Category: Links

Categories
Links Writing

Repurposing Apple Time Capsule as a Network Drive

(Photo by MockupEditor.com on Pexels.com)

For the past several years I’ve happily used an Apple Time Capsule as my router and one of many backup drives, but it’s been getting a big long in the tooth as the number of items on my network has grown. I recently upgraded to a new router but wanted to continue using my Time Capsule, and it’s very large drive, for LAN backups.

A post in Apple’s discussion forums helpfully kicked off how to reset the wireless settings for the Time Capsule and prepare it to just live on the network as a drive. After following those instructions, all I needed to do was:

  1. Open Time Machine Preferences on my device;
  2. Select ‘Add or Remove Backup Disk…’;
  3. Select the freshly networked disk;
  4. Choose to use the pre-existing backup image, and input the encryption password for the backup.

Voila! And now my disk–with all its data–is available on the network and capable of continuing my Time Machine backups!

Categories
Links Writing

Does Canada, Really, Need A Foreign Intelligence Service?

A group of former senior Canadian government officials who have been heavily involved in the intelligence community recently penned an op-ed that raised the question of “does Canada need a foreign intelligence service?” It’s a curious piece, insofar as it argues that Canada does need such a service while simultaneously discounting some of the past debates about whether this kind of a service should be established, as well as giving short shrift to Canada’s existing collection capacities that are little spoken about. They also fundamentally fail to take up what is probably the most serious issue currently plaguing Canada’s intelligence community, which is the inability to identify, hire, and retain qualified staff in existing agencies that have intelligence collection and analysis responsibilities.

The Argument

The authors’ argument proceeds in a few pieces. First, it argues that Canadian decision makers don’t really possess an intelligence mindset insofar as they’re not primed to want or feel the need to use foreign intelligence collected from human sources. Second, they argue that the Canadian Security Intelligence Service (CSIS) really does already possess a limited foreign intelligence mandate (and, thus, that the Government of Canada would only be enhancing pre-existing powers instead of create new powers from nothing). Third, and the meat of the article, they suggest that Canada probably does want an agency that collects foreign intelligence using human sources to support other members of the intelligence community (e.g., the Communications Security Establishment) and likely that such powers could just be injected into CSIS itself. The article concludes with the position that Canada’s allies “have quietly grumbled from time to time that Canada is not pulling its weight” and that we can’t prioritize our own collection needs when we’re being given intelligence from our close allies per agreements we’ve established with them. This last part of the argument has a nationalistic bent to it: implicitly they’re asking whether we can really trust even our allies and closest friends? Don’t we need to create a capacity and determine where such an agency and its tasking should focus on, perhaps starting small but with the intent of it getting larger?

Past Debates and Existing Authorities

The argument as positioned fails to clearly make the case for why these expanded authorities are required and simultaneously does not account for the existing powers associated with the CSE, the Canadian military, and Global Affairs Canada.

With regards to the former, the authors state, “the arguments for and against the establishment of a new agency have never really been examined; they have only been cursorily debated from time to time within the government by different agencies, usually arguing on the basis of their own interests.” In making this argument they depend on people not remembering their history. The creation of CSIS saw a significant debate about whether to include foreign human intelligence elements and the decision by Parliamentarians–not just the executive–was to not include these elements. The question of whether to enable CSIS or another agency to collect foreign human intelligence cropped up, again, in the late 1990s and early 2000, and again around 2006-2008 or so when the Harper government proposed setting up this kind of an agency and then declined to do so. To some extent, the authors’ op-ed is keeping with the tradition of this question arising every decade or so before being quietly set to the side.

In terms of agencies’ existing authorities and capacities, the CSE is responsible for conducting signals intelligence for the Canadian government and is tasked to focus on particular kinds of information per priorities that are established by the government. Per its authorizing legislation, the CSE can also undertake certain kinds of covert operations, the details of which have been kept firmly under wraps. The Canadian military has been aggressively building up its intelligence capacities with few details leaking out, and its ability to undertake foreign intelligence using human sources as unclear as the breadth of its mandate more generally.1 Finally, GAC has long collected information abroad. While their activities are divergent from the CIA or MI6–officials at GAC aren’t planning assassinations, as an example–they do collect foreign intelligence and share it back with the rest of the Government of Canada. Further, in their increasingly distant past they stepped in for the CIA in environments the Agency was prevented from operating within, such as in Cuba.

