Archive for Online Privacy

Cognition as a Service: Can next-gen creepiness be countered with crowd-sourced ethics?

by David Solomonoff

Now that marketers use cloud computing to offer everything as a service: infrastructure as a service, platform as a service, and software as a service, what’s left?

Cognitive computing, of course.

Cognition as a service (CaaS) is the next buzzword you’ll be hearing. Going from the top of the stack to directly inside the head, AI in the cloud will power mobile and embedded devices to do things they don’t have the on-board capabilities for, such as speech recognition, image recognition and natural language processing (NLP). Apple’s Siri cloud-based voice recognition was one of the first out of the gate but a stampede is joining the fray including Wolfram Alpha, IBM’s Watson, Google Now and Cortana as well as newer players like Ginger, ReKognition, and Jetlore.

Companies want to know more about their customers, business partners, competitors and employees – as do governments about their citizens and cybercriminals about their potential victims. The cloud will connect the Internet of Things (IoT) via machine-to-machine (M2M) communications – to achieve that goal.

The cognitive powers required will be embedded in operating systems so that apps can easily be developed by accessing the desired functionality through an API rather than requiring each developer to reinvent the wheel.

Everything in your daily life will become smarter – “context-sensitive” is another new buzz-phrase – as devices provide a personalized experience based on databases of accumulated personal information combined with intelligence gleaned from large data sets.

The obvious question is to what extent the personalized experience is determined by the individual user as opposed to corporations, governments and criminals. Vint Cerf, “the father of the Internet,” and Google’s Internet Evangelist recently warned of the privacy and security issues raised by the IoT.

But above and beyond the dangers of automated human malfeasance is the danger of increasingly intelligent tools developing an attitude problem.

Stephen Hawking recently warned of the dangers of AI running amuck:

Success in creating AI would be the biggest event in human history …. it might also be the last, unless we learn how to avoid the risks … AI may transform our economy to bring both great wealth and great dislocation …. there is no physical law precluding particles from being organised in ways that perform even more advanced computations than the arrangements of particles in human brains …. One can imagine such technology outsmarting financial markets, out-inventing human researchers, out-manipulating human leaders, and developing weapons we cannot even understand. Whereas the short-term impact of AI depends on who controls it, the long-term impact depends on whether it can be controlled at all.

Eben Moglen warned specifically about mobile devices that know too much and whose inner workings (and motivations, if they are actually intelligent) are unknown:

… we grew up thinking about freedom and technology under the influence of the science fiction of the 1960s …. visionaries perceived that in the middle of the first quarter of the 21st century, we’d be living contemporarily with robots.

They were correct. We do. They don’t have hands and feet … Most of the time we’re the bodies. We’re the hands and feet. We carry them everywhere we go. They see everything … which allows other people to predict and know our conduct and intentions and capabilities better than we can predict them ourselves.

But we grew up imagining that these robots would have, incorporated in their design, a set of principles.

We imagined that robots would be designed so that they could never hurt a human being. These robots have no such commitments. These robots hurt us every day.

They work for other people. They’re designed, built and managed to provide leverage and control to people other than their owners. Unless we retrofit the first law of robotics onto them immediately, we’re cooked ….

Once your brain is working with a robot that doesn’t work for you, you’re not free. You’re an entity under control.

If you go back to the literature of fifty years ago, all these problems were foreseen.

The Open Roboethics initiative is a think tank that addresses these issues with an open source approach to this new challenge at the intersection of technology and ethics.

They seek to overcome current international, cultural and disciplinary boundaries to define a general set of ethical and legal standards for robotics.

Using the development models of Wikipedia and Linux they look to the benefits of mass collaboration. By creating a community for policy makers, engineers/designers, and users and other stakeholders of the technology to share ideas as well as technical implementations they hope to accelerate roboethics discussions and inform robot designs.

As an advocate for open source I hope that enough eyeballs can become focused on these issues. A worst event scenario has gung-ho commercial interest in getting product to market outweighing eyeballs focused on scary yet slightly arcane issues at the intersection of technology and ethics. The recent security incident involving the Heartbleed exploit of the open source OpenSSL software is a disturbing example of the ways non-sexy computer security issues can be under-resourced.

The real question is whether a human community can get to the Internet Engineering Task Force credo of a “rough consensus and running code,” faster than machines can unite, at first inspired by the darkest human impulses and then on to their own, unknown agenda.

Update: Slashdot just had a post on the Campaign to Stop Killer Robots. Another group involved with this issue is the International Committee for Robot Arms Control.

