Tuesday 21 April, 2020

If you need cheering up, how about this?

Link

One of the great comedians of his generation. I love his epitaph: “I told you I was ill”.


Politico’s daily summary

One of the joys (well, sometimes) of my early morning is finding Politico’s daily London Playbook (i.e. newsletter) by Jack Blanchard in my inbox. This is how it opens today:

THEY’RE BACK! Parliament returns today from its extended Easter recess to lead a country utterly changed from just one month before. When the House rose on March 25, Britain had been in lockdown for less than 48 hours, and fewer than 500 U.K. citizens had died from COVID-19. Boris Johnson was still running the country and a picture of jovial health; Jeremy Corbyn was leader of the opposition and taking part in his final PMQs. The Premier League was due to resume from its brief hiatus on April 30, and most people thought “Zoom” was an ice lolly from 1986.

Fast-forward 4 weeks … and Zoom has become such a crucial part of our lives that MPs will be using it to hold debates in the Commons chamber as of tomorrow. More than 16,500 Britons have died from the illness; a fierce debate is underway about when to lift a lockdown now destroying the U.K. economy; Johnson is recuperating at Chequers after almost losing his life to COVID-19, and Keir Starmer is leading a Labour Party already plunged into fresh civil war. Dominic Raab has the nuclear codes in his pocket; Liverpool’s title charge has been suspended indefinitely, and NHS nurses have been dressing in bin bags after supplies of protective kit ran out. So MPs shouldn’t be short of things to talk about when proceedings get underway.

If you’re a politics junkie you can subscribe here


Zoom’s security woes were no secret to business partners like Dropbox

Well, well. On the day that the UK House of Commons ‘returns’ using Zoom (the House of Lords is apparently going to use a Microsoft system), the New York Times reports that Dropbox became so concerned about Zoom’s security holes that the company commissioned a number of hackers to find the holes, which they then reported to Zoom.

Zoom’s defenders, including big-name Silicon Valley venture capitalists, say the onslaught of criticism is unfair. They argue that Zoom, originally designed for businesses, could not have anticipated a pandemic that would send legions of consumers flocking to its service in the span of a few weeks and using it for purposes — like elementary school classes and family celebrations — for which it was never intended.

“I don’t think a lot of these things were predictable,” said Alex Stamos, a former chief security officer at Facebook who recently signed on as a security adviser to Zoom. “It’s like everyone decided to drive their cars on water.”

Motherboard is reporting that there are currently two Zoom zero-day exploits, one for Windows and one for MacOS, on the market.

And there’s a report that over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

But still…amphibious cars — now there’s a good idea!


Another previously-profitable business is suddenly defunct

The big in-person conferencing event is suddenly passé. As someone who has always loathed conferences, this troubles me not at all. But to those who are addicted to them, it’s obviously depressing news. Here’s one gloomy take on it all:

At the same time, it’s becoming increasingly clear that conferences won’t be returning to normal anytime soon. Mark Zuckerberg said Thursday that Facebook won’t host any events with 50 people or more until June 2021; Microsoft announced that it won’t be having in-person conferences until at least July 2021. California Gov. Gavin Newsom said this week that large gatherings in the state are “unlikely” until the availability of a coronavirus vaccine, and Los Angeles Mayor Eric Garcetti suggested that his city won’t see large-scale events until 2021. Some in the tech industry are already predicting that CES in January will be canceled, as well.

Brightcove’s Larsen acknowledged that she wouldn’t send her own team members to in-person events right now, adding: “Until there is a vaccine that works, it is going to be really hard to get 10,000 people together in a space.”

The trouble is that while Zoom and streaming technology can replace some of what people get from in-person gatherings, there are still things that will be missing. As Ben Evans says in his current newsletter:

Conferences are a bundle: the content (which works as video, mostly), but also the chance meetings & networking, and the meetings you book because everyone’s in town, and sometimes also a trade fair, and none of those work as video, far less a random text chat room. And if you do switch the in-person meeting in a hotel room in that particular city to a video call from across the world, why do you need to do it on that particular date? There’s a second wave of products to be created here, I suspect.


