- Chinese gov't promises crackdown on Human Flesh Searches - It's all fun and games until the internet starts targeting Party Officials. Previous coverage here.
- I Saw America Naked - Anonymous anti-TSA blogger outs himself, announces book deal.
- The legacy of the Superbowl 38 'wardrobe malfunction'
- Crazy true story: at age 26, Jesse Willms has already made and lost several fortunes running scams on the internet
- Meet Dogecoin - proof that 'crypto-currencies' have jumped the shark. For more proof, see Coinye.
- It's not the internet that's killing Higher Ed - Clay Shirky writes that American universities are adapted to a world that no longer exists.
- It's a bad idea to make political posts on Facebook
- Hacker story: they stole this guy's rare Twitter username by using 'social engineering' to get access to his PayPal and GoDaddy accounts.
Friday, January 31, 2014
Sunday, January 12, 2014
That's the question one family is asking after learning that their daughter Ashley is genetically unrelated to her father Jeff. Accidental specimen mix up at the University of Utah fertility clinic where Ashley was conceived? Nope. It appears to have been the deliberate work of a troubled but intelligent clinic employee named Tom Lippert.
The University of Utah's refusal to follow up on the Lippert case and see if he may have surreptitiously fathered children for other clinic patients is troubling, to say the least.
Paula discovered that after marrying his third wife and being released from prison, Tom had lived in Minnesota for a few years. He eventually moved to Salt Lake City, taking classes at BYU, and his first job was working in the Reproductive Technologies fertility clinic where he was employed for nine years from 1986-1995. This begs the question: Could he have fathered hundreds of children? Paula realized that those dozens of photos that Tom so proudly displayed behind his desk may have been his biological children.You can read the whole, bizarre saga here. The story appears on a geneology and genetic testing website and has a strong slant in favor of services like 23andMe, but is fascinating nonetheless.
The University of Utah's refusal to follow up on the Lippert case and see if he may have surreptitiously fathered children for other clinic patients is troubling, to say the least.
Thursday, January 2, 2014
The New WorldThe world changed in 2013. There was the time before Edward Snowden, and there was the time after Edward Snowden. We live in the time after, and we can never go back to the way things were.
On May 20th, 2013, Edward Snowden, a geeky young NSA contractor, boarded a flight from Hawaii to Hong Kong, knowing that he would probably never be able to return. Snowden had already sent some or all of a massive document cache to Glenn Greenwald at The Guardian and Barton Gelllmen at the Washington Post. Those documents described the inner workings of a suite of immense surveillance programs run by the NSA. By June 6, the Guardian and the Post had published their first stories on an NSA program named PRISM, designed to capture, in bulk, the internet activity of users around the globe; and another program which collected the metadata for all phone calls made in the US.
These would be only the first in a series of continuing revelations. Before Snowden, any one of these news stories on its own would have been front page news for weeks. But what has really been exceptional is that the stories have kept coming, headline after headline, a relentless onslaught of disturbing revelations. The waves of leaks have become a flood, smashing to pieces our naive pre-Snowden view of the world. Before Edward Snowden we believed that people mostly go about their lives unsurveilled, unnoticed by the intelligence mechanisms of the state. Now we know the opposite is true.
The State of Surveillanceentire nations*. They siphon data from the corporations that control the internet; both overtly, via National Security Letters, and covertly, tapping into the data streams flowing between servers. Where information is encrypted, they work to break that encryption. They store all of this information in huge data centers. And once they have this data, they can search through it effortlessly.
This didn’t happen overnight of course. Like most sea changes, it was going on right under our noses for years. June of 2013 is simply when the public began to wake up to what had already happened.
For years, the conventional wisdom within IT circles was that although the government theoretically could conduct mass surveillance using the tools of the information age, in practice it would be swamped by the sheer volume of data. Even if the practical details could be ironed out, conventional wisdom said, it would be too sophisticated an operation for a government agency to undertake. To understand the reasoning here, one need only look at the hash the Department of Health and Human Services has recently made of the HealthCare.gov rollout.
But government agencies are not all alike, and the NSA is one of the world’s foremost employers of mathematicians and cryptographers, respected even by the private sector. Meanwhile, over the last fifteen years private companies like Google and IBM have invested extensively in tools that can make sense of vast reams of data. These tools have the capability to mine enormous quantities of information for correct answers to specific queries. The NSA simply borrowed these tools and modified them to meet its needs.
