Ivory towers in late afternoon light

Posted on by

Ivory towers in late afternoon light, originally uploaded by jjn1.

Having written the heading I suddenly wondered where the term “ivory towers” comes from. Wikipedia says it has a Biblical origin (from the Song of Solomon) but,

From the 19th century it has been used to designate a world or atmosphere where intellectuals engage in pursuits that are disconnected from the practical concerns of everyday life. As such, it usually carries pejorative connotations of a willful disconnect from the everyday world; esoteric, over-specialized, or even useless research; and academic elitism, if not outright condescension. In American English usage it is also used as shorthand for academia or the university, particularly departments of the humanities.

Casuistry, algorithms and surveillance

Posted on by

One of the reasons the political establishment and intelligence community are so unapologetic about the bulk collection of metadata and other personal information is because they cling to a particular interpretation of what “collecting” means. In this interpretation, hoovering up data and storing it in data-centres does not constitute “collecting”. Only when a human looks at a particular data point is it actually “collected”.

Here’s how Brice Schneier puts it:

And the word “collect” has a very special definition, according to the Department of Defense (DoD). A 1982 procedures manual (pdf; page 15) says: “information shall be considered as ‘collected’ only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties.” And “data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.”

Director of National Intelligence James Clapper likened the NSA’s accumulation of data to a library. All those books are stored on the shelves, but very few are actually read. “So the task for us in the interest of preserving security and preserving civil liberties and privacy,” says Clapper, “is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.” Only when an individual book is read does it count as “collection,” in government parlance.

So, think of that friend of yours who has thousands of books in his house. According to the NSA, he’s not actually “collecting” books. He’s doing something else with them, and the only books he can claim to have “collected” are the ones he’s actually read.

This is why Clapper claims — to this day — that he didn’t lie in a Senate hearing when he replied “no” to this question: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

If the NSA collects — I’m using the everyday definition of the word here — all of the contents of everyone’s e-mail, it doesn’t count it as being collected in NSA terms until someone reads it. And if it collects — I’m sorry, but that’s really the correct word — everyone’s phone records or location information and stores it in an enormous database, that doesn’t count as being collected — NSA definition — until someone looks at it. If the agency uses computers to search those emails for keywords, or correlates that location information for relationships between people, it doesn’t count as collection, either. Only when those computers spit out a particular person has the data — in NSA terms — actually been collected.

There’s a word for this: casuistry. And it’s not just the preserve of politicians and intelligence agencies. Google & Co are just as bad — as when the Google executive quoted by Schneier says “”Worrying about a computer reading your email is like worrying about your dog seeing you naked.”

To which Schneier replies:

when you’re watched by a dog, you know that what you’re doing will go no further than the dog. The dog can’t remember the details of what you’ve done. The dog can’t tell anyone else. When you’re watched by a computer, that’s not true. You might be told that the computer isn’t saving a copy of the video, but you have no assurance that that’s true. You might be told that the computer won’t alert a person if it perceives something of interest, but you can’t know if that’s true. You do know that the computer is making decisions based on what it receives, and you have no way of confirming that no human being will access that decision. When a computer stores your data, there’s always a risk of exposure. There’s the risk of accidental exposure, when some hacker or criminal breaks in and steals the data. There’s the risk of purposeful exposure, when the organization that has your data uses it in some manner. And there’s the risk that another organization will demand access to the data. The FBI can serve a National Security Letter on Google, demanding details on your email and browsing habits. There isn’t a court order in the world that can get that information out of your dog.

Yep.

Even if Bitcoin bites the dust, the genie’s out of the bottle

Posted on by

This morning’s Observer column

If I had a bitcoin for every person I’ve met in the past six months who told me that bitcoin is a scam then I’d be a rich man. Or a poor one, depending in which day of the week we’re talking about. Watching the exchange rate for bitcoins over the past month is like seeing the outline of a rollercoaster on the horizon. On 7 January, for example, a bitcoin was trading at $934; by 27 February it was down to $528; and on 5 March it was $678. So I guess that if you were “investing” (ie speculating) in the things, you’d feel as sick as any Alton Towers customer on a bad day.

