Toxic tech?

This morning’s Observer column:

The headline above an essay in a magazine published by the Association of Computing Machinery (ACM) caught my eye. “Facial recognition is the plutonium of AI”, it said. Since plutonium – a by-product of uranium-based nuclear power generation – is one of the most toxic materials known to humankind, this seemed like an alarmist metaphor, so I settled down to read.

The article, by a Microsoft researcher, Luke Stark, argues that facial-recognition technology – one of the current obsessions of the tech industry – is potentially so toxic for the health of human society that it should be treated like plutonium and restricted accordingly. You could spend a lot of time in Silicon Valley before you heard sentiments like these about a technology that enables computers to recognise faces in a photograph or from a camera…

Read on

So WhatsApp isn’t as secure as we supposed?

From The Inquirer:

The end result was the researchers had effectively found ways to hack and exploit WhatsApp.

“By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues,” the researchers explained.

As such, Check Point was able to then carry out three attacks against WhatsApp users, including changing the identity of a sender in a group chat even if they aren’t a member of said chat, changing a correspondent’s reply to effectively fake their response, and sending private messages to a person in a chat group but ensuring that when they respond the whole group sees the reply.

Basically, the attacks could enable malicious actors to sneak into group chats and manipulate conversations and cause communications havoc, and spread misinformation.

Hmmm… They had to do any awful lot of tedious stuff before they were able to pull off those tricks. On the other hand, this is what GCHQ and NSA do all the time, I guess.

Global Warning

I’m reading Nick Harkaway’s new novel, Gnomon which, like Dave Eggars’s The Circle, provides a gripping insight into our surveillance-driven future.

Before publication, Harkaway wrote an interesting blog post about why he embarked on the book. Here’s an excerpt from that post:

I remember the days.

I remember the halcyon days of 2014, when I started writing Gnomon and I thought I was going to produce a short book (ha ha ha) in a kind of Umberto Eco-Winterson-Borges mode, maybe with a dash of Bradbury and PKD, and it would be about realities and unreliable narrators and criminal angels in prisons made of time, and bankers and alchemists, and it would also be a warning about the dangers of creeping authoritarianism. (And no, you’re right: creatively speaking I had NO IDEA what I was getting myself into.)

I remember the luxury of saying “we must be precautionary about surveillance laws, about human rights violations, because one day the liberal democracies might start electing monsters and making bad pathways, and we’ll want solid protections from our governments’ over-reach.”

Oops.

I remember the halcyon days of April 2016 when I thought I’d missed the boat and I hadn’t written a warning at all, but a sort of melancholic state of the nation, and I really did think things might get better from there. Then Brexit came – I was half expecting that – and then Trump – which I was really not – and now here we are, with the UK boiling as May’s government and Corbyn’s Labour sit on their hands and clock ticks down and the negotiating table is blank except for a few sheets of crumpled scrap paper, and the only global certainty seems to be that this US administration will try to wreck every decent thing the international community has attempted in my lifetime, with the occasional connivance of our own leaders when they aren’t busy tearing one another to bits.

And now I’m pretty sure I did write a warning after all.

He did.

A farewell to China

From an interesting parting shot by an American libertarian academic who has taught in China for some years and is now returning home.

China is a rising power but probably more importantly is a deeply illiberal, expansionist, authoritarian, police state opposed to human rights, democracy, free trade, and rule of law. Just as we need to consider the state, speed, and direction of change in the United States, China has been deeply illiberal authoritarian for many years, is becoming increasingly illiberal, and is accelerating the pace of change towards greater control. It both puzzles and concerns me having lived in China for nearly a decade as a public employee to hear Polyanna statements from China “experts” in the United States who talk about the opening and reform of China or refuse to consider the values being promoted. I was left mouth agape once when someone I would consider a liberal internationalist who values human rights informed me he was focused on business and would leave those other issues aside. The values represented by China cannot be divorced from its rise and influence. The rise of China represents a clear and explicit threat not to the United States but to the entirety of liberal democracy, human rights, and open international markets.

We see the world slowly being divided into China supported authoritarian regimes of various stripes that support its creeping illiberalism across a range of areas. The tragedy of modern American foreign policy is the history of active ignorance and refusal to actively confront the Chinese norm or legal violations. The Trump administration is utterly incapable of defending the values and assembling the coalition that would respond to American leadership as they face even greater threats from China.

The concern is not over Chinese access to technology to facilitate economic development for a liberal open state. The concern is over the use of technology to facilitate human rights violations and further cement closed markets. That is a threat for which neither the United States or any other democracy loving country should apologize for.

Even while making allowances for the author’s ideological position, some of his observations about everyday like in China are fascinating — at least to me. For example:

One of the most interesting thing to me was to see how my thinking evolved over time in China. Prior to coming, I was and still am a libertarian leaning professor. I had not given a lot of thought to human rights either in the United States or in China. While many are aware of a variety of the cases that receive attention, I think what struck me is how this filters down into the culture. There is a complete and utter lack of respect for the individual or person in China. People do not have innate value as people simply because they exist. This leads most directly to a lack of respect for the law/rules/norms.

