Category: Links

Categories
Links Writing

Thoughts on the Implications of ‘Secret Surveillance’

In one of Michael Geist’s recent articles on secret surveillance he notes three key issues with the secretive intelligence surveillance actions that are coming to light. Specifically:

First, the element of trust has been severely compromised. Supporters of the current Internet governance model frequently pointed to Internet surveillance and the lack of accountability within countries like China and Russia as evidence of the danger of a UN-led model. With the public now aware of the creation of a massive, secret U.S.-backed Internet surveillance program, the U.S. has ceded the moral high ground on the issue.

This has been a point that academics have warned about for the past decade: when/if it is apparent that the US and other Western governments aren’t ‘fit to govern’ critical Internet infrastructure then foreign states will increasingly agitate to influence network design. Still, while the US government’s mass surveillance systems may accelerate the rate at which governments are ‘interested’ in critical infrastructure design and deployment, this isn’t a novel path or direction: governments throughout the world have been extending their surveillance capacities, often pointing to the US’ previously disclosed behaviours as justifications. The consequence of the recent high-profile articles on NSA surveillance has been to (arguably) ensure that a ‘moral high ground’ cannot be reclaimed; arguably, that ground has actually been lost for quite some time.

Geist continues:

Second, as the scope of the surveillance becomes increasingly clear, many countries are likely to opt for a balkanized Internet in which they do not trust other countries with the security or privacy of their networked communications. This could lead to new laws requiring companies to store their information domestically to counter surveillance of the data as it crosses borders or resides on computer servers located in the U.S. In fact, some may go further by resisting the interoperability of the Internet that we now take for granted.

Again, we’ve been seeing these kinds of law crop up for the past many years. However, the countries that have been engaging in such actions are all (generally) regarded as ‘foreign’ by individuals in North America. So, when Iran, India, China, or other countries have imposed localization laws those nations are seen as ‘rogue’; missing from much of the critique, however, has been how ‘domestic’ governments have sought to contain or delimit the flow of information. Admittedly, most of Canada, the UK, and America lacks ‘data localization’ laws, but all of those jurisdictions do have ‘data limitation’ laws, insofar as some information is blocked at an ISP level. In effect, while a hardware balkanization of the Internet might accelerate, the content balkanization of the Internet has been ongoing for over a decade.

Geist concludes:

Third, some of those same countries may demand similar levels of access to personal information from the Internet giants. This could create a “privacy race to the bottom”, where governments around the world create parallel surveillance programs, ensuring that online privacy and co-operative Internet governance is a thing of the past.

This is an area that will be particularly interesting to watch for. In terms of content localization, there are laws around the world limiting what citizens in various nations can access. While such localization laws were initially seen as heralding the end of the Internet this has not been the case: save for in particularly censorious regimes, local norms have guided what should(n’t) be accessible (e.g. child pornography, nazi symbology and paraphernalia, etc). At issue is that efforts to ‘block’ certain content tends to often not work well, and also tends to reduce efforts to legally punish those responsible for the content in the first place. In effect, the former problem speaks to the limitations of blocking any content effectively and without accidental overreach, and the latter with poor international cooperation between policing agencies to actually act against the producers of obviously nefarious content (e.g. child pornography).

The ability for nations to demand strong data/server/service localization requirements will, I suspect, be predicated on economic size and relative ‘value’ of a nation’s citizens to a particular company. So, if you have a very large multinational, with ‘boots on the ground’ and a large subscriber base in a profitable nation-state, then the multinational may be more likely to comply with localization requirements compared to a similar demand from a small/economically insignificant state in which the company lacks ‘boots’. Moreover, the potential for certain services to no longer be accessible – say, GMail, if Google refused to comply with a given nations’ localization laws – could lead citizens to turn on their own government on the basis that the services are needed for ongoing, daily, commercial or personal activity.

In effect, I think that while Geist’s third point is arguably the most significant, it’s also the one that we’re furthest off from necessarily crossing over to. Admittedly there are some isolated cases of localization requirements now (e.g. India), but the ability to successfully impose such requirements is as much based on the attractiveness of a given market as anything else. So, there could actually be a division between the ‘localization countries’: ones that are ‘big enough’ to commercially demand compliance versus ones that are ‘too small’ to successfully impose their sovereign wills on Internet multinationals. How any such division were to line up, and the political and economic rationales for all involved, will be fascinating to watch, document, and explore in the coming years!

