(In)security

The following article from The Economist China’s aversion to encryption technologies — which would make mass surveillance more difficult — makes the country’s networks vulnerable to foreign spying:

Weak security is the rule, not the excep­tion, in digital services for the Chinese public. Email and social media must all fa­cilitate state access, as must industrial net­ works used to run factories and offices, even if the extent to which the government uses that access varies. In August it banned the most up ­to ­date version of a protocol used to encrypt web traffic, known as TLS, from the Chinese internet, because it makes online surveillance harder.

(…) The government has responded by promoting programs for companies to improve customer­ data pro­tection, even as it simultaneously enforces weakness in the security of all systems. But as long as the government demands access to data on Chinese people, those data can never be robustly protected.

An article from The Economist mentions how drone technology gets transported from the battlefields of Iraq to American cities:

The notion of putting cameras on orbit­ing drones to catch malefactors was born on the battlefields of Iraq, where American armed forces wanted to nab people leaving bombs on roadsides. Ross McNutt, a for­mer air­force engineer, founded Persistent Surveillance Systems (pss) to offer the same service to American cities (and oth­ers, such as Juárez) struggling with high murder rates. PSS drones flew over parts of Baltimore, most recently in May­-October 2020. St Louis, among America’s most viol­ent cities, also considered but is poised to reject PSS’s services, which raise difficult questions about how much surveillance Americans are willing to tolerate in ex­change for the promise of safer streets.

Two recent articles from BBC Future deal with meta-data and possibilities of surveillance in two everyday technologies:

  • This article explains how photographs can have a unique fingerprint because of the camera’s sensor: “different sensitivities of the photosites creates a type of imperceptible image watermark. Although unintentional, it acts like a fingerprint, unique to your camera’s sensor, which is imprinted onto every photo you take.”
  • And another article explains how colour printers add dots — that are invisible to the naked eye —, representing meta-data about the printer to documents.

Rich Mogull writes at TidBITS (a blog focusing on Apple products and technologies) about Apple’s latest Platform Security user guide. He notes how the emphasis for increasing security is on vertical integration, which he defines as “the combination of hardware, software, and cloud-based services to build a comprehensive ecosystem.” This of course has other effects which he notes:

But with great power comes great lock-in. Relying on a particular vendor’s cloud service means that if the service goes down or the vendor decides to discontinue the service, you are the proud owner of a useless hunk of plastic and electronic components. While Apple isn’t going out of business anytime soon, we saw issues earlier this year when the company’s certificate server was overwhelmed and responded slowly to integrity checks, preventing some users from being able to launch apps.

Read the full article here.

The Guardian published this great piece of investigative journalism on the funding of research on security technologies through EU-funded research programmes (such as Horizon 2020), and the involvement of industry. The following is an excerpt about the way the kinds of funded research projects are presented:

“Often the problem is that the topic itself is unethical,” said Gemma Galdon Clavell, an independent tech ethicist who has evaluated many Horizon 2020 security research projects and worked as a partner on more than a dozen. “Some topics encourage partners to develop biometric tech that can work from afar, and so consent is not possible – this is what concerns me.” One project aiming to develop such technology refers to it as “unobtrusive person identification” that can be used on people as they cross borders. “If we’re talking about developing technology that people don’t know is being used,” said Galdon Clavell, “how can you make that ethical?”

Member of the European Parliament Sofie in ’t Veld wrote an article on about:intel about the reliance on foreign and US technologies in EU domestic security, such as Palantir. Here’s a quote from her conclusions:

The European Union is overly reliant on foreign companies for digital services, both on the government and the consumer level. This reliance cannot be fixed overnight. It is however high time to make choices that at least steer the EU towards more strategic independence. Companies that don’t fall within the EU’s jurisdiction cannot be involved with matters of domestic security. This must be particularly true for companies that have strong ties to American security services, as is the case with Palantir.

An article from CNET reports on the use of “keyword warrants” in police investigations the US:

Typically, probable cause is needed for search warrants, which are associated with a suspect or address. The demands for information are narrowly tailored to a specific individual. Keyword warrants go against that concept by giving up data on a large group of people associated with searching for certain phrases.

Two new video’s I liked from Vox. Of course in their trademark style, but I gained interesting insights on some of the current events in the US:

In an article at MIT Technology Review, Ethan Zuckerman makes an interesting point on how years of police body cams and bystander cellphone video has not stopped police violence. He recalls how these kinds of surveillance are linked to the ideas of the panopticon. But that one aspect of Jeremy Bentham’s hope for a completely transparent system has not been achieved.

Bentham’s panopticon works because the warden of the prison has the power to punish you if he witnesses your misbehavior. But Bentham’s other hope for the panopticon—that the behavior of the warden would be transparent and evaluated by all who saw him—has never come to pass. Over 10 years, from 2005 to 2014, only 48 officers were charged with murder or manslaughter for use of lethal force, though more than 1,000 people a year are killed by police in the United States.

This how Michel Foucault, in his book “Discipline and Punish” describes Bentham’s vision:

This Panopticon, subtly arranged so that an observer may observe, at a glance, so many different individuals, also enables everyone to come and observe any of the observers. The seeing machine was once a sort of dark room into which individuals spied; it has become a transparent building in which the exercise of power may be supervised by society as a whole.