Direct admissions: a new way to get into college

For the past couple of years, high school seniors have been part of an interesting experiment called direct admissions. Basically, there are systems that allow them to get conditional pre-acceptance offers, without having to fill out much of an application in advance, or even think about where they want to attend. What makes these offers interesting is that they arrive unsolicited. There are a few caveats, but hundreds of students are now attending college using this method.

Back in the pre-historic era when I was a high school senior when I had to walk uphill both ways to school, we had to fill out applications by hand. There was no CommonApp, a system by which a thousand or so colleges agree to basically open source the application process. They are one of the entities involved direct admissions, I’ll get to them in a moment. Each place had its own essay to write. You also had to take standardized tests from places like the College Board, the dreaded SAT or ACT. And then there were the application fees.

Direct admissions puts all that aside. You have to have good grades, of course, or good enough grades for the particular school that you want to attend. But that’s about it. No more stuffing silly clubs to pad your pre-college resume. No more parental nagging about whether you have written word one on your essays.

Not every college is on board, yet. But it clearly is the coming wave. As costs to attend college continue to rise, the onerous application process has to be simplified. One private venture is leading the charge called Niche. Their website has a portal for students to enter the direct admissions world and while there is some information to fill out, it doesn’t seem all that difficult.

There are several states that have signed up to include every graduating high school senior in the program. They notify all graduating seniors in the fall where they have been accepted, based on their GPAs. Minnesota, for example, has 55 two and four year colleges — both private and public — part of the program. Students then have to complete an application to the school of their choice. Missouri has several schools that take direct admissions, including probably one of the best engineering schools in the state.

CommonApp began testing direct admissions in 2021, and now has more than 70 participating schools. Niche began its program in 2022 and now has its own group of 100 or so schools. (Forbes has more details here.) The two have somewhat different qualification criteria. With CommonApp, students have to live in lower-income households to get app fees waived and be the first in their generation to enter college, and can only apply to in-state colleges. Niche doesn’t have any income or geographic threshold.

As the NY Times wrote earlier this year, colleges want more students and need more applicants to maintain their student population. Idaho, which is one of the states with a program, found that student enrollment increased by several percentage points in the first year.

Now, you might guess that the top tier Ivies aren’t on board with direct admissions: they get plenty of attention from the best students. But for many other schools, this could be a way to attract students that may have never considered or even heard of the school. And who doesn’t like getting a “you may already have been admitted” notice? It could be a big ego and motivational boost for some seniors.

If you have a kid that has used direct admissions, please post your experiences, I would be interested to hear from you.

The AI takeover of photography

I have been a casual camera user for decades, ever since I got a simple box camera in my teens. I actually had a job as a professional photographer when I got out of college, and built my own darkroom in several homes for printing black and white pictures. This obviously was during the pre-digital era. The past few years I have been enjoying my smartphone’s camera, which keeps getting more and more capable. Going digital meant no more darkroom, and being able to print to an online photo processor by uploading my images. Here is a photo that I took recently.

Well, I come bringing bad news, although it initially doesn’t seem that way. First, cameras are getting smarter. It isn’t just a matter of better resolution images, but better software. The new Google Pixel 9 has something called Reimagine, which has some very neat tricks for in-phone picture editing as shown in this threads post by Chris Welch..This used to be the domain of a skilled Photoshop operator. Now you just tap on the right buttons.

Second, AI is moving into more “original” photography. Google’s ImageFX is now available in preview here— you type in a description of a photo that you are interested in, and within a few seconds, it creates a few images that you can choose from. My prompt of a “high-resolution photo-realistic interior of ornate teal art deco living room” brought the following image:

That is a pretty nice setup. Note the lighting effects, and reflections in the glass table  and mirror are pretty darn good.

