Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Aside Quotations

2013.4.11

CryptDB, a project out of MIT’s Computer Science and Artificial Intelligence Lab, (CSAIL) may be a solution for this problem. In theory, it would let you glean insights from your data without letting even your own personnel “see” that data at all, said Dr. Sam Madden, CSAIL director, on Friday.

“The goal is to run SQL on encrypted data, you don’t even allow your admin to decrypt any of that data and that’s important in cloud storage, Madden said at an SAP-sponsored event at Hack/reduce in Cambridge, Mass.

Barb Darrow, “You want to crunch top-secret data securely? CryptDB may be the app for that

This is super interesting work that, if successful, could open a lot of sensitive data to mining. However, it needs to be extensively tested.

One thing that is baked into this product, however, is the assumption that large-scale data mining is good or appropriate. I’m not taking a position that it’s wrong, but note that there isn’t any discussion – that I can find – where journalists are thinking through whether such sensitive information should even be mined in the first place. We (seemingly) are foreclosing this basic and very important question and, in the process, eliding a whole series of important social and normative questions.

Categories
Links Writing

Bitcoin Malware Emerges

So, in line with my previous writing on why I’m skeptical of digital currencies like Bitcoin, Ars Technica has a piece of the newest malware hitting digital currencies:

In another example of the security mantra of “be careful what you click,” at least one Bitcoin trader has been robbed in a forum “phishing” attack designed specifically to ride the hype around the digital currency. The attack attempts to use Java exploits or fake Adobe updates to install malware, and it’s one of the first targeted attacks aimed at the burgeoning business of Bitcoin exchanges.

(…)

This type of attack is de rigeur in the financial world, according to George Waller, the executive vice president of Strikeforce Technologies, a security software firm specializing in two-factor authentication and anti-keylogging software for the financial industry. “Driving people to a site to download malware is one of the most common attacks today,” he told Ars. “You go to a site from a forum and get prompted for Java or Adobe updates—and in the majority of those updates they drop in a keylogger. Since they’re written to get around antivirus scans, AV software is useless against this sort of pervasive malware today.”

To be clear: such attacks are common against a host of perceived high-value targets. They also, however, underscore the real value in linking names, activity-types, purchase behaviour, and other distinctive characteristics to persons’ online economic activity to defray fraud made possible by malware.

Categories
Links Writing

The Next Xbox Will Take Over Your TV

parislemon:

On the other hand:

Coupled with this TV functionality, Microsoft’s next-generation Kinect sensor will also play a role in the company’s TV focus. The Verge has learned that the next Kinect will detect multiple people simultaneously, including the ability to detect eye movement to pause content when a viewer turns their head away from a TV.

I really don’t understand this functionality. It sounds like a stupid novelty in the new Samsung Galaxy phone, and I think it’s worse here. Given how many people now “watch” TV with a second screen, is it going to pause every three seconds?

Words cannot express how pissed I would be if turning away from a TV meant that it paused what I was watching. I routinely walk away in dialogue heavy scenes to get a glass of water or whatever, and then return without having missed anything of substance. If I had to change a setting to enable this behaviour (i.e. what I’ve done my entire life) then I’d be annoyed as hell. I think this approach generally presumes that people should be actively just watching what’s on the screen and I really don’t know that many people who focus that hard on screen-based entertainment at home all that often.

Also: as cool as the Kinect is this is the kind of use case that bothers me about the technology more generally. Perpetually having an Internet-accessible series of cameras and microphones is one thing when I can control when they’re on or not: I don’t like the idea of them being ‘on’ when I’m not actively involved in a very specific operation that demands this kind of functionality. And, I mean, if Microsoft implements this there’s no way that advertisers or marketers aren’t going to want the data collected (in ‘aggregate and anonymous’, I’m sure) by the Kinect that’s watching and listening to everything you do within a 15ft radius of your TV.

Categories
Links Writing

Notes EM: My FT oped: Google Revolution Isn’t Worth Our Privacy

evgenymorozov:

Google’s intrusion into the physical world means that, were its privacy policy to stay in place and cover self-driving cars and Google Glass, our internet searches might be linked to our driving routes, while our favourite cat videos might be linked to the actual cats we see in the streets. It also means that everything that Google already knows about us based on our search, email and calendar would enable it to serve us ads linked to the actual physical products and establishments we encounter via Google Glass.

For many this may be a very enticing future. We can have it, but we must also find a way to know – in great detail, not just in summary form – what happens to our data once we share it with Google, and to retain some control over what it can track and for how long.

It would also help if one could drive through the neighbourhood in one of Google’s autonomous vehicles without having to log into Google Plus, the company’s social network, or any other Google service.

