The Citizen's Guide to the Future
Posted Wednesday, June 19, 2013, at 3:32 PM
Photo by Johannes Simon/Getty Images
The Obama administration is trying to quell public concern about the extent of the National Security Agency’s surveillance programs. But the public relations effort is having zero impact in Europe—where a serious backlash against the spying continues to unfold in the European Parliament.
During a meeting in Brussels on Wednesday, Viviane Reding, the vice president of the European Commission, the EU’s executive body, addressed concerns about the NSA’s ability to secretly sweep up European citizens’ private communications. Of particular focus was the surveillance system PRISM, revealed by the Guardian and the Washington Post earlier this month, which is reportedly used by the NSA to obtain emails, photos, videos, chats, and other data under the Foreign Intelligence Surveillance Act.
Reding described PRISM as a “wake-up call” and said that she had sent U.S. Attorney General Eric Holder two letters since the revelations, demanding details about the volume of data collected and the scope of the surveillance. She also said that she had the opportunity to face up to Holder in person during a meeting last week in Ireland. She told him that governments should acquire users’ data through existing so-called “mutual legal assistance” protocols and not through covert programs like PRISM, “which would be completely illegal in the European Union.” Perhaps most notably, Reding, who also serves as justice commissioner for the EU, added that Holder had agreed to set up a “trans-Atlantic group of experts” to discuss the surveillance issues and to ensure EU citizens’ data are protected.
European members of parliament also had the chance to weigh in during the meeting, which was hosted by the Committee on Civil Liberties, Justice, and Home Affairs. German MEP Birgit Sippel took the opportunity to accuse the United States of going “behind our backs to fish out data about our citizens,” backing up the position taken by her country’s chancellor, Angela Merkel, who has separately challenged President Obama over the surveillance. French MEP Véronique Mathieu said that the U.S. government had “done something wrong and we have got to remind them of that and draw their attention to that firmly.” And Spain’s Romero López fumed about what she called "a mass invasion of privacy with terrorism as the excuse."
But anger was also directed inward during the meeting, with Reding facing a barrage of questions and criticism for failing to act earlier against U.S. surveillance efforts. Politicians from the United Kingdom, the Netherlands, and Germany all said that Europe had to take some of the blame for failing to implement strong data protection rules to prevent PRISM-style spying on European citizens. British MEP Sarah Ludford pointed out that a clause in recently proposed data protection reforms was apparently removed at the behest of U.S. government pressure prior to the leaks about the NSA spying. The measure was described by MEPs as the “anti-FISA clause” because it specifically would have prevented the type of secret surveillance conducted with the NSA’s PRISM system under a controversial 2008 amendment to the FISA law. The clause was removed reportedly after a high-level U.S. lobbying effort, which included Janet Napolitano, the secretary of homeland security, personally pressuring officials in Brussels.
Reding said that the first trans-Atlantic meeting with Holder is expected to take place in July. She plans to seek a guarantee from the United States that Europeans’ data will receive the same protections afforded to Americans. “On this subject the whole world is watching,” she said. “If we manage to get these data protection rules agreed upon we will have set a gold standard for data protection not only in Europe but at a world level.”
Posted Wednesday, June 19, 2013, at 11:37 AM
Hygiene isn't the right metaphor for cybersecurity
Photo Illustration by Sean Gallup/Getty Images
Apparently the Internet is a very dirty thing—one that requires you to wash up after using it. At least that’s the attitude of people calling for “cyber-hygiene.” For example, Ben Hammersley, the editor at large of Wired UK, recently wrote in the Guardian:
“The most important life skill we'll be teaching our children over the coming decades will be cyber-hygiene. Fighting infections in the 21st century is less about washing your hands and more about not clicking on untrusted email attachments Those of us who don't understand this will be shunned as digitally unclean.”
The Department of Defense has also adopted the term—which refers to having good cybersecurity habits to keep your computer free of malware—in its Strategy for Operating in Cyberspace report from 2011, which states, “Cyber hygiene must be practiced by everyone at all times. ... People are the Department’s first line of defense in sustaining good cyber hygiene and reducing insider threats.” And early this year Homeland Security Secretary Janet Napolitano urged citizens to use “good cyber-hygiene” lest they open themselves up to the hidden dangers of the Internet.
The idea of cyber-hygiene can be traced back to Vint Cerf, an early architect of the Internet and Google’s current “chief Internet evangelist,” who says he came up with the idea when thinking about teeth brushing, but, you know, for your computer.
