Link

🦓 Zebra Crossing: an easy-to-use digital safety checklist

There are a lot of different security guides, but I think that in terms of trying to balancing being comprehensive, accessible, and directly actionable, Zebra Crossing is amongst the better guides out there. Who’s it for?

1. You use the internet on a day-to-day basis – for work, social media, financial transactions, etc.

2. You feel you could be doing more to ensure your digital safety and privacy, but you’re not in immediate danger. (If you are, seek out an expert for a one-on-one consult.)

3. You’re comfortable with technology. For example, you’re comfortable going into the settings section of your computer/smartphone.

How should it be used?

1. Recommendations have been sorted in ascending levels of difficulty. Start from level one and work your way up!

2. Everyone should follow the recommendations in levels one and two. They will protect you from the widely-used (yet simple) attacks. Going through them shouldn’t take more than 1-2 hours.

3. Level three is a bit more involved in terms of time and money and may not be 100% necessary. But if you’re worried at all and can afford to, we recommend going through that list too. Depending on the amount of digital housekeeping you have to do, it may take anywhere from an hour to an afternoon.

4. The scenarios listed after are for higher-stakes situations — scan them to see if any of them apply to you. (Because the stakes are higher, they assume that you’ve done everything in levels 1-3.)

Another great resource is Consumer Reports’ Security Planner. While it’s not designed to comprehensively guide you through upgrading your security profile, it is probably even better for helping individuals improve specific security practices.

Link

Trump staffers worried about, and strategizing for, their next job

Per Politco, Trump staffers are worrying about their next job. I cannot believe that people working in the current administration continue to be given anonymity by the press: employees of the White House have knowingly supported a morally and ethically bankrupt president and administration, and what they’re most concerned about following the horror show of yesterday is their job prospects?

Expose them. Make them accountable for their culpability in what they have helped to nurture into existence. These people do not deserve anonymity.

Link

Privacy and Contemporary Motorvehicles

Writing for NBC News, Olivia Solon provides a useful overview of just how much data is collected by motor vehicles—using sensors embedded in the vehicles as well as collected by infotainment systems when linked with a smartphone—and how law enforcement agencies are using that information.

Law enforcement agencies have been focusing their investigative efforts on two main information sources: the telematics system — which is like the “black box” — and the infotainment system. The telematics system stores a vehicle’s turn-by-turn navigation, speed, acceleration and deceleration information, as well as more granular clues, such as when and where the lights were switched on, the doors were opened, seat belts were put on and airbags were deployed.

The infotainment system records recent destinations, call logs, contact lists, text messages, emails, pictures, videos, web histories, voice commands and social media feeds. It can also keep track of the phones that have been connected to the vehicle via USB cable or Bluetooth, as well as all the apps installed on the device.

Together, the data allows investigators to reconstruct a vehicle’s journey and paint a picture of driver and passenger behavior. In a criminal case, the sequence of doors opening and seat belts being inserted could help show that a suspect had an accomplice.

Of note, rental cars as well as second hand vehicles also retain all of this information and it can then be accessed by third-parties. It’s pretty easy to envision a situation where rental companies are obligated to assess retained data to determine if a certain class or classes of offences have been committed, and then overshare information collected by rental vehicles to avoid their own liability that could follow from failing to fully meet whatever obligations are placed upon them.

Of course, outright nefarious actors can also take advantage of the digital connectivity built into contemporary vehicles.

Just as the trove of data can be helpful for solving crimes, it can also be used to commit them, Amico said. He pointed to a case in Australia, where a man stalked his ex-girlfriend using an app that connected to her high-tech Land Rover and sent him live information about her movements. The app also allowed him to remotely start and stop her vehicle and open and close the windows.

As in so many different areas, connectivity is being included into vehicles without real or sufficient assessment of how to secure new technologies and defray harmful or undesirable secondary uses of data. Engineers rarely worry about these outcomes, corporate lawyers aren’t attentive to these classes of issues, and the security of contemporary vehicles is generally garbage. Combined, this means that government bodies are almost certainly going to expand the ranges of data they can access without having to first go through a public debate about the appropriateness of doing so or creation of specialized warrants that would limit data mining. Moreover, in countries with weak policing accountability structures, it will be impossible to even assess the regularity at which government officials obtain access to information from cars, how such data lets them overcome other issues they state they are encountering (e.g., encryption), or the utility of this data in investigating crimes and introducing it as evidence in court cases.

