Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

September 04, 2015

Ethan Zuckerman
Lessig 2016: A radical institutionalist runs for President

My friend Lawrence Lessig is exploring a run for president. His first step was to ask individuals to pledge towards a $1m war chest before Labor Day, agreeing to enter the Democratic primary if he received enough support. As of this evening, over 7000 donors have pledged over $860,000, and it looks likely that Lessig will become a candidate in three days.

I’m one of those 7000 donors who is encouraging him to run. But supporting Lessig’s campaign is different from supporting Sanders or Clinton, (or Bush or Trump, for that matter), and I’m supporting his cause for different reasons than I’d support any of theirs.

If Lessig is elected, he does not plan to serve his term as President – instead, if elected, he would stay in office long enough to pass a package of voting and campaign finance reforms, then resign, leaving his vice-president (possibly Bernie Sanders, possibly Elizabeth Warren) in charge. His reforms, contained in the Citizen Equality Act 2017, would require public funding of Presidential and Congressional campaigns, seek anti-gerrymandering reforms like Single Transferable Voting, and strengthen laws against voter suppression, like the Voting Rights Act.

lessig

Lessig calls this a referendum presidency. In other words, he’s not asking people to vote on him as a potential president, but to use the presidential election as a referendum on campaign finance reform. If Lessig won the presidency, he would have a strong mandate to advocate for this legislation in Congress, and perhaps Congress would finally act on meaningful electoral reform once they saw a majority (or plurality, or plurality of electors, given our nation’s baffling electoral college system) supporting these reforms. This referendum strategy is consistent with an argument he’s offered in his last three books: campaign finance is more important than all other political issues, as we can’t make progress on other issues until we fix the laws that have turned the US from a democracy into an oligarchy.

I don’t think Lessig is going to win. He’s late to a race in which Clinton has a strong team, fundraising and endorsements in place, and where Sanders is already doing well in channeling the left of the party into a protest vote – splitting a liberal electorate with Sanders is an unlikely primary strategy. While I do think that there’s a large number of people on both the left and the right who see money in politics as a critical problem to solve, I think those who’ve aligned with Trump because they believe him to be beholden to no one will have a hard time switching their allegiance to a liberal Harvard professor. (It’s interesting to read Lessig on Trump, who Lessig concedes is a far more influential speaker on campaign finance reform at the moment than he is.)

It’s also reasonable to observe that even if Lessig did win, he’s still unlikely to accomplish what he wants. He would likely face a Republican-dominated Congress which would oppose a set of reforms that would disproportionately damage Republican’s chances in Congress. (Gerrymandering has disproportionately benefitted Republicans in Congress, and the voter suppression he’s fighting largely impacts groups that tend to vote Democratic. Both parties have some candidates with heavy SuperPAC support and others with primarily small donor support.)

What these analyses miss is that Lessig often wins by losing. Despite lambasting himself for losing Eldred vs. Ashcroft, Lessig’s failure to persuade the Supreme Court to overturn the Sonny Bono Copyright Term Extension Act became a rallying point for the anti-copyright movement, helping build Creative Commons as credible alternative to a system determined to keep works out of the public domain. Lessig was dismissed as special master from United States v. Microsoft after the software giant claimed Lessig was biased against him, but the experience helped shape Lessig’s masterful and influential book, Code… and the case was ultimately decided in ways consistent with Lessig’s arguments. Some of Lessig’s recent losses are harder to parse: the $10m Mayday PAC raised and spent without tipping a single 2014 congressional race might be read as evidence that the influence of money in politics is not as simple as buying elections by raising soft money. Or it might have been a win in drawing attention to the cause, yielding a New York Times front page profile, a New Yorker story, Washington post articles and a great deal of public debate on the topic.

Seen in that light, Lessig’s once again in a good position to win by losing, so long as his referendum attracts sufficient attention. Were Lessig to pass the threshold to participate in the Democratic Party’s six debates, he’d have an unprecedented stage to make his case, and it’s possible he could get a commitment from Sanders or Clinton to make his reforms a central priority. Even if he achieves a level of visibility where his possible inclusion in the debates is discussed, the unusual nature of his candidacy suggests coverage would focus less on personality and electability than on his issues. And the unexpected success of Zephyr Teachout, Lessig’s close friend and now head of the Mayday PAC, who captured 34% of the vote in the New York State gubernatorial election suggests that frustrated progressives may be willing to support campaigns that raise issues, even if they don’t win offices.

I respect and admire Lessig deeply, and support the reforms he wants to make. I think his strategy to “hack” the election and turn it into a referendum just might work, and that even if it fails, it could have an enormous positive effect on the 2016 elections.

But that’s not why I pledged to Lessig’s campaign. I pledged because I’m becoming an insurrectionist, and I wish I could still be an institutionalist.

Chris Hayes, MSNBC host and author of “The Twilight of the Elites: America after Meritocracy”, offers institutionalism and insurrectionism as a new duality to help explain American politics. Institutionalists (on the left and on the right) see the challenges faced by our country as challenges of reforming and strengthening the institutions we depend on: Congress, the courts, the tax code, immigration enforcement, banks. Insurrectionists have lost faith in one or more of these institutions, and no longer believe they can be saved. Instead, insurrectionists want to overturn these institutions and replace them with something that works better.

Those lining up to seek the election of candidates on the left and right are institutionalists – they see control of the Presidency and of Congress as critically important, as these are the institutions that govern our nation. Insurrectionists, from the Tea Party to Occupy, are often unconvinced that it matters who’s running these institutions, since the institutions are so broken that it’s very hard to use them to make meaningful change. Insurrectionism helps explain both a Tea Party insistence that professional politicians cannot solve America’s problems, as they are too much part and parcel of existing broken institutions, and Occupiers’ insistence that they did not have a package of political demands to present, but rather a different way of organizing a society.

Historically, insurrectionists have preached revolution. But it’s harder to make a case for revolution in the wake of the Arab Spring, where most revolutions left their societies wracked by conflict, or dominated by the strongest institution remaining once the government was toppled. (In Egypt, the government gave way to the institution of the Muslim Brotherhood, and then the institution of the military.) Fortunately, we’re seeing the emergence of effective insurrectionism, ways in which people who’ve given up on institutions are making change by building new technologies to fight climate change and by building movements to challenge social norms.

I’m fascinated by these new directions and have been writing and speaking about effective insurrectionism. But these ways of changing the world for the better would work a hell of a lot more smoothly if we had functional institutions working towards the same goals.

Lessig is a radical institutionalist. He’s trying something deeply unconventional, but the goal is not to overturn the institutions of American democracy, but to fix them. This approach can look crazy to most of the institutionalists because it’s so far outside the realm of established behavior, where predictable candidates run for office, and engage in the “art of the possible” once they’re elected. It looks doomed to many of the insurrectionists – we don’t believe Congress will let Lessig make the changes he wants even if he receives the majority of the popular vote.

And while it might be both crazy and doomed, it’s also the most hopeful and least cynical idea of this campaign season. While I’m calculating ways Lessig can win by losing, I believe that Lessig believes that the majority of Americans both hate the way our system currently works and believe it can be fixed. I believe that Lessig believes that we can cross boundaries of party and ideology to fix a problem that’s paralyzing our most critical government institutions and keeping America from meeting the needs of all her people.

I believe that’s a hope worth investing in.

by Ethan at September 04, 2015 09:36 PM

Bruce Schneier
Understanding Squid Self-Healing Teeth

Using squid teeth as a model, researchers have created "the first material that heals itself in water."

Paper from Nature.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at September 04, 2015 09:07 PM

I'll be Talking Cyber-Resilience on a Webinar

This coming Thursday, I'll be talking with Larry Poneman about cyber-resilience and the results of a new survey he's releasing. Join us here. The event is sponsored by my company, Resilient Systems, Inc.

by Bruce Schneier at September 04, 2015 07:19 PM

Bruce Schneier
China's "Great Cannon"

Interesting research: "An Analysis of China's 'Great Cannon.'"

Abstract: On March 16th, 2015, the Chinese censorship apparatus employed a new tool, the "Great Cannon", to engineer a denial-of-service attack on GreatFire.org, an organization dedicated to resisting China's censorship. We present a technical analysis of the attack and what it reveals about the Great Cannon's working, underscoring that in essence it constitutes a selective nation-state Man-in-the-Middle attack tool. Although sharing some code similarities and network locations with the Great Firewall, the Great Cannon is a distinct tool, designed to compromise foreign visitors to Chinese sites. We identify the Great Cannon's operational behavior, localize it in the network topology, verify its distinctive side-channel, and attribute the system as likely operated by the Chinese government. We also discuss the substantial policy implications raised by its use, including the potential imposition on any user whose browser might visit (even inadvertently) a Chinese web site.

by Bruce Schneier at September 04, 2015 01:16 PM

James Losey
Bridal Veil Falls by James Losey Via Flickr: One of the...


Bridal Veil Falls by James Losey
Via Flickr:
One of the many beautiful water falls in Columbia River Gorge just outside of Portland Oregon. Prints are available online.

September 04, 2015 01:12 PM

September 03, 2015

Bruce Schneier
"The Declining Half-Life of Secrets"

Several times I've mentioned Peter Swire's concept of "the declining half-life of secrets." He's finally written it up:

The nature of secrets is changing. Secrets that would once have survived the 25 or 50 year test of time are more and more prone to leaks. The declining half-life of secrets has implications for the intelligence community and other secretive agencies, as they must now wrestle with new challenges posed by the transformative power of information technology innovation as well as the changing methods and targets of intelligence collection.

by Bruce Schneier at September 03, 2015 01:43 PM

Berkman Center front page
CALL FOR ABSTRACTS: 2016 Annual Conference: Big Data, Health Law, and Bioethics

Subtitle

Abstracts due December 1, 2015

Teaser

The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School is pleased to announce plans for its 2016 annual conference, entitled: “Big Data, Health Law, and Bioethics.”  This year’s conference is organized in collaboration with the Berkman Center for Internet and Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich

Thumbnail Image: 

The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School is pleased to announce plans for its 2016 annual conference, entitled: “Big Data, Health Law, and Bioethics.”  This year’s conference is organized in collaboration with the Berkman Center for Internet and Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich

Conference Description

“Big Data” is a phrase that has been used pervasively by the media and the lay public in the last several years. While many definitions are possible, the common denominator seems to include the “three V’s” – Volume (vast amounts of data), Variety (significant heterogeneity in the type of data available in the set), and Velocity (speed at which a data scientist or user can access and analyze the data).

Defined as such, health care has become one of the key emerging use cases for big data. For example, Fitbit and Apple’s ResearchKit can provide researchers access to vast stores of biometric data on users from which to test hypotheses on nutrition, fitness, disease progression, treatment success, and the like. The Centers for Medicare & Medicaid Services (CMS) have vast stores of billing data that can be mined to promote high value care and prevent fraud; the same is true of private health insurers.  And hospitals have attempted to reduce re-admission rates by targeting patients that predictive algorithms indicate are at highest risk based on analysis of available data collected from existing patient records.

Underlying these and many other potential uses, however, are a series of legal and ethical challenges relating to, among other things, privacy, discrimination, intellectual property, tort, and informed consent, as well as research and clinical ethics.

This conference, and anticipated edited volume, will aim to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S. 

Stay tuned for the full agenda later this year!