So what is the bad news you may ask? Well, as someone reminded me, what we are seeing here are the absolute worst images that AI has produced, and the quality will only get better, much better given the pace of AI development. Soon the lenses on the back of your phone will be redundant. Those travel photos that you took of your last trip to someplace exotic? Chances are someone else has been there, posted the pix, and some AI engine has gobbled it up. Just a few clicks and you can be added in the foreground. What about pictures of things? Now Google’s Lens has been improved: it is now part of the Android OS and you can do all sorts of tricks with it to identify what you are seeing on a web page or IRL. No need to set up a pesky set of lights or to compose the perfect image. Just crop with your finger.

While you mull that over, I want to leave you with one last image, of a real electric power station near Budapest. At least, I think it is real and not some AI construct. But soon, it won’t matter much, just as we have forgotten all about using stop bath and learning the zone system.

The evolution of how brand impersonation attacks use social media

A new academic study of more than 1.3 million social media accounts was given recently at this month’s Usenix conference in Philadelphia. The paper, entitled The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms, makes for interesting reading and sadly shows just how well developed this ecosystem is. Ironically, as business brands pay more attention to social media interactions with their customers, they also enable imposters to launch attacks because people now expect companies to interact with social media. This means that there are many scam accounts that impersonate the brands to create confusion. These lure customers into providing private data and can result in stolen funds and further attacks. The research claims to be the first large-scale measurement of the social scamming ecosystem.

The research team, which was composed of academics from Germany and the US as well as from Paypal, identified almost 350,000 usernames performing various typosquatting techniques to impersonate more than 2,800 brands across Twitter (I know it is called something else, don’t remind me), Instagram, YouTube and Telegram.

Typosquatting is using deliberate typos in user and domain names to make it appear that paypel_support is really the people answering your connection problems. It is not a new problem when it comes to domain names, but as I wrote earlier this year for DarkReading, its use is proliferating in a variety of ways. One way that I didn’t mention is how fraudsters are using it across social media networks. Twitter “is the primary platform for brand impersonation attacks, with fraudsters frequently using typosquatting in their usernames. Roughly a third of these deceptive profiles also use official logos to appear more legitimate.”

The team found that brand impersonation involves multiple steps: after setting up a fake profile (oftentimes using the real brand’s logo to lend legitimacy), the fraudsters engage with customers through posts and offer phony incentives such as discount cards, free services and the like. But the attackers then collect sensitive data, including identities, credit card numbers and other details that are used to engage them in other fraudulent activities.

The most commonly targeted brand is Netflix, which is troubling because right now Netflix is sending out numerous legit messages heralding a change in their account pricing. Apple is the second most targeted brand.

The researchers have several suggestions to try to stem the tide, but admit these will be tough to implement. One of them is pretty obvious: in their work with Paypal, they found that many brands haven’t done their homework and failed to use Know Your Customer methods and continually scan for stolen identities, monitoring their brand mentions online or check for fraud card usage. One recommendation is to send out a quick autoresponse to a customer query to try to engage them before the scammer does. Another is for social media platforms to validate a brand when a new account is created, so that the owner of the proposed paypel_support account really is someone@paypal.com and not fakeuser123123@gmail.

What happens when your plane’s GPS doesn’t work

Many of us have a love/hate relationship with our GPS’s. We love the fact that they can tell us when a route is filled with traffic, or a better way to get from Point A to Point B. But we hate it when we are running late and when the GPS route is a convoluted series of seemingly contradictory turns down small side streets, or when we are somewhere where coverage is spotty or blocked.

That is fine when we are in a car, or using transit. But what happens, as I pose in the subject line, when you are flying a plane and its GPS quits working? It sadly is happening with increasing frequency, as the places around the world that are part of conflict zones continues to expand, and because spoofing or blocking GPS signals is one way to prevent military actors from getting precise positions. That link will document exactly what is happening, and you can click on other links at the end of that post to understand the different types of spoofing that have been observed. The number of incidents has risen alarmingly in the past several months, with as many as 1350 daily flights encountering spoofing, but averaging 900.

