Tag: Governance

Categories
Links Writing

Learning from Service Innovation in the Global South

Western policy makers, understandably, often focus on how emerging technologies can benefit their own administrative and governance processes. Looking beyond the Global North to understand how other countries are experimenting with administrative technologies, such as those with embedded AI capacities, can productively reveal the benefits and challenges of applying new technologies at scale.

The Rest of the World continues to be a superb resource for getting out of prototypical discussions and news cycles, with its vision of capturing people’s experiences of technology outside of the Western world.

Their recent article, “Brazil’s AI-powered social security app is wrongly rejecting claims,” on the use of AI technologies South American and Latin American countries reveals the profound potential that automation has for processing social benefits claims…as well as how they can struggle with complex claims and further disadvantage the least privileged in society. In focusing on Brazil, we learn about how the government is turning to automated systems to expedite access to service; while in aggregate these automated systems may be helpful, there are still complex cases where automation is impairing access to (now largely automated) government services and benefits.

The article also mentions how Argentina is using generative AI technologies to help draft court opinions and Costa Rica is using AI systems to optimize tax filing and detect fraudulent behaviours. It is valuable for Western policymakers to see how smaller or more nimble or more resource constrained jurisdictions are integrating automation into service delivery, and learn from their positive experiences and seek to improve upon (or avoid similar) innovation that leads to inadequate service delivery.

Governments are very different from companies. They provide service and assistance to highly diverse populations and, as such, the ‘edge cases’ that government administrators must handle require a degree of attention and care that is often beyond the obligations that corporations have or adopt towards their customer base. We can’t ask, or expect, government administrators to behave like companies because they have fundamentally different obligations and expectations.

It behooves all who are considering the automation of public service delivery to consider how this goal can be accomplished in a trustworthy and responsible manner, where automated services work properly and are fit for purpose, and are safe, privacy protective, transparent and accountable, and human rights affirming. Doing anything less risks entrenching or further systematizing existing inequities that already harm or punish the least privileged in our societies.

Categories
Writing

Sophos Risks Legitimizing Hack Back Activities

Each week is seemingly accompanied by news of some perimeter security appliance being successfully exploited by adversaries. Sophos has produced a reportcovered by Wired — which outlines their 5-year efforts to identify and combat such adversaries. It’s a wild read both in terms of the range of activities undertaken by Sophos and for making clearer to the public the range of intelligence activities that private organizations undertake as part of their cybersecurity operations.

Some of the major revelations, and activities undertaken, by Sophos include:

  • A broader group of China-based researchers developed hacking techniques and supplied them to Chinese government APTs.
  • Historically the exploitation of Sophos appliances was being carried out using 0-days but, in recent assessments, APTs are using N-days to target end-of-life equipment.
  • Sophos included code in one of its hotfixes to obtain additional information from consumer devices and expose more information about adversaries to the company.
  • Sophos went to far as to deploy, “its own spy implants to the Sophos devices in Chengdu they were testing on—essentially hacking the hackers, albeit only through code added to a few installations of its own products the hackers had obtained.”
  • Targets of Chinese APTs were often located throughout Asia, and most recently included “another country’s nuclear energy regulatory agency, then a military facility in the same country and the airport of the country’s capital city, as well as other hacking incidents that targeted Tibetan exiles.”
  • Sophos found that the adversaries had built a bootkit which is designed to infect low-level code. The company is asserting this may be the first time a firewall bootkit has ever been seen. They have no intelligence that it has ever been deployed in the wild.

It’s uncommon for the details of how private companies have developed their defensive strategies over a longer period of time to be made public, and so this is helpful for broadening the space for discussion. Sophos’ activities are, also, significant on the basis that the private company implanted its own systems to develop intelligence concerning its Chinese adversaries.

There has been extensive normative and legal discussion on the risks linked with “hacking back” and Sophos’ actions are another step towards normalizing such behaviour, albeit under the auspice of a company targeting its own equipment. I personally don’t think that Sophos’ defence that they were targeting their own equipment meaningfully isolates the broader implications of their actions. Perimeter appliances are extensively deployed and their decision may both normalize such behaviours broadly by private firms for their own ends and, also, further open the doors to some governments pressuring private firms to deploy implants on behalf of said governments. Neither of these trajectories are likely to end well.

