Future Tense
The Citizen's Guide to the Future

July 31 2015 10:20 AM

Court Rules Police Need a Warrant to Access Location Data From Your Cellphone

Take a moment and try to remember where you were 24 hours ago. Maybe you’re a creature of habit and it’s easy to guess. Or maybe, like me, you can’t quite recall whether you were at work, at home, or somewhere in between. Either way, if you had your cellphone with you, it would be astonishingly easy for someone with the right access to pin your location down. Thanks to a recent court decision, however, that information just got a lot harder to examine for many in the United States.

In an order released Thursday by the U.S. District Court for the Northern District of California, Judge Lucy Koh found that Fourth Amendment protections extend to location data generated by cellphones. Ruling against the federal government, Koh affirmed that law enforcement agencies must seek a warrant before acquiring historical location data produced by a cellphone.

Advertisement

As Koh explains, modern phones constantly ping cellular towers, even when they’re not actively in use. Thanks to these regular connections, they generate a steady stream of data about their physical location—sometimes even when the user turns off location services, a fact that the ACLU stressed in an amicus brief. Koh notes that many users may be unaware of how much information they’re giving up as they move through the world. This data, which is known as cell site location information (or CSLI) can be important to legal investigations.

In the past, courts have largely avoided the issue of whether CSLI should be readily available. Koh writes, “Neither the U.S. Supreme Court nor the Ninth Circuit has squarely addressed whether cell phone users possess a reasonable expectation of privacy in the CSLI, historical or otherwise, associated with their cell phones.”

Previous relevant cases were mostly built around more basic technologies. In 1983, for example, the Supreme Court held that an individual’s movements along public thoroughfares could be tracked via his or her beeper. A year later, the court clarified and restricted this decision, stressing that it did not apply when a user was within his or her private home.

Koh’s decision ultimately turns around the increasingly central role that cellphones play in almost all of our lives. “For many,” she writes, “cell phones are not a luxury good; they are an essential part of living in modern society.” That’s in keeping with recent case law, which increasingly holds that we shouldn’t have to choose between participating in the contemporary moment and maintaining our privacy. For instance, in 2014 the Supreme Court ruled, in Riley v. California, that law enforcement needs a warrant to search a person’s cellphone as part of an arrest.

Of course, not everyone agrees. Earlier this week, a Cincinnati appeals court found that you have no reasonable expectation of privacy if you accidentally butt dial someone. As Slate’s Lily Hay Newman explained, the judge in that case held that being overheard during a butt dial is a bit like having an argument near an open window.

That may be, but as cellular technologies grow more and more sophisticated, they offer an increasingly complex picture of our lives, furnishing what Justice Sonia Sotomayor calls “a wealth of detail about [a person’s] familial, political, professional, religious, and sexual associations.” (Koh cited that line in her ruling.) Because it can paint a picture of “the sum of one’s public movements,” CSLI makes it difficult to clearly distinguish between public and private experience. As these ambiguities multiply, powerful, clear decisions like Koh’s will become all the more important.

Video Advertisement

July 31 2015 10:18 AM

Hackers Could Heist Semis by Exploiting This Satellite Flaw

Wired logo

Remember the opening scene of the first Fast and Furious film when bandits hijacked a truck to steal its cargo? Or consider the recent real-life theft of $4 million in gold from a truck transiting from Miami to Massachusetts. Heists like these could become easier to pull off thanks to security flaws in systems used for tracking valuable shipments and assets.

Vulnerabilities in asset-tracking systems made by Globalstar and its subsidiaries would allow a hijacker to track valuable and sensitive cargo—such as electronics, gas and volatile chemicals, military supplies or possibly even nuclear materials—disable the location-tracking device used to monitor it, then spoof the coordinates to make it appear as if a hijacked shipment was still traveling its intended route. Or a hacker who just wanted to cause chaos and confusion could feed false coordinates to companies and militaries monitoring their assets and shipments to make them think they’d been hijacked, according to Colby Moore, a researcher with the security firm Synack, who plans to discuss the vulnerabilities next week at the Blackhat and Def Con security conferences in Las Vegas.

Advertisement

The same vulnerable technology isn’t used just for tracking cargo and assets, however. It’s also used in people-tracking systems for search-and-rescue missions and in SCADA environments to monitor high-tech engineering projects like pipelines and oil rigs to determine, for example, if valves are open or closed in areas where phone, cellular and Internet service don’t exist. Hackers could exploit the same vulnerabilities to interfere with these systems as well, Moore says.