But here’s the really strange thing: while “normal” people – and many mainstream journalists – seem to think that this bitcoin stuff must be some kind of racket, some of the computer scientists and hackers of my acquaintance think it’s the most interesting idea to have come along in ages. And in a way that discrepancy may be the key to understanding the phenomenon…

Read on

Here we go again: another messaging app, more illusions of privacy and security

Posted on by

Post updated — see below.

Simon Davies has an interesting take on the fallout from Facebook’s acquisition of WhatsApp.

In one of the most persuasive displays ever of the market power of consumer privacy, Facebook’s recent $19BN acquisition of the popular messaging app WhatsApp appears to have been given the thumbs-down by millions of users.

While it may be too early to produce a conclusive analysis, there are solid indications that the trend of new sign-ups to messaging apps over the past two weeks has overwhelmingly favoured the privacy-friendly Telegram app and has shifted decisively away from WhatsApp. Telegram has reportedly picked up between two and three million new users a day since the purchase was announced just over two weeks ago.

Davies says that “Telegram has built a range of attractive privacy features, including heavy end-to-end encryption and a message destruct function. As a result, many privacy professionals regard the app as the market leader for privacy.”

Hmmm… Davies points out that a German product test group recently criticised Telegram, on the grounds that

Telegram ist als einzige der getesteten Apps zumindest teil­weise quell­offen. Eine voll­ständige Analyse der verschlüsselten Daten­über­tragung war jedoch aufgrund der nur partiell einsehbaren Software-Programmierung nicht möglich…

…which I interpret as a view that judgement has to be withheld because the Telegram code is not fully open source — and therefore not open to independent scrutiny.

Anyway, intrigued, I downloaded the IoS version of the Telegram App to see what the fuss was about. The download was quick and efficient. The interface is clean. To get started you enter your mobile number and Telegram sends you a code when you then enter to confirm that it is indeed your phone. It then asks for access to your phone contacts which, it tells you, will be stored in the Cloud in heavily encrypted form…

Oh yeah? Can’t you just imagine the hoots of laughter in Fort Meade!

LATER: A colleague who is less linguistically-challenged than me writes:

I’m not sure that Simon Davis or you got the right angle on that test.de report on WhatsApp and alternatives. It’s true that test.de didn’t like it much, but their point about open source in the part you quoted is actually quite positive – it’s saying saying that it’s the only one of the apps they looked at that was even partly open source. A translation of the bit you quoted would be something like , “Telegram is, at least, the only one of the apps we tested that is partly open source. However, because the programming is only partly transparent, a complete analysis of its encrypted data transmission was not possible.” And the next sentence goes on to say, “But the testers can rule out the possibility that it transmits data unencrypted.”

That’s actually more positive than what they say in the corresponding section about any of the other apps, where they generally say they aren’t open source so that the testers can’t be sure that some data are not transmitted in unencrypted form.

Obviously that’s not a killer point for the German testers, however, because the only app they didn’t regard as having important problems is Threema, which isn’t open source.

What they didn’t like about Telegram is that:
* You have to choose explicitly to use encrypted transmission by choosing the “Secret Chat” option.
* The app automatically stores all your address book (contact) entries without asking you or asking the other people in the address book.
* In their conditions of use, users agree that the software house can store the user’s address book entries. No official address details (‘Impressum’) are given for the software house and there’s no contact adrdess where you can ask questions about data protection.

