Why do people keep buying Amazon Ring?

I’ve got a good friend who has an Amazon doorbell and seems tickled pink by it. Normally, this would worry me, but he’s a sophisticated techie and I’m sure his security precautions are good.

But that’s definitely not true for most of the thousands of people who are buying the devices.

The New York Times has a helpful piece aimed at these neophytes. It opens with some cautionary notes, though:

The internet-connected doorbell gadget, which lets you watch live video of your front porch through a phone app or website, has gained a reputation as the webcam that spies on you and that has failed to protect your data. Yet people keep buying it in droves.

Ring, which is owned by Amazon and based in Santa Monica, Calif., has generated its share of headlines, including how the company fired four employees over the last four years for watching customers’ videos. Last month, security researchers also found that Ring’s apps contained hidden code, which had shared customer data with third-party marketers. And in December, hackers hijacked the Ring cameras of multiple families, using the devices’ speakers to verbally assault some of them.

Monday 17 February, 2020

Quote of the Day

In this election there are two sides. One side believes in the rule of law, the other doesn’t. Everything else, to be settled later, once the rule-of-law is re-established.

  • Dave Winer

_____________________________ 

My review of Andrew Marantz’s new book — Antisocial

On today’s Guardian. It’s a sobering read.

There has always been a dark undercurrent of white supremacism in some sectors of American culture. It was kept from public view for decades by the editorial gatekeepers of the old media ecosystem. But once the internet arrived, a sophisticated online culture of conspiracy theorists, racists and other malign discontents thrived in cyberspace. But it stayed below the radar until a fully paid-up conspiracy theorist won the Republican nomination. Trump’s candidacy and campaign had the effect of “mainstreaming” that which had previously been largely hidden from view. At which point, the innocent public began to see and experience what Marantz has closely observed, namely the remarkable capabilities of extremist “edgelords” to weaponise YouTube, Twitter and Facebook for destructive purposes.

One of the most depressing things about 2016 was the apparent inability of American journalism to deal with this pollution of the public sphere. In part, this was because they were crippled by their professional standards. It’s not always possible to be even-handed and honest. “The plain fact,” writes Marantz at one point, “was that the alt-right was a racist movement full of creeps and liars. If a newspaper’s house style didn’t allow its reporters to say so, then the house style was preventing its reporters from telling the truth.” Trump’s mastery of Twitter led the news agenda every day, faithfully followed by mainstream media, like beagles following a live trail. And his use of the “fake news” metaphor was masterly: a reminder of why, as Marantz points out, Lügenpresse – “lying press” – was also a favourite epithet of Joseph Goebbels.


Frank Ramsey

Frank Ramsey was a legend in Cambridge as one of the brightest young men of his time. He died tragically young (he was 26) in 1930, from an infection acquired from swimming in the river Cam. Now there’s a new biography of him by Cheryl Misak. Here’s part of her blurb about him:

The economist John Maynard Keynes identified Ramsey as a major talent when he was a mathematics student at Cambridge in the early 1920s. During his undergraduate days, Ramsey demolished Keynes’ theory of probability and C.H. Douglas’s social credit theory; made a valiant attempt at repairing Bertrand Russell’s Principia Mathematica; and translated Ludwig Wittgenstein’s Tractatus Logico-Philosophicus, and wrote a critique of the latter alongside a critical notice of it that still stands as one of the most challenging commentaries of that difficult and influential book.

Keynes, in an impressive show of administrative skill and sleight of hand, made the 21-year-old Ramsey a fellow of King’s College at a time when only someone who had studied there could be a fellow. (Ramsey had done his degree at Trinity).

Ramsey validated Keynes’ judgment. In 1926 he was the first to figure out how to define probability subjectively and invented the expected utility that underpins much of contemporary economics.

