This Rumored Recommendation for NSA Reform Is a Horrible Idea
The rumored recommendations made by a presidential task force on the National Security Agency’s surveillance efforts include some sensible suggestions—like more direct oversight by the White House of certain sensitive programs. But according to the early reports, the recommendations may also include one deeply misguided and troubling idea to divide the agency and thereby handicap its ability to perform both its defensive and offensive roles. The Wall Street Journal reports that one of the soon-to-be announced recommendations “would split the code-making component of NSA, known as the Information Assurance Directorate, from the rest of the agency.” (This recommendation to split up the signals intelligence gathering and information assurance branches of the NSA is separate from the apparently already-dismissed recommendation that the NSA be placed under separate direction from the U.S. Cyber Command.)
The Information Assurance Directorate is the arm of the NSA responsible for defense. While other parts of the agency try to target, intercept, and decrypt sensitive information belonging to foreign governments and potential enemies, the Information Assurance team is in change of making it as difficult as possible for anyone—including those same foreign governments and potential enemies—to do the same to U.S. national security systems and information. Theirs is the hardest job at the agency, both because it’s typically easier to break into information systems than it is to protect them, and because their mission is sometimes at odds with that of their counterparts. When the NSA discovers new security vulnerabilities in information and communications systems, they simultaneously open up new ways into systems belonging to others and identify ways in which our own systems could be penetrated. At that point, the agency can take either an offensive approach—exploiting these vulnerabilities to learn as much as possible about others—or a defensive one—alerting necessary parties to patch the problem before it can be exploited by other.
The presidential task force may have a legitimate concern that the voice of the Information Assurance Directorate is not loud enough in these debates. Documents leaked by Edward Snowden seem to suggest that the NSA is much more focused on information gathering than building up U.S. defenses. However, splitting these two branches into separate organizations would not help that situation—it would only exacerbate it. The only way to know whether your defenses are any good is to know whether they’ve been broken and what you’re defending against—to be in constant communication with the people in charge of breaking them, in other words.
The skills and perspectives of the people at the NSA who defend sensitive U.S. government information and the people who collect sensitive information belonging to other parties are inextricably linked and mutually beneficial. If anything, the Snowden leaks suggest that there is too great a divide between these two groups at the NSA already, that there may not be sufficient attention paid to the negative defensive consequences of building vulnerabilities into popular products and services.
The task force is not wrong to consider ways of strengthening that defensive posture and making sure that the Information Assurance Directorate has the necessary resources and influence within the NSA to perform its mission and make its voice heard. But, if the rumors are true, then the task force’s proposed solution could well create more problems than it solves.
In the Battle Over Personal Health Data, 23andMe and the FDA Are Both Wrong
Last month, the FDA told 23andMe to stop marketing direct-to-consumer genetic testing kits. The FDA wants assurance that the company has “analytically or clinically validated” the genetic data that they provide their customers. The company has claimed that it provides information and data, not medical advice, but this week it announced that for now, it will only sell “raw” genetic data analysis and ancestry reports, just not health interpretations.
Observers quickly took sides, trying to pick out which party will, and should, prevail. The eventual outcome could have huge ramifications on the nascent personal genetics industry. But this spat is a draw—because both the FDA and 23andMe are in the wrong.
At the center of the showdown between 23andMe and the FDA are cultural differences in how industries treat data and what different people want from data. The word data may conjure an image of objectivity, but how we use it matters as much or more than the numbers themselves. Clinicians, patients, and startups (not to mention hospital administrators, biomedical researchers and insurance companies) all need data to do different things.
Marissa Mayer Has a Yahoo Mail Problem
Rarely has a new CEO turned a floundering company more quickly and thoroughly than Marissa Mayer has turned around Yahoo. But if she’s not careful, her valiant efforts to resuscitate the company’s corporate culture, rejuvenate its products, and refresh its image could be largely undone by a mass exodus of the company’s oldest and most loyal users: the more than 100 million people per day who use Yahoo Mail.
The first misstep came when Mayer and co. alienated a large proportion of those users with a redesign that made the service almost indistinguishable from its biggest rival, Gmail. I wrote a short post about the complaints in October and was overwhelmed by the response: Rarely have I gotten so many emails on anything I’ve published. Yahoo Mail users wrote in by the dozens to thank me for the post, vent their frustrations, and ask whether there was anything they could do, anything at all, to get Yahoo to change their mail service back to the way it was before. Many sounded like they were at wit’s end.
