advocacy, consumer and privacy groups in the US filed a complaint with the FTC asking it to investigate Google-owned YouTube over COPPA violations — arguing that while the site’s terms claim it’s aimed at children older than 13 content on YouTube is clearly targeting younger children, including by hosting cartoon videos, nursery rhymes, and toy ads.

COPPA requires that companies provide direct notice to parents and verifiable consent parents before collecting under 13’s information online.

Consent must also be sought for using or disclosing personal data from children. Or indeed for targeting kids with adverts linked to what they do online.

Personal data under COPPA includes persistent identifiers (such as cookies) and geolocation information, as well as data such as real names or screen names.

In the case of Oath, the NYT reports that even though AOL’s policies technically prohibited the use of its display ad exchange to auction ad space on kids’ websites, the company did so anyway —  citing settlement documents covering the ad tech firm’s practices between October 2015 and February 2017.

According to these documents, an account manager for AOL in New York repeatedly — and erroneously — told a client, Playwire Media (which represents children’s websites such as Roblox.com), that AOL’s ad exchange could be used to sell ad space while complying with Coppa.

Playwire then used the exchange to place more than a billion ads on space that should have been covered by Coppa, the newspaper adds.

The paper also reports that AOL (via Advertising.com) also bought ad space on websites flagged as COPPA-covered from other ad exchanges.

It says Oath has since introduced technology to identify when ad space is deemed to be covered by Coppa and ‘adjust its practices’ accordingly — again citing the settlement documents.

As part of the settlement the ad tech division of Verizon has agreed to create a COPPA compliance program, to be overseen by a dedicated executive or officer; and to provide annual training on COPPA compliance to account managers and other employees who work with ads on kids’ websites.

Oath also agreed to destroy personal information it has collected from children.

It’s not clear whether the censured practices ended in February 2017 or continued until more recently. We asked Oath for clarification but it did not respond to the question.

It’s also not clear whether AOL was also tracking and targeting adverts at children in the EU. If Oath was doing so but stopped before May 25 this year it should avoid the possibility of any penalty under Europe’s tough new privacy framework, GDPR, which came into force in May this year — beefing up protection around children’s data by setting a cap of between 16- and 13-years-old for children being able to consent to their own data being processed.

GDPR also steeply hikes penalties for privacy violations (up to a maximum of 4% of global annual turnover).

Prior to the regulation a European data protection directive was in force across the bloc but it’s GDPR that has strengthened protections in this area with the new provision on children’s data.

Lies, damn lies, and HQ2

There are few things certain in our world except for the uplifting tendencies of technology. I’ve spent the past few years trying to prove this to myself, at least, by interviewing hundreds of thinkers on the topic. I’ve come to a singular conclusion: when tech moves into a city, be it an iOS dev shop or a robotic facility for making widgets, things change primarily for the better. Given the recent rush to gain 25,000 or so jobs from Amazon’s HQ2 and the subsequent grumbling by cities passed over, it is difficult to refute this, but I’d like explore it.

Many cities have gained from tech, both historically and recently. Pittsburgh, for example, had a plan to become a tech city back in the early 1990s after seeing the value coming out of Carnegie Mellon and the other universities in town. Anecdotally, Pittsburgh remained a fairly depressed steel town until at least 2000. I recall walking on CMU’s campus one weekend, long after my graduation in 1997, and marveling at how the small school had blossomed thanks to an influx of tech money. Next to halls named after dead and gone thinkers and makers was the Gates building, built with the largesse of the biggest tech maker in recent history. Then Uber moved in and all hell broke loose. In 19997 the Lawrenceville neighborhood was a rundown riverfront redoubt full of brown fields and finely-made hovels. Then Uber landed there. Now it’s become the hub for multiple research and tech companies and the neighborhood has blossomed, even rating it’s own corporation and team of boosters who invite you to dine in a spot once associated with dive bars and non-ironic pierogi. A few weeks ago I enjoyed Nashville hot chicken and Manhattans in what was once a funeral home for steel workers.

In short, having tech brings about what Richard Florida called the “creative class.” This group of makers, be they chefs, artists, coders, or engineers, all come to a place and almost inevitably improve it. In some cases this creative class is disparate, spreading throughout a city like a symbiotic fungus. In other places they are centered in a single neighborhood, working their magic from the core out. I’ve seen this in many places but none more clearly than in Toledo, Ohio or Flint, Michigan where a small core of artists are working mightily to turn a city in ruin into a place to live.

And I understand that all is not rosy in the world urban growth. Uber drivers in creative-classed cities are usually people displaced from their cheap rents by rich hipsters. As a friend noted, when you gentrify a place where to those who cannot afford artisanal kombucha, let alone the rent, go? They are either thrust into the suburbs – an irony that should give cities like Grosse-Point-ringed Detroit pause – or they vanish from view even though they exist in plain sight. Nowhere is this clearer then in the refuse-strewn streets of San Francisco.

Yet cities with deep, systemic problems still debase themselves to get tech jobs. They offer tax abatements, $1 land leases, and produce cloying videos to prove that they, alone, are the hardest working of the bunch. The first and most galling effort appeared when Foxconn, a massive manufacturing company, promised to land like an alien invasion force in rural Wisconsin. The idea there was simple: Foxconn wanted tax cuts in exchange for “creating” “jobs” – scare quotes in both cases necessary. As it had in Brazil before, Foxconn promised more than it could ever deliver. From a previous report:

Foxconn has created only a small fraction of the 100,000 jobs that the government projected, and most of the work is in low-skill assembly. There is little sign that it has catalyzed Brazil’s technology sector or created much of a local supply chain.

