Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Quotations

2013.4.13

Lawyers are trained in reading, understanding, interpreting and advising on laws and legal compliance programs, and defending their clients from litigants and regulators. Privacy laws, everywhere in the world, are vague, so they leave much room for legal interpretations. The lawyers’ skill set is becoming more and more central to the role of privacy leadership. Moreover, lawyers benefit from attorney-client privileged communications internally, which is becoming an absolutely essential mechanism for privacy lawyers to have deep, unfettered, unfiltered exchanges of information and advice with their clients.

Of course, non-legal disciplines will always play an essential role in safeguarding privacy at companies, e.g., the vital role played by security engineers. Privacy will always be a cross-disciplinary project. I’m not saying that the rise of the lawyer-privacy-leader is necessarily the best thing for “privacy”. Yet in the face of rampant litigation, discovery orders, vague laws, political debates, regulatory actions, threats of billion dollar fines, companies will be looking to their privacy lawyers for a lot more than drafting a privacy policy. It’s a great profession, if you like stretch goals.

Peter Fleischer, “Stretch Goals for Privacy Lawyers
Categories
Videos

Lightsaber Duel Between ‘Game of Thrones’ Characters Jaime Lannister & Brienne of Tarth

parislemon:

laughingsquid:

Lightsaber Duel Between ‘Game of Thrones’ Characters Jaime Lannister & Brienne of Tarth

Thank you, Internet. I’ve been waiting for this since Sunday.

Awesome.

Categories
Links Writing

AeroFS now open to the masses

Cunningham writes that AeroFS,

If you want access to the best features of Dropbox or one of its many competitors—automated file syncing between computers, a way to automatically keep old versions of your synced files, etc.—but you don’t want to keep your stuff in someone else’s cloud, AeroFS is a promising service. It can provide file syncing for many clients using your own local server (or, for businesses, Amazon S3 storage that you have more direct control over).

These are the kinds of projects that are really interesting to see come to fruition. In British Columbia there is pretty intense law that largely precludes public institutions from storing BC residents’ information outside of the province. The law has created a lot of consternation, especially amongst educators, who believe they can’t use ‘next generation’ tools in their classrooms.

Solutions like AeroFS start to bridge that divide, insofar as more and more ‘cloud’ services can be localized within the province and, as a result, be used by teachers and their students. In effect, such products can satisfy users’ demands while also complying with provincial law. Everyone wins.

Categories
Aside

Good Branding

I’m not certain that equating GE’s equipment/software with humanity-enslaving code-based villains constitutes a good ‘branding image’

Categories
Aside Quotations

2013.4.11

CryptDB, a project out of MIT’s Computer Science and Artificial Intelligence Lab, (CSAIL) may be a solution for this problem. In theory, it would let you glean insights from your data without letting even your own personnel “see” that data at all, said Dr. Sam Madden, CSAIL director, on Friday.

“The goal is to run SQL on encrypted data, you don’t even allow your admin to decrypt any of that data and that’s important in cloud storage, Madden said at an SAP-sponsored event at Hack/reduce in Cambridge, Mass.

Barb Darrow, “You want to crunch top-secret data securely? CryptDB may be the app for that

This is super interesting work that, if successful, could open a lot of sensitive data to mining. However, it needs to be extensively tested.

One thing that is baked into this product, however, is the assumption that large-scale data mining is good or appropriate. I’m not taking a position that it’s wrong, but note that there isn’t any discussion – that I can find – where journalists are thinking through whether such sensitive information should even be mined in the first place. We (seemingly) are foreclosing this basic and very important question and, in the process, eliding a whole series of important social and normative questions.

Categories
Links Writing

Bitcoin Malware Emerges

So, in line with my previous writing on why I’m skeptical of digital currencies like Bitcoin, Ars Technica has a piece of the newest malware hitting digital currencies:

In another example of the security mantra of “be careful what you click,” at least one Bitcoin trader has been robbed in a forum “phishing” attack designed specifically to ride the hype around the digital currency. The attack attempts to use Java exploits or fake Adobe updates to install malware, and it’s one of the first targeted attacks aimed at the burgeoning business of Bitcoin exchanges.

(…)

This type of attack is de rigeur in the financial world, according to George Waller, the executive vice president of Strikeforce Technologies, a security software firm specializing in two-factor authentication and anti-keylogging software for the financial industry. “Driving people to a site to download malware is one of the most common attacks today,” he told Ars. “You go to a site from a forum and get prompted for Java or Adobe updates—and in the majority of those updates they drop in a keylogger. Since they’re written to get around antivirus scans, AV software is useless against this sort of pervasive malware today.”

To be clear: such attacks are common against a host of perceived high-value targets. They also, however, underscore the real value in linking names, activity-types, purchase behaviour, and other distinctive characteristics to persons’ online economic activity to defray fraud made possible by malware.

Categories
Links Writing

The Next Xbox Will Take Over Your TV

parislemon:

On the other hand:

Coupled with this TV functionality, Microsoft’s next-generation Kinect sensor will also play a role in the company’s TV focus. The Verge has learned that the next Kinect will detect multiple people simultaneously, including the ability to detect eye movement to pause content when a viewer turns their head away from a TV.

I really don’t understand this functionality. It sounds like a stupid novelty in the new Samsung Galaxy phone, and I think it’s worse here. Given how many people now “watch” TV with a second screen, is it going to pause every three seconds?