Call for Abstracts

We welcome submissions on both broad conceptual questions and more specific policy issues.  Potential topics include:

  • Research ethics and regulation relating to the generation and use of big data in health care settings

  • Hospital and physician use of big data to assist treatment decisions, including the creation and deployment of predictive analytics engines for health care

  • Big data and computer decision aids for treatment (including physician liability and manufacturer liability)

  • Health big data and re-identification risk

  • Big data and health insurance (including protections against discrimination)

  • Forensic use of genomic and other biometric big data

  • Big data commercialization, ownership, and intellectual property in the health care context

  • Big data, data sharing, and citizen science for health research

  • HIPAA and other privacy protections for health big data

  • Legal considerations with data security for big data in health care settings

  • Ethical and legal use and creation of big data databases by government providers or payers of health care (CMS, the VA, etc.)

  • Mobile health uses of big data and FDA regulation

  • Big data and the regulation of personalized medicine

  • Big data, genetics, and biospecimen banking

  • Comparative law perspectives on big data and health care: what can the U.S. learn?

  • Regulating health big data across international borders and multiple legal regimes

  • How ethics and regulatory training (especially for care providers) should adapt to increased use of big data in health care and health research

  • Big data uses in public health research and practice 

Please note that this list is not meant to be exhaustive; we hope to receive abstracts related to the conference’s general theme even if a particular topic was not specifically listed here.  However, proposals that lack a clear linkage to all three aspects of the conference – health care, big data, and either law or medical ethics will not be considered.  Moreover, our main focus is on the setting of the United States, although we remain interested in comparative approaches and ways in which a lack of international harmonization may cause problems.  Papers that focus on ethics should include substantial discussion of policy implications.  Relatedly, law will be treated broadly to include governmental policy decisions more generally. Abstracts should explicitly address why big data is crucial to the project rather than merely being a form of an issue that exists with small data.  Successful abstracts will propose or outline an argument/position, rather than merely stating a topic.

In an effort to encourage interdisciplinary and international dialogue, we welcome submissions from legal scholars and lawyers, of course, but also from bioethicists, philosophers, scholars of computer and other information sciences, sociology, government officials and staff, international scholars and regulators discussing how their systems have handled these issues in ways that the US may learn from, and others who have a meaningful contribution to make on this topic.  We welcome submissions from advocacy organizations, think tanks, and others outside academia, but emphasize that this is a scholarly conference, and abstracts/papers will be held to academic standards of argumentation and support. 

How to Participate

If you are interested in participating, please send a 1-page abstract of the paper you would plan to present to petrie-flom@law.harvard.edu as soon as possible, but not later than December 1, 2015.   If your abstract is selected, your final paper will be due on April 4, 2016, and you will be assigned a presentation slot for the conference.  Please note that all presenters must provide a full final draft in order to participate and that presenters are expected to attend the conference for its full duration. Depending on how many abstracts are selected, the conference may run for part of a second day; therefore, please hold both May 6 and May 7, 2016 open.  We will pay travel expenses for presenters who must travel to Cambridge; co-authored papers must name a single presenter.

In the past, we have successfully turned several of our conferences into edited volumes (e.g., with OxfordMIT,Columbia, and Johns Hopkins University presses). If such a volume arises out of this conference, our expectation is that conference presenters will publish their papers with us as part of the edited volume.  Those who do not wish their work to appear in a potential edited volume should so indicate on the abstract. We will accept conference papers of all lengths and styles (e.g., law review, medical, philosophy, or policy journal, etc.), but presentations will be limited to about 15 minutes and chapters in conference volumes are generally limited to about 5,000 words, including references.  Previous conference participants have been able to publish their submissions in different formats in multiple venues, for example both as a short book chapter and a longer law review article.  However, the version that will be used for our edited volume should not have been published previously or be planned to publish separately. 

Registration

The conference is free and open to the public, but seating is limited. Registration will open in January 2016. 

Questions

Please contact Holly Fernandez Lynch, Executive Director, Petrie-Flom Center: hlynch@law.harvard.edu, 617-384-5475.

This year’s conference is organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich. 

     

by gweber at September 03, 2015 01:22 PM

James Losey
Browne Lake by James Losey Via Flickr: Browne Lake in...


Browne Lake by James Losey
Via Flickr:
Browne Lake in Ashley National Forest, Utah. Prints are available here.

September 03, 2015 12:41 PM

Berkman Center front page
Radio Berkman 228: Towards a More Inclusive Web

Teaser

For a research project, Whitney Phillips embedded with some of the Internet's most reviled trolls; she emerged to talk with us about how the Internet may be outgrowing them

Thumbnail Image: 

Ethnographer Whitney Phillips embedded with the trolls of 4chan, observing for years how anonymous members of its subversive "b" forum memed, pranked, harassed, and abused, all for the "lolz" — the thrill of doing something shocking.

The result: a book, "This is Why We Can’t Have Nice Things: Mapping the Relationship between Online Trolling and Mainstream Culture," that sheds light on how and why trolls do what they do.

More than pushing the boundaries of taste within themselves — the "b" board recently made headlines for a case in which anonymous members allegedly goaded one of their own to cut off his own toe — troll behavior has had an incredibly broad impact on society. Trolling shaped the way social platforms and conversations on public forums take place. It is in no small part due to the spread of troll culture that comments sections, Facebook threads, and Twitter conversations can be minefields to productive conversation; the troll dialect is better equipped for shock and ironic bigotry than for sincerity, and a sincere conversation is just begging to be disrupted, especially when you disagree with your target.

But while wrench-throwing can and has been a very important tool in online discourse, the web has started to outgrow trolls. In 2003 when 4chan was launched, there were under 700 million people on the Internet (predominantly higher income, younger, white, western, male, and native English speakers), compared to 3.2 billion people today from many backgrounds. The incredible diversity of individuals all trying to have conversations on the same platforms has increased demand for civility, understanding, and inclusiveness, even as the conversations can seem more and more cacophonously problematic. And this threatens to make trolling less funny.

Whitney joins us this week to talk about how troll culture has changed over the years, and what platforms can do to temper darker forms of discourse.

Flickr photo courtesy of zzathras777

Music courtesy of _ghost

Reference Section:
Follow Whitney Phillips' work
Her book "This is Why We Can’t Have Nice Things: Mapping the Relationship between Online Trolling and Mainstream Culture"

by djones at September 03, 2015 03:11 AM

September 02, 2015

Ethan Zuckerman
Renormalizing hitchhiking

I’m publishing lots of my new writing on other platforms as well as here. It’s a good chance to reach larger audiences, and often to see how my writing benefits from editing. Inevitably, whatever I submit ends up shorter after an editor works with it – often that leads to stronger work, but it sometimes means that something I loved ends up cut. So I’m using the blog to publish the original pieces, which I sometimes think of as the extended dance remixes (rather than the director’s cut). So here’s a longer version of “Could the Sharing Economy Bring Back Hitchhiking?” published on The Conversation yesterday, and now on Fair Observer and Gizmodo AU.


On August 1st, hitchBOT, a robot that had successfully hitchhiked more than 10,000km across Canada and northern Europe, was destroyed by unknown vandals in Philadelphia’s Old City neighborhood. For a week, the robot’s violent decapitation was a favorite “news of the weird” story, a chance for commentators to reflect on the Philadelphia’s public image, to muse about human empathy for robots and, of course, to warn of the dangers of hitchhiking. As one commentator put it, “With hitchhiking so rare today, especially among non-sociopaths, it has increased the chance that a sociopathic hitchhiker will get picked up by a sociopathic driver.”

At the risk of revealing any hitherto-unrealized sociopathic tendencies, I want to speak in defense of hitchhiking.

I started picking up hitchhikers during my brief stint in graduate school. I was living on the border of New York and Massachusetts in a town so tiny that it was seven miles drive to buy milk or gasoline. It was, as they say, centrally isolated – a half hour drive from my girlfriend (now my wife), and 45 minutes from Troy, NY, the county seat and home to Rensselaer Polytechnic, the school I would soon withdraw from.

Anyone hitchhiking during the upstate NY winter was doing so out of necessity, not on a lark. I began to discover that some of my neighbors didn’t have cars or couldn’t afford to keep theirs on the road, and so relied on rides to Troy for groceries or essential medical services. Giving rides was a low-cost way of meeting people in my community, getting a better sense of where I lived, and doing a good deed.

It’s something I continue doing now on the Massachusetts side of the border, in Berkshire County, where I now live. I’ve learned a great deal from my riders: how easy it is to lose your driver’s license and how expensive it can be to get it back; the state of manufacturing where we live, which employers fire workers before employees are eligible for benefits and who helps blue-collar workers build careers; what being without a car does to your financial, health and romantic prospects when you live in a rural area. I’ve had a lot of good conversations and a fair share of stilted ones. But I’ve never had a ride that made me feel uncomfortable or endangered. No one has attempted to take my keys, phone or money, soiled my car, made sexual advances or even complained about what was on the radio.

(Let me pause for a moment so I can acknowledge the privileged position that I hold to be able to offer these rides. I’m male, large enough to be physically intimidating, wealthy enough that I can afford whatever extra fuel an extra passenger costs, secure enough in my employment that I can take a few minutes to drop someone at a destination. I live in a safe place. I’m not arguing that everyone should pick up hitchhikers, just explaining why I do and why I wish more people who are similarly privileged would do so.)

Hitchhiking used to be a normal thing to do. During World War II, hundreds of thousands of American men hitchhiked from their hometowns to the bases where they shipped off to war – picking up hitchhikers was a patriotic duty. But this began to change in the 1950s, and by the mid-1970s, hitchhiking was nearly extinct.

Historian Ginger Strand argues that hitchhiking didn’t die a natural death – it was killed. As early as the mid-1950s, the FBI ran campaigns designed to convince American motorists that hitchhikers were risking their lives in getting into strangers cars, and that drivers picking up riders were in equal danger. Advertisements like the one above connected hitchhiking with Communism, and given J. Edgar Hoover’s distaste for American counterculture, it’s possible that the FBI’s war on hitchhiking was a reaction both to books like Kerouac’s On the Road, and to the tendency of civil rights activists and other student radicals to use hitchhiking as their primary means of travel.

A second blow to hitchhiking came from the visibility of serial killers in the 1970s and 1980s. Widely publicized in the news media, the “Freeway Killer” – later revealed to be three serial killers operating independently – claimed to have killed more than 100 people in California, mostly hitchhikers. While these spectacular and brutal killings captured public attention and led municipalities to pass laws against hitchhiking, a California Highway Patrol study in 1974 found that hitchhiking was a factor in 0.63% of crimes, hardly an epidemic. But the apparent connection between hitchhiking and murder, combined with law enforcement campaigns to end the practice, succeeded in de-normalizing hitchhiking.

Now, with the rise of the so-called “sharing economy”, we’re seeing the renormalization of the practice of catching rides from strangers. When “ridesharing” service Lyft launched in 2012, it encouraged passengers to exchange a fist bump with their driver, and to sit in the front seat, making Lyft more like hitchhiking for a fee than taking a taxi, distinguishing it from Uber. (By late 2014, Lyft had phased out the fist bump and the front seat, perhaps realizing that it wasn’t such a bad idea to look like the clone of a business valued at $50 billion.)

Of course, neither Lyft nor Uber are promoting hitchhiking – they’re promoting unlicensed taxi services where ambitious startup companies charge users a commission to be matched with an “independent contractor”. But the language used to promote these services could be as easily used to make a renewed case for hitchhiking. Uber advertises itself as an environmentally friendly way to take private cars off the road and to reduce solo rides with its Uber pool service. Lyft no longer advertises itself as “your friend with a car”, but it offers a “profile” service to encourage passengers and drivers to meet each other, positioning a ride as a way to make a new friendship. Ridesharing companies want the benefits of social practices like hitchhiking – they just want us to pay for them, and take a cut of the revenues.