There’s nothing obviously sinister about a simple Google web search or IBM’s Watson beating Ken Jennings at Jeopardy. Yet these are the foundational technologies that the NSA’s surveillance apparatus is built on. They have enabled the government to build a bulk surveillance system that made the contents of every email sent around the globe available to NSA operatives at a keystroke.
As a bonus to the NSA, those same companies don't simply develop tools, they provide services to the world's internet users. Billions of searches go through Google. The bulk of all emails are sent from Google, Microsoft and Yahoo addresses. People map out their social connections on Facebook. And the NSA has front door and back door access to all this data.
The NSA can do much more than passively scoop up data - they also have sophisticated tools of spycraft for targeting individual systems.Targeted hacks are known as Tailored Access Operations (TAO). NSA hackers can take advantage of the NSA’s collection of publicly un-identified software exploits, which the agency apparently purchases on the black market (the vulnerable software companies are not informed). Or they might just intercept that new computer you ordered and bug your USB cables.
Of course TAO is closer to the kind of activity people might expect of the NSA, targeted operations designed to conduct surveillance on specific persons of interest. But the NSA has also helped tap cell phones and setup fake internet cafes to capture diplomatic secrets. It has used its on-the-ground operatives to tap into undersea cables and data trunklines between tech company servers. Apparently deciding its power to compel these companies to turn over data was too limited or slow, the NSA has compromised them in secret.
The Machine in the television show Person of Interest is perhaps closer to the mark on surveillance tech: it listens to phone calls, watches CCTV cameras and tracks cell phones to identify threats. But Person’s fictional Machine is a black box that cannot be accessed by the government or any other third party. The NSA operates under no such restrictions.
In his book on the end of World War II, Retribution, Max Hastings notes that President Truman never gave an order to drop the atomic bomb on Japan. Undoubtedly he could have given an order to stop it, but he did not, despite private misgivings. It seems that once we had the bomb, it was inevitable that we would use it on our enemies.
There is a lesson to be learned here about bureaucracy and technology.
Some of the Snowden papers have revealed that the NSA tapped the cellphones of allied leaders and collected bulk data on friendly nations. The political fallout from these revelations has been substantial. The question has been asked, “Why would they do this?” The answer is simple: because they could, and no one told them not to.
The development and use of atomic weapons lead directly to the Cold War, which had an outsized effect on geopolitical events for the next forty years. Like atomic weaponry, the existence of bulk surveillance technology is a genie which cannot be put back in a bottle.
Even if the United States entirely dismantles the NSA’s surveillance programs, other countries will now build their own and probably already have. The question going forward is not whether these tools should exist. It is how to control them while safeguarding essential liberties.
Preventing the abuse of the surveillance apparatus for personal gain or political power will be the story of the coming decades.
It’s impossible to know the long term effects of bulk surveillance tools today. But in the short term we are already seeing the fallout: the erosion of trust, both in government, in tech corporations and in the technology of the internet itself. The internet, the most important tool for economic growth and technological innovation of the past few decades, is built on trust. This open philosophy has enabled its wild, unfettered growth. But Snowden’s revelations have undermined that trust.
Private companies like Google and Facebook have been the gatekeepers of the open internet. Networking companies like Cisco have built the internet’s backbone. But we now know that the government goes in through front doors and back doors to access all the information we give to Google and Facebook. And the hardware that Cisco and other companies build has vulnerabilities intentionally built into it to give the government access to the data flowing through it.
The implication for other countries is immediate and dire: to use Google’s search, Facebook’s social network or Cisco’s routers is to hand your information over to the American government. Therefore, other countries will race to develop their own, safer, controlled search engines, social networks and network infrastructure. American technology companies will be hurt, badly. In the long term this is likely to lead to the Balkanization of the internet, as global inter-connectivity gives way to local, nationalized networks.
We already see this happening with non-democratic, authoritarian regimes. These developments will make this approach more attractive to democratic governments as well.
Revelations that the US has spied on nominal allies like Brazil, France, Germany and Spain have sparked predictable outrage from those countries. But its extremely likely that those countries have developed or are developing surveillance capabilities similar to the NSA.
And almost certainly there is some level of information exchange going on between the intelligence organizations of allied countries. We already know that the NSA and Britain’s GCHQ have a close working relationship. Among other advantages, relationships between intelligence agencies allow the agencies to off-load some of the more odious aspects of their surveillance while maintaining plausible deniability.