Sounds reasonable, right? But the idea of “cyber-hygiene” is embedded with underlying assumptions of individual responsibility and control. That is, if you don’t practice digital cleanliness, then you have failed to be a good citizen—and perhaps you should be shamed for it. This is a wrong and shallow way to think about the topic, one that puts an undue onus on the individual. But even people who should know better can fall for a sophisticated spearphishing attack. Instead of blaming people if their computers get infected, we should instead ask what caused people to become victims, if they are indeed victims, in the first place.
Hygiene is often corollated with moral goodness, which levies a heavy burden on people. Rather than being a sign of bad character, poor hygiene—personal, cyber, or otherwise—might be an indicator of an unprivileged status because the person lacks, say, access to a washer and a hot bath or to expensive anti-virus software.
What’s more, if you take the historical perspective—something that is all too often avoided in conversations about technology—you’ll see that hygiene as a metaphor is wrapped up in some nasty episodes of the past. Take, for instance, the social hygiene movements that were started in the late 19th and early 20th centuries. As Whitney Boesel and David Banks, both contributors to the blog Cyborgology, reminded me during a conversation about the topic, hygiene has been linked to a number of terrible methods of trying to clean up society. By latching onto the growth of public health science, hygiene served as the basis for marginalizing and locking away “dirty” women like prostitutes and those deemed “mentally deficient.”
Once you start making choices about who is unclean—in body or computer—then you’ve entered into troubled territory.
Posted Wednesday, June 19, 2013, at 10:41 AM
Photo by DANIEL MIHAILESCU/AFP/Getty Images
Remember in The Dark Knight when ol’ Bats turns every cellphone in Gotham City into a “high frequency generator” and you rolled your eyes as if that were somehow less realistic than the magical rolling wheels of the Bat Bike? Well, new research is showing that the acoustic mapping capabilities of such devices aren’t quite as futuristic as you might think.
Using just an advanced algorithm and a handful of microphones, researchers at the Swiss Federal Institute of Technology in Lausanne have successfully mapped the dimensions of a closed area by measuring “room impulse responses.” At the most basic level, they blast a noise out of a speaker and then use the microphones to record what happens when the sound waves bounce off of the room’s walls, ceiling, floor, and any other objects. In this way, it’s really similar to how a bat, dolphin, or superhuman uses echolocation.
Unfortunately, most of us don’t have millions of years worth of evolutionary experience determining echo-order or sorting out background noise. This is where the algorithm comes in—it determines the correct combination of echoes and assign them to corresponding walls. So far, the team has tested the algorithm successfully in a small lecture room—an adjustable wall even allowed them to change the shape of the room to test various scenarios.
They also tested the system within the complex architecture of the Lausanne Cathedral. With so many more pillars, arches, corners, and objects to map, the results were predictably incomplete. However, the algorithm was able to identify large flat surfaces amidst the acoustical chaos, such as the cathedral’s three glass walls and floor.
Given the many recent revelations about the National Security Agency’s willingness and capability to snoop, the Batman application of all this seems a little more threatening than it might have a month ago. For instance, if the government can monitor domestic phone calls—without a warrant, by the way—then what’s to stop them from running a similar mapping algorithm to peer inside your home? With microphones of their own, home computers, tablets, and smart TVs could hypothetically provide other data sets for the algorithm to munch on. (Again, such notions would all be firmly within the realm of coo-coo conspiracy theory if we didn’t keep learning things like this.)
So I asked Ivan Dokmanić, an electrical engineer and one of the paper’s authors, point-blank: Are smartphone microphones sensitive enough to detect acoustic echoes?
“Comparison with The Dark Knight is not absurd at all, but we need to start small,” Dokmanić told me. “The level of detail obtained in Batman is a bit unrealistic for many good theoretical reasons, but I believe there is potential to get some idea about the space.” Dokmanić also said that while cellphone microphones could do the job, most models out there today are actively working against the type of background noise necessary for acoustical mapping. (Apple has even used this in their advertising.)
Batman aside, Dokmanić’s research will likely have more immediate applications in virtual reality, architectural acoustics, audio forensics, teleconferencing, and indoor localization. This last one could be really cool, since the algorithm can be reversed if the building’s dimensions are already known. So don’t be surprised if someday soon there’s an orientation app that uses acoustic vibrations to guide you around a museum, office building, or airport.
The NSA saga has got us all antsy about surveillance and privacy, but let’s not forget that in today’s world of GPS, Google Street View, and Facebook check-ins, more often than not we want to be found.