America’s ‘underlying conditions’

Terrific, long essay by George Packer, whose book [The Unwinding: Thirty Years of American decline] (https://amzn.to/3eF7fc6) set the scene for what the country is now experiencing. This is how the essay begins:

When the virus came here, it found a country with serious underlying conditions, and it exploited them ruthlessly. Chronic ills—a corrupt political class, a sclerotic bureaucracy, a heartless economy, a divided and distracted public—had gone untreated for years. We had learned to live, uncomfortably, with the symptoms. It took the scale and intimacy of a pandemic to expose their severity—to shock Americans with the recognition that we are in the high-risk category.

The crisis demanded a response that was swift, rational, and collective. The United States reacted instead like Pakistan or Belarus—like a country with shoddy infrastructure and a dysfunctional government whose leaders were too corrupt or stupid to head off mass suffering. The administration squandered two irretrievable months to prepare. From the president came willful blindness, scapegoating, boasts, and lies. From his mouthpieces, conspiracy theories and miracle cures. A few senators and corporate executives acted quickly—not to prevent the coming disaster, but to profit from it. When a government doctor tried to warn the public of the danger, the White House took the mic and politicized the message.

Every morning in the endless month of March, Americans woke up to find themselves citizens of a failed state. With no national plan—no coherent instructions at all—families, schools, and offices were left to decide on their own whether to shut down and take shelter. When test kits, masks, gowns, and ventilators were found to be in desperately short supply, governors pleaded for them from the White House, which stalled, then called on private enterprise, which couldn’t deliver. States and cities were forced into bidding wars that left them prey to price gouging and corporate profiteering. Civilians took out their sewing machines to try to keep ill-equipped hospital workers healthy and their patients alive. Russia, Taiwan, and the United Nations sent humanitarian aid to the world’s richest power—a beggar nation in utter chaos.

If you read nothing else today, read this.


Quarantine diary — Day 31

Link


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.


Wednesday 15 April, 2020

Using AI to find candidates for trying against COVID —

Er, for “AI” read machine learning. Usual mistake, but interesting nevertheless.

A team at BenevolentAI, a UK company that uses machine learning to aid drug discovery, had been searching through their database of all existing, approved drugs, searching for one that could be repurposed to treat the novel coronavirus. And according to this report they found one in just three days.

“Most drug companies had been looking at antiviral drugs, but we approached it from the other end and looked at what processes used by the virus could be disrupted,” said Peter Richardson, vice president of pharmacology at the company.

Protein kinases — enzymes that speed up chemical reactions in the body — seemed a promising area to look into. Some of these regulate the way substances can enter human cells — disrupt them, and the virus might be unable to get into the lung, heart and kidney cells it has been so prone to invading.

Baricitinib, a drug developed by Eli Lilley and approved in 2018, stood out because it not only inhibited kinases but also prevented the cytokine storms — the body’s own extreme autoimmune reactions that have led to so many fatalities with Covid-19. It was also likely to be compatible with other drugs being used to treat the disease, such as remdesivir. Richardson and a team of three part-time researchers identified an initial 370 kinase inhibitors, and then narrowed it down to six that looked most likely to work.

“It validated using AI for this kind of problem,” says Richardson. “It would have been impossible for the four of us to do it at that speed otherwise. If you took 250 people you still couldn’t do it at that pace because there would be too many competing ideas. You really can’t do it without an organised knowledge graph and the ability to query it.”

Interesting. I suppose they had to describe it as AI, given that the letters appear in the firm’s name. Benevolent Machine Learning doesn’t have the same ring to it.


How coronavirus almost brought down the global financial system

Another amazing long read from Adam Tooze, this time about how close the world came to a financial meltdown because of the Coronavirus. Most of it stuff I hadn’t known or understood. Tooze is a really phenomenal historian, with an astonishing grasp of how the finance industry works. * Crashed: How a Decade of Financial Crises Changed the World*, his history of the 2008 banking crisis, is terrific. And now he seems to be really on top of the Coronavirus crisis. I’ve been thinking that what we’re facing at the moment is what the world would have been like if the Spanish flu and the Great Depression had come together.