Now, that may sound like a lot of flights, but when you consider that these days about 100,000 flights fly every day around the world, it is admittedly still a small number. However, the spots where GPS signals are unreliable have expanded to ten distinct areas. Some of these you might suspect, such as around the Middle East and Russia for example.

(I wrote a few years ago about the Russian airlines. This is yet another reason to steer clear of any flights that come near the place.)

But there are several problems behind this data. First, flight crews are not trained to switch off their GPS when spoofing happens. In fact, they run a variety of automated systems that rely on the global GPS network with all sorts of acronyms. Some spoofing hits the autopilots driving the plane, some hit the ground collision radar that prevents planes from hitting the side of a mountain, others hit the transponders that broadcast the plane’s identity. Second, the symptoms aren’t consistent across all these systems: Each system exhibits different behavior when they get spoofed GPS signals. This means that aircrews are losing trust in their instruments, which is not a good thing. Third, the air traffic controllers — particularly the ones handling long-haul transoceanic flights — have to work harder to separate the planes flying a particular route which are in trouble, which means lower passenger capacity and more flight delays. In some cases, the situation happens close to a landing, which means some planes have to “go around” and take time and fuel to attempt a second landing. Finally, there are a bunch of aircraft-related international organizations that work together in a very delicate balance, and spoofing upsets that particular applecart. Imagine the UN, only worse.

GPS spoofing is now being used as a weapon of war, and it is sadly catching on as the investment in small armed drones is small but the damage that they can cause is great if they can rely on precise positioning for their targets. Sadly, it will take some time before the civil aviation industry can retool to work around spoofing in any effective manner.

How to stop face fraud schemes

The latest in face fraud has little to do with AI-generated deep fake videos, according to new research this week from Joseph Cox at 404 Media. It involves a clever combination of video editing, paying unsuspecting people to record their faces and holding up to the camera blank pieces of paper. Sites such as Fotodropy and others have sprung up that have real people (as shown here) that are the face models, moving their heads and eyes about at random during the course of the video.

This goes beyond more simplistic methods of holding up a printed photograph or using a 3D-printed mask of a subject, what was known as face spoofing. That produced a static image, but many financial sites have moved to more complex detection methods, requiring a video to show someone is an actual human. These methods are called document liveness checks, and they are increasingly being employed as part of know-your-customer (KYC) routines to catch fraudsters.

The goal is not to have your actual face on a new account but someone that is under the control of the hacker. Once the account is vetted, it then can be used in various scams, with a “verified” ID that can lend the whole scam more believable.

Back in the pre-digital days, KYC often meant that a potential customer would have to pay an in-person visit to their local bank or other place of business, and hand over their ID card. A human employee would then verify that the ID matched the person’s face and other details. That seems so quaint now.

The liveness detection does more than have a model mug before the camera, and requires a customer to follow stage directions (look up, look to your left) in real time. This avoids any in-person verification in near-real-time and shifts the focus from physical ID checks to more digital methods. Of course, these methods are subject to all sorts of attacks just like anything else that operates across the internet.

There are several vendors who have these digital liveness detection tools, including Accurascan, ShuftiPro, IDnow.IO and Sensity.AI, just to name a few that I found. Some of these features can measure blood flow across your face and capture other live biometric data. This post from IDnow goes into more detail about the ways facial recognition has been defeated in the past. It is definitely a cat-and-mouse game: as the defenders come up with new tools, the fraudsters come up with more sophisticated ways around them. “This had led to growing research work on machine learning techniques to solve anti-spoofing and liveness checks,” they wrote in their post.

The one fly in these liveness routines is that to be truly effective, they have to distinguish between real and fake ID documents. This isn’t all that different from the in-person KYC verification process, but if you paste in a fake driver’s license or passport document into your video, your detection system may not have coverage on that particular document. When you consider that there are nearly 200 countries with their own passports and each country has dozens if not hundreds of potential other ID documents, that is a lot of code to train these recognition systems properly.