Words cannot express how pissed I would be if turning away from a TV meant that it paused what I was watching. I routinely walk away in dialogue heavy scenes to get a glass of water or whatever, and then return without having missed anything of substance. If I had to change a setting to enable this behaviour (i.e. what I’ve done my entire life) then I’d be annoyed as hell. I think this approach generally presumes that people should be actively just watching what’s on the screen and I really don’t know that many people who focus that hard on screen-based entertainment at home all that often.

Also: as cool as the Kinect is this is the kind of use case that bothers me about the technology more generally. Perpetually having an Internet-accessible series of cameras and microphones is one thing when I can control when they’re on or not: I don’t like the idea of them being ‘on’ when I’m not actively involved in a very specific operation that demands this kind of functionality. And, I mean, if Microsoft implements this there’s no way that advertisers or marketers aren’t going to want the data collected (in ‘aggregate and anonymous’, I’m sure) by the Kinect that’s watching and listening to everything you do within a 15ft radius of your TV.

Categories
Links Writing

Notes EM: My FT oped: Google Revolution Isn’t Worth Our Privacy

evgenymorozov:

Google’s intrusion into the physical world means that, were its privacy policy to stay in place and cover self-driving cars and Google Glass, our internet searches might be linked to our driving routes, while our favourite cat videos might be linked to the actual cats we see in the streets. It also means that everything that Google already knows about us based on our search, email and calendar would enable it to serve us ads linked to the actual physical products and establishments we encounter via Google Glass.

For many this may be a very enticing future. We can have it, but we must also find a way to know – in great detail, not just in summary form – what happens to our data once we share it with Google, and to retain some control over what it can track and for how long.

It would also help if one could drive through the neighbourhood in one of Google’s autonomous vehicles without having to log into Google Plus, the company’s social network, or any other Google service.

The European regulators are not planning to thwart Google’s agenda or nip innovation in the bud. This is an unflattering portrayal that might benefit Google’s lobbying efforts but has no bearing in reality. Quite the opposite: it is only by taking full stock of the revolutionary nature of Google’s agenda that we can get the company to act more responsibly towards its users.

I think that it’s critically important to recognize just what the regulators are trying to establish: some kind of line in the sand, a line that identifies practices that move against the ethos and civil culture of particular nations. There isn’t anythingnecessarily wrong with this approach to governance. The EU’s approach suggests a deeper engagement with technology than some other nations, insofar as some regulators are questioning technical developments and potentialities on the basis of a legally-instantiated series of normative rights.

Winner, writing all the way back 1986 in his book The whale and the reactor: a search for limits in an age of high technology, recognized that frank discussions around technology and the socio-political norms embedded in it are critical to a functioning democracy. The decisions we make with regards to technical systems can have far-reaching consequences, insofar as (some) technologies become ‘necessary’ over time because of sunk costs, network effects, and their relative positioning compared to competing products. Critically, technologies aren’t neutral: they are shaped within a social framework that is crusted with power relationships. As a consequence, it behooves us to think about how technologies enable particular power relations and whether they are relates that we’re comfortable asserting anew, or reaffirming again.

(If you’re interested in reading some of Winner’s stuff, check out his essay, “Do Artifacts Have Politics.”)

Categories
Writing

What would have to change about the institutions behind Bitcoins (or a similar digital currency) before you’d consider using it?

The general issue I have with digital currencies that aren’t backed by reputable, insured, (and ideally well regulated) financial institutions is that they’re wickedly susceptible to theft. Some digital currency producers, like the humorous joke that the Canadian Mint is working on, out and out refuse to provide information to security researchers to test the crypto, anonymization systems, or surrounding security infrastructure associated with their products. Other products don’t stand up all that when when you apply a host of threat models (e.g. loss of digital credential, security of the public key infrastructure, etc).

So, what would I require before considering adopting stand-alone digital currency?

  1. A good, clear reason to prefer it over ‘real’ currency (e.g. it’s actually anonymized, or secure, or better trade value across borders to a wide host of parties, or something);
  2. A clear, demonstrable, means (based on public data) to confirm the security and reliability of the currency;
  3. A guarantee that instances of compromise of the computer or the communications channel won’t result in money vanishing from my ‘account’;
  4. A large enough adoption rate that owning the currency is useful for trade purposes.

I still don’t really ‘get’ the problem that Bitcoin is trying to ‘solve’ outside of edge cases (e.g. get money to Wikileaks). I get that some believe that Bitcoins are a kind of anonymous currency, but this is based more on myth than truth: it’s possible to recursively figure out how the coins ‘move’ between parties once you have a sufficiently sized data set. This means that the ‘banks’ that hold Bitcoins can actually massively trace who has possessed particular elements of the currency, who previously held those elements, and then tie this information with data outside the pure exchange of currency to identify the involved parties.

Ultimately, until it’s clear what problems these currencies are legitimately solving, and items 1-4 on the above list are met, I can’t imagine using Bitcoins or other digital currencies.

Categories
Links

EU regulators accuse smart card chipmakers of price-fixing

Looks like some chipmakers might experience some revenue ‘setbacks’ after engaging in antitrust actions:

The case has been ongoing for years, as the European Commission searched the offices of Infineon Technologies AG, STMicroelectronics NV, Renesas Technology Corp. and Atmel Corp. in 2008. In 2009 it investigated companies that make chips for telephone SIM cards, bank cards and ID cards over price-fixing and customer allocation. NXP Semiconductors NV has admitted that it has been involved in the investigations and could be subject to fines.

Should the EU prove that price-fixing is occurring, it can levy fines on companies. While the commission has been trying to negotiated a settlement, those talks have fallen through, which may lead to stiffer fines.