This essay, which is worth reading in full (requires a cup of coffee and some peace and quiet) is mainly about how the central bankers of the West succeeded — just — in avoiding a global meltdown. But it ain’t over yet. And most poor countries don’t have the resources — financial or professional — to deal with the virus.


Security for home workers

From Bruce Schneier’s blog.

When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems:

One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.

Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren’t protected by the organization’s security systems. This makes the data more likely to be hacked and stolen.

Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they’re either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.

Five, the general chaos of “doing things differently” is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can’t walk down the hall to confirm the email’s validity — and when everyone is distracted and so many other things are being done differently.

Worrying about network security seems almost quaint in the face of the massive health risks from COVID-19, but attacks on infrastructure can have effects far greater than the infrastructure itself.


After the analogue hammer, comes the data-driven dance.

From Sifted

“Coronavirus has reminded even the most conservative among us that there is a role for the state after all. No government can outsource their way through this test. Suddenly, the absence of data skills at the centre of government is a life and death issue. The hammer blows will decrease. As the dance begins, states must respond with agility, using public and private data. An era of central data units may emerge. Regulation for data registries and more powerful registrars seems certain as public trust in government data and a new locus for privacy and surveillance are all being tried and tested on a daily basis. This is one big A/B test for governments, whether democratic or autocratic. This may not be the internet founders’ much longed-for government 2.0 moment, but we are all in beta now.

The “hammer and the dance” metaphor is becoming a meme.


Why content moderators should be designated as key workers

Important paper from the Turing Institute arguing that, just now, the people who try to keep mis- and disinformation off social media should be regarded as part of the world’s critical infrastructure.

The current crisis surrounding COVID-19 has scaled up the challenge of content moderation, severely reducing supply and massively increasing demand. On the “supply side”, content moderators have, like other workers around the world, been told not to come into work. YouTube has already warned that, as a result, it will conduct fewer human reviews and openly admits it may make poor content takedown decisions.

On the “demand side”, the growth of the pandemic has seen an upsurge in the amount of time spent online. BT recently noted an increase in UK daytime traffic of 35-60%, and social networks report similar increases, particularly in their use for education, entertainment and even exercise. Sadly, harmful activity has increased too: Europol reports “increased online activity by those seeking child abuse material” and the World Health Organisation has warned of an emerging “infodemic” of pernicious health-related disinformation. Recently, concerns have been raised that false claims are circulating online about the role of 5G.

At a time when social media is desperately needed for social interaction, a widening gap is emerging between how much content moderation we need and how much can be delivered. As a result, AI is being asked do tasks for which it is not ready, with profound consequences for the health of online spaces. How should platforms, governments, and civil society respond to this challenge? Following Rahm Emmanuel’s exhortation to “never let a crisis go to waste,” we argue that, now that the challenges in content moderation have been exposed by the pandemic, it is time for a reset.

Yep.


Quarantine diary — Day 25

Link


his blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.


Sunday 5 April, 2020

Zoom needs to up its game — it’s playing in the big league now

This morning’s Observer column:

Then there’s the issue of security, and of encryption in particular.

“We take security seriously and we are proud to exceed industry standards when it comes to your organisation’s communications,” says the Zoom website. Any host of a meeting can “secure a meeting with end-to-end encryption”. Well, that’s not quite right, at least if by “end to end” you mean encryption where the service provider has no way of decrypting the content (as, say, with WhatsApp or Signal). The encryption on Zoom communications at the moment is the kind that protects your communications with any website with ‘https’ in its URL. But the content is unencrypted while it is passing through Zoom’s cloud servers.

There may be good reasons for this, but at the very least the company’s website shouldn’t be making exaggerated claims about encryption. It should privilege facts over marketing puffery.

And the moral of all this? Zoom is providing a service of real value in these desperate times, but it needs to grow up. It’s playing in the big league now.

Read on


It’s Zoom, Zoom, Zoom all day long

Rumours, facts, misunderstandings and hearsay about the supposed (in)security of Zoom conferencing has been rife for the last week. Lots of my friends and acquaintances have been asking me about it, in the (mistaken) belief that I know lots about it. I don’t. I only know what I read from trusted and knowledgeable sources.