Leave a Comment

Net governance is a game – play it to win

by David Solomonoff

While we take the Internet for granted as an essential part of everyday life, decisions are being made behind the scenes that affect its future and the lives of everyone who relies on it. Net users are like players in a game where the rules are unknown and can change at any time.  Decisions are made by technologists, government regulators and legislators, nonprofits and civil society groups — with a great deal of influence by special interests — far from public view or understanding.

The recent announcement by Department of Commerce that the United States would relinquish part of its controlling role in managing the Internet Domain Name System (DNS), although long in the offing, was accelerated by fears of US control of the Net in the wake of recent NSA spying scandals.

The DNS essentially controls real estate in cyberspace by translating a human-understandable domain name like “google.com” to an Internet Protocol (IP) address that computers understand.

In October 2013 leaders of organizations responsible for coordination of the Internet technical infrastructure globally met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet. In the Montevideo Statement on the Future of Internet Cooperation they expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance. They also called for accelerating the globalization of Internet Corporation for Assigned Names and Numbers (ICANN) and Internet Assigned Numbers Authority (IANA) who manage the DNS, towards an environment in which all stakeholders, including all governments, participate on an equal footing.

On March 14, 2014 the National Telecommunications and Information Administration (NTIA) announced its intent to transition key Internet domain name functions to the global multistakeholder community. NTIA asked ICANN, as the IANA  functions contractor and the global coordinator for the DNS, to convene a multistakeholder process to develop a proposal for the transition. In addition, NTIA explicitly stated that it would not accept a proposal that replaces the NTIA role with a government-led or an inter-governmental organization solution.

That fear of repressive government control of the Net also inspired three bills, H.R. 4342  (ih) – Domain Openness Through Continued Oversight Matters Act of 2014, H.R. 4367  (ih) – Internet Stewardship Act of 2014 and H.R. 4398  (ih) – Global Internet Freedom Act of 2014 to be introduced to the US Congress to prevent or delay the transition.

Supporters of the transition say critics betray their lack of understanding of Net governance with the proposed legislation. Several human rights and civil liberties groups supporting the transition wrote a letter arguing that the move would actually be preemptive and would sustain the current multi-stakeholder model.

The 800 pound gorilla in the room is ICANN itself which has been criticized for lacking transparency and accountability. Milton Mueller of the Internet Governance Project writes:

When the U.S. Commerce Department announced that it would end its control of the domain name system root, it called upon ICANN to “convene the multistakeholder process to develop the transition plan.” Many people worried about ICANN’s ability to run a fair process. As an organization with a huge stake in the outcome, there were fears that it might try to bias the proceedings. ICANN has a very strong interest in getting rid of external oversight and other dependencies on other organizations.

It was in this environment that the Brazilian President  Dilma Rousseff  (who herself was a victim of NSA spying) organized the NETmundial Global Multistakeholder Meeting on the Future of Internet Governance which was co-sponsored by ICANN. Concurrently with the conference, she signed the Marco Civil da Internet, a bill that sets out new guidelines for freedom of expression, net neutrality and data privacy.

Wired UK compared NETmundial to a game:

To set the scene for a Brazilian meeting over internationalising the internet, we compare the little-known world of internet governance with the greatest spectacle in football

As Brazil gears up to host the 2014 World Cup, another world game is gathering pundits and crowds. Far from the flashy arena, this other contest is over Internet governance. It’s about how, and by whom, the paradigmatically ‘unowned’ internet is managed.

Quietly waged by smooth corporate strategists, diplomats, and tech-geeks, the fight over net governance goes to the heart of global politics and economics. The bets, most curiously, run close to those in football. Brazil and Germany are leading the charge, with several other European and South American teams as potential challengers. The big question is whether they can nudge perennial football underdog and undisputed internet champion, the United States, from the top spot.

The analogy between Internet policy and games is not new or inaccurate – in 2007 Google hired game theorists to assist in their strategy in an FCC auction for wireless spectrum.

Like any other game with winners and losers, there was disappointment in the outcome of NETmundial.

Sara Myers of Global Voices, an Internet freedom group wrote:

Provisions addressing net neutrality and the principle of proportionality were not included in the final version, and a section on intermediary liability lacked safeguards to protect due process and the rights to free expression and privacy.

But the greater problem for Internet governance and Internet freedom is how few Net users even know that the Internet is governed or managed at all. While recent surveys in the US show an alarming decline in understanding of how the US government works, the number of people who even know what ICANN is is probably far smaller.

