How Netflix Made 'Stranger Things' a Global Phenomenon

Not quite two years ago, Netflix launched simultaneously in 130 new countries. It now operates nearly everywhere in the world. With that expansion has come explosive international growth—along with the challenge of how best to introduce its homegrown favorites, like Stranger Things, to an audience that spans all the way to the Upside Down and back.

It’s hard to overstate how important it is to Netflix’s long-term ambitions that shows like Stranger Things “travel.” The streaming service needs to maintain a library that users will pay for year-round, and even with an original content budget pegged at $ 8 billion for 2018 it has to spend wisely to ensure it’s producing content that plays as well in Canada as it does in Cameroon. Or, from another angle: Not even Netflix has the budget to invest heavily in hyperlocal content for Estonia.

Making movies or series that play well overseas depends to a certain extent on quality, of course, and Netflix has long maintained that geography is a poor indicator of what people will actually watch. But for a show like Stranger Things—which is an Emmy-nominated and critically-praised show in the US—to succeed abroad, Netflix has to translate its genius to as many markets as possible. Literally.

Found in Translation

The world contains thousands of languages. Figuring out the proper translation for “Demogorgon” in each of them would be singularly impractical. But for the 20 languages in which Netflix does provide subtitles—and the large number in which it dubs shows—it sweats the small stuff.

That means the creation of a Key Names and Phrases tool, a sprawling spreadsheet in which teams of freelancers and vendors input translations in the name of consistency. Does the show include a fictional location? A catchphrase? A sci-fi item that has no real-world corollary? All those things go in the KNP, allowing Netflix to know how they read in Greek, Spanish, Swedish, Vietnamese, and so on.

Some translations are fairly straightforward; a university becomes a universidad for Spanish-language audiences, for example. Others, though, require substantially more legwork. Especially for a ’80s-reference-heavy series like Stranger Things that is fairly out of step with the present.

“It’s a really deep dive into what are the elements of the story, what are the specifics of the story, that we need to make sure we are translating the same way that things were translated, say, 30 years ago,” says Denny Sheehan, the director of Netflix’s content localization and quality control efforts. “We compile all of that into essentially a show bible, and we give that to all of our translators, all of our dub studios, so they can reference that.”

Take that Demogorgon, the big bad the Stranger Things kids named after a Dungeons & Dragons demon prince. To ensure that connection transcended language barriers, Sheehan’s team dug into old D&D materials to nail down how various cultures translated “Demogorgon” in the mid-1970s. Similar efforts were made to track down decades-old marketing materials for, yes, Eggo waffles, which play an outsized role in Season 1.

That focus on consistency goes beyond the words themselves to the voice actors saying them. Netflix says it looks for people who sound like the original cast but also, as Sheehan puts it, “embody the spirit of the character and tone.” No real surprise there. But the company also aims for voices that can work across titles. The actress who voices Winona Ryder’s Joyce Byers in Stranger Things, for instance, also provides the dubs for Lydia Deetz in Beetlejuice, and Mina Harker in Bram Stoker’s Dracula.

“We think of the subtitles and dubs as enabling access to the story,” Sheehan says. “Our goal is to use creative intent as the North Star, to really create culturally relevant and resonant translations for the continent that have a wide global appeal.”

Netflix

Netflix

A Global Concern

That’s increasingly a business imperative as well.

“Localization is very important internationally,” says Tony Gunnarsson, a streaming analyst with Ovum who follows Netflix closely. “European audiences are very familiar with US television and movies but the expectation is always to have local-language subtitles. This is a must-have everywhere.”

Netflix has already reaped some of those gains, says Todd Yellin, the company’s VP of product innovation.

“Before you localize it, you have the early adopters who speak English well enough that they can use the service in those countries,” Yellin says. “But after you localize you see substantially more growth in those countries.”

Netflix’s global accommodations go beyond subtitles and dubs, of course. The company has advanced efforts in recent years to make its service more usable in emerging markets, countries where bandwidth may be limited or unreliable. That includes the recent introduction of downloadable content, which lets users grab an episode while on Wi-Fi to watch on the go.

“What we’re doing is trying to do things like, when people are watching over a cellular network, how to get better quality for fewer bits of data, how to avoid rebuffering in more challenging internet scenarios, like you often hit in India or Malaysia or the Philippines and so forth,” says Yellin. “Those markets are very important for the expansion of Netflix.”

Of course, those technological and linguistic solutions don’t mean much if it’s a show people don’t want to watch in the first place. It’s no accident that Netflix has a multi-series deal with Marvel, whose stable of comic book characters has built-in international cache. Or that this year it invested heavily in anime, a genre that demonstrably transcends both geography and demographics.

As a Spielbergian genre throwback, Stranger Things seems similarly built for international success. The stars and creators may have been relative unknowns before the series debuted, but its tropes are universal. And it’s not just Spielberg; fans of David Lynch and Stand By Me will find familiar nuggets as well.

“My hunch is that the commercial success results from attracting several different audiences for each of which it is a cult show,” says Nigel Morris, author of The Cinema of Spielberg: Empire of Light and a film studies professor at the University of Lincoln. “All of the allusions make it a kind of interactive game as people ‘spot the references’, feel flattered by their ability to do so but also curious about those they realize they must be missing, and share them through social networking, together with speculation about what is going on and what the various clues might mean.”

The result? A show that went viral first in Canada, and gradually spread to find enthusiasts around the world. In one month, Netflix users in 190 countries watched Stranger Things, and viewers in 70 of those nations became devoted fans. A handful of people tuned in from Bhutan, and from Chad. In a first for the streaming service, someone watched Season 1 in Antarctica.

Stranger Things, too, is just one show. The process repeats itself across thousands of hours of content. Netflix already made shows based on what the world wanted to watch; the hard part, now, is presenting it in a way that people can understand, no matter where they live or what language they speak.

Tech

Cisco nears deal to acquire BroadSoft: source

SAN FRANCISCO (Reuters) – Cisco Systems Inc, the world’s largest networking gear manufacturer, is nearing a deal to buy U.S. telecommunications software firm BroadSoft Inc for close to $ 2 billion, a person familiar with the matter said on Sunday.

