Today, Data and Goliath is being published in paperback.
Everyone tells me that the paperback version sells better than the hardcover, even though it's a year later. I can't really imagine that there are tens of thousands of people who wouldn't spend $28 on a hardcover but are happy to spend $18 on the paperback, but we'll see. (Amazon has the hardcover for $19, the paperback for $11.70, and the Kindle edition for $14.60, plus shipping, if any. I am still selling signed hardcovers for $28 including domestic shipping -- more for international.)
I got a box of paperbacks from my publisher last week. They look good. Not as good as the hardcover, but good for a trade paperback.
Before purchasing an “Internet of things” (IoT) device — a thermostat, camera or appliance made to be remotely accessed and/or controlled over the Internet — consider whether you can realistically care for and feed the security needs of yet another IoT thing. After all, there is a good chance your newly adopted IoT puppy will be:
-chewing holes in your network defenses;
-gnawing open new critical security weaknesses;
-bred by a vendor that seldom and belatedly patches;
-tough to wrangle down and patch
In April 2014, researchers at Cisco alerted HVAC vendor Trane about three separate critical vulnerabilities in their ComfortLink II line of Internet-connected thermostats. These thermostats feature large color LCD screens and a Busybox-based computer that connects directly to your wireless network, allowing the device to display not just the temperature in your home but also personal photo collections, the local weather forecast, and live weather radar maps, among other things.
Cisco researchers found that the ComfortLink devices allow attackers to gain remote access and also use these devices as a jumping off point to access the rest of a user’s network. Trane has not yet responded to requests for comment.
One big problem is that the ComfortLink thermostats come with credentials that have hardcoded passwords, Cisco found. By default, the accounts can be used to remotely log in to the system over “SSH,” an encrypted communications tunnel that many users allow through their firewall.
The two other bugs Cisco reported to Trane would allow attackers to install their own malicious software on vulnerable Trane devices, and use those systems to maintain a persistent presence on the victim’s local network.
On January 26, 2016, Trane patched the more serious of the flaws (the hardcoded credentials). According to Cisco, Trane patched the other two bugs part of a standard update released back in May 2015, but apparently without providing customers any indication that the update was critical to their protection efforts.
What does this mean for the average user?
“Compromising IoT devices allow unfettered access though the network to any other devices on the network,” said Craig Williams, security outreach manager at Cisco. “To make matters worse almost no one has access to their thermostat at an [operating system] layer to notice that it has been compromised. No one wakes up and thinks, ‘Hey, it’s time to update my thermostats firmware.’ Typically once someone compromises these devices they will stay compromised until replaced. Basically it gives an attacker a perfect foothold to move laterally though a network.”
Hidden accounts and insecure defaults are not unusual for IoT devices. What’s more, patching vulnerable devices can be complicated, if not impossible, for the average user or for those who are not technically savvy. Trane’s instructions for applying the latest update are here.
“For organizations that maintain large amounts of IoT devices on their network, there may not be a way to update a device that scales, creating a nightmare scenario,” Williams wrote in an email explaining the research. “I suspect as we start seeing more IoT devices that require security updates this is going to become a common problem as the lifetime of IoT devices greatly exceed what would be thought of as the typical software lifetime (2 years vs 10 years).”
If these IoT vulnerabilities sound like something straight out of a Hollywood hacker movie script, that’s not far from the truth. In the first season of the outstanding television series Mr. Robot, the main character [SPOILER ALERT] plots to destroy data on backup tapes stored at an Iron Mountain facility by exploiting a vulnerability in an HVAC system to raise the ambient temperature at the targeted facility.
Cisco’s writeup on its findings is here; it includes a link to a new Metasploit module the researchers developed to help system administrators find and secure exploitable systems on a network. It also can be used by bad guys to exploit vulnerable systems, so if you use one of these ComfortLink systems, consider updating soon before this turns into a Trane wreck (sorry, couldn’t help it).