Behind the “sharing economy” is massive effort to reshape social norms around trust, work, ownership and personal space. Most of us are used to entering a car driven by a stranger – a taxi – but sleeping in the spare bedroom or couch of a stranger is less familiar, and deeply uncomfortable for some. The front page of AirBnB’s website features a video designed to address these concerns on an emotional level. A baby in a diaper walks down a sunlight hallway while a woman’s voice asks, “Is man kind? Are we good? Go see.” The service’s tagline – “Belong Anywhere” – is a direct response to the anxiety many of us would feel about sleeping in a stranger’s house: “No, this isn’t transgressive – you belong anywhere.”

In a world where it’s too dangerous to hitchhike, why are women willing to let strange men sleep in their spare bedroom? Why are people willing to get in a vehicle driven by a stranger whose background may have been only cursorily checked?

One possible reason for this increase in trust is the technology that enables it. Since eBay made it commonplace for individuals to sell goods to one another outside the traditional retail system, technologies to track user reputation have become the norm in peer to peer marketplaces. Uber, Lyft and AirBnB all rely on mutual reputation systems: you rate your driver or host, they rate you as a passenger or guest. Develop anything other than a stellar reputation and it becomes difficult to use the system: passengers won’t ride with you, owners won’t rent to you. With economic consequences attached to reputation systems, there are consequences for bad behavior, and a strong disincentive to cheat (or worse, kidnap and rape) the other party in the transaction.

In theory. In practice, these reputation systems don’t work very well. The reciprocal rating systems have a strong social pressure towards positive ratings – because ratings are public, there’s a strong tendency towards both collusion and towards revenge. Either passenger and driver give each other top marks, or if you rate a driver unfavorably, she is likely to rate you poorly as a passenger. The net effect, as Tom Slee discovered analyzing publicly available ride sharing data, is that the overwhelming majority of ratings are the highest possible, providing no meaningful way to distinguish between great and mediocre participants. It’s not even clear that these systems deter bad actors. Despite its celebrated reputation systems, eBay was so ripe with fraud that PayPal was able to develop a lucrative business as an escrow service, holding funds until both parties in a transaction reported themselves satisfied with the outcome.

If we were really concerned about our safety when entering a car or an apartment, reputation systems wouldn’t provide much reassurance. Rapists don’t attack everyone they meet. And the real disincentive against attacking a passenger in your car or a guest in your house is not the danger to your online reputation but the legal and moral consequences of your actions.

A less generous explanation for why we trust Uber and not hitchhiking is that class-based discrimination is at work in these systems. Last year, Wired writer Jason Tanz interviewed freelance yoga teacher and Lyft driver Cindy Manit for an article about trust in the sharing economy. Asked whether she was scared to pick up riders, she explained, “It’s not just some person from off the street”, distinguishing smartphone-equipped, credit-card holding technology early adopters from the hitchhiking riffraff. While technological assurances, like the connection to a Facebook account and the guarantee of a payment via credit card offer one level of reassurance, the economic, technical and social barriers to using the service offer another assurance, that the user likely belongs to a middle to high economic class. By contrast, in my experience, people hitchhiking are not doing so as a hip alternative to Uber – they often have no other economically viable way to get from point A to point B.

Questions about discrimination in systems like Uber and AirBnB are multilayered and complicated. Writer and editor Latoya Peterson celebrated Uber in late 2012 as offering an (often expensive) escape from the frustrating and humiliating experience of trying to hail a cab as a black person. In contrast, Law professor Nancy Leong worries that the ability to see the name and photo of a passenger before choosing to pick her up could lead to conscious racial discrimination, or simply to discrimination through unconscious bias. Using data from Airbnb in New York City, Harvard Business School professors Ben Edelman and Michael Luca were able to demonstrate that black hosts are paid 12% less for their properties, suggesting that renters consciously or unconsciously discriminate against black hosts, leading to market pressure for those hosts to lower prices on their rentals. It’s unclear whether the rise of Uber and Lyft will alleviate or aggravate racial discrimination. In the meantime, though, these services signal that a user is a person of means, an assurance that may lead to increased levels of trust.

Perhaps the most optimistic answer to the question of why we trust transaction partners in the sharing economy is that most people are trustworthy. The message AirBnB is paying handsomely to promote is, ultimately, true. In 2013, 1.16 million violent crimes were reported in the US, the lowest number since 1978, when 1.09 million violent crimes were reported. But the US population in 1978 was 222.6 million, versus 318.9 million now. Bureau of Justice statistics paint the picture of nation getting steadily safer since 1994, with adults now 3x less likely to be victims of violent crime than a generation ago.

Our perceptions have not caught up to this new, safer world, which is part of why activities like hitchhiking still seem so transgressive. 68% of Americans polled by Gallup believed that crime was on the rise in the US, though only 48% believed crime in their local area was worsening. The picture that emerges is one where many Americans perceive the world as a dangerous, crime-ridden place even if they’ve not personally experienced crime in their communities, an image reinforced by media coverage of incidents of violent crime that don’t talk about larger, statistical trends.

There are technological reasons as well to believe hitchhiking is safer now than in the 1970s. 91% of American adults carry mobile phones, enabling them to call 911 if a driver or passenger becomes threatening, something that simply wasn’t possible in the 1970s. The 64% of American adults with smartphones could take a picture of the driver (a possible disincentive against sexual assault) or look up a driver’s license plate to ensure there’s not an active bulletin about a stolen vehicle or a fleeing criminal.

But while hitchhiking has become safer, it hasn’t had the advantage of a well-funded campaign to renormalize it as a behavior. And while AirBnB has the resources to encourage people to trust strangers, it’s not clear that their campaign will have benefits for pro-social, non-revenue generating activities like carpooling, couchsurfing, or hitchhiking.


Graphic and slogans credited to Dennis Nyhagen,for The Stephanie Miller Show in 2004, reproduced by Al Haug

That’s a missed opportunity. Whether or not the giants of the on-demand, peer economy believe their own rhetoric about sharing and social connection, or are simply using it as a marketing strategy, realizing that we live in a nation where it’s safe to trust other Americans, for a ride or just for a conversation, is a first step in addressing inequality, racism and political division. Picking up hitchhikers, for me, has been one of the best ways to understand the community I live in and the problems my neighbors face. Whether or not it’s the right way for you to make connections is something I can’t tell you. But I can tell you that social serendipity is too important a task to hope that sharing economy startups will accomplish it as a side benefit.

—-

For further reading:

A helpful Reddit thread on the death of hitchhiking in the US

An excellent piece by Molly Osberg on the history and stigmatization of hitchhiking

Ginger Strand’s Killer on the Road, which is remarkably pro-hitchhiking despite a focus on the connection between interstate highways and serial killers in America

by Ethan at September 02, 2015 08:39 PM

Justin Reich
Why Is Measuring Learning So Difficult? A Video Conversation
A video conversation about why the task of measuring learning is so complex.

by Justin Reich at September 02, 2015 05:09 PM

Backchannels and Brain Research: Help or Hindrance?
Backchannels offer students an opportunity to engage in digital conversation; however, do they support learning or serve as a digital distraction?

by Beth Holland at September 02, 2015 01:39 PM

Tim Davies
Data, openness, community ownership and the commons

[Summary: reflections on responses to the GODAN discussion paper on agricultural open data, ownership and the commons – posted ahead of Africa Open Data Conference GODAN sessions]

Photo Credit - CC-BY - South Africa Tourism

]3 Photo Credit – CC-BY – South Africa Tourism

Key points

  • We need to distinguish between claims to data ownership, and claims to be a stakeholder in a dataset;
  • Ownership is a relevant concept for a limited range of datasets;
  • Openness can be a positive strategy, empowering farmers vis-a-vis large corporate interests;
  • Openness is not universally good: can also be used as a ‘data grab’ strategy;
  • We need to think critically about the configurations of openness we are promoting;
  • Commons and cooperative based strategies for managing data and open data are a key area for further exploration;

Open or owned data?

Following the publication of a discussion paper by the ODI for the Global Open Data for Agriculture and Nutrition initiative, putting forward a case for how open data can help improve agriculture, food and nutrition, debate has been growing about how open data should be approached in the context of smallholder agriculture. In this post, I explore some provisional reflections on that debate.

Respondents to the paper have pointed to the way in which, in situations of unequal power, and in complex global markets, greater accessibility of data can have substantial downsides for farmers. For example, commodity speculation based on open weather data can drive up food prices, or open data on soil profiles can be used in order to extract greater margins from farmers when selling fertilizers. A number of responses to the ODI paper have noted that much of the information that feeds into emerging models of data-driven agriculture is coming from small-scale farmers themselves: whether through statistical collection by governments, or hoovered up by providers of farming technology, all aggregated into big datasets that practically inaccessible to local communities and farmers.

This has led to some focussing in response on the concept of data ownership: asserting that more emphasis should be placed on community ownership of the data generated at a local level. Equally, it has led to the argument that “opening data without enabling effective, equitable use can be considered a form of piracy”, making direct allusions to the biopiracy debate and the consequent responses to such concerns in the form of interventions such as the International Treaty on Plant Genetic Resources.

There are valid concerns here. Efforts to open up data must be interrogated to understand which actors stand to benefit, and to identify whether the configuration of openness sought is one that will promote the outcomes claimed. However, claims of data ownership and data sovereignty need to be taken as a starting point for designing better configurations of openness, rather than as a blocking counter-claim to ideas of open data.

Community ownership and openness

My thinking on this topic is shaped, albeit not to a set conclusion, by a debate that took place last year at a Berkman Centre Fellows Hour based on a presentation by Pushpa Kumar Lakshmanan on the Nagoya Protocol which sets out a framework for community ownership and control over genetic resources.

The debate raised the tension between the rights of communities to gain benefits from the resources and knowledge that they have stewarded, potentially over centuries, with an open knowledge approach that argues social progress is better served when knowledge is freely shared.

It also raised important questions of how communities can be demarcated (a long-standing and challenging issue in the philosophy of community rights) – and whether drawing a boundary to protect a community from external exploitation risks leaving internal patterns of power and exploitation within the community unexplored. For example, does community ownership of data really lead to certain elites in the community controlling it.

Ultimately, the debate taps into a conflict between those who see the greatest risk as being the exploitation of local communities by powerful economic actors, and those who see the greater risk as a conservative hoarding of knowledge in local communities in ways that inhibit important collective progress.

Exploring ownership claims

It is useful to note that much of the work on the Nagoya Protocol that Pushpa described was centred on controlling borders to regulate the physical transfer of plant genetic material. Thinking about rights over intangible data raises a whole new set of issues: ownership cannot just be filtered through a lens of possession and physical control.

Much data is relational. That is to say that it represents a relationship between two parties, or represents objects that may stand in ownership relationships with different parties. For example, in his response to the GODAN paper, Ajit Maru reports how “John Deere now considers its tractors and other equipment as legally ‘software’ and not a machine… [and] claims [this] gives them the right to use data generated as ‘feedback’ from their machinery”. Yet, this data about a tractor’s operation is also data about the farmers land, crops and work. The same kinds of ‘trade data for service’ concerns that have long been discussed with reference to social media websites are becoming an increasing part of the agriculture world. The concern here is with a kind of corporate data-grab, in which firms extract data, asserting their absolute ownership over something which is primarily generated by the farmer, and which is at best a co-production of farmer and firm.

