The U.S. Can’t Trust Its Own Spy Agency
In 2015, hackers working for the Russian government stole a trove of National Security Agency hacking tools and other highly classified files, according to a Wall Street Journal report published Thursday. A government contractor moved the materials to a personal computer (a clear violation of security procedure) and then apparently used popular antivirus scanning software from Kaspersky Lab, a Moscow-based security firm. That apparently allowed Russian government-linked hackers to find the classified files. Though the intrusion occurred two years ago, the U.S. government didn’t discover what happened until this spring, the Journal says.
The stolen files included details about how the NSA breaks into foreign computer networks in its cyber espionage and cyber defense operations. That means the Russian government might now possess the keys to infiltrate U.S. government computer networks and perhaps even know how to defend itself against U.S. intelligence operations.
This hack marks the third NSA contractor since Edward Snowden’s massive document leak in 2013. In 2016, Harold Martin allegedly took a massive amount of data from the agency back to his house. Earlier this year, Reality Winner, a linguist working at the NSA on contract, reportedly smuggled documents out of the NSA that she stuffed inside her pantyhose. The report Winner stole was about Russian hacking of the 2016 election.
In 2016, soon after the Kaspersky-linked hack was discovered, the agency was also dealing with leaks from a hacking group called the Shadow Brokers. That group published a collection of hacking tools from the NSA, including a number of zero-day exploits, which are vulnerabilities in software, hardware, or even a whole computer network that have never been previously discovered. The Shadow Brokers are believed to be linked a Russian intelligence agency. The Wall Street Journal says that this latest known hack is unrelated to Harold Martin, at least, but it’s still not clear whether there’s any connection to the Shadow Brokers.
It’s also not clear whether Kaspersky was working with the Russian government or whether it was itself hacked. When antivirus software scans for malicious code, it compares what it finds on the computer to a list managed by the antivirus company. But as the Wall Street Journal reports, “that scanning also gives makers of the software an inventory of what is on the computer,” which could have tipped Russian hackers to the presence of NSA documents. And since Kaspersky is a Russian company, there’s a chance its antivirus scan was monitored by Russian-government linked hackers.
Kaspersky denies that the evidence thus far implicates the security firm. “The company actively detects and mitigates malware infections regardless of the source and we have been proudly doing it for 20 years,” it said in a statement.
Whether or not Kaspersky was aware of this particular incident, the Department of Homeland Security issued a directive in September banning the U.S. government from using any cybersecurity software from Kaspersky Lab. “The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS said.
This news comes amid a flood of concern about the many ways the Russian government tampered with the U.S. election, including the posting of manipulative ads on Facebook micro-targeted to U.S. voters and the weaponization of Twitter bots that promote divisive and counterfactual narratives. And the CIA concluded that before the 2016 election, Russian government-backed hackers were responsible for stealing emails and documents from the Democratic National Convention with the intent of undermining Hillary Clinton’s presidential campaign.
Despite the fact that Russia is reportedly to blame for this latest NSA hack, the fact that the nation’s top surveillance agency seems to have such poor security itself is extremely unsettling. Not only because the agency holds the keys to our national security, but also because the NSA collects data on millions of people around the world in its dragnet global surveillance operation. That likely includes all kinds of personal communications, too, like text messages, emails, location data, and browsing habits collected from innocent people without a warrant. (The NSA is not supposed to collect Americans’ data knowingly, but numerous news reports and leaks have revealed that the agency has been intercepting Americans’ digital communications since at least 2001.) And if the NSA can’t keep its most valuable hacking tools under lock and key, there’s little reason to suspect the NSA keeps the trove of personal data it has on other people very secure, either.