The European regulators are not planning to thwart Google’s agenda or nip innovation in the bud. This is an unflattering portrayal that might benefit Google’s lobbying efforts but has no bearing in reality. Quite the opposite: it is only by taking full stock of the revolutionary nature of Google’s agenda that we can get the company to act more responsibly towards its users.

I think that it’s critically important to recognize just what the regulators are trying to establish: some kind of line in the sand, a line that identifies practices that move against the ethos and civil culture of particular nations. There isn’t anythingnecessarily wrong with this approach to governance. The EU’s approach suggests a deeper engagement with technology than some other nations, insofar as some regulators are questioning technical developments and potentialities on the basis of a legally-instantiated series of normative rights.

Winner, writing all the way back 1986 in his book The whale and the reactor: a search for limits in an age of high technology, recognized that frank discussions around technology and the socio-political norms embedded in it are critical to a functioning democracy. The decisions we make with regards to technical systems can have far-reaching consequences, insofar as (some) technologies become ‘necessary’ over time because of sunk costs, network effects, and their relative positioning compared to competing products. Critically, technologies aren’t neutral: they are shaped within a social framework that is crusted with power relationships. As a consequence, it behooves us to think about how technologies enable particular power relations and whether they are relates that we’re comfortable asserting anew, or reaffirming again.

(If you’re interested in reading some of Winner’s stuff, check out his essay, “Do Artifacts Have Politics.”)

Categories
Writing

What would have to change about the institutions behind Bitcoins (or a similar digital currency) before you’d consider using it?

The general issue I have with digital currencies that aren’t backed by reputable, insured, (and ideally well regulated) financial institutions is that they’re wickedly susceptible to theft. Some digital currency producers, like the humorous joke that the Canadian Mint is working on, out and out refuse to provide information to security researchers to test the crypto, anonymization systems, or surrounding security infrastructure associated with their products. Other products don’t stand up all that when when you apply a host of threat models (e.g. loss of digital credential, security of the public key infrastructure, etc).

So, what would I require before considering adopting stand-alone digital currency?

  1. A good, clear reason to prefer it over ‘real’ currency (e.g. it’s actually anonymized, or secure, or better trade value across borders to a wide host of parties, or something);
  2. A clear, demonstrable, means (based on public data) to confirm the security and reliability of the currency;
  3. A guarantee that instances of compromise of the computer or the communications channel won’t result in money vanishing from my ‘account’;
  4. A large enough adoption rate that owning the currency is useful for trade purposes.

I still don’t really ‘get’ the problem that Bitcoin is trying to ‘solve’ outside of edge cases (e.g. get money to Wikileaks). I get that some believe that Bitcoins are a kind of anonymous currency, but this is based more on myth than truth: it’s possible to recursively figure out how the coins ‘move’ between parties once you have a sufficiently sized data set. This means that the ‘banks’ that hold Bitcoins can actually massively trace who has possessed particular elements of the currency, who previously held those elements, and then tie this information with data outside the pure exchange of currency to identify the involved parties.

Ultimately, until it’s clear what problems these currencies are legitimately solving, and items 1-4 on the above list are met, I can’t imagine using Bitcoins or other digital currencies.

Categories
Links

EU regulators accuse smart card chipmakers of price-fixing

Looks like some chipmakers might experience some revenue ‘setbacks’ after engaging in antitrust actions:

The case has been ongoing for years, as the European Commission searched the offices of Infineon Technologies AG, STMicroelectronics NV, Renesas Technology Corp. and Atmel Corp. in 2008. In 2009 it investigated companies that make chips for telephone SIM cards, bank cards and ID cards over price-fixing and customer allocation. NXP Semiconductors NV has admitted that it has been involved in the investigations and could be subject to fines.

Should the EU prove that price-fixing is occurring, it can levy fines on companies. While the commission has been trying to negotiated a settlement, those talks have fallen through, which may lead to stiffer fines.

 

Categories
Aside

Book Delivery Day!

Categories
Aside Humour

parislemon:

joncrowley:

alexcarantza:

Decision tree for using a QR code

I feel like the QR code is the litmus test for whether your ‘digital experts’ are actually digital experts.

(Although, I have seen some data that suggests that they work in a few specific situations.)

Pretty perfect.

The most honest depiction I’ve ever seen regarding QR codes

Categories
Aside Links

jakke: getallthedegrees replied to your post: must force myself to stop…

jakke:

getallthedegrees:

jakke:

imagegetallthedegrees replied to your post: must force myself to stop eating pad thai

I’ve been told your supervisor does the asking, though you have input. But that might just be my department. However, for my MA my supervisor did the asking but asked who I wanted. So I dunno??