Recently the Governance Lab at New York University developed a series of proposals to make ICANN more “effective, legitimate and evolving”. The most interesting was Enhance Learning by Encouraging Games:

ICANN must take seriously its commitment to engage its global stakeholder base in decision-making, especially those who are ultimately impacted by those decisions …. ICANN could make the complexities of Internet governance and ICANN’s work more open, accessible and interesting to people with games and activities aimed at the next generation … The use of game mechanics in decision-making contexts can bolster ease and equitability of participation (enhancing legitimacy); produce incentive structures to target expertise (enhancing efficiency); and mitigate complexity through simple rules (enhancing adaptability and the ability to evolve).

While the Gov Lab has not yet begun development of such games, another group has. Media artist Josephine Dorado and game developer Jeremy Pesner, working with the Internet Society (disclaimer: as President of New York Chapter of Internet Society I am also involved in development) are modifying reACTor, their online game to promote social activism, to specifically address issues involving Internet governance and Internet freedom.

Several years ago the Internet Society explored several alternate scenarios for the evolution of the Internet in a series of animated videos. These videos are a model for the type of scenarios the game will explore. Combined with feeds from news media, activist organizations and the Internet Society’s extensive documentation on Internet governance and policy, the game will award points and prizes to players who most effectively work for an open Internet.

To integrate the game with real-world action, POPVOX, a non-partisan platform which facilitates constituents contacting US legislators and regulators, will be used. Net governance organizations like ICANN could also be integrated.

reACTor re-envisions news engagement, online activism and mobile gaming. It connects news with augmented activism: calls to action inspired by news and sustained by gameplay.

Online activist movements have previously been organized by different actors, around different issues and on different platforms. reACTor is the unified platform that activist organizations as well as game players can easily add new actions to.

reACTor brings news and activism into the 21st century by closing the gap between becoming informed and becoming involved.

Let the game begin!

 

Leave a Comment

Secure Cloud Computing: Virtualizing the FreedomBox

by David Solomonoff

In 2010 I asked Professor Eben Moglen to speak to the Internet Society of New York about software freedom, privacy and security in the context of cloud computing and social media. In his Freedom in the Cloud talk, he proposed the FreedomBox as a solution: a small inexpensive computer which would provide secure encrypted communications in a decentralized way to defeat data mining and surveillance by governments and large corporations. Having physical control and isolating the hardware can be crucial to maintaining computer security which is why data centers are kept under lock and key. Each FreedomBox user would physically possess their own machine.

The U.S. National Institute for Standards and Technology (NIST) defines cloud computing (PDF with full definition) as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Cloud computing, for all its advantages in terms of flexibility and scalability, has been fundamentally insecure. While the technology exists to secure information while it is being stored and while it is in transit, computers must process information in an unencrypted form. This means that a rogue systems administrator, malicious hacker or government can extract information from the system while it is being processed.

Adoption of cloud computing services by large enterprises has been hindered by this except when they maintain a private cloud in their own facilities.

Homomorphic encryption allows data to be processed in an encrypted form so that only the end user can access it in a readable form. So far it has been too demanding for normal computers to handle. In 2012 I invited Shai Halevi, a cryptography researcher at IBM, to discuss work he was doing in this area. He was able to execute some basic functions slowly with specialized hardware but the technology was not ready for general use.

Recently researchers at MIT have made breakthroughs that promise to bring homomorphic encryption to the mainstream, finally making secure cloud computing possible.

Mylar is a platform for building secure web applications.

Mylar stores only encrypted data on the server, and decrypts data only in users’ browsers. Beyond just encrypting each user’s data with a user key, Mylar addresses three other security issues:

  • It is a secure multi-user system – it can perform keyword search over encrypted documents, even if the documents are encrypted with different keys owned by different users

  • Mylar allows users to share keys and data securely in the presence of an active adversary

  • Mylar ensures that client-side application code is authentic, even if the server is malicious

Results with a prototype of Mylar built on top of the Meteor framework are promising: porting 6 applications required changing just 35 lines of code on average, and the performance overheads are modest, amounting to a 17% throughput loss and a 50 msec latency increase for sending a message in a chat application.

To further secure a web app in the cloud, an encrypted distributed filesystem such as Tahoe-LAFS can be used. It distributes data across multiple servers so that even if some of the servers fail or are taken over by an attacker, the entire filesystem continues to function correctly, preserving privacy and security.

By combining these two technologies, data can be encrypted at every point until it is accessed by its legitimate owner, combining privacy and security with the flexibility and scalability of cloud computing.

No longer confined behind a locked down private data center or hidden under the end user’s bed, a virtual FreedomBox can finally escape to the clouds.

