Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

February 10, 2016

Bruce Schneier
AT&T Does Not Care about Your Privacy

AT&T's CEO believes that the company should not offer robust security to its customers:

But tech company leaders aren't all joining the fight against the deliberate weakening of encryption. AT&T CEO Randall Stephenson said this week that AT&T, Apple, and other tech companies shouldn't have any say in the debate.

"I don't think it is Silicon Valley's decision to make about whether encryption is the right thing to do," Stephenson said in an interview with The Wall Street Journal. "I understand [Apple CEO] Tim Cook's decision, but I don't think it's his decision to make."

His position is extreme in its disregard for the privacy of his customers. If he doesn't believe that companies should have any say in what levels of privacy they offer their customers, you can be sure that AT&T won't offer any robust privacy or security to you.

Does he have any clue what an anti-market position this is? He says that it is not the business of Silicon Valley companies to offer product features that might annoy the government. The "debate" about what features commercial products should have should happen elsewhere -- presumably within the government. I thought we all agreed that state-controlled economies just don't work.

My guess is that he doesn't realize what an extreme position he's taking by saying that product design isn't the decision of companies to make. My guess is that AT&T is so deep in bed with the NSA and FBI that he's just saying things he believes justifies his position.

Here's the original, behind a paywall.

by Bruce Schneier at February 10, 2016 07:59 PM

Jeffrey Young
Why Commercial Tutoring Could Be Called the ‘Grade-Enhancement Industry’

For-profit tutoring companies are targeting students with online ads these days, and the message is tempting. Why spend so long studying, the ads say, when paid tutors or study guides can help you get better grades with less work? One ad for Studypool, an Uber for tutoring that is one of many new for-profit study-help sites, shows a split screen of two photographs. On one side, a student sits in a library, under the caption “Didn’t ask Studypool”; on the other side, two students lie on the beach in bikinis, with the caption “Asked Studypool.” Students are buying it, sometimes paying hundreds of dollars a year in the search to better their grades.

by jryoung at February 10, 2016 05:00 PM

February 09, 2016

Justin Reich
Using Snapchat to Develop Empathy in a Technology-Driven World
Sabba Quidwai shares ideas for how Snapchat can help students develop empathy and embrace the people of the world as global citizens.

by Beth Holland at February 09, 2016 10:08 PM

Innovation in Schools: Changing Environment, Behaviors, and Beliefs
To innovate schools and classrooms requires more than just integrating technology and redesigning spaces. It also calls for a "significant positive change" in behavior, attitude, perception, and beliefs.

by Beth Holland at February 09, 2016 10:06 PM

Bruce Schneier
The 2016 National Threat Assessment

It's National Threat Assessment Day. Published annually by the Director of National Intelligence, the "Worldwide Threat Assessment of the US Intelligence Community" is the US intelligence community's one time to publicly talk about the threats in general. The document is the results of weeks of work and input from lots of people. For Clapper, it's his chance to shape the dialog, set up priorities, and prepare Congress for budget requests. The document is an unclassified summary of a much longer classified document. And the day also includes Clapper testifying before the Senate Armed Service Committee. (You'll remember his now-famous lie to the committee in 2013.)

The document covers a wide variety of threats, from terrorism to organized crime, from energy politics to climate change. Although the document clearly says "The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community," it does. And like 2015 and 2014, cyber threats are #1 -- although this year it's called "Cyber and Technology."

The consequences of innovation and increased reliance on information technology in the next few years on both our society's way of life in general and how we in the Intelligence Community specifically perform our mission will probably be far greater in scope and impact than ever. Devices, designed and fielded with minimal security requirements and testing, and an ever -- increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems. These developments will pose challenges to our cyber defenses and operational tradecraft but also create new opportunities for our own intelligence collectors.

Especially note that last clause. The FBI might hate encryption, but the intelligence community is not going dark.

The document then calls out a few specifics like the Internet of Things and Artificial Intelligence -- so surprise, considering other recent statements from government officials. This is the "...and Technology" part of the category.

More specifically:

Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decisionmaking, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI ­-- in settings such as public utilities and health care -- will only exacerbate these potential effects. Russian cyber actors, who post disinformation on commercial websites, might seek to alter online media as a means to influence public discourse and create confusion. Chinese military doctrine outlines the use of cyber deception operations to conceal intentions, modify stored data, transmit false data, manipulate the flow of information, or influence public sentiments -­ all to induce errors and miscalculation in decisionmaking.

Russia is the number one threat, followed by China, Iran, North Korea, and non-state actors:

Russia is assuming a more assertive cyber posture based on its willingness to target critical infrastructure systems and conduct espionage operations even when detected and under increased public scrutiny. Russian cyber operations are likely to target US interests to support several strategic objectives: intelligence gathering to support Russian decisionmaking in the Ukraine and Syrian crises, influence operations to support military and political objectives, and continuing preparation of the cyber environment for future contingencies.

Comments on China refer to the cybersecurity agreement from last September:

China continues to have success in cyber espionage against the US Government, our allies, and US companies. Beijing also selectively uses cyberattacks against targets it believes threaten Chinese domestic stability or regime legitimacy. We will monitor compliance with China's September 2015 commitment to refrain from conducting or knowingly supporting cyber -- enabled theft of intellectual property with the intent of providing competitive advantage to companies or commercial sectors. Private -- sector security experts have identified limited ongoing cyber activity from China but have not verified state sponsorship or the use of exfiltrated data for commercial gain.

Also interesting are the comments on non-state actors, which discuss both propaganda campaigns from ISIL, criminal ransomware, and hacker tools.

by Bruce Schneier at February 09, 2016 09:25 PM

Case Study: Esquire Classic Podcast for Broadcast

Podcast to broadcast.

Todd Mundt

We kick around this notion all the time at PRX: can the stories and styles that work so well in the highly intimate podcast medium also work in the mass form of radio?

Some do, some really don’t, and I am skeptical of podcast-to-broadcast working in every case. But KUOW in Seattle is one of those daring stations that’s willing to try something at least once. A few weeks back Todd Mundt, managing producer at KUOW, reached out to PRX saying he’s a big fan of the Esquire Classic podcast that we produce with Esquire magazine.

Screen Shot 2016-02-08 at 5.58.46 PMEvery two weeks, Esquire editor Tyler Cabot, host David Brancaccio (and anchor of the Marketplace Morning Report from APM), producer Curtis Fox and I select a nonfiction story from the Esquire archives. The Esquire Classic podcast then dissects the story and its background—the assignment, editing, twists and turns—and its newfound context in the 21st century. Cindy Katz, an actor, usually reads excerpts live and David interviews an expert: the article’s original  author, editor, or someone else who really knows the material.

Todd suggested trying an episode for broadcast in Seattle. “The larger KUOW view is that we find, curate and present the most interesting content from wherever we can get it,“ he said. That mindset attracted him to an episode about a Tom Wolfe story profiling Silicon Valley pioneer Robert Noyce. Noyce was a major developer of the silicon chip, and helped create the entrepreneurial culture that we now associate with innovation. Brancaccio interviewed acclaimed tech reporter Kara Swisher of Re/code for the podcast.

Robert Noyce

“It was a moment to present a story the [Seattle] audience would find interesting,” said Todd. “This was a creation moment for Silicon Valley, the whole ethos of it, and Kara is in a unique position as a chronicler. With Brancaccio known to the audience, you have it all come together.”

The challenge was to take a 30-minute podcast and make it sound right on air. Todd worked with producers Caroline Chamberlain and Curtis Fox to break the podcast into four sections. Caroline had to craft tight and contextual host leads that really fit each excerpt. “We chose to serialize [the podcast], and that is harder. As you get deeper in, you get to parts two or three or four, and you have to do more backfilling of information in host intros, which we try to keep to no more than 25 seconds,” said Todd. He and Caroline went through many drafts. The Esquire Classic excerpts ran on consecutive days within a cutaway in All Things Considered (ATC). “It worked because I think of ATC as a bit of a step back from the day’s news. Plus our listening is high then.”

PRX is interested in working with other stations on this notion of podcast-to-broadcast. If you are station that’s game for surprising your audience with newly contextualized, original content, please get in touch at You can find all the Esquire Classic episodes on

Written by John Barth, chief content officer at PRX.

The post Case Study: Esquire Classic Podcast for Broadcast appeared first on PRX.

by John at February 09, 2016 04:06 PM

Radio Berkman 233: Digital Alter Egos
Listen:or download | …also in Ogg Are you really “you” online? We asked around for stories of digital alter egos — secret identities that people maintain on the web and try to keep separate from their real life identities. And it turns out there are lots of reasons — some good, some nefarious, some maybe […]

by Berkman Center for Internet & Society at Harvard Law School ( at February 09, 2016 02:58 PM

Bruce Schneier
Paper on the Going Dark Debate

I am pleased to have been a part of this report, part of the Berkman Center's Berklett Cybersecurity project:

Don't Panic: Making Progress on the "Going Dark" Debate

From the report:

In this report, we question whether the "going dark" metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not. The question we explore is the significance of this lack of access to communications for legitimate government interests. We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow.

In short our findings are:

  • End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality, including user data recovery should a password be forgotten.
  • Software ecosystems tend to be fragmented. In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.
  • Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.
  • Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that widespread.
  • These trends raise novel questions about how we will protect individual privacy and security in the future. Today's debate is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture.

New York Times coverage. Lots more news coverage here. Slashdot thread. BoingBoing post.

EDITED TO ADD (2/8): Eleven news articles: one, two, three, four, five, six, seven, eight, nine, ten, and eleven.

by Bruce Schneier at February 09, 2016 12:31 PM

Large-Scale FBI Hacking

As part of a child pornography investigation, the FBI hacked into over 1,300 computers.

But after Playpen was seized, it wasn't immediately closed down, unlike previous dark web sites that have been shuttered" by law enforcement. Instead, the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4, reads a complaint filed against a defendant in Utah. During this time, the FBI deployed what is known as a network investigative technique (NIT), the agency's term for a hacking tool.

While Playpen was being run out of a server in Virginia, and the hacking tool was infecting targets, "approximately 1300 true internet protocol (IP) addresses were identified during this time," according to the same complaint.

The FBI seems to have obtained a single warrant, but it's hard to believe that a legal warrant could allow the police to hack 1,300 different computers. We do know that the FBI is very vague about the extent of its operations in warrant applications. And surely we need actual public debate about this sort of technique.

Also, "Playpen" is a super-creepy name for a child porn site. I feel icky just typing it.

by Bruce Schneier at February 09, 2016 12:25 PM

February 08, 2016

Bruce Schneier
Data and Goliath Published in Paperback

Today, Data and Goliath is being published in paperback.

Everyone tells me that the paperback version sells better than the hardcover, even though it's a year later. I can't really imagine that there are tens of thousands of people who wouldn't spend $28 on a hardcover but are happy to spend $18 on the paperback, but we'll see. (Amazon has the hardcover for $19, the paperback for $11.70, and the Kindle edition for $14.60, plus shipping, if any. I am still selling signed hardcovers for $28 including domestic shipping -- more for international.)

I got a box of paperbacks from my publisher last week. They look good. Not as good as the hardcover, but good for a trade paperback.

by Bruce Schneier at February 08, 2016 08:11 PM

Berkman Center front page
Radio Berkman 233: Digital Alter Egos

Are you really "you" online?

We asked around for stories of digital alter egos — secret identities that people maintain on the web and try to keep separate from their real life identities.

And it turns out there are lots of reasons — some good, some nefarious, some maybe both — someone might have alternate personas online.

On this episode we share stories of Catfishers, sock puppets, and digital doppelgangers.

Reference Section
Photo courtesy of carbonnyc
Music courtesy of Podington Bear, MCJackinthebox, Blue Dot Sessions, and David Szesztay
This episode featured Sara M. Watson, Jonmy Sun, and Vivek Krishnamurthy

Tweet us! Subscribe to us on Soundcloud, iTunes, or RSS.

This week's episode produced by Daniel Dennis Jones and Elizabeth Gillis, with oversight from Gretchen Weber, and extra help from Adam Holland, Tiffany Lin, Rebekah Heacock Jones, Annie Pruitt, and Carey Andersen.

by djones at February 08, 2016 07:47 PM

David Weinberger
Giving up on morality

Here’s something I took from Heidegger that may not be in Heidegger:

The basis of morality is the recognition that the world matters to each person, but matters differently.[1]

After that, I don’t know what to do except to be highly suspicious of anyone who cites moral precepts.

It turns out that I don’t find morality to be a very useful category since the way the world matters to us is so deeply contextual and individual: whether you should steal the loaf of bread has less to do with the general principle that it’s wrong to steal, and more to do with how hungry your family is, how much money you have, your opportunities to earn more money, the moral and legal codes of your culture, how kind the baker has been to you, what you know of the baker’s own circumstances, etc.

“Do unto others…,” Kant’s Categorical Imperative, the traditional Jewish formulation of “Don’t do unto others what you would not want done to you,” all are heuristics for remembering that the world matters to others just as much as it matters to you, but it matters differently. Trying to apply those heuristics without recognizing that the world can matter differently can lead to well-intentioned mistakes in which you substitute how your world matters to you for how theirs matters to them: you don’t believe in accepting blood transfusions so you refuse to give one to someone who believes otherwise.

This gets messy fast: You believe in the efficacy of blood transfusions, so you give one to someone who for religious reasons has stipulated that she does not want one. You are not treating her as an autonomous agent. Are you wrong? Once she’s under anesthesia should you let her die because she does not want a transfusion? I have my own inclination, but I have no confidence in it: Even the principle of always treating people as autonomous is hard to apply.

It’s easy to multiply examples, and very easy to find cases where I condemn entire cultures for how their world matters to them. For example, I’m really pretty sure that girls ought to be educated and women ought not to be subservient to men. I’d argue for that. I’d vote for that. I’d fight for that. But not because of morality. “Morality” just doesn’t seem like a helpful concept for deciding what one ought to do.

It can be useful as a name for the topic of what that “ought” means. But those discussions can obscure the particularities of each life that need to be as clear as possible when we talk about what we ought to do.

None of this is new or original with me. Maybe I’m just an old fashioned Existentialist — more Kierkegaardian than Satrean — but I feel like I could carry on the rest of my moral life without ever thinking about morality.

(No, I am not sure of any of the above.)


[1] That the world matters to us is certainly Heidegger. That it matters differently to us is more ambiguous. It’s captured in his notion of the existentiell, but his attempt at what seems to be a universal description of Dasein suggests that there may be some fundamental ways in which it matters in the same ways to us all. But it’s been a long time since I read Being and Time. Plus, he was a Nazi, so maybe he’s not the best person to consult about the nature of morality.

The post Giving up on morality appeared first on Joho the Blog.

by davidw at February 08, 2016 03:59 PM

Bruce Schneier
Exploiting Google Maps for Fraud

The New York Times has a long article on fraudulent locksmiths. The scam is a basic one: quote a low price on the phone, but charge much more once you show up and do the work. But the method by which the scammers get victims is new. They exploit Google's crowdsourced system for identifying businesses on their maps. The scammers convince Google that they have a local address, which Google displays to its users who are searching for local businesses.

But they involve chicanery with two platforms: Google My Business, essentially the company's version of the Yellow Pages, and Map Maker, which is Google's crowdsourced online map of the world. The latter allows people around the planet to log in to the system and input data about streets, companies and points of interest.

Both Google My Business and Map Maker are a bit like Wikipedia, insofar as they are largely built and maintained by millions of contributors. Keeping the system open, with verification, gives countless businesses an invaluable online presence. Google officials say that the system is so good that many local companies do not bother building their own websites. Anyone who has ever navigated using Google Maps knows the service is a technological wonder.

But the very quality that makes Google's systems accessible to companies that want to be listed makes them vulnerable to pernicious meddling.

"This is what you get when you rely on crowdsourcing for all your 'up to date' and 'relevant' local business content," Mr. Seely said. "You get people who contribute meaningful content, and you get people who abuse the system."

The scam is growing:

Lead gens have their deepest roots in locksmithing, but the model has migrated to an array of services, including garage door repair, carpet cleaning, moving and home security. Basically, they surface in any business where consumers need someone in the vicinity to swing by and clean, fix, relocate or install something.