Posted Tuesday, June 18, 2013, at 5:38 PM
GZA of the Wu-Tang Clan
Photo by Fergus McDonald/Getty Images
As part of a program created by Columbia professor Christopher Emdin, 10 New York City high school classes have been writing raps as a way to learn about science. The program is called Science Genius, and it sounds like the sort of patronizing pop-culture hijack kids hate more than anything. But when Wu-Tang’s GZA drops by a Bronx classroom to discuss the importance of scientific inquiry, you can see the actual moment when the students realize the program is legit.
Posted Tuesday, June 18, 2013, at 4:34 PM
Photo by Sean Gallup/Getty Images
Can you thwart government spying by using Apple chat services iMessage and Facetime? Apple has suggested that might be the case—but it’s worth remaining skeptical about the company’s claims.
In the past fortnight, leaked documents have shed light on secret National Security Agency surveillance programs involving the collection of phone records and eavesdropping on Internet communications. Apple was one of several major companies linked to an Internet spying system called PRISM, which is reportedly used by the NSA as a sort of portal through which it obtains emails, photos, videos, chats, and other data under the Foreign Intelligence Surveillance Act.
But now Apple has launched a privacy offensive, affirming that is committed to protecting users’ data and denying that it provided the government with any “direct access” to sift through private information stored on its servers. Of particular note, the company said in a statement Monday that its chat services iMessage and FaceTime “are protected by end-to-end encryption so no one but the sender and receiver can see or read them,” adding that “Apple cannot decrypt that data.” This implies that communications sent over these services cannot be snooped on by the government, but the reality is a little more complex and unclear.
Earlier this year, the DEA put out an internal memo claiming it was struggling to monitor iMessages because of the encryption. But the agency appeared to be having the problem because it was attempting to obtain the iMessages directly from the network provider—like Verizon Wireless—in the same way that it would obtain text messages. Carriers cannot intercept iMessages because they’re encrypted and routed over Apple servers—and the same thing applies to Facetime.
However, if the government were to go directly to Apple, it may be possible to pressure the company, in secret, to make services like iMessage and Facetime wiretap compliant. Indeed, that appears to be exactly what happened with Skype, which claimed to be encrypted peer-to-peer, yet at the same time apparently provided the NSA with access to communications.
The question, then, is whether Apple has done the same thing: Can it circumvent the encryption to facilitate surveillance when presented with a court order or search warrant? Security experts have previously said that they believe Apple has access to “master keys” that can be used to decrypt and access data stored using its iCloud service, which raises the possibility that this is also feasible for its other services. I contacted Apple and asked the company to confirm whether it had any way of accessing keys for communications sent using iMessage or Facetime, but it had not responded at the time of publication. I’ll update this post if and when I receive any answer.
Either way, communicating using iMessage or Facetime is probably moderately more secure than sending a normal text message or making a call on a cellphone or landline. But it is still a gamble and requires having a level of blind faith in Apple’s “cannot decrypt” claim, which it is not possible to independently verify. Unfortunately, the existence of secret surveillance programs that can use gag orders to force companies into silent compliance means it is unwise to make decisions on the basis of trust alone. If you are a journalist or an activist with a serious need for secure communications—or just a average citizen concerned about arbitrary invasions of privacy—it is always best to opt for open-source, peer-reviewed encryption tools. There are plenty options available, if you have the time and patience to learn how to use them.
Posted Tuesday, June 18, 2013, at 1:36 PM
Photo by Brendan Smialowski/AFP/GettyImages
It’s easy to overstate the extent to which a social network like Facebook can change the world. It played a role in the Arab Spring, sure, but calling the uprisings there a “Facebook revolution” is a stretch. And with notable exceptions, online activism tends to play a relatively minor role in public policy debates.
That said, there are some specific cases in which Facebook can be used to further a cause more swiftly and on a greater scale than almost any other medium. This is especially true when the goal is to nudge a large number of people to take one specific action for the greater good—one that’s easy enough that it can be done in a matter of minutes, but just annoying enough that a lot of people wouldn’t bother otherwise.
One example is voting. A study last year estimated that a single banner ad on the Facebook news feed, coupled with photos of a user’s friends who had already voted, spurred 60,000 more people to vote in the 2010 midterm elections.
The latest study on Facebook’s potential to promote public welfare might be even more powerful. Seven years ago, Sheryl Sandberg read a profile of her former Harvard classmate Andrew Cameron in the university’s alumni magazine. In the article, Cameron explained how a shortage of donated organs leads to thousands of preventable deaths in the United States every year. So at their 20th reunion in 2011, Sandberg approached Cameron and asked whether Facebook might be able to help. He said he thought that it could.
Screenshot / Facebook
On May 1, 2012, Facebook added an option for users to share their organ-donor status on their timelines. Nearly 60,000 users did so on the first day, a number that gradually tailed off over the following few weeks. Cameron and several colleagues at Johns Hopkins and other public-health institutions followed up with a study in which they examined donor-registration rates in 44 states in the weeks before and after May 1.