Since I started this blog I've seen my share of cakes crammed onto real live ladies. Here's a croquembouche dress:
Here's a cupcake skirt:
(I'd eat that.)
And here's an edible wedding dress guaranteed to make you never want an edible wedding dress:
[slowly backing away in horror]
But all of that pales in comparison to whatever the heck is happening in this photo:
Now, I know there's a lot of crazy to take in up there, but keep your eyes on the bananas.
Now you can scroll down:
Ok, so, a few things:
1) There are now bananas artfully draped on the womens' shoulders. I bet you never thought someone could artfully drape a banana. Or that someone would consider a conjoined torso cake with real live ladies sticking out of either end an appetizing idea. BUT THERE THEY BOTH ARE.
2) The candles. Why? Is this a birthday party?
3) WAIT. Is it Beetlejuice's birthday? THAT WOULD EXPLAIN... well, at least the stripey parts.
4) Now I want shrimp cocktail.
5) You Beetlejuice fans got that one. You're welcome.
Thanks to Amy, Evelyn D., Jessica S., & Jemma S. for sending in those pics with absolutely no explanation. I mean, it's just more fun to imagine all the many, MANY reasons why this is a thing that happened.
I'll, uh, come up with one eventually, I'm sure.
The New York Times has a long article on fraudulent locksmiths. The scam is a basic one: quote a low price on the phone, but charge much more once you show up and do the work. But the method by which the scammers get victims is new. They exploit Google's crowdsourced system for identifying businesses on their maps. The scammers convince Google that they have a local address, which Google displays to its users who are searching for local businesses.
But they involve chicanery with two platforms: Google My Business, essentially the company's version of the Yellow Pages, and Map Maker, which is Google's crowdsourced online map of the world. The latter allows people around the planet to log in to the system and input data about streets, companies and points of interest.
Both Google My Business and Map Maker are a bit like Wikipedia, insofar as they are largely built and maintained by millions of contributors. Keeping the system open, with verification, gives countless businesses an invaluable online presence. Google officials say that the system is so good that many local companies do not bother building their own websites. Anyone who has ever navigated using Google Maps knows the service is a technological wonder.
But the very quality that makes Google's systems accessible to companies that want to be listed makes them vulnerable to pernicious meddling.
"This is what you get when you rely on crowdsourcing for all your 'up to date' and 'relevant' local business content," Mr. Seely said. "You get people who contribute meaningful content, and you get people who abuse the system."
The scam is growing:
Lead gens have their deepest roots in locksmithing, but the model has migrated to an array of services, including garage door repair, carpet cleaning, moving and home security. Basically, they surface in any business where consumers need someone in the vicinity to swing by and clean, fix, relocate or install something.
What's interesting to me are the economic incentives involved:
Only Google, it seems, can fix Google. The company is trying, its representatives say, by, among other things, removing fake information quickly and providing a "Report a Problem" tool on the maps. After looking over the fake Locksmith Force building, a bunch of other lead-gen advertisers in Phoenix and that Mountain View operation with more than 800 websites, Google took action.
Not only has the fake Locksmith Force building vanished from Google Maps, but the company no longer turns up in a "locksmith Phoenix" search. At least not in the first 20 pages. Nearly all the other spammy locksmiths pointed out to Google have disappeared from results, too.
"We're in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system and who've been a thorn in the Internet's side for over a decade," a Google spokesman wrote in an email. "As spammers change their techniques, we're continually working on new, better ways to keep them off Google Search and Maps. There's work to do, and we want to keep doing better."
There was no mention of a stronger verification system or a beefed-up spam team at Google. Without such systemic solutions, Google's critics say, the change to local results will not rise even to the level of superficial.
And that's Google's best option, really. It's not the one losing money from these scammers, so it's not motivated to fix the problem. Unless the problem rises to the level of affecting user trust in the entire system, it's just going to do superficial things.