A newly installed phone made by Cisco is shown in San Diego, California, U.S., April 17, 2017. REUTERS/Mike Blake

The deal, which comes after Reuters first reported in August that BroadSoft was exploring a sale, would allow Cisco to further diversify away from its stagnating switches and routers business by giving it a stronger foothold in selling unified communications software to big telecommunications firms.

If deal negotiations are completed successfully, Cisco’s agreement to buy BroadSoft could be announced as early as Monday, the source said, asking not to be identified because the deal discussions are confidential.

Cisco declined to comment. BroadSoft did not immediately return a request for comment. Bloomberg News reported earlier on Sunday that Cisco was close to a deal to acquire BroadSoft.

With its traditional business of making switches and routers seeing revenue declines, Cisco, like other legacy technology firms, has been focusing on high-growth areas such as security, the Internet of Things and cloud computing.

The BroadSoft deal would be Cisco’s second major acquisition this year following the $ 3.7 billion acquisition of privately-held AppDynamics Inc in March.

BroadSoft shares had closed at $ 54.90 on Friday, giving the company a market capitalization of $ 1.67 billion.

Based in Gaithersburg, Maryland, BroadSoft provides software and services that enable mobile, fixed-line and cable service providers to offer unified communications over their internet protocol networks.

BroadSoft has historically sold its products to large telecommunications companies such as Verizon Communications Inc and AT&T Inc, which then resell the software to their business customers.

BroadSoft has recently tried to revamp its business model to sell directly to these customers, a move that risks its relationships with its telecommunications partners, according to a Barclays Plc research report.

New York-based hedge fund P2 Capital Partners LLC owned a 4.6 percent stake in BroadSoft as of the end of June, according to Thomson Reuters data. P2 has often behaved as an activist shareholder and has even offered to buy companies in which it has invested.

Another BroadSoft shareholder with a history of acquisitions is buyout firm KKR & Co LP, which is BroadSoft’s 13th-largest shareholder, according to Thomson Reuters data.

Reporting by Liana B. Baker in San Francisco; editing by Diane Craft

Our Standards:The Thomson Reuters Trust Principles.

Tech

Scientists Are Rewriting the History of Photosynthesis

Researchers have caught their best glimpse yet into the origins of photosynthesis, one of nature’s most momentous innovations. By taking near-atomic, high-resolution X-ray images of proteins from primitive bacteria, investigators at Arizona State University and Pennsylvania State University have extrapolated what the earliest version of photosynthesis might have looked like nearly 3.5 billion years ago. If they are right, their findings could rewrite the evolutionary history of the process that life uses to convert sunlight into chemical energy.

Quanta Magazine


author photo

About

Original story reprinted with permission from Quanta Magazine, an editorially independent publication of the Simons Foundation whose mission is to enhance public understanding of science by covering research developments and trends in mathematics and the physical and life sciences.

Photosynthesis directly or indirectly powers and sustains almost every organism on Earth. It is responsible for the composition of our atmosphere and forms the foundation of the planet’s many interwoven ecosystems. Moreover, as Wolfgang Nitschke, a biologist at the French National Center for Scientific Research in Paris, noted, photosynthesis liberated cells to grow and evolve boundlessly by letting them derive energy from a new, inexhaustible, nonterrestrial source. “When photosynthesis entered the picture, life connected up to the cosmos,” he said.

Scientists want to figure out what made that possible. In its current form, the machinery that converts light energy to chemical energy in photosynthesis—a protein complex called a reaction center—is incredibly sophisticated. The evidence suggests, however, that its design, which stretches back almost to the root of the tree of life, was once very simple. Researchers have been trying for decades to fill that enormous gap in their understanding of how (and why) photosynthesis evolved.

To that end, they have turned their attention to existing organisms. By studying the molecular details of the reactions that green plants, algae and some bacteria use to photosynthesize, and by analyzing the evolutionary relationships among them, scientists are trying to piece together a cogent historical narrative for the process.

The muddy soils around geothermal hot springs in Iceland, like the Geysir spring pictured here, are the natural habitat for primitive photosynthetic heliobacteria. Scientists are now studying those organisms for insights into the early evolution of photosynthesis.

Arctic-Images/Getty Images

The latest important clue comes from Heliobacterium modesticaldum, which has the distinction of being the simplest known photosynthetic bacterium. Its reaction center, researchers think, is the closest thing available to the original complex. Ever since the biologists Kevin Redding, Raimund Fromme and Christopher Gisriel of Arizona State University, in collaboration with their colleagues at Penn State, published the crystallographic structure of that protein complex in a July edition of Science, experts have been unpacking exactly what it means for the evolution of photosynthesis. “It’s really a window into the past,” Gisriel said.

“This is something we’ve been waiting for for 15 years,” Nitschke said.

In Search of a Common Ancestor

At first, most scientists did not believe that all the reaction centers found in photosynthetic organisms today could possibly have a single common ancestor. True, all reaction centers harvest energy from light and lock it into compounds in a form that’s chemically useful to cells. To do this, the proteins pass electrons along a transfer chain of molecules in a membrane, as though skipping along a series of stepping stones. Each step releases energy that’s ultimately used down the line to make energy-carrier molecules for the cell.

But in terms of function and structure, the photosystem reaction centers fall into two categories that differ in almost every way. Photosystem I serves mainly to produce the energy carrier NADPH, whereas photosystem II makes ATP and splits water molecules. Their reaction centers use different light-absorbing pigments and soak up different portions of the spectrum. Electrons flow through their reaction centers differently. And the protein sequences for the reaction centers don’t seem to bear any relation to each other.

Both types of photosystem come together in green plants, algae and cyanobacteria to perform a particularly complex form of photosynthesis—oxygenic photosynthesis—that produces energy (in the form of ATP and carbohydrates) as well as oxygen, a byproduct toxic to many cells. The remaining photosynthetic organisms, all of which are bacteria, use only one type of reaction center or the other.

