Wikipedia Switches to HTTPS

Posted on by

Some interesting fallout from revelations about NSA’s XKeyscore.

The Wikimedia Foundation has announced it will soon be switching its services over to the secure–i.e., unsnoopable–HTTPS protocol. It’s a move that’s been planned for a while, but the foundation has been pushed to implement it now because of the revelations about the NSA’s global Internet surveillance system. The foundation notes that it is being “specifically targeted by XKeyscore.”

In a statement, the foundation says it “believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects.” Starting from August 21st the HTTPS protocol will be turned on for all logged-in users. The site also outlined six further technical steps it has to take to protect all its user data and activities from surveillance, although it acknowledges that it can’t predict a timescale for the moves to be completed. Instead the foundation urges its users to use other secure browsing services.

How to keep an iPhone going on… and on…

Posted on by

iPhone_in_case

Smartphones are wonderful when one is abroad, except for two things: (a) data-roaming charges; and (b) battery life.

Problem (a), oddly enough, can be eased by buying some kind of ‘booster’ package. (T-Mobile, for example, offers 50MB for £10, and there may be better deals available from other networks for all I know.)

Problem (b) is a bigger deal: my iPhone 4 can can’t manage a long day when it’s providing full-on connectivity.

I have some friends who are BBC reporters. The iPhone seems to be standard issue for them, because they use it as a voice-recorder, among other things. One day I noticed that their iPhones seemed clunkier than mine, and so investigated.

What I discovered is that they use a Mophie Juice Pack to ensure that their phones don’t die because of lack of power. The case has an inbuilt, rechargeable battery which can be switched to recharge the iPhone when its battery dies.

I got one.

case_disassembled

It does what it says on the tin and is a really neat solution to a real problem. Sure, the phone is bulkier (see pic below). But it means that when I’m away from base for 24 hours or more I no longer fret about battery life.

thickness

Wagnerian crocs

Posted on by

Anthony Tommasini has an hilarious review of the current production of the Wagner Ring Cycle at Bayreuth by the German avant-garde director, Frank Castorf. When Castorf appeared on stage at the end, he was treated to a ten-minute orgy of booing. He stood there, unmoved and perhaps gratified. (After all, one of the pleasures of being avant garde is that one can annoy the bourgeoisie.) But that’s by-the-by. What I really wanted to say is that this passage from Mr Tommasini’s review made me laugh out loud:

Mr. Castorf’s deeper fault, it seems, was cynically to undercut the musical drama during some of the most romantic, poignant and heroic scenes. My earnest attempt to be open-minded about this baffling “Ring” almost foundered for good near the end of “Siegfried” when (you can’t make this up) a monster crocodile swallowed the poor Forest Bird in one big gulp.

This last scene, of course, is the ecstatic love duet between Siegfried, our rambunctious hero (who, by the way, instead of forging a sword assembles a semiautomatic rifle), and the smitten Brünnhilde. In this production, at the most climactic moment in the music, the stage rotated to reveal two of those monster crocodiles busily copulating.

Looking hungry after sex, the squiggling reptiles, their jaws flapping, headed toward Siegfried and Brünnhilde, who were singing away.

As the reptiles crawled closer, the Forest Bird, presented here as an alluring young woman (the soprano Mirella Hagen), burst upon the stage to save the day. Of course, the Forest Bird was not supposed to be in this scene, but who cares what Wagner wrote? This fetching Forest Bird bravely fought off one crocodile by jabbing a pole down its throat. But the other one opened wide and swallowed her whole. Throughout, Siegfried and Brünnhilde seemed only mildly concerned. But then, in Mr. Castorf’s staging, they also seemed only mildly concerned with each other, a much bigger problem.

Well worth reading in full.

LinkedOut

Posted on by

As readers of this blog will know, I have a low opinion of LinkedIn, which I consider to be one of the most annoying, intrusive and useless online services in existence. (See here and here, for example.) So today, after yet another of my hapless connections had “endorsed” me for something for which I had never requested an endorsement I finally got round to deleting my account. The ensuing dialogue box contained this interesting information.

LinkedIn_threats

The second bullet-point has a vaguely menacing tone. Does it imply that someone else can use my email address(es) to open a (fake) LinkedIn account in my name? Or is it simply saying that I can always think again and use my email address to get back in?

Engineering ethics

Posted on by

Joe Bonneau is one of the smartest young people I’ve met. He was a Gates Scholar at Cambridge and did a PhD in Ross Anderson’s group in the Computer Lab. On July 18, his paper on “The Science of Guessing” won a prestigious award as the Best Scientific Cybersecurity Paper of 2012. But here’s the catch: the Award, which is judged by a panel of distinguished academic experts, is sponsored by the NSA!

Here’s how Joe blogged about it, and explained his thinking.

I’m honored to have been recognised by the distinguished academic panel assembled by the NSA. I’d like to again thank Henry Watts, Elizabeth Zwicky, and everybody else at Yahoo! who helped me with this research while I interned there, as well as Richard Clayton and Ross Anderson for their support and supervision throughout.

On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade. Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

This is — as you’d expect — a very adroit and sophisticated post by an interesting and thoughtful man. I’m inclined to agree with him that “America’s core problems are in Washington and not in Fort Meade [the NSA’s HQ]”. I guess that many (most?) of the engineers who work for the NSA (and GCHQ, for that matter) are decent and humane folks. But they must be reaching the point where they realise that there may be tricky ethical problems associated with working in these kinds of organisations, especially when they have no control over what their managerial or political masters do with their work.

The practice of engineering, in whatever speciality, often throws up involve ethical dilemmas, even though many engineers pretend that it doesn’t. After all, they protest, they’re just solving technical problems set to them by their employers. Moral and ethical questions are “above my pay-grade”, as the saying goes.

The first time I ever thought seriously about this was when I met Robert Jan van Pelt, an architectural historian and an expert on Auschwitz. He talked about the architectural and engineering documents pertaining to the design of Auschwitz that had been found in the Soviet archives in Moscow by a British historian. These documents show how professionals working for two firms, one an architectural practice, the other an engineering company which specialised in incinerators, struggled conscientiously to meet the ever-changing needs of a very demanding client — Himmler’s SS — as they sought to increase the capacity and the throughput of the camp. And both groups of professionals clearly understood what Auschwitz was for.

This is NOT to imply any kind of moral equivalence between those who work for outfits like the NSA and those who services the Nazi genocidal programme. But engineering is, like most other kinds of professional practice, drenched in ethical questions. Even as I write this, there are engineers working for arms companies (for example designing lethal unmanned drones, ingenious new fragmentation bombs whose fragments are less easily detected by X-rays or covert online surveillance technology for authoritarian regimes). All medical schools now insist that their students study ethics. Should engineering schools do the same?

Why advertisers are obsessing about the ‘interest graph’

Posted on by

George Orwell once observed that watching an idea move through a communist meeting was like watching a flurry of wind move across a ripe cornfield. Each stalk sways briefly and then resumes its upright posture. Much the same goes for the folks who are desperate to make money from online advertising. Once upon a time, they were all obsessing about the ‘social graph’ (i.e. Facebook). Now they’ve moved on to the ‘interest graph’. Just came on a neat explanation of the idea, apparently taken from a Goldman Sachs interview (so you know how seriously to take it).

Social graph signals have not been helpful in optimizing advertising. It seems intuitive to everyone that your friends’ recommendations would be powerful motivators…but when you look a little deeper, you hang out with people who have very different tastes than you. And you may have a special affinity through a hobby or something that they don’t share. One of the mythical high grounds that everyone’s thinking about…is this notion of an interest graph. Facebook connects you with people you know. But what connects you, if you’re into road biking, with the top 15 road bikers that are within 15 miles of where I live? 

[For a platform to] capture the interest graph, they’d be closer to the Google search paradigm, because they’d be right in line with demand generation, and with discovery that relates to product purchases. Context, for the history of the Internet, has been a big deal. The websites that do verticals, while they may not have abundant traffic, have always had huge CPMs, relative to the “Yahoo! Mail”s of the world. That may be this middle ground, between search and the social graph, to bring together people with like interests.

I wonder what the next obsession will be?

So how many Booz Allen employees are reading your email?

Posted on by

Glenn Greenwald had a fascinating conversation with George Stephanopolous on ABC’s Sunday morning TV show, This Week in which Greenwald said, at one point,

One of the most amazing parts of this entire episode has been that top-level national security officials like James Clapper really did get caught red-handed lying to the American Congress, which everyone now acknowledges, about what the NSA is doing. And it’s amazing that he not only hasn’t been prosecuted, but still has his job. And what that does is, it lets national security officials continue to lie to the public, which is what happened in that exchange you just referenced.

The way that I know exactly what analysts have the capability to do when they’re spying on Americans is that the story I’ve been working on for the last month that we’re publishing this week very clearly sets forth what these programs are that NSA analysts — low level ones, not just ones who work for the NSA, but private contractors like Mr. Snowden — are able to do. The NSA has trillions of telephone calls and emails in their databases that they’ve collected over the last several years. And what these programs are, are very simple screens like the ones that supermarket clerks or shipping and receiving clerks use, where all an analyst has to do is enter an email address or an IP address and it does two things: it searches a database and lets them listen to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you’ve entered. And it also alerts them to any further activity that people connected to that email address of that IP address do in the future.

And it’s all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst. There are legal constraints for how you can spy on Americans. You can’t target them without going through the FISA court. But these systems allow analysts to listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. It’s an incredibly powerful and invasive tool exactly of the type that Mr. Snowden described. And NSA officials are going to be testifying before the Senate on Wednesday. And I defy them to deny that these programs work exactly as I just said.

Two points here. The first is the question of why a public official who lies to Congress has not been suspended, prior to prosecution? The second is whether the NSA officials who are scheduled to testify before Congress on Wednesday will be asked to respond under oath to Greenwald’s remarks?

John Perry Barlow on 9/11

Posted on by

As I watched the Twin Towers collapse on September 11, 2001 I wrote this in my diary: “We can kiss goodbye to civil liberties from this day onwards. There’s nothing that democracies won’t do to prevent this ever happening again”. As ever, John Perry Barlow was both more articulate, and more perspicacious. This is what he wrote that day to those on his BarlowFriendz list. (Courtesy of SpiekerBlog.)

This morning’s events are roughly equiv­a­lent to the Reich­stag fire that pro­vided the social oppor­tu­nity for the Nazi take-over of Ger­many.

I am not sug­gest­ing that, like the Nazis, the author­i­tar­ian forces in Amer­ica actu­ally had a direct role in per­pe­trat­ing this mind-blistering tragedy. (Though their indi­rect role deserves a much longer dis­cus­sion.)

Nev­er­the­less, noth­ing could serve those who believe that Amer­i­can “safety” is more impor­tant than Amer­i­can lib­erty bet­ter than some­thing like this. Con­trol freaks will dine on this day for the rest of our lives.

Within a few hours, we will see begin­ning the most vig­or­ous efforts to end what remains of free­dom in Amer­ica. Those of who are will­ing to sac­ri­fice a lit­tle — largely illu­sory — safety in order to main­tain our faith in the orig­i­nal ideals of Amer­ica will have to fight for those ideals just as vig­or­ously.

I beg you to begin NOW to do what­ever you can — whether writ­ing your pub­lic offi­cials, join­ing the ACLU or EFF, tak­ing to the streets, or liv­ing vis­i­bly free and fear­less lives — to pre­vent the spasm of con­trol mania from destroy­ing the dreams that far more have died for over the last two hun­dred twenty five years than died this morn­ing.

Don’t let the ter­ror­ists or (their nat­ural allies) the fas­cists win.

Remem­ber that the goal of ter­ror­ism is to cre­ate increas­ingly par­a­lytic total­i­tar­i­an­ism in the gov­ern­ment it attacks. Don’t give them the sat­is­fac­tion.

Fear noth­ing. Live free.

And, please, let us try to for­give those who have com­mit­ted these appalling crimes. If we hate them, we will become them.

May God — or What­ever you want to call It — bless us all. We’ll need it.

Courage,

John Perry

And here’s what he wrote the other day:

The answer to ter­ror­ism is not fear. Nor is it vio­lence. Nor is it trans­form­ing our coun­try in the very ways Al Queda wished, thus betray­ing every­thing Amer­ica stood for and becom­ing an arbi­trar­ily vio­lent and sur­veil­lant nation that rou­tinely tor­tures per­ceived ene­mies and incar­cer­ates them indef­i­nitely with­out due process.

If only we’d had the courage and self-assurance to say, “Nice shoot­ing, Ass­holes, but we have lots of tall build­ings.” And left it at that. If only we’d had the courage to respond to ter­ror­ism with a stead­fast unwill­ing­ness to be ter­ror­ized. If only we’d rec­og­nized the trap we were being led into. But we didn’t.
Now Amer­ica is a par­ody of what it was that day 10 years ago. We have bank­rupted our­selves and slaugh­tered tens of thou­sands with point­less wars of reac­tion. We have gut­ted our enlight­ened guar­an­tees of civil lib­erty and gov­ern­men­tal restraint. We have lost our way. And we have become the very mon­ster Osama bin Laden per­ceived us to be.

This is a sad day indeed. Not merely because it refreshes the tragedies of that ter­ri­ble day, but because it also reminds us of all the tragedies — most of them far worse and more per­ma­nent in effect — that we sub­se­quently inflicted upon our­selves and on count­less inno­cents here and abroad in reac­tion to those events.