Members of Congress Side-Eye Pharma Company for Patent Shenanigans
Congress is taking drug company Allergan to task for a bizarre legal scheme that involves using a Native American tribe as a shield against patent challenges. On Sept. 8, the pharmaceutical maker announced that it would be transferring disputed patents for Restasis, a dry-eye drug, to the Saint Regis Mohawk Tribe, which is based on the border of New York and Canada. In exchange for the $13.75 million that Allergan is providing, the tribe will invoke its right to sovereign immunity—a U.S. doctrine that says sovereign bodies cannot be subject to civil suits—to reject patent challenges. The tribe will then lease the patents back and rake in $15 million for every year the patents are still viable.
OK, Google, Get Out Of My House
At an event in San Francisco on Wednesday, Google, the second most valuable company in the world, shared all kinds of new things it wants to do in your home. Basically, Google would like to be in every room of your house. Google would like you to tell it things and wants to answer your questions. Google even wants to predict what you’re thinking—so you don’t even have to ask anymore.
At Wednesday’s event, the company shared two new home speakers, the Mini and the Box. Google now has three smart speakers, with all different sizes to match any room of the house. The company also unveiled new operability features with smart-home devices from Nest, a hardware company that Google acquired in 2014. Now if you have Google’s Chromecast, a digital media player that can curate content for your TV, your Nest smart doorbell will show a video of who is at the door. The doorbell even has facial recognition, so it can broadcast to your speakers the name of the visitor. When you’re ready to go to bed, just say: “OK, Google, good night.” Google’s speaker will hear you, and your smart lightbulbs will dim.
These new speakers run on Google’s operating system and work best with other Google products. So, you can connect your Apple Music subscription to your Google Home speakers through Bluetooth, but you can’t tell your speakers to turn the volume down or change tracks, as you can with other streaming services, like Google Play Music or Spotify. Like Amazon’s Echo, the Google smart speakers can order you an Uber or understand your command to play Netflix, but if you wanted to order a toothbrush off Amazon with your voice, you’re out of luck. In other words, Google’s Home products aren’t super compatible with its competitors. If Google had its druthers, I’d imagine the company would prefer its Google Home customers to use all Google and Google-affiliated products: Google Play Music, Google Shopping, YouTube, Nest, Google Calendar, Android, the list goes on.
That’s not unexpected. There’s a reason the EU ordered Google to pay $2.7 billion for favoring its shopping service over others—the largest fine for anti-competitive behavior from the EU ever given to a company. Soon, Google is expected to face what could become an even bigger antitrust case over its Android mobile operating system. That fine could amount to $9 billion.
As the smart-speaker wars heat up between Amazon, Google, and now Apple (which announced its Home Pod in June), expect even less interoperability between these companies. As with smartphones and laptops, your home may become trapped in the ecosystem of a single corporation.
It may be tempting to give in to the convenience offered by being able to verbally command your house to do what you please, but there are good reasons to hold out.
That’s because giving your home over to a single company means giving away your privacy. Google, unlike Apple and Amazon, is primarily an advertising company. Google raked in more than $79 billion in digital ad revue in 2016, more than any other company in the world. (For perspective, Facebook was a distant second, making about $27 billion in online ad dollars in 2016.) Google’s ads are so effective because the company leverages the vast amount of data it’s able to collect on internet users.
Google says it does not serve ads on its Home speakers, but in May, when some Google Home users said, “OK, Google, tell me about my day,” they didn’t just hear the usual information about the weather and their upcoming appointments. Google capped the message with an oh-so-chill aside: “By the way, Disney’s live action ‘Beauty and the Beast’ opens today.” Google said this wasn’t an ad—it was a mere initiative where the company invites its “partners to be our guest and share their tales.” Right.
Google says on its website that Home users can pick and choose what data is shared with the company, but in all likelihood, most people will go with the default option of sharing as much as Google wants to know. That doesn’t mean that Google’s speaker is listening to you at all times—it is supposed to start listening if a particular trigger word is said and then only for a few seconds to process the command. But even that little bit of listening lets it know when you wake up, what items you need around the house, the music you like, how many other people live at your house, your eating habits, and more. It’s a gold mine of personal information that can ostensibly be used to serve ads on other Google products, perfectly tailored to your needs at any given time.