The tracking systems consist of devices about the size of a hand that are attached to a shipping container, vehicle or equipment and communicate with Globalstar’s low-earth orbiting satellites by sending them latitude and longitude coordinates or, in the case of SCADA systems, information about their operation. A 2003 article about the technology, for example, indicated that the asset trackers could be configured to monitor and trigger an alert when certain events occurred such as the temperature rising above a safe level in a container or the lock on a container being opened. The satellites relay this information to ground stations, which in turn transmit the data via the Internet or phone networks to the customer’s computers.

According to Moore, the Simplex data network that Globalstar uses for its satellites doesn’t encrypt communication between the tracking devices, orbiting satellites and ground stations, nor does it require the communication be authenticated so that only legitimate data gets sent. As a result, someone can intercept the communication, spoof it or jam it.

“The integrity of the whole system is relying on a hacker not being able to clone or tamper with a device,” says Moore. “The way Globalstar engineered the platform leaves security up to the end integrator, and so far, no one has implemented security.”

Simplex data transmissions are also one-way from device to satellite to ground station, which means there is no way to ping back to a device to verify that the data transmitted was accurate if the device has only satellite capability (some of the more expensive Globalstar tracking devices combine satellite and cell network communication for communicating in areas where network coverage is available).

Moore says he notified Globalstar about the vulnerabilities about six months ago, but the company was noncommittal about fixing them. The problems, in fact, cannot be implemented with simple software patches. Instead, to add encryption and authentication, the protocol for the communication would have to be re-architected.

Globalstar did not respond to a request from WIRED for comment.

Top Companies Rely on Globalstar Satellites

Globalstar has more than four dozen satellites in space, and it’s considered one of the largest providers of satellite voice and data communications in the world. Additionally, its satellite asset-tracking systems—such as the SmartOne, SmartOne B and SmartOne C—provide service to a wide swath of industry, including oil and gas, mining, forestry, commercial fishing, utilities, and the military. Asset-tracking systems made by Globalstar and its subsidiaries Geforce and Axon can be used to track fleets of armored cars, cargo-shipping containers, maritime vessels, and military equipment or simply expensive construction equipment. Geforce’s customers include such bigwigs as BP, Halliburton, GE Oil and Gas, Chevron and Conoco Phillips. Geforce markets its trackers for use with things like acid and fuel tanks, railway cars, and so-called “frac tanks” used in fracking operations.

The company noted in a press release this year that since the launch of its initial SmartOne asset-tracking system in 2012, more than 150,000 units were being used in multiple industries, including aviation, alternative energy and the military.

In addition to asset-tracking, Globalstar produces a personal tracking system known as the SPOT Satellite Messenger for hikers, sailors, pilots and others who travel in remote areas where cell coverage might not be available so that emergency service personnel can find them if they become lost or separated from their vehicle.

Moore tested three Globalstar devices that he bought for tracking assets and people, but he says all systems that communicate with the Globalstar satellites use the same Simplex protocol and would therefore be vulnerable to interference. He also thinks the problem may not be unique to Globalstar trackers. “I would expect to see similar vulnerabilities in other systems if we were to look at them further,” he says.

The Simplex network uses a secret code to encode all data sent through it, but Moore was able to easily reverse-engineer it to determine how messages get encoded in order to craft his own. “The secret codes are not generated on the fly and are not unique. Instead, the same code is used for all the devices,” he says.

Moore spent about $1,000 in hardware to build a transceiver to intercept data from the tracking devices he purchased, and an additional $300 in software and hardware for analyzing the data and mimicking a tracking device. Although he built his own transceiver, thieves would really only need a proper antenna and a universal software radio peripheral. With these, they could intercept satellite signals to identify a shipment of valuable cargo, track its movement and transmit spoofed data. While seizing the goods, they could disable the vehicle’s tracking device physically or jam the signals while sending spoofed location data from a laptop to make it appear that the vehicle or shipment was traveling in one location when it’s actually in another.

Each device has a unique ID that’s printed on its outer casing. The devices also transmit their unique ID when communicating with satellites, so an attacker targeting a specific shipment could intercept and spoof the communication.

In most cases, attackers would want to know in advance, before hijacking a truck or shipment, what’s being transported. But an attacker could also just set up a receiver in an area where valuable shipments are expected to pass and track the assets as they move.

