Monday, March 17, 2014

Links of the Future

Greetings traveler, and welcome to Monday, March 17, 2014. Medical science will some day instantly diagnose disease, cure illnesses painlessly and make us smarter and fitter human beings. Someday. In the mean time, we have this:
Also, there's bad news for corporate good old boys: booth babes don't work. And, infrequently asked questions: are there any super bad-ass Catholic weapons? And, you can't dig a tunnel straight through the earth and come out in China. This map shows why.

Friday, January 31, 2014

Links of the Future

Greetings, traveler, and welcome to Friday, January the 31st 2014. Technology is doing weird stuff to us, traveler. Weird stuff.
In case that wasn't silly enough for you, here are cats taking selfies. Also, a hilarious write-up of the latest questionable Japanese invention: a bra that can only be opened by 'true love'.

Sunday, January 12, 2014

Should Genetic Testing Be Required After Successful Fertility Treatments?

That's the question one family is asking after learning that their daughter Ashley is genetically unrelated to her father Jeff. Accidental specimen mix up at the University of Utah fertility clinic where Ashley was conceived? Nope. It appears to have been the deliberate work of a troubled but intelligent clinic employee named Tom Lippert.
Paula discovered that after marrying his third wife and being released from prison, Tom had lived in Minnesota for a few years. He eventually moved to Salt Lake City, taking classes at BYU, and his first job was working in the Reproductive Technologies fertility clinic where he was employed for nine years from 1986-1995. This begs the question: Could he have fathered hundreds of children? Paula realized that those dozens of photos that Tom so proudly displayed behind his desk may have been his biological children.
You can read the whole, bizarre saga here. The story appears on a geneology and genetic testing website and has a strong slant in favor of services like 23andMe, but is fascinating nonetheless.

The University of Utah's refusal to follow up on the Lippert case and see if he may have surreptitiously fathered children for other clinic patients is troubling, to say the least.

Thursday, January 2, 2014

The Snowden Affair

The New World

The world changed in 2013. There was the time before Edward Snowden, and there was the time after Edward Snowden. We live in the time after, and we can never go back to the way things were.

On May 20th, 2013, Edward Snowden, a geeky young NSA contractor, boarded a flight from Hawaii to Hong Kong, knowing that he would probably never be able to return. Snowden had already sent some or all of a massive document cache to Glenn Greenwald at The Guardian and Barton Gelllmen at the Washington Post. Those documents described the inner workings of a suite of immense surveillance programs run by the NSA. By June 6, the Guardian and the Post had published their first stories on an NSA program named PRISM, designed to capture, in bulk, the internet activity of users around the globe; and another program which collected the metadata for all phone calls made in the US.

These would be only the first in a series of continuing revelations. Before Snowden, any one of these news stories on its own would have been front page news for weeks. But what has really been exceptional is that the stories have kept coming, headline after headline, a relentless onslaught of disturbing revelations. The waves of leaks have become a flood,  smashing to pieces our naive pre-Snowden view of the world. Before Edward Snowden we believed that people mostly go about their lives unsurveilled, unnoticed by the intelligence mechanisms of the state. Now we know the opposite is true.

The State of Surveillance

Western governments, spearheaded by the United States’ National Security Agency, are systematically vacuuming up the internet history, call logs, emails, Skype calls, IMs and GPS location of entire nations*. They siphon data from the corporations that control the internet; both overtly, via National Security Letters, and covertly, tapping into the data streams flowing between servers. Where information is encrypted, they work to break that encryption. They store all of this information in huge data centers. And once they have this data, they can search through it effortlessly.

This didn’t happen overnight of course. Like most sea changes, it was going on right under our noses for years. June of 2013 is simply when the public began to wake up to what had already happened.

For years, the conventional wisdom within IT circles was that although the government theoretically could conduct mass surveillance using the tools of the information age, in practice it would be swamped by the sheer volume of data. Even if the practical details could be ironed out, conventional wisdom said, it would be too sophisticated an operation for a government agency to undertake. To understand the reasoning here, one need only look at the hash the Department of Health and Human Services has recently made of the rollout.

But government agencies are not all alike, and the NSA is one of the world’s foremost employers of mathematicians and cryptographers, respected even by the private sector. Meanwhile, over the last fifteen years private companies like Google and IBM have invested extensively in tools that can make sense of vast reams of data. These tools have the capability to mine enormous quantities of information for correct answers to specific queries. The NSA simply borrowed these tools and modified them to meet its needs.

There’s nothing obviously sinister about a simple Google web search or IBM’s Watson beating Ken Jennings at Jeopardy. Yet these are the foundational technologies that the NSA’s surveillance apparatus is built on. They have enabled the government to build a bulk surveillance system that made the contents of every email sent around the globe available to NSA operatives at a keystroke.