Categories
Aside Links

MPs consider contempt charges for Canadian company linked to Cambridge Analytica after raucous committee meeting

Aggregate IQ executives came to answer questions before a Canadian parliamentary committee. Then they had the misfortune of dealing with a well-connected British Information Commissioner, Elizabeth Denham:

At Tuesday’s committee meeting, MPs pressed Silvester and Massingham on their company’s work during the Brexit referendum, for which they are currently under investigation in the UK over possible violations of campaign spending limits. Under questioning from Liberal MP Nathaniel Erskine-Smith, Silvester and Massingham insisted they had fully cooperated with the UK information commissioner Elizabeth Denham. But as another committee member, Liberal MP Frank Baylis, took over the questioning, Erskine-Smith received a text message on his phone from Denham which contradicted the pair’s testimony.

Erskine-Smith handed his phone to Baylis, who read the text aloud.  “AIQ refused to answer her specific questions relating to data usage during the referendum campaign, to the point that the UK is considering taking further legal action to secure the information she needs,” Denham’s message said.

Silvester replied that he had been truthful in all his answers and said he would be keen to follow up with Denham if she had more questions.

It’s definitely a bold move to inform parliamentarians, operating in a friendly but foreign jurisdiction, that they’re being misled by one of their witnesses. So long as such communications don’t overstep boundaries — such as enabling a government official to engage in a public witchhunt of a given person or group — these sorts of communications seem essential when dealing with groups which have spread themselves across multiple jurisdictions and are demonstrably behaving untruthfully.

Categories
Links

Rampant telecom surveillance conducted with little transparency, oversight

Rampant telecom surveillance conducted with little transparency, oversight:

Canadian telecommunications providers have been handing over vast amounts of customer information to law enforcement and government departments and agencies with little transparency or oversight, a new report says.

“We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly,” says the report released by Citizen Lab today that examines how Canadian telecommunications data is monitored, collected and analyzed by groups such as police, intelligence and government agencies.

The report also criticizes the government’s “irresponsibility surrounding accountability” with respect to telecommunications surveillance. It warns that that could endanger the development of Canada’s digital economy and breed cynicism among citizens.

“Access to our private communications is incredibly sensitive,” said Christopher Parsons, lead author of the study and a postdoctoral researcher at Citizen Lab, which conducts research on information technology in the context of human rights and global security.

The report, funded by the Canadian Internet Registration Authority, showed Canadians recognize this and are very concerned.

But despite that, evidence suggests governments and law enforcement have been demanding millions of subscriber records from telecom firms in recent years.

“It raises real questions about the appropriateness of the powers or perhaps the appropriateness of the mandates or aggressiveness of the agencies that currently look to keep Canadians safe,” Parsons said.

Outdated laws

He noted there’s no way to know what the requests were about, how many there were or whether any one person’s data was requested, as Canadian law doesn’t require police to record or report any of that information.

Outdated laws require government departments and agencies to report telecommunications interceptions, but not access to stored communications such as emails and text messages, nor “non-sensitive” information such as records of calls dialed and received.

The Canada Border Services Agency is one of the few government departments that tracks such requests. In 2012 and 2013, it made 18,849 requests for telecommunications information. None were interceptions, the study found.

“That really indicates that the interception reports, while they’re very rigorous, they’re such a limited data set that they really don’t explain to parliamentarians or the public the extent or kind of surveillance that are commonplace in Canada today,” Parsons said.

A Supreme Court decision last year has forced police to start getting a warrant before requesting subscriber information from telecoms. While that has slashed the number of police requests for data, Parsons warns that new legislation that is currently before the Senate could make it easy for telecom data to be shared among police and government agencies.

New bill a concern

Bill C-51 would allow, for example, the Canada Revenue Agency to request information about a telecom customer related to a tax issue, then pass it on to the CBSA, RCMP or CSIS to probe something only marginally related, Parsons said.

Meanwhile, oversight bodies such as the privacy commissioner of Canada have no way to share information with other oversight bodies, such as the Security Intelligence Review Committee, which oversees CSIS.

And while the privacy commssioner can go to court to force private companies to comply with Canadian privacy laws, it can’t do that with government departments or agencies under the Privacy Act, Parsons said.

Another concern cited in the report is that governments and telecommunications companies have spent the past decade or so negotiating behind closed doors about technology to allow interceptions and the types of interceptions that should be mandated into law.

“I think that’s incredibly inappropriate,” Parsons said. Such interceptions are “something that we just need to do in contemporary law and order environment, but doesn’t have to take place in secretive back rooms.” He believes discussions about it should involve the public.

The report offers a long list of recommendations for corporations and government as to how they can become more transparent and accountable about telecommunications surveillance.

For example, Parsons hopes that Canadian telecommunications companies, which have just started releasing transparency reports about requests for customer data, will begin to issue more standardized and detailed reports as they do in the U.S.

He added, “I think we’re absolutely behind.”