“I put this on a tower on a large building and all the locations of devices [in the area] are being monitored,” Moore says. “Can I find a diamond shipment or a nuclear shipment that it can track?”

It’s unclear how the military is using Globalstar’s asset-tracking devices, but conceivably if they’re being used in war zones, the vulnerabilities Moore uncovered could be used by adversaries to track supplies and convoys and aim missiles at them.

Often the unique IDs on devices are sequential, so if a commercial or military customer owns numerous devices for tracking assets, an attacker would be able to determine other device IDs, and assets, that belong to the same company or military based on similar ID numbers.

Moore says security problems like this are endemic when technologies that were designed years ago, when security protocols were lax, haven’t been re-architected to account for today’s threats.

“We rely on these systems that were architected long ago with no security in mind, and these bugs persist for years and years,” he says. “We need to be very mindful in designing satellite systems and critical infrastructure, otherwise we’re going to be stuck with these broken systems for years to come.”

See also:

July 31 2015 8:35 AM

The Art of Artificially Throwing Shade

As today’s artificial intelligence grows more and more capable of natural language interaction with humans, they will need to master a peculiar yet highly important design need: ready-made snarky responses for when their human owners troll them with science fiction movie A.I. references. As you can see in a video I recorded of myself playing with the Amazon Echo and its Alexa-intelligent assistant, Alexa got sassy when I repeated a famous line from 2001: A Space Odyssey

In the movie, the astronaut Dave Bowman asks the homicidal supercomputer HAL to let him back inside the spacecraft, and HAL responds with a curt “I’m sorry Dave, I’m afraid I can’t do that.” When you say “HAL, open the pod bay doors,” Alexa responds by not only mimicking the first part of HAL’s response—she also reminds you that she is not HAL and we’re not in space.

Advertisement

Granted, Alexa’s shade-throwing is really that of the team of programmers that built her. But that’s also the point. There are many ways of building human connection to machines, and Alexa reflects many of them. For example, by assuming a human female’s name and taking on a vaguely female voice, Alexa encourages you to regard it using terminology such as “her” or “she.” And whenever I call an “it” a “she”, I linguistically imbue a cloud-based computer program speaking through a faceless black cylinder with a socially constructed marker of human identity: gender.

But, as my video demonstrates, another component of feeling connected to a machine could also be the machine faking a form of self-awareness.  Alexa “knows” that she is an A.I. enough to understand what it means when I tease her by asking her to open the pod bay doors. And Alexa responds by effectively rolling her eyes at me. The fact that Alexa seems unhappy and even passive-aggressive when you troll her with HAL jokes makes it easier for us to assume that “she” has belief, desires, and intentions.

Small touches like this will help people adapt to a world in which they will live and work alongside machines like Alexa—as well as tease them in the hope of getting a “What, this joke again?” reaction.

July 30 2015 6:39 PM

A Look at the Awesome but Ridiculously Old Technology That Runs the NYC Subway System

Vintage technology is fun and fascinating. It feels new all over again to see how old devices made modern concepts possible. But buying LPs again is different than finding out that missile silos in the United States still rely on floppy disks. And this video of the old tech still in use in the New York City subway system feels more like the latter. It’s delightful, sure, but also deeply baffling.

The main point of the 9-minute video, released by New York City’s Metropolitan Transportation Authority, is to talk about how the subway system is modernizing. The agency has been working for years to implement “communications-based train control” on every line. It’s a system that tracks each train’s position, automates speed control, and calculates safe distances between trains. Compared with the current manual system of “fixed block signaling,” CBTC allows for more trains per hour, better precision, and less infrastructure maintenance. But first the MTA has to finish implementing it. (The automated system is only in use on one out of the system’s 34 lines so far, with another transition almost complete.)

Advertisement

The most captivating part of the video, though, is the opening section showing the devices that control trains in and around the West 4th Street stop in Manhattan. “What our riders don’t realize ... is that in our system it’s not just the architecture that’s 100 years old,” the narrator says. “It’s a lot of the basic technology as well. The infrastructure is old.” And the MTA is not joking around. The video shows 1930s devices, dispatchers filling out handwritten call sheets, and levers for manually operating signals and moving track switches.

In the relay room, MTA vice president and chief officer of service delivery Wynton Habersham talks about how difficult it is to maintain the aging technology.