They found that 616 people nationwide registered as organ donors online on a typical day before Facebook rolled out the new feature. On May 1, that number spiked to 13,012—21 times the baseline rate. And while registrations declined in the following two weeks, they stayed above the baseline for the duration of the study period, with a two-week total of 39,818 new registrations. In the scrappy, grassroots realm of organ-donation drives, this was a game-changer. The study was published today in the American Journal of Transplantation.
The shortage of donated organs, Cameron told me, is not a medical problem but a social problem. “If you poll the public, as Gallup did in 2005, you will get 95 percent of Americans saying they support donations,” he said. “Yet only about 45 percent have signed up. There’s some obstacle, some barrier, that prevents people from doing it. Having it be on Facebook makes it easier for people—it allows them to do the right thing.”
That seems exactly right. Organ donation is something that people know they ought to do for the good of others, but there’s little individual incentive. The frisson of good feeling that comes from having all your Facebook friends see and like your good deed can help fill that gap.
The next step will be to see whether the gains in donor registration from the introduction of the Facebook feature can be sustained over time. Cameron said he’s working on that. One idea is to try to make it easier for people to instantly share their status change on Facebook when they register as a donor at the DMV. (In the study, while online registrations soared after May 1, registrations at the DMV were basically flat.) Cameron told me he’s also working with software engineers to develop an app that would connect people in need of donations with others in their social network who could serve as donors.
How many lives Facebook saved by adding its organ-donation feature won’t be known for decades. Many registered donors won’t turn out to be actual donors for lack of a match. On the other hand, a single donor could potentially save more than one life by giving more than one organ. Facebook may not always be a force for good, but Cameron’s study is the latest proof that it can be if deployed wisely.
Posted Tuesday, June 18, 2013, at 11:26 AM
Photo by NASA via Getty Images
I went to space camp when I was little. We dropped eggs from a roof and watched an iMax show. It was awesome. But high-schoolers these days have the opportunity to participate in a competition that pilots micro-satellites on the International Space Station.
The annual Zero Robotics tournament is sponsored by NASA and the European Space Agency as a way to get secondary school students interested in science, technology, engineering, and math, aka STEM. And you have to give it to them: Nothing says “science is cool” quite like jet-powered robots in space.
The bots are called SPHERES, or Synchronized Position, Hold, Engage, Reorient, Experimental Satellites. Back on Earth, teams of students write algorithms to control the SPHERES in order to solve a problem astronauts actually encounter. This year’s task has yet to be revealed—Alvar Saenz Otero of the MIT Space Systems Laboratory tells me such things are a tightly kept secret, but that “it will have to do with space topics that are in the minds of scientists and maybe people in general.” (So, my guess is chest-bursters.)
In 2009 the teams had to maneuver a helper satellite around a blocker satellite (whose job it is to get in the way) in order to deliver a tool. Other tasks have included assembly and formation flight. (Or maybe this year it’ll be to take up tweeting duties now that Commander Hadfield has left the ISS?)
Of course, they aren’t just letting any program loose inside the space station. (And no, there will be no rocket launchers, chainsaws, or flamethrowers.) Teams must pass three levels of competition before they get to test their mettle in zero gravity. These include a proposal phase in which students outline their solution to the problem, 2-D and 3-D simulations to test their algorithms, and ground demonstrations at MIT. Those who make it then get to watch astronauts load up their algorithms and execute them via a live feed with the crew.
According to Otero, “The winners get a framed SPHERES patch that has flown in space to display at their school.” (Unfortunately, the 2012 prizes are still waiting on a fresh shipment of patches from space. Otero says they hope to have them this winter.) If you know some high school kids that are up to the task, applications are open through July 1.
Posted Monday, June 17, 2013, at 5:40 PM
Director of National Intelligence James Clapper
Photo by Win McNamee/Getty Images
It is likely that the National Security Agency does sometimes eavesdrop on Americans’ communications without a search warrant. But you wouldn’t know that from government officials’ recent statements, which are painting a misleading picture of the agency’s surveillance capabilities.
On Saturday, after a series of leaks about government surveillance programs, CNET reported that the NSA had “acknowledged” during a classified briefing that it has the ability to tap domestic phone calls and emails without court authorization. The website quoted Rep. Jerrold Nadler, (D-N.Y.,) who claimed at a June 13 House hearing that he had been told in a classified briefing that the NSA could monitor domestic calls “simply based on an analyst deciding that."
