A real quantum leap?

This is from the FT (behind a paywall) so it came to me via Charles Arthur’s invaluable The Overspill:

A paper by Google’s researchers seen by the FT, that was briefly posted earlier this week on a Nasa website before being removed, claimed that their processor was able to perform a calculation in three minutes and 20 seconds that would take today’s most advanced classical computer, known as Summit, approximately 10,000 years.

The researchers said this meant the “quantum supremacy”, when quantum computers carry out calculations that had previously been impossible, had been achieved.

“This dramatic speed-up relative to all known classical algorithms provides an experimental realisation of quantum supremacy on a computational task and heralds the advent of a much-anticipated computing paradigm,” the authors wrote.

“To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor.”

The system can only perform a single, highly technical calculation, according to the researchers, and the use of quantum machines to solve practical problems is still years away.

But the Google researchers called it “a milestone towards full-scale quantum computing”. They also predicted that the power of quantum machines would expand at a “double exponential rate”, compared to the exponential rate of Moore’s Law, which has driven advances in silicon chips in the first era of computing.

Interesting that the article was withdrawn so precipitously. But really significant if true. After all, current encryption methods are all based on the proposition that some computations are beyond the reach of conventional machines.

Zero-days and the iPhone

This morning’s Observer column:

Whenever there’s something that some people value, there will be a marketplace for it. A few years ago, I spent a fascinating hour with a detective exploring the online marketplaces that exist in the so-called “dark web” (shorthand for the parts of the web you can only get to with a Tor browser and some useful addresses). The marketplaces we were interested in were ones in which stolen credit card details and other confidential data are traded.

What struck me most was the apparent normality of it all. It’s basically eBay for crooks. There are sellers offering goods (ranges of stolen card details, Facebook, Gmail and other logins etc) and punters interested in purchasing same. Different categories of these stolen goods are more or less expensive. (The most expensive logins, as I remember it, were for PayPal). But the funniest thing of all was that some of the marketplaces operated a “reputation” system, just like eBay’s. Some vendors had 90%-plus ratings for reliability etc. Some purchasers likewise. Others were less highly regarded. So, one reflected, there really is honour among thieves.

But it’s not just credit cards and logins that are valuable in this underworld…

Read on

Want a job? There’s a great future in cybersecurity

From an interesting New Yorker piece by Sue Halpern:

There are currently more than three hundred thousand unfilled cybersecurity jobs in both government and the private sector in the United States alone. Worldwide, the number is expected to be three and a half million by 2021; that year, cybercrime is expected to cost six trillion dollars. Even the United States military is at risk, according to last year’s Defense Department Inspector General report, which found that insecure systems left the country susceptible to missile attacks. This year’s cybersecurity-readiness review of the Navy found that “competitors and potential adversaries have exploited [Department of the Navy] information systems, penetrated its defenses, and stolen massive amounts of national security” intellectual property. And, of course, as we now know, our elections, the essential engine of our democracy, are also poorly defended. “I don’t think any of us are questioning the fact that there is a lack of cybersecurity professionals across the board, in all different types of professions,” Emmel said.

Halpern’s piece was sparked by the fact that, this summer,

the N.S.A. is running a hundred and twenty-two cybersecurity camps across the country. There are camps for girls in South Dakota, Maryland, Puerto Rico, and South Carolina; a camp in Pennsylvania that simulates an airport hack; and one in Georgia that disarms a car hacking. On the last Monday in July, as news broke that a hundred million Capital One bank accounts had been breached, I attended Camp CryptoBot, at Pace University’s Westchester campus, the only cyber camp affiliated with the Navy. A few years ago, the camp director, Pauline Mosley, a professor of information technology, found herself sitting next to an admiral at a conference and used the opportunity to deploy her pre-digital networking skills.

GCHQ, are you listening?

Sheep, goats and hotel WiFi

This morning’s Observer column:

You’ve just arrived at the hotel after a delayed flight and a half-hour wrangle with the car-hire firm. And then you remember that you’ve forgotten to pay last month’s credit card bill, and there’ll be an interest charge if you wait until you’re back at base. But – hey! – you can do it online and help is at hand. The receptionist is welcoming and helpful. They have wifi and it’s free. Relieved, you ask for the password. “Oh, you don’t need one,” he replies. “Just type in your room number and click the box.”