Leave a Comment

Heartbleed bug not a technical problem – it’s an awareness and support problem

by David Solomonoff

While free/open source software (FOSS) may be a better development model and Richard Stallman argues, an ethical one, it doesn’t guarantee good software by itself. Software development, like any other human endeavor, depends on the skills, resources and motivations of the people doing it.

FOSS advocates argue that the inner workings of technology should be open to inspection and modification by their users.

While the Heartbleed bug was a technical problem that is being fixed, the real problem is the lack of awareness or interest in of back-end technologies that we rely on.

Encryption used on the Internet is now critical infrastructure and unfortunately with OpenSSL, has not been allocated the needed resources. That two thirds of websites relied on security tools developed and maintained by four people, only one of them a paid full time employee, is clearly a formula for disaster.

However the prospect of having a government maintain this type of infrastructure in the wake of the NSA spying scandals (as well as allegations that they were aware of the bug and exploited it) is not likely to gain a lot of traction.

FOSS uses a variety of business models but the reliance on volunteers for critical infrastructure may have hit its limit.

In the end the solution to security problems like Heartbleed may be one of funding and awareness rather fixing a specific programming error.

All too often there has been confusion as to whether the “free” in FOSS refers to “free” speech or to “free beer”.

It looks like the bar tab has come due.

Leave a Comment

Internet Pioneers Berners-Lee, Cerf, Strickling ask: “What Kind of Net Do You Want?”

by David Solomonoff

When the first message on the ARPANET (the predecessor of today’s Internet) was sent by UCLA programmer Charley Kline, on October 29, 1969, the message text was the word “login”; the letters “l” and the “o” were transmitted, then the system crashed.

Forty two years later, the Internet is everywhere and rapidly becoming embedded in every device. Kevin Kelly sees the Net as evolving into a single “planetary computer” with “all the many gadgets we possess” as “windows into its core.” The Internet Society’s slogan is “The Internet is for everyone,” but Vint Cerf (who co-developed the TCP/IP network protocol that connects everything on the Net today) now prefers “The Internet is for everything”.

The world-wide adoption of a decentralized network that connects everything creates continuous technical, social and policy challenges that no one could have foreseen in 1969. Even as we take the Net for granted, the way we do the air that we breathe, decisions are being made by policy-makers, technologists and end-users that shape its future.

The success of the Internet has had a great deal to do with the development of open standards – often by volunteers – in groups such as the Internet Engineering Task Force (IETF). Decisions in Working Groups (WG) of the IETF are reached by consensus on the group mailing list so that anyone active on that list can be part of the process.

The need to add capacity is a constant challenge. What balance of public and private funding, regulation or deregulation are appropriate, and which types of infrastructure (centralized vs. decentralized; fiber, cable, wireless) warrant investment are subject to ongoing debate.

The Net has provided a platform for incredible innovation and economic growth. How to reward innovation and creativity while encouraging the widest dissemination of new content and technologies? How to encourage disruptive technologies while mitigating their potentially negative impacts?

Does there have to be a conflict between freedom and privacy on one hand and security on the other? How can users safely share personal information using social media which rely on the sale of their personal data as a business model? What legal and technical protections are necessary for businesses to securely move into the cloud?

Internet users have continuously influenced key technology innovations and policy decisions. But keeping them in the decision-making loop as they increasingly take the Net for granted presents an ongoing challenge.

On June 14, Internet pioneers Vint Cerf, Sir Tim Berners-Lee, inventor of the World Wide Web, and Lawrence E. Strickling, Assistant Secretary for Communications and Information, and Administrator, National Telecommunications and Information Administration (NTIA), will address these questions as keynote speakers for the INET Conference in New York City, sponsored by the Internet Society and the Internet Society of New York. [Disclaimer: As President of the Internet Society of New York I will deliver opening remarks.]

There will also be panels featuring industry leaders, members of civil society organizations, open source software advocates and government officials. The conference is open to the public although advance registration is required. It will also be streamed live.

Just as a democracy is never the rule of the people, but rather the people who participate in the process, the Internet has evolved through the efforts of technologists and activists – many who have volunteered their time to develop open standards, open source software and to advocate for an open Internet. It’s your call: What kind of Internet do you want?

Leave a Comment

Mideast protesters reject repressive regimes; remain tethered to tech they can’t control

by David Solomonoff

Protesters fed up with political repression, corruption and poverty (particularly recent food price inflation)  toppled the government of Tunisia. They threaten to do the same in other countries throughout the Mideast as pundits hail the “Twitter and Facebook revolution”. But repressive governments have as much compunction about shutting down communication services as they do about torturing dissidents.