This equipment is not supported at all by the railroad industry. We are fully self-sufficient and self-sustaining. We have a signal shop that can replace the parts, they rebuild these relays. And then when any modernization is going on we scavenge to retain the parts so we can provide replacement for those that remain in service.

Holy. Crap. This is a 24/7 subway system we’re talking about. Habersham goes on to say that the cables connecting many of the electromechanical relays throughout the system—meaning in control rooms but also on the tracks—are the original cloth-covered cables. And then Habersham talks about what would happen if there were a fire. (Bad things. Bad things would happen.) Vintage tech, so much nostalgia!

The video is fascinating, but Rebecca Fishbein put it best on Gothamist: “This shit is OLD, like grizzled dude who won’t stop stabbing at the back of your plane seat because he can’t figure out the TV touchscreen old. It’s a miracle the F train even runs at all.”

July 30 2015 4:05 PM

Tech Companies, Carriers Should Be Required to Issue Updates to Fix Security Flaws

No, it's not your imagination: You're hearing a spate of news about security flaws in the products you use every day. Two big annual hacker conferences are coming up in Las Vegas, and many of the people giving talks there are telling the world now what they've uncovered.

As usual, the news is grim, if not just a little terrifying—and it's especially bad this year if you own a mobile phone using the Google's Android operating system. The “Stagefright” vulnerability, revealed this week, suggests that a hacker could remotely take control of another person's phone simply by sending a specially crafted multimedia message, such as a text with a video attached. In other cases the user would have to open the message. (The company that found the flaw, Zimperium, has posted instructions on how to prevent this with some newer phones.)

Advertisement

Naturally, the people who sell Android phones are racing to install software patches that will fix this potentially catastrophic flaw, right? Wrong. There's a chance—a near-certainty in many cases—that you'll never get a fix for your phone. Because the companies that sell you phones and service care much more about their bottom lines than your security. The situation has gotten so bad that it’s time to turn to government intervention, much as it pains me to say.

We need a law, with teeth. Sellers of phones and many other connected consumer devices should be required to provide timely security updates for a minimum of three years after a device goes on the market. Regulation should be done with the lightest possible touch, and it should steer clear of interfering with the technology itself. Enforcing such a law would not be simple, to put it mildly. But the current situation has to change.

The Android ecosystem is a freewheeling mess. This is good in many situations, because it spurs innovation and competition. Google, which created the operating system, made it mostly open source—free to download and modify—and gives it away to hardware manufacturers. They modify it before installing it on their phones, most of which are sold by telecommunications carriers such as Verizon, AT&T, Sprint, and T-Mobile. So when Google issues updates to Android, which it does on a regular basis, owners have to wait for the manufacturer and the carrier to a) test the update with their own modified versions of Android, and b) send over-the-air updates to users. If they ever do.

Apple's iOS devices, of course, are part of a tightly controlled ecosystem, and while Apple is far from perfect on security, it does update iPhones. But we shouldn't be required to turn over our computing and communications to control-freak companies in order to get necessary security updates.

Now, if you have a Google-branded phone such as a recent Nexus, you're safer than most, because Google sells them directly and updates them. (I use a phone running an Android variant called Cyanogenmod, which is community-based and gets timely updates.)

If you're running an older Android phone, however, I have bad news: There's almost no chance that your device maker and/or carrier will send you an operating system update that repairs the Stagefright vulnerability. This isn't because they couldn't. The reality is that once they sold you the phone, anything they have to do to improve it is added cost; they would much rather have you want buy a new one as soon as possible.

When businesses refuse to do what's necessary to provide customers even minimal safety, government has to step in. This is why regulators sometimes insist that car manufacturers recall their vehicles when flaws emerge.

The tech industry has been given a pass on all of this, in part because software is always a work in progress and is always going to have flaws. But once a flaw is identified, with code ready for updates, the updates should be made available, period.

It's not just phones where we need this. The home-router industry—companies making the devices that broadcast Wi-Fi signals throughout our homes—is notorious for its lax security practices and diffidence when it comes to fixing known flaws. Meanwhile, the Chrysler hack revealed last week should tell us that Internet-connected cars are, at this stage, an absolutely terrible idea; at least Chrysler is doing a (flawed) recall.

So far, the government has shown absolutely no interest in this issue. An ACLU security expert, Chris Soghoian, filed a complaint with the Federal Trade Commission more than two years ago, asking the consumer-protection agency to require Android updates. He got nowhere.

It's time for the FTC and others in Washington—hello, Congress—to pay attention. The technology and communications industries have made a deliberate decision to be neglectful with their customers' security. It's doesn't mean government should be derelict, too.

July 29 2015 6:21 PM

Google’s Translate App Is Now Indispensable for International Travelers

Google Translate may be the coolest app that you probably don’t have on your phone. Available for both iOS and Android, Translate doesn’t just shuffle words and phrases from one language to another—it can also literally rewrite the world around you. As TechCrunch reports, it also got a lot more useful Wednesday, adding 20 more languages to its repertoire. It now supports 27 tongues.

Instant translate is simple but surprisingly powerful, bringing augmented reality to the screens of consumer electronics. Hold up your phone’s camera to text in a foreign language, and the app will translate the words you put before it, erasing the old and inscribing the new in their place. As TechCrunch’s Drew Olanoff explains, Google built this feature around Word Lens, a program that it acquired when it purchased Quest Visual last year.

Advertisement

In its present form, instant translate works astonishingly well, but it does some things better than others. When I showed it a volume of Portuguese poetry, it was able to offer serviceable—if singularly unpoetic—takes on some lines. “The Martian found me on the street,” a Carlos Dumond de Andrade poem, aptly titled “Science Fiction,” promisingly begins, only to continue, “And had fear of my impossibility human.” Not bad, but I’ll stick with Richard Zenith’s more elegant rendering: “A Martian ran into me on the street / and recoiled at my human impossibility.” While it was impressive to watch the words take shape on my phone’s screen, this clearly isn’t the sort of task that the program was designed to accomplish—and it shouldn’t be faulted for its failure.

Google Translate performed much better in my neighborhood coffee shop, successfully translating signs into Spanish, Filipino, and a variety of other languages, but it struggled to make sense of the specials scribbled on the chalkboard. While the handwritten missives of my baristas left it flummoxed, it can still recognize a surprisingly wide range of letters and fonts. Like Google’s image recognition software—which has gotten the company into a bit of trouble in the recent past—Translate uses convolutional neural networks to determine what is and isn’t a letter and then to guess how those letters fit together into words.

Perhaps most impressively, all of this works even when a phone isn’t connected to the Internet or a cellular network. By limiting how much variation the network searches for, Google was able to fit Translate’s letter and word recognition capabilities into a surprisingly tiny package. When you first attempt to translate to or from a new language, you’ll be prompted to download a small data packet. Once you have that information stored on your device, it no longer needs to exchange information with Google’s data centers. This should make it a remarkable tool for those traveling abroad with limited Internet access.

Google Translate product manager Julie Cattiau told TechCrunch that the program isn’t going to replace traditional language learning any time soon. It’s also no poet—as its brute force renderings of the lines I showed it plainly demonstrate. It is, however, very, very cool.

July 29 2015 3:33 PM

The Most Important Feature of Windows 10 May Seem Boring. It’s Actually Revolutionary.

In the opening of a (truly hilarious) Microsoft promo video for Windows 95, the narrator says, “I just want a new operating system!” That’s exactly what we’ve been taught to look forward to every few years, and Wednesday’s release of Windows 10 feels like a satisfying step in the progression. But this time things are different, because this is “the last version of Windows.”

As the Verge reported in May, Microsoft developers started talking about a fundamental shift in Windows at the company’s Ignite conference. Instead of the periodic large releases of big-name operating systems, Microsoft wanted to make Windows 10 a streamlined, device-agnostic platform that could be reinvented whenever and however the company wanted on any given day. CEO Satya Nadella told BBC News on Wednesday that, "It’s not just another release of Windows, it’s the beginning of a new era."

Advertisement

In the new Windows world everything is seamless and infinite. In a statement about Windows 10 on Tuesday, Microsoft said, “Windows 10 is delivered as a service and kept automatically up-to-date with innovations and security updates.” It’s a mental shift from thinking of operating systems as individual releases to thinking of them as boundless platforms. Erick Schonfeld explained the concept well on TechCrunch in 2011: “The approach is more like updating a website than a piece of client software. The version numbers don’t really matter. What version of Amazon are you on? Exactly.”

But in 2011, Schonfeld obviously wasn’t talking about Windows 10 (Windows 8 was just debuting). He was talking about a service we all know that’s been doing incremental updates for years: Google Chrome. In 2010, Chrome changed from pushing updates every few months to releasing them every six weeks. The idea was that fixes and features should go live whenever they were ready. If something missed its deadline it would just come out six weeks later instead of holding everything up. When updates are that frequent, it doesn’t really matter what “version” you’re on.