What's interesting to me are the economic incentives involved:

Only Google, it seems, can fix Google. The company is trying, its representatives say, by, among other things, removing fake information quickly and providing a "Report a Problem" tool on the maps. After looking over the fake Locksmith Force building, a bunch of other lead-gen advertisers in Phoenix and that Mountain View operation with more than 800 websites, Google took action.

Not only has the fake Locksmith Force building vanished from Google Maps, but the company no longer turns up in a "locksmith Phoenix" search. At least not in the first 20 pages. Nearly all the other spammy locksmiths pointed out to Google have disappeared from results, too.

"We're in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system and who've been a thorn in the Internet's side for over a decade," a Google spokesman wrote in an email. "As spammers change their techniques, we're continually working on new, better ways to keep them off Google Search and Maps. There's work to do, and we want to keep doing better."

There was no mention of a stronger verification system or a beefed-up spam team at Google. Without such systemic solutions, Google's critics say, the change to local results will not rise even to the level of superficial.

And that's Google's best option, really. It's not the one losing money from these scammers, so it's not motivated to fix the problem. Unless the problem rises to the level of affecting user trust in the entire system, it's just going to do superficial things.

This is exactly the sort of market failure that government regulation needs to fix.

by Bruce Schneier at February 08, 2016 12:52 PM

February 07, 2016

John Palfrey
Head of School Bookshelf, Winter, 2016 Edition

For the cozy Sundays in New England, with snow lying all around (as it is this morning in Andover, MA), here’s the line-up of books I have put out on the Head of School bookshelf for faculty at Phillips Academy:

James Baldwin, The Fire Next Time.  I re-read it over the winter holiday break and was glad I did.  Originally published in 1963, The Fire Next Time seemed an apt choice to pair with Coates’ Between the World and Me.  Michelle Alexander linked the two in her elegant August, 2015 piece in the New York Times Book Review.

Katie Cappiello and Meg McInerney, Slut: A Play and Guidebook for Combating Sexism and Sexual Violence.  The cast of “Slut” performed on the Phillips Academy campus for our students, faculty, staff, and parents last month.  They were astonishing.  As we educators and parents all grapple with how to contend with sexual violence, ongoing changes in adolescent culture, and the power of both silence and speaking up, this work is powerful.

Ta Nehisi-Coates, Between the World and Me.  So much has been said and written about this book and why it is important that I probably can’t add anything meaningful, other than encouragement to read it.  It’s not easy or optimistic or pleasurable (other than in appreciating the prose itself and the power of the narrative).  Its critical and popular reception speak to its timeliness and resonance.

Michael B. Horn & Heather Staker, Blended: Using Disruptive Innovation to Improve Schools.  I am a believer in a future of education that connects the traditional, offline mode of teaching and learning with the best aspects of the online, often informal modes.  This book is a helpful resource for those interested in what a blend of the disruptive with the tried-and-true could look like.

Henry Jenkins, Mizuko Ito, and danah boyd, Participatory Culture in a Networked Era.  This book is fun: the experience is of listening in on a dinner-party conversation between three of the leading scholars of the digital age.  In an interactive way, they each reflect on the work they’ve done in this fast-changing field and on what they think is most salient about it.  I make it a point to read just about everything they write.  Here, they are all together in a single text.

Janice Y.K. Lee, The Expatriates.  Before my last Head of School Bookshelf, a faculty colleague at Andover challenged me to add fiction to the mix, so I’m planning to include at least one each time.  I chose Janice Lee’s second novel for the expatriate experience it describes.  The themes will sound familiar to those who have lived abroad or whose children are living abroad — say, at a boarding school.  Pair it with Lee’s first novel, The Piano Teacher, for a great education on Hong Kong expat life between the end of the second World War and today.  Maggie Pouncey, writing in The New York Times Book Review, called Lee “a female, funny Henry James in Asia.”

by jgpalfrey at February 07, 2016 05:49 PM

Ana Enriquez
Rainbow crayon roll

When I send baby gifts, I like to include something for the older sibling(s). So, after I finished the baby jacket I posted about yesterday, I made a quilted crayon roll-up.

Photograph of closed crayon roll from top end

My inspiration for the design was rain clouds and rainbows. One side is a gray linen-cotton blend (Robert Kaufman’s Essex linen in Steel) and the other side is a strip-pieced rainbow that begins and ends with red. It ties closed with a blue grosgrain ribbon.

Photograph of partially-rolled crayon roll, showing several crayons and the exterior of the remainder of the roll

Using the quilt-as-you-go method that I used for the blue and yellow baby quilt, I quilted the rainbow strips onto the gray linen, with some cotton batting sandwiched in between. Then, I added the crayon pocket, stitching at even intervals to make a separate space for each crayon. Finally, I bound it using gray cotton, being careful to catch the midpoint of the ribbon in the binding at one end.

Photograph of open crayon roll up, showing rainbow-striped exterior and blue closure ribbonPhotograph of open crayon roll up, showing crayons and gray linen interior

Originally, I had intended for the gray part to be on the exterior, but I realized that if I made the exterior gray and the crayon pocket gray, very little of the rainbow would show. So, before it was too late, I switched the pocket to the gray side. The rainbow side shows when it’s rolled up, and when it’s open, the crayons supply plenty of color.

Photograph of closed crayon roll, tied with blue grosgrain ribbon


by anaenriquez at February 07, 2016 03:26 PM

February 06, 2016

Ana Enriquez
Rosebud Lullaby Layette jacket

I recently finished an Oliver & S Lullaby Layette jacket, another new baby gift.

The pattern

The pattern was lovely, as I expect with Oliver & S — a nice professional finish, but easy sewing. I sewed the smallest size, 0-3M, as this jacket is for a newborn. I didn’t make any size alterations, but I left off the closures. I don’t have a snap setter, and I figured I could get away with this as the baby will likely outgrow the jacket before she starts moving around much.

Photograph of baby jacket with pink side outThe fabric

The main pink fabric is a cotton broadcloth that I’ve had for a long time. The lining fabric is an ice blue linen or linen blend, also a scrap from my stash. It’s already pretty soft, and it should soften up even more in the wash. Also, it gives the jacket a little more weight, which balances the broadcloth nicely. The binding is homemade from a gray cotton (leftover from the baby quilt I just finished).

The embellishments

The rosebud panel across the chest of the jacket is also made from a fabric scrap I had. The fabric is striped with the machine-embroidered rosebuds alternating with woven-in textured stripes. I cut out one and a half repeats (two rosebud stripes and one woven-in one) and stitched them onto the jacket front and back pieces before beginning assembly. I used a small running stitch, something less than the default stitch length on my machine, to attach it along both edges, which I had ironed under. Then, I assembled the jacket according to the instructions.Detail photograph of front of pink baby jacket

Once that was done, I added the hand stitching: running stitches in white embroidery floss. I did this around the cuffs and next to the top and bottom edges of each rosebud panel. I stitched all the way through the jacket, so the blue side is also embellished with simple stripes of running stitches. (The jacket is reversible.)

Photograph of baby jacket with blue side out, jacket folded back on one side to show pink side on interior

My intent in putting the panels on the front and back only, leaving the sleeves plain, had been to give it a somewhat sporty look by accentuating the raglan sleeves. Once I had it put together, I realized this is also a common design element in colorwork sweaters — I think that’s more the look that I got. But, I like it.Photograph of baby jacket with pink side out, jacket folded back on one side to show blue side on interior


by anaenriquez at February 06, 2016 08:51 PM

February 05, 2016

Bruce Schneier
NSA Reorganizing

The NSA is undergoing a major reorganization, combining its attack and defense sides into a single organization:

In place of the Signals Intelligence and Information Assurance directorates ­ the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively ­ the NSA is creating a Directorate of Operations that combines the operational elements of each.

It's going to be difficult, since their missions and culture are so different.

The Information Assurance Directorate (IAD) seeks to build relationships with private-sector companies and help find vulnerabilities in software ­ most of which officials say wind up being disclosed. It issues software guidance and tests the security of systems to help strengthen their defenses.

But the other side of the NSA house, which looks for vulnerabilities that can be exploited to hack a foreign network, is much more secretive.

"You have this kind of clash between the closed environment of the sigint mission and the need of the information-assurance team to be out there in the public and be seen as part of the solution," said a second former official. "I think that's going to be a hard trick to pull off."

I think this will make it even harder to trust the NSA. In my book Data and Goliath, I recommended separating the attack and defense missions of the NSA even further, breaking up the agency. (I also wrote about that idea here.)

And missing in their reorg is how US CyberCommmand's offensive and defensive capabilities relate to the NSA's. That seems pretty important, too.

by Bruce Schneier at February 05, 2016 09:15 PM

Berkman Center front page
Checking in with Former Berkterns


Berkman research assistant Muira McCammon, who spent the summer of 2015 interning with Berkman's Freedom of Expression team, interviews four former Berkterns about their summer experiences and post-Berkman paths.

Thumbnail Image: 

Berkman research assistant Muira McCammon, who spent the summer of 2015 interning with Berkman's Freedom of Expression team, interviews four former Berkterns about their summer experiences and post-Berkman paths. Cross-posted from the Internet Monitor blog.


The first time I heard about Berkman, I was in eastern Turkey, teaching English to civil aviation university students and trying my best to immerse myself in Turkish culture and language. When the Turkish Prime Minister blocked YouTube, I didn't know what to think or where to turn. I began to read Ars Technica, Global Voices, Slate's Future Tense, Hacker News as well as the Twitter feed run by Professor Zeynep Tufekci, who I later learned was a faculty associate at the Berkman Center. Until my trek to Turkey, I had always perceived of freedom of expression as a concept that was rooted in the offline world; I'd focused specifically on translators and the legal, ethical, and political problems they encounter in the Middle East and in conflict zones. Reading the Turkish Penal Code was my pastime.

But when Erdoğan made part of the Internet inaccessible, I realized that there was a world of Internet law, policy, and jurisprudence that lived far outside the confines of languages I understood. And thus, I gradually became interested in how netizens traverse language barriers and how individuals engaged in tech policy research keep track of what's happening each day online and in the courts of over eighty countries. How do Pashto cultural norms permeate the Twittersphere in Afghanistan? What impact will the digitization of public and university libraries have upon my generation? What are memes, really and what do they say about the cultures and communities that produce them? In what ways can researchers engage with Twitter ethically, if they are collecting the words and thoughts of individuals who might not have a clue that their Tweets are being collated and analyzed? These are some of the questions I had when I applied to the Berkman Center's summer internship program to work on their Freedom of Expression team.

The beauty of Berkman wasn't that I got all of my questions answered (I didn't!) but rather that I was permitted to spend an entire summer working alongside tremendously curious people who were also trying to make sense of the Internet and law. The atmosphere is bibliophilic, quirky, and interdisciplinary, and you can't escape the energy bouncing off everyone in the Berkman community. Each Berktern brought questions to the table (many of which I didn't even know needed to be asked), and the dialogue, the questions don't stop at the end of the summer. Even months after the internship, I'm developing projects that, to a great extent, grew out of conversations had with other Berkterns over lunch, over late-night walks around Cambridge, and in the halls of Harvard Law School.

When I interned at the Center last summer, I began to see that almost every Berktern had taken a different path to get to the little yellow house on Everett Street. So, this month I decided to track down a few of them and ask about their experiences. What follows are brief Q&As with four former Freedom of Expression Berkterns: Kendra Albert (2011), Priya Kumar (2013), Mayukh Sen (2014), and Simon Columbus (2011).


Kendra Albert, a Harvard Law School JD candidate, spoke to me about the beauty of the Berktern community and the ways in which Berkman altered their trajectory.

Muira McCammon: What led you to apply for the FOE internship?

Kendra Albert: I went to Carnegie Mellon for undergrad. Many of my friends were computer science majors, and I got steeped in all of this technological stuff. Even though I didn't have a formal background in technology specifically, I'd done a lot of science and technology studies. The way I wrote my application was like "look, I have done a wide range of things that have nothing to do with each other, and I'm very good at them. So if you hire me, I will do things that I've never done for you and it will go well." Shockingly, this was a good application strategy (or at least they liked me)! I think it's the weirdest cover letter I've ever written in my entire life.

MM: What was the best part of your summer at Berkman?

KA: I think the real highlight was how awesome the people were, and how people I knew from the Berkman internship pop up in the most amazing places in my life now. I'll look at the staff of an organization doing tech policy, and I'll see that there's someone I interned with! It's really cool. I think it speaks to the variety of folks who are brought into the community and how awesome the people who congregate at Berkman over the summer are. The people are the best part.

MM: I think part of the beauty of being a FOE Berktern is that each summer, there are different projects on the proverbial table. What made you tick that summer, and what did you work on?

KA: I was hired as a Freedom of Expression intern. I was doing a bunch of Freedom of Expression work. I was super interested in the Sony hacks, which were a big thing that summer. There was another intern named Christian, who was working on a torts textbook for Professor Zittrain, and I'd written my thesis on torts. I'd even been trying to get into a torts class at the University of Pittsburgh Law School and had not succeeded. So when I heard he was writing a torts textbook, I was like, "Ah, that's so exciting! I want to help. That's so cool." Everyone kind of looked at me like I was crazy, because what I didn't understand at the time is that no one really cares that much about torts. It's like the really nerdy hobby that you didn't know was nerdy until you told everyone how much you love it. You're like, "Oh, I love going around and hitting people with foam swords" and then, everyone looks at you kind of strangely.

MM: What are some of the websites you really love? I ask this question for two reasons. First, because FOE Berkterns help contribute to the Internet Monitor's Twitter feed (@thenetmonitor), and scanning blog posts and newspaper articles about Internet policy updates is an important part of that experience. Also, this was admittedly one of the questions Berkman Community Manager Becca Tabasky asked our Berktern cohort last summer, and I was struck by the breadth of responses!

KA: In terms of various specific tech news, I'm a big fan of Ars Technica and Tech Dirt. I really like Eric Goldman's blog as well as Rebecca Tushnet's blog. They're law professors and they both write about very specific areas of the law, such as intermediary liability and trademark. They do a very good job of saying why certain cases are important. They make those areas of the law much more accessible and easier to keep up with. Personally, I really love The Toast and Captain Awkward (she's an advice columnist and she's awesome). I think Slate's Future Tense is also pretty good.

MM: Can you talk a bit about how the FOE internship impacted your trajectory post Berkman?

KA: I've heard the term Berkmafia. You'll meet someone and you'll say, "Oh, your name sounds familiar." And they'll say, "Oh. You're on the Berkman listserv." And I'm like, "Oh yes! I am!" and suddenly we have this connection. You run into people in the most surprising places, and that is a testimony to the community that Berkman has built.

My time at Berkman upended my life completely. I was supposed to go to the University of Cambridge to get my MPhil. I got a full time job at Berkman instead. Deferred Cambridge. Never went. Applied to law school instead. So saying that Berkman changed my life is an understatement, not an overstatement. I ended up working at Berkman for two years. I went to law school because I ended up working at Berkman for two years. And although law school might've always been in the cards, I think it changed my path pretty distinctly and gave me a real focus. I’m really grateful I had the opportunity to take the internship!


After talking to Kendra, I corresponded with another former Berktern, Priya Kumar. Today, Priya works as a research analyst with the Ranking Digital Rights project, where she examines online freedom of expression and privacy as well as helps with project-related communication and data. Her FOE internship started just a few days before the Snowden disclosures. She talked to me about her journey from the University of Michigan School of Information to the New America Foundation.

MM: What led you to apply to the FOE Berkternship in particular?

Priya Kumar: My background is in journalism and research, and when I did the Berkman internship, I was a master's student at the University of Michigan School of Information. At Michigan, I was developing my own curriculum in "data storytelling." I was fascinated by the dramatic increase in data that surrounded us, and I wondered how journalists could analyze that data and make it meaningful for the public. During my first semester at Michigan, I wrote a paper about the various ways the Iranian government facilitated online censorship, and I recognized that even as digital technology offered opportunities to advance freedom of expression, it also gave powerful entities, like governments, tools to restrict that freedom. I drew on research from the Berkman FOE team to write that paper, and I thought, wouldn't it be cool to be part of a team that does this type of research? I applied for the internship and the rest, as they say, is history!