As a bonus to the NSA, those same companies don't simply develop tools, they provide services to the world's internet users. Billions of searches go through Google. The bulk of all emails are sent from Google, Microsoft and Yahoo addresses. People map out their social connections on Facebook. And the NSA has front door and back door access to all this data.

The NSA can do much more than passively scoop up data - they also have sophisticated tools of spycraft for targeting individual systems.Targeted hacks are known as Tailored Access Operations (TAO). NSA hackers can take advantage of the NSA’s collection of publicly un-identified software exploits, which the agency apparently purchases on the black market (the vulnerable software companies are not informed). Or they might just intercept that new computer you ordered and bug your USB cables.

Of course TAO is closer to the kind of activity people might expect of the NSA, targeted operations designed to conduct surveillance on specific persons of interest. But the NSA has also helped tap cell phones and setup fake internet cafes to capture diplomatic secrets. It has used its on-the-ground operatives to tap into undersea cables and data trunklines between tech company servers. Apparently deciding its power to compel these companies to turn over data was too limited or slow, the NSA has compromised them in secret.

The idea of omnipresent government surveillance is not a new one. George Orwell famously presaged it in his novel 1984. But to call the NSA’s various programs ‘Orwellian’ is actually selling them short, as Snowden himself noted: “The types of collection in [Orwell's] book—microphones and video cameras, TVs that watch us—are nothing compared to what we have available today. We have sensors in our pockets that track us everywhere we go. “

The Machine in the television show Person of Interest is perhaps closer to the mark on surveillance tech: it listens to phone calls, watches CCTV cameras and tracks cell phones to identify threats. But Person’s fictional Machine is a black box that cannot be accessed by the government or any other third party. The NSA operates under no such restrictions.

In his book on the end of World War II, Retribution, Max Hastings notes that President Truman never gave an order to drop the atomic bomb on Japan. Undoubtedly he could have given an order to stop it, but he did not, despite private misgivings. It seems that once we had the bomb, it was inevitable that we would use it on our enemies.

There is a lesson to be learned here about bureaucracy and technology.

The Bomb

Neither George W. Bush or Barack Obama, as far as we know, every instructed the intelligence community to build a surveillance state. But the tools were available, and after 9/11 the need was there, so it simply happened. And no one gave the order to stop it.

Some of the Snowden papers have revealed that the NSA tapped the cellphones of allied leaders and collected bulk data on friendly nations. The political fallout from these revelations has been substantial. The question has been asked, “Why would they do this?” The answer is simple: because they could, and no one told them not to.

The development and use of atomic weapons lead directly to the Cold War, which had an outsized effect on geopolitical events for the next forty years. Like atomic weaponry, the existence of bulk surveillance technology is a genie which cannot be put back in a bottle.

Even if the United States entirely dismantles the NSA’s surveillance programs, other countries will now build their own and probably already have. The question going forward is not whether these tools should exist. It is how to control them while safeguarding essential liberties.

Remember, during the 2012 presidential campaign there is no question that the government must have collected data on President Obama's opponent, Mitt Romney, in its bulk data sweeps. There is no evidence that this information was used, but it was there. Preventing the abuse of the surveillance apparatus for personal gain or political power will be the story of the coming decades.

It’s impossible to know the long term effects of bulk surveillance tools today. But in the short term we are already seeing the fallout: the erosion of trust, both in government, in tech corporations and in the technology of the internet itself. The internet, the most important tool for economic growth and technological innovation of the past few decades, is built on trust. This open philosophy has enabled its wild, unfettered growth. But Snowden’s revelations have undermined that trust.

Private companies like Google and Facebook have been the gatekeepers of the open internet. Networking companies like Cisco have built the internet’s backbone. But we now know that the government goes in through front doors and back doors to access all the information we give to Google and Facebook. And the hardware that Cisco and other companies build has vulnerabilities intentionally built into it to give the government access to the data flowing through it.

The implication for other countries is immediate and dire: to use Google’s search, Facebook’s social network or Cisco’s routers is to hand your information over to the American government. Therefore, other countries will race to develop their own, safer, controlled search engines, social networks and network infrastructure. American technology companies will be hurt, badly. In the long term this is likely to lead to the Balkanization of the internet, as global inter-connectivity gives way to local, nationalized networks.

We already see this happening with non-democratic, authoritarian regimes. These developments will make this approach more attractive to democratic governments as well.

Revelations that the US has spied on nominal allies like Brazil, France, Germany and Spain have sparked predictable outrage from those countries. But its extremely likely that those countries have developed or are developing surveillance capabilities similar to the NSA.

And almost certainly there is some level of information exchange going on between the intelligence organizations of allied countries. We already know that the NSA and Britain’s GCHQ have a close working relationship. Among other advantages, relationships between intelligence agencies allow the agencies to off-load some of the more odious aspects of their surveillance while maintaining plausible deniability.