So it seemed as though there were two evolutionary trees to follow—that was, until the crystal structures of these reaction centers began to emerge in the early 1990s. Researchers then saw undeniable evidence that the reaction centers for photosystems I and II had a common origin. Specific working components of the centers seemed to have undergone some substitutions during evolution, but the overall structural motif at their cores was conserved. “It turned out that big structural features were retained, but sequence similarities were lost in the mists of time,” said Bill Rutherford, the chairman in biochemistry of solar energy at Imperial College London.

“Nature has played small games to change some of the functions of the reaction center, to change the mechanisms by which it works,” Redding added. “But it hasn’t rewritten the playbook. It’s like having a cookie-cutter design for a house, building that same house over and over again, and then changing how the rooms are arranged, how the furniture is positioned. It’s the same house, but the functions inside are different.”

Researchers began to make more detailed comparisons between the reaction centers, searching for clues about their relationship and how they diverged. Heliobacteria have brought them a few steps closer to that goal.

Harkening Back to an Earlier Time

Since it was discovered in the soil around Iceland’s hot springs in the mid-1990s, H. modesticaldum has presented researchers with an interesting piece of the photosynthesis puzzle. The only photosynthetic bacterium in a family with hundreds of species and genera, heliobacteria’s photosynthetic equipment is very simple—something that became even more apparent when it was sequenced in 2008. “Its genetics are very streamlined,” said Tanai Cardona, a biochemist at Imperial College London.

Robert Blankenship, a photosynthesis researcher at Washington University, looks at a flask of cultured cyanobacteria. The organizational simplicity of heliobacteria, he said, “harkens back to an earlier evolutionary time.”

Washington University in St. Louis

Heliobacteria have perfectly symmetrical reaction centers, use a form of bacteriochlorophyll that’s different from the chlorophyll found in most bacteria, and cannot perform all the functions that other photosynthetic organisms can. For instance, they cannot use carbon dioxide as a source of carbon, and they die when exposed to oxygen. In fact, their structure took nearly seven years to obtain, partly because of the technical difficulties in keeping the heliobacteria insulated from oxygen. “When we first started working on it,” Redding said, “we killed it more than once.”

Taken together, “heliobacteria have a simplicity in their organization that’s surprising compared to the very sophisticated systems you have in plants and other organisms,” said Robert Blankenship, a leading figure in photosynthesis research at Washington University in St. Louis. “It harkens back to an earlier evolutionary time.”

Its symmetry and other features “represent something quite stripped down,” Redding added, “something we think is closer to what that ancestral reaction center would have looked like three billion years ago.”

A Glimpse of the Past

After carefully taking images of the crystallized reaction centers, the team found that although the reaction center is officially classified as type I, it seemed to be more of a hybrid of the two systems. “It’s less like photosystem I than we thought,” Redding said. Some people might even call it a “type 1.5,” according to Gisriel.

One reason for that conclusion involves greasy molecules called quinones, which help transfer electrons in photosynthetic reaction centers. Every reaction center studied so far uses bound quinones as intermediates at some point in the electron transfer process. In photosystem I, the quinones on both sides are tightly bound; in photosystem II, they are tightly bound on one side, but loosely bound on the other. But that’s not the case in the heliobacterium reaction center: Redding, Fromme and Gisriel did not find permanently bound quinones among the electron transfer chain’s stepping stones at all. That most likely means its quinones, although still involved in receiving electrons, are mobile and able to diffuse through the membrane. The system might send electrons to them when another, more energetically efficient molecule isn’t available.

Raimund Fromme, Christopher Gisriel and Kevin Redding (from left to right) are researchers in the School of Molecular Sciences at Arizona State University. With colleagues at Pennsylvania State University, they recently determined the crystallographic structure of the energy-producing reaction center in the simplest known photosynthetic bacterium.

Arizona State University

This finding has helped the research team deduce what early reaction centers may have been doing. “Their job was likely to reduce mobile quinones,” Redding said. “But they weren’t doing a very good job of it.” In the researchers’ scenario, tightly bound quinone sites are a more recent adaptation, and today’s type I and type II reaction centers represent alternative evolutionary strategies, embraced by different lineages of organisms, for improving on the ancestral system’s sloppy, less-than-ideal work.

“But then the question is, why has nature changed this kind of electron transfer chain?” Fromme asked. His work supports the hypothesis that it might have something to do with oxygen.

When an organism is exposed to too much light, electrons build up in the transfer chain. If oxygen is around, this buildup can lead to a harmfully reactive oxygen state. Adding a firmly bound quinone to the complex not only provides an additional slot to deal with potential traffic jams; the molecule, unlike others used in the transfer chain, also does not pose any risk of producing that deleterious form of oxygen. A similar explanation works for why reaction centers became asymmetric, Gisriel added: Doing so would have added more stepping stones as well, which would have similarly buffered against damage caused by the accumulation of too many electrons.

One of the researchers’ next steps is to put time stamps on when this asymmetry and these tightly bound quinones came into the picture, which would help them determine when oxygenic photosynthesis became possible.

All Roads Lead to Oxygen

Cardona, who was not involved in the recent study but has begun interpreting its results, thinks he may have found a hint in the heliobacterium reaction center. According to him, the complex seems to have structural elements that would have later lent themselves to the production of oxygen during photosynthesis, even if that wasn’t their initial purpose. He found that a particular binding site for calcium in the heliobacteria’s structure was identical to the position of the manganese cluster in photosystem II, which made it possible to oxidize water and produce oxygen.

Tanai Cardona, a biochemist at Imperial College London, suspects that cells may have been producing oxygen through photosynthesis for about a billion years longer than scientists usually assume.

Imperial College London

“If the ancestral [calcium] site at some later stage turned into the manganese cluster,” Cardona said, “that would suggest that water oxidation was involved in the earliest events in the divergence between type I and type II reaction centers.” That, in turn, would mean oxygenic photosynthesis was far more ancient than expected. Scientists have commonly supposed that oxygenic photosynthesis appeared shortly before the Great Oxygenation Event, when oxygen began to build up in Earth’s atmosphere and caused a mass extinction 2.3 to 2.5 billion years ago. If Cardona is right, it may have evolved nearly a billion years earlier, shortly after photosynthesis made its debut.

