Link

Privacy and Contemporary Motorvehicles

Writing for NBC News, Olivia Solon provides a useful overview of just how much data is collected by motor vehicles—using sensors embedded in the vehicles as well as collected by infotainment systems when linked with a smartphone—and how law enforcement agencies are using that information.

Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system — which is like the “black box” — and the infotainment system. The telematics system stores a vehicle’s turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed.

The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device.

Together, the data allows investigators to reconstruct a vehicle’s journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.

Of note, rental cars as well as second hand vehicles also retain all of this information and it can then be accessed by third-parties. It’s pretty easy to envision a situation where rental companies are obligated to assess retained data to determine if a certain class or classes of offences have been committed, and then overshare information collected by rental vehicles to avoid their own liability that could follow from failing to fully meet whatever obligations are placed upon them.

Of course, outright nefarious actors can also take advantage of the digital connectivity built into contemporary vehicles.

Just as the trove of data can be helpful for solving crimes, it can also be used to commit them, Amico said. He pointed to a case in Australia, where a man stalked his ex-girlfriend using an app that connected to her high-tech Land Rover and sent him live information about her movements. The app also allowed him to remotely start and stop her vehicle and open and close the windows.

As in so many different areas, connectivity is being included into vehicles without real or sufficient assessment of how to secure new technologies and defray harmful or undesirable secondary uses of data. Engineers rarely worry about these outcomes, corporate lawyers aren’t attentive to these classes of issues, and the security of contemporary vehicles is generally garbage. Combined, this means that government bodies are almost certainly going to expand the ranges of data they can access without having to first go through a public debate about the appropriateness of doing so or creation of specialized warrants that would limit data mining. Moreover, in countries with weak policing accountability structures, it will be impossible to even assess the regularity at which government officials obtain access to information from cars, how such data lets them overcome other issues they state they are encountering (e.g., encryption), or the utility of this data in investigating crimes and introducing it as evidence in court cases.

Link

Russia, China, the USA and the Geopolitical and National Security Implications of Climate Change

Lustgarden, writing for the New York Times, has probably the best piece on the national security and geopolitical implications of climate change that I’ve recently come across. The assessment for the USA is not good:

… in the long term, agriculture presents perhaps the most significant illustration of how a warming world might erode America’s position. Right now the U.S. agricultural industry serves as a significant, if low-key, instrument of leverage in America’s own foreign affairs. The U.S. provides roughly a third of soy traded globally, nearly 40 percent of corn and 13 percent of wheat. By recent count, American staple crops are shipped to 174 countries, and democratic influence and power comes with them, all by design. And yet climate data analyzed for this project suggest that the U.S. farming industry is in danger. Crop yields from Texas north to Nebraska could fall by up to 90 percent by as soon as 2040 as the ideal growing region slips toward the Dakotas and the Canadian border. And unlike in Russia or Canada, that border hinders the U.S.’s ability to shift north along with the optimal conditions.

Now, the advantages faced by Canada might be eroded by a militant America, and those of Russia similarly threatened by a belligerent and desperate China (and desperate Southeast Asia more generally). Regardless, food and arable land are generally likely to determine which countries take the longest to most suffer from climate change. Though, in the end, it’s almost a forgone conclusion that we are all ultimately going to suffer horribly for the errors of our ways.

AirPods Max Ain’t For Me

Reading early first impressions of the AirPods Max, such as the ones by Matthew Panzarino and John Grueber, has made clear that Apple’s designers have biased the new headphones for audio quality at the expense of everything else that tends to be found in consumer-grade headphones. Reading the impressions, they definitely make it sound like the AirPods Max are designed for someone who’s just going to sit in a stationary position and enjoy the sounds they produce. That is…not how I use my headphones.

What design properties am I looking for? I want a H1 chip for easy shifting between my Apple devices, active noise cancelation, decent-enough battery and sound, and the ability to wear them around the house, at the gym (whenever that’s possible again), and walking around the city without getting ear fatigue. While I’d love to have 3D sound, that just isn’t a requirement in my life with how I tend to use headphones to listen to music and podcasts.

Given local sales on Beats Solo Pro at the time, I think that my decision is made, though I admit some small degree of worry about ear fatigue that can apparently crop up when wearing the Solos Pro for prolonged periods of time.