I’d never heard of Ramsey until I came on Keynes’s essay on him in his wonderful collection, Essays in Biography, published in 1933. (One of my favourite books, btw.) Given that Keynes himself was ferociously bright, the fact that he had such a high opinion of Ramsey was what made me sit up. Here’s an extract that conveys that:

Seeing all of Frank Ramsey’s logical essays published together, we can perceive quite clearly the direction which is mind was taking. It is a remarkable example of how the young can take up the story at the point to which the previous generation had brought it a little out of breath, and then proceed forward without taking more than about a week thoroughly to digest everything which had been done up to date, and to understand with apparent ease stuff which to anyone even 10 years older seemed hopelessly difficult. One almost has to believe that Ramsay in his nursery year near Magdalene1 was unconsciously absorbing from 1903 to 1914 everything which anyone may have been saying or writing from Trinity.

(Among the people in Trinity College at the time were Bertrand Russell, A.N. Whitehead and Ludwig Wittgenstein.)


The hacking of Jeff Bezos’s phone

Interesting (but — according to other forensic experts — incomplete) technical report into his the Amazon boss’s smartphone was hacked, presumably by someone working for the Saudi Crown Prince.

_____________________________________________ 

Where people have faith in their elections

The U.S. public’s confidence in elections is one of the worst of any wealthy democracy, according to a recently published Gallup poll. It found that a mere 40 percent of Americans have confidence in the honesty of their elections. As low as that figure is, distrust of elections is nothing new for the U.S. public.

The research found that a majority of Americans have had no confidence in the honesty of elections every year since 2012 with the share trusting the process at the ballot box sinking as low as 30 percent during the 2016 presidential campaign. Gallup stated that its 2019 data came at a time when eight U.S. intelligence agencies confirmed allegations of foreign interference in the 2016 presidential election and identified attempts to engage in similar activities during the midterms in 2018.

This chart shows how the U.S. compares to other developed OECD nations with the highest confidence scores recorded across Northern Europe and Finland, Norway and Sweden best-ranked.

Source

_________________________________________ 

David Spiegelhalter: Should We Trust Algorithms?

As the philosopher Onora O’Neill has said (O’Neill, 2013), organizations should not try to be trusted; rather they should aim to demonstrate trustworthiness, which requires honesty, competence, and reliability. This simple but powerful idea has been very influential: the revised Code of Practice for official statistics in the United Kingdom puts Trustworthiness as its first “pillar” (UK Statistics Authority, 2018).

It seems reasonable that, when confronted by an algorithm, we should expect trustworthy claims both:

  • about the system — what the developers say it can do, and how it has been evaluated, and

  • by the system — what it says about a specific case.

Terrific article


  1. Ramsey’s father was Master of Magdalene. 

Friday 14 February, 2020

Bloomberg is going after Trump on his home turf: Facebook

He spent more than $1 million a day on average during the past two weeks on Facebook, according to data compiled by NBC News. The thing is: with a net worth of $61B, he can easily afford to outspend Trump. At one level, this might be reassuring. At another, it’s deeply depressing: it means that only billionaires can play at democracy in the US now. We’re really in Larry Lessig’s Lesterland.


Are unsecured cafe wi-fi networks deliberately hostile to VPNs?

I’m in Bill’s cafe in Cambridge, which offers ‘free’ Wi-Fi — which of course I don’t trust. So I switch on my VPN to find that, mysteriously, it can’t connect to its server. And I’m wondering if this is just some kind of glitch, or a policy by the firm that provides the Wi-Fi. After all, they don’t want clients sending communications that are encrypted and therefore inscrutable for advertising and tracking purposes. In this stuff, only the paranoid survive.


Inside the mind of Dominic Cummings

Cummings is now the UK’s de facto project manager, but what does he actually believe? In a bid to find out, Stefan Collini read (almost) everything Cummings has written in the last decade. His report is fascinating, insightful and thought-provoking. I can say that because I too have been reading Cummings for years. When I say that to people in Cambridge, though, they start to back away — as if I had revealed that I was interested in UFOs. They view Cummings through a blinding haze of visceral dislike. So it’s nice to see a real heavyweight (Collini has written great stuff on CP Snow, the neoliberal ‘reform’ of UK universities and public intellectuals) taking Cummings seriously. Well worth reading in full.