That timing would have been early enough to predate the cyanobacteria typically credited as the first organisms to perform oxygenic photosynthesis. According to Cardona, it may be the case that a lot of bacteria could do it, but that after mutations, divergences and other events, only cyanobacteria retained the ability. (Cardona published a paper this year citing other molecular evidence for this hypothesis. He has not yet formally presented arguments about the potential link involving calcium for peer review, but he has written about the idea in blog posts on his website and on a scientific networking site for researchers, and he recently began working on a paper about it.)

That hypothesis contradicts one of the widely held ideas about the origins of photosynthesis: that species incapable of photosynthesis suddenly obtained the capacity through genes passed laterally from other organisms. According to Cardona, in light of the new discoveries, horizontal gene transfer and gene loss may both have played a role in the diversification of reaction centers, although he suspects that the latter may have been responsible for the earliest events. The finding, he said, might suggest that “the balance skews toward the gene-loss hypothesis”—and toward the idea that photosynthesis was an ancestral characteristic that some groups of bacteria lost over time.

Not everyone is so sure. Blankenship, for one, is skeptical. “I don’t buy that,” he said. “I don’t see any data here that suggests that oxygenic photosynthesis occurred that much earlier.” To him, the work by Redding, Fromme and their collaborators has not answered these questions; it has only conjectured about what may have happened. To solve that puzzle, scientists will need the reaction center structures of other bacteria, so they can continue evaluating the structural differences and similarities to refine the twisting roots of their evolutionary trees.

“I think it’s entirely a possibility that what [Cardona] is saying is correct,” Gisriel said, “but I also think the field should sit with it for a while, do some more analysis and see if we understand more about how this structure works.”

Going the Synthetic Route

Some researchers aren’t waiting for the publication of the next structure. This one took seven years, after all. They’re pursuing synthetic experimentation instead.

Rutherford and his colleagues, for example, are using a “reverse evolution” technique: They hope to predict the sequences of missing-link reaction centers, using structural information like Redding’s to gain an understanding of their architecture. They then plan to synthesize those hypothetical ancestral sequences and test how they evolve.

Meanwhile, Redding and his team have just begun artificially converting the symmetric reaction center of heliobacteria into an asymmetrical one, following in the footsteps of two researchers in Japan, Hirozo Oh-Oka of Osaka University and Chihiro Azai of Ritsumeikan University, who have spent more than a decade doing this in another type of photosynthetic bacterium. The groups believe their work will clarify how these adaptations would have occurred in real life in the distant past.

Twenty years ago, Nitschke stopped working on the evolution of photosynthesis and turned his attention to other problems. “It seemed so hopeless,” he said. But the research done by Redding, his team and these other groups has rekindled those ambitions. “As they say, your first love always stays with you,” Nitschke said. “I’m really excited about this new structure and plan to go back to thinking about all this again.”

Original story reprinted with permission from Quanta Magazine, an editorially independent publication of the Simons Foundation whose mission is to enhance public understanding of science by covering research developments and trends in mathematics and the physical and life sciences.

Tech

Tanium CEO’s Refreshingly Honest Take on the State of Internet Security

This is your Cyber Saturday edition of Fortune’s tech newsletter for October 7, 2017.

On Tuesday, the wood-smoke air of California’s wildfires descended on the Bay Area as cybersecurity professionals gathered at the Palace Hotel for an industry event.

I spent the morning interviewing Orion Hindawi, CEO of Tanium, the world’s highest privately valued cyber startup (worth $ 3.75 billion at last appraisal in May), for a fireside chat at his company’s second annual conference, Converge 2017. Hindawi has a no-nonsense approach to business—a suffer-no-fools attitude that landed him in the sights of a couple of unflattering stories about his management style earlier this year. (He later apologized for being “hard-edged.”)

On stage the chief exec delivered his peculiarly unvarnished view of the state of Internet security. “The idea that we’re going to give you a black box and it auto-magically fixes everything, that’s a lie,” Hindawi told the audience. (One could almost hear a wince from part of the room seating his PR team.) “All I can tell you is we can give you better and better tooling every day. We can make it harder for the attackers to succeed. That’s the best I can offer.”

Hindawi is a realist through-and-through. His outlook is perhaps best summed up by his response to a question about whether he subscribes to a glass-half-full or glass-half-empty view of the cyber threatscape. His reply would become a running joke for the rest of the conference. He said simply, “It’s just a glass, dude.”

Other tidbits of wisdom from Hindawi: not all hackers are Russian spies (the majority are lowly criminals). Unsecured Internet of Things devices pose a risk to everyone. And sometimes cyber insurance is the way to go when old systems are all but impossible to patch; the decision boils down to managing “operational risk, like earthquakes,” he said.

Hacking is not a dark miasma that penetrates all things, although it can sometimes feel that way. Companies, like Tanium, that are building the tools to swing the balance back in defenders’ favor without over-promising provide hope. Enjoy the weekend; I will be heading north of San Francisco, visiting friends who, luckily, were unharmed by the area’s recent conflagrations.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Always use (advanced) protection. Google debuted an opt-in mode for high-risk users who wish to lock down their accounts on services such as Gmail, Google Drive, and YouTube with extra security. (Paging John Podesta.) The feature requires people to log-in using a special USB key (or Bluetooth dongle for mobile devices), it prevents third-party applications from accessing your Google data, and it adds beefed up malware-scanning of incoming documents. This author plans to sign up.

Gather ’round the good stuff. Pizza Hut warned customers that their personal information and payment card data may be at risk after hackers gained access to the company’s website and app for a 28-hour period starting on Oct. 1. An estimated 60,000 customers are thought to have been impacted. The company is offering victims free credit monitoring for a year.

Unicorn? More like Duo-corn. Duo Security, a Mich.-based cybersecurity startup whose tools help companies manage people’s digital identities, said it raised $ 70 million at a $ 1.17 billion valuation (including the capital raised) this week. Th round catapults the firm into “unicorn” territory, the swelling ranks of private firms occupied by young guns valued at $ 1 billion or more. Alex Stamos, Facebook’s security chief, recently praised Duo as the maker of his favorite cybersecurity product.

