Tag: Facebook

Categories
Links Writing

Former GCHQ Head Calls for Greater Social Media Surveillance

There genuinely are bad people in the world, individuals and agents who largely exist to cause serious harm to citizens around the world in democratic states. These individuals cannot, however, be permitted to destabilize an entire population nor operate as reasons for totalizing mass surveillance. In the UK an incredibly senior and prominent security and intelligence expert, Sir David Omand, has nevertheless called for the following:

In a series of recommendations to the government, Sir David – the Cabinet Office’s former Security and Intelligence co-ordinator – said out-dated legislation needed to be reformed to ensure an ethical and legal framework for such intelligence gathering, which was clear and transparent.

The report recommends that social media should be divided into two categories, the first being open source information which public bodies could monitor to improve services while not identifying individuals without permission.

On the more contentious category of monitoring private social media, Sir David said it needed to be properly authorised – including the need for warrants when it was considered “genuine intrusion” –  only used as a last resort when there was substantial cause and with regard to “collateral damage” to any innocent people who might have been in contact with a suspect.

It must repeatedly, and emphatically, be stated that ‘transparency’ in the intelligence world does not mean that citizens will actually know how collected data is used. Neither does codifying surveillance practices in law minimize citizens’ concerns around surveillance. No, it instead operates as a legal shield that protects those engaged in oft-times secretive actions that are inappropriately harmful to innocent citizens. Such changes in law must be incredibly carefully examined by the public and opposed or curtailed whenever there is even the slightest possibility of abuse or infringement of citizens’ reasonable normative expectations of privacy from state intrusion and surveillance.

Categories
Aside Humour

Understanding Social Gestures

Lesson: Facebook Privacy

Categories
Writing

Facebook Censorship

I’ve tried to think of something comprehensive to say about the Facebook censorship rules for a few days now. I still don’t have something that really captures how absurd and offensive many of the items listed are. So, rather than give a holistic analysis of the document, here are a few thoughts:

Sex and Nudity

  • Point (1) indicates that permitting foreplay images between members of the same gender is somehow exception, given the statement “Foreplay allowed (Kissing, groping, etc.) even for same sex (man-man/woman-woman.” That this needs to be clearly stated is suggestive of a basic level of discomfort with same sex relationships.
  • Point (12) seems intensely hard to police, with enforcement being contingent on an employee’s own awareness of sexual fetishes. Moreover, given that the definition of a fetish is often derived from the use of inanimate objects as a stimulus to achieve sexual enjoyment/arousal, a high level of subjectivity will almost necessarily come into monitoring for the depiction of sexual fetishes “in any form.”

Hate Content

  • The note that “Humor overrules hate speech UNLESS slur words are present or the humor is not evident” is concerning because, in some circumstances, Facebook recognizes hate speech as somehow appropriate. I would suggest that the capacity for one person to detect humour is a particularly poor (and, arguably, inappropriate) evaluation metric.

Graphic Content

  • Point (1) seems immediately hard to govern, especially given that many Facebook members will support state-sanction violence towards targeted individuals. Example: would graphic comments supporting American efforts to torture Osama bin Laden be inappropriate? Is it OK to call for violence towards ‘bad’ people and not towards ‘good’ ones?
  • Point (6) prohibits the exhibition of what might be termed ‘grisly’ images that clearly show the penetration of skin. Blood or other aspects of a violent act are permitted, but the barrier of the skin is seen as special. This is suggestive of the ‘kinds’ of violence that Facebook recognizes as more or less appropriate for public viewing while imposing a particular cultural norm on a global network.
  • There is “No exception for news or awareness related content.” Thus, any news that is shared by Facebook members must conform to a specific norm of ‘appropriateness’ and failure to conform results in the removal of the content. Such an attitude speaks poorly of the company’s willingness to act as a site for individuals to communicate fully and openly: Facebook is declaring that their monetization depends, in part, on everyone being happy (or at least not shocked) and thus prohibits certain modes of expression.