It is in response to this kind of situation that grassroots data ownership claims are made.

These ownership claims can vary in strength. For example:

  • The farmer can claim that ‘this is my data’, and I should have ultimate control over how it is used, and the ability to treat it as a personally held asset;

  • The second runs that ‘I have a stake in this data’, and as a consequence, I should have access to it, and a say in how it is used;

Which claim is relevant depends very much on the nature of the data. For example, we might allow ownership claims over data about the self (personal data), and the direct property of an individual. For datasets that are more clearly relational, or collectively owned (for example, local statistics collected by agricultural extension workers, or weather data funded by taxation), the stakeholding claim is the more relevant.

It is important at this point to note that not all (perhaps even not many) concerns about the potential misuse of data can be dealt with effectively through a property right regime. Uses of data to abuse privacy, or to speculate and manipulate markets may be much better dealt with by regulations and prohibitions on those activities, rather than attempts to restrict the flow of data through assertions of data ownership.

Openness as a strategy

Once we know whether we are dealing with ownership claims, or stakeholding claims, in data, we can start thinking about different strategic configurations of openness, that take into account power relationships, and that seek to balance protection against exploitation, with the benefits that can come from collaboration and sharing.

For example, each farmer on their own has limited power vis-a-vis a high-tech tractor maker like John Deere. Even if they can assert a right to access their own data, John Deere will most likely retain the power to aggregate data from 1000s of farmers, maintaining an inequality of access to data vis-a-vis the farmer. If the farmer seeks to deny John Deere the right to aggregate their data with that of others: changes that (a) they will be unsuccessful, as making an absolute ownership claim here is difficult – using the tractor was a choice after all; and (b) they will potentially inhibit useful research and use of data that could improve cropping (even if some of the other uses of the data may run counter to the farmers interest). Some have suggested that creating a market in the data, where the data aggregator would pay the farmers for the ability to use their data, offers an alternative path here: but it is not clear that the price would compensate the farmer adequately, or lead to an efficient re-use of data.

However, in this setting openness potentially offers an alternative strategy. If farmers argue that they will only give data to John Deere if John Deere makes the aggregated data open, then they have the chance to challenge the asymmetry of power that otherwise develops. A range of actors and intermediaries can then use this data to provide services in the interests of the farmers. Both the technology provider, and the farmer, get access to the data in which they are both stakeholders.

This strategy (“I’ll give you data only if you make the aggregate set of data you gather open”), may require collective action from farmers. This may be the kind of arrangement GODAN can play a role in brokering, particularly as it may also turn out to be in the interest of the firm as well. Information economics has demonstrated how firms often under-share information which, if open, could lead to an expansion of the overall market and better equilibria in which, rather than a zero-sum game, there are benefits to be shared amongst market actors.

There will, however, be cases in which the power imbalances between data providers and those who could exploit the data are too large. For example, the above discussion assumes intermediaries will emerge who can help make effective use of aggregated data in the interests of farmers. Sometimes (a) the greatest use will need to be based on analysis of disaggregated data, which cannot be released openly; and (b) data providers need to find ways to work together to make use of data. In these cases, there may be a lot to learn from the history of commons and co-operative structures in the agricultural realm.

Co-operative and commons based strategies

Many discussions of openness conflate the concept of openness, and the concept of the commons. Yet there is an important distinction. Put crudely:

  • Open = anyone is free to use/re-use a resource;
  • Commons = mutual rights and responsibilities towards the resource;

In the context of digital works, Creative Commons provide a suite of licenses for content, some of which are ‘open’ (they place no responsibilities on users of a resource, but grant broad rights), and others of which adopt a more regulated commons approach, placing certain obligations on re-users of a document, photo or dataset, such as the responsibility to attribute the source, and share any derivative work under the same terms.

The Creative Commons draws upon an imagery from the physical commons. These commons were often in the form of land over which farmers held certain rights to graze cattle, of fisheries in which each fisher took shared responsibility for avoiding overfishing. Such commons are, in practice, highly regulated spaces – but that seek to pursue an approach based on sharing and stakeholding in resources, rather than absolute ownership claims. As we think about data resources in agriculture, reflecting more on learning from the commons is likely to prove fruitful. Of course, data, unlike land, is not finite in the same ways, nor does it have the same properties of excludability and rivalrousness.

In thinking about how to manage data commons, we might look towards another feature prevalent in agricultural production: that of the cooperative. The core idea of a data cooperative is that data can be held in trust by a body collectively owned by those who contribute the data. Such data cooperatives could help manage the boundary between data that is made open at some suitable level of aggregation, and data that is analysed and used to generate products of use to those contributing the data.

With Open Data Services Co-operative I’ve just started to dig more into learning about the cooperative movement: co-founding a workers cooperative that supports open data projects. However, we’ve also been thinking about how data cooperatives might work – and I’m certain there is scope for a lot more work in this area, helping deal with some of the critical questions that have come up for open data from the GODAN discussion paper.

by Tim at September 02, 2015 01:32 PM

Bruce Schneier
History of the L0pht

This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security.

by Bruce Schneier at September 02, 2015 12:04 PM

September 01, 2015

Tim Davies
Enabling the Data Revolution: IODC 2015 Conference Report

ReportCoverThe International Open Data Conference in Ottawa in May this year brought together over 200 speakers and close to 1000 in-person attendees to explore the open data landscape. I had the great privilege of working with the conference team to work on co-ordinating a series of sessions designed to weave together discussions from across the conference into a series of proposals for action, supporting shared action to take forward a progressive open data agenda. From the Open Data Research Symposium and Data Standards Day and other pre-events, to the impact presentations, panel discussions and individual action track sessions, a wealth of ideas were introduced and explored.

Since the conference, we’ve been hard at work on a synthesis of the conference discussions, drawing on over 30 hours of video coverage, hundreds of slide decks and blog posts, and thousands of tweets, to capture some of the key issues discussed, and to put together a roadmap of priority areas for action.

The result has just been published in English and French as a report for download, and as an interactive copy on Fold: embedding video and links alongside the report section by section.

Weaving it together

The report was only made possible through the work of a team of volunteers – acting as rapporteurs for each sessions and blogging their reflections – and session organisers, preparing provocation blog posts in advance. That meant that in working to produce a synthesis of the different conferences I not only had video recordings and tweets from most sessions, but I also had diverse views and take-away insights written up by different participants, ensuring that the report was not just about what I took from the conference materials – but that it was shaped by different delegates views. In the Fold version of the report I’ve tried to link out to the recordings and blog posts to provide extra context in many sections – particularly in the ‘Data Plus’ section which covers open data in a range of contexts, from agriculture, to fiscal transparency and indigenous rights.

One of the most interesting, and challenging, sections of the report to compile has been the Roadmap for Action. The preparation for this began long in advance of the International Open Data Conference. Based on submissions to the conference open call, a set of action areas were identified. We then recruited a team of ‘action anchors’ to help shape inputs, provocations and conference workshops that could build upon the debates and case studies shared at the conference and it’s pre-events, and then look forward to set out an agenda for future collaboration and action in these areas. This process surfaced ideas for action at many different levels: from big-picture programmes, to small and focussed collaborative projects. In some areas, the conference could focus on socialising existing concrete proposals. In other areas, the need has been for moving towards shared vision, even if the exact next steps on the path there are not yet clear.

The agenda for action

Ultimately, in the report, the eight action areas explored at IODC2015 are boiled down to five headline categories in the final chapter, each with a couple of detailed actions underneath:

  • Shared principles for open data: “Common, fundamental principles are vital in order to unlock a sustainable supply of high quality open data, and to create the foundations for inclusive and effective open data use. The International Open Data Charter will provide principles for open data policy, relevant to governments at all levels of development and supported by implementation resources and working groups.”
  • Good practices and open standards for data publication: “Standards groups must work together for joined up, interoperable data, and must focus on priority practices rooted in user needs. Data publishers must work to identify and adopt shared standards and remove the technology and policy barriers that are frequently preventing data reuse.”
  • Building capacity to produce and use open data effectively: “Government open data leaders need increased opportunities for networking and peer-learning. Models are needed to support private sector and civil society open data champions in working to unlock the economic and social potential of open data. Work is needed to identify and embed core competencies for working with open data within existing organizational training, formal education, and informal learning programs.”
  • Strengthening open data innovation networks: “Investment, support, and strategic action is needed to scale social and economic open data innovations that work. Organizations should commit to using open data strategies in addressing key sectoral challenges. Open data innovation networks and thematic collaborations in areas such as health, agriculture, and parliamentary openness will facilitate the spread of ideas, tools, and skills— supporting context-aware and high-impact innovation exchange.”
  • Adopting common measurement and evaluation tools: “Researchers should work together to avoid duplication, to increase the rigour of open data assessments, and to build a shared, contextualized, evidence base on what works. Reusable methodological tools that measure the supply, use, and outcomes of open data are vital.To ensure the data revolution delivers open data, open data assessment methods must also be embedded within domain-specific surveys, including assessments of national statistical data.All stakeholders should work to monitor and evaluate their open data activities, contributing to research and shared learning on securing the greatest social impact for an open data revolution.”

In the full report, more detailed actions are presented in each of these categories. The true test of the roadmap will come with the 2016 International Open Data Conference, where we will be able to look at progress made in each of these areas, and to see whether action on open data is meeting the challenge of securing increased impact, sustainability and inclusiveness.

by Tim at September 01, 2015 05:04 PM

PRX
Julie Shapiro Selected as New Radiotopia Executive Producer

Drumroll please… After a highly competitive search, Julie Shapiro has been selected as the Executive Producer for PRX’s Radiotopia.

Julie’s leadership, creativity and commitment to excellence will drive Radiotopia’s success as a leading podcast network at a moment of growth and opportunity for the industry as a whole.

Julie will help lead overall strategic planning for the network, establish and oversee production standards and best practices, develop and manage creative collaborations, and set and meet audience and revenue targets.

We are thrilled to welcome Julie as the newest member of our stellar team.

Check out the press release below for details.


PRESS RELEASE

Contact Kerri Hoffman, COO
Email kerri@prx.org
Website www.prx.org

Cambridge, Mass., September 1, 2015 — PRX is pleased to welcome Julie Shapiro in the new role of Radiotopia executive producer.

Radiotopia is at the epicenter of the newly expanding galaxy of podcasts. Since launching in February 2014, Radiotopia has accelerated to 8.5 million monthly downloads across a growing roster of 13 programs, including 99% Invisible, the celebrated show on design from Roman Mars, and Criminal – a new breakout hit from Lauren Spohrer and Phoebe Judge. In May 2015 the Knight Foundation awarded $1M to PRX to support the development and strengthening of Radiotopia.

Julie will bring editorial vision, creativity and leadership to Radiotopia’s expanding portfolio of top programs. She will work closely with PRX, Roman Mars and the Radiotopia producers to grow the shows, cultivate relationships with talented producers and partners, and build sustainability of the podcast medium.

Julie co-founded and was artistic director of the Third Coast International Audio Festival (TCIAF) for thirteen years. As the creative engine at TCIAF, Julie did everything from co-producing the biannual conference and Filmless festival, to co-curating and editing the Re:sound podcast, to leading strategic direction and public image of the organization.