Link

Links for December 14-18, 2020

Links for December 14-18, 2020

  • The coming war on the hidden algorithms that trap people in poverty || “A family member lost work because of the pandemic and was denied unemployment benefits because of an automated system failure. The family then fell behind on rent payments, which led their landlord to sue them for eviction. While the eviction won’t be legal because of the CDC’s moratorium, the lawsuit will still be logged in public records. Those records could then feed into tenant-screening algorithms, which could make it harder for the family to find stable housing in the future. Their failure to pay rent and utilities could also be a ding on their credit score, which once again has repercussions.” // The harms done by automated decision making are deeply under appreciated, and routinely harm those whom society has set aside as ‘appropriate’ test subjects for these inequitable technologies. It’s abhorrent, unethical, and unjust.
  • Understanding 5g, and why it’s the future (not present) for mobile communications – tidbits // This is the most accessible, and helpful, primer for 5G that I think I’ve come across this year.
  • How Russia wins the climate crisis || “…agriculture offers the key to one of the greatest resources of the new climate era — food — and in recent years Russia has already shown a new understanding of how to leverage its increasingly strong hand in agricultural exports. In 2010, when wildfires and drought conspired to ruin Russia’s grain harvests, Putin banned the exporting of wheat in order to protect his own people, then watched as global wheat prices tripled. The world reeled in response. From Pakistan to Indonesia, poverty increased. High prices rocked delicate political balances in Syria, Morocco and Egypt, where about 40 percent of daily caloric intake is from bread. The shortages poured fuel on Arab Spring uprisings, which eventually pushed millions of migrants toward Europe, with destabilizing effect — a bonus for Russian interests. And much of this turmoil began with wheat. As Michael Werz, a senior fellow for climate migration and security at the Center for American Progress, says, “There’s a reason people demonstrated with baguettes in Cairo.”” // Bread will, once more, be a functional weapon of war as climate change devastates currently fertile land and enables authoritarian countries to express their will—and encourage chaos—by withholding the nutrients required for life itself. One can only hope that countervailing democracies in the Nordic nations and Canada can acts as sufficient counterbalances to withstand potential Russian malfeasance.
  • The outbreak that invented intensive care || “Comparisons are being made to the 1918 influenza pandemic — eerily, just over a century ago — which had a mortality that might turn out similar. But that outbreak occurred without a ventilator in sight. Is this new disease, in fact, more deadly? Thanks to what my predecessors learnt in Copenhagen almost 70 years ago, we can, in some parts of the world, offset the havoc of COVID-19 with mechanical ventilation and sophisticated intensive care that was not available in 1918. But it is as COVID-19 continues to spread in areas that do not have ICU beds — or not nearly enough of them — that we will, sadly, learn the true natural course of this new virus.” // It’s incredible that, until 1952, we didn’t have modern ventilators, and worrying that the ‘true’ mortality of the current pandemic may only be apparent after studies are conducted of countries where contemporary medical technologies are often unavailable.
  • How infectious disease defined the American bathroom || “When architects designed homes in the wake of the 1918 flu pandemic and World War I, they typically took one of two approaches to the recent traumas. The first was to start at the ground-up and rethink everything, like Modernists and the Bauhaus did in the 1920s. The second — and far more common — tactic was to try to forget about the trauma and make ourselves comfortable, which bolstered the popularity of Art Deco design, according to Dianne Pierce, adjunct professorial lecturer in decorative arts and design history at the George Washington University.” // The links between human perceptions of health and safety, and the design and configuration of where we live, are fascinating. The extent(s) to which there will be substantial changes in how we build out homes and living areas will similarly be curious: will design change as a result of the current pandemic or, instead, will we see an active effort to not change or to ignore the events of the past (and coming) year?
Link

Russia, China, the USA and the Geopolitical and National Security Implications of Climate Change

Lustgarden, writing for the New York Times, has probably the best piece on the national security and geopolitical implications of climate change that I’ve recently come across. The assessment for the USA is not good:

… in the long term, agriculture presents perhaps the most significant illustration of how a warming world might erode America’s position. Right now the U.S. agricultural industry serves as a significant, if low-key, instrument of leverage in America’s own foreign affairs. The U.S. provides roughly a third of soy traded globally, nearly 40 percent of corn and 13 percent of wheat. By recent count, American staple crops are shipped to 174 countries, and democratic influence and power comes with them, all by design. And yet climate data analyzed for this project suggest that the U.S. farming industry is in danger. Crop yields from Texas north to Nebraska could fall by up to 90 percent by as soon as 2040 as the ideal growing region slips toward the Dakotas and the Canadian border. And unlike in Russia or Canada, that border hinders the U.S.’s ability to shift north along with the optimal conditions.