Categories
Links

Man who created own credit card sues bank for not sticking to terms – Telegraph

class-struggle-anarchism:

When Dmitry Argarkov was sent a letter offering him a credit card, he found the rates not to his liking.
But he didn’t throw the contract away or shred it. Instead, the 42-year-old from Voronezh, Russia, scanned it into his computer, altered the terms and sent it back to Tinkoff Credit Systems.
Mr Argarkov’s version of the contract contained a 0pc interest rate, no fees and no credit limit. Every time the bank failed to comply with the rules, he would fine them 3m rubles (£58,716). If Tinkoff tried to cancel the contract, it would have to pay him 6m rubles.
Tinkoff apparently failed to read the amendments, signed the contract and sent Mr Argakov a credit card.
“The Bank confirmed its agreement to the client’s terms and sent him a credit card and a copy of the approved application form,” his lawyer Dmitry Mikhalevich told Kommersant. “The opened credit line was unlimited. He could afford to buy an island somewhere in Malaysia, and the bank would have to pay for it by law.”

what a hero!

Different situation, but I’ve done the same thing with publishers around copyright terms. Contracts: something to negotiate, not just something to submit to.

Categories
Aside Links Quotations

Don’t Be a (Work) Hero

I often end the work week with the feeling that, although I’ve got a lot done, I’€™d need another whole week just to catch up. And that’s before I deal with the stuff that I’ll be facing the following week! It’€™s easily solved, right? Work late, work the weekend, and just pull more hours. Wrong. You’re probably setting yourself up for a bunch of problems down the line if you tackle it this way.

As I read this, I saw myself described in paragraph after paragraph. I hadn’t realized how damaging my work behaviour was getting until a month or so ago, when every day was laced with stress resulting from ‘no down time, and too much to do.’ Life was seriously out-of-kilter.

Fortunately I got some relief. A major burden was relieved, slightly, and I’ve been able to breath. I also saw the result of my ‘work ethic’ after it was maintained for months and years on end: I didn’t like what I saw, and worried about the long-term effects.

As part of my recently ‘normalized’ work schedule, I’m actively trying to leave work at work and not bring too much home. The result has been that I’ve been a more productive writer in the past month than I had been in the preceding three months. Sure, I was pounding out ‘rote writing’ at a impressive rate, but the insightful or interesting stuff needed when writing the conclusion for my dissertation just wasn’t coming to the surface. Fortunately, it’s coming at a rapid rate these days and I also get to (try and) enjoy myself for a few hours each night with non-work related things!

Source: Don’t Be a (Work) Hero

Categories
Links Quotations

There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other’s laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits.

This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect.

Here’s an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter – because it would only reduce their profits – the market isn’t going to protect consumers, either.

Schneier’s article, “The Public/Private Surveillance Partnership,” does a terrific job in striking to the heart of the ‘arrangements’ between our corporate partners and America’s governing bodies.
Categories
Links Quotations

Mr. Cope, I am Canadian. Like virtually every other Canadian I know, I rely on my mobile phone in my personal life and for my livelihood on a daily basis. The “critical situation” I face comes every month, when I open my wireless bill wondering whether I’ll be able to afford to pay it. Your company, along with Canada’s other major wireless providers, have had 30 years to address this situation. But you’ve failed. Posting huge profits and paying dividends year after year might satisfy your shareholders, but individual Canadians and their families are being hung out to dry. It’s time for a change. Faced with a choice between an American company fighting to gain a foothold in a hostile market or a Canadian one who takes my hard earned money for granted, I’ll pick the lesser of two evils. And if you don’t know which that is by now, I’ll happily send you a copy of my monthly phone bill.

Ben’s letter is awesome. You should really go read all of it.
Categories
Links

How Stephen Harper is rewriting history

Starting with a $25-million museum overhaul, the Conservatives want to change the way Canadians perceive their past

A good article on the relationship between changing what and how museums present as Canadian history, and contemporary Canadian identity.

Categories
Links Writing

Another ‘Victory’ for the Internet of Things

Researchers have found, once again, that sensitive systems have been placed on the Internet without even the most basic of security precautions. The result?

Analyzing a database of a year’s worth of Internet scan results [H.D. Moore]’s assembled known as Critical.io, as well as other data from the 2012 Internet Census, Moore discovered that thousands of devices had no authentication, weak or no encryption, default passwords, or had no automatic “log-off” functionality, leaving them pre-authenticated and ready to access. Although he was careful not to actually tamper with any of the systems he connected to, Moore says he could have in some cases switched off the ability to monitor traffic lights, disabled trucking companies’ gas pumps or faked credentials to get free fuel, sent fake alerts over public safety system alert systems, and changed environmental settings in buildings to burn out equipment or turn off refrigeration, leaving food stores to rot.

Needless to say, Moore’s findings are telling insofar as they reveal that engineers responsible for maintaining our infrastructures are often unable to secure those infrastructures from third-parties. Fortunately, it doesn’t appear that a hostile third-party has significantly taken advantage of poorly-secured and Internet-connected equipment, but it’s really only a matter until someone does attack this infrastructure to advance their own interests, or simply to reap the lulz.