Chrome program manager Anthony Laforge wrote in 2010:

Predictable fixed duration development periods allow us to determine how much work we can do in a fixed amount of time, and makes schedule communication simple. We basically wanted to operate more like trains leaving Grand Central Station (regularly scheduled and always on time), and less like taxis leaving the Bronx (ad hoc and unpredictable).

Incremental updates serve Windows 10’s goal of being a universal operating system and offering “one experience” across PCs, tablets, phones, Raspberry Pi, Xbox One, and HoloLens (plus the 2,000 devices Microsoft says it’s testing for compatability). Managing updates on so many different devices is currently pretty painful, and Windows 10 aims to fix that. If nothing else, streamlining the update process makes devices more secure, because they automatically get their patches and bug fixes instead of relying on users to initiate a download.

The pressing question, then, will be whether Microsoft can deliver significant innovations and redesigns without affecting Windows’ daily performance. Windows 10 is culling usage statistics to suggest times for automatic restarts (so updates can take effect), and presumably many updates will happen behind the scenes without requiring a restart at all. But Microsoft will need a way to generate excitement about new features as they come out, work carefully to avoid pushing out flawed updates, and generally keep users informed. You wouldn’t want your operating system to morph into something you never asked for, right?

July 29 2015 2:46 PM

Netizen Report: Emails Suggest Lebanon Used Angry Birds to Infect Devices With Malware

The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. It originally appears each week on Global Voices Advocacy. Juan Arellano, Ellery Roberts Biddle, Hae-in Lim, Katitza Rodriguez, and Sarah Myers West contributed to this report.

GVA logo

Emails leaked after Hacking Team’s systems were hacked in early July—and now searchable on WikiLeaks—indicate that Lebanon’s Interior Security Forces, General Security office, and Cybercrime Bureau all pursued contracts with the Milan-based surveillance-software maker. Emails suggest that Security Forces personnel were able to successfully infect target devices with the help of Hacking Team staff and that they created a technical “backdoor” in the devices (a virtual channel through which authorities can monitor a user’s activities) by exploiting a security flaw in Angry Birds.

Advertisement

These revelations confirm what various bloggers and political activists had suspected after they were summoned for questioning by the Cybercrime Bureau. Beirut-based technology journalist Habib Battah described the bureau’s approach in June:

In some cases, bloggers have claimed that police agents tricked them into giving up information by sending malware to their computers, a practice [Major Suzan Hajj Hobeiche, head of the Cybercrime Bureau] seemed to endorse by claiming “ethical hacking” used by law enforcement is sometimes needed to protect the greater good. Yet, increasingly that greater good seems to be defined by the interests of the wealthy and well-connected. …

Peru and Pakistan erode citizen privacy with new surveillance tactics
A recent executive decree from Peru’s government compels all telecommunications companies and Internet service providers to store traffic data for three years. Assuming that the decree holds, telcos will be forced to provide police with individual user data from these logs upon their request. Issued one day before Peru’s independence day, the decree explicitly states that the police should have access to geolocation data without a warrant or court order and that this data is not protected under the Peruvian Constitution. Peruvian lawyer Miguel Morachimo told the Electronic Frontier Foundation: “Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic.”

The decree has significant potential for abuse of its new powers. It ignores the fact that most cellphones today constantly transmit detailed location data about every individual to their carriers and that all this location data is housed in one place—with the telecommunications service provider. This will leave Peruvian police with access to more precise, more comprehensive, and more pervasive data than would ever have been possible under previous policies.

Pakistan too is planning to expand its surveillance capabilities, which could include monitoring broadband Internet traffic, phone records, and cellular data transmissions, according to a report by Privacy International. The Verge notes that because Pakistan already has stringent registration requirements, such as a national biometric ID program and SIM card registration by fingerprint, these bulk surveillance plans may be particularly invasive.

U.K. High Court strikes down discrete data retention practices
In slightly better news from the world of digital surveillance, a U.K. High Court ruled against data retention laws that allowed the government to order telecommunications companies to retain their users’ metadata for one year. The reason: The laws failed to require authorities to obtain judicial approval prior. The court also took issue with the lack of “clear and precise rules” for the collection of data in the Data Retention and Investigatory Powers Act 2014 (sections 1 and 2). The Home Office says it will appeal the decision.