Re-thinking Edward Snowden
This is extremely short-sighted.
The NSA and other agencies may have found ways to scoop up private information en masse from the internet, but they have not stopped the internet from doing what it does best: spreading information. In the 21st century, the music and film industries have learned the hard way that the spread of data is virtually impossible to control. If you attempt, for instance, to release a film in one territory but not another, viewers in the excluded territory will simply download it for free. Albums by popular artists invariably leak before their official release dates.
The government appears to have believed it could keep its secrets forever, or at least long enough that it wouldn't matter. Any record exec could have told them differently: it was only a matter of time before those secrets leaked.
If leaks were inevitable, Edward Snowden may actually have been the best possible leaker the government could hope for. Young, American, ostensibly patriotic and certainly not leaning towards leftist politics, he has overseen the release of information in a way that has not compromised the identities of embedded agents or revealed the targets of anti-terror intelligence gathering operations. Snowden claims that his goal is to reform US intelligence agencies, not tear them down.
Compare this to the WikiLeaks document dumps where un-redacted State Department cables were accidentally released into the wild. Snowden and his journalist contacts have learned their lessons from WikiLeaks. The NSA documents have mostly been leaked as news stories, with very few of the original sources (believed to be up to 20,000 separate classified documents) surfacing.
But that wouldn’t even begin to compare to an infiltration by a foreign agents. In the worst case scenario, a hostile intelligence agency could turn the NSA’s own tools against it, completely compromising their operations without them knowing. Indeed, we have no way of knowing that this hasn’t happened.
The NSA has tapped into trunk-lines, siphoned up emails and bugged the cellphones of foreign dignitaries. Who is to say that someone else hasn’t done the same thing to them?
The greatest damage Snowden’s leaks appear to have done is to the reputation of the NSA and the US government. But in many cases the government has undertaken actions without any consideration of the risk of those actions coming to light. For instance, the NSA tapped the cell phone of the German prime minister, Angela Merkel, an action that probably yielded little useful intelligence. Yet its revelation has had disastrous political ramifications. Is this Snowden’s fault for revealing it, or the NSA’s for undertaking it without considering the risks?
Once again, the availability of advanced surveillance technology has lead inevitably to its use, without any consideration for the consequences.
It is clear that within the bureaucracy of the intelligence community there has been a headlong rush to get their hands on every piece of data possible. Not just the NSA, but the FBI, the CIA and even the DEA are making use of bulk surveillance data. This has lead to the creation of a vast surveillance apparatus with very little real oversight. There was next to no discussion of the ramifications of this apparatus in terms of its political consequences, its threat to personal liberties, its potential economic impacts, or its dangers to our own national security.
At least, there was no discussion until June 2013.
The story of the 21st century may well prove to be the story of our attempts to control the myriad tools that now exist for monitoring our activities, our speech, our purchases and our friends.We have, in a sense, submitted to constant surveillance by a myriad of phones, tablets, laptops, web cams, CCTVs and other devices. In an eerie echo of 1984, even our TVs have the capability to spy on us. And the US government has taken full advantage of this.
In the pre-Snowden world, if you had told this writer that the government might be spying on him through his television, he would have written you off as a paranoid. Now he knows better. Thanks to Edward Snowden, we all know better.
This brave new world will have dangers unlike any we have faced before. We need to discuss it rather than heedlessly plunging into it without considering the consequences. In 2013, Edward Snowden started that conversation.
For that, we should thank him.
* This is just a partial list. At this point, it's safe to assume that if personal information is available in digital form, the NSA is collecting it.
Thursday, October 3, 2013
The first story is that the FBI has taken the notorious hidden web site The Silk Road offline and captured the man who allegedly operated it, Ross Ulbricht, aka The Dread Pirate Roberts.
The Silk Road was an interesting experiment in running a fully encrypted, anonymous online marketplace. Users wishing to connect to it had to do so through TOR, which encrypts all its users communications and reroutes them through a series of nodes so that they can't be traced. Then they had to follow a rabbit trail of arcane websites to find it (Google will not take you to The Silk Road). Finally, once connected all transactions were conducted in Bitcoins, a private digital currency which is difficult to trace.