I stumbled across a huge Airbnb scam that’s taking over London

Wonderful piece of investigative reporting by James Temperton in Wired. I don’t use Airbnb but I know lots of people — especially younger folk — who do. Wonder how many of them have bad experiences?


A taxonomy of privacy

Landmark 2006 article by Daniel Solove in the University of Pennsylvania Law Review. I love the way it begins:

Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from “an embarrassment of meanings.”

Yep. And that’s still true — fourteen years later.

Monday 27 January, 2020

Does it make sense to confine Huawei to the ‘non-core’ part of a 5G network?

This seems to be the UK’s fallback position to avoid antagonising the Chinese state (though it won’t mollify the Americans). Bruce Schneier has some interesting things to say about this. Sample:

The 5G security problems are threefold. First, the standards are simply too complex to implement securely. This is true for all software, but the 5G protocols offer particular difficulties. Because of how it is designed, the system blurs the wireless portion of the network connecting phones with base stations and the core portion that routes data around the world. Additionally, much of the network is virtualized, meaning that it will rely on software running on dynamically configurable hardware. This design dramatically increases the points vulnerable to attack, as does the expected massive increase in both things connected to the network and the data flying about it.

Second, there’s so much backward compatibility built into the 5G network that older vulnerabilities remain. 5G is an evolution of the decade-old 4G network, and most networks will mix generations. Without the ability to do a clean break from 4G to 5G, it will simply be impossible to improve security in some areas. Attackers may be able to force 5G systems to use more vulnerable 4G protocols, for example, and 5G networks will inherit many existing problems.

Third, the 5G standards committees missed many opportunities to improve security. Many of the new security features in 5G are optional, and network operators can choose not to implement them. The same happened with 4G; operators even ignored security features defined as mandatory in the standard because implementing them was expensive. But even worse, for 5G, development, performance, cost, and time to market were all prioritized over security, which was treated as an afterthought.

Schneier’s view is that “It’s really too late to secure 5G networks”. 5G security, he says,

is just one of the many areas in which near-term corporate profits prevailed against broader social good. In a capitalist free market economy, the only solution is to regulate companies, and the United States has not shown any serious appetite for that.

What’s more, U.S. intelligence agencies like the NSA rely on inadvertent insecurities for their worldwide data collection efforts, and law enforcement agencies like the FBI have even tried to introduce new ones to make their own data collection efforts easier. Again, near-term self-interest has so far triumphed over society’s long-term best interests.

And of course there’s also the fact that there have probably always been US-friendly backdoors in Cisco kit, as this report from the FT the other day suggests.


Sajit Javid and the ‘quiet hegemon‘ he’s clearly never heard about

Javid, who is currently Chancellor of the Exchequer, was grandstanding the other week about how the liberated UK would break free of EU red tape. In an interview with the Financial Times he warned UK manufacturers that “there will not be alignment” with the EU after Brexit and insisted that firms must “adjust” to new regulations.

Not surprisingly, this caused alarm in many business sectors whose prosperity depends on adhering to EU regulations. And so Javid — possibly under instruction from Number 10 — started to row back, saying that the government will only use the freedom to diverge if it thinks the change is worthwhile, and after the pros and cons have weighed up.

The Chancellor has form in shooting his mouth off. I remember that he spoke at the launch of the previous government’s White Paper on online harms. He was then Home Secretary (aka Minister of the Interior) and his speech was less about online harms and more about how he was the tough guy who would stamp out this kind of harm. In effect, it was part of his campaign to replace Theresa May, then on her last legs as Premier.