This is exactly the sort of market failure that government regulation needs to fix.
We have six tracks this time around. Electronica, piano, new wave, pop, musical and doowop.
Hay Tea -- As The Dreams Pass. Chill house electronica with a strong beat. It's a remix of track by Risen, but Risen doesn't seem to have this track.
Soundcloud (wav): https://soundcloud.com/hat-3/as-the-dre
Mediafire (mp3): http://www.mediafire.com/listen/wg2v0m8
( Five more under the cut )
As I'm sure most of you know, it's Super Bowl Sunday. To those of us who aren't fans of sportsball, though, it's Superb Owl Sunday.
Our day has less cheering, sure, but what it lacks in beer and hot wings it more than makes up for with adorable cakes:
(By Couture Di Sucru)
I like how this one uses piped buttercream to mimic the texture of wood grain:
(By You've Been Cupcaked)
Also, baby owl. 'Nuff said.
Here's one that's ALL buttercream - no fondant!
Just to remind you guys that it CAN be done.
Love the colors on this one:
(By Fat Cakes Design)
Plus the way the branch wraps around the two tiers.
Check out the detail in these feathers:
(By Cake Crumbs)
Who else needs these owl wedding toppers?
(By Delicut Cakes)
And though it's not necessarily owl-related, I'm digging all the great textures on each tier.
It turns out owls are PERFECT for baby shower cakes:
(By Ann-Maries Cakes)
I like how this tree adds a 3D element:
(By Dream Cakes By Robyn)
Of course, I have to include the world's most magical owl:
(By Delectable Cakes)
Who looks surprisingly cute in Harry's glasses.
And finally, a dramatic cutie with wafer paper feathers:
(By The Cake Tin)
Ah! SO GOOD.
Happy Superb Owl Sunday, everyone!
I got lucky finding Applejack swag for this Harmony Day. I went questing on Thursday and came home with just about all the goodies you see here. I was quite pleased to snag a Funrise with hat! What I couldn't find was a big Ty plush, but I knew that I could get one in the boutique at work, so I picked that up during my lunch break (I took the picture at morning break, right before eating the cake). I also didn't have much in the way of a custom cake either. I just bought a regular (and tasty!) custard with fruit cake, had an inscription made (in chocolate, on the ribbon) and perched a figure on top. I don't feel like paying an extra $10 for laser-printed icing on a generic cake.
- Fathers: maybe stop mentioning your daughters to earn credibility on women’s issues | Medium: “We have to take our time and earn trust. We have to show up to those women’s meetings — and listen. We have to volunteer to do the busy work it takes to make diversity initiatives run. We’ve got to apologize when we mess up. We have to make our workplaces more hospitable to all kinds of people. We have to hire marginalized people. And we’ve got to read, read, read all we can to make sure we know what we are talking about and never stop because we probably still don’t. Our daughters are awesome. But at work, lets make things better for everyone.”
- Dear White Women in Tech: Here’s a Thought — Follow Your Own Advice by Riley H | Model View Culture: “Instead of being useful to us, all I see is that white women are quite happy to talk at all-white panels and call it diversity in tech and gaming. You’re happy to use the means afforded to you for being white to play a good game and make a good face while doing nothing meaningful for women of color. You’re screaming and shouting all day about your own shallow versions of feminism while the women of color you claim to represent are trying to simultaneously hold their heads up to stay above water, and down to avoid choking on smoke.”
- How startups can create a culture of inclusiveness | The Globe and Mail: “As a young female in a leadership position at a successful tech startup, who also happens to be visibly religious, I know a thing or two about representing minorities in the workplace. After years of hearing and reading about the lack of diversity in startups and personally encountering what seem like isolated incidents, I’ve noticed a very real pattern of exclusivity. Here are a few things I’ve learned during my career at several Toronto startups on building a workplace culture that is collaborative, inclusive, and one that can help accelerate the growth of your company.”