KRACKing Wi-Fi. A couple of Belgian researchers published a paper containing proof of concept code that exploits vulnerabilities in the way cryptographic keys are exchanged over Wi-Fi, allowing hackers to steal people’s data. Big tech companies like Microsoft issued a patch for the so-called KRACK bug on Oct. 10, Apple is in the middle of testing patches for iOS and macOS, and Google, whose Android 6.0 devices are the most vulnerable, said it would release a patch in early Nov.

Cyber insurers are going to get Mercked. Cyber insurers might be on the hook to cough up $ 275 million to cover damage to drugmaker Merck as a result of a June cyber attack, dubbed “NotPetya,” according to one firm’s forecast. The companies at issue have not yet disclosed figures themselves.

Surprise! It is depressingly easy for penetration testers to break into places where they are not supposed to be.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Boycotts are hardly an option: To opt out of a credit score is to opt out of modern financial life itself. As Equifax’s now former CEO Richard Smith testified in October, if consumers were allowed to abandon the credit system, it would be “devastating to the economy.” The better answer is systemic reform to the credit oligopoly.

—Fortune’s Jeff John Roberts and Jen Wieczner explain what practical recourse consumers and regulators have when it comes to dealing with the major credit bureaus in the wake of a massive data breach at Equifax. 

ONE MORE THING

The adventures of John Titor.  Namesake of a bygone Internet hoax, “John Titor” claimed to be a man sent from the future to retrieve a portable computer. Titor sent faxes to an eccentric radio program, Coast to Coast AM, that specialized in the paranormal. Here’s an oral history of that running joke; the pseudo-scientific explanations of time travel are delightful.

Tech

Russian Spies Rush to Exploit the Latest Flash Zero Day and More Security News This Week

There’s nothing like a hefty security freakout to start the week, and the Key Reinstallation AttackWi-Fi vulnerability—you know it as Krack—announced on Monday fit the bill. The bug is in the ubiquitous WPA2 Wi-Fi protocol, so while it fortunately doesn’t impact every single device that exists, it does affect a significant portion of them. And many will likely never receive protective patches, a longstanding and critical security problem that particularly affects the Internet of Things. The relative simplicity of the Krack bug itself also highlights the importance of making technical standards accessible to researchers for review and feedback.

Google announced a new tier of account security this week called Advanced Protection that uses physical authentication tokens, advanced scanning, and siloing to help defend particularly at-risk accounts (or anyone who wants to be very cautious). And after its disastrous corporate breach, Equifax is receiving a thorough public shaming. Researchers also discovered that for just $ 1,000 they can exploit mobile advertising networks to track people’s movements in both cyberspace and the real world. Not great!

US-Iranian relations are tense and could nudge Iran’s cyber operations. And crooks have a new favorite hustle called “cryptojacking” that can secretly use your devices to mine cryptocurrency when you visit infected websites. Highs and lows.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Flash Patched Its Recent Zero Day, So Russian Hackers Are Using It While They Can

Kaspersky Labs researchers announced a new Adobe Flash vulnerability on Monday, noting that unidentified hackers exploited the bug in an attack on October 10, using a compromised Microsoft Word document to deliver FinSpy malware. Adobe coordinated with Kaspersky to issue a patch on the day of the disclosure. In the wake of the patch, researchers at the security firm Proofpoint observed the hackers doubling down to exploit the flaw before potential targets widely adopt the fix. The group, which Proofpoint says is the Russia-backed collective Fancy Bear, launched an email spearphishing campaign that targeted state departments and aerospace companies. But researchers say the operation was sloppy, and that the group has followed this pattern in the past.

Microsoft Didn’t Disclose 2013 Breach of a Sensitive Vulnerability Database

Sophisticated hackers breached Microsoft’s internal vulnerability-tracking database more than four years ago, but the company didn’t publicly disclose the incident. Five former Microsoft employees told Reuters that the company was aware of the intrusion in 2013. The database would have contained critical vulnerabilities in Microsoft’s widely used software products, including Windows, and may have even included code for exploiting those flaws. Such information would be a gold mine for foreign government-backed hackers or third-party criminals alike, and could have facilitated breaches and espionage at the time.

Reuters’ sources said in separate interviews that Microsoft never connected the breach to any other attacks, and that the company didn’t disclose the incident, because doing so would have pushed attackers to exploit the vulnerabilities before they were patched. Microsoft presumably patched everything in the compromised database years ago, though. Reuters’ sources say that the Microsoft did at least improve its internal security in response to the hack. The incident was part of a rash of attacks that also hit Apple, Facebook, and Twitter. The group behind these hacks is still unidentified, but is known by different researchers as Morpho, Butterfly, and Wild Neutron, and is still active today.

UK Concludes That Iran, Not Russia or North Korea, Hacked Officials’ Email Accounts

Investigators in the United Kingdom concluded last week that Iranian government-backed hackers were behind a June email network intrusion that targeted numerous members of parliament and Prime Minister Theresa May. Every MP uses the network, but the hackers specifically looked for accounts protected by weak passwords or reused ones that had leaked online after other breaches. The parliamentary digital services team told the Guardian that it was making email security changes in response to the attack. The incident underscores Iran’s ongoing digital offensive initiatives. Though the country has been less focused on Western targets in the last few years, it is still an active threat around the world. Recently, US President Donald Trump has worked to undermine the Iran nuclear deal, but Theresa May and other European leaders say they want to preserve it.

Police Did Social Media Surveillance on New York Black Lives Matter Group

The Black Lives Matter Global Network chapter in the Rockland County, New York filed a federal lawsuit in August claiming that local Clarkstown police conducted illegal surveillance on it throughout 2015. Clarkstown police records from the Strategic Intelligence Unit describe social-media surveillance targeted at BLM members. The documents even show evidence that a lead detective told the Strategic Intelligence Unit supervisor to stop the surveillance, but this didn’t end the program. BLM is alleging that Clarkstown police engaged in racial profiling, and violated the group members’ rights to free speech and assembly.