I viewed his Financial Times interview through the same lens. He’s like Boris Johnson during May’s tenure, perpetually in campaigning mode. There are however, some harsh realities about regulatory divergence that suggest he could be riding for a fall. Today, for example, the CEO of Volvo is reported (by the FT) as saying that certifying his company’s cars for the UK market would not be worth the cost if UK rules diverged significantly from the EU’s. The result, UK consumers would have a smaller range of Volvos to choose from. And there’s an interesting new book out — The Brussels Effect: How the European Union Rules the World by Ann Bradford, an academic study detailing how, in a world increasingly driven by standards, EU standards have quietly become global standards. (Think GDPR.)

In that way, the EU has become a “quiet hegemon” of which it seems the Westminster bubble is blissfully unaware.

Has the NSA really changed its mind?

Hmmm… Fascinating report in today’s NYT:

WASHINGTON — The National Security Agency has taken a significant step toward protecting the world’s computer systems, announcing Tuesday that it alerted Microsoft to a vulnerability in its Windows operating system rather than following the agency’s typical approach of keeping quiet and exploiting the flaw to develop cyberweapons.

The warning allowed Microsoft to develop a patch for the problem and gave the government an early start on fixing the vulnerability. In years past, the National Security Agency has collected all manner of computer vulnerabilities to gain access to digital networks to gather intelligence and generate hacking tools to use against American adversaries.

The foolishness of policy was critically exposed A while back when some of those tools fell into the hands of cybercriminals and other baddies, including North Korean and Russian hackers.

So does this new spirit of cooperative ness signal a real shift in strategy? Or does it just show that the agency was temporarily traumatised by accusations that its unscrupulous collection of vulnerabilities caused hundreds of millions of dollars in damage? Should we believe the declaration by Anne Neuburger, the NSA’s Cybersecurity director, that “We wanted to take a new approach to sharing and also really work to build trust with the cybersecurity community.”

Good news if she’s serious. And the theft of the tools should serve as a warning against governments’ incessant campaign for backdoors into commercial encryption systems.

A real quantum leap?

This is from the FT (behind a paywall) so it came to me via Charles Arthur’s invaluable The Overspill:

A paper by Google’s researchers seen by the FT, that was briefly posted earlier this week on a Nasa website before being removed, claimed that their processor was able to perform a calculation in three minutes and 20 seconds that would take today’s most advanced classical computer, known as Summit, approximately 10,000 years.

The researchers said this meant the “quantum supremacy”, when quantum computers carry out calculations that had previously been impossible, had been achieved.

“This dramatic speed-up relative to all known classical algorithms provides an experimental realisation of quantum supremacy on a computational task and heralds the advent of a much-anticipated computing paradigm,” the authors wrote.

“To our knowledge, this experiment marks the first computation that can only be performed on a quantum processor.”

The system can only perform a single, highly technical calculation, according to the researchers, and the use of quantum machines to solve practical problems is still years away.

But the Google researchers called it “a milestone towards full-scale quantum computing”. They also predicted that the power of quantum machines would expand at a “double exponential rate”, compared to the exponential rate of Moore’s Law, which has driven advances in silicon chips in the first era of computing.

Interesting that the article was withdrawn so precipitously. But really significant if true. After all, current encryption methods are all based on the proposition that some computations are beyond the reach of conventional machines.

Zero-days and the iPhone

This morning’s Observer column:

Whenever there’s something that some people value, there will be a marketplace for it. A few years ago, I spent a fascinating hour with a detective exploring the online marketplaces that exist in the so-called “dark web” (shorthand for the parts of the web you can only get to with a Tor browser and some useful addresses). The marketplaces we were interested in were ones in which stolen credit card details and other confidential data are traded.

What struck me most was the apparent normality of it all. It’s basically eBay for crooks. There are sellers offering goods (ranges of stolen card details, Facebook, Gmail and other logins etc) and punters interested in purchasing same. Different categories of these stolen goods are more or less expensive. (The most expensive logins, as I remember it, were for PayPal). But the funniest thing of all was that some of the marketplaces operated a “reputation” system, just like eBay’s. Some vendors had 90%-plus ratings for reliability etc. Some purchasers likewise. Others were less highly regarded. So, one reflected, there really is honour among thieves.