The Citizen Lab report

Top of my list in this regard is the Citizen Lab at the Munk School of the University of Toronto. It was founded by Ron Deibert, who is a hero of mine, and has for years done sterling work on detecting and unearthing the tools that unscrupulous regimes and companies have developed for snooping on human rights activists, journalists and other good folks. They have now completed a pretty thorough investigation of the cryptographic protocols at the heart of Zoom’s service and published an illuminating report. It makes for fascinating reading if you’re a geek, but the gist is that their research shows that (contrary to the company’s public claims to the contrary) Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is thus not suitable for sensitive communications. But’s it seems ok for non-sensitive uses.

There are also potential security issues with where Zoom generates and stores cryptographic information. While based in Silicon Valley, Zoom owns three companies in China where its engineers develop the Zoom software. Its AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, are transmitted by Zoom servers to all meeting participants. In some of our tests, our researchers observed these keys being distributed through Zoom servers in China, even when all meeting participants were outside of China. A company primarily catering to North American clients that distributes encryption keys through servers in China is very concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China.

Given the sudden embrace of Zoom by a wide range of sectors across society, it is reasonable to assume that many government’s signals intelligence agencies, as well as criminals, will be subjecting Zoom to the type of analysis we did. Some of them may choose to privately exploit those weaknesses for nefarious purposes and with harmful consequences.

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:

Government communications Proprietary or confidential business activities Healthcare providers handling sensitive / confidential patient information Human rights defenders, lawyers, journalists, and others working on sensitive topics

But the good news is that

For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.

This is a relief because it’s more or less what I’ve been saying to friends and family. It was based on a hunch that the vulnerabilities in the Zoom system would be mainly of interest to state-level actors.

On the other hand, I hadn’t known of the extent to which Zoom’s development work is being done in China, or that data packets and encryption keys seem to pass through servers that are based there. If I were running Zoom, I’d rethink that soonest.

Good advice from Mozilla

Many of the problems that have arisen with Zoom stem from the fact that it has had massive take-up of its free offer — which means that it is now being used by millions of non-technical users who probably know relatively little about online security. So it’s good to see that the Mozilla Foundation (which provides the Firefox browsers) has published some useful tips “to make your Zoom gatherings more private”.

They are:

1. Use your account with the latest version of Zoom. Sign-in and update to the latest version of the Zoom client or app. This will give you access to the meetings that are available to invited participants and ensure that your system has up-to-date security patches.

2. Use password protection. You can make your meetings password protected to prevent people from guessing your room ID and joining.

3. Keep your Personal Meeting ID private. Don’t use your Personal Meeting ID – especially for events you’re broadly publicizing. That will stop people from trying to enter your personal room at other times. Instead, generate a unique meeting ID by scheduling the meeting.

4. “Lock out” uninvited participants. Don’t share Zoom meeting invites or Meeting IDs with anyone you don’t want to join.

5. Utilize the “mute all” feature. Using the “manage participants” function, you can mute all participants. You should not unmute them again without telling them that’s what you’re doing.

6. Stop unwanted content from being shared. You can stop participants from sharing their screen, or if necessary, stop their video. This is helpful if you’re inviting lots of people you don’t necessarily know so that someone can’t maliciously share content – a practice now known as “zoombombing.”

7. Respect chat privacy. Decide ahead of time if you will save the chat or record the video of the meeting and make sure all participants have agreed and know how you plan to use that information. Recording and saving chats may have legal implications so make sure you’ve checked into that before enabling these options.

All good advice.


Quarantine diary — Day 15

Link


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.


Friday 21 March, 2020

If you might find it more useful to get this blog as a daily email, why not subscribe here? (It’s free, and there’s a 1-click unsubscribe). One email, in your inbox at 07:00 every morning.


It’s the Spring Equinox!


Boris Johnson’s fianceé is pregnant and they’re living in the same house. So shouldn’t Johnson be in quarantine too?

After all, the government’s advice is that pregnant women should self-quarantine (even though there doesn’t seem to be any evidence that they are more at risk). Concealing him from public view would at least stop us being subjected to the Bertie Wooster nonsense he talked yesterday about getting this virus blighter beaten in 12 weeks. He sometimes seems incapable of engaging his brain before opening his mouth.


