The Internet-of-Things. Or why nobody knows anything round here

Posted on by

There are lies, damn lies, and market research about the ‘Internet of Things’. Latest instalment from the bullshit machine here.

The Internet of Things – all those billions of smart, connected gadgets such as Google’s smart glasses above – should generate a staggering $7.1 trillion in annual sales by 2020, according to a report Tuesday by International Data Corporation.

That’s actually a downgrade from October, when the research firm predicted sales would hit $8.9 trillion. Asked about the revision, IDC Program Vice President Carrie MacGillivray said, “it’s a nascent market” and “we continue to learn daily on how this will all play out.”

Nonetheless, IDC officials remain solidly bullish on the financial windfall being produced by the Internet of Things, which they define as “a network of networks of uniquely identifiable endpoints (or “things) that communicate without human interaction using IP connectivity – be it ‘locally’ or globally.”

The significance of the ECJ ruling

Posted on by

“This time, Washington and its business allies cannot compel Europe to simply submit to U.S. values and interests, as they have in the past to great effect; such as when they pressured European airlines to hand over passenger data for European travellers or European banks to do the same for international money transfers after 9/11. In fact, they now have relatively few ways to influence Europe’s national privacy authorities, and even fewer ways to pressure the European Court of Justice. They may be able to influence forthcoming legislation, but they will not be able to overturn it. Nor can the United States rely on moral force. It is no longer the acknowledged protector of civil liberties on the Internet. To maintain legitimacy, it has to engage with other states that have valid, if different, civil rights concerns.”

From an excellent Foreign Affairs piece by Henry Farrell and Abraham Newman on the implications of the European Court of Justice ruling about the “right to be forgotten”.

The importance of doubt

Posted on by

Now, we scientists … take it for granted that it is perfectly consistent to be unsure — that it is possible to live and not know. But I don’t know whether everyone realizes that this is true. Our freedom to doubt was born of a struggle against authority in the early days of science. It was a very deep and strong struggle. Permit us to question — to doubt, that’s all — not to be sure. And I think it is important that we do not forget the importance of this struggle and thus perhaps lose what we have gained. Here lies a responsibility to society.

Richard Feynman

Why the Economist’s obituaries are so good

Posted on by

I’ve often wondered why the obituaries in the Economist are so good. Now, thanks to a terrific piece by Isabelle Fraser I know: they’re written by a brilliant writer, Anne Wroe.

The subject of the week’s obituary is decided on Monday, and it must be written and polished by Tuesday. This 36-hour window is a marathon attempt to consume as much information as possible. “I just sort of feed it all in. Make a huge great collage in my mind. And then it compresses down terribly: there must be millions of words in there and it just comes down to a thousand.”

Often, Wroe is stepping inside the mind of someone who was utterly obsessive about something, and briefly, their passion must become of great importance to her as well. “There was one man I wrote about who was a carpenter, and he specialized in making drawers. It’s quite difficult to get drawers to go in and out smoothly, and you can understand how that could become an obsession. So I had to learn how to make them as well, and find out which woods were best. I had to be just as enthusiastic about how to do it as he was.”

“I think the hardest one was when I did Ingmar Bergman,” she says. “I had to spend the whole night watching the movies, and by the end I was suicidal. They were so dark, and they were getting darker and darker.” She compares it to an Oxford tutorial essay, a kind of fast-paced cramming. “The writers are horrifying; I absolutely dread it when the writers die. There’s such a lot to read!”

Wroe insists on only reading source material by her subject. “I never go to any books written by anybody else. I go to the words on the paper, their diaries. I think it’s the only way to do it, because that’s the voice that has disappeared.”

Can Google really keep our email private?

Posted on by

This morning’s Observer column.

So Google has decided to provide end-to-end encryption for any of its Gmail users who wants it. One could ask “what took you so long?” but that would be churlish. (Some of us were unkind enough to suspect that the reluctance might have been due to, er, commercial considerations: after all, if Gmail messages are properly encrypted, then Google’s computers can’t read the content in order to decide what ads to display alongside them.) But let us be charitable and thankful for small mercies. The code for the service is out for testing and won’t be made freely available until it’s passed the scrutiny of the geek community, but still it’s a significant moment, for which we have Edward Snowden to thank.

The technology that Google will use is public key encryption, and it’s been around for a long time and publicly available ever since 1991, when Phil Zimmermann created PGP (which stands for pretty good privacy)…

Read on

LATER Email from Cory Doctorow:

Wanted to say that I think it’s a misconception that Goog can’t do targeted ads alongside encrypted email. Google knows an awful lot about Gmail users: location, browsing history, clicking history, search history. It can also derive a lot of information about a given email from the metadata: sending, CC list, and subject line. All of that will give them tons of ways to target advertising to Gmail users – — they’re just subtracting one signal from the overall system through which they make their ad-customization calculations.

