Loading
- Friday Squid Blogging: Eating Giant Squid
- Training Baggage Screeners
- New Report on Teens, Social Media, and Privacy
- One-Shot vs. Iterated Prisoner's Dilemma
- "The Global Cyber Game"
- DDOS as Civil Disobedience
- Surveillance and the Internet of Things
How does he know this?
Chris Cosentino, the Bay Area’s "Offal Chef" at Incanto in San Francisco and PIGG at Umamicatessen in Los Angeles, opted for the most intimidating choice of all -- giant squid. "When it comes to underutilized fish, I wish the public wasnt so afraid of different shapes and sizes outside of the standard fillet," he said. "I think the giant squid is a perfect example of an undervalued ocean creature. Everyone isnt afraid of squid but the size and flavor of the giant squid scares people because it has a very intense flavor but it is quite delicious."I am surprised he has tasted giant squid? As usual, you can also use this squid post to talk about the security stories in the news that I havent covered.
The research in G. Giguère and B.C. Love, "Limits in decision making arise from limits in memory retrieval," _Proceedings of the National Academy of Sciences_ v. 19 (2013) has applications in training airport baggage screeners. ABSTRACT: Some decisions, such as predicting the winner of a baseball game, are challenging in part because outcomes are probabilistic. When making such decisions, one view is that humans stochastically and selectively retrieve a small set of relevant memories that provides evidence for competing options. We show that optimal performance at test is impossible when retrieving information in this fashion, no matter how extensive training is, because limited retrieval introduces noise into the decision process that cannot be overcome. One implication is that people should be more accurate in predicting future events when trained on idealized rather than on the actual distributions of items. In other words, we predict the best way to convey information to people is to present it in a distorted, idealized form. Idealization of training distributions is predicted to reduce the harmful noise induced by immutable bottlenecks in people’s memory retrieval processes. In contrast, machine learning systems that selectively weight (i.e., retrieve) all training examples at test should not benefit from idealization. These conjectures are strongly supported by several studies and supporting analyses. Unlike machine systems, people’s test performance on a target distribution is higher when they are trained on an idealized version of the distribution rather than on the actual target distribution. Optimal machine classifiers modified to selectively and stochastically sample from memory match the pattern of human performance. These results suggest firm limits on human rationality and have broad implications for how to train humans tasked with important classification decisions, such as radiologists, baggage screeners, intelligence analysts, and gamblers.
Interesting report from the From the Pew Internet and American Life Project:
Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006: * 91% post a photo of themselves, up from 79% in 2006. * 71% post their school name, up from 49%. * 71% post the city or town where they live, up from 61%. * 53% post their email address, up from 29%. * 20% post their cell phone number, up from 2%. 60% of teen Facebook users set their Facebook profiles to private (friends only), and most report high levels of confidence in their ability to manage their settings.danah boyd points out something interesting in the data:
My favorite finding of Pews is that 58% of teens cloak their messages either through inside jokes or other obscure references, with more older teens (62%) engaging in this practice than younger teens (46%).... While adults are often anxious about shared data that might be used by government agencies, advertisers, or evil older men, teens are much more attentive to those who hold immediate power over them -- parents, teachers, college admissions officers, army recruiters, etc. To adults, services like Facebook that may seem "private" because you can use privacy tools, but they dont feel that way to youth who feel like their privacy is invaded on a daily basis. (This, btw, is part of why teens feel like Twitter is more intimate than Facebook. And why you see data like Pews that show that teens on Facebook have, on average 300 friends while, on Twitter, they have 79 friends.) Most teens arent worried about strangers; theyre worried about getting in trouble. Over the last few years, Ive watched as teens have given up on controlling access to content. Its too hard, too frustrating, and technology simply cant fix the power issues. Instead, what theyve been doing is focusing on controlling access to meaning. A comment might look like it means one thing, when in fact it means something quite different. By cloaking their accessible content, teens reclaim power over those who they know who are surveilling them. This practice is still only really emerging en masse, so I was delighted that Pew could put numbers to it. I should note that, as Instagram grows, Im seeing more and more of this. A picture of a donut may not be about a donut. While adults worry about how teens demographic data might be used, teens are becoming much more savvy at finding ways to encode their content and achieve privacy in public.