In 2014, Julie left TCIAF to become the founding executive producer of the Australian Broadcast Corporation’s Creative Audio Unit (CAU), where she led a team in establishing two weekly, national shows and set the strategy and vision for the unit. She is a thought leader and a determined advocate of creative pursuits. Julie originally coined the term “Radiotopia” in a speech at the Third Coast Festival, describing it as a place where awesome stories live.

“Julie has championed the work of hundreds of independent producers and has demonstrated the passion and bold thinking we need to make Radiotopia thrive.” said Kerri Hoffman, Chief Operating Officer of PRX.

Julie is also known for her dedication to diversity and gender balance in public radio, and wrote the influential ”Women Hosted Podcasts” article which had a major impact on the public media industry.

Radiotopia co-founder, Roman Mars said, “Julie Shapiro will provide leadership and vision for both Radiotopia and for the emerging podcasting industry as a whole.”

About PRX
PRX is an award-winning nonprofit public media company, harnessing innovative technology to bring compelling stories to millions of people. PRX.org operates public radio’s largest distribution marketplace, offering tens of thousands of audio stories for broadcast and digital use, including This American Life, The Moth Radio Hour, Sound Opinions, State of the Re:Union, Reveal, and the Radiotopia podcast network. PRX Remix is PRX’s 24/7 channel featuring the best independent radio stories and new voices. PRX was created through a collaboration of the Station Resource Group and Atlantic Public Media, and receives support from public radio stations and producers, The Corporation for Public Broadcasting, the National Endowment for the Arts, the Ford Foundation, the John D. and Catherine T. MacArthur Foundation, the Wyncote Foundation, and Knight Foundation.


The post Julie Shapiro Selected as New Radiotopia Executive Producer appeared first on PRX.

by Kerri Hoffman at September 01, 2015 02:13 PM

Christian Sandvig
The Last Post

(or, I’m Moving My Bloggint to Other Platforms.)

After a great run of six full years, I’ve decided to retire this blog. It worked well, but increasingly I find that most of the readership from my writing comes from my blogging at The Social Media Collective and occasionally at other venues like The Huffington Post and Wired.

Thanks so much for reading this. I’ll still be blogging and I hope that you’ll keep reading after I move things over there.

In the unlikely event that I launch any new standalone blogs I’ll be sure to alert you via my homepage.

by Christian at September 01, 2015 12:55 PM

David Weinberger
Is it time to start newsletters again?

My Boston Globe op-ed yesterday argued that blogging still matters. But it’s also got me wondering: Is the time ripe for newsletters again?

I wrote a personal newsletter for about ten years. It started out as an in-house mailer at Open Text where I was VP of Strategic Marketing in the mid-1990s. It came out every week or two and was titled DWOTIO: David Weinberger’s Open Text Inside Out (I think). News, views, humor, witty repartee with people who sent me email about it.

I’d coined the phrase “hyperlinked organization” there, and when I left I started a new newsletter called “Journal of the Hyperlinked Organization,” or JOHO. Hence the name of this blog. The phrase “hyperlinked organization” didn’t quite catch on (Deniro decided to make “Analyze This” instead), but I stuck with it and started sending out a free newsletter about every three weeks.

Each issue had one substantial essay, a couple more that were lighter and quicker, and witty repartee with people who sent me email about it. It also had a a humorous contest that no one ever entered, a “cool tool,” and a very brief write-up of an article about a company doing something interesting with the Web.

It took a lot of time, and not just to write it. It took me way longer to create HTML and text versions than you’d think; back then not all email readers supported HTML. Even just had formatting the HTML was a pain in the tuchus. (It’s way easier now, kids.)

But it was totally worth it. I had a direct connection to 7,000 people. They wrote in and I responded in the newsletter itself. It got me writing. When I wrote “In the future, everyone will be famous to 15 people,” that’s what I meant.

Then blogging happened.

For about ten years, I posted every day, often more than once. It took more and more of my energy. RSS let you subscribe to my blog. So what did my newsletter add? It faded away.

But now I’m thinking it might be time to start it up again.

Blogs are a pull medium, but not a lot of people pull on this blog. Newsletters are an opt-in push medium. I don’t know (and I don’t want to know — really, don’t tell me) how many people check my blog with any frequency, but I suspect it’s in the dozens. I love those people deeply, but that means that if I want to each a wider audience, I have to publish in the equivalent of online magazines. I do that and I’m truly glad for the opportunity. It’s a privilege. But that doesn’t establish the sort of intimacy that ritualized reading can.

It also means that my voice as an author works only for that one article, and the reader only hears me in that one voice. Turn the web page and the next author has to her establish her own presence. But a newsletter is a space that more fully expresses the author. JOHO was famously garish, ugly and amateurish. Welcome to me, people!

So, it’s tempting. I would still blog, of course. But: Can I come up with enough mid-range articles? Can I come up with a set of repeating pieces — like the old “Cool tools” — that will be interesting enough but won’t paint me into a corner? Would anyone read it? Would it be worth the commitment?

I don’t know.

But I’m not the only blogger in this situation. With mainstream web magazines providing a way to reach a lot of people with longer-form articles, blogs working for shorter and more informal pieces (or for anything you want), Facebook for quick personal posts, and everything else for everything else, the ecosystem might be ready for the next round of personal newsletters. Maybe.

The post Is it time to start newsletters again? appeared first on Joho the Blog.

by davidw at September 01, 2015 11:57 AM

Bruce Schneier
What Can you Learn from Metadata?

An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do.

by Bruce Schneier at September 01, 2015 11:36 AM

August 31, 2015

Bruce Schneier
Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks

This is interesting research::

Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display.

So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.

The notable exception to the rule above is when the terminal connects to the update server -- we were able to isolate the URL https://www.samsungotn.net which is the same used by TVs, etc. We generated a set of certificates with the exact same contents as those on the real website (fake server cert + fake CA signing cert) in the hope that the validation was weak but it failed.

The terminal must have a copy of the CA and is making sure that the server's cert is signed against that one. We can't hack this without access to the file system where we could replace the CA it is validating against. Long story short we couldn't intercept communications between the fridge terminal and the update server.

When I think about the security implications of the Internet of things, this is one of my primary worries. As we connect things to each other, vulnerabilities on one of them affect the security of another. And because so many of the things we connect to the Internet will be poorly designed, and low cost, there will be lots of vulnerabilities in them. Expect a lot more of this kind of thing as we move forward.

by Bruce Schneier at August 31, 2015 06:56 PM

Kendra Albert
But What Did the Daughter Think?
But What Did the Daughter Think?:

I wrote a piece over on Medium about why I think the Target pregnancy story is still an important one to tell.

August 31, 2015 03:48 PM

August 29, 2015

ProjectVRM
VRM Day: Let’s talk UMA and terms

VRM Day and IIW are coming up in October: VRM Day on the 26th, and IIW on the 27th-29th. As always, both are at the Computer History Museum in the heart of Silicon Valley. Also, as always, we would like to focus  VRM day on issues that will be discussed and pushed forward (by word and code) on the following days at IIW.

I see two.

The first isUMA-logo UMA, for User Managed Access. UMA is the brainchild of Eve Maler, one of the most creative minds in the Digital Identity field. (And possibly its best singer as well.) The site explains, “User-Managed Access (UMA) is an award-winning OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data, content, and services, no matter where all those things live on the web. Read the spec, join the group, check out the implementations, follow us on Twitter, like us onFacebook, get involved!”

Which a number of us in the #VRM community already are — enough, in fact, to lead discussion on VRM Day.

In Regaining Control of Our Data with User-Managed Access, Phil Windley calls VRM “a perfect example of the kind of place where UMA could have a big impact. VRM is giving customers tools for managing their interactions with vendors. That sounds, in large part, like a permissioning task. And UMA could be a key piece of technology for unifying various VRM efforts.”

For example, “Most of us hate seeing ads getting in the way of what we’re trying to do online. The problem is that even with the best “targeting” technology, most of the ads you see are wasted. You don’t want to see them. UMA could be used to send much stronger signals to vendors by granting permission for them to access information would let them help me and, in the process, make more money.”

We call those signals “intentcasting.”

Yet, even though our wiki lists almost two dozen intentcasting developers, all of them roll their own code. As a result, all of them have limited success. This argues for looking at UMA as one way they can  substantiate the category together.

The second topic is terms. These can take two forms: ones individuals can assert (which on the wiki we call EmanciTerm); and truly user- and customer-friendly ones sites and services can assert. (Along with truly agreeable privacy policies on both sides.)

At last Fall’s VRM Day, we came up with one possible approach, which looked like this on the whiteboard:

UserTerms1This was posted on Customer Commons, which is designed to serve the same purpose for individual terms as Creative Commons does for individual artists’ copyright terms. We can do the same this time.

So be sure to register soon. Space is limited.

Bonus links/tweets: here and here.

 

 

by Doc Searls at August 29, 2015 02:34 PM

August 28, 2015

Bruce Schneier
Friday Squid Blogging: Cephalopod Anatomy Class

Beautiful diorama.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at August 28, 2015 09:33 PM

Mickens on Security

James Mickens, for your amusement. A somewhat random sample:

My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.

by Bruce Schneier at August 28, 2015 08:58 PM

Justin Reich
Four Pillars of Great Teaching
Great teachers find compelling questions, provide scaffolding that fades, assess students through performance, and care deeply about their students.

by Justin Reich at August 28, 2015 06:39 PM

Bruce Schneier
German BfV - NSA Cooperation

The German newspaper Zeit is reporting the BfV, Germany's national intelligence agency, (probably) illegally traded data about Germans to the NSA in exchange for access to XKeyscore. From Ars Technica:

Unlike Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, "whether the collection of this [meta]data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

The BfV had no problems convincing itself that it was consistent with Germany's laws to collect metadata, but rarely bothered since­ -- remarkably­ -- all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA's XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans "included the information that the BfV intended to create 75 new positions for the 'mass data analysis of Internet content.' Seventy-five new positions is a significant amount for any government agency."

Note that the documents this story is based on seem to have not been provided by Snowden.

by Bruce Schneier at August 28, 2015 02:23 PM

Iranian Phishing

CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication.

This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and "real time" login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.

The attacks point to extensive knowledge of the targets' activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

The report quotes my previous writing on the vulnerabilities of two-factor authentication:

As researchers have observed for at least a decade, a range of attacks are available against 2FA. Bruce Schneier anticipated in 2005, for example, that attackers would develop real time attacks using both man-in-the-middle attacks, and attacks against devices. The"real time" phishing against 2FA that Schneier anticipated were reported at least 9 years ago.

Today, researchers regularly point out the rise of "real-time" 2FA phishing, much of it in the context of online fraud. A 2013 academic article provides a systematic overview of several of these vectors. These attacks can take the form of theft of 2FA credentials from devices (e.g. "Man in the Browser" attacks), or by using 2FA login pages. Some of the malware-based campaigns that target 2FA have been tracked for several years, are highly involved, and involve convincing targets to install separate Android apps to capture one-time passwords. Another category of these attacks works by exploiting phone number changes, SIM card registrations, and badly protected voicemail

Boing Boing article. Hacker News thread.

by Bruce Schneier at August 28, 2015 09:19 AM

Ethan Zuckerman
Future of News: The View from Accra

I’m in Accra for roughly 60 hours, long enough to remember why I love this country so very much, but not long enough to see all the people I want to see, to visit the markets and streets that I miss, and most challenging, to eat all the marvelous food this country has to offer. (After landing last night, I went straight to Osu night market for a plate of omo tuo at Asanka Local. Closed, so it was charcoal chicken and fried rice at Papaye, not a bad second choice.)