All of this is to say that Canada periodically goes through these debates of whether it should stand up a foreign intelligence service akin to the CIA or MI6. But the benefits of such a service are often unclear, the costs prohibitive, and the actual debates about what Canada already does left by the wayside. Before anyone seriously thinks about establishing a new service, they’d be well advised to read through Carvin’s, Juneau’s, and Forcese’s book Top Secret Canada. After doing so, readers will appreciate that staffing is already a core problem facing the Canadian intelligence community and recognize that creating yet another agency will only worsen this problem. Indeed, before focusing on creating new agencies the authors of the Globe and Mail op-ed might turn their minds to how to overcome the existing staffing problems. Solving that problem might enable agencies to best use their existing authorizing legislation and mandates to get much of the human foreign intelligence that the authors are so concerned about collecting. Maybe that op-ed could be titled, “Does Canada’s Intelligence Community Really Have a Staffing Problem?”

  1. As an example of the questionable breadth of the Canadian military’s intelligence function, when the military was tasked with assisting long-term care home during the height of the Covid-19 pandemic in Canada, they undertook surveillance of domestic activism organizations for unclear reasons and subsequently shared the end-products with the Ontario government. ↩︎
Categories
Aside Links Photography

2021.6.7

Not going to lie: the most useful feature for me, personally, that has been announced at WWDC this year (thus far…) is that the Photos app will now display full EXIF data. I really want Apple to enable advanced search in Photos so I can then sort based on EXIF information, to filter by camera/device and by lens.

Categories
Links Writing

Which States Most Require ‘Democratic Support’?

Roland Paris and Jennifer Walsh have an excellent, and thought-provoking, column in the Globe and Mail where they argue that Western democracies need to adopt a ‘democratic support’ agenda. Such an agenda has multiple points comprising:

  1. States getting their own democratic houses in order;
  2. States defending themselves and other democracies against authoritarian states’ attempts to disrupt democracies or coerce residents of democracies;
  3. States assisting other democracies which are at risk of slipping toward authoritarianism.

In principle, each of these points make sense and can interoperate with one another. The vision is not to inject democracy into states but, instead, to protect existing systems and demonstrate their utility as a way of weaning nations towards adopting and establishing democratic institutions. The authors also assert that countries like Canada should learn from non-Western democracies, such as Korea or Taiwan, to appreciate how they have maintained their institutions in the face of the pandemic as a way to showcase how ‘peer nations’ also implement democratic norms and principles.

While I agree with the positions the authors suggest, far towards the end of the article they delicately slip in what is the biggest challenge to any such agenda. Namely, they write:

Time is short for Canada to articulate its vision for democracy support. The countdown to the 2024 U.S. presidential election is already under way, and no one can predict its outcome. Meanwhile, two of Canada’s closest democratic partners in Europe, Germany and France, may soon turn inward, preoccupied by pivotal national elections that will feature their own brands of populist politics.1

In warning that the United States may be an unreliable promoter of democracy (and, by extension, human rights and international rules and order which have backstopped Western-dominated world governance for the past 50 years) the authors reveal the real threat. What does it mean when the United States is regarded as likely to become more deeply mired in internecine ideological conflicts that absorbs its own attention, limits its productive global engagements, and is used by competitor and authoritarian nations to warn of the consequences of “American-style” democracy?