This post by Aleatha Parker-Wood is very applicable to the things I wrote in _Liars & Outliers_:
A lot of fundamental social problems can be modeled as a disconnection between people who believe (correctly or incorrectly) that they are playing a non-iterated game (in the game theory sense of the word), and people who believe that (correctly or incorrectly) that they are playing an iterated game. For instance, mechanisms such as reputation mechanisms, ostracism, shaming, etc., are all predicated on the idea that the person youre shaming will reappear and have further interactions with the group. Legal punishment is only useful if you can catch the person, and if the cost of the punishment is more than the benefit of the crime. If it is possible to act as if the game you are playing is a one-shot game (for instance, you have a very large population to hide in, you dont need to ever interact with people again, or you can be anonymous), your optimal strategies are going to be different than if you will have to play the game many times, and live with the legal or social consequences of your actions. If you can make enough money as CEO to retire immediately, you may choose to do so, even if youre so terrible at running the company that no one will ever hire you again. Social cohesion can be thought of as a manifestation of how "iterated" people feel their interactions are, how likely they are to interact with the same people again and again and have to deal with long term consequences of locally optimal choices, or whether they feel they can "opt out" of consequences of interacting with some set of people in a poor way.
This 127-page report was just published by the UK Defence Academy. I have not read it yet, but it looks really interesting. EXECUTIVE SUMMARY: This report presents a systematic way of thinking about cyberpower and its use by a variety of global players. The urgency of addressing cyberpower in this way is a consequence of the very high value of the Internet and the hazards of its current militarization.
Cyberpower and cyber security are conceptualized as a Global Game with a novel Cyber Gameboard consisting of a nine-cell grid. The horizontal direction on the grid is divided into three columns representing aspects of information (i.e. cyber): connection, computation and cognition. The vertical direction on the grid is divided into three rows representing types of power: coercion, co-option, and cooperation. The nine cells of the grid represent all the possible combinations of power and information, that is, forms of cyberpower.
The Cyber Gameboard itself is also an abstract representation of the surface of cyberspace, or C-space as defined in this report. C-space is understood as a networked medium capable of conveying various combinations of power and information to produce effects in physical or flow space, referred to as F-space in this report. Game play is understood as the projection via C-space of a cyberpower capability existing in any one cell of the gameboard to produce an effect in F-space vis-a-vis another player in any other cell of the gameboard. By default, the Cyber Game is played either actively or passively by all those using network connected computers. The players include states, businesses, NGOs, individuals, non-state political groups, and organized crime, among others. Each player is seen as having a certain level of cyberpower when its capability in each cell is summed across the whole board. In general states have the most cyberpower.
The possible future path of the game is depicted by two scenarios, _N-topia_ and _N-crash_. These are the stakes for which the Cyber Game is played. _N-topia_ represents the upside potential of the game, in which the full value of a globally connected knowledge society is realized. _N-crash_ represents the downside potential, in which militarization and fragmentation of the Internet cause its value to be substantially destroyed. Which scenario eventuates will be determined largely by the overall pattern of play of the Cyber Game.
States have a high level of responsibility for determining the outcome. The current pattern of play is beginning to resemble traditional state-on-state geopolitical conflict. This puts the civil Internet at risk, and civilian cyber players are already getting caught in the crossfire. As long as the civil Internet remains undefended and easily permeable to cyber attack it will be hard to achieve the _N-topia_ scenario.
Defending the civil Internet in depth, and hardening it by re-architecting will allow its full social and economic value to be realized but will restrict the potential for espionage and surveillance by states. This trade-off is net positive and in accordance with the espoused values of Western-style democracies. It does however call for leadership based on enlightened self-interest by state players.
For a while now, I have been thinking about what civil disobedience looks like in the Internet Age. Certainly DDOS attacks, and politically motivated hacking in general, is a part of that. This is one of the reasons I found Molly Sauters recent thesis, "Distributed Denial of Service Actions and the Challenge of Civil Disobedience on the Internet," so interesting: ABSTRACT: This thesis examines the history, development, theory, and practice of distributed denial of service actions as a tactic of political activism. DDOS actions have been used in online political activism since the early 1990s, though the tactic has recently attracted significant public attention with the actions of Anonymous and Operation Payback in December 2010. Guiding this work is the overarching question of how civil disobedience and disruptive activism can be practiced in the current online space. The internet acts as a vital arena of communication, self expression, and interpersonal organizing. When there is a message to convey, words to get out, people to organize, many will turn to the internet as the zone of that activity. Online, people sign petitions, investigate stories and rumors, amplify links and videos, donate money, and show their support for causes in a variety of ways. But as familiar and widely accepted activist tools -- petitions, fundraisers, mass letter-writing, call-in campaigns and others -- find equivalent practices in the online space, is there also room for the tactics of disruption and civil disobedience that are equally familiar from the realm of street marches, occupations, and sit-ins? This thesis grounds activist DDOS historically, focusing on early deployments of the tactic as well as modern instances to trace its development over time, both in theory and in practice. Through that examination, as well as tool design and development, participant identity, and state and corporate responses, this thesis presents an account of the development and current state of activist DDOS actions. It ends by presenting an analytical framework for the analysis of activist DDOS actions.