Note that the liveness spoofing methods are different from deepfake videos, which basically attach someone’s face to a video of someone else’s body. They are also a proprietary and parallel path to the EU’s Digital Wallet Consortium, which attempts to standardize on a set of cross-border digital IDs for its citizenry.

The end of the floppy disk era

An article in this week’s New York Times decries the end of the floppy disk. Its use as a medium of data transfer for Japanese government reports has finally been replaced with online data transfer. I read the piece with a mixture of sadness and amusement. The floppy was a big deal — originating from IBM’s big iron. It became the basic fuel of the PC revolution.

Before we had PCs, in the late 1970s, we had the first dedicated word processor machines coming into offices. I came of professional age  when these huge beasts, often built-in to office furniture. They were the domain of the typing pool of secretaries that would transform hand-written drafts into typed documents. These word processors had printers and ran off 8″ floppies that held mere kilobytes of text files. Those larger disks were a part of America’s nuclear control bunkers up until 2019 or so.

But back to the 1980s. Then IBM (and to some extent Apple) changed all that with the introduction of 5″ versions that were attached to their PCs. Actually, they measured five and a quarter inches. Within a few years, they became “double-sided” disks, holding a huge 360 KB of files. To give you an idea of this vast quantity of storage, you could save dozens of files on a single disk. But things were moving fast in those early days of the PC — soon we had hard-shell 3.5 inch floppies — the label remained, even though the construction changed — that could hold more than a megabyte of data. Just imagine: today’s smart watches, let alone just about any other smart home device — can hold gigabytes of data.

You would be hard-pressed to find a computing device that has less capacity these days. And that is a good thing, because today’s files — especially video and audio — occupy those gigabytes. But I just checked: a 5,000 MS Word file — just text — is only 35 KB, so things haven’t changed all that much in the text department.

The double-sided label sticks in my mind with this anecdote. The scene was a downtown office in LA, where I worked for the IT department of a large insurance company in the mid-1980s. We occupied three office towers that spanned several blocks, and part of the challenge of being in IT was that you spent a lot of time going around the complex — or at least for the times — debugging user’s problems. We would often tell users to send us a copy of their disk via interoffice mail and we would take a look at it if it wasn’t urgent. Soon after I got this call I got the envelope. Inside were two sheets of paper: the user had placed his floppy disk on the glass bed of their Xerox copier, and sent me the printouts. But this was a user who was paying attention: he noticed the “double-sided” designation on the disk, so flipped it over and made a copy of the back of the disk too.

The dual-floppy drive PC was a staple for many years: one was used to run your software, the other to store your data. The software disks were also copy-protected, which made it hard for IT folks to backup. I remember going over to our head of IT’s home one weekend to try to fix a problem he had with the copy-protected version of Lotus 1-2-3, the defining spreadsheet of the day.

Those were fun times to be in the world of PCs. The scene shifts to downtown Boston, at the offices of PC Week, back in early 1987. I had left the insurance company and taken a job with the publication. A few months into the job, I had gotten a question from a colleague who was having trouble with his PC, the original dual floppy-drive IBM model. I went over to his desk and tried to access his files, only to hear the disk drive grind away — not a sound that you want to hear. I flipped open the drive door and removed the offending disk. My colleague looked on with curiosity. “Those come out?” he exclaimed. No one at the publication had bothered to tell him that was the case, and he had been using the same physical disk for months, erasing and creating files until the plastic was so worn out that you could almost see through it. I showed him our supply cabinet where he could stock up on spare floppies.

Apple was the first company to sell computers sans floppies in 1998, and other PC makers soon eliminated them. Storage on USBs and networks made them obsolete.Sony would stop selling the blank disks in 2011, but they lived on in Japan until now.