Links for November 16-20, 2020

  • The future of U.S. Foreign intelligence surveillance. “Despite President Trump’s many tweets about wiretapping, his administration failed to support meaningful reforms to traditional FISA, Section 702, and EO 12333. Meanwhile, the U.S. government’s foreign intelligence apparatus has continued to expand, violating Americans’ constitutional rights and threatening a $7.1 trillion transatlantic economic relationship. Given the stakes, the next President and Congress must prioritize surveillance reform in 2021.” // I can’t imagine an American administration passing even a small number of the proposed legislative updates suggested in this article. Still, it is helpful to reflect on why such measures should be passed to protect global citizens’ rights and, more broadly, why they almost certainly will not be passed into law.
  • Why Obama fears for our democracy. “But more than anything, I wanted this book to be a way in which people could better understand the world of politics and foreign policy, worlds that feel opaque and inaccessible. Part of my goal is describing quirks and people’s family backgrounds, just to remind people that these are humans and you can understand them and make judgments.” // The whole interview is a good read, and may signal some of the pressures on tech policy the incoming administration may face from their own former leader, but more than anything I think that Obama’s relentless effort to contextualize, socialize, and humanize politics speaks to the underlying ethos he took with him into office. And, more than that, it showcases that he truly is hopeful in an almost Kantian sense; throughout the interview I couldn’t help but feel I was reading someone who had been deeply touched by “Perpetual Peace” amongst other essays in Kant’s Political Writings.
  • Ralfy’s world – whisky magazine. “At a time when the debate over new and old media is raging full on, and questions are asked about integrity and independence, Ralfy is just getting on with it – blogging randomly in the true spirit of the medium and making do it yourself recordings about whiskies he has tasted. Or to put it in his words: “My malt mission over the last two years has been a website called ralfy.com for all things whisky, so long as it’s unorthodox, marketing-light, informative, independent, educational …and entertaining.” // I’ve learned, and continue to learn, a lot from Ralfy’s YouTube channel. But I have to admit it’s more than a bit uncomfortable figuring out the ethics of watching videos from a guy who has inaccurate understandings of vaccines and the pandemics alike. His knowledge of whiskey is on the whole excellent. His knowledge of epidemiology and immunology…let’s just say less so.
Link

To What Extent is China’s Control of Information a Cyber Weakness?

Lawfare has a good piece on How China’s control of information is a cyber weakness:

“Policymakers need to be aware that successful competition in cyberspace depends on having intrinsic knowledge of the consequences a democratic or authoritarian mode of government has for a country’s cyber defense. Western leaders have for a long time prioritized security of physical infrastructure. This might translate into better cyber defense capabilities, but it leaves those governments open to information operations. At the same time, more authoritarian-leaning countries may have comparative advantages when it comes to defending against information operations but at the cost of perhaps being more vulnerable to cyber network attack and exploitation. Authoritarian governments may tolerate this compromise on security due to their prioritization of surveillance and censorship practices.

I have faith that professionals in the intelligence community have previously assessed this divide between what democracies have developed defences against versus what countries like China have prepared against. Nonetheless this is a helpful summary of the two sides of the coin.

I’m less certain of a subsequent argument made in the same piece:

These diverging emphases on different aspects of cybersecurity by democratic and authoritarian governments are not new. However, Western governments have put too much emphasis on the vulnerability of democracies to information operations, and not enough attention has been dedicated to the vulnerability of authoritarian regimes in their cyber defenses. It is crucial for democratic governments to assess the impact of information controls and regime security considerations in authoritarian-leaning countries for their day-to-day cyber operations.”

I really don’t think that intelligence community members in the West are ignorant of the vulnerabilities that may be present in China or other authoritarian jurisdictions. While the stories in Western media emphasize how effective foreign operators are extracting data from Western companies and organizations, intelligence agencies in the Five Eyes are also deeply invested in penetrating strategically and tactically valuable digital resources abroad. One of the top-line critiques against the Five Eyes is that they have invested heavily on offence over defence, and the article from Lawfare doesn’t really ever take that up. Instead, and inaccurately to my mind, it suggests that cyber defence is something done with a truly serious degree of resourcing in the Five Eyes. I have yet to find someone in the intelligence community that would seriously assert a similar proposition.

One thing that isn’t assessed in the article, and which would have been interesting to see considered, is the extent(s) to which the relative dearth of encryption in China better enables their defenders to identify and terminate exfiltration of data from their networks. Does broader visibility into data networks enhance Chinese defenders’ operations? I have some doubts, but it would be curious to see the arguments for and against that position.

Link

Unintentionally Supporting Bad Policy

A way forward for U.S. Policy on TikTok:

“Hu Xijin, the editor of the Chinese state media outlet the Global Times, weighed in recently on the most recent merger proposal. “The US restructuring of TikTok’s stake and actual control should be used as a model and promoted globally,” remarked Hu on Twitter. “Overseas operation of companies such as Google, Facebook shall all undergo such restructure and be under actual control of local companies for security concerns.”

It’s not exactly a good sign for Chinese state media to tout a U.S. play designed to be “tough on China” as a model for global behavior. The United States may be bumbling its way into a precedent the consequences of which it has yet to anticipate. “

This was exactly the concern that was raised by experts in North America the second after the Trump administration proposed its bumblingly-stupid approach to TikTok. With the American policy in place it’s going to be that much harder for Western companies operating in China to have convincing arguments that they shouldn’t need to partner with Chinese organizations tans engage in manufacturing, technology, or intellectual property disclosures as a condition of doing business in China. And the issue won’t end in China: American (and other countries’) businesses are almost certain to have (now) US-framed arguments thrown at them when operating all around the world whenever there is even a marginal ‘national security’ concern linked to the foreign company’s operations.

Link

Brian Eno on Atomization and Underlining

Really appreciated this interview with Eno. Two select quotations that stuck with me:

Something that kind of disappoints me is that most of the new technology from the ’80s onwards has been about the atomization of society. It’s been about you being able to be more and more separate from everybody else. That’s why I don’t like the headphones thing. I don’t want to be separate in that way.