MM: What was the best part of your summer at Berkman?

PK: Far and away, the best part of the summer was the chance to have fascinating conversations with people interested in the myriad ways that technology and society intersect. In part, these conversations came out of planned events, like the intern hours, or discussions with the FOE team about the work we were doing. But they also came up when a group of us were sitting in the office and we'd start discussing a thought-provoking article someone read, or when we would eat lunch in the courtyard outside the law school and just chat. It felt like everyone in the Berkman community was open to such conversations; I'll always appreciate that [Berkman Faculty Director] Jonathan Zittrain took a half-hour out of his day to talk over my nascent ideas for master's thesis research.

MM: What were some of the ideas you grappled with as a FOE Berktern?

PK: I began my internship on June 3, 2013, two days before the first Snowden disclosures hit the news. The scale and scope of mass surveillance by the United States and other governments shaped many of the conversations we had that summer. Those discussions were richer thanks to the contributions and perspectives of Berkman interns, fellows, and staff from around the world. Personally, I started thinking critically about what it means to live in a networked society. I have a Mac computer, I write on Microsoft Word, I use Gmail and Facebook and Twitter. But increasingly, the companies that create those products and services have greater power to shape the discourse and interactions we have with each other. And as we learned from Snowden, governments are interested in harnessing that power. That summer, I read Rebecca MacKinnon's book, Consent of the Networked, which clearly lays out the implications of these shifts. I still grapple with these ideas, and it was my time at Berkman that really spurred me to think about them.

MM: What were some of the projects you worked on during the summer?

PK: As an FOE Berktern, I primarily wrote for the Internet Monitor and Herdict blogs, curated the Twitter feeds for both projects, and drafted country profiles for the Internet Monitor site. I analyzed Herdict data related to that year's Iranian election, and that data supported a piece that Ryan Budish wrote for Internet Monitor's 2014 annual report. I loved the freedom I had to write about topics that piqued my interest, and I appreciate that I got to spend the summer learning so much. Before writing those company profiles, I hadn't realized how many different ways existed to censor the Internet.

MM: How did the summer impact your post-Berkman trajectory?

PK: The Berkman internship was in some ways a turning point for me. It helped me understand how broad the discipline of "Internet and society" studies can be, and it helped me hone in on what facet of that discipline most fascinates me. After I graduated from Michigan, I attended a conference where I happened to get in line behind Rebecca MacKinnon, herself a member of the Berkman community. I introduced myself and told her about my interests. It turned out that her project, Ranking Digital Rights (RDR), was hiring. The project evaluates technology companies on their respect for freedom of expression and privacy, and I got a research position with the project. I've been with RDR since summer 2014, and in some ways, it's an extension of the work I did at Berkman. I've continued to learn a tremendous amount about how technology puts freedom of expression and privacy at risk, but also how civil society, policymakers, and companies are working to address these concerns. I also helped launch RDR's Corporate Accountability Index in 2015, an extremely rewarding experience.


I also talked to Mayukh Sen. I'd stumbled across Mayukh's Twitter page while putting my own FOE application together in 2015. So, it was fun to hear about what one of my predecessors had done at Berkman, the summer before I arrived. Today Mayukh is the Editorial Director of This., a project born out of The Atlantic. He also writes for a number of publications, including VICE, BuzzFeed India, Racked,and The Caravan.

MM: What led you to apply to the FoE Berkternship in particular?

Mayukh Sen: The summer after my junior year in college, I interned at a journalism nonprofit in DC, Internews. While I was there, I, among other tasks, managed and edited a weekly newsletter of stories related to online freedom of expression. I kept doing that into my senior year of college, on a remote contract basis. It was my first foray into the world of Internet freedom. I found it fascinating! I figured I wanted to explore it more. I'd heard rumblings about Berkman – the name was always thrown around by people in the Internews office as a prestigious one, so I imagined an internship there would be a logical next step. I applied during my senior year on a whim, just hours before the deadline, and was quite surprised to learn I got it! Didn't think I had a fighting chance. So it goes.

MM: Today, do you have a favorite website? Do you mind sharing it with us?

MS: I guess this counts as some form of self-promotion: my favorite website is This., a social network (and media company) where I'm currently the Editorial Director. We started over at The Atlantic, who remains a minority owner of the company. The site is premised around the limitation of just sharing one link a day. No frills! That's it. That tends to mean that the quality of stuff that populates the site is pretty stellar. It's a nifty place to go to find smart people and publications sharing the best media that lives on the web. Other social networks can make you feel cynical about how much garbage content exists online – and, by consequence, how much our algorithms and feeds reward the proliferation of that garbage. But This. has reminded me that there's a lot of quality stuff, too.

MM: How did the summer impact your post-Berkman trajectory?

A ton – Berkman is a name that opens many doors in many circles, which is something people say ad nauseam because it's true. Berkman definitely stiffened my resolve not to ever do advocacy or nonprofit work, which I tried my hand at post-Berkman for a hot second, and to devote myself to writing and journalism. The most rewarding part of my experience with Berkman was writing. I think the FoE internship at Berkman is unlike a lot of others at Berkman in that it tends to attract writerly types and budding reporters. I enjoyed writing about issues of freedom of expression a ton, and I was able to parlay this into a lot of my writing after Berkman. I also think it's also good to step into digital media with a solid, informed principles surrounding online freedom of expression.


Lastly I spoke with Simon Columbus. Today Simon is a student of psychological methods and organizational psychology at the Graduate School of Psychology at the University of Amsterdam. He reminded me of the importance of froyo and what a hub BerryLine (a frequent haunt of my '15 cohort as well) was during his stint as a Berktern.

MM: What led you to apply to the Berkternship in particular?

Simon Columbus: The short answer: I found it on Twitter (I'd been following Berkman for awhile there). The long answer: I'd been involved with both blogging and anti-surveillance activism in Germany since I was 16, and had been writing semi-professionally since 17. Around that time I also joined an activist group, DigiActive (founded by Mary Joyce). After high school, I moved from my small hometown to Berlin and spent a year writing for and another blog (Spreeblick) full-time. I left journalism and activism to move to the Netherlands for college, but Berkman was a very reasonable continuation of what I'd done until then.

MM: What was the best part of your summer at Berkman?

SC: That's really hard to pin down. I probably remember less of the specific academics, and much more of the social environment. I'm sure all Berktern cohorts are great, but mine was really amazing. I probably learned as much from hanging out with people as from the actual work, being a young guy in the US for the first time and all. So there are a lot of memories of Super Smash Bros battles and squabbles over the preferable froyo place when I think back to that summer. Can I nominate getting froyo as "something you did each day"?

MM: Of course! So, what ideas were you grappling with in your froyo-eating days as a Berktern?

SC: At the time, I was coming straight out of my freshman year at college, and I'm sure I must've been quite cocky about my ideas - so I'm not sure grappling is the right word. Access to the Internet (or, more generally, ICTs) in developing countries and the potential for transformative social and political change were big topics for me back then.

MM: What were some of the projects you worked on during the summer?

SC: The biggest project was a serious of country profiles I wrote, which detailed the state of Internet access and censorship in some African countries.

MM: Can you talk a bit about the ways in which the summer impacted your post-Berkman trajectory?

SC: While we were at Berkman, there was a conference called Hyper-Public. One of the speakers, somewhat the odd one out, was a computational biologist, Martin A. Nowak. In hindsight, that seems almost like an omen. I did spend another year or so doing research on citizen journalism (among other things co-authoring a paper heavily drawing on Yochai Benkler's work on the 'networked public sphere'); but just before the internship, I had also taking my first class in psychology. I was really taken by the promise of studying cooperation - what had always fascinated me about the Internet and its promises - in a thorough, quantitative manner (mind you, I'd heard a lot of Internet utopianism at that point). I'd already left journalism in Berlin because I felt I wanted to understand first, then tell other people - and psychology, at the time, seemed to promise a great way of understanding things deeply.

I ended up focusing on evolutionary psychology in particular (with forays in behavioral economics), and have been studying cooperation and the evolution of cooperation for the last five years - first during my BA (in social sciences, at Amsterdam University College), then during my MSc (in psychological methodology, at the University of Amsterdam). Now I'm a core tutor at an interdisciplinary undergraduate program at the University of Amsterdam and applying for PhD positions. My last blog post is from more than a year ago, but one of my new year's resolutions is to start writing more regularly again - but this time, it'll be about psychology, statistics, and science in general.

MM: Any other reflections you'd like to share with me and potential FOE Berktern applicants?

SC: My internship was a great time. I recently sent around this year's call for applications to my students and called it 'the summer of my life', and I didn't embellish much with that. I've moved on a lot since, but I'll always have fond memories of that small yellow house.


NB: This year's summer internship applications are due Friday, February 12, 2016 at 11:59 p.m. ET.


by rheacock at February 05, 2016 02:49 PM

Bruce Schneier
Tracking Anonymous Web Users

This research shows how to track e-commerce users better across multiple sessions, even when they do not provide unique identifiers such as user IDs or cookies.

Abstract: Targeting individual consumers has become a hallmark of direct and digital marketing, particularly as it has become easier to identify customers as they interact repeatedly with a company. However, across a wide variety of contexts and tracking technologies, companies find that customers can not be consistently identified which leads to a substantial fraction of anonymous visits in any CRM database. We develop a Bayesian imputation approach that allows us to probabilistically assign anonymous sessions to users, while ac- counting for a customer's demographic information, frequency of interaction with the firm, and activities the customer engages in. Our approach simultaneously estimates a hierarchical model of customer behavior while probabilistically imputing which customers made the anonymous visits. We present both synthetic and real data studies that demonstrate our approach makes more accurate inference about individual customers' preferences and responsiveness to marketing, relative to common approaches to anonymous visits: nearest- neighbor matching or ignoring the anonymous visits. We show how companies who use the proposed method will be better able to target individual customers, as well as infer how many of the anonymous visits are made by new customers.

by Bruce Schneier at February 05, 2016 12:56 PM

Ethan Zuckerman
Fred Turner: The link from anti-fascist art and the “historical problem” of Facebook

Fred Turner, the leading chronicler of the links between the 60s counterculture and the internet revolution, turned his sights to the rise of multimedia in America prior to the 1960s in his recent book The Democratic Surround. On February 4, Turner returned to his hometown and to MIT, where he previously taught, to talk to architecture students about ideas of democracy, interactivity and public space. (I’m a Turner groupie, not an architecture student, so I came as well, along with roughly half of the Center for Civic Media.)

Turner explains that the story he will tell unfolds in building 7 of MIT, many years ago. But he starts the story with the “historical problem” of Facebook. Facebook offers a world in which connecting through a commercial, institutional space is presented as a democratic good. Our relations, connected through devices, is supposed to be a good – how on earth did we come to believe this is true? Oddly the answer comes from World War II and a turn away from centralized communication systems and the sense that these technologies were connected to fascism. That led to the idea that multimedia – sounds and images from all sides – would lead us to an appreciation of democracy and choice. Further, Fred wants to explore how computers got attached to that story, first by Norbert Weiner at MIT.

Turner tells us that we are currently surrounded by screens at all time – our phones, laptops, televisions. They are usually technologies of interpersonal connection. They invite us to create a new polity based on connecting with one another, united by seeking. The images we create for Facebook are the ones we encounter in the commercial sphere. We are being offered a model of democratic politics that is not democratic at all – it is a model based on surveillance and control.

After checking to see that the room is free of “card carrying historians”, turner explains that historian of 20th century America tend to cite Roosevelt as one of the most important figures of the 20th century. Their history tends to be a history of political leaders and the social forces they manage. “That boggles my mind,” he explains, since one of the most interesting aspects of the 20th century is media: radio, television, cinema. These are so far from mainstream American history that these historians have their own professional societies. One goal is to return media to the center of studying American history. Another is to historicize media studies.

His book, The Democratic Surround, covers the period from 1937 to 1967, and it’s a prequel to his earlier book, From Counterculture to Cyberculture, which covers from 1968 to 1993. In From Counterculture to Cyberculture, Turner finds the roots of Wired Magazine and digital utopianism in 60s countercultural movements. Completing that history, he wanted to go further back, to the origins of those countercultural movements in reactions to World War II.

In 1938, American intellectuals had a problem. Germany was the center of intellectual culture and music. When Germany turned itself over to the leadership of Adolf Hitler, an obvious madman, people needed to figure out why. A popular explanation given was that Hitler had somehow mastered mass media – newspapers, movies, radio – and figured out how to capture the unconscious allegiance of ordinary Germans. One theory is that Hitler and Goering were literally insane, and that the media was the channel for making their madness communicable. Another theory was that the mass media was profoundly powerful, that the one to many practice of mass media was essentially a fascist model.

Reading old issues of the Sunday Evening Post, Turner was shocked to find FDR described as “the fourth fascist”, alongside Hitler, Tojo and Mussolini. Why? Because he had managed to capture mass media through his fireside chats and channel American public opinion in support of his policies. By 1941, many Americans feared that mass media could turn people into fascists… and this wasn’t an absurd idea. Father Coughlin had an audience of 3 million, and he used the airwaves to push The Protocols of the Elders of Zion. In Madison Square Garden in the late 1930s, 22,000 people rallied for fascism, against Judaism, in defense of “Christian America”. Fascism was surprisingly popular with Americans, even Naziism.

Turner invites us to yell out Bogart films – Casablanca, The Maltese Falcon, Treasure of the Sierra Madre – and notes that none of us mentioned The Black Legion, a 1937 film in which Bogart is a blackshirt fascist who kills his Polish neighbor in the hopes of starting a fascist revolution.

The fear is that mass media creates fascists, either by conveying the insanity of American leaders, or by putting us into masses that all point in the same direction. If we want to confront fascism, how do we do so without turning them into fascists. FDR has an idea – he wants to copy Goebbel’s methods to deprogram Americans. But there’s another group at work – the Committee for National Morale, assembled in 1941, a group of 60 leading social scientists who work together to make propaganda that would promote “democratic character”.

The idea of democratic character ties to the idea that nations have a pre-existing personality that can be triggered by media. Germany’s authoritarian character was triggered by Nazi media. How can America’s fundamental democratic character be triggered by media? And once we trigger this character, how do we “coordinate the intelligences and will” of people? They theorize that they need to build a medium based on “non-hierarchical principals”. They have theories about images for all sides, smoke bombs, spectacles to force individuals to choose and integrate different images.

Fortunately, a bunch of refugees from the Bauhaus were down the street. Turner focuses on Herbert Bayer, whose theory of exhibitions was enormously influential. Bayer challenged the idea that pictures were meant to be held on walls at eye level. Instead, as a gestaltist, Bayer believed that we needed to see images all around ourselves and knit these images into a single experience which helps us integrate our whole self. When Bayer comes to the US fleeing the Nazis, he’s happy to bring this idea to the project of creating the democratic man and pushing against the Nazi regime.

Bayer’s first exhibit in the US was “The Road to Victory”, shown at the Museum of Modern Art in 1942. 800,000 people saw the exhibit over 6 weeks, an awfully large number in the context of the population of New York City. It’s clearly a propagandistic, jingoistic exhibit. But the nationalism of the imagery wasn’t what people appreciated – it was the fact that the images were shown at different levels and that the exhibit forced people through a particular path, inviting the viewer to integrate the images as she passed through.

This idea of integrating multiple perspectives is surprisingly influential on cybernetics. Many of the members of the Committee for National Morale participated in the Macy Conferences, bringing social scientists like Margaret Mead into contact with technological thinkers like Norbert Weiner. Weiner believed that we should think of democratic citizens as self-regulating machines, taking in feedback and reacting accordingly. Fascist citizens, on the other hand, can be understood as mechanistic ants. To be fully human is to understand that you are information system seeking information from other information systems.

The democratic surround – these multimedia exhibitions – go out into the world in travelling propaganda expos and through the art world, eventually influencing the 1960s counterculture. In both cases, computation is deeply implicated in the process. Turner shows us “Glimpses of the USA”, an exhibit of US technology in Moscow in 1959. The US Information Agency with large American corporations built a massive exhibition seen by 2 million Soviet citizens. Inside a geodesign dome designed by Buckminster Fuller are seven huge screens designed by Charles and Ray Eames, showing images that move at different rates, designed both to show American abundance, and to give Soviet citizens the chance to choose between images as in Bayer-style exhibits.