Floppies were trouble, to be sure. But they were secure: we didn’t have to worry about our data being transmitted across the world for everyone to see. And while their storage capacity was minuscule — especially by today’s standards —  it was sufficient to launch a thousand different companies.

Self-promotions dep’t

Speaking of other things that have lived on in Japan, I recently wrote about the Interop show network and its storied history. I interviewed many of the folks who created and maintained these networks over the years, and why Interop was an innovative show, both then and now.

Big if true: creating bespoke online realities is dangerous

Jack Posobiec, Mike Benz, Justine Sacco, Samara Duplessis. If you have never heard of any of these people, this post might be illuminating about how online conspiracies are created and thrive. It is based on a new book, Invisible Rulers: The People Who Turn Lies into Reality,” by Renne DiResta, a computer science researcher whom I have followed over many years. DiResta has been involved in debunking various memes, such as Pizzagate, “stolen” elections, anti-vaxxers, Wayfair selling kids inside their filing cabinets and numerous other cabals. It is now quite possible to mass-produce unreality.

Her book describes the toxic mixture of influencers, algorithms and crowd responses to construct various intricate and believable online conspiracies. She calls this unholy trinity a bespoke reality, used as a self-reinforcing mechanism that has been constructed over the years to cause a lot of pain and suffering for unsuspecting people. “Platforms have imbued crowds with new qualities. They are no long fleeting and local but persistent and global,” she writes. She herself has been the target of a few internet mobs, getting sued, doxxed, misquoted and more. Earlier this summer, she lost her job at the Stanford Internet Observatory, a research outfit she ran with Alex Stamos, who left last year. That link describes what SIO will become without their leadership, and it is debatable if the operation still really exists.

Clearly, “it is not a good time to be in the content moderation industry,” said 404 Media’s Jason Koebler. Trust and safety moderation teams are all but disbanded, and big consulting contracts to comb through the millions of toxic posts on various social networks aren’t being renewed. Facebook announced earlier this year they were shutting down CrowdTangle, its major research tool, to be replaced by something that may or not actually be useful.  We all know what happened over at Twitter when it was bought by a billionaire man-boy, such as repricing API access to the Twitter APIs. What used to be free back in the Before Times now costs $42,000 a month. And new research from CheckMyAds indicate that advertisers there are returning back, only this time being shoehorned into comments, including comments of posts that violate its own content rules about hate speech.

@checkmyads

Elon Musk’s X placed ads for dozens of brands in the replies below posts that violate the X Rules against hateful content. Here’s what we found when we looked of a sampling of posts.

♬ original sound – Check My Ads

It seems all social media have adopted a model of toxic influencer-as-a-service. “What matters is keeping fans engaged, aggrieved and subscribed,” says DiResta. She talks about how the influencer is not just telling the story, but becomes part of the story itself. They can adopt one of several roles or personas: the Entertainer, the Explainer, the Bestie, Idols, and Gurus. There are generals, who keep the mob all in a lather, and Reflexive Contrarians, a particular type of explainer that tell you why everything you know is wrong, and Propagandists, and the Perpetually Aggrieved. This latter type have a solid understanding of how platform algorithms amplify their content, and yet also can avoid their moderation efforts, when they cry “censorship” if they run afoul of them.

No matter what type of influencer one is, the real measure of success is when they amass a large enough audience they become like Enron, “too big to cancel.” At that point, truth and interest all become relative, and almost irrelevant, what she calls the Fantasy Industrial Complex, the cinematic universe that is no different from the comics.

But the cinematic universe has to have its villains to succeed. If you create an online service that focuses on a particular self-selected audience (say Parler as an example), you lose the ability to fight the others, and your perpetual complaints don’t land. “There is no opportunity to spin up an aggrievement fest over being wrongfully moderated,” she writes. By design, you can’t own your enemies. So sad.

