Friday, February 03, 2006

Surveillance, Identity Theft and False Accusations

Following on from Justice's last post: It's not just activists that have something to fear from the NSA/industrial surveillance complex. We are all at risk. Automated surveillance systems are not exactly foolproof: as evinced by the recent case of a woman who claims she has never even used a computer, but who was sued by the Recording Industry Assocation of America (RIAA) for illegally sharing copyrighted files on the internet!

Unfortunately, the relevant data gathering systems (of the RIAA and ISPs) are shrouded in secrecy, so it is difficult to know how many such lawsuits are completely bogus. Maybe that was the only one so far. Maybe there are quite a few. We just don't know.

And identifying an IP address of a computer sharing some files, and tying it back to a subscriber at a particular point in time, is a very well-defined, discrete, simple procedure. That's about the simplest procedure there is for detecting illegal activity online - and it's still not foolproof. (As I'll argue below, it's obvious that it's not foolproof, regardless of whether or not the woman accused by the RIAA is telling the truth in this particular case). Other automated surveillance mechanisms, such as the UK government's national numberplate recognition system - potentially one of the most Orwellian ideas in years - are likely to be far less reliable.

Yet judges, juries, lawyers and especially voters who are not familiar with technology at a deep level (which is, sadly, a majority of the population), tend to be biased towards accepting the results of "electronic black boxes" (such as electronic voting systems, breathalysers, etc.) without demanding to see the software source code - let alone the hardware blueprints, or a proof that the software source code provided matches the actual source code that was running on the machine at the time.

It's the old idea that "the computer doesn't lie" - in the old days, the equivalent was "the camera doesn't lie", of course. But obviously, people operate and design computers and computer software. The advent of Photoshopped images should have put paid to the idea of infallibility of the computer once and for all. I think one problem why that nebulous idea persists, is that too many people are just not suspicious enough about the ethics - and more importantly the quality assurance processes - of the people who produce and design computer software and hardware. A serious look into the appalling quality record of my own field - software engineering - would be enough to dispel that idea for anyone, once and for all.

So what happened here? Perhaps that woman was the victim of identity theft and/or credit card fraud. That seems like the most likely explanation - someone else signed up with an ISP using her personal details, and then shared some copyrighted files without the permission of the copyright owner.

What most people don't realise is that identity theft can not only result in you losing money. It can also result in you being sued by the RIAA or MPAA for filesharing, which is something that a poor, working-class American can ill-afford to defend themselves against even if they are innocent, or (as far as I know this is theoretically possible) arrested for accessing child pornography sites, when in fact someone who stole your credit card number was the real culprit. (One would hope that the case would not get to court in such a case, but even so, being falsely accused in front of one's family for accessing child pornography would be quite traumatising in itself.)

And the icing on the cake? The identity theft may have been made possible by the incompetence of a third party! One particularly egrerious example of the many such cases in the last few years is the Boston Globe's jaw-dropping attitude to data protection - this weekend, they sent out batches of newspapers with printouts of credit card numbers of subscribers on top! (It may have been a contractor who was actually responsible, I'm not sure - but still, the Boston Globe should have had procedures in place to stop that happening. Why were credit card numbers being printed out in the first place - let alone sent out with newspapers?)

So you can take steps individually to avoid doing stupid things which leave you open to identity theft, but to keep corporations from making the same or worse errors, we absolutely need stiff laws and penalties, or all your own efforts will be in vain.

California's recently-passed law mandating disclosure of personal information leaks is a good start - it's based on the principle of "name and shame", which can be surprisingly effective in getting clueless organisations to wake up to security issues - but it's far from enough. I believe the EU's data protection laws - which are based on opt-in, not opt-out, and technically ban data transfer to countries which do not have comparable laws - are an example for the US to look to in this regard. Both the law and the level of awareness of data protection in the EU need improvement, but the EU laws are a step in the right direction.

Currently, the mainstream media discourse on electronic surveillance focuses primarily on two things: the prevention of terrorism, and mass data gathering (which is often stated or implied to be anonymous) for marketing purposes. When this and only this is mentioned, it has the effect of making many ordinary people think "This is making a mountain out of a molehill - only privacy nuts are really concerned about that kind of data gathering when it's just for the prevention of terrorism, or for marketing purposes". It's all about framing the issue. The corporate media oligopoly has a strong interest in not fundamentally challenging the growing trend towards a surveillance society, which its big-money advertisers stand to benefit from.

As a student of computer science, I say we need to wake up to the myriad ways in which both outside criminals, and unscrupulous government and corporate insiders, can obtain and abuse the personal data that our brave new electronic world is generating and storing - and start taking computer security and information security more generally, far, far more seriously than we do now.