Credible Threats

  • Point (3), that any threat to a head of state should be escalated, regardless of credibility, is problematic for three reasons. First: it will capture a vast number of users in a dragnet and it is unclear just little would place a user within this net (e.g. would “I fucking hate X and wish we’d just kill X” qualify?) Second: it stinks of an effort to pass responsibility to another party, so that if a particular message is ever linked to an attack then Facebook would be minimally responsible. Third: the number of potential threats can outpace professional security audit staff’s capability to ascertain real/false threats. Dragnet surveillance for this kind of behaviour is a poor means of identifying actual threats.

Those are some of my thoughts about this particular document. There are others that are still crystallizing and once/if I develop a full thought about the document I’ll be sure to post it.

Categories
Aside Links

The Big Threats to Internet Security

Dan Goodin has a good piece on one of Bruce Schneier’s recent talks. From the top of the article:

Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are more insidious because they threaten to alter the fabric of the Internet itself. They’re also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don’t recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.

The notion that government – largely composed of security novices – large corporations, and a feudal security environment (where were trust Apple, Google, etc instead of having a generalizable good surveillance footprint) are key threats of security is not terribly new. This said, Bruce (as always) does a terrific job in explaining the issues in technically accurate ways that are simultaneously accessible to the layperson. Read the article; it’s well worth your time and will quickly demonstrate some of the ‘big’ threats to online security, privacy, and liberty.

Categories
Links Writing

User vs Corporate Understandings of ‘Security’

A really interesting paper on social authentication has just been released that looks at how facial identification ‘works’ to secure social networks from unauthorized access to profiles/records. The authors note that users of social networks are most concerned in keeping their interactions private from those who know the users. Specifically, from the abstract:

Most people want privacy only from those close to them; if you’re having an affair then you want your partner to not find out but you don’t care if someone in Mongolia learns about it. And if your partner finds out and becomes your ex, then you don’t want them to be able to cause havoc on your account. Celebrities are similar, except that everyone is their friend (and potentially their enemy).

Moreover, a targeted effort to identify a users’ friends on a social network – and examine their photos – will let an attacker penetrate the social authentication mechanisms. While many users would consider this a design flaw Facebook, which uses this system, doesn’t necessarily agree because:

[Facebook] told us that the social captcha mechanism was used to solve the problem of large-scale phishing attacks. They knew it was not very effective against friends, and especially not against a jilted former lover. For that, they maintain that the local police and courts are an effective solution. They also claim that although small-scale face recognition is doable, their scraping protection prevents it being used at large scales.

What Facebook is doing isn’t wrong: they simply has a particular attacker-type in mind with regards to social authentication and have deployed a defence mechanism to combat that attacker. Most users, however, are unlikely to consider that the company has a different attack scenario in mind than its end-users, leading to anger and concern when the defence for wide-scale attacks fails to protect against targeted attackers. While I don’t see this as a security or policy failure, it is suggestive that companies would be well advised to explain to their users how different security inconveniences actually interact with different hack/attack scenarios. Beyond educating users as to what they can expect from the various defence mechanisms, it might serve to raise some awareness about the different kinds of attackers that companies have to defend against. In an ideal world, this might serve as a beginning point in educating users to become more critical of the security models that are imposed upon them by corporations, governments, and other parties they deal with.

Categories
Quotations

Phone hacking, for the most part, depends on remote access. Hackers obtain unprotected phone numbers from a variety of sources – Facebook must be a favorite – or by social engineering. PINs, for the most part, are easy to guess. Hacking typically takes place in the legitimate user’s absence.

Unless Apple or Google plans to bar remote access to devices, facial recognition security surely only solves a small part of the problem. Back to the drawing board.

~Kim Davis, from Internet Evolution

Categories
Links

Real-Life Examples Of How Google’s “Search Plus” Pushes Google+ Over Relevancy

Pretty well required reading at the moment if you’re interested in the consequences of Google integrating their own social products into their search results. I’d really recommend reading the whole thing but, if not, at least take a glance at Danny Sullivan’s takeaway:

 It’s not Google’s job to be sticking it to anyone with its search results. Those results are supposed to be showing what are the most relevant things for searchers out there. That’s how Google wins. That’s how Google sticks it to competitors, by not trying to play favorites in those results, nor by trying to punish people through them.

The Google+ suggestions are indeed search results, to me. Right now, they’re search results on who to follow on Google+. I think they could be better search results if they were who to follow on any social network, anywhere.