I’m here for a board meeting for PenPlusBytes, a Ghanaian NGO I’ve helped advise for years, which has recently transformed from a group of trainers helping Ghanaian journalists practice computer-assisted reporting, to one focused on the challenging task of using technology to hold governments accountable and responsible. Because my fellow board members include luminaries like open source pioneer Nnenna Nwakanma and journalist Dan Gillmor, we’re using the excuse of a meeting to throw a quick conference on the future of news.

Asked to think about the future of news in the context of digital media, changes to existing business models and Ghana’s particular role in the world of news, here’s what I offered this morning at the Future of News event at the Alisa Hotel.

IMG_2702
Kwami Ahiabenu, president of PenPlusBytes, leading our event

My friends on the panel have mixed emotions about this moment in time for the news. I suspect in the context of this conversation, I may turn out to be the optimist in the room. I want to suggest that there are three really good reasons to be excited about this moment of time in news, particularly from a Ghanaian point of view. But I also want to argue that that Ghanaian organizations face two special challenges in navigating this new age.

First, the good news. When I was a student in Ghana in 1993 and 94, I often felt like I was a character in a movie because there was a soundtrack playing at all times… as you walked down the street, every radio was tuned to the Ghana Broadcasting Corporation, which had a monopoly over what everyone heard. The most noticeable change when I came back to Accra in the late 90s to start an NGO was the explosion of commercial radio. Ghana already a strong free press, and radio emerged as a powerful and often political medium that reaches all Ghanaians, whatever their level of education and whatever language they speak.

We’re at a moment in time where Ghana is recognized internationally for its free press – Reporters without Borders press freedom rankings put Ghana #22 in the world, ahead of the UK at #34 and the US at #49. The only other African nation in the top 25 is Namibia at #17. Those of us who love Ghana have gotten used to the idea that this country is in a remarkable position in terms of democratic elections, having enjoyed uneventful transitions since 2000, including the seamless transition after a leader died in office. Ghana is an exemplar to the region and to the continent, showing neighbors how it can be done, a stable democracy where the opposition comes in and out of power, a free press where we can debate, often fiercely, the problems of the day. When Ghana is experiencing problems like dumsor (a Twi word meaning “on/off”, a reference to the frequent power cuts that Ghana currently suffers from), we know that citizens can make their voices heard in the press, on the air and online, and that leaders will hear those frustrations.

Here’s another piece of good news. Middle income nations, nations where a middle class is growing, are the most promising new commercial markets for media. Global media companies are making huge investments right now in India, where hundreds of millions of new readers are becoming newspaper subscribers, and where younger ones are skipping the paper and becoming consumers of news on their smartphones. The smart companies are looking past India and towards Ghana, Nigeria, Kenya – nations with a strong, educated middle class hungry for news.

The open question is whether nations like India and Ghana can overcome the “print dollar, digital dimes” problem that’s threatening news in the US and Europe. Basically, in the US, online ads are much, much cheaper than ads in print media – as readers give up their newspaper subscriptions and read online, news organizations lose revenue. There’s no reason it has to be this way. African newspapers have the opportunity to figure out what it means to build a newsroom that’s digital first. This doesn’t just mean a newsroom that makes as much money from online subscriptions, sponsorships and memberships than it does from advertising. It also means a newsroom that expects its readers to report and participate as well as read, that sees itself as having a duty to its readers as citizens, not just as customers. I think Ghana has an amazing opportunity to pioneer new models for media that recognize the potentials of this new medium.

Here’s a third piece of good news, a statement I expect to cause some controversy. There has never been a better time to be a reader of news. And in many ways, there’s never been a better time to be a writer. In the late 1990s and early 2000s, I commuted regularly between Accra and where I live in western MA. I ended up feeling like a magazine smuggler. I would come to Kotoka laden with the Economist and the New York Times Sunday magazine, and come back to the states with BBC Africa, the Graphic, the New African. Now we are all able to read from all over the world, limited only by the choices we make about what we choose to pay attention to. Writers need to be thinking this way, too – whether you’re Ghanaian or American, you need to work from the belief that you can write anywhere. An NGO I helped found a decade ago, Global Voices, serves almost as a labor matching service, helping international networks like Al Jazeera find great correspondents in Africa, Central Asia, other places where global news networks are having trouble finding local voices. There is enormous demand for good writing and for different perspectives, and not just by professional journalists. Some editors and many readers are realizing that they want and need to hear from people in other countries so they get a more accurate, nuanced and fair picture of the world. And as I argued in a piece in the Graphic last week, there are politically important reasons for Ghanaians to represent themselves on a global stage.

So, this is a pretty optimistic picture so far. Lest you think I’m completely sanguine about the future, let me mention two serious challenges, one which should be obvious and one that’s less so.

Yes, it’s a great time to read, and a great time to write, but a hard time to make a living writing and reporting. Newspapers have helped many writers find their voice, writing for a modest salary while learning the craft. In the US, at least, this is getting harder to do – shrinking local newsrooms mean that fewer people are getting that ability to engage in apprenticeship and learn on the job. Instead, young writers are finding themselves jumping into the deep end of the pool. One question we should be asking as more people in a country like Ghana are able to afford newspapers, as more radio stations are doing excellent journalism, as the economy continues to expand and advertising is a believable model to support journalism, how are we training a next generation professional journalists? Beyond that, how are we training a generation of citizens who write in public, who contribute to dialogs and make their point to their countrymen and to the rest of the world.

I would beg media outlets to think very carefully about their revenue models. As news organizations move from having a primarily offline audience to one that’s primarily online, it’s critical to look for ways of making money that aren’t purely about advertising or purely about subscription. When you rely too heavily on advertising, you end up with a temptation to put users under surveillance, to sell what you know about them to advertisers, which is unhealthy for society as a whole. But if you depend entirely on subscriptions and lock up your news only for paying readers, you lose your influence, your ability to help shape public debate. We’re starting to see public media models in some countries that rely on membership – they give special privileges for those who support a publisher, but they rely on a small number of members to make the content free for others. Finding models like this, that recognize the people who can support your work and give them special benefits, while letting your work have broad social influence, is a critical balance for news organizations.

A second, and maybe less obvious challenge. I said that it was a great time to be a reader because there’s so much to read, and a great time to be a writer, because there are so many places to share your writing. But certain kinds of writing are in very short supply. It has always been hard to find well-researched writing that criticizes powerful people and governments, what we call “accountability journalism”. It’s expensive to do, and often requires not just reporters but lawyers to make sure you’re able to publish what you find, and increasingly computer programmers to help you sort through piles of financial data or text. That’s not the only hard type of reporting – it’s incredibly difficult to get stories from certain parts of the world. When Boko Haram attacks in Baga State in Nigeria killed as many as 2000 people in january of this year, the world heard far more about a dozen people killed at the French magazine Charlie Hebdo. What was really disturbing is that even Nigerian newspapers did this – in the days after Charlie Hebdo and the Baga massacre, Nigerian papers paid more attention to the highly visible deaths in France than to invisible deaths closer to home. So it’s not just a matter of having more news – it’s a matter of getting the right news, getting the news we need.

What’s the right news? What’s the news we need?

To explain, I want to go back to Ghana’s hard-earned reputation for a free press and for fair elections. The economist Paul Collier warns that it’s possible to have elections that are free, fair and bad – these are elections where voters don’t decide based on the issues or based on the performance of those who are in office. Instead, we decide based on tribe, or based on who we think is likely to give us a job or other benefits. These free, fair and bad elections are pretty common in nations that have an electoral democracy, but don’t have the other institutions of an open society. If you have elections, but you don’t have a free press – as in Zimbabwe, for instance – it’s not hard to predict how those elections are going to turn out.

Journalism is a business, but it’s not just a business. It’s a profession, like medicine or law, which means it has a responsibility to society as a whole, not just to the bottom line. We need news that helps us take action as citizens. Sometimes that’s journalism that exposes corruption and holds powerful people responsible. But sometimes it’s journalism that creates a space for us to debate the world we want, the society we want to build. Sometimes it’s journalism that’s not afraid to take a stand, to advocate for great news ways to solve important social problems.

To be very clear, I’m not talking about what people usually demand when they ask media to be professional – they ask for it to be objective, which tends to mean that it strives for false balance, and that it amplifies the voices of powerful people. I’m asking for journalism to do something much harder and much braver – to ask the question of what news we need to be more powerful, more effective and better citizens. This is a place where Ghana has an opportunity to lead the region, the continent and the world. Ghana has the political climate to permit real debate, real disagreement about the way forward, where individuals and institutions can raise their voices about what they think needs to be done. We need journalism that’s fair, that looks to amplify voices we rarely hear from, that’s brave enough to advocate for new ideas that could change the world for the better. We need to make sure that Ghana’s free press and free and fair elections escape the trap of free, fair and bad – instead, we need media that helps make us more powerful as citizens.

by Ethan at August 28, 2015 09:16 AM

David Weinberger
From the collection of…to your local library

Here’s a sticker I’d like to see inside a book sometime:

Fictitious library sticker

Let’s say you buy a paper version of a current best-selling book. You read it. You want to have it on your shelf, but you know you’re not going to re-read it for a while.

So, why not lend it to your local library? As the owner, you can reclaim it at any time, although maybe your library would prefer you lend it for a known term so that they can count on reducing the number of copies of a bestseller they have to buy. At the end of the loan period, it comes back to you, still warm from the hands of your neighbors .

And maybe the people in your community who read your book will sign the form as a way of thanking you.

Yes, this shouldn’t be confined to bestsellers. But that would help with the problem facing public libraries that the demand for recent books falls off sharply as the next bestsellers come along, leaving libraries with 99 more copies of 50 Shades of Gray than they need.

The post From the collection of…to your local library appeared first on Joho the Blog.

by davidw at August 28, 2015 02:38 AM

August 27, 2015

Bruce Schneier
Defending All the Targets Is Impossible

In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend.

The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security experts fear, may leave the Continent entering a new climate of uncertainty, with added risk attached to seemingly mundane endeavors, like taking a train.

The article talks about the impossibility of instituting airport-like security at train stations, but of course even if were feasible to do that, it would only serve to move the threat to some other crowded space.

by Bruce Schneier at August 27, 2015 11:57 AM

August 26, 2015

Berkman Center front page
Berkman Center Fall 2015 Open House

Teaser

Come to the Berkman Center for Internet & Society’s Fall 2015 Open House to meet our faculty, fellows, and staff, and to learn about the many ways you can get involved in our dynamic, exciting environment.

Event Date

Sep 9 2015 5:00pm to Sep 9 2015 5:00pm
Thumbnail Image: 

Wednesday, September 9, 2015, event starting at 5:00 pm, webcast portion starting at 6:00 pm
Harvard Law School, Wasserstein Hall, Milstein Rooms, 2nd Floor (Map)

Free and Open to the Public
Please RSVP via the form below

Come to the Berkman Center for Internet & Society’s Fall 2015 Open House to meet our faculty, fellows, and staff, and to learn about the many ways you can get involved in our dynamic, exciting environment.

  • 5:00-6:00 pm - Project Showcase Session: Select Berkman projects will be present with information about their projects' current activities. Staff working with each of these projects are eager to share information about the big research questions they are considering, meet potential future collaborators, and solicit ideas. In addition to the project tabling, there will be space and opportunity to connect with new Berkman community members and Berkman Center Staff and Faculty. You may come for any portion of time during this session.
     