Phew! Problem solved. Er, not necessarily. At this point the human race divides into two groups. Call them sheep and goats. Sheep are sweet, trusting folks who like to think well of their fellow humans. Surely that helpful receptionist would not knowingly offer a dangerous service. Also, they find digital technology baffling and intimidating. And they cannot imagine why anything they do online might be of interest to anyone.
2017’s top business stories: Whole Foods, hackers and a giant rabbit
Read more

Goats, on the other hand, have nasty, suspicious minds…

Read on

The significance of the WhatsApp hack

This morning’s Observer column:

When Edward Snowden broke cover in the summer of 2013 and a team of Guardian journalists met up with him in his Hong Kong hotel, he insisted not only that they switch off their mobile phones but also that they put the devices into a fridge. This precaution suggested that Snowden had some special insight into the hacking powers of the NSA, specifically that the agency had developed techniques for covertly taking over a mobile phone and using it as a tracking and recording device. To anyone familiar with the capabilities of agencies such as the NSA or GCHQ, this seemed plausible. And in fact, some years later, such capabilities were explicitly deemed necessary and permissible (as “equipment interference”) in the Investigatory Powers Act 2016.

When Snowden was talking to the reporters in Hong Kong, WhatsApp was a four-year-old startup with an honest business model (people paid for the app), about 200m active users and a valuation of $1.5bn. In February 2014, Facebook bought the company for $19bn and everything changed. WhatsApp grew exponentially to its present ubiquity: it has more than 1.5 billion users and has spread like a rash over the entire planet.

Among its attractions is that it offers users effortless end-to-end encryption for their communications, thereby enhancing their privacy…

Read on

The technical is political. Now what?

Bruce Schneier has been valiantly going on about this for a while. Once upon a time, digital technology didn’t have many social, political or democratic ramifications. Those days are over. Universities, companies, software engineers and governments need to think about this — and tool up for it. Here’s an excerpt from one of Bruce’s recent posts on the subject:

Technology now permeates society in a way it didn’t just a couple of decades ago, and governments move too slowly to take this into account. That means technologists now are relevant to all sorts of areas that they had no traditional connection to: climate change, food safety, future of work, public health, bioengineering.

More generally, technologists need to understand the policy ramifications of their work. There’s a pervasive myth in Silicon Valley that technology is politically neutral. It’s not, and I hope most people reading this today knows that. We built a world where programmers felt they had an inherent right to code the world as they saw fit. We were allowed to do this because, until recently, it didn’t matter. Now, too many issues are being decided in an unregulated capitalist environment where significant social costs are too often not taken into account.

This is where the core issues of society lie. The defining political question of the 20th century was: “What should be governed by the state, and what should be governed by the market?” This defined the difference between East and West, and the difference between political parties within countries. The defining political question of the first half of the 21st century is: “How much of our lives should be governed by technology, and under what terms?” In the last century, economists drove public policy. In this century, it will be technologists.

The future is coming faster than our current set of policy tools can deal with. The only way to fix this is to develop a new set of policy tools with the help of technologists. We need to be in all aspects of public-interest work, from informing policy to creating tools all building the future. The world needs all of our help.

Yep.

The cost of insecurity (not to mention of Windows XP)

From The Inquirer:

THE WANNACRY RANSOMWARE ATTACK cost the already cash-strapped NHS almost £100m, the Department of Health and Social Care (DHSC) estimates.

Until now, the financial damage caused by the sweeping cyber attack – which it’s now been revealed affected 8 per cent of GP clinics and forced the NHS to cancel 19,000 appointments – has been unclear, but the DHSC estimates in a new report that the total figure cost in at £92m.

WannaCry cost approximately £19 in lost output, while a whopping £73m was racked up in IT costs in the aftermath of the attack, according to the report. Some £72m was spent on restoring systems and data in the weeks after the attack struck.