Findings like Moore’s are only going to be more commonly produced as more and more systems are integrated with the Internet as part of the ‘Internet of Things’. It remains to be seen whether vulnerabilities will routinely be promptly resolved, especially with legacy equipment that enjoys significant sunk costs and limited capital for ongoing maintenance. Given the cascading nature of failures in an interconnected and digitized world, failing to secure our infrastructure means that along with natural disasters we may get to ‘enjoy’ cyber disasters that are both harder to positively identify or subsequently remedy when/if appropriately identified.

Categories
Links Writing

The Significance of a ‘Three Hop’ Analysis

Washington’s Blog has an excellent, if somewhat long, post that outlines the significance of the NSA’s ‘three hop’ analysis. It collects and provides some numbers behind basic communications network analyses, and comes to the conclusion that upwards to 2.5 million Americans could be “caught up in dragnet for each suspected terrorist, means that a mere 140 potential terrorists could lead to spying on all Americans. There are tens of thousands of Americans listed as suspected terrorists … including just about anyone who protests anything that the government or big banks do.”

Go read the full post. Some of the numbers are a bit speculative, but on the whole it does a good job showing why ‘three hop’ analyses are so problematic: such analyses disproportionately collect data on American citizens the basis of the most limited forms of suspicion. Such surveillance should be set aside because it constitutes an inappropriate infringement on individuals’ and communities’ reasonable expectations of privacy; it runs counter to how a well ordered and properly functioning democracy should operate in theory and in practice.

Categories
Links Writing

Facebook’s ‘Other’ Folder

David Pogue’s recent post on Facebook’s ‘Other’ folder notes how the company is effectively hiding a significant number of legitimate messages from its users in an attempt to prevent spam and ‘unimportant’ messages from disturbing subscribers. What follows are a few examples of legitimate messages that subscribers missed because they were placed in this folder:

  • “Notification of the death of a friend was hidden in my Other box. I had been very hurt at not being told, and actually missed her funeral.”
  • “I just checked my ‘Other’ folder and found out that I won a free high-end kitchen faucet for a contest I entered last year. Rats.”
  • “Just looked at my ‘Other’ messages and found one about a job opening — in 2011. Think it’s been filled?”
  • “Whoa! There’s tons of important messages in here. Former students of mine were trying to reach out to me. I can’t believe Facebook doesn’t notify you in any way about these.”
  • “Unbelievable! My husband’s wallet was lost and presumed stolen — someone had found it a year ago and sent us a Facebook message, which was hidden until now! Thanks so much.”
  • “Just checked and found a message from someone telling me that they found my lost wallet…a year ago. They really need to redo some thinking on that ‘other’ folder.”

The intent of Facebook’s filtering is noble, insofar as it’s meant to cut down on the cruft and spam that people inevitably get in their email inboxes on a daily basis. I’m sure that the logic is as follows: if we can get people to like using Facebook messages more than email, then we can convince people to rely on our corporate system and wean people off of their traditional email services. Unfortunately, it looks like Facebook’s filtering system suffers from flaws, just as their competitors’ systems do. Worse, and unlike most of their competitors, Facebook subscribers can’t access this folder from their tablets or smartphones without visiting Facebook via the web interface. So, for people that predominantly engage with Facebook using the company’s mobile applications, this folder is effectively invisible. Messages simply vanish into a black hole. This is a very bad thing.

While Facebook’s system makes sense, I suspect that a great many people are as ignorant of the ‘Other’ folder’s existence as the people who wrote to Pogue. This information asymmetry between the developers and users suggests a problem in the UX or UI, insofar as it shouldn’t be a shock that this folder exists. Good UI and UX will prevent subscribers from getting ‘shocked’ about the existence of hidden messages, and will help ensure that the service remains ‘sticky’ for its user base.

Network effects can stymie subscriber churn but they can’t stop it entirely. If Facebook undermines professional or personal networks because of how it handles suspected ‘unimportant’ messages, then the network effect that Facebook currently enjoys could be weakened and expose a part of Facebook’s flank to companies that are more attuned to people’s communicative interests and desires. It will be curious to see how/whether Facebook incorporates the information that arose from Pogue’s columns, and if they actually modify users’ interfaces such that the ‘Other’ folder is more prominently displayed. At the very least, something should change in the mobile applications so users can at least theoretically access all of those ‘unimportant’ messages.

Categories
Aside Links

AT&T’s Anti-Infringement Patent

AT&T’s recent patent to detect and act on network-based copyright infringement raises significant red flags for network neutrality advocates. However, we need to look beyond the most obvious (and nefarious!) red flags: when examining corporate surveillance prospects we need to reflect on the full range of reasons behind the practice. Only in taking this broader, and often more nuanced, view are we likely to come closer to the truth of what is actually going on, and why. And, if we don’t get closer to the specific truth of the situation, at least we can better understand the battleground and likely terms of the conflict.