- This 2014 Sci-Fi Novel Eerily Anticipated the Zika Virus | Slate: “There is a better science fiction analog to the Zika crisis: The Book of the Unnamed Midwife, by Meg Elison, which was published in 2014 In Children of Men, abortion and birth control are rendered moot; in The Book of the Unnamed Midwife, birth control and a woman’s right to bodily autonomy are central to the plot.”
- Let’s Talk About The Other Atheist Movement | Godlessness in Theory: “Over the last twenty-four hours, with media fixated on Dawkins’ absence from one upcoming convention, atheists have been gathered at another in Houston. The Secular Social Justice conference, sponsored jointly by half a dozen orgs, highlights ‘the lived experiences, cultural context, shared struggle and social history of secular humanist people of color’. Sessions address the humanist history of hip hop, the new atheism’s imperialist mission and the lack of secular scaffolds for communities of colour in the working class US, whether for black single mothers or recently released incarcerees. Perhaps we could talk about this?”
- Computer Science, Meet Humanities: in New Majors, Opposites Attract | Chronicle of Higher Education: “She chose Stanford University, where she became one of the first students in a new major there called CS+Music, part of a pilot program informally known as CS+X.Its goal is to put students in a middle ground, between computer science and any of 14 disciplines in the humanities, including history, art, and classics. And it reduces the number of required hours that students would normally take in a double major in those subjects.”
We link to a variety of sources, some of which are personal blogs. If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.
You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).
Thanks to everyone who suggested links.
The NSA is undergoing a major reorganization, combining its attack and defense sides into a single organization:
In place of the Signals Intelligence and Information Assurance directorates the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively the NSA is creating a Directorate of Operations that combines the operational elements of each.
It's going to be difficult, since their missions and culture are so different.
The Information Assurance Directorate (IAD) seeks to build relationships with private-sector companies and help find vulnerabilities in software most of which officials say wind up being disclosed. It issues software guidance and tests the security of systems to help strengthen their defenses.
But the other side of the NSA house, which looks for vulnerabilities that can be exploited to hack a foreign network, is much more secretive.
"You have this kind of clash between the closed environment of the sigint mission and the need of the information-assurance team to be out there in the public and be seen as part of the solution," said a second former official. "I think that's going to be a hard trick to pull off."
I think this will make it even harder to trust the NSA. In my book Data and Goliath, I recommended separating the attack and defense missions of the NSA even further, breaking up the agency. (I also wrote about that idea here.)
And missing in their reorg is how US CyberCommmand's offensive and defensive capabilities relate to the NSA's. That seems pretty important, too.
Some of my favorite new submissions this week:
Anna writes, "I spelled it out three times for them over the phone."
See, there's your problem right there, Anna: that you had to spell it in the first place.
This bakery display has really captured the zeitgeist of winter:
That inexplicable feeling when your baker replaces almost all of the Rs on your cake with Cs:
I am so confused cight now, you guys. Foc ceal.
Here's this week's moment of someone-was-paid-to-do-this-like-on-purp
A demented smiley face...
...pink sperm on its head!
It's a great day for America, e'erbody.
And last but not least, a tail of beauty:
...and a tail of WHOA:
So sorry, Sarah H. I hope you didn't shell out a lot of clams to make this to scale. :D
(Sea what I did there?)
Thanks to Anna H., Kathryn D., Martin G., Kristi W., Gisele M., & Sarah H. for the "mermaid-to-order" wreckage.
This research shows how to track e-commerce users better across multiple sessions, even when they do not provide unique identifiers such as user IDs or cookies.