“We recognise that at the time of the attack the focus would have been on patient care rather than working out what WannaCry was costing the NHS,” the report says.

Following the attack, the NHS has pledged to upgrade all of its systems to Windows 10 after it was found that the service’s outdated, and unpatched Windows XP and Windows 7 systems were largely to blame.

The great Chinese hardware hack: true or false?

This morning’s Observer column:

On 4 October, Bloomberg Businessweek published a major story under the headline “The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies”. It claimed that Chinese spies had inserted a covert electronic backdoor into the hardware of computer servers used by 30 US companies, including Amazon and Apple (and possibly also servers used by national security agencies), by compromising America’s technology supply chain.

According to the Bloomberg story, the technology had been compromised during the manufacturing process in China. Undercover operatives from a unit of the People’s Liberation Army had inserted tiny chips – about the size of a grain of rice – into motherboards during the manufacturing process.

The affected hardware then made its way into high-end video-compression servers assembled by a San Jose company called Supermicro and deployed by major US companies and government agencies…

Read on

Sweeping the Net for… [take your pick]

From Ron Deibert:

The LGBTQ news website, “Gay Today,” is blocked in Bahrain; the website for Greenpeace International is blocked in the UAE; a matrimonial dating website is censored in Afghanistan; all of the World Health Organization’s website, including sub-pages about HIV/AIDS information, is blocked in Kuwait; an entire category of websites labeled “Sex Education,” are all censored in Sudan; in Yemen, an armed faction, the Houthis, orders the country’s main ISP to block regional and news websites.

What’s the common denominator linking these examples of Internet censorship? All of them were undertaken using technology provided by the Canadian company, Netsweeper, Inc.

In a new Citizen Lab report published today, entitled Planet Netsweeper, we map the global proliferation of Netsweeper’s Internet filtering technology to 30 countries. We then focus our analysis on 10 countries with significant human rights, insecurity, or public policy issues in which Netsweeper systems are deployed on large consumer ISPs: Afghanistan, Bahrain, India, Kuwait, Pakistan, Qatar, Somalia, Sudan, UAE, and Yemen. The research was done using a combination of network measurement and in-country testing methods. One method involved scanning every one of the billions of IP addresses on the Internet to search for signatures we have developed for Netsweeper installations (think of it like an x-ray of the Internet).

National-level Internet censorship is a growing norm worldwide. It is also a big business opportunity for companies like Netsweeper. Netsweeper’s Internet filtering service works by dynamically categorizing Internet content, and then providing customers with options to choose categories they wish to block (e.g., “Matrimonial” in Afghanistan and “Sex Education” in Sudan). Customers can also create their own custom lists or add websites to categories of their own choosing.

Netsweeper markets its services to a wide range of clients, from institutions like libraries to large ISPs that control national-level Internet connectivity. Our report highlights problems with the latter, and specifically the problems that arise when Internet filtering services are sold to ISPs in authoritarian regimes, or countries facing insecurity, conflict, human rights abuses, or corruption. In these cases, Netsweeper’s services can easily be abused to help facilitate draconian controls on the public sphere by stifling access to information and freedom of expression.

While there are a few categories that some might consider non-controversial—e.g., filtering of pornography and spam—there are others that definitely are not. For example, Netsweeper offers a filtering category called “Alternative Lifestyles,” in which it appears mostly legitimate LGBTQ content is targeted for convenient blocking. In our testing, we found this category was selected in the United Arab Emirates and was preventing Internet users from accessing the websites of the Gay & Lesbian Alliance Against Defamation (http://www.glaad.org) and the International Foundation for Gender Education (http://www.ifge.org), among many others. This kind of censorship, facilitated by Netsweeper technology, is part of a larger pattern of systemic discrimination, violence, and other human rights abuses against LGBTQ individuals in many parts of the world.

According to the United Nations Guiding Principles on Business and Human Rights, all companies have responsibilities to evaluate and take measures to mitigate the negative human rights impacts of their services on an ongoing basis. Despite many years of reporting and numerous questions from journalists and academics, Netsweeper still fails to take this obligation seriously.