Re-thinking Edward Snowden

Some people see Edward Snowden as a traitor for revealing these kinds of ‘national security secrets’. In their view, no one was being harmed by these programs except for ‘bad guys’. The revelation of the existence of these programs has caused the real harm, not the programs themselves.

This is extremely short-sighted.

The NSA and other agencies may have found ways to scoop up private information en masse from the internet, but they have not stopped the internet from doing what it does best: spreading information. In the 21st century, the music and film industries have learned the hard way that the spread of data is virtually impossible to control. If you attempt, for instance, to release a film in one territory but not another, viewers in the excluded territory will simply download it for free. Albums by popular artists invariably leak before their official release dates.

The government appears to have believed it could keep its secrets forever, or at least long enough that it wouldn't matter. Any record exec could have told them differently: it was only a matter of time before those secrets leaked.

If leaks were inevitable, Edward Snowden may actually have been the best possible leaker the government could hope for. Young, American, ostensibly patriotic and certainly not leaning towards leftist politics, he has overseen the release of information in a way that has not compromised the identities of embedded agents or revealed the targets of anti-terror intelligence gathering operations. Snowden claims that his goal is to reform US intelligence agencies, not tear them down.

Compare this to the WikiLeaks document dumps where un-redacted State Department cables were accidentally released into the wild. Snowden and his journalist contacts have learned their lessons from WikiLeaks. The NSA documents have mostly been leaked as news stories, with very few of the original sources (believed to be up to 20,000 separate classified documents) surfacing.

If Snowden had been a radical activist similar to Chelsea (nee Bradley) Manning he would not have been so circumspect about what documents he released, likely causing real, harmful damage to intelligence operations and operatives.

But that wouldn’t even begin to compare to an infiltration by a foreign agents. In the worst case scenario, a hostile intelligence agency could turn the NSA’s own tools against it, completely compromising their operations without them knowing. Indeed, we have no way of knowing that this hasn’t happened.

The NSA has tapped into trunk-lines, siphoned up emails and bugged the cellphones of foreign dignitaries. Who is to say that someone else hasn’t done the same thing to them?

The greatest damage Snowden’s leaks appear to have done is to the reputation of the NSA and the US government. But in many cases the government has undertaken actions without any consideration of the risk of those actions coming to light. For instance, the NSA tapped the cell phone of the German prime minister, Angela Merkel, an action that probably yielded little useful intelligence. Yet its revelation has had disastrous political ramifications. Is this Snowden’s fault for revealing it, or the NSA’s for undertaking it without considering the risks?

Once again, the availability of advanced surveillance technology has lead inevitably to its use, without any consideration for the consequences.

It is clear that within the bureaucracy of the intelligence community there has been a headlong rush to get their hands on every piece of data possible. Not just the NSA, but the FBI, the CIA and even the DEA are making use of bulk surveillance data. This has lead to the creation of a vast surveillance apparatus with very little real oversight. There was next to no discussion of the ramifications of this apparatus in terms of its political consequences, its threat to personal liberties, its potential economic impacts, or its dangers to our own national security.

At least, there was no discussion until June 2013.

The story of the 21st century may well prove to be the story of our attempts to control the myriad tools that now exist for monitoring our activities, our speech, our purchases and our friends.We have, in a sense, submitted to constant surveillance by a myriad of phones, tablets, laptops, web cams, CCTVs and other devices. In an eerie echo of 1984, even our TVs have the capability to spy on us. And the US government has taken full advantage of this.

In the pre-Snowden world, if you had told this writer that the government might be spying on him through his television, he would have written you off as a paranoid. Now he knows better. Thanks to Edward Snowden, we all know better.

This brave new world will have dangers unlike any we have faced before. We need to discuss it rather than heedlessly plunging into it without considering the consequences. In 2013, Edward Snowden started that conversation.

For that, we should thank him.

* This is just a partial list. At this point, it's safe to assume that if personal information is available in digital form, the NSA is collecting it.

Thursday, October 3, 2013

Your Digital Crime & Punishment Blotter

The story of the government shutdown has overshadowed virtually all other news recently, but two major stories from the digital realm have broken this week.

The first story is that the FBI has taken the notorious hidden web site The Silk Road offline and captured the man who allegedly operated it, Ross Ulbricht, aka The Dread Pirate Roberts.

The Silk Road was an interesting experiment in running a fully encrypted, anonymous online marketplace. Users wishing to connect to it had to do so through TOR, which encrypts all its users communications and reroutes them through a series of nodes so that they can't be traced. Then they had to follow a rabbit trail of arcane websites to find it (Google will not take you to The Silk Road). Finally, once connected all transactions were conducted in Bitcoins, a private digital currency which is difficult to trace.