So the cost of not being evil is even lower than I had supposed!

STILL LATER
This from Business Insider:

Inside the code for Google’s End-to-End email encryption extension for Chrome, there’s a message that should sound very familiar to the NSA: “SSL-added-and-removed-here-;-)”

Followers of this blog will recognise this as quote from a slide leaked by Edward Snowden.

google-cloud-exploitation1383148810

This comes from a slide-deck about the ‘Muscular’ program (who thinks up these daft names?), which allowed Britain’s GCHQ intelligence service and the NSA to pull data directly from Google servers outside of the U.S. The cheeky tone of the slide apparently enraged some Google engineers, which I guess explains why a reference to it resides in the Gmail encryption code.

Snowden + 1: reflections on a sobering year

Posted on by

It’s a year today since the first of Edward Snowden’s revelations about global surveillance appeared. All over the world there are events marking the anniversary, so it seems a good time to take stock.

First, some ground-clearing.

  1. I’ve been saying almost from the beginning that Snowden is not the story. It follows that whether one regards him as a hero or a villain is moot. What matters is what he has revealed about the state of our networked world.
  2. I don’t think there’s much mileage either in demonising the security agencies. They’re doing a job that’s been specified for them by their political masters. There are, of course, always grounds for being suspicious of secretive agencies, and there’s plenty of evidence of past wrongdoing in MI5/6, the CIA, the FBI and our own dear Metropolitan Police (and maybe also the NSA, though I’m not up to speed on its history in that regard). Maybe there are rogue elements loose in their contemporary manifestations, but what Snowden has revealed is so systemic and large-scale as to relegate individual malfeasance to the status of noise in the signal. The buck we are dealing with at the moment stops with the politicians: the missions they have tasked the agencies with carrying out, the laws they have made and the ‘oversight’ mechanisms they have devised and are now operating. (That’s not to say that the agencies are blameless, by the way, or that they don’t play a hidden role in lawmaking. I’m sure that, for example, the UK Regulation of Investigatory Powers Act owed quite a lot to internal lobbying by GCHQ and MI5. But in terms of the post-Snowden fallout, that’s a secondary issue just at the moment.)
  3. The official protestations that if Snowden had been a serious whistleblower then he should have confided his concerns to his superiors is laughable cant. Does anybody seriously believe that we would be having the debates we’re having if Snowden hadn’t done what he’s done? In this context, the experience of William Binney is key. He saw what was happening (ie that the NSA was spying on American citizens using the tools that he had designed) and resigned from the Agency. Nothing happened. Nothing.

Having got that stuff out of he way, where are we now?

My colleague David Runciman makes a useful distinction between scandals and crises. Scandals happen all the time in democracies; they generate violent controversies, lots of media coverage and maybe public discussion. But they pass and nothing much changes. Normal life resumes. Crises, on the other hand, do eventually lead to significant reform or change. When the British phone-hacking story broke, many of us felt that it was a genuine crisis that would lead to significant change in the way the tabloid newspapers behaved. But now it looks as though it was just a scandal, because nothing significant will have changed, despite the Leveson Inquiry and its aftermath. The newspaper industry will continue to ‘regulate’ itself, and the newspapers will continue to behave badly.

The big question about the surveillance controversy, therefore, is whether it is a scandal or a crisis. And my reading of events to date is not encouraging: it will turn out to have been a scandal, not a crisis, because I can see no evidence that the relevant governments have any intention of changing their practices. That’s not to say that there haven’t been flurries of activity. Obama set up his famous Intelligence Review Panel of five wise men (all of them insiders, of course), and they duly produced a 300-page report with its 46 recommendations for consideration by the administration. But a close reading of Obama’s recent speech and the resulting Presidential Policy Directive suggests that nothing fundamental is going the change.

As Benjamin Wittes of the Brookings Institution puts it,

“In his speech Obama squarely aligns himself with the intelligence community’s own central narrative of recent events: Its activities are essential, the president says; its activities are lawful and non-abusive (mistakes notwithstanding); and the community’s critics will hold it accountable for failures to connect the dots just as breezily as they now hold it accountable for the use of available tools to connect those dots.

That said, Obama goes on, we need changes. But Obama is careful to describe the reasons we need changes. It’s not to rein in an out of control intelligence community. It’s because “for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.”

What that means is that the US will unapologetically continue its bulk collection and other programmes; continue to ignore the privacy rights of non-Americans; and so on. The mood music is different, of course; lip-service is paid to the need to be respectful of others, etc. But in the end, the national security of the United States trumps everything.