Underneath all its elaborate security precautions, though, The Silk Road was basically EBay for drugs. The vast majority of its users used it to buy illegal drugs from anonymous dealers, who then sent their illicit purchases via the postal system. The Silk Road, and by extension The Dread Pirate Roberts, took a cut of each transaction.
Predictably this drew the attention of the US federal government, specifically the FBI. While the startling leaks by whistle-blower Edward Snowden have revealed the vast hacking and data-mining resources available to the feds, it appears that Ross Ulbricht was undone primarily by sloppiness in his own personal security, sloppiness that was exploited by good-old-fashioned police work.
Ars Technica has the best coverage of the story which involves not just one but two murder-for-hire schemes.
Encrypted email provider Lavabit shut down on August 8 without warning. Owner Ladar Levison left a cryptic message saying that to continue operations would be 'to become complicit in crimes against the American people'. In follow-up interviews he indicated that he was legally forbidden from elaborating further. Because Edward Snowden had a Lavabit email account, many people surmised that Levison had been secretly contacted by the authorities and forced to hand over access to Snowden's emails.
Lavabit was built with an encryption scheme that allowed only an email's sender and its recipient to share the keys. Even if Lavabit itself traced the emails it would not be able to read their content.
In a court order unsealed today we learn that the government asked Lavabit to do just that: modify the code of his own website so that he could snoop on the emails of just one user, Edward Snowden. When the resulting emails were shown to be useless because they were encrypted, the government then ordered Ladar Levison to turn over the SSL encryption key for the entire system, which would have effectively granted them access to the private, encrypted emails of every Lavabit user.
When Levison did not immediately comply, the judge overseeing the case ordered that he be fined $5,000/day until he handed over electronic copies of the keys. It was at that point that Levison decided to shut down Lavabit.
To sum up, the US government required a private citizen to reverse engineer his company's security scheme against his will and provide blanket access to all of its encrypted communications or face large fines and possible jail time. Oh, and he couldn't tell anyone about it.
Wired has the whole story. Following the unsealing of the court documents, Levison has issued a press release on his Facebook page. Levison has now lost his primary source of income and is asking for donations to fund an appeal to the Fourth Circuit courts.
Tuesday, April 30, 2013
- Did 'self-complexity' allow alleged Boston Marathon bomber Dzhokhar Tsarnaev to hide his terrorist leanings from others?
- Keeping it in the family - why cousin marriage is more common in less democratic states (here is John Green on famous people who married their first cousin).
- Get your Stat Geek on as Steven Wolfram breaks down the demographics of Facebook. If you want to volunteer all your personal FB data for science, you can get the Wolfram-Alpha app here.
- The Underwear Effect - why people text message in the language they are most comfortable in.
- On being the only black guy at the indie rock show.
- Google shutting down Google Reader begs the question: would the government ever nationalize Google?
- Content filtering is censorship. Marketing is propaganda. Personalized marketing is surveillance. The IT industry as a tool of oppressive government.
- Hear Alexander Graham Bell speak.
- "The Lancet wishes to correct, after an unduly prolonged period of reflection... it's obituary of Dr. John Snow" - Dr. Snow, who identified the method of transmission of the cholera epidemic, died in 1858.
- Why do bulls get better at fighting bull-fighters, but whales do not get better at fighting whalers? Interesting (but long) article on Moby Dick, Hemmingway, sociology and biology.
- Mexican eco-terrorists declare war on nanotechnology - I guess it's a preemptive strike?
Thursday, March 21, 2013
Will this great, free new service stick around? Will Google keep Google Keep? Or will it eventually get the axe?
The WaPo faces the same problem:
We're starting to see the dark side of 'free' services. Because we're not paying customers for these services, companies like Google have no incentive to keep them running when they wear out their welcome or some Google exec decides on a whim to put the axe to them.
Thursday, March 14, 2013
it will be shuttering Google Reader:
We have just announced on the Official Google Blog that we will soon retire Google Reader (the actual date is July 1, 2013). We know Reader has a devoted following who will be very sad to see it go. We’re sad too.The problem is, there is no alternate feed reading solution. Google Reader has become the alpha and omega of RSS feed aggregation.
There are two simple reasons for this: usage of Google Reader has declined, and as a company we’re pouring all of our energy into fewer products. We think that kind of focus will make for a better user experience.
To ensure a smooth transition, we’re providing a three-month sunset period so you have sufficient time to find an alternative feed-reading solution.