Now, the advantages faced by Canada might be eroded by a militant America, and those of Russia similarly threatened by a belligerent and desperate China (and desperate Southeast Asia more generally). Regardless, food and arable land are generally likely to determine which countries take the longest to most suffer from climate change. Though, in the end, it’s almost a forgone conclusion that we are all ultimately going to suffer horribly for the errors of our ways.

Link

Links for December 7-11, 2020

Links for December 7-11, 2020

  • Frustrating the state: Surveillance, public health, and the role of civil society || “…surveillance in times of crisis poses another threat. By granting states unfettered power through emergency orders, data collected through digital surveillance could be shared across agencies and used for purposes beyond the original intention of fighting COVID-19. In states where democratic backsliding has been underway, surveillance could be used to deter dissent and silence government critics. According to Verisk Maplecroft, a risk consultancy firm, Asia is now the highest risk region in both their “Right to Privacy” and “Freedom of Opinion and Expression” indices as “strongmen” in Asia capitalize on the pandemic.” // Surveillance is, almost by its nature, inequitable and the potential harms linked with pandemic surveillance are neither novel nor unforeseeable.
  • Rebecca Solnit: On not meeting nazis halfway || “… the truth is not some compromise halfway between the truth and the lie, the fact and the delusion, the scientists and the propagandists. And the ethical is not halfway between white supremacists and human rights activists, rapists and feminists, synagogue massacrists and Jews, xenophobes and immigrants, delusional transphobes and trans people. Who the hell wants unity with Nazis until and unless they stop being Nazis?”
  • Instagram’s latest middle finger || “…Instagram is now nearly completely unrecognizable from the app that I fell in love with. The feed of images is still key, but with posting now shoved into a corner, how long until that feed becomes a secondary part of the service?” // Cannot agree more.
  • The Epicenter // The storytelling for this piece on the experiences of the Covid-19 outbreak is poorer areas of New York by the NYT is simultaneously beautiful and heartbreaking.
  • Poor security at online proctoring company may have put student data at risk || “Kumar, CEO of Proctortrack’s parent company Verificient, says students have “valid concerns” and that he sympathizes with their discomfort. Proctoring software is “intrusive by nature” he says, but “if there’s no proctoring solution, institutions will have to totally change how they provide exams. Often you can’t do that given the time and limitations we have.”” // Justifying producing a gross product on the basis that if you didn’t other organizations would have to behave more ethically is a very curious, and weird, way of defending your company’s very existence.
  • China rethinking its role || “China’s use of war memory to shape its international position has been much less effective overseas than it has at home. However, the significance of its efforts is real, and may become more effective over time. China wants to create a global narrative around itself which shares a common understanding of the modern world – the idea that 1945 is the beginning of the current order – but places China at the heart of the creation and management of that order. The narrative had more power during an era when the US, anomalously, had a leader who cared little for the order shaped by America in Asia since 1945. Now that a president with a more long-range view of the role of the United States is about to take office, we may see something different again: two differing versions of what 1945 meant in Asia, as defined by Beijing and Washington – and the competition for moral standing that comes from the embrace of that legacy.” // This is a fascinating recounting of how China is re-interpreting activities undertaken by Nationalist forces during World War Two, today, to justify its efforts to be more assertive in the international order today. Like so much in China, understanding how narratives are built and their domestic and foreign rationales and perceived utility is critical to appreciate the country’s foreign policy ambitions, and those ambitions’ potentials and limitations.
Link

Links for November 23-December 4, 2020

  • When AI sees a man, it thinks “official.” a woman? “smile”| “The AI services generally saw things human reviewers could also see in the photos. But they tended to notice different things about women and men, with women much more likely to be characterized by their appearance. Women lawmakers were often tagged with “girl” and “beauty.” The services had a tendency not to see women at all, failing to detect them more often than they failed to see men.” // Studies like this help to reveal the bias baked deep into the algorithms that are meant to be ‘impartial’, with this impartiality truly constituting a mathwashing of existent biases that are pernicious to 50% of society.
  • The ungentle joy of spider sex | “Spectacular though all this is, extreme sexual size dimorphism is rare even in spiders. “It’s an aberration,” Kuntner says. Even so, as he and Coddington describe in the Annual Review of Entomology , close examination of the evolutionary history of spiders indicates that eSSD has evolved at least 16 times, and in one major group some lineages have repeatedly lost it and regained it. The phenomenon is so intriguing it’s kept evolutionary biologists busy for decades. How and why did something so weird evolve?” // This is a truly wild, and detailed, discussion of the characteristics of spider evolution and intercourse.
  • Miley Cyrus-Plastic Hearts // Consider me shocked, but I’m really liking Cyrus’ newest album.
Link

Provincial Governments Have Failed to Protect Us

Lauren Dobson-Hughes.