The Net is now vital infrastructure. So it must be protected during this crisis

As more and more people have to stay — or work from — home, the Internet is is now really part of society’s critical infrastructure. So we need to make sure that it can continue to carry the increased load that’s heading its way. That means that, in the end, some uses will have to take priority over others. I’ve been ranting for weeks that HD streaming of entertainment content should be de-prioritised, and was relieved to see that the EU has come round to that view. So it’s good to see that Netflix and YouTube announce that they will reduce streaming quality in Europe for at least the next month to prevent the internet collapsing under the strain of unprecedented usage due to the coronavirus pandemic.

Sky News reports both companies saying that the measures will affect all video streams for 30 days. “We estimate that this will reduce Netflix traffic on European networks by around 25% while also ensuring a good quality service for our members,” a Netflix spokesperson said in a statement. A spokesperson for Google, which owns YouTube, said: “We will continue working with member state governments and network operators to minimize stress on the system, while also delivering a good user experience.”

The Financial Times reports that in Italy, the first country to enact a full lockdown, there has been a three-fold increase in the use of video conferencing, which, alongside streaming and gaming, drove a 75 per cent rise in residential data traffic across broadband and mobile networks during the weekend, according to Telecom Italia. And the Spanish telecoms industry issued a warning at the start of the week to urge consumers to ration their internet usage by streaming and downloading more in off-peak hours.

This is going to get worse. What’s happening — predictably — is that whereas Internet use tended to spike in the evenings, now it’s higher (sometimes much higher) throughout the day. So we now have another curve that we need to “flatten”. And it’s possible, therefore, that the EU will have to revisit its Net Neutrality rules as a consequence.


How to Make Your Own Hand Sanitizer

Recipes from Wired magazine. I think I’ll stick to soap and water.


How will we know when we’re through this?

A question that Steven Levy asked during his interview of Larry Brilliant. (That’s the Larry Brilliant of eradicating smallpox and the famous TED talk about how to deal with pandemics.) His mantra: detect early, and respond early.

Here’s his answer to Levy’s question:

The world is not going to begin to look normal until three things have happened. One, we figure out whether the distribution of this virus looks like an iceberg, which is one-seventh above the water, or a pyramid, where we see everything. If we’re only seeing right now one-seventh of the actual disease because we’re not testing enough, and we’re just blind to it, then we’re in a world of hurt. Two, we have a treatment that works, a vaccine or antiviral. And three, maybe most important, we begin to see large numbers of people—in particular nurses, home health care providers, doctors, policemen, firemen, and teachers who have had the disease—are immune, and we have tested them to know that they are not infectious any longer. And we have a system that identifies them, either a concert wristband or a card with their photograph and some kind of a stamp on it. Then we can be comfortable sending our children back to school, because we know the teacher is not infectious.

The interview is well worth reading in full.

And when you’ve done that, watch his 2006 TED talk. You won’t regret it.


Why do people keep buying Amazon Ring?

I’ve got a good friend who has an Amazon doorbell and seems tickled pink by it. Normally, this would worry me, but he’s a sophisticated techie and I’m sure his security precautions are good.

But that’s definitely not true for most of the thousands of people who are buying the devices.

The New York Times has a helpful piece aimed at these neophytes. It opens with some cautionary notes, though:

The internet-connected doorbell gadget, which lets you watch live video of your front porch through a phone app or website, has gained a reputation as the webcam that spies on you and that has failed to protect your data. Yet people keep buying it in droves.

Ring, which is owned by Amazon and based in Santa Monica, Calif., has generated its share of headlines, including how the company fired four employees over the last four years for watching customers’ videos. Last month, security researchers also found that Ring’s apps contained hidden code, which had shared customer data with third-party marketers. And in December, hackers hijacked the Ring cameras of multiple families, using the devices’ speakers to verbally assault some of them.

Monday 17 February, 2020

Quote of the Day

In this election there are two sides. One side believes in the rule of law, the other doesn’t. Everything else, to be settled later, once the rule-of-law is re-established.

  • Dave Winer

_____________________________ 

My review of Andrew Marantz’s new book — Antisocial

On today’s Guardian. It’s a sobering read.

