Want to network your Jeep Cherokee? Try smoke signals: they’re safer

This morning’s Observer column:

‘‘Jeep Cherokee hacked in demo; Chrysler owners urged to download patch”, was the heading on an interesting story last week. “Just imagine,” burbled the report, “one moment you’re listening to some pleasant pop hits on the radio, and the next moment the hip-hop station is blasting at full volume – and you can’t change it back! This is just one of the exploits of Charlie Miller and Chris Valasek … when they hacked into a Jeep Cherokee. They were able to change the temperature of the air conditioning, turn on the windshield wipers and blast the wiper fluid to blur the glass, and even disable the brakes, turn off the transmission, take control of the steering, and display their faces onto the dashboard’s screen.”

In some ways, this was an old story: cars have been largely governed by electronics since the 1980s, and anyone who controls the electronics controls the car. But up to now, the electronics have not been connected to the internet. What makes the Jeep Cherokee story interesting is that its electronics were hacked via the internet. And that was possible because internet connectivity now comes as a consumer option – Uconnect – from Chrysler.

If at this point you experience a sinking feeling, then join the club. So let us return to first principles for a moment…

Read on

LATER: Chrysler has issued a recall for 1.4 million vehicles as a result of the hacking revelations.

You don’t say

Well, well. The New York Times is reporting that the penny may have finally dropped in Washington:

WASHINGTON — American officials are concerned that the Chinese government could use the stolen records of millions of federal workers and contractors to piece together the identities of intelligence officers secretly posted in China over the years.

The potential exposure of the intelligence officers could prevent a large cadre of American spies from ever being posted abroad again, current and former intelligence officials said. It would be a significant setback for intelligence agencies already concerned that a recent data breach at the Office of Personnel Management is a major windfall for Chinese espionage efforts.

The big heist

OK. If you want a really big story, then this is it:

WASHINGTON — The Obama administration on Thursday revealed that 21.5 million people were swept up in a colossal breach of government computer systems that was far more damaging than initially thought, resulting in the theft of a vast trove of personal information, including Social Security numbers and some fingerprints.

Every person given a government background check for the last 15 years was probably affected, the Office of Personnel Management said in announcing the results of a forensic investigation of the episode, whose existence was known but not its sweeping toll.

The agency said hackers stole “sensitive information,” including addresses, health and financial history, and other private details, from 19.7 million people who had been subjected to a government background check, as well as 1.8 million others, including their spouses and friends. The theft was separate from, but related to, a breach revealed last month that compromised the personnel data of 4.2 million federal employees, officials said.

Both attacks are believed to have originated in China, although senior administration officials on Thursday declined to pinpoint a perpetrator, except to say that they had indications that the same actor carried out the two hacks.

The breaches constitute what is apparently the largest cyberattack into the systems of the United States government, providing a frightening glimpse of the technological vulnerabilities of federal agencies that handle sensitive information. They also seemed certain to intensify debate in Washington over what the government must do to address its substantial weaknesses in cybersecurity, long the subject of dire warnings but seldom acted upon by agencies, Congress or the White House.

Note the phrase “other private details, from 19.7 million people who had been subjected to a government background check”.

Software as a black box

From Good Morning Silicon Valley

In what has become an increasingly familiar ritual, Google said this week that it was “appalled and genuinely sorry” after its new Google Photos image-recognition software labeled a Brooklyn computer programmer and his friend — both of them black — as “gorillas.”

Magna Quacka

Magna_Quacka

Sick of the appropriation of Magna Carta by clueless and authoritarian British governments? So am I. And so is Tom Ginsburg:

Magna Carta has everything going for it to be venerated in the United States: It is old, it is English and, because no one has actually read the text, it is easy to invoke to fit current needs. A century ago, Samuel Gompers referred to the Clayton Act as a Magna Carta for labor; more recently the National Environmental Protection Act has been called an “environmental Magna Carta.” Judges, too, cite Magna Carta with increasing frequency, in cases ranging from Paula Jones’s suit against Bill Clinton to the pleas of Guantánamo detainees. Tea Party websites regularly invoke it in the battle against Obamacare.

Americans aren’t alone in revering Magna Carta. Mohandas K. Gandhi cited it in arguing for racial equality in South Africa. Nelson Mandela invoked it at the trial that sent him to prison for 27 years. We are not the only ones, it seems, willing to stretch old legal texts beyond their original meaning. Like the Holy Grail, the myth of Magna Carta seems to matter more than the reality.