Categories
Links Writing

Stubborn negatives undermine Tories’ shot at another majority

Den Tandt writes:

Third, and most important: The Conservative government, read the prime minister, has ignored this glaring strategic reality: To counter a Trudeau-led Liberal party and a Mulcair-led NDP, the Conservatives needed to curb their anti-democratic tendencies — epitomized by omnibus bills and constant, intransigent resistance to compromise, which looks like the arrogance of long-held power — and make themselves credible on the environment. Unfortunately for their more moderate supporters, they have done neither; if anything, they’ve doubled down.

Core Conservative support, just under 30 per cent of the voting population, has kept the party more than solvent; but it can’t win it a majority. That is a fundamental problem for the Harper team, and one it has precious little time to solve.

While I’d like to agree that the current governing party of Canada’s anti-democratic approaches should cost it seats, if not the election, I have strong doubts. I often speak with Canadians (of various political stripes)  and ask whether they want decisive action (demonstrated in the form of the current government’s omnibus legislation) or a more drawn out periods of action as parties communicate to develop some kind of quasi-consensus on issues (often as characterized in a minority government situation). Save for the extremely rare person, most state a preference for decisiveness and regard omnibus legislation as efficient. The rationale is almost always that ‘government should be doing things, not stuck just talking for a long time and wasting taxpayer monies’.

Personally, I find such responses extremely depressing. But if my anecdotal conversations have any resonance with the broader Canadian public then I’d be doubtful that ‘anti-democratic’ approaches to governance will be what relieves the current governing party from power. Scandal, perhaps, but I don’t even think the Duffy affair is sufficiently scandalous to cost the government too much.

Categories
Quotations

2014.3.24

There is a notable distinction between forms of privatization of military and bureaucratic state functions and examples of Internet governance privatization. Whereas the outsourcing of law enforcement functions or bureaucratic tasks normally involves financial compensation to the private entity delegated these functions, a unique feature in Internet governance is the expectation that some private entities, whether information intermediaries, or financial and transactional intermediaries, should be compelled to carry out law enforcement functions traditionally performed by the state without compensation and often with additional expense and possibly even liability exposure.

Laura DeNardis. The Global War for Internet Governance.
Categories
Aside Links

Canada’s electronic spy agency uncovers wrongdoing, ethics breaches

OTTAWA – An investigation at Canada’s secretive eavesdropping agency has uncovered misuse of public assets and “serious breaches” of the spy outfit’s values and ethics code.

the agency took “various measures” with regard to the employees in question.

CSEC spokesman Ryan Foreman said that for privacy reasons he could not release any information about “specific employees involved in this disclosure of wrongdoing.”

Foreman also refused to discuss the number and type of employees implicated, whether anyone was disciplined or fired, what kind of public assets were involved or their value.

Nor would he say when the matter came to CSEC’s attention, or when were the corrective steps were taken.

“They basically tell you nothing,” said Liberal public safety critic Wayne Easter.

NDP defence critic Jack Harris said the response “shows an unwillingness to be up-front with the public.”

“It just seems to me to be a public-relations response which doesn’t do much to inspire trust and confidence, frankly,” Harris said in an interview

My money is that in terms of misuse, facilities were being used to store, access, or download copyright infringing materials. And, in terms of asset misuse, I have at least one very good idea what that might have encompassed…

Source: Canada’s electronic spy agency uncovers wrongdoing, ethics breaches

Categories
Aside Links

In sudden announcement, US to give up control of DNS root zone

Signs point to fallout from NSA spying that lead to “multi-stakeholder” model.

This is incredibly huge news. However, given the incredible influence of the Government Advisor Council and relative denigration of the Non-Commercial Users Constituency the shift to multistakeholder governance is going to be fraught with sweet words to distract people from the real politik that has largely consumed Internet governance.

Categories
Aside

New Book!

The book that was waiting in my mailbox when I got home!

Categories
Quotations

2013.2.11

Reality turned out to be much more complicated. What we forgot is that technology magnifies power in both directions. When the powerless found the Internet, suddenly they had power. But while the unorganized and nimble were the first to make use of the new technologies, eventually the powerful behemoths woke up to the potential – and they have more power to magnify. And not only does the Internet change power balances, but the powerful can also change the Internet. Does anyone else remember how incompetent the FBI was at investigating Internet crimes in the early 1990s? Or how Internet users ran rings around China’s censors and Middle Eastern secret police? Or how digital cash was going to make government currencies obsolete, and Internet organizing was going to make political parties obsolete? Now all that feels like ancient history.

Bruce Schneier, “Power and the Internet