There has always been a dark undercurrent of white supremacism in some sectors of American culture. It was kept from public view for decades by the editorial gatekeepers of the old media ecosystem. But once the internet arrived, a sophisticated online culture of conspiracy theorists, racists and other malign discontents thrived in cyberspace. But it stayed below the radar until a fully paid-up conspiracy theorist won the Republican nomination. Trump’s candidacy and campaign had the effect of “mainstreaming” that which had previously been largely hidden from view. At which point, the innocent public began to see and experience what Marantz has closely observed, namely the remarkable capabilities of extremist “edgelords” to weaponise YouTube, Twitter and Facebook for destructive purposes.

One of the most depressing things about 2016 was the apparent inability of American journalism to deal with this pollution of the public sphere. In part, this was because they were crippled by their professional standards. It’s not always possible to be even-handed and honest. “The plain fact,” writes Marantz at one point, “was that the alt-right was a racist movement full of creeps and liars. If a newspaper’s house style didn’t allow its reporters to say so, then the house style was preventing its reporters from telling the truth.” Trump’s mastery of Twitter led the news agenda every day, faithfully followed by mainstream media, like beagles following a live trail. And his use of the “fake news” metaphor was masterly: a reminder of why, as Marantz points out, Lügenpresse – “lying press” – was also a favourite epithet of Joseph Goebbels.


Frank Ramsey

Frank Ramsey was a legend in Cambridge as one of the brightest young men of his time. He died tragically young (he was 26) in 1930, from an infection acquired from swimming in the river Cam. Now there’s a new biography of him by Cheryl Misak. Here’s part of her blurb about him:

The economist John Maynard Keynes identified Ramsey as a major talent when he was a mathematics student at Cambridge in the early 1920s. During his undergraduate days, Ramsey demolished Keynes’ theory of probability and C.H. Douglas’s social credit theory; made a valiant attempt at repairing Bertrand Russell’s Principia Mathematica; and translated Ludwig Wittgenstein’s Tractatus Logico-Philosophicus, and wrote a critique of the latter alongside a critical notice of it that still stands as one of the most challenging commentaries of that difficult and influential book.

Keynes, in an impressive show of administrative skill and sleight of hand, made the 21-year-old Ramsey a fellow of King’s College at a time when only someone who had studied there could be a fellow. (Ramsey had done his degree at Trinity).

Ramsey validated Keynes’ judgment. In 1926 he was the first to figure out how to define probability subjectively and invented the expected utility that underpins much of contemporary economics.

I’d never heard of Ramsey until I came on Keynes’s essay on him in his wonderful collection, Essays in Biography, published in 1933. (One of my favourite books, btw.) Given that Keynes himself was ferociously bright, the fact that he had such a high opinion of Ramsey was what made me sit up. Here’s an extract that conveys that:

Seeing all of Frank Ramsey’s logical essays published together, we can perceive quite clearly the direction which is mind was taking. It is a remarkable example of how the young can take up the story at the point to which the previous generation had brought it a little out of breath, and then proceed forward without taking more than about a week thoroughly to digest everything which had been done up to date, and to understand with apparent ease stuff which to anyone even 10 years older seemed hopelessly difficult. One almost has to believe that Ramsay in his nursery year near Magdalene1 was unconsciously absorbing from 1903 to 1914 everything which anyone may have been saying or writing from Trinity.

(Among the people in Trinity College at the time were Bertrand Russell, A.N. Whitehead and Ludwig Wittgenstein.)


The hacking of Jeff Bezos’s phone

Interesting (but — according to other forensic experts — incomplete) technical report into his the Amazon boss’s smartphone was hacked, presumably by someone working for the Saudi Crown Prince.

_____________________________________________ 

Where people have faith in their elections

The U.S. public’s confidence in elections is one of the worst of any wealthy democracy, according to a recently published Gallup poll. It found that a mere 40 percent of Americans have confidence in the honesty of their elections. As low as that figure is, distrust of elections is nothing new for the U.S. public.