In the archives, studying these exhibitions, Turner discovered that USIA’s approach to this exhibit was for the exhibitors to “act like therapists”, understanding the psychological conditions of the Soviet visitors, to attempt an intervention and to evaluate its success. In essence, the Glimpses of the USA exhibit was to surveil and record the mindset of the Soviet Union. A IBM RAMAC Computer answered questions in Russian, and compiled dossiers on what Soviets wanted to know.

Turner juxtaposes these propaganda exhibits against the art world of composers like John Cage. Cage explains 3″44 and the idea that listening to “silence” and environmental sounds is a part of creating an integrated self. It’s widely believed that Cage came to this line of thought through his interest in Eastern religion. But Turner has found evidence that Cage was a profound patriot, who was interested in using percussion and electronic music to help Americans understand the experience of freedom.

We jump forward to 1952 to Black Mountain College, the rural educational retreat where Buckminster Fuller deployed his first dome, and where Cage and others deployed the first “happening”. Someone climbed a ladder and declaimed a poem. A dog ran around. Someone pounded on a piano, and people put teacups on a chair. “That was it. On what planet does that transform art for the next two decades?”

In 1957, Cage goes to New York and teaches the founders of the “happenings” world. In 1966, they hold an exhibition called by a journalist a “be-in”. It was a multimedia, psychedelic environment designed to help you understand yourself as a global citizen. This was the aesthetic of late universal humanism.

Turner explains that this is a world where artists and engineers want to play together. At the Pepsi Pavillion in Osaka in 1970 are cybernetic organisms you can interact with. When you enter, the space is designed to be a three dimensional computational and art experience. The builders of this space are associated with everyone from Cage’s happenings to Bell Labs, all working for Pepsi, who are trying to bring us “the young generation”. It was computer monitored and maintained environment designed to create psychological freedom. You see yourself in the mirrored Mylar ceiling, literally surrounded by reflections of yourself. (“Facebook”, Turner notes.) As you walk across the floor, you trigger different sounds which play to you on a handset. You are part of a cybernetic loop, free to experience the diversity of the national and mechanical world. As Weiner says, “We are but patterns of information in rivers of time.”

You would think there would be a happy end to this story. The people who participated in the be-ins that led to the summer of love were exactly the self-actualized people Margaret Mead and the committee for national morale were trying to create in 1942. But there’s a problem.

In these multimedia exhibitions, you are free to explore, to cluster, to see yourself in the images of very different people. But this whole experience has been intensely curated, and power is being exercised on you via aggregation. And those powerful shaping forces are invisible. “You can shout back at Hermann Göring, but how do you shout back at the exhibition designers?”

And that’s where we are now, Turner explains. We are in a world of personal choice, where reaching out to connect with distant others is, in fact, the tool used to control us.

Some of the questions ask whether Turner is being unfair or unkind in describing Bayer and others as oppressing those who experience their exhibits. Turner explains that we’re too often looking for a bad guy. In this story, we have many people whose intentions are good, who are working on the right issues, and end up creating systems that act counter to what they expected and intended. Asked how artists could avoid being “accidentally oppressive”, Turner points out that the key involves who you collaborate with and how – while the 1960s happenings were run almost exclusively by privileged white men and featured women primarily as objects, Turner asks us to imagine genuine expressions of equal collaboration in a polyracial and feminist society.

by Ethan at February 05, 2016 12:11 AM

February 04, 2016

Bruce Schneier
The Internet of Things Will Be the World's Biggest Robot

The Internet of Things is the name given to the computerization of everything in our lives. Already you can buy Internet-enabled thermostats, light bulbs, refrigerators, and cars. Soon everything will be on the Internet: the things we own, the things we interact with in public, autonomous things that interact with each other.

These "things" will have two separate parts. One part will be sensors that collect data about us and our environment. Already our smartphones know our location and, with their onboard accelerometers, track our movements. Things like our thermostats and light bulbs will know who is in the room. Internet-enabled street and highway sensors will know how many people are out and about­ -- and eventually who they are. Sensors will collect environmental data from all over the world.

The other part will be actuators. They'll affect our environment. Our smart thermostats aren't collecting information about ambient temperature and who's in the room for nothing; they set the temperature accordingly. Phones already know our location, and send that information back to Google Maps and Waze to determine where traffic congestion is; when they're linked to driverless cars, they'll automatically route us around that congestion. Amazon already wants autonomous drones to deliver packages. The Internet of Things will increasingly perform actions for us and in our name.

Increasingly, human intervention will be unnecessary. The sensors will collect data. The system's smarts will interpret the data and figure out what to do. And the actuators will do things in our world. You can think of the sensors as the eyes and ears of the Internet, the actuators as the hands and feet of the Internet, and the stuff in the middle as the brain. This makes the future clearer. The Internet now senses, thinks, and acts.

We're building a world-sized robot, and we don't even realize it.

I've started calling this robot the World-Sized Web.

The World-Sized Web -- can I call it WSW? -- is more than just the Internet of Things. Much of the WSW's brains will be in the cloud, on servers connected via cellular, Wi-Fi, or short-range data networks. It's mobile, of course, because many of these things will move around with us, like our smartphones. And it's persistent. You might be able to turn off small pieces of it here and there, but in the main the WSW will always be on, and always be there.

None of these technologies are new, but they're all becoming more prevalent. I believe that we're at the brink of a phase change around information and networks. The difference in degree will become a difference in kind. That's the robot that is the WSW.

This robot will increasingly be autonomous, at first simply and increasingly using the capabilities of artificial intelligence. Drones with sensors will fly to places that the WSW needs to collect data. Vehicles with actuators will drive to places that the WSW needs to affect. Other parts of the robots will "decide" where to go, what data to collect, and what to do.

We're already seeing this kind of thing in warfare; drones are surveilling the battlefield and firing weapons at targets. Humans are still in the loop, but how long will that last? And when both the data collection and resultant actions are more benign than a missile strike, autonomy will be an easier sell.

By and large, the WSW will be a benign robot. It will collect data and do things in our interests; that's why we're building it. But it will change our society in ways we can't predict, some of them good and some of them bad. It will maximize profits for the people who control the components. It will enable totalitarian governments. It will empower criminals and hackers in new and different ways. It will cause power balances to shift and societies to change.

These changes are inherently unpredictable, because they're based on the emergent properties of these new technologies interacting with each other, us, and the world. In general, it's easy to predict technological changes due to scientific advances, but much harder to predict social changes due to those technological changes. For example, it was easy to predict that better engines would mean that cars could go faster. It was much harder to predict that the result would be a demographic shift into suburbs. Driverless cars and smart roads will again transform our cities in new ways, as will autonomous drones, cheap and ubiquitous environmental sensors, and a network that can anticipate our needs.

Maybe the WSW is more like an organism. It won't have a single mind. Parts of it will be controlled by large corporations and governments. Small parts of it will be controlled by us. But writ large its behavior will be unpredictable, the result of millions of tiny goals and billions of interactions between parts of itself.

We need to start thinking seriously about our new world-spanning robot. The market will not sort this out all by itself. By nature, it is short-term and profit-motivated­ -- and these issues require broader thinking. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission as a place where robotics expertise and advice can be centralized within the government. Japan and Korea are already moving in this direction.

Speaking as someone with a healthy skepticism for another government agency, I think we need to go further. We need to create agency, a Department of Technology Policy, that can deal with the WSW in all its complexities. It needs the power to aggregate expertise and advice other agencies, and probably the authority to regulate when appropriate. We can argue the details, but there is no existing government entity that has the either the expertise or authority to tackle something this broad and far reaching. And the question is not about whether government will start regulating these technologies, it's about how smart they'll be when they do it.

The WSW is being built right now, without anyone noticing, and it'll be here before we know it. Whatever changes it means for society, we don't want it to take us by surprise.

This essay originally appeared on, which annoyingly blocks browsers using ad blockers.

EDITED TO ADD: Kevin Kelly has also thought along these lines, calling the robot "Holos."

EDITED TO ADD: Commentary.

by Bruce Schneier at February 04, 2016 05:01 PM

Ethan Zuckerman
Why is Verizon letting rural broadband decay?

Let me start with an apology: reading other people’s tech support horror stories is less fun than hearing them describe their medical problems or recount their dreams. No one wants to hear them. While this starts as a tech support rant, I promise that it’s a much broader rant, about the state of infrastructure in rural America, the nature of corporate monopoly and the consequences of America’s naive faith in under-regulated markets. And if that sounds as painful as hearing me describe my knee pain, this would be a fine time to click the back button.

I live in a small town in western Massachusetts, and my only option for wired internet access is Verizon’s DSL service. I’ve been a customer for almost a decade and it’s decent much of the time, capable of streaming lores video from Netflix if no one else in the house is using the internet. About two weeks ago, it decayed sharply in quality, and I discovered that my connection was dropping 30-50% of packets. Once my six year old could no longer stream LEGO Ninjago, we’d reached panic time, and I called tech support.

After a few rounds of the usual “Have you tried rebooting the router?”, I got escalated to a team of very high level techies, the Presidential Appeals team, who politely and sympathetically told me the bad news: the problem was Verizon’s, not mine, and they weren’t going to fix it. Verizon had “oversold” the remote office that serviced my corner of town, and I and 208 customers were having the same problem. We were using way more bandwidth than Verizon’s network was providing to that office, saturating the T3 line that served the office, which meant all 209 of us were blocking each others’ packets and degrading each others’ service.

The math is pretty simple: Verizon’s DSL nominally offers up to 3Mbit/sec worth of bandwidth. A T3 provides 45 Mbit/sec of bandwidth, which means the line could accomodate 15 families using bandwidth at the highest possible level, or 30 simultaneous users at Netflix’s recommended broadband speed of 1.5 Mbit/sec. When these DSL networks were built, most people weren’t streaming video for hours at a time – now, we are. And the network simply can’t handle it.

“You guys need an OC3 minimum, and we should give that office an OC12 or OC24 if we were engineering for the future,” my new friend in tech support told me. “But there are no engineering orders to upgrade that line.” He went on to encourage me to complain to Verizon’s management through whatever channels I could. “We know we’re providing you with badly degraded service, and there’s nothing I can do about it.”

That made me a little angry. While I’d gotten Verizon to refund my bill for my unusable service, 208 of my neighbors were paying full freight for service Verizon knew was crappy. And while the problem was solvable – install more bandwidth – Verizon had evidently decided that maintaining their infrastructure to support this load wasn’t a priority. So I sent some letters – to my State Senator, to the MassDCT (our telecoms regulator), to the Better Business Bureau, to the regional manager for external relations at Verizon. (All the government officials got back to me within 12 hours, though I never did hear from Verizon’s external relations executives.)

Things got weirder the next day. Another member of the Presidential Appeals team called me, this time for the billing department, and gently, apologetically laid out Verizon’s offer to me. They would be willing to cut my bill and have me as a fractional DSL consumer, with a projected download speed of 1Mbit/sec… or they would terminate my contract. Unfortunately, Verizon could no longer offer me DSL service.

Our local library. And town hall. And dog pound. And most reliable internet service provider.

I’d love to tell you that I told Verizon to pound sand, but as I mentioned, they have a monopoly. I could use an AT&T mobile hotspot, but the bandwidth costs get extreme pretty quickly. I could go back to satellite internet, but I still have nightmares of debugging it ten years ago, using a voltmeter to read line levels while on the phone with Hughes. And at this point, I was parking in the library of the Lanesboro, MA public library to use their lovely open wifi network, which offered a symmetric 5mbit connection, and only had the disadvantage of being four miles drive from my house. I agreed to have Verizon downgrade my service and became a fractional DSL customer.

At a moment when President Obama is promoting rural broadband, Verizon is deciding not to maintain their rural networks and let them degrade. While Republican governor Charlie Baker is investing state money in plans to provide broadband to businesses and homes in my community, Verizon has decided it is profitable to underserve their customers and invite them to quit if they don’t like the situation.

President Obama told an audience in rural Oklahoma that “The Internet is not a luxury, it’s a necessity. You cannot connect with today’s economy without access to the Internet.” Unfortunately, that necessity is not yet one Verizon is required to provide to rural residents. Despite the FCC’s reclassification of broadband internet service as a utility, Verizon is not legally required to offer broadband service to me or my neighbors and can choose to terminate my service, as the representative of the Massachusetts Department of Telecommunications and Cable patiently explained to me. “It’s not like local phone service, which they’re required to provide you with,” she explained.

So why is Verizon turning down my money? Why aren’t they building a network capable of supporting streaming video, Skype, Google Hangout and all the pleasures of modern, wired life? Well, it’s because they’re thinking of the future.

Time Warner Cable and Charter Communications have proposed a merger that would create a massive new cable company. My state senator’s office tells me that the new company has announced plans to offer cable internet service in my town, which would be great… in a few years, if the merger gets approved, and after they build out a network in our huge, sparsely populated town. Verizon knows that their DSL service can’t compete with cable internet, and they’re strategically underinvesting in our community. From a business perspective, it’s a smart thing for them to do – after all, where else am I going to go? How long can I idle my car in the library parking lot before the neighbors complain?

Americans, especially conservatives, like to celebrate the miracle of free market capitalism, the ways in which competition makes businesses more creative, nimble and efficient. But that’s a fairy tale, a story free marketeers tell their children to lull them to sleep. Building out a telecommunications network is extremely expensive, and the last thing companies want to do is find themselves in vigorous competition with another company that’s built out its own expensive network. So cable and telecommunications companies have come to a gentlemen’s agreement that’s good for their bottom lines and terrible for consumers – they politely stay out of each other’s territories, ensuring that connectivity is a monopoly in most markets and a duopoly in a few. Sure, that would be collusion, and the US government has the power to break up certain monopolies… but telecoms have great lobbying teams who’ve convinced legislators and regulators that 4G wireless service, which charges per bit, is a perfectly competitive alternative to unmetered wired broadband service. (Susan Crawford’s Captive Audience makes this argument far better than I ever could.)

It doesn’t have to be this way, and it’s not in most of the world. Most governments realize that the heavy investment in infrastructure leads incumbents to try and protect monopolies, so they require operators to open their networks to competitors at cost. The result is competition, which leads to lower prices and better service. But it’s a carefully regulated market that gets you this competition, not an ideologically pure free one.

So why do Americans put up with internet that’s slower and more expensive than in Europe? Because we buy the lie that government regulation will raise prices and stifle (nonexistent) competition. Because we don’t know how embarrassingly bad American infrastructure is compared to most developed nations, unless we spend a lot of our time travelling. Because we feel politically powerless to change this situation, less able to influence our legislators than megacorporations are.

I think there’s another reason. For most people in the US, telecommunications is getting better. Slowly, expensively it’s getting better – people are cutting cord and cable and moving voice telephony and video viewing onto internet networks as they get access to faster and more reliable bandwidth. But that’s not what’s happening in Western Massachusetts, or in much of rural America. It’s getting worse for us, and right now, it’s very hard to see how it’s going to get better any time soon.

After a half-day outage Tuesday, my connectivity improved when I tested it early Wednesday morning. Perhaps throttling my connection will give me fewer dropped packets and my kid can watch streamed cartoons, pixelated, at 5fps. But now I know what Verizon has planned for me – service that gets worse and worse until I finally give up. Another reason for businesses to move to big cities, ignoring our beautiful landscape and quality of life because they can’t work without connectivity. More reasons for people who grow up in towns to leave the area to seek economic opportunity. More people in cities and suburbs with higher rents and longer commutes and more empty houses in the country.

For perfectly legal business reasons, Verizon has made a business decision that will slowly kill my town. And I’m helping by paying them.

Susan Crawford’s proposed solution to the cable/telephony duopoly is robust municipal broadband projects, as we’ve seen in cities like Santa Monica, CA and Chattanooga, TN. I agree that this is a great idea, and I’d sign up immediately if such service was available in my town. For now, Mass Broadband Institute, our state funded entity focused on rural broadband, has focused first on connectivity to libraries, schools and town buildings… which helps explain the great wifi on offer in the library’s parking lot. They’ve made less progress on home broadband, and lately, there’s been sparring between MBI and WiredWest, a cooperative that wants to build fiber networks in our small towns to solve the last mile problem. Susan is right, as she so often is, but it may be a very long time before the solution she proposes is available for me and my neighbors.