Millions of Crucial Cryptography Keys Weakened By Trusted Generator

A flaw in how a popular code base generates cryptographic keys has ruined the security of millions of encryption schemes. The generator appeared in two security certification standards used my numerous governments and large corporations worldwide, meaning that the flawed keys are meant to protect particularly sensitive platforms and data. German chipmaker Infineon developed the software, which has included the key generating flaw since 2012 or possibly earlier. Attackers could exploit the bug to figure out the private part of a key from its public component. From there they could do things like manipulate digitally signed software, disable other network protections, or, of course, decrypt sensitive data. The situation affects Estonia’s much-touted secure digital ID system. Infineon, Microsoft, and Google warn that the flaw will undermine their Trusted Platform Module products until customers generate new, more robust keys. Estonia has announced plans to update the keys used for its national IDs.

Tech

Riot Games Esports Co-Head Talks ‘League of Legends’ 2017 World Championship

The world’s top competitive video gamers are facing off in China over the next few weeks for the League of Legends 2017 World Championship, one of the premier tournaments in the fast-growing world of esports.

Hosted by Riot Games, the company that makes the popular League of Legends (LoL) online game, the tournament’s early rounds turned in a fair amount of excitement and upsets, though last year’s champion is still standing. The Korean professional esports team SK Telecom T1 remains a favorite in a field that also features teams like Samsung Galaxy (sponsored by the South Korean electronics giant) and the North American team Cloud 9.

If none of those names ring a bell, then the rapid ascension of esports has likely passed you by. Competitive gaming’s popularity around the world has exploded in recent years, and the esports industry is now expected to generate more than $ 1.5 billion in annual revenue by 2020, according to one estimate.

Meanwhile, major professional sports teams like the New York Yankees and Cleveland Cavaliers are throwing money at esports, while tech giants like Amazon and Google compete to lure gaming fans to stream live gameplay and competitions on their digital video platforms, Twitch and YouTube, respectively. Last year, Riot Games (which is owned by Chinese tech giant Tencent) signed a reported $ 300 million streaming rights deal with Walt Disney’s BAMTech, and this year’s LoL world championship tournament is available for streaming around the world on Twitch and YouTube.

The influx of media rights deals has also opened the door for a range of high-profile corporate sponsors, with Riot Games landing sponsorships in recent years from the likes of Acer Gaming, Coca-Cola, T-Mobile, and Mercedes-Benz.

This week Fortune caught up with Jarred Kennedy, the co-head of esports at Riot Games, to discuss the world championship (the finals will take place Nov. 4 at the Bird’s Nest National Stadium in Beijing) as well as the overall growth of the esports industry and Riot’s plans, much like rival Activision Blizzard, to remodel its own esports league after major professional sports leagues like the NFL and NBA.

The following conversation has been edited and condensed for clarity.

Fortune: What are some of the big storylines fans will be following heading into the quarterfinals of the LoL World Championships this weekend?

Kennedy: Where to begin? We’ve got some great teams that have made it through. Lots of regions are still alive. You’ve got your defending champions, SK Telecom T1, where they always are, which is contending. But, you’ve got teams that are potentially going to give them a run for their money. I think if [Chinese team] Royal Never Give Up and SK Telecom T1 wind up meeting in the semifinals in Shanghai that could be incredible. Honestly, any of the match-ups with the teams we have right now are going to be really fun to watch, because they’ve all proven themselves to get to this stage. And, the competition just keeps getting better and better the deeper we get into the tournament. That’s one of the reasons that worlds is so compelling.

How has the media rights aspect of the esports business expanded in recent years for Riot?

I think what you’re seeing is the maturation of our sport. With esports, I wouldn’t say it’s entered the mainstream, but it is increasingly an option that marketers look to. And, that’s great for us, because what we’re trying to do is build up the overall ecosystem, and having those increases in revenue coming in on that side allows us to invest in the professional players, the teams, and it allows these players to make a career out of this in a really meaningful way.

That leads into the bigger question of the esports industry’s overall growth trajectory. What are the areas of business that you think are most ripe for increasing revenue in the industry?

There are lots of different pools of revenue. Big ones would include media rights, which not unlike the NFL, NBA, or the Premier League, media rights are a large driver. For some games, including ours, there’s in-game content, and that’s something that’s unique to esports, as opposed to stick-and-ball or traditional sports, where there’s an opportunity for teams to participate in some of the in-game revenue streams. I think those are probably the biggest ones, but we’re always on the lookout for new ways to engage with fans of our sport.

You used to work at Sony Pictures Television. Would it benefit esports to make that leap to being more of a presence on traditional TV networks?

We don’t feel the need to go to TV as a point of validation. We’ve found that a lot of our fans of this sport are online, they tend to consume digitally, and thus the BAMTech deal and some other things we’ve done—negotiations with Twitch, YouTube, etc.—is just to serve them where they are. But, we’re not looking to be on NBC at 8 p.m. on a Saturday broadcasting to all of America, because we don’t think that’s where our fans want to watch, and we think it would probably be casting too wide of a net.

Why model Riot Games’ North American League of Legends Championship Series league after major professional sports leagues with revenue-sharing and a players association?

We’ve always looked at professional sports, not because we want to model exactly what other sports do, but even when you’re attempting to innovate, sometimes there are things that already exist in the world that work really well and work for a reason, and we shouldn’t be afraid to use some of that. Our goal is to have sophisticated owners of teams that can operate at a high level, know how to build businesses, know how to build sports, and who aren’t going to be working against each other, but are going to be collaborating in the best interests of fans around the world.

Going back to your point about esports not yet being in the mainstream, what needs to happen to put esports on the same level as one of the major professional sports leagues?

It takes time to get to the scale of where major sports are today, and I don’t think we have any illusions that we’re going to be able to do that overnight. We do have the advantage of being a digital property that tends to grow faster and can grow more virally. Friends tend to bring their friends into the sport, we found. We’re looking to build the best ecosystem for our fans that we can and we hope that by doing that it will thrive and grow, and over time we’ll have a chance to be as big as some of the major sports that exist today. But our primary goal is delivering value to fans day in and day out. And, if we can do that, then the rest will take care of itself.

