Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Aside Links

Covernames Versus Code / Strategy Versus Tactics

From the New York Times:

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

While the revelation of code facilitates a more immediate kind of repurposing and attack, I think that the Shadow Brokers have tended to reveal tactical information versus the strategic information released by Snowden. Few have done the requisite work to actually pull together the comprehensive narratives that emerge in the Snowden documents and, instead, have focused on specific programs or tools. Those few of us who have comprehensively analyzed his documents, however, now possess insights into strategic thinking, decision making, and resource allocation of the Five Eyes intelligence agencies. The long term value of such information is just as, if not more, valuable than code drops.

Categories
Photography

Terrestrial Movement

Photo made with Olympus E-M10ii and Olympus M.Zuiko Digital 14-42mm F3.5-5.6 II R at Niagara Falls on October 15, 2017 in Niagara Falls, Ontario. Edited in Apple Photos.

Categories
Solved

A Fix for Bad iPhone Battery Life

stewie.jpgFor the past weeks I’ve had outrageously bad battery life on my iPhone 7, running iOS 11. A lot of the battery drain was from the Podcasts app (approx. 24-33%) but I couldn’t figure out why the drain rate was so high: even when I only streamed over Bluetooth or Airplay I’d had the same power drain percentages, so it didn’t seem to be linked to powering the speaker on the phone (which can impact battery life significantly).

Then I realized that the application was searching for new podcasts every hour and downloading any that were available. My battery life has drastically improved after changing the setting so that the app only looks for new podcasts every 6 hours: I can now use the phone normally for a day and end up at about 20-30% battery remaining when it gets set down to charge for the night. Victory is mine!

Categories
Links

USB-C is a Failure

Marco Arment has a scathing and altogether too accurate accounting of the USB-C standard. Anyone who is dealing with the headaches of managing different USB-C cables, hubs, and chargers is all to well aware of the problems associated with the standard, but Marco’s post is the best summation of all the problems in a single location.

Categories
Links

Apathy is Political

On Sidney Crosby’s visit with the Penguins to the Trump White House:

Apathetic white people who groan when athletes of colour get political, or who suggest as Crosby did that politics and sports do not mix, are in need of a reminder that for most, political activism isn’t a choice or a hobby. People don’t usually consider it fun or interesting to put their jobs on the line to speak out against a bigger power. The marginalized do not go looking for politics. It seeks them out. In this context, it sought them out when the President of the United States openly flirted with a racist ideology that would very much like to destroy them.

Exactly.

Categories
Aside Links

Exploited for Advertising

As part of a long-feature for The Guardian:

The techniques these companies use are not always generic: they can be algorithmically tailored to each person. An internal Facebook report leaked this year, for example, revealed that the company can identify when teens feel “insecure”, “worthless” and “need a confidence boost”. Such granular information, Harris adds, is “a perfect model of what buttons you can push in a particular person”.

Tech companies can exploit such vulnerabilities to keep people hooked; manipulating, for example, when people receive “likes” for their posts, ensuring they arrive when an individual is likely to feel vulnerable, or in need of approval, or maybe just bored. And the very same techniques can be sold to the highest bidder. “There’s no ethics,” he says. A company paying Facebook to use its levers of persuasion could be a car business targeting tailored advertisements to different types of users who want a new vehicle. Or it could be a Moscow-based troll farm seeking to turn voters in a swing county in Wisconsin.

Harris believes that tech companies never deliberately set out to make their products addictive. They were responding to the incentives of an advertising economy, experimenting with techniques that might capture people’s attention, even stumbling across highly effective design by accident.

The problems facing many Internet users today are predicated on how companies’ services are paid: by companies doing everything they can to capture and hold your attention regardless of your own interests. If there were alternate models of financing social media companies, such as paying small monthly or yearly fees, imagine how different online communications would be: communities would likely be smaller, yes, but the developers would be motivated to do whatever they could to support the communities instead of advertisers targeting those communities. Silicon Valley has absorbed many of the best minds for the past decade and a half in order to make advertisements better. Imagine what would be different if all that excitement had been channeled towards less socially destructive outputs.

Categories
Aside Links

The Dangers of Political ‘Marketing’

‘Politics’ by Samuel Thorne (CC BY-NC-ND 2.0) at https://flic.kr/p/kAgBCR

From n+1:

Given that some of the major players involved in Trump’s campaign effort have obsessions with war tactics and strategy, it’s easy to imagine that weaponized targeting may not only be a pre-election phenomenon. Such efforts could be employed as part of an ongoing campaign to weaken any resistance to the Trump Administration and thwart political opposition through ratcheting up in-fighting and splintering. It’s not an overstatement to suggest that the infrastructure of mass consumer surveillance enables new kinds of actors to take up the work of COINTELPRO on a mass scale. Former Cambridge Analytica employees have said the company internally discusses their operations as psychological warfare.

Cambridge Analytica may not be alone in pursuing these types of psychological warfare tactics. In response to the recent revelations of Russian-bought Facebook ads, Senator Mark Warner told the Washington Post that the aim of the ads was “to sow chaos.” Yet, rather than promoting general chaos, some ads may have been specifically designed to fuel infighting among the Trump opposition. Earlier this year, The Intercept showed that TigerSwan, a shady mercenary firm hired by Energy Transfer Partners to combat communities opposing the Dakota Access Pipeline, used knowledge gleaned from surveillance as part of their own strategy to splinter their opponents. A leaked TigerSwan document declared, “Exploitation of ongoing native versus non-native rifts, and tribal rifts between peaceful and violent elements is critical in our effort to delegitimize the anti-DAPL movement.”