  • 6:00-7:00 pm - Plenary Session with Jonathan Zittrain: Learn more about the Berkman Center for Internet & Society -- and its network of researchers, activists, faculty, students, technologists, entrepreneurs, artists, policy makers, lawyers, and more -- in an interactive conversation lead by Berkman Center Faculty Chair Jonathan Zittrain. If you’re curious about connecting with our research, our community, or our events, or are just generally interested in digital technologies and their impact on society, please join us!
     
  • 7:00 pm - Reception: Keep the conversations going with the help of light snacks and drinks!

As a University-wide research center at Harvard, our interdisciplinary efforts in the exploration of cyberspace address a diverse range of backgrounds and experiences. If you're interested in the Internet’s impact on society and are looking to engage a community of world-class fellows and faculty through events, conversations, research, and more please join us to hear more about our upcoming academic year.

People from all disciplines, universities, organizations, and backgrounds are encouraged to attend the Open House. We look forward to seeing you there!

Loading...

by candersen at August 26, 2015 08:04 PM

Bruce Schneier
Regularities in Android Lock Patterns

Interesting:

Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them­ -- 44 percent­ -- started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.

by Bruce Schneier at August 26, 2015 11:24 AM

August 25, 2015

Justin Reich
A Tale of Two Education Policy Polls
In a collaborative post with J. Gordon Wright from Education Post, Justin Reich analyzes the differences between poll results from Education Next and PDK/Gallup.

by Justin Reich at August 25, 2015 08:55 PM

Bruce Schneier
Movie Plot Threat: Terrorists Attacking US Prisons

Kansas Senator Pat Roberts wins an award for his movie-plot threat: terrorists attacking the maximum-security federal prison at Ft. Leavenworth:

In an Aug. 14 letter to Defense Secretary Ashton B. Carter, Roberts stressed that Kansas in general -- and Leavenworth, in particular -- are not ideal for a domestic detention facility.

"Fort Leavenworth is neither the ideal nor right location for moving Guantánamo detainees," Roberts wrote to Defense Secretary Ashton B. Carter. "The installation lies right on the Missouri River, providing terrorists with the possibility of covert travel underwater and attempting access to the detention facility."

Not just terrorists, but terrorists with a submarine! This is why Ft. Leavenworth, a prison from which no one has ever escaped, is unsuitable for housing Guantanamo detainees.

I've never understood the argument that terrorists are too dangerous to house in US prisons. They're just terrorists, it's not like they're Magneto.

by Bruce Schneier at August 25, 2015 07:19 PM

Rey Junco
New Paper: Predicting course outcomes with digital textbook analytics

Student Reading on iPad - textbook analyticsOver the last couple of years, I’ve been researching how real-time behavioral data, collected unobtrusively through technology, can predict learning outcomes. As part of this line of research, I’ve recently published the paper Predicting course outcomes with digital textbook usage data in The Internet and Higher Education.

The study used data collected from student engagement with digital textbooks in order to predict course grades. Two measures of student engagement with the texts were analyzed: an engagement index that was calculated through a linear combination of the number of pages read, number of times a student opened their textbook, number of days the student used their textbook, time spent reading, number of highlights, number of bookmarks, and number of notes. The second analysis included the individual components of the engagement index.

Major Findings: The engagement index was significantly predictive of final course grades and was a stronger predictor of course outcomes than previous academic achievement. However, time spent reading, one of the variables that make up the engagement index was more strongly predictive of course grades than the entire engagement index.

The effects of course level and instructor were controlled as well as the effects of gender, race/ethnicity, and previous academic achievement. In other words, data collected unobtrusively through the use of digital textbooks can be used to predict student outcomes even when using it for courses with different levels of reading, with textbooks that require varying levels of reading comprehension, with instructors who have different teaching styles, and for subject areas that vary in their technical nature.

Other Findings: Interestingly enough, students did not read a great deal with a median reading time of only 169 minutes over the course of a 16-week semester.

Reading behaviors APA format table big data prediction learning

Also, students who were in the top 10th percentile in number of highlights had significantly higher course grades than those in the lower 90th percentile. This along with previous research on highlighting behaviors suggests that highlighting might be used as a proxy for level of reading comprehension.

Conclusion: Students who read more, do better in their courses. While that might be a “no duh” kind of conclusion, what is noteworthy from this research is the knowledge that behavioral academic data collected unobtrusively can predict how well a student will do in a course better than previous academic performance (which is typically the single best predictor of course outcomes).

Commonly, students are categorized as “at risk” based on previous academic performance (using high school GPA or SAT scores, for instance); however, this method of focusing interventions casts an overly broad net and misses students who might be struggling for other reasons. Prediction based on digital textbook analytics can help identify students at risk of poor performance in real time, even before a student submits any gradable material to the faculty member. In the future, digital textbook data can be added to other data sources (like learning analytics from learning and course management systems) in order to provide even more precise prediction of student success and to be better able to target interventions for those students most at need.

Read the full paper here.

by reyjunco at August 25, 2015 05:36 PM

Berkman Center front page
Call for Essays and Student Writing Competition: The Good Life in Asia's Digital 21st Century

Abstracts Due: September 8th

The Berkman Center for Internet & Society, in collaboration with its Asian partners, including the UNU-CS and the C-Centre, as well as the Global Network of Interdisciplinary Internet & Society Research Centers (NoC), is excited to invite you to submit reflection pieces in the form of short essays (1500-2000 words) for a collection entitled, “Digital Good Life in Asia’s 21st Century.” This collection will be published in November 2015 in the context of an international and interdisciplinary symposium on Digital Asia in Hong Kong. Papers submitted by students will be considered for an award offered for the best three papers. 

Topics and Possible Perspectives

Specifically, we would like to invite you to submit original contributions that address one of the following topics:

  • Mobile: For instance, how does mobile access to knowledge, economic information, and news change political, economic and entrepreneurial behavior? What are best practices for expanding access and including underserved communities?  How does always-on and always-available change human relationships and cultural practices?
     
  • Internet of Things: For instance, what can we learn from Hackerspaces and IoT as grassroot movements in various Asian countries? What are scenarios of a good life that are supported by IoT technology? What are examples of technologies that are based on Asian values?
  • Innovation & Creativity: For instance, how might various Asian traditions and values interact with a remix culture?  How can digital technology foster innovation and creativity in the Asian context?
     
  • Digital Economy Ecosystem / Observatory: For instance, what are the arguments for the creation of a Asian Digital Economy Observatory? How would such an observatory improve the availability of data and comparability of the current practices on key Internet issues?
     
  • Digital Literacy: For instance, what are examples that demonstrate the increasing importance of technological literacy for everyday participation in private and public affairs? What are good/best practices to foster digital literacy among different populations?
     
  • ICT4D: For instance, what are the roles and relevance of digital technologies to social and political development especially in emerging parts of Asia? How can these technologies reach and empower the most marginalized among us? How can everyone sustainably enjoy a good life?
     
  • Digital Rights: For instance, how do new technologies impact digital rights? What can we learn from the discussions on digital rights, cultural values, and internet sovereignty in various Asian countries? What kind of digital rights are necessary for a good life?   

Within your selected thematic frame, the essay could, for instance, provide an overview and/or analysis of relevant fields in Asian countries; a comparative view between Asian countries; identify, highlight, discuss, and/or reflect upon key findings, insights, stories, or examples related to the topics above; cover additional issues, phenomena, visions, or questions that you think may be helpful in understanding these topics; or include interesting examples of tools, case studies, initiatives/efforts in Asia, or focus on a specific mode, process or method—something that you are excited about. Additional ideas are welcome!

Format Guidelines 

Regarding length and format, the essays should:

  • Be written in English;
  • Be between 1,500-2,000 words in length;
  • Use APA citation style (no footnotes; only in-text citation with a reference list at the end);
  • If you intend to use images in your essay, please make sure they are of good quality (high resolution). Please indicate in the text where the images should be placed and make sure you submit the images together with your text;
  • If helpful, include a list of 5-8 resources, including the relevant URLs, at the end of your text (e.g. scholarly research, examples and case studies, books, people, tools, etc);
  • Make sure to include a captivating title;
  • Below the title, please add your name and affiliation;
  • Submit your text as a Microsoft Word document (.doc or .docx) or Google doc.

Acceptance and Submission Process

Please send a 1-page abstract of your proposed essay as well as your contact information to apruitt@cyber.law.harvard.edu by September 8th, 2015 for planning and initial feedback. Final submissions are due to the same email address by September 21st, 2015.

The Berkman team will inform contributors by the beginning of October 2015 whether or not their essay has been selected for publication. The review will be conducted by an international editorial team, and the Berkman Center will help with language editing for selected essays. The finalized contributions will be published under a Creative Commons Attribution 4.0 International License.

Student Writing Competition

As part of this call for essays, we will also be holding a student writing competition. From the essays submitted by current students, we will select the top three. First place will receive a cash stipend of $3000; second place will receive $2000; and third place will receive $1000. Information about the acceptance process, eligibility, and prize payment is as follows.

  • Eligibility: To be eligible for prize money, essays must be written by students over the age of 18, currently pursuing a post-secondary degree (e.g., bachelor’s, master’s, PhD, or post-doctoral research).
  • Acceptance Process: The Berkman Center will inform students in October 2015 whether or not their contribution has won a prize.
  • Prize Payment: The Berkman Center will provide a stipend to the students selected for the three best submissions, subject to applicable law.

 

by gbergeron at August 25, 2015 02:09 PM

Bruce Schneier
Are Data Breaches Getting Larger?

This research says that data breaches are not getting larger over time.

"Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest:

Abstract: Recent widely publicized data breaches have exposed the personal information of hundreds of millions of people. Some reports point to alarming increases in both the size and frequency of data breaches, spurring institutions around the world to address what appears to be a worsening situation. But, is the problem actually growing worse? In this paper, we study a popular public dataset and develop Bayesian Generalized Linear Models to investigate trends in data breaches. Analysis of the model shows that neither size nor frequency of data breaches has increased over the past decade. We find that the increases that have attracted attention can be explained by the heavy-tailed statistical distributions underlying the dataset. Specifically, we find that data breach size is log-normally distributed and that the daily frequency of breaches is described by a negative binomial distribution. These distributions may provide clues to the generative mechanisms that are responsible for the breaches. Additionally, our model predicts the likelihood of breaches of a particular size in the future. For example, we find that in the next year there is only a 31% chance of a breach of 10 million records or more in the US. Regardless of any trend, data breaches are costly, and we combine the model with two different cost models to project that in the next three years breaches could cost up to $55 billion.

The paper was presented at WEIS 2015.

by Bruce Schneier at August 25, 2015 11:27 AM

August 24, 2015

Center for Research on Computation and Society (Harvard SEAS)
Sunyoung Kim

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

by kmavon at August 24, 2015 11:21 PM

Oren Tsur

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

by kmavon at August 24, 2015 11:20 PM

Manuel Gomez Rodriguez

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

by kmavon at August 24, 2015 11:16 PM

Abraham Flaxman

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

by kmavon at August 24, 2015 11:12 PM

Lior Seeman

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

by kmavon at August 24, 2015 11:08 PM

James Zou: "Integrating genomics and computational social sciences to characterize human mating patterns"

Location: 

Maxwell Dworkin 119, 33 Oxford Street, Cambridge

CRCS Lunch Seminar

Date: Monday, September 14, 2015
Time: 11:30am – 1:00pm
Place: 33 Oxford St., Maxwell Dworkin 119

Speaker: James Zou (Microsoft Research New England and MIT)

Title: Integrating genomics and computational social sciences to characterize human mating patterns.

by kmavon at August 24, 2015 10:23 PM

Justin Reich
Using Design Thinking to Bridge Theory and Practice with Digital Portfolios
Use Design Thinking as a strategy for bridging the gap between pedagogical theory and actual classroom practice.

by Beth Holland at August 24, 2015 04:46 PM

Ethan Zuckerman
Digital Media, and Ghana’s Place on the Global Stage

I head to one of my favorite cities, Accra, later this week, to participate in a conference on “The Future of News” and to attend a board meeting for PenPlusBytes, a Ghanaian NGO that trains journalists in computer-assisted reporting, and operates Accra’s New Media Hub.