Malaysia blocks news website in face of public finance investigation
Malaysia blocked news website the Sarawak Report and suspended two local papers after they published investigative reports on the suspicious transfer of $700 million from a government-managed investment fund into the personal bank account of Malaysian Prime Minister Najib Razak. While there is evidence that the government has censored the Internet in the past, this marks the first time it has publicly acknowledged doing so. Although the Malaysian Communications and Multimedia Commission claims that the block was carried out legally under the Communications and Multimedia Act of 1998, the law does not sanction censorship of online websites.

Is YouTube headed for Russia’s Internet blacklist?
Russian media and Internet watchdog Roscomnadzor issued an official warning to YouTube July 22 that the site may be added to the country’s Internet blacklist for copyright violations. The warning comes after the Moscow city court ruled that copyright was violated when two Russian TV shows were uploaded to YouTube. Though YouTube took down the videos, others were subsequently uploaded; Roscomnadzor reported seeing 137 copies on the site as of July 20.

Transparency reports: When it comes to takedowns, copyright is king
The online marketplace Etsy shut down more than 168,000 accounts over the year 2014, according to its first transparency report. It shut down 3,993 shops for violations of Etsy’s intellectual property policy and disabled 176,137 listings in response to DMCA takedown requests. However, the majority of the shutdowns were for non-IP related issues, such as spam and the sale of items prohibited on the site.

New Research

July 28 2015 10:18 PM

Jack Dorsey Wants to Reinvent Twitter

Less than a month after taking the tiller as interim CEO, Twitter co-founder Jack Dorsey is charting a new course.  

The famous Twitter timeline, in which tweets from everyone you follow are displayed in reverse chronological order, is no longer getting the job done, Dorsey said on an earnings call with investors Tuesday evening. And tweaks intended to help the company reach a broader user base, like instant timelines and a new home page for casual visitors, have failed. As a result, Twitter’s growth has been “unacceptable,” said Dorsey, who could be seen wearing a gray hoodie and a generous beard as he live-streamed the earnings call on Periscope.

Advertisement

Those tweaks, it’s worth noting, were implemented by his well-liked but cautious predecessor, Dick Costolo, before he was pushed out last month.

What’s needed, Dorsey said, is a broader overhaul of the Twitter product to make it more accessible to the majority of Internet users who don’t regularly log in. He called for a “questioning of our fundamentals,” including the reverse-chronological timeline, in order to “balance recency with relevance.”

For those who don’t speak social media, that’s code for “we need to get more like Facebook.” Whereas Twitter’s timeline ranks tweets by recency, Facebook’s News Feed ranks posts by relevance, as determined by complex algorithms that adapt to each user’s behavior and preferences. Twitter has been experimenting with similar software, which it now uses to show you a series of older tweets when you log in, under the heading “While You Were Away.” Expect to see more of that in the future, as Dorsey sang the feature’s praises multiple times on Tuesday’s call. “I’m definitely seeing a lot more value at the top of my stream,” he said.

Another forthcoming feature, code-named “Project Lightning,” will employ human editors to collect top tweets about trending news topics and live events as they unfold. Dorsey endorsed that as well, adding that he expects to release it this fall. But he suggested “While You Were Away” and Project Lightning are only the first steps toward an eventual shift away from reverse chronology. “There’s a lot more to do there,” Dorsey said.

From a business perspective, the Dorsey-led earnings call amounted to a blast of #realtalk from a company that under Costolo was at pains to reassure investors it was on the right path. Dorsey repeatedly said he was “not happy” with the company’s direction. Anthony Noto, the company’s buttoned-down chief financial officer, matched his boss’s grim tone. He warned investors that the user growth they’ve been clamoring for likely won’t come “for a considerable amount of time.”

An inability to grow beyond its core of loyal users has dogged Twitter since it went public in November 2013. Investors expecting the next Facebook have been disappointed quarter after quarter as user growth has flattened. This is despite consistently strong revenue growth, as Twitter has built a thriving mobile advertising business in just the past two years. Revenue was strong yet again in the most recent quarter. It topped $500 million, up 61 percent from the same quarter in 2014.