He’s put his finger on the biggest problem, in a way, which is not just that the App’s owners require you to upload your contact information in the Cloud, but that by accepting this requirement you compromise all those contacts without their knowledge or consent. This is the point that Eben Moglen was making in his wonderful Snowden lectures when he pointed out that acceptance of Gmail’s Terms and Conditions allows Google not only to read your own mail, but also that of your correspondents, none of whom have consented to that. (Though no doubt a slick lawyer will try on the argument that anyone who emails someone with a Gmail address implicitly gives his/her consent.)

Oscar Nights

Posted on by

Is it time for the Oscars again? Surely not? How time flies when you’re enjoying yourself. Our research project has been running a little film season on the general theme of ‘conspiracy’ (last week’s was All the Presidents Men) and we had a slight struggle to get them screened because “it’s the run-up to the Oscars” — which apparently meant that The Management thought that every screen under their control should be showing a nominated film, rather than some boring old celluloid film from the Dark Ages before CGA.

Where was I? Oh, yes, the Oscars. I’m not much of a film-goer and I detest awards ceremonies, whether in the UK (the BAFTAs) or the US. So imagine my delight at discovering (courtesy of The Browser) this wonderful essay by Raymond Chandler on the 1948 Oscar ceremony. “It isn’t so much that the awards never go to fine achievements”, he writes, “as that those fine achievements are not rewarded as such.

They are rewarded as fine achievements in box-office hits. You can’t be an All-American on a losing team. Technically, they are voted, but actually they are not decided by the use of whatever artistic and critical wisdom Hollywood may happen to possess. They are ballyhooed, pushed, yelled, screamed, and in every way propagandized into the consciousness of the voters so incessantly, in the weeks before the final balloting, that everything except the golden aura of the box office is forgotten.

[…]

If you think most motion pictures are bad, which they are (including the foreign), find out from some initiate how they are made, and you will be astonished that any of them could be good. Making a fine motion picture is like painting “The Laughing Cavalier” in Macy’s basement, with a floorwalker to mix your colors for you. Of course most motion pictures are bad. Why wouldn’t they be? Apart from its own intrinsic handicaps of excessive cost, hypercritical bluenosed censorship, and the lack of any single-minded controlling force in the making, the motion picture is bad because 90 per cent of its source material is tripe, and the other 10 per cent is a little too virile and plain-spoken for the putty-minded clerics, the elderly ingénues of the women’s clubs, and the tender guardians of that godawful mixture of boredom and bad manners known more eloquently as the Impressionable Age.

And this:

It doesn’t really seem to make much difference how the voting is done. The quality of the work is still only recognized in the context of success. A superb job in a flop picture would get you nothing, a routine job in a winner will be voted in. It is against this background of success-worship that the voting is done, with the incidental music supplied by a stream of advertising in the trade papers (which even intelligent people read in Hollywood) designed to put all other pictures than those advertised out of your head at balloting time. The psychological effect is very great on minds conditioned to thinking of merit solely in terms of box office and ballyhoo. The members of the Academy live in this atmosphere, and they are enormously suggestible people, as are all workers in Hollywood.

Lots more in that vein. Wonderful stuff, which made me laugh out loud and reminded me that there is nothing — but nothing — to beat a good writer in disdainful mood.

Mobile phones: huge industry, no new ideas

Posted on by

This morning’s Observer column.

Leave aside the fact that it was Apple that triggered the most recent explosion in the mobile industry – the smartphone revolution – and ponder what was actually on show in Barcelona. The answer, in the words of one astute and unsentimental observer, Professor Barry Avery, was: “Many phones, little innovation.” (Shades of Yeats’s pithy description of his – and my – native land: “Great hatred, little room.”)

“The message coming out of this year’s event,” wrote Avery, “is that while there are lots of new phones coming, we shouldn’t expect a great technological leap from any of them. Most of the phones are incremental updates, running the latest version of Android’s mobile phone operating system KitKat.”

Avery is too polite. The truth is that the mobile phone industry has run out of ideas. Every single smartphone in the market is basically just a variation on the Apple iPhone theme. And the variations, such as they are, are looking increasingly – and desperately – baroque…