And that has to start with putting an end to the ridiculous breaches in security that led to cases like the Boston Herald fiasco.

But let's not mess around with band-aids. Let's tackle the problem at the root. It doesn't take an Einstein to realise that if you tack on an extra "expiry date" or fixed "security code" to a credit card number, that still means it's a plain old set of numbers which can be copied by people who don't want to play by the rules. It just makes me roll my eyes to look at all the "increased security measures" that get introduced, which don't take account of the fact that if your security system depends on people following rules, and the incentive is high enough, your system is vulnerable.

What we need to really take aim at identity fraud is "smart cards" with strong cryptography, not fixed credit card numbers. And similarly - neatly tying back into the original topic of surveillance - we need cryptographic identity mechanisms - different identity codes for different purposes, not social security numbers which stay fixed over your lifetime and are used and accessible by every Tom, Dick and Harry!

Not only would this prevent fraud, it could be used to allow people greater control over the use of their personal information. Cryptographic authentication technology (i.e. technology which doesn't rely on a fixed number or password) has been around for years - it's already used in parts of Europe for banking purposes, and no doubt by banks themselves in the US when they really need security - not the ridiculously low levels of security they deign to give to us peons.

And, as an aside, that means the US government really ought to scrap its pointless and ridiculous classification of strong cryptographic software as a "munition" that requires approval to export in operational form. The cryptography cat jumped out of the bag years ago - the US needs to realise it has lost that fight, as was inevitable - and as those who knew anything about technology within the US government must have known all along.

No Place to Hide



From Amazon.com: "George Orwell envisioned Big Brother as an outgrowth of a looming totalitarian state, but in this timely survey Robert O'Harrow Jr. portrays a surveillance society that's less centralized and more a joint public/private venture. Indeed, the most frightening aspect of the Washington Post reporter's thoroughly researched and naggingly disquieting chronicle lies in the matter-of-fact nature of information hunters and gatherers and the insatiable systems they've concocted. Here is a world where data is gathered by relatively unheralded organizations that smooth the way for commercial entities to find the good customers and avoid dicey ones. Government of course too has an interest in the data that's been mined. Information is power, especially when trying to find the bad guys. The mutually compatible skills and needs shared by private and public snoopers were fusing prior to the attacks of 9/11, but the process has since gone into hyperdrive. O'Harrow weaves together vignettes to record the development of the "security-industrial complex," taking pains to personalize his chronicle of a movement that's remained (perhaps purposefully) faceless. Recognizing the appeal of state-of-the-art systems that can track down a murderer/rapist with heretofore unimaginable speed, the author recognizes, too, that the same devices can mistakenly destroy reputations and cast a pall over a free society. In a post-9/11 world where homeland security often trumps personal liberty, this work is an eye-opener for those who take their privacy for granted. --Steven Stolder"

I'm not one of those the-governemnt-is-the-enemy conspiracy theorists but this kind of crap does trouble me because of how it has, is or will be used to suppress dissent.

You can listen to the DemocracyNOW Interview with Robert O'Harrow, Jr.

Frozen Assets



Christopher Healey wrote:

"I've been considering, as I'm sure many transhumanists and SIAI donors have, the possibilities of cryonic suspension. Since I can now reasonably afford this, my thoughts have become tactically oriented, and I've been looking into a life-insurance financing option and other concerns of a personal cryonics program. It has occurred to me, though, that I have not asked myself an important question: Will cryopreservation bring the future that I seek any closer to reality?

The answer is no.

I would be a cryo-lottery ticket holder, where the odds are vague estimates. I would at best be a passive beneficiary of a future achieved, and if I were retrieved at all, by allocating my resources so timidly I would have ceded precious influence for making the desired future real. Were I to wake up in a world that falls short of what it could have been, I would regret not having pushed on those levers of change that were within my grasp. And not now knowing what that world could be, I must take the action that, to the best of my judgment, would limit negative outcomes without constraining the scope of positive change.

And that means donating to the Singularity Institute for Artificial Intelligence.

So few organizations today have aligned themselves with the pragmatic concerns of using technology ethically, and among those that have, the Singularity Institute stands alone in it's focus on the powerful implications of recursively enhancing intelligence. We surely face a number of hurdles in the areas of biotechnology, nanotechnology and artificial intelligence, but artificial intelligence is the only challenge whose fruits can be brought to bear, in force, against the dangers of the others. As such, we should do what we can to make it the first hurdle we clear. I think the SIAI's efforts are of the utmost importance, and will bring us closer to stepping safely and surely into our future together.