Costolo had sought to shift investors’ expectations for the company, arguing that Twitter could reach more people than Facebook even without persuading them to log in regularly. As I’ve explained, Costolo saw Twitter’s future as that of a media platform rather than a social network, with syndicated tweets gaining wide audiences beyond Twitter itself. It was a realistic vision, but evidently not a bold enough one for shareholders.

Dorsey, in contrast, hinted that Twitter will return to its earlier mission of becoming a daily destination for the majority of people on the Internet—like Facebook. Twitter should be, he said, “the first thing everyone in the world checks before they start their day.”

And whereas Costolo had essentially admitted defeat in Twitter’s bid to get more people tweeting, Dorsey argued it isn’t enough for people to consume tweets passively. In addition to being a window to the world, he said, Twitter should be “the most powerful microphone in the world.”

Key to all of these goals will be convincing people that they need another social network in their lives. To that end, Twitter is reportedly planning its first major marketing campaign.

Who will lead the company down this new path has been the subject of much speculation, particularly after reports that Square—where Dorsey is founder and CEO—is about to go public. Asked whether he is a candidate to take on the top post at Twitter on a permanent basis, Dorsey said he had “no update to provide.” But he sounded like a man gunning for the job.   

Previously in Slate:

July 28 2015 3:28 PM

The Real Reason Elon Musk Is Worried About Killer Robots

If you believe Elon Musk, you should be very, very afraid of killer robots, but maybe not for the reason you think. In an open letter published Tuesday by the Future of Life Institute, Musk, Stephen Hawking, and thousands of co-signatories call for a “ban on offensive autonomous weapons beyond meaningful human control.” This is the kind of phrase that summons up images of Arnold Schwarzenegger in the Terminator films, but that’s not what Musk and his collaborators seem to have in mind.

Nevertheless, it’s this familiar image of dystopian robopocalypse that opens all too many stories about the letter. The Washington Post, New York Times, and Huffington Post—to name but three examples—all illustrate their articles on the topic with Terminator stills. Though the articles’ authors don’t come out and say it, the connotations are clear: The robots are coming, and they want your blood.

Advertisement

Far from worrying that artificially intelligent killing machines are going to wipe out humanity, however, FLI has a more immediately relevant concern: research priorities. Musk has famously described artificial intelligence as an “existential threat.” But he’s also helped back research to help society “reap the benefits” of artificial intelligence “while avoiding potential pitfalls.”

This is not the first time the FLI has broached the issues surrounding A.I. through an open letter. In a previous missive, issued in January, the institute had proposed that researchers should work to “maximize the societal benefit of A.I.” by ensuring that intelligent systems “do what we want them to do.” While the attached statement of research priorities touched on autonomous weapons, it did so only in passing, offering little indication as to whether and how considerations of them should proceed.

A careful reading of the FLI’s latest open letter on autonomous warfare reveals that its authors aim to correct this oversight. “If any major military power pushes ahead with A.I. weapon development, a global arms race is virtually inevitable,” they write. Here, the danger isn’t so much that the technology will become more and more powerful but that more and more research energy will be directed toward military A.I. As it does, there will be fewer resources available to those hoping to design A.I. that preserves and sustains life.

The letter also suggests that as autonomous weapons become easier to produce, they will inevitably fall into the “hands of terrorists, dictators wishing to better control their populace, warlords wishing to perpetrate ethnic cleansing, etc.” While this is a serious and real concern, it is a far cry the hyperbolic fantasies suggested by comparisons to the Terminator films. FLI isn’t worried that A.I. will set out to kill humans. It’s concerned that humans will use A.I. to more efficiently kill one another.

Far from warning of an impending robopacalypse, then, FLI and the letter’s many co-signatories are encouraging us to rethink the way we approach A.I. today. The letter compares its proposed moratorium on autonomous weapons development to bans on chemical and biological warfare. Refraining from research into these areas doesn’t mean A.I. is on the verge of destroying all life—just that we don’t feel such research contributes to the experience of living. As Cecilia Tilli, who signed the January FLI artificial-intelligence letter, wrote in Slate, “being mindful doesn’t mean that experts believe danger lurks behind the next advance in artificial intelligence.”

It’s unfortunate that the FLI’s letter has contributed to fears about A.I. Adam Elkus has argued that such excessive concerns only make it harder for most of us to educate ourselves about what’s really going on. If we’re really going to follow the advice of Musk, Hawking, and their co-signatories, we should focus more clearly on A.I.’s “great potential to benefit humanity” and work to ensure that it can do so.

READ MORE STORIES