The title of this post — “big if true” — refers to what influencers say in their rush to publish some content. “Experts may wait to be sure of something,” says DiResta. “But not influencers. And if this turns out to be false? Oh, well, they were just sharing their opinion and just asking questions.”  Trolling is fun, and quite profitable, it turns out ” And it almost doesn’t matter if the statements actually advance a cause or prove anything. “The point is the fight. Winning insights, in fact, negatively impacts the influencer because resolution would reduce the potential for future monetizable content,” she writes.

This has several implications. We are no longer in the arena of freedom of speech: instead, we debate the freedom of reach. It isn’t about hosting content on a particular platform, but how it is promoted and packaged. We aren’t talking about the marketplace of ideas, but the way those ideas are manipulated.

DiResta’s book should be required reading for all PR and marketers. The last portion of her book has some very concrete suggestions on how to turn down the toxicity, and try to return to a bespoke world that actually has some basis in truth. If you don’t want to read it, I suggest watching the middle third or so of her interview with Quentin Hardy.And maybe re-evaluate your social media presence. “If we want virtual town squares” in our online world, she says “we have to act like the people on them are our actual neighbors.”

How Russia is exploiting Telegram for war funding and news coverage

While lots of focus is on TikTok, I would argue that many of us are missing the influence and role played by the messaging network of Telegram. In this post, I explain why that could be a bigger threat to the online world.

Last fall, I wrote a post for SiliconAngle about how social media accounts are being used by pro-Russia misinformation groups. This was based on a report by Reset sponsored by the EU. One of the results from this report is that Telegram is very permissive in allowing hateful content and propaganda. A new report from  the Atlantic Council’s Digital Forensic Research Lab last week takes a deeper dive into how Telegram has been a communications kingpin for Russia’s war, and how effective and pervasive it is. The social network is not only being used for misinformation purposes, but also to recruit mercenaries, fund their purchases of tactical equipment and medical supplies, and serve as primary sources for Russian TV war coverage. The council calls it a digital front and another battlefield in the Ukraine conflict.

What surprised me was the huge audience that Russian Telegram has: with an estimated 30M monthly active users, billions of views and its cozy relationship with various Russian state-sponsored traditional TV channels. There are even channels run by the NY Times and Washington Post that were created to get around website and other internet content blocks.

By now, most of us are familiar with the term “catch and kill” as it applies to media buying stories that are never intended to run. Pro-Russia Telegram channels are paid not to mention specific persons or companies.

My analysis for Avast’s blog about data privacy of various messaging networks from early 2021 shows that Telegram isn’t as anonymous as many people first thought. The council’s report confirms this, finding government crackdowns on supposedly anonymous Telegram channels that have real-world consequences of arrest and prison terms for those channels that take these anti-government positions. Even so, there are many Telegram channels that continue to be critical of government policies and operations, such as those supporting last summer’s failed Wagner mutiny.  “While Telegram positions itself as a censorship-free platform, the available evidence demonstrates how the service is not a completely safe place for critics of the war,” they wrote. Wagner’s head Yevgeny Prigozhin discovered this first hand and died after declaring his mutinous intentions initially on Telegram.

Some of Russia’s military bloggers offer occasional criticism of the war, which adds to their credibility and popularity. “Users see their efforts as trustworthy and balanced, especially when compared to state media resources,” the council’s report wrote. That is not only insidious but dangerous, especially as many posts are widely shared and get millions of views.

As I mentioned earlier, many of the Telegram accounts openly ask for donations, providing bank account numbers and crypto wallet addresses, mostly in Bitcoin and Tether (ironically, one that is tied to the US dollar). The funds collected have been significant, in the equivalent of millions of dollars. They are also used for recruiting fighters and coordinating hacktivism efforts such as DDoS’ing Ukrainian targets such as civilian infrastructure, government data centers and banks. Ironically, Telegram is also used to help Russians avoid the draft with all sorts of tips and strategies on how to emigrate out of the country.