The research found that a majority of Americans have had no confidence in the honesty of elections every year since 2012 with the share trusting the process at the ballot box sinking as low as 30 percent during the 2016 presidential campaign. Gallup stated that its 2019 data came at a time when eight U.S. intelligence agencies confirmed allegations of foreign interference in the 2016 presidential election and identified attempts to engage in similar activities during the midterms in 2018.

This chart shows how the U.S. compares to other developed OECD nations with the highest confidence scores recorded across Northern Europe and Finland, Norway and Sweden best-ranked.

Source

_________________________________________ 

David Spiegelhalter: Should We Trust Algorithms?

As the philosopher Onora O’Neill has said (O’Neill, 2013), organizations should not try to be trusted; rather they should aim to demonstrate trustworthiness, which requires honesty, competence, and reliability. This simple but powerful idea has been very influential: the revised Code of Practice for official statistics in the United Kingdom puts Trustworthiness as its first “pillar” (UK Statistics Authority, 2018).

It seems reasonable that, when confronted by an algorithm, we should expect trustworthy claims both:

  • about the system — what the developers say it can do, and how it has been evaluated, and

  • by the system — what it says about a specific case.

Terrific article


  1. Ramsey’s father was Master of Magdalene. 

Friday 14 February, 2020

Bloomberg is going after Trump on his home turf: Facebook

He spent more than $1 million a day on average during the past two weeks on Facebook, according to data compiled by NBC News. The thing is: with a net worth of $61B, he can easily afford to outspend Trump. At one level, this might be reassuring. At another, it’s deeply depressing: it means that only billionaires can play at democracy in the US now. We’re really in Larry Lessig’s Lesterland.


Are unsecured cafe wi-fi networks deliberately hostile to VPNs?

I’m in Bill’s cafe in Cambridge, which offers ‘free’ Wi-Fi — which of course I don’t trust. So I switch on my VPN to find that, mysteriously, it can’t connect to its server. And I’m wondering if this is just some kind of glitch, or a policy by the firm that provides the Wi-Fi. After all, they don’t want clients sending communications that are encrypted and therefore inscrutable for advertising and tracking purposes. In this stuff, only the paranoid survive.


Inside the mind of Dominic Cummings

Cummings is now the UK’s de facto project manager, but what does he actually believe? In a bid to find out, Stefan Collini read (almost) everything Cummings has written in the last decade. His report is fascinating, insightful and thought-provoking. I can say that because I too have been reading Cummings for years. When I say that to people in Cambridge, though, they start to back away — as if I had revealed that I was interested in UFOs. They view Cummings through a blinding haze of visceral dislike. So it’s nice to see a real heavyweight (Collini has written great stuff on CP Snow, the neoliberal ‘reform’ of UK universities and public intellectuals) taking Cummings seriously. Well worth reading in full.


I stumbled across a huge Airbnb scam that’s taking over London

Wonderful piece of investigative reporting by James Temperton in Wired. I don’t use Airbnb but I know lots of people — especially younger folk — who do. Wonder how many of them have bad experiences?


A taxonomy of privacy

Landmark 2006 article by Daniel Solove in the University of Pennsylvania Law Review. I love the way it begins:

Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from “an embarrassment of meanings.”

Yep. And that’s still true — fourteen years later.

Monday 27 January, 2020

Does it make sense to confine Huawei to the ‘non-core’ part of a 5G network?

This seems to be the UK’s fallback position to avoid antagonising the Chinese state (though it won’t mollify the Americans). Bruce Schneier has some interesting things to say about this. Sample:

The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it.

Second, there’s so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems.

Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

Schneier’s view is that “It’s really too late to secure 5G networks”. 5G security, he says,

is just one of the many areas in which near-term corporate profits prevailed against broader social good. In a capitalist free market economy, the only solution is to regulate companies, and the United States has not shown any serious appetite for that.

What’s more, U.S. intelligence agencies like the NSA rely on inadvertent insecurities for their worldwide data collection efforts, and law enforcement agencies like the FBI have even tried to introduce new ones to make their own data collection efforts easier. Again, near-term self-interest has so far triumphed over society’s long-term best interests.

And of course there’s also the fact that there have probably always been US-friendly backdoors in Cisco kit, as this report from the FT the other day suggests.