Good friend, and former Berkshire dweller Prof. Chad Orzel offers a quibble with my analysis:

I think Chad is right when he notes that this complicates the politics – I think many of my neighbors are just grateful to have broadband that doesn’t come from flaky satellite connections. But it’s not quite the fact pattern. Basically, we’ve gone from no wired broadband to shitty broadband to unusably shitty broadband – at 40% packet loss, there’s really nothing you can do using streaming services, Skype or interactive web services – everything times out. For a couple years there, DSL + heavy compression made Netflix a reality. As more of my neighbors have gotten on the bandwagon, it’s just not an option these days, and I’m renewing my Netflix bits by DVD via mail service.

by Ethan at February 04, 2016 12:37 PM

Benjamin Mako Hill
Welcome Back Poster

My office door is on the second floor in front the major staircase in my building. I work with my door open so that my colleagues and my students know when I’m in. The only time I consider deviating from this policy is the first week of the quarter when I’m faced with a stream of students, usually lost on their way to class and that, embarrassingly, I am usually unable to help.

I made this poster so that these conversations can, in a way, continue even when I am not in the office.



by Benjamin Mako Hill at February 04, 2016 06:25 AM

February 03, 2016

David Weinberger
Trump’s "linguistic killshot"

Scott Adams, the Dilbert guy, writes perceptively about Trump’s skill verbally assassinating his opponents with what Scott kills a “linguistic killshot.” His example is Trump labeling Jeb! as “low-energy.” It’s the type of description that cannot be countered and cannot be unheard. Adams notes that Trump is both very calculating and very smart about this.

But he predicts that Trump’s shot against Hillary Clinton will be that she is not “credible.” I think I disagree. For one thing, that’s been the explicit beef against her for twenty years. For another, I don’t think it will have much traction with the people Trump needs to reach, because independents are just as likely to think that Trump negotiating with allies is more of a Dukakis-in-the-tank moment than a vision of credibility.

Assuming that Hillary is the nominee, I think maybe Trump will go after her as “always flapping her jaws,” as “chatty but no one can understand what she’s saying,” as “blah blah NATO blah blah Excuses blah blah Policy Report #45278 Part A.” But that’s not what America needs, he’ll tell us. We need someone who will stand up to our allies and kill our enemies. “It’s not that hard, folks. And we don’t need a Chatty Cathy for that.”

This has the effect of neutralizing her deep expertise, especially in foreign affairs, thus turning her strength against her. It makes her look weak-willed. There is no effective counter to it. And it’s deeply misogynistic. In short, it’s got Trump in big gold letters all over it.

The post Trump’s "linguistic killshot" appeared first on Joho the Blog.

by davidw at February 03, 2016 11:10 PM

Bruce Schneier
Security vs. Surveillance

Both the "going dark" metaphor of FBI Director James Comey and the contrasting "golden age of surveillance" metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong encryption to their customers.

It's a myopic framing that focuses only on one threat -- criminals, including domestic terrorists -- and the demands of law enforcement and national intelligence. This obscures the most important aspects of the encryption issue: the security it provides against a much wider variety of threats.

Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It's a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients.

Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackers -- probably the Chinese government -- stole 21.5 million personal files of U.S. government employees and others. They wouldn't have obtained this data if it had been encrypted. Many large-scale criminal data thefts were made either easier or more damaging because data wasn't encrypted: Target, TJ Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence.

Adding backdoors will only exacerbate the risks. As technologists, we can't build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer's hard drive, so can other governments. So can criminals. So can terrorists. This is not theoretical; again and again, backdoor accesses built for one purpose have been surreptitiously used for another. Vodafone built backdoor access into Greece's cell phone network for the Greek government; it was used against the Greek government in 2004-2005. Google kept a database of backdoor accesses provided to the U.S. government under CALEA; the Chinese breached that database in 2009.

We're not being asked to choose between security and privacy. We're being asked to choose between less security and more security.

This trade-off isn't new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2013, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important.

Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance. For a variety of technical reasons, computer security is extraordinarily weak. If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they're in. If they're not, it's because you're not high enough on their priority list to bother with. Widespread encryption forces the listener -- whether a foreign government, criminal, or terrorist -- to target. And this hurts repressive governments much more than it hurts terrorists and criminals.

Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications. In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.

This essay previously appeared as part of the paper "Don't Panic: Making Progress on the 'Going Dark' Debate." It was reprinted on Lawfare. A modified version was reprinted by the MIT Technology Review.

by Bruce Schneier at February 03, 2016 12:09 PM

Joseph Reagle
Why learning styles are hard to give up

Some of my students refuse to believe the theory of learning styles is discredited. Referring them to Wikipedia or literature reviews isn't sufficient because they strongly identify as visual or tactile learners. It's a deeply felt intuition---that I share.

I think the intuition is misleading because we confuse style with ability thresholds. Einstein, a brilliant autodidact, can learn a difficult concept (like gyroscopic precession) from a dry and boring text. I can learn the same concept only by way of a visual demonstration, such Derek Muller's.

I might mistakenly conclude "I'm a visual learner," but Einstein can also learn from the demonstration. Everyone benefits from a great demonstration. People do have different abilities, and we'll encounter different thresholds at which we then want a better learning method. But this is different from what learning style theory predicts, that (1) you can identify people who learn better through one style/modality and (2) they actually do better in a curriculum tailored for that style and people with different purported styles do not. There is little evidence of this.

by Joseph Reagle at February 03, 2016 05:00 AM

February 02, 2016

Berkman Center front page
Engineering open production efficiency at scale


with computer scientist, Aaron Halfaker


Mixing systems thinking, advanced computation, and feminist theory to design for better open production communities.

Parent Event

Berkman Luncheon Series

Event Date

Feb 2 2016 12:00pm to Feb 2 2016 12:00pm
Thumbnail Image: 

Tuesday, February 2, 2016 at 12:00 pm
Berkman Center for Internet & Society at Harvard University
23 Everett Street, Second Floor, Cambridge, MA  02138

[Event at capacity] Please join the live webcast at 12:00 pm.

Wikipedia, largely used as a synecdoche for open production generally, is a large, complex, distributed system that needs to solve a set of "open problems" efficiently in order to thrive. In this talk, I'll use the metaphor of biology as a "living system" to discuss the relationship between subsystem efficiency and the overall health of Wikipedia.  Specifically, I'll describe Wikipedia's quality control subsystem and some trade-offs that were made in order to make this system efficient through the introduction of subjective algorithms and human computation.  Finally, I'll use critiques waged by feminist HCI to argue for a new strategy for increasing the adaptive capacity of this subsystem and speak generally about improving the practice of applying subjective algorithms in social spaces.  Live demo included!

About Aaron

Aaron Halfaker is an American computer scientist who is an employee of the Wikimedia Foundation. Halfaker earned a Ph.D. in computer science from the GroupLens research lab at the University of Minnesota in 2013. He is known for his research on Wikipedia and the decrease in the number of active editors of the site. He has said that Wikipedia began a "decline phase" around 2007 and has continued to decline since then. Halfaker has also studied automated accounts on Wikipedia, known as "bots", and the way they affect new contributors to the site. He has developed a tool for Wikipedia editing called "Snuggle", the goal of which is to eliminate vandalism and spam, and to also highlight constructive contributions by new editors. He has also built an artificial intelligence engine for Wikipedia to use to identify vandalism.


These tell a story in order.  The talk will cover a bit of each.  Read from top to bottom and stop when you get bored or run out of time.


by candersen at February 02, 2016 05:00 PM

Bruce Schneier
More Details on the NSA Switching to Quantum-Resistant Cryptography

The NSA is publicly moving away from cryptographic algorithms vulnerable to cryptanalysis using a quantum computer. It just published a FAQ about the process:

Q: Is there a quantum resistant public-key algorithm that commercial vendors should adopt?

A: While a number of interesting quantum resistant public key algorithms have been proposed external to NSA, nothing has been standardized by NIST, and NSA is not specifying any commercial quantum resistant standards at this time. NSA expects that NIST will play a leading role in the effort to develop a widely accepted, standardized set of quantum resistant algorithms. Once these algorithms have been standardized, NSA will require vendors selling to NSS operators to provide FIPS validated implementations in their products. Given the level of interest in the cryptographic community, we hope that there will be quantum resistant algorithms widely available in the next decade. NSA does not recommend implementing or using non-standard algorithms, and the field of quantum resistant cryptography is no exception.


Q: When will quantum resistant cryptography be available?

A: For systems that will use unclassified cryptographic algorithms it is vital that NSA use cryptography that is widely accepted and widely available as part of standard commercial offerings vetted through NIST's cryptographic standards development process. NSA will continue to support NIST in the standardization process and will also encourage work in the vendor and larger standards communities to help produce standards with broad support for deployment in NSS. NSA believes that NIST can lead a robust and transparent process for the standardization of publicly developed and vetted algorithms, and we encourage this process to begin soon. NSA believes that the external cryptographic community can develop quantum resistant algorithms and reach broad agreement for standardization within a few years.

Lots of other interesting stuff in the Q&A.

by Bruce Schneier at February 02, 2016 01:11 PM

NSA's TAO Head on Internet Offense and Defense

Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) group -- basically the country's chief hacker -- spoke in public earlier this week. He talked both about how the NSA hacks into networks, and what network defenders can do to protect themselves. Here's a video of the talk, and here are two good summaries.

Intrusion Phases

  • Reconnaissance
  • Initial Exploitation
  • Establish Persistence
  • Install Tools
  • Move Laterally
  • Collect Exfil and Exploit

The event was the USENIX Enigma Conference.

The talk is full of good information about how APT attacks work and how networks can defend themselves. Nothing really surprising, but all interesting. Which brings up the most important question: why did the NSA decide to put Joyce on stage in public? It surely doesn't want all of its target networks to improve their security so much that the NSA can no longer get in. On the other hand, the NSA does want the general security of US -- and presumably allied -- networks to improve. My guess is that this is simply a NOBUS issue. The NSA is, or at least believes it is, so sophisticated in its attack techniques that these defensive recommendations won't slow it down significantly. And the Chinese/Russian/etc state-sponsored attackers will have a harder time. Or, at least, that's what the NSA wants us to believe.

Wheels within wheels....

More information about the NSA's TAO group is here and here. Here's an article about TAO's catalog of implants and attack tools. Note that the catalog is from 2007. Presumably TAO has been very busy developing new attack tools over the past ten years.

BoingBoing post.

EDITED TO ADD (2/2): I was talking with Nicholas Weaver, and he said that he found these three points interesting:

  • A one-way monitoring system really gives them headaches, because it allows the defender to go back after the fact and see what happened, remove malware, etc.

  • The critical component of APT is the P: persistence. They will just keep trying, trying, and trying. If you have a temporary vulnerability -- the window between a vulnerability and a patch, temporarily turning off a defense -- they'll exploit it.

  • Trust them when they attribute an attack (e,g: Sony) on the record. Attribution is hard, but when they can attribute they know for sure -- and they don't attribute lightly.

by Bruce Schneier at February 02, 2016 11:01 AM

Ethan Zuckerman
Heroin and Hope

This story is cross-posted on, where it’s got more links, images and a layout that lets you see what’s behind the links while you read the story. Check it out there, and try FOLD to publish your own stories.

I became a Anthony Bourdain fan when he moved from the printed page to the television screen. I’d enjoyed his snarky, insider view of the NY restaurant scene, but I identified more with his mix of wide-eyed wonder and frustration as he began traveling the world in search of inspiring food and the people and cultures behind it. As his traveling circus has moved from network to network, he and his crew have gotten braver, focusing less on strange food and more on the politics of the places they’re visiting. In his show on Myanmar, the first interview is in one of Yangon’s ubiquitous tea shops. But the interview is with a leading opposition journalist, not a chef or food writer. Bourdain still eats well, but his viewers leave with an impression of a city’s character and politics, not just its flavor profile.

When Bourdain and “Parts Unknown” came to Massachusetts last winter, I was excited. Everyone comes to Boston, but very few TV crews make it out west past 495, the conceptual dividing line between Boston’s suburbs and the rest of the state. One of the promotional shots for the show featured The People’s Pint, one of my favorite bars, in Greenfield MA. So Rachel and I sat down to watch the show a few days before last Christmas, fingers crossed that our friends with restaurants in western MA would be showcased in front of an international audience. And then discovered that the show wasn’t about food, but about heroin.

Bourdain learned to cook in the clam shacks of Provincetown, MA, and the show follows him through the streets of the charming seaport, as he remembers his wild youth and his introduction to drugs, and eventually to heroin. To examine what heroin is doing today, Bourdain visits Franklin County, MA, a corner of western MA that’s wrestling with an opioid epidemic. As Bourdain interviews a former heroin dealer while sitting on a log in the woods, my hopes for seeing favorite restaurants like Hope and Olive featured turned into a fervent prayer that I wouldn’t see anyone I recognized.

Western MA and southern Vermont have become major transit points for heroin moving north from New York City along I-87, I-89 and I-91. Some of it heads to Boston, Portland and Montreal, but enough sticks around to saturate small towns. Some heroin users have never used another illegal drug previously – they got hooked on pharmaceutical opioids prescribed by doctors treating pain and turned to heroin when pharmacies became more careful about releasing Oxycontin and other prescription medications. Others are kids bored with small town life, long winters and collapsing economies. Towns like Bennington, VT – featured by the New York Times in a story about the rural “heroin scourge” – have small police departments that are desperately trying to catch up with the reality of a local drug trade.

There’s a possible upside to the opioid epidemic, if it’s possible to say such a thing about a tragedy that’s destroying families and killing people. A rural, white drug epidemic might be what finally ends the US’s racist, failed war on drugs.

A recent New York Times article featured Leonard Campanello, the police chief of Gloucester, MA, a beach town north of Boston, praising his approach to heroin, which keeps addicts out of prison and steers them into treatment programs, locally and nationally. His program, which has inspired dozens of others around the country, is laudable, as are efforts by Vermont governor Peter Shumlin, who spent the entirety of his 2014 State of the State message talking about opioids, seeking to reframe the conversation about heroin as one about public health, not about crime. Police officers in our area carry Naloxone, a drug that can often reverse heroin overdoses. Some police departments have unofficial policies that heroin users won’t be arrested, particularly if they are bringing in another user who is overdosing.

In other words, in our corner of New England, we’re starting to see a sane, rational, humane approach by law enforcement to drug addiction. We’re starting to see people realize that drug addiction is a health issue, that prosecuting end users is counterproductive, that treatment is vastly less expensive than incarceration.

It’s about time. And all it took was for our neighbors to become addicts.

The war on drugs has disproportionately been a war on black people. African Americans are 12% of the population of US drug users, but represent 38% of those arrested for drug offenses and 59% of those in prison for drug offenses. These numbers didn’t happen by accident – the war on drugs is one of the clearest illustrations of structural racism in action. Mandatory minimum sentences initially prescribed sentences for crack cocaine (disproportionately used by African Americans) at 100 times the severity of sentences for powdered cocaine (disproportionately used by white Americans) – 10 grams of crack led to the same sentence as 1kg of powder, despite the fact that the two are pharmacologically identical. Sentencing reform dropped this disparity to 18 to 1 in 2010, but harsh sentences aren’t the only reason for disparities in prison populations. Overpolicing of communities of color is another reason. Lots of cops on the street lead to lots of arrests for petty drug crimes, which means more people have previous offenses, which means future arrests for minor drug crimes lead to serious time.

So when white police officers suddenly realize that the war on drugs isn’t working because white people are dying, it’s easy to understand why people of color might find these displays of compassion somewhat frustrating.

My guess is that the shift in law enforcement attitudes isn’t purely racial, but also tribal. The communities where these policy changes are taking place are often small towns where police officers are literally arresting neighbors and their kids. Mayors and police chiefs in these towns talk about how difficult it was to arrest their kid’s childhood friend or classmate. My guess is that the realization that your child could be next – a realization that comes from seeing a problem as one that affects your tribe – goes a long way towards building compassion.