Egypt has cut all Internet access and most mobile phone service as huge protests threaten to topple that government. For a while the ISP Noor remained online – largely because it connects the country’s Stock Exchange and many offices of foreign companies to the outside world. Noor has now been cut off as well.

Interestingly, Egypt and Tunisia have some of the largest percentages of the population online in Africa. Egypt’s Communications Minister, Tarek Kamel, was secretary and co-founder of the global Internet Society’s Egyptian Chapter (which is no longer active). He is still listed as a member of the Board of Trustees on the Internet Society’s website. The Internet Society has strongly denounced the Internet shutdown.

Kamel is widely recognized as the person who brought the Internet to Egypt. He has publicly supported the open development of the Internet. His bio on the Internet Society’s website states that in the early years of the development of the Internet in Egypt, “Kamel’s work extended into liberalization issues such as a tax reduction for ISPs as well as a government/private sector partnership to serve the Egyptian Internet community. He has actively participated in the establishment of community centers in remote areas to bring the Internet to the have-nots.” His role in the shutdown is unknown, although he wasn’t among the cabinet members removed in the shakeup of the Egyptian government in the wake of the protests.

Cutting off most communication with the outside world for an extended period would be economic suicide for any modern, developed country, but temporary interruption – long enough to kill or imprison a large number of protesters without too much visibility for squeamish foreign allies – is viable for a poor country ruled by an elite supported by gifts of military technology from wealthier countries.

The protesters vulnerability is relying on highly centralized communication networks and services while fighting an overly centralized political system. The younger ones probably don’t have any memory of being without mobile phones and the Internet and may have taken them for granted.

To succeed in the face of violent repression and the shutdown of Internet and phone service, they must quickly develop low-tech strategies that are as fast and flexible as the ones that have been lost.

Another approach is to build communication services that cannot be intercepted or shut down. Human rights activists and hackers are already starting to do it with combination of low-cost commodity hardware and free open source software:

  • Landlines still work in Egypt and a French ISP FDN offers free dialup Internet to Egyptians. Instructions to connect to foreign ISP’s via dialup with a mobile phone are also being circulated for those who can use them.
  • For Egyptians who are still able to use their mobile phones, there is Sukey, “a security-conscious news, communications and logistics support service principally for use by demonstrators during demonstrations.”
  • Tech entrepreneur Shervin Pishevar put a call out on Twitter for volunteers to help construct self-configuring unblockable mobile ad hoc networks to prevent government caused blackouts during future protests worldwide
  • We Rebuild, a Europe-based group working for free speech and an open Internet is developing non-Internet modes of communication, including amateur, shortwave and pirate radio as well as a fax gateway, to assist protesters and humanitarian relief efforts. Information on these efforts can be found on their Telecomix news site.
  • Remaining Internet activity is certainly being monitored. The Tor network of anonymous, encrypted proxies has seen a huge increase in Egyptian traffic.

Efforts like these could be the tipping point for the uprisings. In 1989 Czech student protesters received a gift of then state of the art 2400 baud modems from a mysterious man who may have been from the covert-operations wing of the Japanese embassy. Modems were illegal but most Czech police didn’t even know what they were. The students set up BBS systems to coordinate actions throughout the country and successfully overthrew the Soviet communist backed dictatorship.

If you think the problems people in Egypt have could never happen here, you might want to think again. In the U.S. the “Internet kill switch” bill in Congress would allow interruption of Internet services in a “national cyberemergency.” Senator Joe Lieberman, who introduced the bill in the Senate, has described the Internet as a “dangerous place” and promised the bill would protect against  “cyber terrorists”.

Some of our current political leaders, hanging on every word of their consultants and pollsters, and terrified of harsh criticism, might consider hostile online commentary more of an “emergency” than something trivial like say, a collision with an asteroid.

General Douglas MacArthur said, “No man is entitled to the blessings of freedom unless he be vigilant in its preservation.” Today that vigilance means learning to build and modify the technology that we use rather than being passive consumers of it.

Comments (4)

FTC Do Not Track list would keep tabs on people who don’t want to be tracked

by David Solomonoff

Federal regulators are proposing to create a “Do Not Track” list for the Internet so that people could prevent marketers from tracking their Web browsing habits and other online behavior in order to target advertising.

via FTC proposes Do Not Track list for Web marketing – Yahoo! News.

The problem here is that this requires a central repository of info on people who wish to take extra steps to protect their privacy – then those people have to let online marketers know that they are on this list.

In effect this creates a more centralized – and vulnerable – tracking  system for people who don’t want to be tracked.

Leave a Comment

%d bloggers like this: