Category: Links

Categories
Aside Links

The Dangers of Political ‘Marketing’

‘Politics’ by Samuel Thorne (CC BY-NC-ND 2.0) at https://flic.kr/p/kAgBCR

From n+1:

Given that some of the major players involved in Trump’s campaign effort have obsessions with war tactics and strategy, it’s easy to imagine that weaponized targeting may not only be a pre-election phenomenon. Such efforts could be employed as part of an ongoing campaign to weaken any resistance to the Trump Administration and thwart political opposition through ratcheting up in-fighting and splintering. It’s not an overstatement to suggest that the infrastructure of mass consumer surveillance enables new kinds of actors to take up the work of COINTELPRO on a mass scale. Former Cambridge Analytica employees have said the company internally discusses their operations as psychological warfare.

Cambridge Analytica may not be alone in pursuing these types of psychological warfare tactics. In response to the recent revelations of Russian-bought Facebook ads, Senator Mark Warner told the Washington Post that the aim of the ads was “to sow chaos.” Yet, rather than promoting general chaos, some ads may have been specifically designed to fuel infighting among the Trump opposition. Earlier this year, The Intercept showed that TigerSwan, a shady mercenary firm hired by Energy Transfer Partners to combat communities opposing the Dakota Access Pipeline, used knowledge gleaned from surveillance as part of their own strategy to splinter their opponents. A leaked TigerSwan document declared, “Exploitation of ongoing native versus non-native rifts, and tribal rifts between peaceful and violent elements is critical in our effort to delegitimize the anti-DAPL movement.”

What our current digital environment affords are opportunities for efficient, large-scale use of such tactics, which can be refined by data-rich feedback loops. Manipulation campaigns can plug into the commercial surveillance infrastructure and draw on lessons of behavioral science. They can use testing to refine strategies that take account of the personal traits of targets and identify interventions that may be most potent. This might mean identifying marginal participants, let’s say for joining a march or boycott, and zeroing in on interventions to dissuade them from taking action. Even more worrisomely, such targeting could try to push potential allies in different directions. Targets predicted to have more radical inklings could be pushed toward radical tactics and fed stories deriding compromise with liberal allies. Simultaneously, those predicted to have more liberal sympathies may be fed stories that hype fears about radical takeover of the resistance. Such campaigns would likely play off divisions along race, gender, issue-specific priorities, and other lines of identity and affinity.

We’re reaching the pinnacle of what online advertising can do: identify persons of interest, separate specific persons from others to discretely target them, and motivate targets to change their emotional states and act based on those states. It’s bad enough this is done to push products but, now, the same activities are seeping into the political systems and damaging democratic undertakings in the process. Such activity has to be regulated, if not stopped entirely.

Categories
Links

Threat Actors and Act Types

OLYMPUS DIGITAL CAMERA
Hacker by The Preiser Project (CC BY 2.0) at https://flic.kr/p/jrrmeP

The grugq has a useful explainer for the different kinds of threat actors an organization might be mindful for, such as hactivists, criminals, and state actors, and how and why they tend to operate as they do. With regards to state, and private-public, teams:

There is a tendency to want to rank the Services, but this is not especially fruitful. More interesting is the culture of the Services teams, their nature, their agility, the problems that the team are expected to address, whether they have internal capacity or rely on third parties, and so on. More relevant is trying to understand what they exist to accomplish, how capable they are of doing that, how agile they are in term of changing their MO and if and how well they can accomplish other goals.

This is an inherent problem with hybrid public/private teams — information sharing. While the private component will probably have superior skills and breadth and depth of operational experience, their lack of big picture understanding will prevent them from surfacing ideas, making connections, or otherwise providing insight to help advance the operation. Generally, having the people actually doing the work involved in suggesting improvements is a good way to improve. Similarly, having the people with wide access to botnet victims know what sort of data will get them paid will produce a greater volume of potentially interesting data.

While I tend to think that his analysis of nation-states is good, it under-emphasizes how certain states either have their farm leagues ‘train’ on civil society or, alternately, team with semi-skilled private operators who operate similar to criminals. Whether these behaviours are representative of training exercises, of not wasting the good stuff on civil society, of deliberately being evident to instil caution amongst civil society, or of something else, isn’t entirely clear. Regardless, there is arguably a bit more nuance that could be added to round out some of the characteristics of different threat actors.

Categories
Links Writing

The Insanity of ‘Terrorism’ Offences

The Fool by Christopher Parsons, All Rights Reserved

Via The Intercept:

At the end of a quick one-day trial, Judge Emma Arbuthnot at Westminster Magistrates Court ruled that Rabbani had willfully obstructed police when he declined to hand over his passwords. Rabbani avoided a possible three-month jail term and was instead handed a 12-month conditional discharge and told he must pay court costs of £620 ($835). This means a Terrorism Act offense will be recorded on his criminal record. But as long as he does not re-offend within the 12-month period, no further action will be taken against him.

Rabbani had argued his electronic devices should have been protected under the latter category, as they contained confidential information related to his work. The judge said that Rabbani did not make this clear to the officers who initially interrogated him, but did say so later in a prepared statement following his arrest. She described Rabbani as “of good character,” acknowledged he was “trying to protect confidential material on his devices,” and noted that “the importance of passwords and PIN numbers in the 21st century cannot be overstated.” However, she still concluded that his “decision not to provide the information when requested by the examining officers” amounted to “a wilful obstruction of the lawful examination in the circumstances.”

A lawyer was charged and found guilty of a terrorism offence for refusing to decrypt a device containing sensitive client information. A baseline part of the criminal justice system is that what is said between a client and their lawyer is protected speech, but this protection is under threat in the UK: solicitors who do their duty and uphold the oaths to their clients risk serious convictions that may permanently refigure their lives and liberties. This dismantling of baseline aspects of our legal systems to fight ‘terrorism’ are ludicrous and do more harm to our societies than can be inflicted upon us by violent extremists and criminals.

Categories
Links Photography

Facebook’s DNA

Om Malik:

Having followed Facebook for a long time, I know what really plagues the company is that being open and transparent is not part of its DNA. This combination of secrecy, microtargeting and addiction to growth at any cost is the real challenge. The company’s entire strategy is based on targeting, monetizing and advertising.

Common sense ideas such as being humane, understanding its impact on society and civic infrastructure — well that doesn’t bring any dollars into the coffers. Call me cynical, but reactive apologies are nothing but spin.

So very true.

Categories
Links

On Minimum Sentences in Canada

Michael Spratt writes:

The evidence on the lack of effectiveness and costs of minimum sentence is clear. In 2016, Wilson-Raybould said that minimum sentences were a priority. After almost a year of inaction, that priority is manifest in a concern about public opinion?

But perhaps this should not be a surprise given that in 2016 The Canadian Press reported that the Liberals were eyeing a “politically viable strategy” to bring changes to minimum sentences.

After a decade of ideological criminal justice policy at the hands of the Harper government, swift and principled action is imperative. Inaction means unjust court results, less safe streets, increased court delays and ballooning costs.

Minimum sentences represent the lowest-hanging fruit for meaningful justice reform. Their counterproductive and negative impacts are well documented.

This is not a matter for debate. The solutions are known and uncomplicated.

All we need now is a justice minister with the principle and conviction to take action. Unfortunately, it seems that piece is still missing.

I heartily agree: these types of sentencing rules must be abolished and discretion returned to the bench.

Categories
Links Writing

Privacy and Gang Affiliations

Photo by Brent Humphreys
Photo by Brent Humphreys

From the Huffington Post:

Four speakers recounted the ways that their lives have been negatively impacted by the FBI’s designation of Juggalos as a gang.

New Mexico resident Crystal Guerrero said that she lost custody of two children because she went to one Insane Clown Posse show. Laura King of Fredericksburg, Virginia, recounted how she was permanently placed on a gang registry while she was on probation for a DUI offense because she had a tattoo of the hatchet man symbol. Jessica Bonometti was fired from her job as a probation officer in Woodbridge, Virginia, because she liked some Insane Clown Posse-related photographs on Facebook.

Fans of the Insane Clown Posse have been identified as gang members since the FBI designated them as a loosely organized hybrid gang. That designation means that routine things that fans do, such as like images of the band or wear band-related clothes, can lead to profound life consequences. It also raises questions about what kinds of information entertainment providers, like Spotify, Apple Music, and Google’s Play Store can disclose to government agencies upon request. Where those companies have information that a subscriber ‘likes’ an ICP track, would disclosing it lead to serious life impediments as individuals try to cross a border, get a government job, or work with children? What policies are in place to prevent governments from fishing for ICP fans, based on likes?

Though it might seem absurd that liking a particular song could harm your life prospects, the possibility that this could happen reveals how metadata — in this case, information of a persons preferences linked to audio or video content — can be more important than the content itself. Viewing a music video or listening to an album may not be sufficient to reveal a person’s ‘affiliations’ but the positive act of liking the video or album is enough to classify someone as a ‘member’ of the ICP ‘organization’.

What happens when someone liked a video or song or album years ago? How can an agency confirm that the person who owns the account was the person who indicated support for the content? And what recourse do people have when the actions of the far past rise up to detrimentally affect them?

While the former head of the NSA bluntly said that his agency used metadata as part of the equation to kill people abroad, less is said about how law enforcement organizations might use metadata to detrimentally impact the lives of persons living within the continental United States. It’s high time that more attention is paid to domestic authorities’ use of metadata and the domestic consequences of its analysis given how it can be used to ruin people’s life chances.

Categories
Links

Threat Modelling and Apple Security

Troy Hunt has a good and accessible account of what kinds of threats PINs, Touch ID, and Face ID secure users from and, ultimately, how Apple is being pragmatic instead of idealistic in the degrees of security it provides. He’s provided one of the clearest accounts of the different security properties associated with iPhones that I’ve read recently.