“Across the country, governments failed to invest enough resources in test, trace and isolate systems. In most provinces, they did not make timely investments in school ventilation or hire more teachers, or prepare the restaurant industry for prolonged winter closing, or shut down workplaces that exposed minimum-wage workers to infection, or hire more long-term care home workers. They issued conflicting, byzantine communications to individual people that boiled down to ‘don’t do any activities unless you’re paying a private company to host them’.

Provincial governments did not come up with compassionate policies that addressed structural barriers to people staying safe. They came up with “personal responsibility,” telling citizens to knock it off or they’ll turn the car around right now. The only realm of life governments seemed willing to regulate was our social lives. It does no good being scolded to stay home if you live in a tiny, cold apartment and have to take public transit to your low-paid, unsafe workplace because you need the income.

As someone who lives in a city going into lockdown I cannot agree more strongly.

Link

To What Extent is China’s Control of Information a Cyber Weakness?

Lawfare has a good piece on How China’s control of information is a cyber weakness:

“Policymakers need to be aware that successful competition in cyberspace depends on having intrinsic knowledge of the consequences a democratic or authoritarian mode of government has for a country’s cyber defense. Western leaders have for a long time prioritized security of physical infrastructure. This might translate into better cyber defense capabilities, but it leaves those governments open to information operations. At the same time, more authoritarian-leaning countries may have comparative advantages when it comes to defending against information operations but at the cost of perhaps being more vulnerable to cyber network attack and exploitation. Authoritarian governments may tolerate this compromise on security due to their prioritization of surveillance and censorship practices.

I have faith that professionals in the intelligence community have previously assessed this divide between what democracies have developed defences against versus what countries like China have prepared against. Nonetheless this is a helpful summary of the two sides of the coin.

I’m less certain of a subsequent argument made in the same piece:

These diverging emphases on different aspects of cybersecurity by democratic and authoritarian governments are not new. However, Western governments have put too much emphasis on the vulnerability of democracies to information operations, and not enough attention has been dedicated to the vulnerability of authoritarian regimes in their cyber defenses. It is crucial for democratic governments to assess the impact of information controls and regime security considerations in authoritarian-leaning countries for their day-to-day cyber operations.”

I really don’t think that intelligence community members in the West are ignorant of the vulnerabilities that may be present in China or other authoritarian jurisdictions. While the stories in Western media emphasize how effective foreign operators are extracting data from Western companies and organizations, intelligence agencies in the Five Eyes are also deeply invested in penetrating strategically and tactically valuable digital resources abroad. One of the top-line critiques against the Five Eyes is that they have invested heavily on offence over defence, and the article from Lawfare doesn’t really ever take that up. Instead, and inaccurately to my mind, it suggests that cyber defence is something done with a truly serious degree of resourcing in the Five Eyes. I have yet to find someone in the intelligence community that would seriously assert a similar proposition.

One thing that isn’t assessed in the article, and which would have been interesting to see considered, is the extent(s) to which the relative dearth of encryption in China better enables their defenders to identify and terminate exfiltration of data from their networks. Does broader visibility into data networks enhance Chinese defenders’ operations? I have some doubts, but it would be curious to see the arguments for and against that position.

Link

Unintentionally Supporting Bad Policy

A way forward for U.S. Policy on TikTok:

“Hu Xijin, the editor of the Chinese state media outlet the Global Times, weighed in recently on the most recent merger proposal. “The US restructuring of TikTok’s stake and actual control should be used as a model and promoted globally,” remarked Hu on Twitter. “Overseas operation of companies such as Google, Facebook shall all undergo such restructure and be under actual control of local companies for security concerns.”

It’s not exactly a good sign for Chinese state media to tout a U.S. play designed to be “tough on China” as a model for global behavior. The United States may be bumbling its way into a precedent the consequences of which it has yet to anticipate. “

This was exactly the concern that was raised by experts in North America the second after the Trump administration proposed its bumblingly-stupid approach to TikTok. With the American policy in place it’s going to be that much harder for Western companies operating in China to have convincing arguments that they shouldn’t need to partner with Chinese organizations tans engage in manufacturing, technology, or intellectual property disclosures as a condition of doing business in China. And the issue won’t end in China: American (and other countries’) businesses are almost certain to have (now) US-framed arguments thrown at them when operating all around the world whenever there is even a marginal ‘national security’ concern linked to the foreign company’s operations.