Abstract: Targeting individual consumers has become a hallmark of direct and digital marketing, particularly as it has become easier to identify customers as they interact repeatedly with a company. However, across a wide variety of contexts and tracking technologies, companies find that customers can not be consistently identified which leads to a substantial fraction of anonymous visits in any CRM database. We develop a Bayesian imputation approach that allows us to probabilistically assign anonymous sessions to users, while ac- counting for a customer's demographic information, frequency of interaction with the firm, and activities the customer engages in. Our approach simultaneously estimates a hierarchical model of customer behavior while probabilistically imputing which customers made the anonymous visits. We present both synthetic and real data studies that demonstrate our approach makes more accurate inference about individual customers' preferences and responsiveness to marketing, relative to common approaches to anonymous visits: nearest- neighbor matching or ignoring the anonymous visits. We show how companies who use the proposed method will be better able to target individual customers, as well as infer how many of the anonymous visits are made by new customers.
Last Sunday we saw how bakers used fashionable dresses to inspire some stunning cakes. So TODAY...
We're not going to do that.
See, cakes that look like actual dresses-on-bodies keep popping up, and they tend to be rather creepy.
Well, about as creepy as you'd expect edible neck-and-arm stumps to be:
Not to mention this one looks like its floating up through the table. Spooky.
It's not so bad when the stumps look like a fabric dress form, but for some reason bakers keep making the under bits look like skin. And, worse, wrinkly skin:
Now, you might think it'd be better to just go ahead and sculpt the whole bride:
And don't go sticking a blow-up doll on your wedding cake, either:
This is also creepy.
Here's one that avoided the skin/stump issue entirely - which I applaud - but then fell down in the whole looking-like-a-human-body arena:
This photo also removed. Please enjoy this lovely picture of Epcot.
Definitely more centaur-shaped. The boobage section in particular is... worrisome.
Still, all of that pales in comparison to this bizarre choice of a wedding cake:
I'm actually weirdly fascinated. I... I can't look away. It's like staring into the sun. A headless, armless, legless sun. That you kind of want to hug.
Or is that just me?
Thanks to Elicia H., Caren, Angela B., Sondra D., Brenda T., Megan B., & Samantha B. for proving no body is better at weddings.
The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.
These "things" will have two separate parts. One part will be sensors that collect data about us and our environment. Already our smartphones know our location and, with their onboard accelerometers, track our movements. Things like our thermostats and light bulbs will know who is in the room. Internet-enabled street and highway sensors will know how many people are out and about -- and eventually who they are. Sensors will collect environmental data from all over the world.
The other part will be actuators. They'll affect our environment. Our smart thermostats aren't collecting information about ambient temperature and who's in the room for nothing; they set the temperature accordingly. Phones already know our location, and send that information back to Google Maps and Waze to determine where traffic congestion is; when they're linked to driverless cars, they'll automatically route us around that congestion. Amazon already wants autonomous drones to deliver packages. The Internet of Things will increasingly perform actions for us and in our name.
Increasingly, human intervention will be unnecessary. The sensors will collect data. The system's smarts will interpret the data and figure out what to do. And the actuators will do things in our world. You can think of the sensors as the eyes and ears of the Internet, the actuators as the hands and feet of the Internet, and the stuff in the middle as the brain. This makes the future clearer. The Internet now senses, thinks, and acts.
We're building a world-sized robot, and we don't even realize it.
I've started calling this robot the World-Sized Web.
The World-Sized Web -- can I call it WSW? -- is more than just the Internet of Things. Much of the WSW's brains will be in the cloud, on servers connected via cellular, Wi-Fi, or short-range data networks. It's mobile, of course, because many of these things will move around with us, like our smartphones. And it's persistent. You might be able to turn off small pieces of it here and there, but in the main the WSW will always be on, and always be there.
None of these technologies are new, but they're all becoming more prevalent. I believe that we're at the brink of a phase change around information and networks. The difference in degree will become a difference in kind. That's the robot that is the WSW.
This robot will increasingly be autonomous, at first simply and increasingly using the capabilities of artificial intelligence. Drones with sensors will fly to places that the WSW needs to collect data. Vehicles with actuators will drive to places that the WSW needs to affect. Other parts of the robots will "decide" where to go, what data to collect, and what to do.