I raise these questions because if the authors’ concerns are fair (and I think they are) then any democracy support agenda may need to proceed with the presumption that the USA may be a wavering or episodic partner in associated activities. To some extent, assuming this position would speak more broadly to a recognition that the great power has significantly fallen. To even take this as possible–to the extent that contingency planning is needed to address potential episodic American commitment to the agenda of buttressing democracies–should make clear that the American wavering is the key issue: in a world where the USA is regarded as unreliable, what does this mean for other democracies and how they support fellow democratic states? Do countries, such as Canada and others with high rule-of-law democratic governments, focus first and foremost on ‘supporting’ US democracy? And, if so, what does this entail? How do you support a flailing and (arguably) failing global hegemon?

I don’t pretend to have the answers. But it seems that when we talk about supporting democracies, and can’t rely on the USA to show up in five years, then the metaphorical fire isn’t approaching our house but a chunk of the house is on fire. And that has to absolutely be our first concern: can we put out the fire and save the house, or do we need to retreat with our children and most precious objects and relocate? And, if we must retreat…to where do we retreat?

  1. Emphasis not in original. ↩︎
Categories
Links Writing

Building a Strategic Vision to Combat Cybercrime

The Financial Times has a good piece examining the how insurance companies are beginning to recalculate how they assess insurance premiums that are used to cover ransomware payments. In addition to raising fees (and, in some cases, deciding whether to drop insuring against ransomware) some insurers like AIG are adopting stronger underwriting, including:

… an additional 25 detailed questions on clients’ security measures. “If [clients] have very, very low controls, then we may not write coverage at all,” Tracie Grella, AIG’s global head of cyber insurance, told the Financial Times.

To be sure, there is an ongoing, and chronic, challenge of getting companies to adopt baseline security postures, inclusive of running moderately up-to-date software, adopting multi-factor authorization, employing encryption at rest, and more. In the Canadian context this is made that much harder because the majority of Canadian businesses are small and mid-sized; they don’t have an IT team that can necessarily maintain or improve on their organization’s increasingly complicated security posture.

In the case of larger mid-sized, or just large, companies the activities of insurers like AIG could force them to modify their security practices for the better. Insurance is generally regarded as cheaper than security and so seeing the insurance companies demand better security to receive insurance is a way of incentivizing organizational change. Further change can be incentivized by government adopting policies such as requiring a particular security posture in order to bid on, or receive, government contracts. This governmental incentivization doesn’t necessarily encourage change for small organizations that already find it challenging to contract with government due to the level of bureaucracy involved. For other organizations, however, it will mean that to obtain/maintain government contracts they’ll need to focus on getting the basics right. Again, this is about aligning incentives such that organizations see value in changing their operational policies and postures to close off at least some security vulnerabilities. There may be trickle down effects to these measures, as well, insofar as even small-sized companies may adopt better security postures based on actionable guidance that is made available to the smaller companies responsible for supplying those middle and larger-sized organizations, which do have to abide by insurers’ or governments’ requirements.1

While the aforementioned incentives might improve the cybersecurity stance of some organizations the key driver of ransomware and other criminal activities online is its sheer profitability. The economics of cybercrime have been explored in some depth over the past 20 years or so, and there are a number of conclusions that have been reached that include focusing efforts on actually convicting cybercriminals (this is admittedly hard where countries like Russia and former-Soviet Republic states indemnify criminals that do not target CIS-region organizations or governments) to selectively targeting payment processors or other intermediaries that make it possible to derive revenues from the criminal activities.

Clearly it’s not possible to prevent all cybercrime, nor is it possible to do all things at once: we can’t simultaneously incentivize organizations to adopt better security practices, encourage changes to insurance schemas, and find and address weak links in cybercrime monetization systems with the snap of a finger. However, each of the aforementioned pieces can be done with a strategic vision of enhancing defenders’ postures while impeding the economic incentives that drive online criminal activities. Such a vision is ostensibly shared by a very large number of countries around the world. Consequently, in theory, this kind of strategic vision is one that states can cooperate on across borders and, in the process, build up or strengthen alliances focused on addressing challenging international issues pertaining to finance, crime, and cybersecurity. Surely that’s a vision worth supporting and actively working towards.