So, Ok, Google, I understand that it’s still the early days of Home smart speakers. But considering how invested Google is in digital ads, and the slip that happened this year with Beauty and the Beast only months after Google released its first Home speaker, I’d be shocked if the company doesn’t find some way to leverage the data it collects about customers in the privacy of the home to help advertisers better target people.
If the convenience that comes with locking your private home life into Google’s product cycle and advertising machine feels worth it, then you’re in luck. Google’s Home products are only going to get smarter the more they know about you. But I’m cool just dimming the lights myself.
The Young Blood Movement Is Basically Biotech’s Goop
The idea of injecting yourself with blood extracted from someone younger than you in order to prolong your own life feels like it must be a parody of our aging-phobic culture. But “young blood” transfusions are not a facet of vampire fiction—they’re a real possibility. There may not be “blood boys” running around like on Silicon Valley (at least not yet), but a Bay Area startup called Ambrosia is experimenting with efforts to turn back the clock by injecting the plasma of young donors into old venture capitalists.
Technology reporter Sally Adee recently embedded with the Bay Area startup for a feature in the New Scientist. As Adee reports, there’s been a lot of skepticism around the value of transfusing young people’s blood into the bodies of older people. And most of it’s valid. But, she writes, scientists are nonetheless narrowing in on why blood plasma, the yellowish soup leftover after the blood cells are removed, might have beneficial properties:
Plasma is rich in all sorts of proteins and other compounds, which could hold the key to what makes young people young and old people old. Not that we know what all these components are. But we do know that their amounts and ratios change as we age. For example, old blood has higher levels of inflammatory compounds that damage tissues they reach. Inflammation has been linked to cancer, heart disease and depression. Younger blood, by contrast, is characterised by a higher concentration of stimulating and restorative factors.
What this passage really highlights is the continued mysteries surrounding blood’s anti-aging properties. Like, what actually is young blood? Will these transfusions actually have any real effect on aging? What would the mechanism of that effect be?
The scientific answers we have to these ideas are still somewhat nebulous. The idea of anti-aging properties in “young blood” has actually been around for some time. In the 1950s, researchers literally stitched old and young mice together and watched what happened. They found that the old mice seemed to regenerate with shinier fur and faster reflexes. Despite enormous gaps in our understanding, many contemporary startups were convinced these rodent studies were enough to validate human experimentation.
That’s why Ambrosia, the most infamous of these operations, now transfuses the blood of people age 16–25 into healthy “patients” over 35, which Adee saw firsthand. To study the impact of the transfusion, the company runs biomarker tests to look at things like inflammation and record, quite simply, how patients feel. It’s clear that some people (mostly those who can afford to make immortality a hobby) love this vampiric procedure. But average Americans aren’t actually knocking down Ambrosia’s door, perhaps due to the relative strangeness of the procedure, the lack of good evidence, or the cost.
And it is costly: The company doesn’t appear to have raised any money from investors so instead, it’s charging each of its subjects $8,000 to be enrolled in the study (an ethically dubious research practice, to say the least). Even the most serious startup in the field, the Stanford-based company Alkahest, isn’t going to be named a “unicorn” anytime soon. In 2015, it received $37.5 million from the plasma company Grifols to help fund an Alzheimer’s transfusion study, but the vein seems to have since dried up.
By pulling back the curtain, this story shows what the young blood movement really is: Silicon Valley’s take on Goop. By taking an idea that sounds “science-y” and overestimating the evidence it’ll work, these companies can charge people thousands of dollars for the privilege of being a human guinea pig.
Neither Ambrosia nor Alkahest have provided any hard data showing positive effects of their processes (though Adee reports Alkahest will be sharing something in November). That’s not surprising, given that all of the work on this topic is mostly dominated by biotech companies seeking profits. But it’s still disappointing that private interests and poor study designs continue to dominate this field. If we’re to answer any of the lingering questions of young blood (and old blood), we’re going to need a lot of real, robust research. Until then, we’ll all just have to try and age gracefully.