In this sense, we may be seeing a moment with drug abuse in the US that’s not unlike a national shift around equal marriage for gay and lesbian couples. For civil rights advocates, the incredible speed at which a majority of Americans accepted equal marriage stands in sharp contrast to the centuries-long struggle for the legalization of interracial marriage. One theory that has been offered for the difference in pace is that gays and lesbians appear to be evenly distributed throughout the US population, which means that most families – even Dick Cheney’s – have a homosexual somewhere in their family tree, while interracial marriage in a majority white country is disproportionately common in communities of color. Perhaps the discovery that drug addiction affects white and black, rural and urban is what we need to finally turn our national discourse on drugs from one about crime into one about health.

My hope for this moment in time is that families who’ve gone through the trauma of losing a loved one to opioid overdose will see themselves as part of a national movement to reform our nation’s broken drug policies. My hope is that the police chiefs and political leaders who are helping Vermont and Massachusetts cope with heroin abuse will help colleagues throughout the country realize that the drug war is a destructive and broken strategy. And my hope is that the sense of “we’re in this together” that communities are manifesting in response to the opioid epidemic is one that could extend beyond rural white communities and represent a new approach to tackling not just drug addiction but problems of poverty, health, and structural racism.

Hope alone won’t make change. But hope, in tandem with anger at the unfairness of a drug war that has decimated communities and ruined lives, might be enough to finally end the war on drug users and build a compassionate response to addiction.

by Ethan at February 02, 2016 03:11 AM

February 01, 2016

David Weinberger
Tung oil from a good vendor

We made the odd choice of replacing our miracle composite kitchen floor — zero upkeep — with a knotty pine floor. Pine is beautiful, and we think it helps make our kitchen look more inviting, but it’s very soft wood.

So we’re conditioning it with tung oil. Tung oil penetrates the wood and polymerizes, hardening it while enriching the color and giving it a satiny sheen. The floor will still be softer than our miracle composite, but you have to resign yourself to thinking of the dents and scratches as signs of its being lived in. Or on. Also, because tung oil penetrates the wood and isn’t a layer on top, you can sand out some dings, and you can always wipe on a little more oil. We may live to regret it, but we like it so far.

floor before and after

Unfortunately, tung oil is a pain in the tuchus when compared to, say, polyurethane. You brush poly on, you let it dry, you lightly scratch it up with brillo or sandpaper, and you do it again. Boom done. Tung oil takes several coats, it smells, it takes longer to dry before the next coat, and it takes much longer to fully polymerize.

After a lot of research — Thank you, Internet — we decided on going with Real Milk Paint tung products. The rational reasons are:

1. They seem to have high quality products. Since there are various types of tung oil pretenders on the market, that counts.

2. For the initial applications, the Internet recommends cutting the tung oil with a solvent. Real Milk has a pre-mixed prep called Half and Half that cuts the tung with citrus oil. True to the claims, we found that it dries quickly and doesn’t smell bad — sort of citrusy, unsurprisingly. (Nevertheless, we trained a fan over the floor while it dried to blow the odor away from us humans.)

But the real reason we went with Real Milk is that they seem like Real People who know their tung oil. I came to this conclusion by reading their discussion boards and watching their videos. They seem to be craftspeople who love finishes that bring out the beauty of the wood they have just worked. They are straightforward and non-defensive. They are on the side of their customers.

I confirmed this minutes ago by calling customer support with a question and talking with a couple of folks there. Our third coat wasn’t drying. They told me what to do about it (dry it) and reassured me that this is in fact a sign that the wood has been saturated. Now we just have to walk carefully on it for a month until it’s fully set.

Could I be wrong about the people and the company? Absolutely. I’m wrong about most things. Maybe they’ll turn out to be the robotic face of a Big Tung, a mega-corporation peddling relabeled motor oil drained from Chernobyl. But I will have at least been fooled for the right reasons.

And that counts for a lot.

The post Tung oil from a good vendor appeared first on Joho the Blog.

by davidw at February 01, 2016 11:27 PM

Rey Junco
Reflections on my vacation from technology
Photo by Amélien Bayle

Photo by Amélien Bayle

As you may have guessed, my vacation is over. I survived. I endured another winter break away from technology. Did I miss an important email? Yup, I certainly did. Although one can ponder what “important” actually means in this case. You know those important emails pertaining to life/death situations? Yeah, that never happens. So while it was stressful to think about deleting all of my emails while I was away, all of my work was still intact, waiting for me right where I left it. The wonderful part? No stressful email backlog. And you know what else? Every time I take a break from technology, it gets a little easier. After day one, I no longer felt my phone tugging at me in the background. I was able to fully enjoy every moment that I spent with my son. We even saw Star Wars spoiler-free thanks to my avoidance of social media!

It was a proper break. It was relaxing. I was centered and calm. I slept well. When I got back, I had to hit the ground running because it was the week before the semester started. I lamented having to “come back to technology” and wished I could have taken a break for longer. The Iowa State College of Human Sciences even did a story about it.

As those of you who follow my work know, I believe in the social benefits of technology. However, it is important to understand how technology affects you and your workflow. I’ve found what works for me. Twice a year, I deactivate my Facebook account, ignore my Twitter and my Instagram, empty my inbox, and turn off all distractions. And every time I do this, I come back feeling recharged, refocused, and ready to tackle a new semester (yeah, my students think I’m nuts because of how excited I am to teach stats and methodology).

So take a vacation, a real vacation. You’ve earned it.

P.S. Stay tuned for some new publications/projects from my newly-formed research lab. Also, keep your eye out for the unveiling of our lab website

by reyjunco at February 01, 2016 09:27 PM

Bruce Schneier
NSA and GCHQ Hacked Israeli Drone Feeds

The NSA and GCHQ have successfully hacked Israel's drones, according to the Snowden documents. The story is being reported by the Intercept and Der Spiegel. The Times of Israel has more.

by Bruce Schneier at February 01, 2016 08:27 PM

Berkman Center front page
Reconciling Perspectives: New Report Reframes Encryption Debate


The Berklett Cybersecurity Project of the Berkman Center for Internet & Society at Harvard University is pleased to announce the publication of a new report entitled “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” The report examines the high-profile debate around government access to encryption, and offers a new perspective gleaned from the discussion, debate, and analyses of an exceptional and diverse group of security and policy experts from academia, civil society, the private sector, and the U.S. intelligence community.

Thumbnail Image: 

The Berklett Cybersecurity Project of the Berkman Center for Internet & Society at Harvard University is pleased to announce the publication of a new report entitled “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” The report examines the high-profile debate around government access to encryption, and offers a new perspective gleaned from the discussion, debate, and analyses of an exceptional and diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community.

“Many conversations on sensitive subjects of technology and security are productive because they’re among people who already agree,” said Prof. Jonathan Zittrain, faculty chair of the Berkman Center. “The aim of this project is to bring together people who come from very different starting points and roles, and who very rarely have a chance to speak frankly with one another. We want to come away with some common insights that could help push the discussion into some new territory.”

The report takes issue with the usual framing of the encryption debate and offers context and insights that widen the scope of the conversation to more accurately reflect the surveillance landscape both now and in the future.

“In this report, we’re questioning whether the ‘going dark’ metaphor used by the FBI and other government officials fully describes the future of the government’s capacity to access communications,” said Berkman Center fellow Bruce Schneier. “We think it doesn’t. While it may be true that there are pockets of dimness, there other areas where communications and information are actually becoming more illuminated, opening up more vectors for surveillance.”

“There’s no question that the use of encryption impedes government surveillance of terrorists and criminals,” said Matthew Olsen, former Director of the National Counterterrorism Center. “And we take seriously the concerns of the FBI and others about encryption. We looked forward to consider the overall trajectory of technology and surveillance, and identified points of consensus about the government’s ability to collect information necessary to protect the public.”

Set within the recent implementation of encryption by various companies and the recent history of the government’s increasing concerns, the report outlines how market forces and commercial interests as well as the increasing prevalence of networked sensors in machines and everyday appliances point to a future with more opportunities for surveillance, not less.

The group and report’s signatories include high-profile individuals who bring a spectrum of perspectives to the table. “The sign-on from this set of participants is unique. These are people who were likely to disagree about many things in the debate, and yet we found common ground,” said Senior Researcher David O’Brien.

About the Berklett Cybersecurity Project

The Berkman Center for Internet & Society’s Berklett Cybersecurity Project convenes a diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community to explore and evaluate the roles and responsibilities of the U.S. government in promoting cybersecurity. This group is examining a wide range of topics including, among others, the ongoing encryption debate, public-private information sharing, and responsible disclosures of software vulnerabilities.

The project is led by Professor Jonathan Zittrain, former National Counterterrorism Center Director Matthew Olsen, and cryptographer and civil liberties author Bruce Schneier. The name “Berklett” is a portmanteau of “Berkman” and “Hewlett,” as in the William and Flora Hewlett Foundation, which generously supports the effort. More information at


by tlin at February 01, 2016 02:17 AM

January 31, 2016

Berkman Center front page
Don't Panic: Making Progress on the "Going Dark" Debate


This report from the Berkman Center's Berklett Cybersecurity Project offers a new perspective on the "going dark" debate from the discussion, debate, and analyses of an unprecendentedly diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community.

Publication Date

1 Feb 2016

Thumbnail Image: 

This report from the Berkman Center's Berklett Cybersecurity Project offers a new perspective on the "going dark" debate from the discussion, debate, and analyses of an unprecedentedly diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community.

The Berklett group took up some of the questions of surveillance and encryption as some companies are encrypting services by default, making their customers' messages accessible only to the customers themselves. The report outlines how market forces and commercial interest as the increasing prevalence of networked sensors in machines and appliances point to a future with more opportunities for surveillance, not less.


Foreward to the Report

Just over a year ago, with support from the William and Flora Hewlett Foundation, the Berkman Center for Internet & Society at Harvard University convened a diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community to begin to work through some of the particularly vexing and enduring problems of surveillance and cybersecurity.

The group came together understanding that there has been no shortage of debate. Our goals were to foster a straightforward, non-talking-point exchange among people who do not normally have a chance to engage with each other and then to contribute in meaningful and concrete ways to the discourse on these issues.

A public debate unfolded alongside our meetings: the claims and questions around the government finding a landscape that is “going dark” due to new forms of encryption introduced into mainstream consumer products and services by the companies who offer them. We have sought to distill our conversations and some conclusions in this report. The participants in our group who have signed on to the report, as listed on the following page, endorse “the general viewpoints and judgments reached by the group, though not necessarily every finding and recommendation.” In addition to endorsing the report, some signatories elected to individually write brief statements, which appear in Appendix A of the report and also as individual posts on, written by Jonathan Zittrain, Bruce Schneier, and Susan Landau.

Our participants who are currently employed full-time by government agencies are precluded from signing on because of their employment, and nothing can or should be inferred about their views from the contents of the report. We simply thank them for contributing to the group discussions.


Findings of the Report

In this report, we question whether the “going dark” metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not. The question we explore is the significance of this lack of access to communications for legitimate government interests. We argue that communications in the future will neither be eclipsed into darkness nor illuminated without shadow.

In short our findings are:

  • End-to-end encryption and other technological architectures for obscuring user data are unlikely to be adopted ubiquitously by companies, because the majority of businesses that provide communications services rely on access to user data for revenue streams and product functionality, including user data recovery should a password be forgotten.
  • Software ecosystems tend to be fragmented. In order for encryption to become both widespread and comprehensive, far more coordination and standardization than currently exists would be required.
  • Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.
  • Metadata is not encrypted, and the vast majority is likely to remain so. This is data that needs to stay unencrypted in order for the systems to operate: location data from cell phones and other devices, telephone calling records, header information in e-mail, and so on. This information provides an enormous amount of surveillance data that widespread.
  • These trends raise novel questions about how we will protect individual privacy and security in the future. Today’s debate is important, but for all its efforts to take account of technological trends, it is largely taking place without reference to the full picture.


About the Berklett Cybersecurity Project

The Berkman Center for Internet & Society’s Berklett Cybersecurity project convenes a diverse group of security and policy experts from academia, civil society, and the U.S. intelligence community to explore and evaluate the roles and responsibilities of the U.S. government in promoting cybersecurity. This group is examining a wide range of topics including, among others, the ongoing encryption debate, public-private information sharing, and responsible disclosures of software vulnerabilities.

The project is led by Professor Jonathan Zittrain, former National Counterterrorism Center Director Matthew Olsen, and cryptographer and civil liberties author Bruce Schneier. The name “Berklett” is a portmanteau of “Berkman” and “Hewlett,” as in the William and Flora Hewlett Foundation, which generously supports the effort. More information at

Berklett Cybersecurity Project Members

  • John DeLong *
  • Urs Gasser
  • Hon. Nancy Gertner (ret.)
  • Jack Goldsmith
  • Susan Landau
  • Anne Neuberger *
  • Joseph Nye
  • David R. O’Brien
  • Matthew G. Olsen
  • Daphna Renan
  • Julian Sanchez
  • Bruce Schneier
  • Larry Schwartztol
  • Jonathan Zittrain

* Our participants who are currently employed full-time by government agencies are precluded from signing on because of their employment, and nothing can or should be inferred about their views from the contents of the report. We simply thank them for contributing to the group discussions.


by tlin at January 31, 2016 08:08 PM

Ethan Zuckerman
Update, or a missing person report

I just received a kind inquiry via email from a reader who wondered what had happened to this blog.

It’s a fair question.

It’s been a challenging few months, professionally and personally, and I’ve been less productive than I would have liked. I’ve also found that I’ve written much less since I started teaching at MIT. I’m a slow writer – posts here that aren’t transcriptions of other people’s talks are usually the result of a couple hours research and 3-4 hours writing… and there just aren’t a lot of days in my calendar that have 4-6 free hours available. I miss being able to write as much as I used to, but I’m enjoying other aspects of my life: teaching, advising, collaborating with students and staff.

So here’s the plan going forward: I’ve got a bunch of pieces I hope to write in the next few weeks. Most will be published in three places – here, on (where they’ll have bonus images and links) and on Medium, using IFTTT to syndicate my RSS feed to my Medium account. (Hat tip to Dave Winer for tipping me off to this trick – a good recipe exists here – and for putting forth the argument that everyone should have multiple places to publish their content, rather than locking themselves into a single platform.

In the mean time, here’s a piece I wrote recently for The Guardian on advertising and surveillance. And if you really miss me, here’s a brief interview I did with the Beta Boston section of the Boston Globe, talking about my media diet and about the writing cabin I’ve been building.

by Ethan at January 31, 2016 06:42 PM

January 30, 2016

Bruce Schneier
Integrity and Availability Threats

Cyberthreats are changing. We're worried about hackers crashing airplanes by hacking into computer networks. We're worried about hackers remotely disabling cars. We're worried about manipulated counts from electronic voting booths, remote murder through hacked medical devices and someone hacking an Internet thermostat to turn off the heat and freeze the pipes.

The traditional academic way of thinking about information security is as a triad: confidentiality, integrity, and availability. For years, the security industry has been trying to prevent data theft. Stolen data is used for identity theft and other frauds. It can be embarrassing, as in the Ashley Madison breach. It can be damaging, as in the Sony data theft. It can even be a national security threat, as in the case of the Office of Personal Management data breach. These are all breaches of privacy and confidentiality.

As bad as these threats are, they seem abstract. It's been hard to craft public policy around them. But this is all changing. Threats to integrity and availability are much more visceral and much more devastating. And they will spur legislative action in a way that privacy risks never have.

Take one example: driverless cars and smart roads.

We're heading toward a world where driverless cars will automatically communicate with each other and the roads, automatically taking us where we need to go safely and efficiently. The confidentiality threats are real: Someone who can eavesdrop on those communications can learn where the cars are going and maybe who is inside them. But the integrity threats are much worse.

Someone who can feed the cars false information can potentially cause them to crash into each other or nearby walls. Someone could also disable your car so it can't start. Or worse, disable the entire system so that no one's car can start.

This new rise in integrity and availability threats is a result of the Internet of Things. The objects we own and interact with will all become computerized and on the Internet. It's actually more complicated.

What I'm calling the "World Sized Web" is a combination of these Internet-enabled things, cloud computing, mobile computing and the pervasiveness that comes from these systems being always on all the time. Together this means that computers and networks will be much more embedded in our daily lives. Yes, there will be more need for confidentiality, but there is a newfound need to ensure that these systems can't be subverted to do real damage.