  1. To encourage small suppliers to adopt better security practices when they are working with larger organizations that have security requirements placed on them, governments might set aside funds to assist the mid-sized and large-sized vendors to secure down the supply chain and thus relieve small businesses of these costs. ↩︎
Categories
Aside Links

2021.5.20

After many months of hope and anticipation, I’m looking forward to finally ditching the (cruddy and privacy intrusive) OS that is built into my TV and enjoying my new Apple TV 4K (Gen 2)! I admit to being disappointed Apple hasn’t transformed the Apple TV into a ‘true’ gaming device, but c’est la vie.

Now the wait begins for the a new Apple Watch

Categories
Links

The Answer to Why Twitter Influences Canadian Politics

Elizabeth Dubois has a great episode of Wonks and War Rooms where she interviews Etienne Rainville of The Boys in Short Pants podcast, former Hill staffer, and government relations expert. They unpack how government staffers collect information, process it, and identify experts.

Broadly, the episode focuses on how the absence of significant policy expertise in government and political parties means that social media—and Twitter in particular—can play an outsized role in influencing government, and why that’s the case.

While the discussion isn’t necessarily revelatory to anyone who has dealt with some elements of government of Canada, and especially MPs and their younger staffers, it’s a good and tight conversation that could be useful for students of Canadian politics, and also helpfully distinguishes of of the differences between Canadian and American political cultures. I found the forthrightness of the conversation and the honesty of how government operates was particularly useful in clarifying why Twitter is, indeed, a place for experts in Canada to spend time if they want to be policy relevant.

Categories
Links

Facebook Prioritizes Growth Over Social Responsibility

Karen Hao writing at MIT Technology Review:

But testing algorithms for fairness is still largely optional at Facebook. None of the teams that work directly on Facebook’s news feed, ad service, or other products are required to do it. Pay incentives are still tied to engagement and growth metrics. And while there are guidelines about which fairness definition to use in any given situation, they aren’t enforced.

The Fairness Flow documentation, which the Responsible AI team wrote later, includes a case study on how to use the tool in such a situation. When deciding whether a misinformation model is fair with respect to political ideology, the team wrote, “fairness” does not mean the model should affect conservative and liberal users equally. If conservatives are posting a greater fraction of misinformation, as judged by public consensus, then the model should flag a greater fraction of conservative content. If liberals are posting more misinformation, it should flag their content more often too.

But members of Kaplan’s team followed exactly the opposite approach: they took “fairness” to mean that these models should not affect conservatives more than liberals. When a model did so, they would stop its deployment and demand a change. Once, they blocked a medical-misinformation detector that had noticeably reduced the reach of anti-vaccine campaigns, the former researcher told me. They told the researchers that the model could not be deployed until the team fixed this discrepancy. But that effectively made the model meaningless. “There’s no point, then,” the researcher says. A model modified in that way “would have literally no impact on the actual problem” of misinformation.

[Kaplan’s] claims about political bias also weakened a proposal to edit the ranking models for the news feed that Facebook’s data scientists believed would strengthen the platform against the manipulation tactics Russia had used during the 2016 US election.

The whole thing with ethics is that they have to be integrated such that they underlie everything that an organization does; they cannot function as public relations add ons. Sadly at Facebook the only ethic is growth at all costs, the social implications be damned.

When someone or some organization is responsible for causing significant civil unrest, deaths, or genocide then we expect that those who are even partly responsible to be called to account, not just in the public domain but in courts of law and international justice. And when those someones happen to be leading executives for one of the biggest companies in the world the solution isn’t to berate them in Congressional hearings and hear their weak apologies, but to take real action against them and their companies.

Categories
Links Writing

Pandemic Burnout in Academia

Virginia Gewin, writing for Nature:

Even before the pandemic, many researchers in academia were struggling with poor mental health. Desiree Dickerson, an academic mental-health consultant in Valencia, Spain, says that burnout is a problem inherent in the academic system: because of how narrowly it defines excellence, and how it categorizes and rewards success. “We need to reward and value the right things,” she says.