Future Tense Newsletter: We Need Greater Diversity in Futurism
Greetings, Future Tensers,
Welcome to October! On Saturday, we wrapped up our monthlong Future of the Future series about the art of, and limitations to, prediction. Part of the trouble with predicting the future is that no two people imagine the same tomorrow. That’s why Alida Draudt explains we need greater diversity in the futurism field. “A more diverse futurism industry could provide the alternate modes of thinking and experiences that are necessary for us to enable both true innovation and our own human survival,” she writes.
Having a broader perspective is important because relying on data and statistics misses an important part of the picture. Julia Rose West writes that Silicon Valley and corporations’ obsession with data feeds into the myth that everything can be broken down and quantified. Although it can provide valuable insights, West writes, “this moneyball-ization assumes that all information is reliable information, algorithms are unbiased magic, and big data can also paint the big picture.” If you’re comfortable with making projections about the future based on potentially unreliable evidence, you might as well consult a psychic app to see what’s coming next.
Make sure you didn’t miss any articles from the series this month by checking the Future of the Future page here. And don’t miss this video of how depictions of the future changed over 80 years.
Other things we read this week while searching Google for new e-books at our local library:
- Twitter’s Russia problem: While Twitter says that it’s been working hard to combat the spread of misinformation on the platform, experts who have been studying how bots and counterfactual news is weaponized on Twitter say that the company could be doing much more.
- National surveillance: Congress is quietly laying groundwork to take travel surveillance much further with the TSA Modernization Act, which would give the Trump administration a green light to begin using biometrics to identify people in airports nationwide. Laura Moy and Harrison Rudolph explain what could go wrong.
- Lovejoys vs. Frinks: Ciarán Mc Mahon provides a guide to exploring public and academic discourse with regard to mental health and technology through two Simpsons characters, Helen Lovejoy and Professor Frink.
- Autonomous vehicle policy: Henry Grabar reports that Congress is considering autonomous vehicle bills that would hamper states and local jurisdictions from regulating the technology’s design and deployment in their own communities.
- Last human job: While machines may outdo humans at repetitive, predictable, production-heavy jobs, they still lack the emotional intelligence to provide care. Elizabeth Weingarten suggests this might cause us to re-evaluate how society values caregiving.
- Mental health technology: Did you miss our event last week on the ways technology is changing approaches to psychiatric study and care? Tonya Riley has you covered with her recap of the conversations.
- Tech companies like Google, Amazon, Apple, and Facebook have revolutionized our lives, connecting us in ways that were once unimaginable. Join Future Tense in New York on Oct. 4 (tonight!) and in Washington on Oct. 5 (tomorrow night!), when Franklin Foer will discuss his book, World Without Mind: The Existential Threat of Big Tech, and the role these big tech companies play in our lives. RSVP to attend the event in New York or RSVP to attend the Washington event in person or online.
- During World War II, more than 10,000 American women were recruited to take part in the United States’ massive codebreaking initiative. In her latest book, Code Girls: The Untold Story of the American Women Code Breakers of World War II, author Liza Mundy tells the secret history of these women. Join Mundy and contemporary technologists to discuss her book in Washington on Oct. 17. RSVP to attend in person or online here.
- Need a break from news about data breaches and election meddling? Join Future Tense and Alvaro Bedoya, founding executive director of the Center on Privacy and Technology at Georgetown Law, for a screening and discussion of the 1992 film Sneakers on Oct. 18 in Washington. RSVP for yourself and up to one guest.
Planning my trip to Mars,
For Future Tense
The EU Fined Amazon Almost $300 Million for Running a Shell Corporation in Luxembourg
Amazon is in cahoots with Luxembourg, according to the European Union, which fined the company 250 million euros (almost $300 million) for illegal tax benefits on Wednesday. Margrethe Vestager, the EU’s commissioner for competition, said, “Luxembourg gave illegal tax benefits to Amazon. As a result, almost three quarters of Amazon's profits [in Europe] were not taxed.”