The final irony is that Telegram was created by two Russian brothers to get around government censorship, and was blocked by the government for several years. The brothers now live in Dubai and the Russian government has decided to leverage the network to amplify its propaganda and complement its communications.

The arrival of the digital guillotine

Our online cancel culture took another step deeper into the morass and miasma that shows how sophisticated, toxic, and partisan it has become. The 2024 version now comes with a new label called digitine, for digital guillotine, meaning cutting off discussion of the other side, boycotting the companies that have taken opposing positions, and moving to a worldwide audience.
Remember the Facebook ad boycott of the summer of 2020? That seems so naive now. Here are a few ways things have gotten worse:
  1. Much of the digitine can be traced to the division over two controversial wars and ratcheted up the hyper-politica volume. Either you are for Hammas (as incredible as that sounds) or for Israel. Pro-Russia or Ukraine. There is no middle ground. 
  2. It is religious. Jew vs Arab. Or more accurately, pro-Jew vs. anti-Jew. Bring out those dusty anti-semite tropes and re-quote the protocols of Zion. They aren’t so dusty after all. This has created all sorts of secondary corporate spillover effects. Say your company announces support for one or the other side. That triggers all sorts of boycotts and protests (as an example, what is happening in Malaysia — a Muslim-majority country — with complaints about Starbucks’ support of Israel). It takes apart our global village.
  3. It is directed at celebs/influencers, not the digital platforms themselves as the 2020 Facebook ad boycott. Makes it easier to digest, to put on placards, to gather media coverage. The viral nature of these clips, gassed up with social networks, feed into the outrage machinery which  brings these campaigns quickly to millions.
  4. Speaking of which — the dis/misinformation tooling has gotten better. Thanks AI. Who needs Russian human-based troll factories when you can generate the memes faster with GPU-laden computers? This is aided and abetted by easy manufacture of deep fake celebs that are “captured” espousing one thing or another. (Scarlett will appear before the House cybersecurity committee later this year, oh boy!)

Sure you can silence the folks on your feed that are caught up in these campaigns. Or leave the worst offending platforms (such as one that uses a single letter). But these are like using a band aid to stop an arterial bleeding.

The latest threat to ecommerce: crackdowns by the US Customs and Border Protection

If you want to ship illegal goods into the US, you might think sending them via air freight as probably the worst way to get them into the country. You would be wrong. Tens of thousands of tons of shipments enter our air freight ports every day, and the vast majority of them receive no inspection whatsoever.

In the past, the US Customs and Border Protection (CBP) agency has made it easier particularly for smaller volume shippers to send their stuff here without having to pay any duties or tariffs, under what is called an Entry Type 86 exception. This means if the value of the item is less than $800 per buyer and per day that the shipment arrives, nothing is owed. Last year a billion such packages came into the US, with many coming from two Chinese shippers, Temu and Shein.

But criminals are clever, at least initially. Many of them have taken advantage of Type 86 exemptions to ship drug precursor chemicals and raw textiles and other things, knowing that their cargo won’t be touched as it moved through the ports. Well, that situation has changed and now CBP is checking things more carefully. As you might imagine, given the tonnage that goes through our ports, this is slowing things down considerably. The stricter scrutiny has had results: CBP has suspended customs brokers from the Type 86 program and seized many illegal shipments.

There are several downstream problems that could happen. First, expect delays on your favorite Amazon package that isn’t in their own warehouse and has to come from overseas. Cargo flights will be delayed or cancelled when the warehouse ports fill up with yet-to-be-inspected merchandise. Second, criminals will undoubtedly migrate to maritime shipments, which don’t get much in the way of inspection either. Third, major shippers will probably shift to consolidating orders and shipping to their own warehouses. All this means longer shipping times and these delays could result in higher prices to the ultimate consumer. All of this turmoil could spell trouble for legit ecommerce businesses that rely on predictable shipments of their goods, which is ironic when you think about it.