One thing I began to realize over time is, while not German, how law, rule, and norm abiding Americans are with minimal fear of enforcement. Cutting in line [I think this means barging in] is considered extremely rude because there is a sense of fairness and that people have equal rights. In China, line cutting is considered nearly standard operating procedure. There is a common and accepted respect for others even if just it is as simple as standing in line.

In a way, I sympathize with Chairman Xi’s emphasis on rule of law because in my experience laws/rules/norms are simply ignored. They are ignored quietly so as not to embarrass the enforcer, however, frequently, the enforcer knows rules or laws are being ignored but so long as the breaker is not egregious, both parties continue to exist in a state of blissful ignorance. Honesty without force is not normal but an outlier. Lying is utterly common, but telling the truth revolutionary.

I rationalize the silent contempt for the existing rules and laws within China as people not respecting the method for creating and establishing the rules and laws. Rather than confronting the system, a superior, or try good faith attempts to change something, they choose a type of quiet subversion by just ignoring the rule or law. This quickly spreads to virtually every facet of behavior as everything can be rationalized in a myriad of ways.

Before coming to China, I had this idea that China was rigid which in some ways it is, but in reality it is brutally chaotic because there are no rules it is the pure rule of the jungle with unconstrained might imposing their will and all others ignoring laws to behave as they see fit with no sense of morality or respect for right.

If it’s the case — and I believe it is — that American’s position as a global hegemon is eroding, and that China might be its successor, then it’s worth thinking about what that might mean. While many of us are sceptical about — or critical of — aspects of American dominance, we understand and to some extent share many of the values that the Republic embodies (or aspires to). Coming to grips with Chinese hegemony will be traumatic, unless the West has been softened up by generations of home-grown authoritarian rule. (Now a distinct possibility for some of our democracies, I fear). It will be like living in a parallel universe which has a different kind of gravity.

Why surveillance techology is usually better than we realise

This morning’s Observer column:

The images of the moon’s surface coming down from the orbiters were of astonishingly high resolution, good enough to blow up to 40ftx54ft pictures. When Nasa engineers initially stitched the images together they had to hang them in a church to view them. Eventually, they found a hangar where they could be laid on the ground for astronauts to walk on them in stockinged feet in order to search for suitable landing sites. Sign up for Lab Notes – the Guardian’s weekly science update Read more

For decades, nobody outside of Nasa and the US military knew how good these images were. The few that were released for public consumption were heavily degraded and fuzzy. Why? Because the cameras used in the lunar orbiters were derivatives of the cameras used in high-altitude US aerial reconnaissance planes and satellites and the Pentagon didn’t want the Soviets to know the level of detail that could be derived from them.

In a way, we shouldn’t be surprised by this revelation. It’s an old story: powerful states have often possessed more sophisticated surveillance technology than their adversaries – or their citizens – knew or suspected…

Read on

‘Social credit’ in China

This morning’s Observer column:

In the old days, western snobbery led to the complacent view that the Chinese could not originate, only copy. One hears this less now, as visitors to China return goggle-eyed at the extent to which its people have integrated digital technology into daily life. One colleague of mine recently returned exasperated because he had been expected to pay for everything there with his phone. Since he possesses only an ancient Nokia handset, he was unable to comply and had been reduced to mendicant status, having to ask his Chinese hosts to pay for everything.

If the future is digital, therefore, a significant minority of China’s 1.4 billion citizens are already there. More significantly, the country’s technocratic rulers have sussed that digital technology is not just good for making economic transactions frictionless, but also for implementing sophisticated systems of social control.

Read on

Sweeping the Net for… [take your pick]

From Ron Deibert:

The LGBTQ news website, “Gay Today,” is blocked in Bahrain; the website for Greenpeace International is blocked in the UAE; a matrimonial dating website is censored in Afghanistan; all of the World Health Organization’s website, including sub-pages about HIV/AIDS information, is blocked in Kuwait; an entire category of websites labeled “Sex Education,” are all censored in Sudan; in Yemen, an armed faction, the Houthis, orders the country’s main ISP to block regional and news websites.

What’s the common denominator linking these examples of Internet censorship? All of them were undertaken using technology provided by the Canadian company, Netsweeper, Inc.

In a new Citizen Lab report published today, entitled Planet Netsweeper, we map the global proliferation of Netsweeper’s Internet filtering technology to 30 countries. We then focus our analysis on 10 countries with significant human rights, insecurity, or public policy issues in which Netsweeper systems are deployed on large consumer ISPs: Afghanistan, Bahrain, India, Kuwait, Pakistan, Qatar, Somalia, Sudan, UAE, and Yemen. The research was done using a combination of network measurement and in-country testing methods. One method involved scanning every one of the billions of IP addresses on the Internet to search for signatures we have developed for Netsweeper installations (think of it like an x-ray of the Internet).