Meanwhile, Yahoo’s user forums for feedback on the changes overflowed with complaints to the point that, according to ZDNet’s Violet Blue, Yahoo eventually shut them all down, stamping “completed” on each thread. One thread, titled “Please Bring Back Tabs,” had more than 100,000 upvotes and 10,000 comments at last count.
Yahoo Mail users are not, by and large, a young and tech-savvy crowd. (This is not a criticism, just an observation.) They use Yahoo Mail because they’ve used it for years and it has served an important function in their lives. They don’t care whether their webmail client wins design awards. They care whether it works. And it always had—until now.
Some reports and downtime sites show multi-day outages over the course of many days, while others show shorter times. The complaints have most certainly been mounting for weeks. What is consistent are two things: Outages have been occurring regularly and Yahoo has been woefully negligent in informing its users about the problems.
They have also declined to return emails inquiring about the issue and others related to Yahoo Mail from this site for weeks, in perhaps the most astonishing display of PR incompetence I have experienced in a very long time. Heretofore excellent communications staffers I have worked with in the past have seemingly been rendered mute.
That may be changing at last, as Yahoo on Wednesday began to issue frequent updates on the status of the outage and its attempts to resolve it. (They’ve blamed the outages on a tricky hardware problem.) But those updates have brought to light new problems: Apparently messages delivered between Nov. 25 and Dec. 9 have now gone missing from some users’ inboxes. That’s two solid weeks’ worth of email. How many crucial messages might have been among those? As of 4:45 p.m. Thursday, a Yahoo spokeswoman told me the company's engineers were “still working on restoring messages that were delivered during that time.”
Yahoo seems to have finally gotten the message that this is a big deal. The spokeswoman replied promptly and informatively when I emailed about it. But Yahoo Mail users could hardly be blamed for suspecting that the company’s leaders don’t really care about them anymore—or even respect them. AllThingsD’s Swisher reported on Wednesday that the man in charge of Yahoo Mail, Jeff Bonforte, joked at an employee meeting last month that while users might be dissatisfied, the company would have to “‘kick the users hard’ in a certain body part” to get them to leave.
Well, it hasn’t done that physically, but it has metaphorically. And while a lot of longtime Yahoo Mail users may not belong to the hip demographic that Yahoo is pursuing with acquisitions like Tumblr and the relaunch of Flickr, they may be more crucial to the company’s fortunes than Mayer and her team would like to believe. I’d wager that many of these are the same people who also use services like Yahoo News, Yahoo Sports, and Yahoo Groups rather than using Google as their main portal to various sites around the Web. If they go, Yahoo might just go with them—before Mayer ever has a chance to win over the new users she sees as crucial to the company’s long-term future. As a certain aging, un-hip rocker might say: If you can’t win the demographic you love, you’d better love the demographic you’ve got.
Previously in Slate:
Instagram's New Private-Messaging Feature Is Tragically Unverbable
At a shmancy event in New York this morning, chief Instagrammer Kevin Systrom unveiled to the press the company’s big new feature—a way to share photos and videos privately and directly with friends, groups of friends, randos, lovers, and stalkees. It’s called Instagram Direct—and that's it's biggest problem.
The feature a little like Twitter’s Direct Messages, except that you can’t just send text—you have to share a photo or video. Or perhaps it’s like Snapchat, except that the photos and videos don’t disappear after 10 seconds—you’d better make sure you look goood before you hit “send” on that selfie. Or maybe it’s like text messaging, except that—well, actually, it’s pretty much the same as text messaging.
Anyway, the feature seems useful, if not exactly “revolutionary,” as Systrom tried to claim. (His press appearances are always noteworthy for their striking resemblance to postmodern poetry. ) It’s prettily designed, easy to use, and is likely to come in handy for photos that you want to share with a group of people but not with the whole world. Or, sure, for sexts, if you’re not into the whole ephemerality thing. From a business-strategy standpoint, it's a great defensive maneuver against upstart private-messaging apps like Whatsapp and Path.