Sorry – to clarify, when I said “committee” I was including supervisor. Because I don’t yet have anyone formally signed on. Three years into the PhD. Despite semi-frequent discussions of research and stuff with three or four faculty members. And it’s really hard to track anyone down unless there’s a talk or something where I can chase them afterwards and beg for a meeting time.

Forgive my ignorance of econ programs, but how did you get through your comps without a formal supervisor? Unless, this means you didn’t do comps? Do you do quals instead? How is your program structured?

I was told that I’m supposed to formally ask who I want to be my supervisor, and should really be thinking about it soon (September at the latest) according to the grad advisor. In my program you don’t ask formally until you do candidacy* (after you finish your coursework), but since I’m not able to take the remaining classes I need over the summer I’ll be doing candidacy work sort of unofficially.

*In my program (and I think most programs in my institution) we take more classes than most (eight, rather than four or six), and skip the comps/quals process and do candidacy instead. Candidacy is the first three chapters of your dis, so intro, lit review and methodology (~ 80-100 pages) which you defend in an oral exam.

Okay so hopefully this isn’t overshare but here’s how my program (and, I think, most econ programs) works:

  1. Eight months of general coursework (three per term for two terms). Everyone takes this together.
  2. Two comp exams. Everyone takes these together. They cover all of macro and micro theory. One or two people get kicked out.
  3. Another eight months of coursework, this time with four per term for two terms. This is where specialization happens.
  4. Four months of writing a paper. This is supposed to get you familiar with the process but is almost always a failure.
  5. Twelve months of preparing for prospectus defence. This is where I am now. Typically a big chunk of your thesis gets written here.
  6. Prospectus defence and assembling a committee. Including the prof who’s formally your supervisor.
  7. Twelve months of preparing for the job market. Your best paper gets super polished as your Job Market Paper around this point.
  8. Four months of job market. In here, you’re also finishing your thesis. But really it’s your Job Market Paper that matters more than the actual thesis.
  9. Four months of finishing up the thesis, getting a job, and defending the thesis.
  10. Graduating and very very hopefully progressing to gainful employment.

So the big paper I’m currently working on right now will very hopefully be my Job Market Paper. Other projects I’m working on might end up in my thesis. At least one is getting published and isn’t going to be part of my job application at all because it’s not economics.

And yeah accordingly I really really need to put together a committee to formally supervise my actual thesis. And I don’t know how much coldness is par for the course or at what point it actually becomes a strong negative signal.

That’s….a different structure from any other I’ve seen. I’ve the good fortune of entering the program with a supervisor (you can switch later, if you want). He’s helped pay a bunch of my bills + general guidance.

He’s also taken most of the work out of finding people for the committee: we had a meeting and went back and forth on names, and then he rounded folks up. It’d have been super awkward to do this myself, given that I tend not to know people in the program terribly well (and they tend to look at me funny, not quite knowing what it is that I actually do as an academic).

Categories
Aside Quotations

2013.4.8

Although some of the core supporters of that group are prone to violence and criminal behaviour, Catt has never been convicted of criminal conduct in connections to the demonstrations he attended. Nonetheless, Catt’s personal information was held on the National Domestic Extremism Database that is maintained by the National Public Order Intelligence Unit. The information held on him included his name, age, description of his appearance and his history of attending political demonstrations. The police had retained a photograph of Mr Catt but it had been destroyed since it was deemed to be unnecessary. The information was accessible to members of the police who engage in investigations on “Smash EDO”.

In the ruling the Court of Appeal departs from earlier judgments by mentioning that the “reasonable expectation of privacy” is not the only factor to take into account in determining whether an individual’s Article 8 (1) right has been infringed. In surveying ECtHR case law, the Court noted that it is also important to check whether personal data has been subjected to systematic processing and if it is entered in a database. The rationale to include consideration of the latter two categories is that in this way authorities can recover information by reference to a particular person. Therefore, “the processing and retention of even publicly available information may involve an interference with the subject’s article 8 rights.” Since in the case of Catt, personal data was retained and ready to be processed, the Court found a violation of Article 8 (1) that requires justification.

Carolin Moeller, “Peaceful Protester’s personal data removed from extremism database

The removal of Mr. Catt’s data from these databases is a significant victory for him and all those involved in fighting for citizens’ rights. However, the case acts as a clear lens through which we can see how certain facets of the state are actively involved in pseudo-criminalizing dissent: you’re welcome to say or do anything, so long as you’re prepared to be placed under perpetual state suspicion.