Manufacturing jobs are not tech jobs. In the end these true manufacturing jobs will end up going to countries with historically cheap labor pools and Foxconn will use its tax breaks to build a facilities in the US to help it abate future cross-border taxes. The jobs that it will create will be done by robots and only the smartest in these rural counties will get jobs… watching robot arms lift flatscreens off of an assembly line for years. Gone are the days of ubiquitous middle class manufacturing jobs and they will never come back. The sooner the heartland accepts this the better.

So cities turn to true tech. Cities know that tech helps and they bow to its captains of industry. But why won’t tech help cities?

Tech companies reduce inefficiencies. Self-driving car companies are aimed at reducing the number of inefficient truckers on the road. Drone companies are aimed at reducing the number of inefficient postal carriers on the sidewalk. And always-on audio assistants and smart devices are there to reduce our dependence on nearly every facet of a local ecosystem including the local weatherperson, the chef with an empty restaurant but hundreds of Seamless orders, and the local cinema. They know that when they land in a place they take over, much like Wal-Mart did in its early heyday. The benefits of this takeover are myriad but the erosion of culture they bring is catastrophic. Yet mayors still don silly hats and dance a merry jig to get them to move to their blighted areas. After all, it’s far easier than actually doing something.

The answer for cities, then, is to build from within. Pittsburgh didn’t get Uber because it prayed for that rude beast to stalk its shores. It got Uber because it built one of the best robotics programs in the country. Denver and Boulder aren’t tech hubs because they gave anyone a massive abatement. They became tech hubs because they became places that techies wanted to congregate and they built networks of technologists who left their cubicles on a weekly basis and met for lunch. That’s right: in many cases, all it takes for a tech scene to thrive is for the CTOs of all the major organizations to meet over curry. The network effects created by this are manifold. In fact, some of the biggest complaints I heard in many cities was that the CTOs of corporations who called those cities home – Chase Bank, GrubHub, etc. – rarely stepped out of their carefully manicured cubicle farms. An ecosystem cannot thrive if its most successful hide. Just ask Detroit.

Cities must subsidize creative districts, not creative destruction. Cities must woo technologists with a network of rich angels, not bribery. Cities must prepare for a future that doesn’t yet exist and hope that some behemoth will find a home there. Otherwise they’re sunk.

This sort of forward thinking is done in dribs and drabs across the country. Every city has its accelerators full of potential failure. These companies quickly discover that without seed capital, St. Louis or Chicago might as well be the Death Valley. Detroit has worked hard to create a startup culture and it seems to be working but in many cases these startups are folded, Borg-like into Quicken Loans and cannot stand on their own. The south is stuck in energy production and invests little in things that would draw technologists to the beautiful cities along the coast.

Maybe this is because startups make no money. Maybe this is because innovation is expensive. And maybe the lack of long-term strategy exists because mayoral staffs turn over so quickly in these convoluted times. These are valid excuses but woe betide the city that clings to them.

New York and Virginia got HQ2 because their cultures are mercenary at worst and transient at best. They already knew the hard bargain of technology versus culture and were willing to make the deal. The tens of thousands of folks who will walk through Amazon’s doors on the first day will change Long Island City for the better and no other city will claim those benefits (and detriments.) Tech is a business. It doesn’t care where it lands as long as there are enough college-educated behinds to sit on blue inflatable desk balls and enough mouths to drink free nitro coffee. It bypasses places that are seemingly entrenched in political infighting and failed innovation and it will continue to do so until cities do for themselves what Amazon will never do: future-proof their place in the world and create a place for generations to grow and change.

 

Photo by Michael Browning on Unsplash

New York politicians push back on Amazon HQ2 plans

Amazon’s HQ2 process was bound to polarize (though I do enjoy a good dueling op-ed on these pages) no matter how it landed. But the decision to set up shop in New York City is likely ruffling more feathers than just about any other possible outcome.

As a resident of neighboring Astoria, Queens, the less I say about the matter the better — I’m going to assume you didn’t click on this story to read five paragraphs of me complaining about the N train and my rent.I will say I haven’t spoken to too many fellow NYC residents who are excited about the personal impact Amazon’s move will have on quality of life.

A number of local and state representatives are also finally starting to weigh in on the matter, and many of the comments don’t reflect the sort of capitalist cheerleading one anticipates from elected officials. Senator Kirsten Gillibrand took to Twitter to express “concern” with how the process played out.

In particular, the one-time Blue Dog Democrat (who handily won her latest Senate bid a few weeks back) singles out Amazon’s tax breaks, along with the impact on struggling families, writing, “One of the wealthiest companies in history should not be receiving financial assistance from the taxpayers while too many New York families struggle to make ends meet.”

New York assemblyman Ron Kim took things further, promising legislation aimed as using tax subsidies to help cancel student debt, rather than prop up Amazon. It’s a move that reflects Bernie Sanders’ recent successful bid to provide Amazon warehouse employees a $15 minimum wage.

Congress member-elect Alexandria Ocasio-Cortez expressed support for Kim and voiced her own disappointment in a deal that was brokered without community input.

“Amazon is a billion-dollar company,” Ocasio-Cortez wrote. “The idea that it will receive hundreds of millions of dollars in tax breaks at a time when our subway is crumbling and our communities need MORE investment, not less, is extremely concerning to residents here.”