What our current digital environment affords are opportunities for efficient, large-scale use of such tactics, which can be refined by data-rich feedback loops. Manipulation campaigns can plug into the commercial surveillance infrastructure and draw on lessons of behavioral science. They can use testing to refine strategies that take account of the personal traits of targets and identify interventions that may be most potent. This might mean identifying marginal participants, let’s say for joining a march or boycott, and zeroing in on interventions to dissuade them from taking action. Even more worrisomely, such targeting could try to push potential allies in different directions. Targets predicted to have more radical inklings could be pushed toward radical tactics and fed stories deriding compromise with liberal allies. Simultaneously, those predicted to have more liberal sympathies may be fed stories that hype fears about radical takeover of the resistance. Such campaigns would likely play off divisions along race, gender, issue-specific priorities, and other lines of identity and affinity.

We’re reaching the pinnacle of what online advertising can do: identify persons of interest, separate specific persons from others to discretely target them, and motivate targets to change their emotional states and act based on those states. It’s bad enough this is done to push products but, now, the same activities are seeping into the political systems and damaging democratic undertakings in the process. Such activity has to be regulated, if not stopped entirely.

Categories
Links

Threat Actors and Act Types

OLYMPUS DIGITAL CAMERA
Hacker by The Preiser Project (CC BY 2.0) at https://flic.kr/p/jrrmeP

The grugq has a useful explainer for the different kinds of threat actors an organization might be mindful for, such as hactivists, criminals, and state actors, and how and why they tend to operate as they do. With regards to state, and private-public, teams:

There is a tendency to want to rank the Services, but this is not especially fruitful. More interesting is the culture of the Services teams, their nature, their agility, the problems that the team are expected to address, whether they have internal capacity or rely on third parties, and so on. More relevant is trying to understand what they exist to accomplish, how capable they are of doing that, how agile they are in term of changing their MO and if and how well they can accomplish other goals.

This is an inherent problem with hybrid public/private teams — information sharing. While the private component will probably have superior skills and breadth and depth of operational experience, their lack of big picture understanding will prevent them from surfacing ideas, making connections, or otherwise providing insight to help advance the operation. Generally, having the people actually doing the work involved in suggesting improvements is a good way to improve. Similarly, having the people with wide access to botnet victims know what sort of data will get them paid will produce a greater volume of potentially interesting data.

While I tend to think that his analysis of nation-states is good, it under-emphasizes how certain states either have their farm leagues ‘train’ on civil society or, alternately, team with semi-skilled private operators who operate similar to criminals. Whether these behaviours are representative of training exercises, of not wasting the good stuff on civil society, of deliberately being evident to instil caution amongst civil society, or of something else, isn’t entirely clear. Regardless, there is arguably a bit more nuance that could be added to round out some of the characteristics of different threat actors.

Categories
Links Writing

The Insanity of ‘Terrorism’ Offences

The Fool by Christopher Parsons, All Rights Reserved

Via The Intercept:

At the end of a quick one-day trial, Judge Emma Arbuthnot at Westminster Magistrates Court ruled that Rabbani had willfully obstructed police when he declined to hand over his passwords. Rabbani avoided a possible three-month jail term and was instead handed a 12-month conditional discharge and told he must pay court costs of £620 ($835). This means a Terrorism Act offense will be recorded on his criminal record. But as long as he does not re-offend within the 12-month period, no further action will be taken against him.

Rabbani had argued his electronic devices should have been protected under the latter category, as they contained confidential information related to his work. The judge said that Rabbani did not make this clear to the officers who initially interrogated him, but did say so later in a prepared statement following his arrest. She described Rabbani as “of good character,” acknowledged he was “trying to protect confidential material on his devices,” and noted that “the importance of passwords and PIN numbers in the 21st century cannot be overstated.” However, she still concluded that his “decision not to provide the information when requested by the examining officers” amounted to “a wilful obstruction of the lawful examination in the circumstances.”

A lawyer was charged and found guilty of a terrorism offence for refusing to decrypt a device containing sensitive client information. A baseline part of the criminal justice system is that what is said between a client and their lawyer is protected speech, but this protection is under threat in the UK: solicitors who do their duty and uphold the oaths to their clients risk serious convictions that may permanently refigure their lives and liberties. This dismantling of baseline aspects of our legal systems to fight ‘terrorism’ are ludicrous and do more harm to our societies than can be inflicted upon us by violent extremists and criminals.

Categories
Links Photography

Facebook’s DNA

Om Malik:

Having followed Facebook for a long time, I know what really plagues the company is that being open and transparent is not part of its DNA. This combination of secrecy, microtargeting and addiction to growth at any cost is the real challenge. The company’s entire strategy is based on targeting, monetizing and advertising.

Common sense ideas such as being humane, understanding its impact on society and civic infrastructure — well that doesn’t bring any dollars into the coffers. Call me cynical, but reactive apologies are nothing but spin.

So very true.