PS You can buy the Magna Quacka rubber duck from — I kid you not — the British Library.
PPS The Economist takes it seriously, though.

“ISIS Is Winning the Social Media War”

… is the headline on a NYT story. Well, of course it is, given what we now know as a result of a leaked State Department memo which gives a frank assessment of the fiasco so far.

WASHINGTON — An internal State Department assessment paints a dismal picture of the efforts by the Obama administration and its foreign allies to combat the Islamic State’s message machine, portraying a fractured coalition that cannot get its own message straight.

The assessment comes months after the State Department signaled that it was planning to energize its social media campaign against the militant group. It concludes, however, that the Islamic State’s violent narrative — promulgated through thousands of messages each day — has effectively “trumped” the efforts of some of the world’s richest and most technologically advanced nations.

It also casts an unflattering light on internal discussions between American officials and some of their closest allies in the military campaign against the militants. A “messaging working group” of officials from the United States, Britain and the United Arab Emirates, the memo says, “has not really come together.”

“The U.A.E. is reticent, the Brits are overeager, and the working group structure is confusing,” the memo says. “When we convened meetings with our counterparts, I am certain we all heard about various initiatives for the first time.”

The trouble with science

From an article by the Editor of The Lancet after attending a symposium last week on the reproducibility and reliability of biomedical research organised by the Wellcome Trust.

“The case against science is straightforward: much of the scientific literature, perhaps half, may simply be untrue. Afflicted by studies with small sample sizes, tiny effects, invalid exploratory analyses, and flagrant conflicts of interest, together with an obsession for pursuing fashionable trends of dubious importance, science has taken a turn towards darkness. As one participant put it, “poor methods get results”. The Academy of Medical Sciences, Medical Research Council, and Biotechnology and Biological Sciences Research Council have now put their reputational weight behind an investigation into these questionable research practices. The apparent endemicity of bad research behaviour is alarming. In their quest for telling a compelling story, scientists too often sculpt data to fit their preferred theory of the world. Or they retrofit hypotheses to fit their data. Journal editors deserve their fair share of criticism too. We aid and abet the worst behaviours. Our acquiescence to the impact factor fuels an unhealthy competition to win a place in a select few journals. Our love of “significance” pollutes the literature with many a statistical fairy-tale. We reject important confirmations. Journals are not the only miscreants. Universities are in a perpetual struggle for money and talent, endpoints that foster reductive metrics, such as high-impact publication. National assessment procedures, such as the Research Excellence Framework, incentivise bad practices.”

Criminality, banker style

Criminal_banks

From a New York Times editorial:

“As of this week, Citicorp, JPMorgan Chase, Barclays and Royal Bank of Scotland are felons, having pleaded guilty on Wednesday to criminal charges of conspiring to rig the value of the world’s currencies. According to the Justice Department, the lengthy and lucrative conspiracy enabled the banks to pad their profits without regard to fairness, the law or the public good.”

The Times goes on to point out, however, that besides the criminal label and the fines, nothing much has changed for the banks. In a memo to employees this week, the chief executive of Citi, Michael Corbat, called the criminal behavior “an embarrassment” — a euphemism for crime that wouldn’t pass muster if it were to be expressed by a person accused of benefit fraud, say.

“As a rule”, the Times continues,

“a felony plea carries more painful consequences. For example, a publicly traded company that is guilty of a crime is supposed to lose privileges granted by the Securities and Exchange Commission to quickly raise and trade money in the capital markets. But in this instance, the plea deals were not completed until the S.E.C. gave official assurance that the banks could keep operating the same as always, despite their criminal misconduct.”

Nor do regulators propose to investigate further, to see if individual members of the banks’ staffs can be identified as perpetrators of the crimes.

It stinks to high heaven. As usual.

More on this

Will Hutton: “Criminal bankers have brazenly milked the system. Let’s change it”
Observer Editorial: “Making bankers pay for their misdeeds”

The Internet as a mirror for human nature

From the Guardian today:

Hot_tech

I gave a lecture recently in Trinity College, Dublin, in which I said, en passant that the Net holds a mirror up to human nature and what we see in it is pretty unedifying. Items 1, 2 and 4 of this list of what the Guardian team regard as “hot tech stories” makes that point rather well, don’t you think?