I'd rationalized originally the cryopreservation expense by planning to give SIAI the same amount. From the research I had done, $50 a month was a conservatively large earmark for the cryonics life-insurance. Per my convictions that SIAI's utility exceeds cryo-preservation's, please accept $100 each month as my donation."

Pretty much sums up my opinion on cryonics and the advice I give to members of the Quebec Transhumanist Association.

Skeptics Nip at Bush's Oil Pledge



"President Bush's vow to begin weaning America from oil dependence may signal an important shift in energy policy, but the practical effects of the proposals spelled out in Tuesday's State of the Union address will likely be felt only far down the road, environmentalists said.

Clean-energy advocates said they were encouraged by increased support for research efforts, but cautioned the speech left at the altar initiatives that would immediately have an impact on the importation of oil, such as conservation and clean air standards.

"It was one small step for President Bush, and one giant missed opportunity for America," said Toby Chaudhuri, communications director of Apollo Alliance, an organization of national security, environmental and business leaders that promotes energy independence. "The president's proposals focus primarily on research. His energy program won't help lower gas prices or slow the global warming that the president still does not admit is happening.""

Read more at Wired News.

Wednesday, February 01, 2006

Future terror: neurohacking

In the 1995 anime sci-fi classic, Ghost in the Shell, a futuristic world was envisioned in which cybernetic individuals routinely operate in the virtual world as easily as in the real one. Transhuman cybernetic minds are inextricably connected to the cyber-realm, leaving them vulnerable to attacks.

In this projected future people are subjected to 'ghost hacking' in which their minds are taken over by computer hackers without their knowing it. Their 'ghost' or essence, or soul, or self, or whatever descriptor you want to give for self-identity, is manipulated and controlled from a remote source.

As disturbing as this sounds, it's not beyond the realm of plausibility. When considering the Church-Turing thesis of computational compatability, and given recent insight into cognitive computationalism (or functionalism), one can make the assumption that future human minds will be indelibly linked to extraneous computer systems.

And as a frightening precursor to 'ghost hacking', also known as neurohacking, a recent article in Technology Review reveals that the first generation of invasive neurohacking may be only years away.

In her article, titled "Could Terrorists Hijack Your Brain?" Emily Singer reports on how security experts are warning that we need to prepare for a much broader spectrum of potential bioterror agents -- this according to a report released this week by the Washington, DC-based National Academies.

While most bioweapons research is focused on the usual suspects, namely such agents as anthrax and smallpox, it is now though that emerging technologies in biotechnology and the life sciences could be usurped to take control of genes, immune systems, and even brains.

Terrorists, or even state-actors for that matter, could also co-opt relatively new technologies, such as synthetic biology (which aims to build organisms that can detect or produce chemicals or perform other functions) or RNA interference (a technique that allows scientists to easily control gene expression).

There is also concern about the potential of bioregulators -- small, biologically active organic compounds that can regulate different systems in the body. Newer technologies such as targeted delivery methods that zero in on the immune or neuroendocrine systems could make it easier to use bioregulators in evil ways.

Such is the double-edged sword of technological development. For each advancement, someone can twist it for self-serving and nefarious purposes. Consequently, in order to prepare for the ever-changing "threat spectrum," the advisors recommend that technologies with dual-use potential -- those that can be used to either help or harm humanity -- be continually reassessed to take account of rapid advances in biotechnology.

Additionally, it is suggested that a scientific advisory board be developed to assist the national security community and to ensure that teams monitoring these threats have the most up-to-date scientific expertise. It was also advised that public health infrastructures be strengthened and that incentives be put into place for the creation of broadly active vaccines and other products that can protect against diverse agents.

"It's like the transition from trench warfare to mobilized warfare between World War I and World War II," notes one of the report authors. "How do we begin to defend ourselves against that dynamic threat landscape? How do we adapt our health, medical, and biodefense systems to respond to that?"

Interestingly, the advisors also endorsed an open exchange of information in the life sciences as much as possible, emphasizing that the best means of protecting against future threats is further advances in technology.

So, are we indelibly headed for a Ghost in the Shell like future? Quite possibly yes, but it appears that we may have the safeguards, firewalls, and prophylaxis in place to deal with the problems as they arise.

As a final aside, humans have had to deal with 'neurohacking' for quite some time now, but not in such invasive ways. Ever since propaganda was developed, people have had their minds influenced by external sources. And memes themselves, whether they be autonomous or created and directed by individuals or groups, are impacting on their hosts, directing the human sense of self and how decisions are forumlated.

It looks, however, that keeping control of our minds is about to get harder by a significant degree of magnitude.