On biometrics, he notes that:

The broader issue here is trusting those you surround yourself with in the home. In the same way that I trust my kids and my wife not to hold my finger to my phone while I’m sleeping, I trust them not to abuse my PC if I walk away from it whilst unlocked and yes, one would reasonably expect to be able to do that in their own home. The PC sits there next to my wallet with cash in it and the keys to the cars parked out the front. When you can no longer trust those in your immediate vicinity within the sanctity of your own home, you have a much bigger set of problems

This is the kind of threat posed by government agencies who have taken hold of you, your personal effect, and can compel you against your will. In such cases, you’ve got 99 problems, and your phone is just one.

Categories
Links Writing

The Inanity of Academic Publishing

From Verena Hutter and Karen Kelsey:

I have made it clear how I feel about book chapters in edited volumes or editing volumes (read chapter 16 in the book, and don’t publish in edited volumes, and don’t EDIT VOLUMES, until you are tenured). If my advice has come too late, and you have no other publications, it’s fine to mention the book chapter in your publication para, but don’t try to pass it off as an article. Some edited volumes are in fact peer-reviewed, but your contribution is still not an article.

It drives me nuts that edited volumes are given so little prestige compared to journal articles. There is a general position in academia that book chapters are not rigorously reviewed as compared to journal articles but, really, this has more to do with the publishing outlet than anything else. I’ve published with some journals where the review has been a joke and vice versa. The same is true of edited volumes.

But what bothers me even more about the focus on journal publications over edited volumes is that academics are encouraged to publish places where only the wealthy universities can afford to access/read what is written. I was given advice as a very junior scholar that almost no one in government will read academic journal publications because they can’t justify the per-article cost, whereas departmental and government libraries can justify purchasing books.

If you want to make a public policy impact, or want to generally have your work theoretically more available, then publishing in books (or putting pre-pubs in public repositories like SSRN) is a must. But academics are disincentivized from such practices: they’re punished for trying to actually expand the numbers of people who could read and use the work. So while they’re actively glorifying knowledge production they’re simultaneously hindering the dissemination of what is produced.

Categories
Links Writing

Delight and Apple’s Face ID

Om Malik:

The reason Face ID works is because of some key silicon innovations — yes, there is that TrueDepth camera system made up of a dot projector, infrared camera and flood illuminator and a seven megapixel camera. Face ID projects more than 30,000 invisible IR dots. The resulting IR image and dot pattern is then used to create a mathematical model of your face and send the data to the secure enclave to confirm a match, while adapting to physical changes in appearance over time. What decodes the data captured by this camera (for lack of a better descriptor) are neural capabilities of its A11 Bionic chip. I saw this first hand and was blown away by the effectiveness of Face ID.

The FaceID is a perfect illustration of Apple’s not so secret “secret sauce” — a perfect symbiosis of silicon, physical hardware, software, and designing for delight. Their abilities to turn complex technologies into a magical moment is predicated on this harmonious marriage of needs.

I appreciate that a lot of people in the security and technologist community are dubious of Face ID. There are reasonable concerns about whether the technology will enable law enforcement or other third-parties to unlock a person’s phone by flashing it phone in front of their face, and whether or not it will even work.

But all of those questions fail to get what Apple doing with Face ID. Don’t believe me? Then go find entirely normal users who walk into a Best Buy and buy a laptop without doing any real research, and subsequently discovering their Windows laptop supports logging in with the infrared camera. They are amazed by the technology and tend to be pretty forgiving it doesn’t always work perfectly.

If Apple can ensure that Face ID works reliably then they’re going to have an amazing halo product because, remember, those who are amazed by Face ID likely won’t own one of the new top-of-the-line iPhones. So, instead, Face ID will function as an aspirational feature that few people will have but that many will want, and likely lead to regular users purchasing the first ‘normal’ iPhone that has this cool feature.

Categories
Aside Links Photography

Manufacturing Gear Acquisition Syndrome

Nasim Mansurow at Photography Life:

Don’t be a victim of The Hype. Don’t be a cameraholic and a brainless consumer. Stop yourself from the Internet hysteria that surrounds cameras, lenses and other gear. Instead, spend time learning about photography techniques and improving your skills. Travel more, see more, shoot more. And when I review a piece of camera gear, don’t buy it because I praised it. Only buy what you truly need, not what you want. That’s all I have to say for today.

Mansurov’s article spends a lot of time explaining the economics that drive individual ‘influencers’ and websites to get people excited about buying the new ‘best’ camera equipment. By drawing on Photography Life’s website analytics and the marketing material that he receives, he lays bare the economic incentives to focus of gear instead of techniques, skills, and neat locations to visit. In the process he also makes it very clear how the commercial aspects of selling equipment work in a way that most people may think or believe is happening but don’t have evidence or data to substantiate those thoughts or beliefs. It’s not a shocking read but does serve as a reminder that companies are actively attempting to manipulate consumers into buying the newest lenses or body with the hope or dream that it will turn us all into master photographers.