The CNET report whipped up a storm of hysteria on Twitter and quickly prompted the director of National Intelligence’s office to issue a response. “The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress,” the statement said. This seemed to reassure Nadler, and he retracted his initial remarks. “The NSA cannot listen to the content of Americans’ phone calls without a specific warrant,” he told BuzzFeed.
But neither of these statements—from the DNI’s office or from Nadler—candidly portray the true extent of the NSA’s activities, because the agency actually can sweep up Americans’ communications without a “specific warrant” in some cases. Under section 702 of the Foreign Intelligence Surveillance Act, the NSA has broad authority to monitor the communications of “persons reasonably believed to be located outside the United States.” To conduct this surveillance under FISA, the government has to get the secret Foreign Intelligence Surveillance Court to sign off on a “certification” that outlines what the spying will involve while detailing how it will implement “minimization procedures” to avoid eavesdropping on American citizens. But the NSA still gets to pick its own specific surveillance targets under the certification; only has to have 51 percent certainty that it is targeting a foreigner; and does not have to tell the court about the “facilities, places, premises, or property” that will be monitored.
What this means in practice is that the NSA does not have the authority to explicitly “target” a domestic phone call or email in which both parties to the communication are known to be inside the United States. But the agency can “incidentally” sweep up Americans’ phone calls and emails—especially when one party is inside the United States and the other is overseas—while conducting FISA-authorized spying on foreigners’ communications. That’s why it’s misleading for the DNI to say that section 702 of FISA “cannot be used to target Americans anywhere in the world.” It may be technically right that it can’t “target” Americans, but that does not change the fact that the NSA’s surveillance can and inevitably does involve the warrantless interception of Americans’ private communications. Indeed, there is known to be at least one case in which the FISA minimization procedures designed to limit surveillance of Americans were circumvented by the government in a way that was deemed unlawful, though the Justice Department is fighting to keep the details secret.
In the past fortnight, the scope of the NSA’s surveillance programs has come under intense scrutiny following the leak of top-secret documents published by the Guardian and the Washington Post. Edward Snowden, the NSA contractor who has admitted disclosing the documents, participated in an online question and answer session Monday for the Guardian. The 29-year-old, who is currently in hiding somewhere in Hong Kong, accused the U.S. government during the Q-and-A of using “weasel words” in its statements about the extent of domestic surveillance. “Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant,” Snowden said. “They excuse this as ‘incidental’ collection, but at the end of the day, someone at NSA still has the content of your communications.” The DNI office’s use of ”targeted” is one example of just such a weasel word.
Posted Monday, June 17, 2013, at 4:38 PM
Photo by Manjunath Kiran/AFP/Getty Images
A few weeks ago, a flurry of unubstantiated hype about "the death of tech blogging" moved me to declare, facetiously, the death of declaring things dead. Since then I've been sporadically keeping track of just a small portion of the trends, ideas, and technologies that newspaper, magazine, and blog headlines declare dead every day.
But sometimes things really do die, and not just in the sense that they become somewhat less cool or experience a dip in popularity. To wit: India's state-owned telecom company is planning to shut down what is considered the world's last telegraph service, citing losses of over $23 million a year. The world's last telegram will be sent on July 14.
We in the media kill things off so readily these days that it's easy to forget how long it actually takes a once-prevalent technology to vanish altogether. The telegram should serve as a reminder: It often takes a really, really long time. Had there been a TechCrunch or a Forbes.com a century ago, some scribe would have no doubt declared the telegram defunct even then, done in by the rise of the landline telephone (itself the frequent subject of exaggerated death reports these days). In fact, though, the telegraph's use in India peaked as recently as 1985, and it continues even now to play a role in the lives of some portion of the 74 percent of Indians who do not have mobile phones.
Asked how he manages to make such accurate predictions in his books, the novelist William Gibson once explained, "The future is already here, it's just not very evenly distributed." The fact that telegraph service still exists in at least one corner of the Earth as of June 17, 2013, suggests a corrollary to Gibson's axiom: The past is still here, it's just not evenly distributed.
Posted Monday, June 17, 2013, at 11:12 AM
Photo by Scott Olson/Getty Images
After recent revelations of NSA spying, it’s difficult to trust large Internet corporations like Facebook to host our online social networks. Facebook is one of nine companies tied to PRISM––perhaps the largest government surveillance effort in world history. Even before this story broke, many social media addicts had lost trust in the company. Maybe now they’ll finally start thinking seriously about leaving the social network giant.
Luckily, there are other options, ones that are less vulnerable to government spying and offer users more control over their personal data. But will mass migration from Facebook actually happen?Read More »