It's one thing if your smart door lock can be eavesdropped to know who is home. It's another thing entirely if it can be hacked to prevent you from opening your door or allowing a burglar to open the door.

In separate testimonies before different House and Senate committees last year, both the Director of National Intelligence James Clapper and NSA Director Mike Rogers warned of these threats. They both consider them far larger and more important than the confidentiality threat and believe that we are vulnerable to attack.

And once the attacks start doing real damage -- once someone dies from a hacked car or medical device, or an entire city's 911 services go down for a day -- there will be a real outcry to do something.

Congress will be forced to act. They might authorize more surveillance. They might authorize more government involvement in private-sector cybersecurity. They might try to ban certain technologies or certain uses. The results won't be well-thought-out, and they probably won't mitigate the actual risks. If we're lucky, they won't cause even more problems.

I worry that we're rushing headlong into the World-Sized Web, and not paying enough attention to the new threats that it brings with it. Again and again, we've tried to retrofit security in after the fact.

It would be nice if we could do it right from the beginning this time. That's going to take foresight and planning. The Obama administration just proposed spending $4 billion to advance the engineering of driverless cars.

How about focusing some of that money on the integrity and availability threats from that and similar technologies?

This essay previously appeared on

by Bruce Schneier at January 30, 2016 06:38 PM

Kendra Albert
An Optimistic Review of Crypto: Someday Steven Levy Will Be Able to Write about Women

Steven Levy can write compellingly about deeply technical subjects. He makes the history of cryptography come alive in Crypto. But god, I hate the way he writes about women.

To be fair, Crypto is better than Hackers in that there is more than one mention of a woman in the entire book. But women in his writing are still “diminutive” (a word likely never before or since used to described Cindy Cohn) (301), “diminutive” and “benign as Betty Crocker,” (describing Dorothy Denning, 249). They are nearly always meant to provide texture to the men around them, not to be examined as humans in their own right. The popularity of crypto is illustrated by a sex worker recognizing Phil Zimmerman’s name, nevermind that, of course, sex workers care about the security of their communications (289). That’s even true when the men aren’t part of the story. Maria Cantwell’s stature is apparently not relevant to her effort to oppose export controls, but her father who isn’t a character is - she’s described as the “daughter of a Wisconsin politician.” (264)  

The woman who were dating or married to the main characters are even worse off. Take, for example, this description of Jim Bidzos, the successful marketer of RSA. “His journals from the seventies are permeated with notations about this woman or that. Still in his late twenties, he was living a Hugh Hefner–esque bachelor existence.” On the next page, he meets a young woman that he “sensed might be the one.” But what happens next?

“But when he finally cut the cord at Paradyne [the company he had been working at] and began a global marketing firm with some friends, his girlfriend uttered the words every confirmed bachelor dreaded: it’s now or never. She felt that if they didn’t marry, this new venture would take him away. Ever the deal maker, Bidzos chafed at being handed an ultimatum. It would be submitting to her terms. He would never get married under pressure, even to a woman he loved. So it was over. His girlfriend had been right about the lifestyle…” (139).

His girlfriend (we don’t learn her name) serves a prop in a story about leaving a company - to show how much of deal-maker he is. Likewise, Mary Fisher, who Levy clearly interviewed extensively, is used as a way to introduce the reader to Whit Diffie and his personality. She’s his “cryptographic muse,” (25). (One of the first interactions the book chronicles is how he mansplained her about keeping exotic animals. But the behavior is excused as “she hasn’t yet cracked his code.”) Even how Mary told Diffie (who would later go on to be her husband) to treat her like a human is framed in terms of his reaction.

“Mary began to reconsider her initial repulsion to Diffie. But, in his failure to decode her, he seemed generally oblivious to her. On his visits he interacted only with the man of the house. After Mary and her husband moved to New Jersey, where he started veterinary school, she would sometimes pick up the ringing phone and hear Diffie’s cuttingly precise voice brusquely ask for her spouse, as if she were an answering service. One day she made her feelings plain. “Look,” she said, “I understand I’m not as bright as you and some of your friends, and I understand your friendship is primarily with my husband. But I don’t really think it would kill you to say hello.” The message got through. Diffie’s demeanor toward Mary dramatically improved, and she was not just startled but saddened when one day in 1971 he told her that he was going to travel for a while.” (4). 

If they are not visibly dating someone important to the story, their technical credentials are ignored or downplayed. Levy describes Susan Landau as an “academic researching crypto policy” (168), but in fact, she was originally trained as theoretical computer scientist. Whit Diffie has a girlfriend who worked on an ARPAnet team, but we don’t find out anything about her or what she did (25). Elizabeth Friedman, the first female cryptanalyst, is described as the wife of William Friedman. (33). 

It’s infuriating. It encourages the reader to discount any woman who shows up in the story, because clearly their behavior is only relevant in so far as it gives us information about the men, the main characters. There are opportunities to feature technical women, or to tell us stories about people who are not Rivest, Shamir, or Adleman or Diffie or Hellman. But rather, we get the reactions of someone’s wife or girlfriend as a poor substitute. Gender is the most obvious axis in which this marginalization happens in this book, but I’m certain that this also occurs in race  - it’s just less obvious because the reader isn’t tipped off by pronouns.

The story Levy has told does not have a main female character. That constraint comes from history. But that is no excuse for discounting, marginalizing, and/or framing in terms of men the women who were actually there. It’s sloppy. And although it may have been more mainstream in 2001, I expect better now.

January 30, 2016 03:17 PM

January 29, 2016

Bruce Schneier
Friday Squid Blogging: Polynesian Squid Hook

From 1909, for squid fishing.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at January 29, 2016 10:23 PM

Berkman Center front page
Media Cloud is Hiring a New Technical Lead


The Media Cloud project ( is seeking a technical lead to help us build tools that facilitate research about the role of digital media in civic discourse. Media Cloud is an open source and open data project that produces its own research about the networked public sphere and also facilitates others' research about online media by making available to the public its existing archive of more than 365 million stories and by collecting more than 300,000 new stories daily.

The Media Cloud project ( is seeking a technical lead to help us build tools that facilitate research about the role of digital media in civic discourse. This position will be a joint position between the Berkman Center and the Center for Civic Media at MIT, and the application process is managed through MIT.  Interested applicants should submit a resume and cover letter referencing job no. 13129 at; keyword is Media Laboratory.

Media Cloud is an open source and open data project that produces its own research about the networked public sphere and also facilitates others' research about online media by making available to the public its existing archive of more than 365 million stories and by collecting more than 300,000 new stories daily. The technical lead will drive all technical aspects of the project, working with the principal research scientist that leads the research team to plan, design, build, and run all levels of the project's platform -- back end tools that collect and archive the platform's data, researcher tools that enable analysis of that data, and front end tools that expose the data and analysis to the public. This is a unique opportunity to both shape the concept and contribute to the hands-on development of tools.

Media Cloud is a joint project between the Center for Civic Media at MIT and the Berkman Center for Internet & Society at Harvard University. The position will be based at the Center for Civic Media, but the technical lead will work closely with members of the team from both centers. The project is funded by human rights foundations, for whom we produce both the open platform and research that helps them making decisions about how best to influence online civic conversations about democracy, activism, and health.

We are a diverse team of researchers and technologists who love to wrestle with hard questions about online media by using a combination of social, computer, and data sciences. The ideal candidate will work well with all members of the team, from the principal research scientist to junior developers, and will thrive in an academic atmosphere that encourages constant questioning and validation at all levels of the platform and of our research products.

Much of our substantive work focuses on issues of gender, race, and globalization. We strongly encourage women, people of color, and people of any sexual identity to apply.

The job is based in Cambridge, MA, but much of our team is distributed around the world. We are open to flexible onsite working arrangements.

This is a one-year appointment with the possibility of extension.

Principal Duties and Responsibilities (Essential Functions):

  • Work alongside researchers as a senior member of the project to establish technical vision for the project;
  • Develop technical roadmap to meet research needs and complete grant deliverables;
  • Lead team of developers, designers, and system administrators in implementing technical roadmap;
  • Maintain, upgrade, and build systems within a large, existing codebase ( to collect, archive, and analyze content from online media;
  • Lead technical team in writing code to scale systems to handle ever-expanding data requirements;
  • Manage and coordinate independent contractors.

Required Qualifications:

  • Bachelor’s degree, preferably in computer science or data science-related field;
  • At least three years’ experience working in a technical leadership position and at least five years’ experience working as a software engineer or combined experience with advanced degree;
  • Passion for solving difficult engineering and data problems;
  • Demonstrated ability to design, build, test, and deploy robust code;
  • Demonstrated ability to work as a leader within a diverse team and iterate quickly through prototypes;
  • Demonstrated ability to use data to validate architectural decisions using data;
  • Programming fluency -- Perl, Python, and Javascript are ideal but other languages are fine;
  • Experience writing, maintaining, and optimizing SQL queries against large databases;
  • Experience scaling platforms to handle large data sets.

Preferred Qualifications:

  • Experience writing web crawlers;
  • Experience working with Postgres and Solr/Lucene;
  • Knowledge and interest in social sciences;
  • Experience and interest in working on issues related to democracy, gender, race, health, and globalization;
  • Experience as a data scientist;
  • Experience working on projects investigating online media.

Interested applicants should submit a resume and cover letter referencing job no. 13129 at; keyword is Media Laboratory.

by ashar at January 29, 2016 07:40 PM

Center for Research on Computation and Society (Harvard SEAS)
Ethics, Engineers, and Emissions: A multifaceted look at the VW incident


Harvard Law School's Langdell South, Room 272, Kirkland and Ellis Hall

Both Harvard's Center for Research on Computation and Society and Harvard's Institute for Applied Computational Science are excited to announce that we will be hosting a panel titled, "Ethics, Engineers, and Emissions: A multifaceted look at the VW incident" on Monday, March 28, 2016 from 7:30-9:30PM in …

by kmavon at January 29, 2016 05:31 PM

January 28, 2016

David Weinberger
Keep the Web unbroken, with Amber

When sites go down, they don’t take the links to them with them. So, your posts now point to 404s. That’s not just an inconvenience. It’s Web entropy and over time it will render the Web less and less useful and even less intelligible.

Amber fights Web entropy. It’s a plugin for WordPress or Drupal that automatically takes a snapshot of whatever you’re linking to. If the linked site goes down — or is taken down by a government that doesn’t like what it’s saying — your readers will still be able to read what was there when you linked to it.

For example, this is a page that I posted and then took down. It was here: It’s not there now. But if you hover over the link, Amber shows you what you’d otherwise be missing.

Amber’s pedigree literally could not be better. It’s a project from the Berkman Center, from an idea cooked up by Jonathan Zittrain and Tim Berners-Lee. It is a fully distributed system, thus helping to re-decentralize the Web, although you can opt to store the page images at sites like the Internet Archive,, and Amazon AWS.

What are you waiting for?



If you install Amber and it’s not working, make sure that you’ve created a folder called “amber” in your WordPress “uploads” directory: /wp-content/uploads/amber.

The post Keep the Web unbroken, with Amber appeared first on Joho the Blog.

by davidw at January 28, 2016 03:35 PM

Berkman Center front page
Harvard University’s Berkman Center Releases Amber, a “Mutual Aid” Tool for Bloggers & Website Owners to Help Keep the Web Available


The Berkman Center for Internet & Society at Harvard University is pleased to release Amber, a free software tool for WordPress and Drupal that preserves content and prevents broken links. When installed on a blog or website, Amber can take a snapshot of the content of every linked page, ensuring that even if those pages are interfered with or blocked, the original content will be available.

Thumbnail Image: 

The Berkman Center for Internet & Society at Harvard University is pleased to release Amber, a free software tool for WordPress and Drupal that preserves content and prevents broken links. When installed on a blog or website, Amber can take a snapshot of the content of every linked page, ensuring that even if those pages are interfered with or blocked, the original content will be available.

“The Web’s decentralization is one of its strongest features,” said Jonathan Zittrain, Faculty Chair of the Berkman Center and George Bemis Professor of International Law at Harvard Law School. “But it also means that attempting to follow a link might not work for any number of reasons. Amber harnesses the distributed resources of the Web to safeguard it. By allowing a form of mutual assistance among Web sites, we can together ensure that information placed online can remain there, even amidst denial of service attacks or broad-based attempts at censorship.”

The release of Amber builds on an earlier proposal from Zittrain and Sir Tim Berners-Lee for a “mutual aid treaty for the Internet” that would enable operators of websites to easily bolster the robustness of the entire web. It also aims to mitigate risks associated with increasing centralization of online content. Increasingly fewer entities host information online, creating choke points that can restrict access to web content. Amber addresses this by enabling the storage of snapshots via multiple archiving services, such as the Internet Archive’s Wayback Machine and

Amber is useful for any organization or individual that has an interest in preserving the content to which their website links. In addition to news outlets, fact-checking organizations, journalists, researchers, and independent bloggers, human rights curators and political activists could also benefit from using Amber to preserve web links. The launch is the result of a multi-year research effort funded by the U.S. Agency for International Development and the Department of State.

“We hope supporters of free expression may use Amber to rebroadcast web content in a manner that aids against targeted censorship of the original web source,” said Geneve Campbell, Amber’s technical project manager. “The more routes we provide to information, the more all people can freely share that information, even in the face of filtering or blockages.”

Amber is one of a suite of initiatives of the Berkman Center focused on preserving access to information. Other projects include Internet Monitor, which aims to evaluate, describe, and summarize the means, mechanisms, and extent of Internet content controls and Internet activity around the world; Lumen, an independent research project collecting and analyzing requests for removal of online content; and Herdict, a tool that collects and disseminates real-­time, crowdsourced information about Internet filtering, denial of service attacks, and other blockages. It also extends the mission of, a project of the Library Innovation Lab at the Harvard Law School Library. is a service that helps scholars, courts and others create web citation links that will never break.

Amber is now available for sites that run on or Drupal. Find out more and download the plugin at


by gweber at January 28, 2016 01:05 PM

Bruce Schneier
Psychological Model of Selfishness

This is interesting:

Game theory decision-making is based entirely on reason, but humans don't always behave rationally. David Rand, assistant professor of psychology, economics, cognitive science, and management at Yale University, and psychology doctoral student Adam Bear incorporated theories on intuition into their model, allowing agents to make a decision either based on instinct or rational deliberation.

In the model, there are multiple games of prisoners dilemma. But while some have the standard set-up, others introduce punishment for those who refuse to cooperate with a willing partner. Rand and Bear found that agents who went through many games with repercussions for selfishness became instinctively cooperative, though they could override their instinct to behave selfishly in cases where it made sense to do so.

However, those who became instinctively selfish were far less flexible. Even in situations where refusing to cooperate was punished, they would not then deliberate and rationally choose to cooperate instead.

The paper:

Abstract: Humans often cooperate with strangers, despite the costs involved. A long tradition of theoretical modeling has sought ultimate evolutionary explanations for this seemingly altruistic behavior. More recently, an entirely separate body of experimental work has begun to investigate cooperation's proximate cognitive underpinnings using a dual-process framework: Is deliberative self-control necessary to reign in selfish impulses, or does self-interested deliberation restrain an intuitive desire to cooperate? Integrating these ultimate and proximate approaches, we introduce dual-process cognition into a formal game-theoretic model of the evolution of cooperation. Agents play prisoner's dilemma games, some of which are one-shot and others of which involve reciprocity. They can either respond by using a generalized intuition, which is not sensitive to whether the game is one-shot or reciprocal, or pay a (stochastically varying) cost to deliberate and tailor their strategy to the type of game they are facing. We find that, depending on the level of reciprocity and assortment, selection favors one of two strategies: intuitive defectors who never deliberate, or dual-process agents who intuitively cooperate but sometimes use deliberation to defect in one-shot games. Critically, selection never favors agents who use deliberation to override selfish impulses: Deliberation only serves to undermine cooperation with strangers. Thus, by introducing a formal theoretical framework for exploring cooperation through a dual-process lens, we provide a clear answer regarding the role of deliberation in cooperation based on evolutionary modeling, help to organize a growing body of sometimes-conflicting empirical results, and shed light on the nature of human cognition and social decision making.