We're already seeing this kind of thing in warfare; drones are surveilling the battlefield and firing weapons at targets. Humans are still in the loop, but how long will that last? And when both the data collection and resultant actions are more benign than a missile strike, autonomy will be an easier sell.
By and large, the WSW will be a benign robot. It will collect data and do things in our interests; that's why we're building it. But it will change our society in ways we can't predict, some of them good and some of them bad. It will maximize profits for the people who control the components. It will enable totalitarian governments. It will empower criminals and hackers in new and different ways. It will cause power balances to shift and societies to change.
These changes are inherently unpredictable, because they're based on the emergent properties of these new technologies interacting with each other, us, and the world. In general, it's easy to predict technological changes due to scientific advances, but much harder to predict social changes due to those technological changes. For example, it was easy to predict that better engines would mean that cars could go faster. It was much harder to predict that the result would be a demographic shift into suburbs. Driverless cars and smart roads will again transform our cities in new ways, as will autonomous drones, cheap and ubiquitous environmental sensors, and a network that can anticipate our needs.
Maybe the WSW is more like an organism. It won't have a single mind. Parts of it will be controlled by large corporations and governments. Small parts of it will be controlled by us. But writ large its behavior will be unpredictable, the result of millions of tiny goals and billions of interactions between parts of itself.
We need to start thinking seriously about our new world-spanning robot. The market will not sort this out all by itself. By nature, it is short-term and profit-motivated -- and these issues require broader thinking. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission as a place where robotics expertise and advice can be centralized within the government. Japan and Korea are already moving in this direction.
Speaking as someone with a healthy skepticism for another government agency, I think we need to go further. We need to create agency, a Department of Technology Policy, that can deal with the WSW in all its complexities. It needs the power to aggregate expertise and advice other agencies, and probably the authority to regulate when appropriate. We can argue the details, but there is no existing government entity that has the either the expertise or authority to tackle something this broad and far reaching. And the question is not about whether government will start regulating these technologies, it's about how smart they'll be when they do it.
The WSW is being built right now, without anyone noticing, and it'll be here before we know it. Whatever changes it means for society, we don't want it to take us by surprise.
This essay originally appeared on Forbes.com, which annoyingly blocks browsers using ad blockers.
EDITED TO ADD: Kevin Kelly has also thought along these lines, calling the robot "Holos."
EDITED TO ADD: Commentary.
I’ve been searching for a new position since finishing at the Ada Initiative at the end of September 2015. On January 11, I was very happy to join Stripe in Australia as a Partner Engineer, working as a technical expert with Stripe’s partners.
Stripe is the best way to accept payments online and in mobile apps. (It’s pretty cool to see the change in payments since the last time I worked in a payments company.) My job will involve working closely with Australian companies, which I am especially looking forward to after ending up with a lot of US and Silicon Valley focus over the past few years of my life.
I’ll mostly be based remotely in Sydney, with regular visits to the Australian team in Melbourne. I’m thrilled to work closely with Susan Wu, Mac Wang, and the team in Australia, as well of course as with the company as a whole. I spent my first two weeks with Stripe in San Francisco and love how friendly and welcoming my colleagues are.
Work at Stripe
Stripe is just starting to build a Sales and Partner Engineering team to go with their strong Support Engineering team. If you’re interested in joining me in the Field Engineering team at Stripe, there are multiple positions open, and they include the Head of Field Engineering and Sales Engineering Manager (to whom I will report), both San Francisco-based. If you want to work in Australia. there is a Sales Engineer position open in Melbourne.
If you want to talk to me about working at Stripe, email email@example.com (hey look at that, there’s still firstname@ opportunities too!)
In Dec. 2015, KrebsOnSecurity warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states. Safeway hasn’t disclosed what those skimmers looked like, but images from a recent skimming attack allegedly launched against self-checkout shoppers at a Safeway in Maryland offers a closer look at once such device.