Underneath all its elaborate security precautions, though, The Silk Road was basically EBay for drugs. The vast majority of its users used it to buy illegal drugs from anonymous dealers, who then sent their illicit purchases via the postal system. The Silk Road, and by extension The Dread Pirate Roberts, took a cut of each transaction.

Predictably this drew the attention of the US federal government, specifically the FBI. While the startling leaks by whistle-blower Edward Snowden have revealed the vast hacking and data-mining resources available to the feds, it appears that Ross Ulbricht was undone primarily by sloppiness in his own personal security, sloppiness that was exploited by good-old-fashioned police work.

Ars Technica has the best coverage of the story which involves not just one but two murder-for-hire schemes.

The second story is a more troubling revelation about the extent of the federal government's overreach into personal privacy.

Encrypted email provider Lavabit shut down on August 8 without warning. Owner Ladar Levison left a cryptic message saying that to continue operations would be 'to become complicit in crimes against the American people'. In follow-up interviews he indicated that he was legally forbidden from elaborating further. Because Edward Snowden had a Lavabit email account, many people surmised that Levison had been secretly contacted by the authorities and forced to hand over access to Snowden's emails.

Lavabit was built with an encryption scheme that allowed only an email's sender and its recipient to share the keys. Even if Lavabit itself traced the emails it would not be able to read their content.

In a court order unsealed today we learn that the government asked Lavabit to do just that: modify the code of his own website so that he could snoop on the emails of just one user, Edward Snowden. When the resulting emails were shown to be useless because they were encrypted, the government then ordered Ladar Levison to turn over the SSL encryption key for the entire system, which would have effectively granted them access to the private, encrypted emails of every Lavabit user.

When Levison did not immediately comply, the judge overseeing the case ordered that he be fined $5,000/day until he handed over electronic copies of the keys. It was at that point that Levison decided to shut down Lavabit.

To sum up, the US government required a private citizen to reverse engineer his company's security scheme against his will and provide blanket access to all of its encrypted communications or face large fines and possible jail time. Oh, and he couldn't tell anyone about it.

Wired has the whole story. Following the unsealing of the court documents, Levison has issued a press release on his Facebook page. Levison has now lost his primary source of income and is asking for donations to fund an appeal to the Fourth Circuit courts.

Tuesday, April 30, 2013

Links of the Future

Welcome to Tuesday, April 30th 2013, traveler. It's two weeks since the Boston Marathon bombing vividly illustrated the way that our shrinking world causes far-flung cultures, ideologies and histories to collide.
Here are pictures of big cats acting like house cats. A brilliant tumblr: The Dictionary of Obscure Sorrows.

Thursday, March 21, 2013

Can I Trust Google?

Google is rolling out a new service today, "Google Keep," which promises to be a direct competitor to EverNote and ties into Google Drive, which I already use. And as always, it's free. Sounds like a great deal, right? But as I think about giving it a spin, I have a twinge of misgiving. It's a new feeling: doubt. Can I trust Google?

Will this great, free new service stick around? Will Google keep Google Keep? Or will it eventually get the axe?

The WaPo faces the same problem:

Google now has a clear enough track record of trying out, and then canceling, “interesting” new software that I have no idea how long Keep will be around. When Google launched its Google Health service five years ago, it had an allure like Keep’s: here is the one place you could store your prescription info, test readings, immunizations, and so on and know that you could get at them. That’s how I used it — until Google cancelled this “experiment” last year. Same with Google Reader, and all the other products in the Google Graveyard that Slate produced last week.
And if there’s even a 25 percent chance that Google Keep will be canceled in two years, do you really want to be the sucker who spent endless hours organizing your life around it?
Now, most people don’t use Google Reader, or even know it’s being canceled. Same for Google Wave, Google Buzz, Google Health and Picnik, and all the rest of the beloved little apps that have been sent to that cloud above the cloud, where data is stored forever and servers never overload. This is a pained whine emanating almost exclusively from Google power users.
Most people, however, also aren’t the sort of early adopters who will rush to download Google Keep. But Fallows is that kind of early adopter. So am I. And Google needs early adopters. They need weirdos to rush to download their new apps, try them out, offer feedback, and, ultimately, proselytize to their friends. And I do all that! For instance, have you ever tried using Sleep Cycle? This isn’t an early adopter thing — the app has been around for awhile — but I just started using it and am now annoying everyone I know badgering them to try waking up to Sleep Cycle. It’ll change your life.
But I’m not sure I want to be a Google early adopter anymore. I love Google Reader. And I used to use Picnik all the time. I’m tired of losing my services.
We're starting to see the dark side of 'free' services. Because we're not paying customers for these services, companies like Google have no incentive to keep them running when they wear out their welcome or some Google exec decides on a whim to put the axe to them.