National-level Internet censorship is a growing norm worldwide. It is also a big business opportunity for companies like Netsweeper. Netsweeper’s Internet filtering service works by dynamically categorizing Internet content, and then providing customers with options to choose categories they wish to block (e.g., “Matrimonial” in Afghanistan and “Sex Education” in Sudan). Customers can also create their own custom lists or add websites to categories of their own choosing.

Netsweeper markets its services to a wide range of clients, from institutions like libraries to large ISPs that control national-level Internet connectivity. Our report highlights problems with the latter, and specifically the problems that arise when Internet filtering services are sold to ISPs in authoritarian regimes, or countries facing insecurity, conflict, human rights abuses, or corruption. In these cases, Netsweeper’s services can easily be abused to help facilitate draconian controls on the public sphere by stifling access to information and freedom of expression.

While there are a few categories that some might consider non-controversial—e.g., filtering of pornography and spam—there are others that definitely are not. For example, Netsweeper offers a filtering category called “Alternative Lifestyles,” in which it appears mostly legitimate LGBTQ content is targeted for convenient blocking. In our testing, we found this category was selected in the United Arab Emirates and was preventing Internet users from accessing the websites of the Gay & Lesbian Alliance Against Defamation (http://www.glaad.org) and the International Foundation for Gender Education (http://www.ifge.org), among many others. This kind of censorship, facilitated by Netsweeper technology, is part of a larger pattern of systemic discrimination, violence, and other human rights abuses against LGBTQ individuals in many parts of the world.

According to the United Nations Guiding Principles on Business and Human Rights, all companies have responsibilities to evaluate and take measures to mitigate the negative human rights impacts of their services on an ongoing basis. Despite many years of reporting and numerous questions from journalists and academics, Netsweeper still fails to take this obligation seriously.

Nothing to hide? But you may still have something to fear.

This morning’s Observer column:

When Edward Snowden first revealed the extent of government surveillance of our online lives, the then foreign secretary, William (now Lord) Hague, immediately trotted out the old chestnut: “If you have nothing to hide, then you have nothing to fear.” This prompted replies along the lines of: “Well then, foreign secretary, can we have that photograph of you shaving while naked?”, which made us laugh, perhaps, but rather diverted us from pondering the absurdity of Hague’s remark. Most people have nothing to hide, but that doesn’t give the state the right to see them as fair game for intrusive surveillance.

During the hoo-ha, one of the spooks with whom I discussed Snowden’s revelations waxed indignant about our coverage of the story. What bugged him (pardon the pun) was the unfairness of having state agencies pilloried, while firms such as Google and Facebook, which, in his opinion, conducted much more intensive surveillance than the NSA or GCHQ, got off scot free. His argument was that he and his colleagues were at least subject to some degree of democratic oversight, but the companies, whose business model is essentially “surveillance capitalism”, were entirely unregulated.

He was right…

Read on

Stuff happens, alas

The Investigatory Powers Act has passed through Parliament and will soon be law. It provides the UK intelligence agencies and police with what the Guardian‘s Ewen MacAskill described as “the most sweeping surveillance powers in the western world” and it passed into law with “barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside”. The Bill’s relatively serene passage through the legislature surprised many in government, and was probably partly due to the fact that the Labour party, under Jeremy Corbyn, seems largely uninterested in its responsibilities as the official opposition.

It’s not all bad news: the Act brings under explicit oversight a whole range of activities that were hitherto carried out under obscure, possibly dodgy, legal provisions and with totally inadequate oversight. So at least you could say that, at last, the activities of the secret state are all in a single piece of legislation.

On the other hand, the powers granted by the Act in relation to data retention are indeed sweeping, and include some new powers to conduct what is euphemistically termed ‘Equipment Interference’ — which is essentially legalised hacking; their inclusion in the Act is in effect an implicit admission that GCHQ and the security services have been doing this stuff anyway for some time.

The Act confirms that the British state’s appetite for fine-grained communications data seems insatiable and is destined to grow. Confronted with this new reality, one celebrated ex-spook once remarked that we are “a keystroke away from totalitarianism”. What he meant is that the information resources now available to states would be a godsend to an authoritarian regime that wasn’t restrained by constitutional niceties, civil liberties or human rights.

When one puts this point to spooks and government officials, however, their instinctive response is to pooh-pooh the idea. It may be technically true, they say, but — come on! — we live in a democracy and the chances of an authoritarian bully gaining power in such a polity are, well, infinitesimal.

Well, that was then and this is now. An authoritarian bully with no apparent respect for the rule of law will become president of the United States on January 20. Given that the British state has a long history of close co-operation with the US national security state, it’s possible that the new powers conferred on British agencies by the Investigatory Powers Act might mean that personal data on British subjects will be slipping noiselessly into the computerised maw of President Trump’s newly-energised security services. If this country had a functioning parliamentary opposition maybe Mrs May’s Bill would have had a rougher passage, and the Act would have been less sweeping. But the opportunity to rein in the surveillance state has been missed for a generation.

Snowden’s impact

Well, well. This from the Intercept:

THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”

Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.