Tech firms decline human rights briefing


"Critics have been blasting American companies for helping China's communist government enforce censorship and silence dissent in return for access to a potentially lucrative market.

All four of the companies invited by the Congressional Human Rights Caucus -- Microsoft Corp., Cisco Systems Inc., Yahoo Inc. and Google Inc. -- won't attend Wednesday's session, said Lynne Weil, a congressional spokeswoman.

While attendance at Wednesday's briefing was not mandatory, companies could be compelled with subpoenas to attend a February 15 hearing on the issue, said Rep. Chris Smith, Republican chairman of the House International Relations subcommittee on global human rights."

Read more at CNN.

Monday, January 30, 2006

Montreal Transhumanism



From Ben Grosscup's Ethnography of the Transhumanist Movement:

"I have conducted my ethnographic field work this summer at an international transhumanist conference in Caracas, Venezuela and with a small local group of transhumanists in Montreal, Quebec. The philosophy of the social democratic transhumanist, James Hughes, is prominent among the transhumanists I met who are involved in the Montreal Transhumanist Meetup Group. This means that the people in this group tend to view careful state regulation of new technologies like nanotechnology, and genetic engineering as necessary and beneficial. While this tendency contrasts significantly with the libertarian wing of transhumanism, which is usually called "extroprianism," the idea of avoiding certain speculative technological developments altogether, is anathema to anyone who identifies as a transhumanist."

Quote of the Day



'The best way to become acquainted with a subject is to write a book about it.' - Benjamin Disraeli

Guardian: There is no stop button in the race for human re-engineering

Madeleine Bunting has written a piece for the Guardian in which she describes the inexorable tendency towards transhumanism.

Bunting notes how transhumanists believe that humanity is on the point of being liberated from its biology. "In their advocacy of our 'technological rights'," she says, "they believe that human beings are on the brink of a huge leap in development, leaving behind the sick, quarrelsome, weak, fallible creatures we have been up to now. We will be, as their slogan goes, 'better than well'."

She feels that North America has had a head start in the human enhancement debate and that Europeans need to get their heads around the issues soon so that they can influence what technologies are developed, rather than leaving it to the scientists and the pharmaceutical and military interests who sponsors research into human enhancement.

Much of the research that could be ultimately used for human enhancement, she argues, is urgently needed to counter such neuro-degenerative diseases as Alzheimer's. Consequently, Bunting writes with cautious optimism and concern, but also with a reserved sense of defeat. Transhumanism is coming, she argues, whether we like it or not -- so we'd better start managing the process now.

At the same time, however, she says it's possible to "envisage how fast, in a competitive, unequal world, we could hurtle towards some horrible futures."

Ultimately, however, Bunting believes that there's no point in sci-fi style panic. "The best hope lies in the strength and quality of public debate and democratic institutions to regulate and direct the use of these powerful technologies," she says.

Sunday, January 29, 2006

War on terror a la francaise



Marc Perelman, a staff writer for The Forward, whose article ''How the French fight terror'' appears in the current issue of Foreign Policy, writes:

"When I arrived in America six years ago, I used to carry my French passport at all times. I was convinced the police were entitled to check my ID for no specific reason, as in my native France. I also used to wonder about the absolute lack of security at my workplace despite the Hebrew inscriptions on the façade. In France, neo-Nazi vandalism and Middle Eastern terrorism have long made bag and body checks mandatory when entering such buildings.

But this was America, the land of the free and the brave ...

Along came 9/11. Suddenly, my French instincts made more sense. And as the "war on terror" unfolded, I started hearing glowing comments from my American sources about the French counterterrorism "model." In recent years, France has indeed thwarted a series of terrorist plots and its investigators were the first, a decade ago, to come across an ominous plot to crash a jetliner into a landmark building (the Eiffel Tower) and to realize that some of their own citizens were being recruited by Islamist terrorist networks.

While France, like most European countries, favors a judicial approach over the "war on terror," it is a decidedly muscular version, combining intrusive police and domestic intelligence powers with aggressive prosecution. This is why it could provide some lessons to the Bush administration as it faces growing pressure to amend its antiterrorism policies in light of the controversies over Guantánamo Bay, secret prisons and domestic spying. France was the first Western country struck on its soil by state-sponsored Middle Eastern terrorism in the 1980s, prompting an overhaul of its police, intelligence and judicial infrastructure by a landmark law adopted in 1986. The response has been fine-tuned since.

The French strategy relies on three main pillars: broad law-enforcement powers, the key coordinating role played by the domestic intelligence agency and a centralized unit of investigating magistrates with jurisdiction over all terrorism cases..."

Read more in the Opinion section of the International Herald Tribune.