One of the problems with the legal system is that it doesnt make any differentiation between civil disobedience and "normal" criminal activity on the Internet, though it does in the real world.
The Internet has turned into a massive surveillance tool. Were constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us.
Ephemeral conversation is over. Wholesale surveillance is the norm. Maintaining privacy from these powerful entities is basically impossible, and any illusion of privacy we maintain is based either on ignorance or on our unwillingness to accept whats really going on.
Its about to get worse, though. Companies such as Google may know more about your personal interests than your spouse, but so far its been limited by the fact that these companies only see computer data. And even though your computer habits are increasingly being linked to your offline behavior, its still only behavior that involves computers.
The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Soon there will be Internet-connected modules on our cars and home appliances. Internet-enabled medical devices will collect real-time health data about us. Therell be Internet-connected tags on our clothing. In its extreme, _everything_ can be connected to the Internet. Its really just a matter of time, as these self-powered wireless-enabled computers become smaller and cheaper.
Lots has been written about the "Internet of Things" and how it will change society for the better. Its true that it will make a lot of wonderful things possible, but the "Internet of Things" will also allow for an even greater amount of surveillance than there is today. The Internet of Things gives the governments and corporations that follow our every move something they dont yet have: eyes and ears.
Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.
Were seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Of course your cell provider needs to know where you are; it cant route your phone calls to your phone otherwise. But most of us broadcast our location information to many other companies whose apps weve installed on our phone. Google Maps certainly, but also a surprising number of app vendors who collect that information. It can be used to determine where you live, where you work, and who you spend time with.
Another early adopter was Nike, whose Nike+ shoes communicate with your iPod or iPhone and track your exercising. More generally, medical devices are starting to be Internet-enabled, collecting and reporting a variety of health data. Wiring appliances to the Internet is one of the pillars of the smart electric grid. Yes, there are huge potential savings associated with the smart grid, but it will also allow power companies - and anyone they decide to sell the data to -- to monitor how people move about their house and how they spend their time.
Drones are another "thing" moving onto the Internet. As their price continues to drop and their capabilities increase, they will become a very powerful surveillance tool. Their cameras are powerful enough to see faces clearly, and there are enough tagged photographs on the Internet to identify many of us. Were not yet up to a real-time Google Earth equivalent, but its not more than a few years away. And drones are just a specific application of CCTV cameras, which have been monitoring us for years, and will increasingly be networked.
Googles Internet-enabled glasses -- Google Glass -- are another major step down this path of surveillance. Their ability to record both audio and video will bring ubiquitous surveillance to the next level. Once theyre common, you might never know when youre being recorded in both audio and video. You might as well assume that everything you do and say will be recorded and saved forever.
In the near term, at least, the sheer volume of data will limit the sorts of conclusions that can be drawn. The invasiveness of these technologies depends on asking the right questions. For example, if a private investigator is watching you in the physical world, she or he might observe odd behavior and investigate further based on that. Such serendipitous observations are harder to achieve when youre filtering databases based on pre-programmed queries. In other words, its easier to ask questions about what you purchased and where you were than to ask what you did with your purchases and why you went where you did. These analytical limitations also mean that companies like Google and Facebook will benefit more from the Internet of Things than individuals -- not only because they have access to more data, but also because they have more sophisticated query technology. And as technology continues to improve, the ability to automatically analyze this massive data stream will improve.
In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days -- and nights -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.
Will _you_ know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. Youd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who _dont pay for the privilege_ -- or dont work for the government and have the ability to demand the data. Power is what matters here: youll be able to keep the powerless from invading your privacy, but youll have no ability to prevent the powerful from doing it again and again.
_This essay originally appeared on the _Guardian.