Very much in line with what I wrote in Liars and Outliers.

by Bruce Schneier at January 28, 2016 12:18 PM

January 27, 2016

Bruce Schneier
Horrible Story of Digital Harassment

This is just awful.

Their troll -- or trolls, as the case may be -- have harassed Paul and Amy in nearly every way imaginable. Bomb threats have been made under their names. Police cars and fire trucks have arrived at their house in the middle of the night to respond to fake hostage calls. Their email and social media accounts have been hacked, and used to bring ruin to their social lives. They've lost jobs, friends, and relationships. They've developed chronic anxiety and other psychological problems. More than once, they described their lives as having been "ruined" by their mystery tormenter.

We need to figure out how to identify perpetrators like this without destroying Internet privacy in the process.

EDITED TO ADD: One of the important points is the international nature of many of these cases. Even once the attackers are identified, the existing legal system isn't adequate for shutting them down.

by Bruce Schneier at January 27, 2016 07:34 PM

January 26, 2016

Berkman Center front page
Civic Technology and Community Science: building a model for public participation in environmental decision-making processes


with Berkman Fellow, Shannon Dosemagen


Building on civic technology and grassroots community science methods, we’ll examine how open, online communities can support the goals of local groups as they engage with environmental decision-making processes that affect their communities.

Parent Event

Berkman Luncheon Series

Event Date

Jan 26 2016 12:00pm to Jan 26 2016 12:00pm
Thumbnail Image: 

Tuesday, January 26, 2016
Berkman Center for Internet & Society at Harvard
23 Everett Street, Second Floor, Cambridge, MA  02138

Public Lab is an open community developing and using civic technologies to support the pursuance of community-defined questions and concerns. Public Lab introduces a model that incorporates open source R&D practices including transparent collaboration and iterative design, along with deliberative democratic governance, and practitioner empowerment through critical making. Community science can enable people to collect, interpret, and apply their own data to effect local change or participate in broader environmental research and decision-making. 

We’ve conceptualized a tiered approach to project development, delineated by the scope of community objectives and the role of science in achieving those objectives. Examples of Public Lab projects from each tier demonstrate the versatility of community science, and the potential opportunity for it to facilitate public participation in environmental decision-making on multiple levels. In this session, we’ll discuss how participatory online communities can strategically support hyper-local goals and help to scale the ability for replicable change in how the public engages with decision-making processes.

About Shannon

A founder of Public Lab, Shannon is based in New Orleans and Cambridge (MA) as Executive Director of the non-profit. With a background in community organizing and education, Shannon has worked with environment and public health groups across the United States addressing declining freshwater resources, coastal land loss and building participatory monitoring programs with communities neighboring industrial oil facilities and impacted by the BP oil spill. In her current work with Public Lab, Shannon seeks to infuse traditional organizing methods of the environmental sector with new media technologies and tools to create actionable outcomes. 

She has a MS in Anthropology and Nonprofit Management and has worked with nonprofits for over fifteen years. She is an Ashoka Fellow, a Senior Fellow of the Environmental Leadership Program a recipient of the Claneil Foundation Emerging Leaders Fund and a past Loyola University Institute for Environmental Communications Fellow. Shannon serves on advisory boards, councils or committees for the National Parks Conservation Association, World Economic Forum, Citizen Science Association, the Louisiana Public Health Institute Healthy Communities Coalition, and the Louisiana Bar Association.

About Public Lab

Public Lab is a community where you can learn how to investigate environmental concerns. Using inexpensive DIY techniques, we seek to change how people see the world in environmental, social, and political terms.



by candersen at January 26, 2016 05:00 PM

What’s in My Buds? Featuring Craig Newmark from craigslist

Craig Newmark is the founder of craigslist. He is a self-described nerd, web pioneer, speaker, philanthropist, and advocate of technology for the public good. Craig has had an illustrious career, but it’s not widely known that he’s also a longtime podcast enthusiast, and a Radiotopia lover. When we dropped him an email, Craig told us, “I love the written word, and hearing it performed across areas that fascinate me. That includes storytelling, history, and comedy. With podcasts, I get to enjoy whenever I like.”

Photo credit: Bleacher+Everard

We talked to Craig about some of his favorites.

What is your go-to podcast and why?
That’d be a combination of WTF with Marc Maron, Judge John Hodgman, and Welcome to Nightvale. That included The Thrilling Adventure Hour [now sunsetted]; I miss it a lot.

All very smart, funny, and articulate.

What show do you fall asleep to?
Most often it’s WTF; it depends on what’s newly available, and my mood.

What show do you wake up to?
I might complete what I had been listening to while sleeping, but then I go to either NPR One, or the local streams from KQED, WNYC, or WAMU, depending on where I am.

What is your favorite listening environment?
In bed, or walking to work.

What show do you rave to your friends about?
WTF, Welcome to Nightvale, The History of English, The History of Rome, The Thrilling Adventure Hour. Those are what come up in conversation.

How would you describe a podcast to a six-year-old?
It’s people talking, like radio, whenever you feel like listening. (Not sure if six-year-olds know what radio is).

Who is your favorite podcast personality?
A combination of Cecil Baldwin, Marc Maron, John Hodgman, Mike Duncan.

Some of Craig’s favorites

If you were to start your own podcast what would the subject be?
Maybe what being a 1950’s, old-school nerd is about, but that subject is limited.

What is a podcast that doesn’t currently exist that you think should?
I need something that I enjoyed as much as The Thrilling Adventure Hour or The Bugle.

If you’re not listening to a podcast, what do you put on to listen to?
Mostly NPR One, or the local streams from KQED, WNYC, or WAMU, depending on where I am.





The post What’s in My Buds? Featuring Craig Newmark from craigslist appeared first on PRX.

by Maggie Taylor at January 26, 2016 04:46 PM

David Weinberger
Oscars.JSON. Bad, bad JSON

Because I don’t actually enjoy watching football, during the Pats vs. Broncs game on Sunday I transposed the Oscar™ nominations into a JSON file. I did this very badly, but I did it. If you look at it, you’ll see just how badly I misunderstand JSON on some really basic levels.

But I posted it at GitHub™ where you can fix it if you care enough.

Why JSON™? Because it’s an easy format for inputting data into JavaScript™ or many other languages. It’s also human-readable, if you have a good brain for indents. (This is very different from having many indents in your brain, which is one reason I don’t particularly like to watch football™, even with the helmets and rules, etc.)

Anyway, JSON puts data into key:value™ pairs, and lets you nest them into sets. So, you might have a keyword such as “category” that would have values such as “Best Picture™” and “Supporting Actress™.” Within a category you might have a set of keywords such as “film_title” and “person” with the appropriate keywords.

JSON is such a popular way of packaging up data for transport over the Web™ that many (most? all?) major languages have built-in functions for transmuting it into data that the language can easily navigate.

So, why bother putting the Oscar™ nomination info into JSON? In case someone wants to write an app that uses that info. For example, if you wanted to create your own Oscar™ score sheet or, to be honest, entry tickets for your office pool, you could write a little script and output it exactly as you’d like. (Or you could just google™ for someone else’s Oscar™ pool sheet.) (I also posted a terrible little PHP script™ that does just that.)

So, a pointless™ exercise™ in truly terrible JSON design™. You’re welcome™!

The post Oscars.JSON. Bad, bad JSON appeared first on Joho the Blog.

by davidw at January 26, 2016 03:26 PM

January 25, 2016

Berkman Center front page
Digital Literacy Resource Platform Goes Live


The Berkman Center and Youth and Media are pleased to announce the launch of the Digital Literacy Resource Platform (DLRP), a new online platform we have designed and incubated as part of the Digital Media and Learning (DML) Trust Challenge grant, in collaboration with the MIT Media Lab’s Lifelong Kindergarten, New York Public Library, Press Pass TV, NuVu, the Engagement Lab, and Walnut Hill School.

Thumbnail Image: 

The Berkman Center and Youth and Media are pleased to announce the launch of the Digital Literacy Resource Platform (DLRP), a new online platform we have designed and incubated as part of the Digital Media and Learning (DML) Trust Challenge grant, in collaboration with the MIT Media Lab’s Lifelong Kindergarten, New York Public Library, Press Pass TV, NuVu, the Engagement Lab, and Walnut Hill School.

DLRP is an evolving collection of freely accessible resources (e.g. infographics, curricula, guides, and papers) about online safety, privacy, creative expression, and information quality. These resources can help users navigate connected learning environments and the digital world. The platform is intended to be used by a diverse audience of teachers, school administrators, parents, and youth.

Our resources act as tools that help users make better choices online by encouraging positive uses of networked technologies and the development of successful strategies to minimize and manage online risks. These guides, lesson plans, videos, research papers, and other open educational resources empower a diverse audience of teachers, school administrators, parents, and youth with the knowledge and skills for participating, navigating, and learning in the digital world. Currently, all of the tools on the DLRP have been created by the Berkman Center. We are working with our network collaborators to identify and include additional resources.

We invite you to visit the DLRP, find the tools that you need, and use them at school, home, libraries, after-school activities, and with friends. You may also remix, transform, and build upon these resources in accordance with the respective license under which each are released.

While we continue working on the design of the DLRP, creating, and curating new resources, we'd be delighted to get your feedback. Please let us know if the tools and the platform are helpful to you, and how we can improve them. You can contact us at

About Youth and Media
Youth and Media encompasses an array of research, advocacy, and development initiatives around youth and digital technology. Located at the Berkman Center for Internet & Society, Youth and Media draws on the knowledge of and experience with various interdisciplinary backgrounds, including psychology, ethnography, sociology, education, media theory, and the law. Through these combined approaches, Youth and Media centers the voices and experiences of youth to research and cultivate the creative, educational, and revolutionary possibilities of youth activity in digital space while addressing the genuine concerns that come with living life online. (

by gweber at January 25, 2016 07:30 PM

Eszter Hargittai
In praise of unconferences

Depending on your profession, you likely go to conferences regularly, anywhere from annually to every few months. One aspect of conferences is that they are relatively predictable. They usually have a set schedule that is known to attendees ahead of time. While there may be the occasional session that surprises or an unusual hallway conversation that is unexpected, these are rare. So what if you want to be surprised? Where can you go if you want to be pushed out of your comfort zone? What is a good venue for learning about something far afield from your expertise? Cue a well-organized unconference.

Unconferences are meetings that don’t have a set agenda until participants show up and create one. There is a structure to the timing of sessions, but attendees fill up the grid with whatever topic they deem of interest for a session at the beginning of the in-person meeting. Then participants decide which sessions they want to attend. And if it turns out that they are not enjoying where they are, the law of two feet means that they are welcomed to get up and leave to find another group or activity.

For the past several years, I have had the great pleasure of attending ORDCamp, an unconference held in Chicago in January made up of some extremely creative people (many of whom are from the area, but a good chunk of whom fly in from various parts of the US and beyond, in January to Chicago, yes). ORDCamp is the brainchild of Brian Fitzpatrick (former Googler, more recently founder and CTO of Tock) and Zach Kaplan (founder and CEO of Inventables). Attendance doesn’t cost anything to participants, but it is by invitation only. Google and Inventables have been footing the bill with lots of people and organizations pitching in to provide food, drinks, gadgets to try out, lots of supplies for various sessions, and an embarrassment of riches in the swag bag box.

ORDCamp 2016 was this Fri-Sat and it was the best one yet. About 300 attendees contributed with boundless energy dedicated to sharing passions and interests. I learned about and practiced drawing at a session led by the creator of Darth Vader and Son, Jeffrey Brown and the brains behind Shawnimals, Shawn Smith. I bonded with others who like to send snail mail in a session on “Keeping in touch/Snail mail” by the talented Jenna Blazevich of Vichcraft. I looked down at Chicagoland from space thanks to Google’s augmented reality tools assisted on the spot by Jon Wiley, Director of Immersive Design at Google. I tried out a relatively new party game app and brainstormed about ways to put it out in the App store with its creator Sandy Weisz, a master at games and puzzles. I created a tile with Carvey. I sampled fine chocolates from around the world thanks to the ORDCamp Chocolate Table. And I chatted with lots and lots of interesting people about topics ranging from getting girls excited about engineering to what makes a memorable walk.

I got to discuss existing hobbies and passions with others while learning about new ones. I got to be creative in very energizing ways. Don’t get me wrong, I like many aspects of my work very much, but it is invigorating to dedicate time to different creative undertakings with folks who are experts in and passionate about such a myriad of activities.

I can’t help but think that many people, including and perhaps especially academics, would benefit from such an unconference. These events are not easy to organize, of course. Both the financial costs and logistics are considerable in order to pull off a meeting as expertly as ORDCamp has been doing. But the benefits can be tremendous, to individuals, to organizations and to communities. Such a venue allows for people to find connections with others they did not know existed. It can inspire thinking across domains previously not in conversation. It can help people articulate thoughts and feelings (yes, sessions can be about all sorts of sensitive topics) that do not often have a helpful outlet.

If you have the opportunity to attend an unconference, I highly recommend doing so. But don’t forget, an unconference is very much what participants make it so be sure to bring your enthusiasm, interest, creativity, and passion to the event. Have you ever attended one? I’d love to hear about it.

by eszter at January 25, 2016 05:45 PM

Bruce Schneier
Shodan Lets You Browse Insecure Webcams

There's a lot out there:

The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores....

Slashdot thread.

by Bruce Schneier at January 25, 2016 12:25 PM

January 23, 2016

David Weinberger
Guns, Sarah Palin, and other hilarious stuff

My brother Andy points to a New Yorker humor post by John Quaintance about the original intent of the Second Amendment. It’s simultaneously hilarious and sad.

Then, in the righthand column there’s a link to an Andy Borowitz post with an Onion-esque title that I enjoyed:

Palin Blames Obama for Her Defeat in 2008 Election

And while we’re on the subject of terribly sad mirth, here’s Colbert’s hilarious impersonation of the First Hockey Mom’s rhetorical style / way of thinking:

The post Guns, Sarah Palin, and other hilarious stuff appeared first on Joho the Blog.

by davidw at January 23, 2016 03:13 PM

January 22, 2016

Bruce Schneier
Friday Squid Blogging: North Coast Squid

North Coast Squid is a local writing journal from Manzanita, Oregon. It's going to publish its fifth edition this year.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at January 22, 2016 10:19 PM

Justin Reich
Publishing and Sharing to Motivate Students and Inspire Teachers
What if educators felt the weight of the world waiting for their voice, and more importantly, their students' voices? This conversation addresses the barriers to publishing as well as the power of a public audience to motivate students.

by Beth Holland at January 22, 2016 09:19 PM

Bruce Schneier
UK Government Promoting Backdoor-Enabled Voice Encryption Protocol

The UK government is pushing something called the MIKEY-SAKKE protocol to secure voice. Basically, it's an identity-based system that necessarily requires a trusted key-distribution center. So key escrow is inherently built in, and there's no perfect forward secrecy. The only reasonable explanation for designing a protocol with these properties is third-party eavesdropping.

Steven Murdoch has explained the details. The upshot:

The design of MIKEY-SAKKE is motivated by the desire to allow undetectable and unauditable mass surveillance, which may be a requirement in exceptional scenarios such as within government departments processing classified information. However, in the vast majority of cases the properties that MIKEY-SAKKE offers are actively harmful for security. It creates a vulnerable single point of failure, which would require huge effort, skill and cost to secure ­ requiring resource beyond the capability of most companies. Better options for voice encryption exist today, though they are not perfect either. In particular, more work is needed on providing scalable and usable protection against man-in-the-middle attacks, and protection of metadata for contact discovery and calls. More broadly, designers of protocols and systems need to appreciate the ethical consequences of their actions in terms of the political and power structures which naturally follow from their use. MIKEY-SAKKE is the latest example to raise questions over the policy of many governments, including the UK, to put intelligence agencies in charge of protecting companies and individuals from spying, given the conflict of interest it creates.

And GCHQ previously rejected a more secure standard, MIKEY-IBAKE, because it didn't allow undetectable spying.

Both the NSA and GCHQ repeatedly choose surveillance over security. We need to reject that decision.

by Bruce Schneier at January 22, 2016 08:23 PM

Feeds In This Planet