But it’s not just credit cards and logins that are valuable in this underworld…

Read on

Want a job? There’s a great future in cybersecurity

From an interesting New Yorker piece by Sue Halpern:

There are currently more than three hundred thousand unfilled cybersecurity jobs in both government and the private sector in the United States alone. Worldwide, the number is expected to be three and a half million by 2021; that year, cybercrime is expected to cost six trillion dollars. Even the United States military is at risk, according to last year’s Defense Department Inspector General report, which found that insecure systems left the country susceptible to missile attacks. This year’s cybersecurity-readiness review of the Navy found that “competitors and potential adversaries have exploited [Department of the Navy] information systems, penetrated its defenses, and stolen massive amounts of national security” intellectual property. And, of course, as we now know, our elections, the essential engine of our democracy, are also poorly defended. “I don’t think any of us are questioning the fact that there is a lack of cybersecurity professionals across the board, in all different types of professions,” Emmel said.

Halpern’s piece was sparked by the fact that, this summer,

the N.S.A. is running a hundred and twenty-two cybersecurity camps across the country. There are camps for girls in South Dakota, Maryland, Puerto Rico, and South Carolina; a camp in Pennsylvania that simulates an airport hack; and one in Georgia that disarms a car hacking. On the last Monday in July, as news broke that a hundred million Capital One bank accounts had been breached, I attended Camp CryptoBot, at Pace University’s Westchester campus, the only cyber camp affiliated with the Navy. A few years ago, the camp director, Pauline Mosley, a professor of information technology, found herself sitting next to an admiral at a conference and used the opportunity to deploy her pre-digital networking skills.

GCHQ, are you listening?

Sheep, goats and hotel WiFi

This morning’s Observer column:

You’ve just arrived at the hotel after a delayed flight and a half-hour wrangle with the car-hire firm. And then you remember that you’ve forgotten to pay last month’s credit card bill, and there’ll be an interest charge if you wait until you’re back at base. But – hey! – you can do it online and help is at hand. The receptionist is welcoming and helpful. They have wifi and it’s free. Relieved, you ask for the password. “Oh, you don’t need one,” he replies. “Just type in your room number and click the box.”

Phew! Problem solved. Er, not necessarily. At this point the human race divides into two groups. Call them sheep and goats. Sheep are sweet, trusting folks who like to think well of their fellow humans. Surely that helpful receptionist would not knowingly offer a dangerous service. Also, they find digital technology baffling and intimidating. And they cannot imagine why anything they do online might be of interest to anyone.
2017’s top business stories: Whole Foods, hackers and a giant rabbit
Read more

Goats, on the other hand, have nasty, suspicious minds…

Read on

The significance of the WhatsApp hack

This morning’s Observer column:

When Edward Snowden broke cover in the summer of 2013 and a team of Guardian journalists met up with him in his Hong Kong hotel, he insisted not only that they switch off their mobile phones but also that they put the devices into a fridge. This precaution suggested that Snowden had some special insight into the hacking powers of the NSA, specifically that the agency had developed techniques for covertly taking over a mobile phone and using it as a tracking and recording device. To anyone familiar with the capabilities of agencies such as the NSA or GCHQ, this seemed plausible. And in fact, some years later, such capabilities were explicitly deemed necessary and permissible (as “equipment interference”) in the Investigatory Powers Act 2016.

When Snowden was talking to the reporters in Hong Kong, WhatsApp was a four-year-old startup with an honest business model (people paid for the app), about 200m active users and a valuation of $1.5bn. In February 2014, Facebook bought the company for $19bn and everything changed. WhatsApp grew exponentially to its present ubiquity: it has more than 1.5 billion users and has spread like a rash over the entire planet.

Among its attractions is that it offers users effortless end-to-end encryption for their communications, thereby enhancing their privacy…

Read on