It will be the same story in Britain. The Intelligence Services Committee has launched an investigation, the results of which are not yet available. My hunch is that while there will be more soothing mood music, along the lines essayed by the Chairman of the Committee, Sir Malcolm Rifkind, in his recent Wadham Lecture at Oxford which concluded thus:

True public servants operate with noble motivations, lawful authority, and subject to rigorous oversight. These are the values that distinguish public servants from a public threat. That is how those who work for our intelligence agencies see themselves. That is how most of the public see them. That has been my own experience seeing them at work over a number of years. It is in all our interests that that should remain their justified reputation in the Internet Age.

In practice, therefore, there will be no substantial change. We will continue to have ‘oversight theatre’ rather than rigorous democratic accountability. And I expect that the Foreign Secretary will continue to intone his if-you-have-nothing-to-hide-then-you-have-nothing-to-fear mantra. And all this will be tolerated because the Great British Public appears to be largely relaxed about the whole business.

The only developments that might transform it from a scandal into a crisis are (a) possible action by the EU or by some European governments (notably Germany); (b) really vigorous pushback by the American Internet giants who are concerned about the long-term damage that the Snowden revelations is inflicting on their businesses; and (c) intensive technological resistance by engineering and Internet community activists.

On (a), I’ll believe it when I see it. In this respect, when EU governments are confronted with a bleak choice between confronting an implacable United States and doing nothing, most — even Germany — will choose the latter course. On (b) we’re seeing steps like Google offering end-to-end encryption for Gmail users, implementing perfect forward secrecy on communications between its server farms and laying its own intercontinental fibre-optic cables. But the companies are inextricably compromised in all this because they’re all in the same business as the NSA — comprehensive, intensive surveillance. And on (c) we see tech resistance like the IETF’s determination to insert more encryption in the Internet’s internal workings, which is a bit like putting treacle into the NSA’s surveillance machine, vigorous calls to arms by sages like Eben Moglen and renewed calls to citizens to use TOR and other protective technologies.

All good stuff, which I hope will have beneficial effects. But without political change — which will only happen if, in the end, there is widespread and palpable public concern and outrage — these reactions will have only limited impact. One of the mistakes that we techno-utopians made was to assume that technology would eventually trump politics. I remember thinking that when PGP first appeared in the early 1990s. At last the average citizen could have the same privacy from government (and other snooping) that the state had hitherto reserved for itself. And then along came the aforementioned RIPA in 2000 with its provision that a duly-authorised agent of the Home Secretary (aka Minister of the Interior) could demand that one hand over one’s encryption keys or face a gaol sentence of two years. For most people, caving in would be a no-brainer. And suddenly technology didn’t look so omnipotent after all.

So a bleak — but I fear realistic — conclusion is that the national surveillance state is here to stay. Our democracies seem unwilling, or unable, to choose a different path. If that’s true, then we need to start thinking about what lies ahead. What we’re likely to see is the emergence of a bi-polar world in which there are two competing surveillance empires: one run by the US and its allies, the other run by the Chinese. Think of it as Apple’s IoS and Google’s Android. In those circumstances, the stuff that Ross Anderson has been writing recently suddenly seems very apposite. In a surveillance ‘market’, Ross asks, why shouldn’t the network effects that dominate commercial competition in information markets come into play? “The Snowden papers”, he writes,

reveal that the modern world of signals intelligence exhibits strong network effects which cause surveillance platforms to behave much like operating systems or social networks. So while India used to be happy to buy warplanes from Russia (and they still do), they now share intelligence with the NSA as it has the bigger network. Networks also tend to merge, so we see the convergence of intelligence with law enforcement everywhere, from PRISM to the UK Communications Data Bill.

There is an interesting cultural split in that while the IT industry understands network effects extremely well, the international relations community pays almost no attention to it. So it’s not just a matter of the left coast thinking Snowden a whistleblower and the right coast thinking him a traitor; there is a real gap in the underlying conceptual analysis.

That is a shame. The global surveillance network that’s currently being built by the NSA, GCHQ and its collaborator agencies in dozens of countries may become a new international institution, like the World Bank or the United Nations, but more influential and rather harder to govern. And just as Britain’s imperial network of telegraph and telephone cables survived the demise of empire, so the global surveillance network may survive America’s pre-eminence. Mr Obama might care to stop and wonder whether the amount of privacy he extends to a farmer in the Punjab today might be correlated with what amount of privacy the ruler of China will extend to his grandchildren in fifty years’ time. What goes around, comes around.

It sure does.