Yet evidence of empathetic leadership at the institutional level is in short supply, says Richard Watermeyer, a higher-education researcher at the University of Bristol, UK, who has been conducting surveys to monitor impacts of the pandemic on academia. Performative advice from employers to look after oneself or to leave one day a week free of meetings to catch up on work is pretty superficial, he says. Such counsel does not reduce work allocation, he points out.

Academia has a rampant problem in how it is professionally configured. To get even a short term contract, now, requires a CV that would have been worthy of tenure twenty or thirty years ago. Which means that, when someone is hired as an assistant professor (with a 3-6 year probation period) they are already usually more qualified than their peers of the past and have to be prolific in the work that they contribute to and output, and do so with minimal or no complaints so as to avoid any problems in their transition from assistant to associate professor (i.e., full-time and sometimes protected employee).

Once someone has gone through the gauntlet, they come to expect that others should go through it as well: if the current generation can cut it, then surely the next generation of hires should be able to as well if they’re as ‘good’ as the current generation. Which means that those who were forced into an unsustainable work environment that routinely eats into personal time, vacation time (i.e., time when you use vacation days to catch up on other work that otherwise is hard to get done), child rearing time, and so forth, expect that those following them do the same.

Add into this the fact that most academic units are semi-self governing, and those in governorship positions (e.g., department chairs, deans) tend to lack any actual qualifications in managing a largely autonomous workforce and cannot rebalance work loads in a systemically positive way so as to create more sustainable working environments. As a result of a lack of formal management skills, these same folks tend to be unable to identify the issues that might come up in a workforce/network of colleagues, and they are also not resourced to know how to actually treat the given problem. And all of this presumes they are motivated to find and resolve problems in the first place. This very premise is often found faulty, given that those who are governing are routinely most concerned with the smooth running of their units and, of course, may keep in mind any junior colleagues who happen to cause ‘problems’ by expecting assistance or consideration given the systemic overwork that is the normal work-life imbalance.

What’s required is a full-scale revolt in the very structure of university departments if work-life balance is to be truly valued, and if academics are to be able to satisfy their teaching, service, and research requirements in the designated number of working hours. While the job is often perceived as very generous–and it is, in a whole lot of ways!–because you (ideally) have parts of it that you love, expecting people to regularly have 50-75 hour work weeks, little real downtime, little time with family and friends, and being placed on a constant treadmill of outputs is a recipe for creating jaded, cynical, and burned out professionals. Sadly, that’s how an awful lot of contemporary departments are configured.

Categories
Links

The Value of Brief Synthetic Literature Reviews

The Cambridge Security Research Computer Laboratory has a really lovely blog series called ‘Three Paper Tuesday’ that I wish other organizations would adopt.

They have a guest (and usually a graduate student) provide concise summaries of three papers and then have a short 2-3 paragraph ‘Lessons Learned’ section to conclude the post. Not only do readers get annotated bibliographies for each entry but, perhaps more importantly, the lessons learned means that non-experts can appreciate the literature in a broader or more general context. The post aboutsubverting neural networks, as an example, concludes with:

On the balance of the findings from these papers, adversarial reprogramming can be characterised as a relatively simple and cost-effective method for attackers seeking to subvert machine learning models across multiple domains. The potential for adversarial programs to successfully avoid detection and be deployed in black-box settings further highlights the risk implications for stakeholders.

Elsayed et al. identify theft of computational resources and violation of the ethical principles of service providers as future challenges presented by adversarial reprogramming, using the hypothetical example of repurposing a virtual assistant as spyware or a spambot. Identified directions for future research include establishing the formal properties and limitations of adversarial reprogramming, and studying potential methods to defend against it.

If more labs and research groups did this, I’d imagine it would help to spread awareness of some research and its actual utility or importance in advancing the state of knowledge to the benefit of other academics. It would also have the benefit of showcasing to policymakers what key issues actually are and where research lines are trending, and thus empower them (and, perhaps, even journalists) to better take up the issues that they happen to be focused on. That would certainly be a win for everybody: it’d be easier to identify articles of interest for researchers, relevance of research for practitioners, and showcase the knowledge and communication skills of graduate students.