Tech

Equifax Deserves the Corporate Death Penalty

Equifax is in trouble. The credit reporting company failed to protect the personal financial data of as many as 143 million Americans. Equifax’s failure exposed not just names and addresses, but also Social Security numbers, birth dates, drivers’ license numbers, and credit card numbers. The Federal Trade Commission, Congress, and about 40 state attorneys general are investigating the data breach, and both the Massachusetts attorney general and the city of San Francisco are suing on behalf of residents whose information was compromised.

WIRED OPINION

ABOUT

Ron Fein (@ronfein) is the legal director of Free Speech for People, a national non-partisan nonprofit organization that advocates for democracy reform and corporate accountability.

That’s a start. But it’s not enough. Equifax’s failure calls for the corporate death penalty, through a rare but vital procedure called judicial dissolution.

Under the law of Georgia, where Equifax is incorporated, the state attorney general may file a lawsuit in state court to dissolve a corporation if the corporation “has continued to exceed or abuse the authority conferred upon it by law.” (All 50 states have similar provisions.) State attorneys general don’t invoke these corporate death penalty statutes often, especially not against large, well-known corporations. But Equifax could not have obtained its unusually important position in our economy without the privileges of a corporate charter conferred by law, and it has forfeited its claim to those privileges.

Equifax’s entire reason for existence is to collect and maintain private financial data about individuals who are not customers of the company. This isn’t like other data breaches, such as the 2012 credit card data breach at Barnes & Noble, or the 2015 hack of frequent-flyer account data at British Airways. Those breaches were bad. But they affected people who had chosen to do business with these companies by buying books or airplane trips. Most of the people whose data was compromised by Equifax’s lax security don’t even know that Equifax exists, let alone that it maintains their private financial data.

While there’s never an excuse for major companies to be sloppy with customer data, Barnes & Noble and British Airways aren’t in the business of securely storing private financial data. They’re in the businesses of selling books and flying airplanes. When a bookstore or airline doesn’t manage customer data well, then the company needs to compensate its customers for its negligence, accept its punishment, and reform. But when a company’s entire reason for being is managing individuals’ most sensitive private financial data, and it fails spectacularly, it should not be further entrusted with that important responsibility.

Equifax’s conduct after the breach has given little comfort. Before revealing the breach to the public, senior executives sold $ 2 million worth of stock. Meanwhile, after the breach was made public, Equifax offered consumers free credit monitoring—but tried to force them to accept a mandatory arbitration provision clause buried in the fine print.

In fact, Equifax wasn’t even competent enough to close the stable door after the horse had bolted. Over a week after the US breach was revealed, a small computer company in Milwaukee noticed that in one Equifax computer system based in South America, customer records could still be accessed by entering the username “admin” and the password…”admin.”

This is not the conduct of a company that deserves to continue to be entrusted with a critical role in our economy. State laws enable the creation of corporations because they are thought to confer a benefit on society. But not in this case. Equifax had one job, and it failed. More than half of American adults woke up one day to learn that a corporation that few had ever heard of had lost control of financial data that they never knowingly gave it.

Dissolving Equifax would not require putting innocent people out of work or demolishing its office buildings. Working with a court-appointed receiver, the Georgia attorney general could develop a plan to deconstruct Equifax’s current corporate structure. It could continue to operate and pay its staff and vendors while dissolution is pending in court, and legitimate business lines could operate successfully afterwards under new ownership.

Equifax’s core customer data business, meanwhile, has some assets that could be sold to competitors or other new owners. Some of the main so-called assets, however, are questionable: the private financial data, which the company can no longer be entrusted to maintain; the computer code that maintains and protects that data, which evidently is inadequate to the task; and the intangible value of Equifax as a going concern, known in accounting as “goodwill.” Dissolving the company would certainly eliminate any remaining goodwill. But frankly, Equifax doesn’t have much goodwill these days anyway.

To be fair, Georgia’s attorney general, Chris Carr, hasn’t ignored the Equifax breach. He signed a group letter to Equifax along with over 30 other state attorneys general, and joined the larger multi-state investigation. Yet Carr has been content simply to participate in a broader coalition, emphasizing his duty to protect Georgia’s consumers. That’s a start, but not the end. Because of his office’s unique oversight powers over Georgia corporations, Carr needs to ask larger questions—including whether Equifax’s abuse of its state-granted corporate powers justifies revoking its corporate charter.

A few years ago—starting soon after the Supreme Court’s 2010 Citizens United decision, which held that corporations have the same right as people to spend money to influence elections—a popular bumper sticker proclaimed, “I’ll believe corporations are people when Texas executes one.”

We shouldn’t use the corporate death penalty lightly. But at this point, Equifax has lost its justification for existence.

WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here.

Tech

SoftBank's big checks are stalling tech IPOs

LAGUNA BEACH, Calif. (Reuters) – Big cash infusions for startups from an ever-expanding group of financiers, led by SoftBank Group Corp (9984.T) and Middle East sovereign wealth funds, have extinguished hopes that the technology IPO market would bounce back this year.

These deep-pocketed financiers, which have traditionally invested in the public markets but are seeking better returns from private tech companies, have enabled startups to raise more money, stay private longer and spurn the regulatory hassles of an IPO even as they become larger than many public companies.

At The Wall Street Journal D.Live conference this week in Southern California, a number of venture capitalists, entrepreneurs, IPO experts and dealmakers spoke with Reuters about the surprisingly low number of IPOs and pointed to investors such as SoftBank for changing the business of startup financing.

“It’s not surprising if these companies get 10 term sheets,” said Nicole Quinn, an investing partner with Lightspeed Venture Partners, referring to formal offers of investment.

The result is a protracted IPO slump that has contributed to a 50 percent drop in the number of U.S. public companies over the last two decades, according to the Nasdaq. IPOs have fallen especially precipitously since 2014 – the year public market investors, including mutual funds, ramped up investment in private tech companies.