Mr. Monopoly Is the Consumer Protection Hero We Need
Once upon a time, Mr. Smith went to Washington, and now, so has Mr. Monopoly.
This week, Congress is holding hearings about the Equifax breach and treating its former CEO Richard Smith as a “rhetorical punching bag,” as Slate has noted elsewhere. But Congress’ pursuit of truth can’t hold a candle to the real hero of the people: Mr. Monopoly, who is peering on from the audience.
As the hearing livestreams online and airs on television, the person in costume can occasionally be seen over Smith’s shoulder wearing a top hat and fake, long white mustache, parodying the way companies like Equifax profit off of their treatment of consumers. Sometimes the behatted observer twirls her mustache on camera—that is if she’s not busy adjusting a monocle or pantomiming with fake money. Because the internet can't resist a good photobomb, the stunt is gaining attention all over social media. The Hill identified her as Amanda Werner of the advocacy group Public Citizen.
The character is technically known as Rich Uncle Pennybags, but aliases and costume changes are part of any hero’s playbook. Or, actually, as a Twitter user points out, Mr. Monopoly doesn’t wear a monocle, so perhaps this is more of a generic old, rich jerk? Either way, though, she’s an American hero.
According to CNBC, the costumed crusader’s appearance comes courtesy of the groups Public Citizen and Americans for Financial Reform, which are seeking to draw attention to the way forced arbitration clauses favor financial institutions rather than consumers. In a statement, Public Citizen called arbitration clauses a “get out of jail free” card for companies: “Forced arbitration clauses buried in the fine print of take-it-or-leave-it contracts may be the single most important tool that predatory banks, payday lenders, credit card companies and other financial institutions have used to escape accountability for cheating and defrauding consumers.” When Equifax announced the breach, which compromised more than 145 million people’s personal data, it initially required that consumers agree to arbitration if they wanted to use the credit monitoring service the company was offering to those affected, a condition the company has since nixed and Smith has called a mistake.
With its Monopoly stunt, Public Citizen hopes to draw attention to and prevent the Senate’s efforts to strike down a Consumer Financial Protection Bureau rule that allows consumers to challenge wrongdoing in court class actions. The message to both Equifax and Congress is clear: Do not pass go. Do not collect $200.
The IRS Gave Equifax a $7.25 Million Contract, and a Congressman Thought It Was a Joke From the Onion
The Hidden History of America’s “Code Girls”: A Future Tense Event
While men may dominate computer science today, women played fascinating, overlooked roles in the field’s early days. During World War II, more than 10,000 American women were recruited to Washington, D.C., to take part in the United States’ massive codebreaking initiative. In her latest book, Code Girls: The Untold Story of the American Women Code Breakers of World War II, author Liza Mundy tells the secret history of these women, whose efforts saved countless lives and opened previously denied career opportunities to a new generation of women.
On Tuesday, Oct. 17, at 6 p.m., Future Tense and New America’s Better Life Lab will host a discussion in Washington, D.C., between Mundy and contemporary technologists. They will discuss the hidden lives of these heroic Americans and what their stories tell us about women in computer science today. For more information and to RSVP, visit the New America website.
Senior director of the national network, Code for America
Co-founder, U.S. Digital Service
Director of technology, Color of Change
Co-director, Cybersecurity Initiative, New America
White House, Equifax Agree It Might Not Be an Amazing Idea to Use Social Security Numbers as IDs
After the hack of credit agency Equifax exposed the Social Security numbers of 145.5 million people back in May, the White House is now looking for a more secure and technologically attuned identification system. Rob Joyce, a special assistant to Trump, said at a Washington Post event on Tuesday that administration has directed federal agencies to look for ways to phase out the use of SSN’s as identifiers. “Every time we use the Social Security number you put it at risk,” Joyce told the conference.