I can’t say that I agree with this assessment, but understand that technology is wrapped up in a very particular culture of neoliberal capitalism that can be harmful for communities writ large. His subsequent reflections more broadly about social media—that it can create the almost total self-enclosure of micro-communities—is definitely something that raises prominent concerns, though frankly I wish that there was more scholarship that dug into this as an issue as took place about 15 or so years ago. Obviously there is new scholarship but little of it seems methodologically satisfactory with focuses on quantitative rather than qualitative and quantitative approaches.

Quite a few of the films I’ve made music for, I never saw the picture before I finished all the music. And I like that, because I don’t want the music to map totally onto the film. I want the music to suggest — to increase the ambiguity, basically. To expand the film a bit. Not to underline it. Often, and especially with Hollywood soundtracks, the whole point of the soundtrack is to tell you, the dumb sod watching it, “Now you’re supposed to feel sad. Now it’s funny. Laugh! Go on!” And I just don’t want to be in that business of underlining things.

This seems like a pretty stellar way of thinking through what he wants his work to do, and not do. Though in a contemporary era I’m surprised that producers or directors are willing to leave the music so out of their control.

Link

VPN and Security Friction

Troy Hunt spent some time over the weekend writing on the relative insecurity of the Internet and how VPNs reduce threats without obviating those threats entirely. The kicker is:

To be clear, using a VPN doesn’t magically solve all these issues, it mitigates them. For example, if a site lacks sufficient HTTPS then there’s still the network segment between the VPN exit node and the site in question to contend with. It’s arguably the least risky segment of the network, but it’s still there. The effectiveness of black-holing DNS queries to known bad domains depends on the domain first being known to be bad. CyberSec is still going to do a much better job of that than your ISP, but it won’t be perfect. And privacy wise, a VPN doesn’t remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I’ve always said I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.

Something that security professionals are still not great at communicating—because we’re not asked to and because it’s harder for regular users to use the information—is that security is about adding friction that prevents adversaries from successfully exploiting whomever or whatever they’re targeting. Any such friction, however, can be overcome in the face of a sufficiently well-resourced attacker. But when you read most articles that talk about any given threat mitigation tool what is apparent is that the problems that are faced are systemic; while individuals can undertake some efforts to increase friction the crux of the problem is that individuals are operating in an almost inherently insecure environment.

Security is a community good and, as such, individuals can only do so much to protect themselves. But what’s more is that their individual efforts functionally represent a failing of the security community, and reveals the need for group efforts to reduce the threats faced by individuals everyday when they use the Internet or Internet-connected systems. Sure, some VPNs are a good thing to help individuals but, ideally, these are technologies to be discarded in some distant future after groups of actors successfully have worked to mitigate the threats that lurk all around us. Until then, though, adopting a trusted VPN can be a very good idea if you can afford the costs linked to them.

Link

Election Nightmare Scenarios

The New York Times has a selection of experts’ ‘nightmare scenarios’ for the forthcoming USA election. You can pick and choose which gives you colder sweats—I tend to worry about domestic disinformation, a Bush v. Gore situation, or uncounted votes—but, really, few of these nightmares strike to the heart of the worst of the worst.

American institutions have suffered significantly under Trump and, moreover, public polarization and the movement of parts of the USA electorate (and, to different extents, global electorates) into alternate reality bubbles mean that the supports which are meant to facilitate peaceful transitions of power such that the loser can believe in the outcomes of elections are badly wounded. Democracies don’t die in darkness, per se, but through neglect and an unwillingness of the electorate to engage because change tends to be hard, slow, and incremental. There are solutions to democratic decline, and focusing on the next electoral cycles matters, but we can’t focus on elections to the detriment of understanding how to rejuvenate democratic systems of governance more generally.

Link

Safe Streets and Systemic Racism

Sabat Ismail, writing at Spacing Toronto, interrogates who safe streets are meant to be safe for. North American calls for adopting Nordic models of urban cityscapes are often focused on redesigning streets for cycling whilst ignoring that Nordic safety models are borne out of broader conceptions of social equity. Given the broader (white) recognition of the violent threat that police can represent to Black Canadians, cycling organizations which are principally advocating for safe streets must carefully think through how to make them safe, and appreciate why calls for greater law enforcement to protect non-automobile users may run counter to an equitable sense of safety. To this point, Ismail writes:

I recognize the ways that the safety of marginalized communities and particularly Black and Indigenous people is disregarded at every turn and that, in turn, we are often provided policing and enforcement as the only option to keep us safe. The options for “safety” presented provide a false choice – because we do not have the power to determine safety or to be imagined within its folds.

Redesigning streets without considering how the design of urban environments are rife with broader sets of values runs the very real risk of further systematizing racism while espousing values of freedom and equality. The values undergirding the concept of safe streets must be assessed by a diverse set of residents to understand what might equitably provide safety for all people; doing anything less will likely re-embed existing systems of power in urban design and law, to the ongoing detriment and harm of non-white inhabitants of North American cities.