The image above shows an simple but effective “overlay” skimmer that banking industry sources say was retrieved from a Safeway store in Germantown, Md. The device is designed to fit directly over top of the Verifone terminals in use at many Safeways and other retailers. It has a PIN pad overlay to capture the user’s PIN, and a mechanism for recording the data stored on a card’s magnetic stripe when customers swipe their cards at self-checkout aisles.
Safeway officials did not respond to repeated requests for comment about this incident.
My local Safeway in Northern Virginia uses this exact model of Verifone terminals, and after seeing this picture for the first time I couldn’t help but pull on the terminal facing me in the self-checkout line on a recent store visit, just to be sure.
Many banks are now issuing newer, more secure chip-based credit and debit cards that are more expensive and difficult for thieves to steal and to counterfeit. As long as retailers continue to allow customers to avoid “dipping the chip” and instead allow “swipe the stripe” these skimming attacks on self-checkout lanes will continue to proliferate across the retail industry.
It may be worth noting that this skimming device looks remarkably similar to a point-of-sale skimmer designed for Verifone terminals that I wrote about in 2013.
Here’s a simple how-to video made by a fraudster who is selling very similar-looking overlay skimmers for Verifone point-of-sale devices; he calls them “Verifone condoms.” As we can see, the device could be attached in the blink of an eye (and removed quickly as well). The device in the video is just a shell, and does not include the POS PIN pad reader or card reader.
The Weasley's have never been more adorable. In fact, these two are in my top favs from the whole weekend.
(I decided to give my pics a vintage vibe with the editing, btw. It just felt right.)
Stage 1: Excitement
"...now simply pipe seven thousand individual strands and you're done!"
Stage 2: Compromise
"Well, it's still kind of feathery..."
Stage 3: Apathy
"Meh, just spray it yellow."
Stage 4: Passive Aggression
"We call it, 'Big Bird In A Snow Storm.'
"And that'll be $37.99."
Thanks to Anony M., Rose T., Anony M., & Shannon B. for finding the face of despair. (Seriously, the longer you look, the more depressing it gets.)
Both the "going dark" metaphor of FBI Director James Comey and the contrasting "golden age of surveillance" metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong encryption to their customers.
It's a myopic framing that focuses only on one threat -- criminals, including domestic terrorists -- and the demands of law enforcement and national intelligence. This obscures the most important aspects of the encryption issue: the security it provides against a much wider variety of threats.
Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It's a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients.
Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackers -- probably the Chinese government -- stole 21.5 million personal files of U.S. government employees and others. They wouldn't have obtained this data if it had been encrypted. Many large-scale criminal data thefts were made either easier or more damaging because data wasn't encrypted: Target, TJ Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence.
Adding backdoors will only exacerbate the risks. As technologists, we can't build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer's hard drive, so can other governments. So can criminals. So can terrorists. This is not theoretical; again and again, backdoor accesses built for one purpose have been surreptitiously used for another. Vodafone built backdoor access into Greece's cell phone network for the Greek government; it was used against the Greek government in 2004-2005. Google kept a database of backdoor accesses provided to the U.S. government under CALEA; the Chinese breached that database in 2009.
We're not being asked to choose between security and privacy. We're being asked to choose between less security and more security.
This trade-off isn't new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2013, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important.
Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance. For a variety of technical reasons, computer security is extraordinarily weak. If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they're in. If they're not, it's because you're not high enough on their priority list to bother with. Widespread encryption forces the listener -- whether a foreign government, criminal, or terrorist -- to target. And this hurts repressive governments much more than it hurts terrorists and criminals.
Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications. In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.
This essay previously appeared as part of the paper "Don't Panic: Making Progress on the 'Going Dark' Debate." It was reprinted on Lawfare. A modified version was reprinted by the MIT Technology Review.