But there’s one big difference between all of those other successful messaging services and this one: the name. Instagram Direct sounds more like a grocery-delivery service than a hip new app. The worst part, though, is that it’s completely, positively unverbable. It stubbornly resists any efforts to turn it into a verb.
“IM me” is a classic. “DM me” works fine. “Snapchat me” is perfectly snappy. “Gchat me,” “text me,” and “call me” are utilititarian and concise. What the heck are you supposed to say if you want someone to send you a photo via Instagram Direct? Some ideas:
- “Instagram Direct me” (too unwieldy)
- “Direct me” (too subservient)
- “ID me” (semantically ambiguous)
What does that leave? “Send me a photo via Instagram Direct?” Is that what the cool kids are going to be whispering to each other in the halls of the local junior high?
I asked Instagram’s Tyson Wheatley about this problem, and he admitted there may be no great way to verb the new feature’s name. “Share a moment with me?” he suggested. (Not until I get to know you better, Tyson!)
Wheatley explained that the goal with the name "Instagram Direct" was just to clearly convey the nature and purpose of the product. That’s admirable, but I’d submit that clearly conveying a product’s nature is not what makes app names stick in the Internet era. “Google” says nothing about the search engine’s purpose, but it’s easy and fun to say, and eminently verbable. (Note that Google itself recently violated this principle, however, by replacing Gchats with Hangouts. "Hangout me?" Really, Google?)
Verbing weirds language, but it also successes messaging apps. If Instagram wants Direct to catch on, it had better hope its young users come up with some better verbs for it than I or Wheatley have so far. If you think of one, feel free to email me—or, um, Livefyre it in our comments section.
Previously in Slate:
What Educational Video Games Can Learn From Chess, Checkers, and Mancala
This blog post originally appeared in the New America Foundation's Weekly Wonk.
I was panicked: I had been stuck at 7s for two weeks and the rest of the class knew it. Each week, all of us third graders took a one-minute multiplication test—Mad Minutes. You started with zeros and if you passed, you moved up to 1s, then 2s, and so on, until 9s. A giant bulletin board on the classroom wall marked our progress, a daily reminder that I alone couldn’t memorize 7x8.
Now, whenever I hear about the promise of games for accelerating learning (or, in TEDspeak, the gamification of education) I think back to those Mad Minutes. While they did use many “revolutionary” gamification elements—making the mundane playful, individualizing learning, encouraging competition, rewarding progress—I’ve since wondered whether these elements might not capture the real value of using games to teach.
To better understand how education can tap into the potential of games to facilitate learning, we need to stop and ask, what makes games so engaging in the first place?
What is so appealing, for example, about jumping round discs over one another in diagonal patterns? Or besting pawns, rooks, and knights on a quest to capture the king? Why have games like chess and checkers endured through the ages, and what can educational games today learn from them?
Poor People Deserve Digital Privacy, Too
For centuries, political authorities have punished the poor for being poor. In colonial America, for example, “overseers of the poor” required the destitute to wear badges.
Today, “overseers of the poor” are as much code—database queries to check eligibility—as they are people and institutions. Welfare programs collect massive amounts of data that are stored in potentially unsecure databases for unknown amounts of time, with unspecified permissions control or criteria for caseworker access. Poor people in the welfare system don’t have privacy, and they don’t factor into broader debates on protecting individuals’ liberty and right to be left alone.
This isn’t just a hypothetical. Rogue actors have targeted databases for public assistance programs, leaving poor people exposed and exploited.
One of the more egregious examples comes out of Utah, where in 2010 a Department of Workforce Services employee accessed a client database and released to the media, law enforcement, and governor’s office the names of benefits recipients who were allegedly unauthorized to be in the United States. In response, the state instituted a “zero tolerance” policy for unauthorized database access—but after 24 workers were fired, the penalty was reduced to a four-day suspension. In a separate incident two years later, hackers stole 250,000 Social Security numbers from the Utah state government’s server, along with “less-sensitive information” from about 500,000 more.
Lower-income individuals increasingly have to use online options for public benefits enrollment, and their (justified) fears about personal cybersecurity and identity theft can further ignite anxieties and concerns that arise as a result of intrusive data collection. Poor people face immense amounts of stigma when applying for public assistance and are required to share a tremendous amount of personal and financial information. Combine that with a digitally insecure welfare system, and you get people in poverty who are even more marginalized—and even more distrustful of government and institutions.
One straightforward solution to this problem would be to collect less data. To target programs effectively, state agencies need information on applicants’ financial circumstances—but maybe not quite as much as we’re collecting. Asset tests, for example, have historically required applicants to turn over reams of paperwork documenting their finances—everything from bank statements to funeral agreements and life insurance policies—despite the fact that most applicants have next to nothing. The Temporary Assistance for Needy Families program is case in point. In 2010, only 10 percent of TANF families had any savings whatsoever, with an average balance of $215. For many, TANF is a program of last resort. Requiring these families to turn over extensive paperwork to further document just how poor they are is a barrier to access and a waste of everyone’s time—and may subject applicants to needless risk.
Furthermore, narrower approaches can prevent “wealthy” families from accessing programs intended to help the poor. Both the House and Senate versions of the Farm Bill, for example, would prevent SNAP (food stamp) recipients with substantial lottery winnings from continuing to receive assistance. This verification would likely rely on data matching—but would not require nearly as much data in the first place. It takes a scalpel to the problem rather than a sledgehammer.
Automated decision-making in public assistance needs to be fairer, too. As a recent GAO report discussed, everyone in the public assistance ecosystem—from program participants to caseworkers to evaluators—would benefit from sharing data across different programs like TANF, SNAP, and Medicaid. Automation saves time in the process to determine a person’s eligibility in a particular program, her enrollment, and recertification. Research on one program that streamlines public assistance, the Benefit Bank, demonstrates that reducing the burdensome amount of time spent on bureaucracy can allow a program participant to focus on getting a job and earning a wage. And that’s the goal, right?
But automated systems are a reflection of the values of the people and institutions behind them, and they need to be designed with fairness in mind. When they’re not, poor people suffer indiscriminately. In Indiana, the attempt to bring the state’s welfare system up to modern digital standards led to hundreds of thousands of Hoosiers being ruled ineligible—many incorrectly. The case-monitoring system was Draconian, without prompts for granular data that would better inform whether someone should be denied benefits. The upgrade resulted in one woman, a terminally ill patient in hospital care, being pushed off of Medicaid because she missed a single welfare appointment.
Obviously, our recommendations require security measures that withstand attacks and abuse by rogue actors. Making that happen will require effective assessment, coordination, and communication between agencies, IT staff and contractors, caseworkers, and ideally participants themselves. Having a data-sharing plan that’s vetted by security experts is one simple step. Until that happens, poor people will continue to have second-class privacy rights, and the welfare system that’s designed to help them will continue to be inefficient—and largely ineffective—at alleviating inequality.
For more, come to the New America Foundation event In Poverty, Under Surveillance: Examining the Trade-Off Between Privacy and Public Assistance on Dec. 12 at 12:15 p.m. Eastern in Washington, D.C. You can also watch online.
Look Out, Pandora: Spotify Just Got Way Better
When Spotify came to the United States in 2011, it seemed almost too good to be real—a music service that would let you listen to almost any song, by almost any mainstream artist, for free, whenever you wanted to. “Spotify is what iTunes would be like if Apple decided to give everything away for free,” Farhad Manjoo raved. The only catches were that you had to listen to annoying ads every few tracks, and you could only listen up to 10 hours per month after the free trial. That second catch has since been waived for U.S. listeners. (There may be other downsides for artists, whose royalty fees from Spotify are notoriously miserly, but that’s not the average listener’s concern.)
Over the years Spotify has continued to be a fantastic service on your desktop computer. Its problem is that people often want to listen to music when they’re not at their computer. Spotify’s free mobile service has been feeble at best. Instead of allowing you to listen to whatever you choose, you’d get “Spotify Radio,” a computer-selected playlist full of songs that sound like the artist and song you actually wanted to listen to. That’s at least partly because music publishers tend to demand greater compensation for “on-demand” streaming. Pandora has been doing the same thing for years, and doing it well. No wonder a lot of people have opted to stick with Pandora on their phones and tablets, giving it a big lead in the mobile market.
Today, Spotify had some bad news for its rivals—and good news for people who like free music.
- First, it will now treat tablet users the same way it treats desktop users, giving them free on-demand access to the full catalog.
- Second, users on mobile phones still won’t get on-demand streaming of specific songs, but they’ll get something a lot closer to it.
Now, instead of just a radio station, smartphone users will get what Spotify calls “shuffle.” Choose your artist—Jay Z, let’s say—and you’ll get a randomized playlist of songs by Jay Z, not just songs by performers who bear some algorithmic resemblance to Jay Z. Even better, mobile users will be able to listen to their own Spotify playlists on shuffle. They’ll also be able to add to those playlists and even make new ones while on the go.
This is still a big step short of full on-demand streaming. Try to cheat the system—by, for instance, making a playlist that consists of just the one song you want to hear—and Spotify will thwart you by throwing in “suggested tracks” by different artists. D’oh!
At the same time, though, it represents a significant leap beyond what Spotify, Pandora, iTunes Radio, and others have offered up to this point. Those who use Spotify on the desktop now have a huge incentive to download the app, because it will give them access to the playlists they’ve so carefully curated over the years. And while not being able to choose a specific song is less than optimal, a lot of people like to hit “shuffle” anyway when they’re listening to music on their phones, rather than having to go through and hand-select each album or track.
The only real objection I see here is that, by improving its free product, Spotify will deter people from actually ponying up for its premium service. (About one-quarter of its 24 million users today are paying subscribers.) I raised that point to Charlie Hellman, Spotify’s vice president of product. He said Spotify has been hearing a version of that argument ever since it began—the argument that the more you give people for free, the less they’ll be willing to pay. Actually, Hellman told me, “We've seen the exact opposite—that the more we give away for free, the more people are willing to pay.”
The counterintuitive logic is that, as people use Spotify’s free service, they invest time and energy in making playlists, following friends and artists, and other activities that make Spotify more valuable to them. Meanwhile, of course, they’re developing the habit of turning to Spotify rather than its competitors whenever they want to put some music on. I also have a hunch that, over time, those loud, intrusive Spotify ads go from mildly annoying to flat-out haunting your dreams.
But even if this proves a money-losing move for Spotify in the long run, it's still bad news for iTunes Radio and Pandora in the short run. They now have to either follow suit or risk losing mobile users who want something more than computer-generated radio on their headphones.
Oh, by the way, Spotify also announced today that it's adding Led Zeppelin to its catalog.
Previously in Slate:
Next-Gen Video Games Will See Through Walls
Today’s video game industry is all about immersion. Gamers want like-real graphics, endorphin-inducing soundtracks, celebrity voice-overs, decision-based gameplay, destructible environments, and AI that adapts. And while the Nintendo Wii and Xbox Kinect have allowed us to get off the couch and use our bodies as controllers, current technology obviously has its limits. But what if your whole house was a playable environment?
That’s the promise of a new technology out of MIT. Using radio waves, researchers there have created an antennae system called WiTrack that can map the movements of a human in the next room.
When I talked to Dina Katabi, co-director of MIT’s Center for Wireless Networks and Mobile Computing, she explained that the goal was to create a system designed for everyday people. WiTrack’s radio signal is just 1 percent as strong as WiFi and 0.1 percent of your smartphone’s signal, yet it can track movements with surprising accuracy—within the width of a human hand.
San Francisco Techie Says "Lower Part of Society" Should Be Segregated
San Francisco's class war is getting ugly.
Earlier this week, we had an alleged Google employee obnoxiously telling working-class people they don’t belong in San Francisco. But his rant seemed too perfectly stereotypical to be real—and it was. The “obnoxious Google employee” turned out to be an obnoxious union organizer trying to make Google look bad as part of an anti-gentrification protest.
Now comes a Facebook post from a noted San Francisco techie that is, if anything, even more over-the-top than the fake Google guy’s tirade. The crazy part is, it actually seems to be real. And the even crazier part is, all of his Facebook friends seem to agree with it.
The post came from one Greg Gopman, founder of an outfit called AngelHack that claims to run “the world’s largest hackathon competition” in cities around the world. As Valleywag’s Sam Biddle points out, Gopman isn’t just some rando—he’s been the subject of flattering feature stories in Business Insider and TechCrunch, among others. On Tuesday night, he apparently returned to San Francisco after some globe-trotting and hackathon-ing and decided to weigh in via Facebook on his disappointment with his city of residence. He’s since taken the post down, but Valleywag has reprinted it in full. Here are some choice excerpts (emphasis mine):
Why the heart of our city has to be overrun by crazy, homeless, drug dealers, dropouts, and trash I have no clue.
The difference is in other cosmopolitan cities, the lower part of society keep to themselves. They sell small trinkets, beg coyly, stay quiet, and generally stay out of your way. They realize it's a privilege to be in the civilized part of town and view themselves as guests. And that's okay.
You can preach compassion, equality, and be the biggest lover in the world, but there is an area of town for degenerates and an area of town for the working class. There is nothing positive gained from having them so close to us. It's a burden and a liability having them so close to us. Believe me, if they added the smallest iota of value I'd consider thinking different …
It’s one thing to come across as naïve and condescending as part of an otherwise generally earnest attempt to help a homeless person improve his situation. It’s another to treat them as so much trash, to be swept up and shipped out along with the rest of the city’s refuse.
The sentiments are so risibly retrograde that, were they uttered by some mustachioed baron on Downton Abbey, you’d worry that the show’s writers were getting lazy, falling back on hackneyed stereotypes of villainous aristocrats. They wouldn’t sound out of place coming from the lips of Billy Zane’s character in Titanic, or the bigot Tom Buchanan in The Great Gatsby. And yet, unless there has been some truly elaborate hoax, it seems that Gopman actually wrote those words—he apologized for them today on Twitter and Facebook.
But wait—Gopman’s friends aren’t having it! Below his Facebook apology post are a series of comments from fellow techies defending Gopman’s original homeless-phobic rant.
- One friend said he was glad Gopman spoke his mind, because even though he disagreed with the post's tone, “It isn’t like you said anything many others in the startup community aren’t saying." His comment had 14 likes at last check.
- “No way!!! Do not sorry to anyone,” added another Facebook friend.
- "I don't think you need to apologize for anything," agreed a third.
- The hate for the homeless wasn’t limited to San Franciscans: A New Yorker chimed in, “I agreed with you Greg. The city has created an unfortunate situation where they rely on it for handouts vs rising above and creating their own value and contributing to society. It’s one of the reasons why I don’t base my company there and do not live there full time.”
Gopman’s view on the poor—that they have no value as human beings and should be segregated from the rest of society—is, I trust, not shared by a majority of techies in San Francisco, or anywhere else. Nor are a series of similarly contemptuous comments made a few months ago by fellow San Francisco entrepreneur Peter Shih. But the comments on Gopman’s Facebook page make it clear that this is not a case of a few bad seeds giving everyone else a bad name. There is clearly a real strain in the tech world that views poor people with pure contempt, like bugs in a computer program.
The tech world is not alone in this, of course—you could probably overhear similar musings at a bar frequented by Wall Street bankers, or certain low-level Republican politicians. But it would be nice to think that there’s still hope for tomorrow’s masters of the universe—the Googlers, the startup founders, the venture capitalists—to turn out to be a little less evil than the crop that came before them. They could start by speaking up the next time one of their techie friends compares homeless people to hyenas, instead of reaching for the like button.
Previously in Slate:
Netizen Reporter: Tech Writers Arrested in Iran
The Netizen Report originally appears each week on Global Voices Advocacy. Richard Teverson, Hae-in Lim, Lisa Ferguson, Ellery Biddle, Bojan Perkov, Alex Laverty, and Sarah Myers contributed to this report.
Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week's report begins in Singapore, where blogger and gay rights advocate Alex Au, who has written extensively about judicial corruption on his blog, Yawning Bread, will soon have a public hearing regarding his coverage. The city-state’s Attorney General’s Chambers recently issued a statement suggesting that Au may be held in contempt of court over one particularly “injurious” post.
Au’s post, which has been removed from the site, reportedly suggested that in an effort to control the outcome, the Supreme Court manipulated dates for hearings challenging the constitutionality of Singapore’s ban on homosexual sex. About 170 Singaporean academics, civil servants, citizens and activists have signed a statement in support of Au.