There are some signs of a more active fall for IPOs. Tech companies Switch (SWCH.N), MongoDB (MDB.O) and Roku (ROKU.O) have gone public in the past few weeks, with debuts from ForeScout and Zscaler ahead.

CORRECTION AHEAD?

Yet many investors are bracing for a market tumble after a sustained rally, raising questions about IPO opportunities for 2018.

Just 12 venture capital-backed tech companies went public in the United States in the first three quarters this year, compared to 27 for the same time period in 2014, according to IPO investment adviser Renaissance Capital.

The drought continues even though both the Dow Jones Industrial Average .DJI and Nasdaq Composite .IXIC are up more than 26 percent in the last year and market volatility is low, normally ideal conditions for an IPO.

Wall Street stock indexes have posted a string of record highs in recent weeks, and the Dow closed above 23,000 for the first time on Wednesday. [.N]

But Barry Diller, a longtime dealmaker and chairman of InterActiveCorp and Expedia Inc (EXPE.O), said the huge funding rounds had eliminated the traditional reason for an IPO.

“There is no reason to be public unless you need capital, and almost all these companies do not need capital,” Diller said.

SOFTBANK-UBER DEAL EYED

Increasingly, the big checks are coming from SoftBank, which in May closed a $ 93 billion investment fund.

So far this year, it has announced at least 14 investments in technology companies globally, including a $ 500 million deal with fintech company Social Finance and a $ 3 billion investment in shared workspace company WeWork, both private and already worth billions of dollars.

SoftBank is in the next week expected to finalize a highly anticipated deal with Uber Technologies Inc [UBER.UL] in which it, along with other investors, would purchase as much as $ 10 billion in Uber shares, most of them from employees and existing investors in a so-called secondary offering.

“This is the third liquidity option,” said Larry Albukerk, who runs secondary market firm EB Exchange and spoke to Reuters by phone. “It used to be IPO or acquisition.”

SoftBank’s deals are causing venture capitalists to “prepare for more M&A exits,” and fewer IPOs over the long term, said Jenny Lee, managing partner at GGV Capital.

Meanwhile, Nasdaq’s private market business, set up in 2014, facilitated more than $ 1 billion in secondary market transactions last year, according to Bruce Aust, vice chairman of Nasdaq.

Secondary transactions allow employees and investors to get some cash by selling to other private investors, removing a significant pressure to go public.

The flood of private capital, and the lofty valuations that have come with it, have, paradoxically, created another reason for avoiding an IPO, said Chris Clapp, a managing director with consulting group MorganFranklin.

“Many times with my clients I don’t think they would achieve the same valuation in the public markets,” Clapp said in a phone interview.

Meal delivery company Blue Apron Holdings Inc (APRN.N) took a 27 percent haircut when it went public in June and software company Cloudera Inc (CLDR.N) lost 53 percent of its valuation in its April IPO.

Snap Inc (SNAP.N), the owner of messaging app Snapchat, is down more than 10 percent from its IPO price in March.

Reporting by Heather Somerville; editing by Jonathan Weber and G Crosse

Tech

Japan finance sector to reap digital currency benefits, says MUFG chief

TOKYO (Reuters) – The chief executive of Japan’s largest bank expects new business opportunities to appear as digital currencies allow collection of data on how people use their money.

While Japan’s big banks have distanced themselves from bitcoin and other existing digital currencies, they are trying to create their own to provide cheaper and easier means of payments and money transfers.

“We would be able to capture kinds of financial behavior that cannot be collected as data in cash transactions,” said Nobuyuki Hirano, CEO of Mitsubishi UFJ Financial Group (MUFG), speaking as chairman of the Japanese Bankers Association at a news conference on Thursday.

“We can use the data to create new value.”

Hirano’s bank is developing its own “MUFG Coin” digital currency using the blockchain technology behind bitcoin.

The bank has been conducting experiments with MUFG Coin among its employees, including using the currency to split restaurant bills with each other over their smartphones.

Unlike bitcoin and other so-called cryptocurrencies, MUFG Coin is tied to Japanese yen, so users can exchange it for yen at the same rate as they bought the digital currency.

MUFG has said it plans to expand the experiment to involve all of its 30,000 domestic employees next year.

Japan’s third-largest lender Mizuho Financial Group is also developing its own digital currency, J Coin, targeting widespread use by 2020.

Reporting by Taiga Uranaka; Editing by David Goodman

Tech

Fed to step-up focus on payment security with study, working groups: Fed's Powell

WASHINGTON (Reuters) – The U.S. Federal Reserve is stepping-up its focus on payment security as the industry reaches a “critical juncture” driven by new technologies, Federal Reserve board governor Jerome Powell said on Wednesday.

Speaking at a conference in New York, Powell said the U.S. central bank would early next year launch a study analyzing payment security vulnerabilities and also planned to create new working groups focused on reducing the industry costs associated with securing payments.

“Rapidly changing technology is providing a historic opportunity to transform our daily lives, including the way we pay. Fintech firms and banks are embracing this change, as they strive to address consumer demands for more timely and convenient payments,” said Powell.

“It is essential, however, that this innovation not come at the cost of a safe and secure payment system that retains the confidence of its end users.”

The Fed does not have complete authority over the U.S. payment system, but it has led industry efforts to make it faster and easier to use. The central bank also leads the 160-member Secure Payments Task Force.

Powell’s comments underline growing concerns among financial market participants and regulators about the risks cyber thieves pose to the financial system following a series of recent incidents.

Last year, SWIFT, the global financial messaging system, disclosed it had suffered hacking attacks on its member banks including the high-profile $ 81 million heist at Bangladesh Bank.

During that incident, hackers broke into the computers of Bangladesh’s central bank and sent fake payment orders, tricking the Federal Reserve Bank of New York into transferring the funds. [here]

Powell said on Wednesday new fintech payment companies posed “significant challenges to traditional banking business models” and that the payment system was reaching a “critical juncture.”

His comments echoed those of Barclays Chief Executive Officer Jes Staley who on Saturday warned payments would be the next battleground for banks amid increasing competition from fintech players and tech giants including Amazon and Facebook.

Reporting by Michelle Price; Editing by Chris Reese

Tech