Sajit Javid and the ‘quiet hegemon‘ he’s clearly never heard about

Javid, who is currently Chancellor of the Exchequer, was grandstanding the other week about how the liberated UK would break free of EU red tape. In an interview with the Financial Times he warned UK manufacturers that “there will not be alignment” with the EU after Brexit and insisted that firms must “adjust” to new regulations.

Not surprisingly, this caused alarm in many business sectors whose prosperity depends on adhering to EU regulations. And so Javid — possibly under instruction from Number 10 — started to row back, saying that the government will only use the freedom to diverge if it thinks the change is worthwhile, and after the pros and cons have weighed up.

The Chancellor has form in shooting his mouth off. I remember that he spoke at the launch of the previous government’s White Paper on online harms. He was then Home Secretary (aka Minister of the Interior) and his speech was less about online harms and more about how he was the tough guy who would stamp out this kind of harm. In effect, it was part of his campaign to replace Theresa May, then on her last legs as Premier.

I viewed his Financial Times interview through the same lens. He’s like Boris Johnson during May’s tenure, perpetually in campaigning mode. There are however, some harsh realities about regulatory divergence that suggest he could be riding for a fall. Today, for example, the CEO of Volvo is reported (by the FT) as saying that certifying his company’s cars for the UK market would not be worth the cost if UK rules diverged significantly from the EU’s. The result, UK consumers would have a smaller range of Volvos to choose from. And there’s an interesting new book out — The Brussels Effect: How the European Union Rules the World by Ann Bradford, an academic study detailing how, in a world increasingly driven by standards, EU standards have quietly become global standards. (Think GDPR.)

In that way, the EU has become a “quiet hegemon” of which it seems the Westminster bubble is blissfully unaware.

Has the NSA really changed its mind?

Hmmm… Fascinating report in today’s NYT:

WASHINGTON — The National Security Agency has taken a significant step toward protecting the world’s computer systems, announcing Tuesday that it alerted Microsoft to a vulnerability in its Windows operating system rather than following the agency’s typical approach of keeping quiet and exploiting the flaw to develop cyberweapons.

The warning allowed Microsoft to develop a patch for the problem and gave the government an early start on fixing the vulnerability. In years past, the National Security Agency has collected all manner of computer vulnerabilities to gain access to digital networks to gather intelligence and generate hacking tools to use against American adversaries.

The foolishness of policy was critically exposed A while back when some of those tools fell into the hands of cybercriminals and other baddies, including North Korean and Russian hackers.

So does this new spirit of cooperative ness signal a real shift in strategy? Or does it just show that the agency was temporarily traumatised by accusations that its unscrupulous collection of vulnerabilities caused hundreds of millions of dollars in damage? Should we believe the declaration by Anne Neuburger, the NSA’s Cybersecurity director, that “We wanted to take a new approach to sharing and also really work to build trust with the cybersecurity community.”

Good news if she’s serious. And the theft of the tools should serve as a warning against governments’ incessant campaign for backdoors into commercial encryption systems.

A real quantum leap?

This is from the FT (behind a paywall) so it came to me via Charles Arthur’s invaluable The Overspill:

A paper by Google’s researchers seen by the FT, that was briefly posted earlier this week on a Nasa website before being removed, claimed that their processor was able to perform a calculation in three minutes and 20 seconds that would take today’s most advanced classical computer, known as Summit, approximately 10,000 years.

The researchers said this meant the “quantum supremacy”, when quantum computers carry out calculations that had previously been impossible, had been achieved.

“This dramatic speed-up relative to all known classical algorithms provides an experimental realisation of quantum supremacy on a computational task and heralds the advent of a much-anticipated computing paradigm,” the authors wrote.

“To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor.”

The system can only perform a single, highly technical calculation, according to the researchers, and the use of quantum machines to solve practical problems is still years away.

But the Google researchers called it “a milestone towards full-scale quantum computing”. They also predicted that the power of quantum machines would expand at a “double exponential rate”, compared to the exponential rate of Moore’s Law, which has driven advances in silicon chips in the first era of computing.

Interesting that the article was withdrawn so precipitously. But really significant if true. After all, current encryption methods are all based on the proposition that some computations are beyond the reach of conventional machines.