In preparation for the conference, The Daily Graphic – Ghana’s leading daily newspaper – asked me to write about Ghana and the contemporary media environment. My piece ran in the paper today, and follows below in a slightly different form. It’s written for a Ghanaian audience, so please assume that the references you don’t get are ones Ghanaians will understand.


Digital Media, and Ghana’s Place on the Global Stage

If you know where to look, it’s not hard to find Ghana online. Take #233moments as an example. At 2:33pm each afternoon, a handful of Ghanaians share a photo of what they’re up to on Twitter, a glimpse of daily life, marked with the “hashtag” #233moments so those in the know can find them. From church posters to the backs of tro-tros, from business conferences to roadside sellers, from beach resorts to lazy lunches (especially on “WaakyeWednesday”, when it’s customary to post from your favorite chop bar), #233moments celebrates what’s colorful, wonderful and unique about this remarkable nation, and shares it with anyone willing to hear. Follow the tag, as I do, and you’ll have visibility into a fascinating and diverse nation.


A sample #233moment

It wasn’t always so easy to learn about Ghana.

When I came to Ghana for the first time in 1993, as a student at Legon, I knew virtually nothing about the country that would be my home for the next year. While I had studied with Ghanaian musicians in the United States, I knew almost nothing of Ghana’s politics, history or daily life. My ignorance wasn’t unusual for an American – we hear very little about sub-Saharan Africa in the news, and when we do hear about Africa, we hear a relentless litany of bad news.

Twenty two years later, Ghana is a very different place. It’s the region’s poster child for democratic elections, an emerging economic powerhouse, but also a nation where unequal development and divides between rich and poor are showing strains in the social fabric (not to mention strains on the electric grid).

Some of the nation’s most dramatic transformations are in the world of news and media. Walking in Osu, where I lived in 1994, every radio was tuned to GBC, for the simple reason that there was nothing else to tune to! The explosion of radio journalism, talk radio, new glossy magazines and newspapers as well as digital services delivering news to our phones have led to a diverse and open media environment that Reporters Without Borders classifies as more free than the press in my country, the US, or the press in the UK.

Yet the rest of the world still doesn’t hear much about Ghana.

My research at the Massachusetts Institute of Technology focuses on global media coverage. Our system, called Media Cloud, collect stories from half a million publications from all over the world so we can understand what topics, what people and what nations are capturing the attention of the press. I checked our database this year to find out how many times Ghana had been mentioned in the US’s 25 largest media outlets, in comparison to two nations with similar population: Taiwan and Australia. Taiwan appeared almost three times as often as Ghana, while Australia was mentioned almost thirty times as often.

And when Americans read about Ghana, we mostly read about football. American media’s interest in Ghana peaked during the semifinal match in Malabo, when Ghana’s fans were attacked by their hosts in Equatorial Guinea. The tragic explosion at the Circle GOIL station received only a third as many stories as the semifinal victory.

To be clear, this isn’t Ghana’s fault. The US has a massive blind spot about the African continent, despite having a president with deep roots in Kenya, and increasing trade with the continent. The long legacy of slavery and the racism it has engendered in American society also helps explain why very few African nations receive much notice in the American press.

But this disparity in attention is one Ghanaians should take seriously, as it has implications for investment, for trade, and for tourism. Investors who can’t find Ghana on a map are unlikely to buy bonds or invest in startup companies. Travelers who don’t know about Ghana’s music, food, culture, color, castles and beaches won’t schedule holidays here.

Ghana’s comparative invisibility is an American problem – my countrymen are the ones missing out, choosing to live in a narrower world – but it’s a problem ordinary Ghanaians could help solve. The rise of social media – Facebook, Twitter, Instagram, Tumblr and other tools – mean that anyone who is online, or has a sufficiently powerful phone, can be a publisher. We’re used to using Facebook to stay in touch with schoolmates, or using Twitter to share stories and tell jokes. But these tools can also be a powerful way to challenge the way Ghana is understood by the rest of the globe.

But when people use social media to offer their own narratives and perspectives, does anyone listen? Slowly but surely, the world is starting to. When President Obama visited Kenya, CNN reported on the dangers of the visit, characterizing Kenya as “terror hotbed”. Kenyans took to Twitter to complain, using the hashtag #someonetellCNN: “#someonetellCNN the Hotbed of Terrorism is the fastest growing economy in the world”; “#SomeoneTellCNN that we now have @AlJazeera for reliable news. @CNNAfrica @CNN is so last century…” Tony Maddox, CNN’s managing director, eventually flew to Nairobi to apologize and admit the network should have handled the story differently.

Challenging media coverage directly can work. The “Black Lives Matter” movement in the US, a reaction to the alarming trend of unarmed black people killed by US police, has used social media to demand coverage of protests and to challenge how media has portrayed police killings. When Michael Brown was killed by police in Ferguson, Missouri, many newspapers and television stations portrayed him using a photo that made the 18 year old look taller and older than he actually was, instead of another readily available photo, where his age was more apparent. Black activists began posting pairs of photos to Facebook, asking “If they gunned me down, which photo would the media use”, showing two photos of themselves taken from Facebook, one showing them in a positive light, another in a more negative light. The activists called attention to the fact that the images we choose have political significance and weight – in choosing a photo where Brown looked threatening, the media was siding with the police. The campaign was successful – the troublesome photo of Brown disappeared from most newspapers, and the other photo was widely circulated.

Social media gives Ghana a chance to talk back to the rest of the world. And Ghana has a great deal to talk about: the nation is facing the opportunities and challenges associated with becoming a middle-income nation. It’s never been easier for people to write about these issues online, using free blogging sites like Medium.com, or connecting with sites like Fair Observer, or my organization Global Voices, who are always looking for new perspectives from the African continent.

Ghanaians are never shy with their opinions in drinking spots, in shared taxis and tro-tros, on talk radio. Maybe it’s time that Ghanaians start sharing their perspectives with the world as a whole. Perhaps a few more #233moments, shared with the rest of the world, can help Americans and others see Ghana, and Africa as a whole, in a clearer light.

by Ethan at August 24, 2015 02:33 PM

Bruce Schneier
The Advertising Value of Intrusive Tracking

Here's an interesting research paper that tries to calculate the differential value of privacy-invasive advertising practices.

The researchers used data from a mobile ad network and was able to see how different personalized advertising practices affected customer purchasing behavior. The details are interesting, but basically, most personal information had little value. Overall, the ability to target advertising produces a 29% greater return on an advertising budget, mostly by knowing the right time to show someone a particular ad.

The paper was presented at WEIS 2015.

by Bruce Schneier at August 24, 2015 10:50 AM

August 22, 2015

David Weinberger
Lake sunset
Lake sunset

(cc) David Weinberger CC-BY

The post Lake sunset appeared first on Joho the Blog.

by davidw at August 22, 2015 05:36 PM

Zeynep Tufekci
New place I write: The New York Times, and other updates

Few updates: I’m now writing regularly (monthly) at the New York Times as a contributing opinion writer. My New York Times op-ed can be found here. (That page doesn’t include this one on Uber and the power of data and algorithms in general, which was co-authored with Brayden King.)

I’ve created a Facebook page which I update regularly with my writings. If you “like” the Facebook page, which is here, my writings may show up on your newsfeed (algorithm willing).

I’m continuing to write at The Message, over at Medium. My Message pieces there can be found here. I can be found on Twitter as @zeynep. I haven’t really given up blogging or writing as you can see—just shifted more to traditional media as well as new platforms.

Of course, I continue to publish academic articles regularly. You can see almost all of them here on Google Scholar or an Academia.edu on this page. Sorting by year on Google Scholar will give the latest ones. If you need a copy of any of my academic articles, please email zeynep at technosociology dot org and I’ll be happy to send you a copy. (Though most of my articles are open access these days! Yeay!).

Finally, I’m working on a book for Yale University Press tentatively titled “Networked Protests in the 21st Century”. (Title will likely change). It should be out in 2016 (it takes nine months from manuscript completion to bound copy of book!). I’m super excited about this book as it will bring together my theoretical and empirical work on the interaction between new technologies and social movements in one place.

That’s all for now!

by zeynep at August 22, 2015 05:09 PM

Berkman Center front page
Let's make a Boston-led discussion on the future of global sport the legacy of Boston's 2024 Olympic bid.

Subtitle

by Charles Nesson

Teaser

Boston's Olympic bid spurred a remarkable community deliberation. It gave us a chance to talk about our visions for sports and the city. The discussions were exciting, and we felt a spirit of democracy. 

Thumbnail Image: 

Boston's Olympic bid spurred a remarkable community deliberation. It gave us a chance to talk about our visions for sports and the city. The discussions were exciting, and we felt a spirit of democracy.

But the subsequent withdrawal of the bid left many with an empty feeling. It truncated deliberation about the future of Boston’s engagement with sport by removing its focal point. Suddenly, we had no place to go. We moved on to the issue of chewing tobacco at Fenway. Without an Olympic focal point, our energy dissipated.

Of course, the conference does not have the scope of the Olympics. But it requires neither velodromes nor financial guarantees to promote Boston’s grasp of the future of sport. The forum addresses such issues as the problems besetting the localities that host mega-sport media events as well as the challenges surrounding sport corruption and gender equality.But we now have an opportunity to regain that energy. The United Nations, through UNESCO, is seeking a host city for its next all-nations sports conference, the International Conference of Ministers and Senior Officials Responsible for Physical Education and Sport, or MINEPS VI, to be held in May 2017. Boston should bid for it.

If held in Boston, the conference would provide the city’s great medical and data research communities with an opportunity to showcase their findings on all things related to sports; indeed, it’s a chance for every part of our community to conceptualize, integrate, and extend its passion for sports. And, most importantly, it would connect the city’s youth with sports.

A 2017 UNESCO-Boston sports conference would also offer an opportunity to build on the ethnic diversity of Boston by connecting each community of our region with a sports delegation from its ethnic home. With the aid of digital technology, Boston could foster these connections before, during, and after the conference, strengthening our city’s ties across the world.

If we want this opportunity, we have to bid for it. Maybe Boston has had enough with bids. But just because we passed on one opportunity doesn’t mean we should pass on another, especially when it’s as good as this one. Let’s make a Boston-led discussion on the future of global sport the legacy of Boston’s 2024 Olympic bid.

Charles Nesson is a professor of law and founder of the Berkman Center for Internet & Society at Harvard University.

This opinion originally appeared in The Boston Globe on August 22, 2015.

by gweber at August 22, 2015 02:25 PM

August 21, 2015

Bruce Schneier
Friday Squid Blogging: Calamari Ripieni Recipe

Nice and easy Calamari Ripieni recipe, along with general instructions on cooking squid:

Tenderizing squid is as simple as pounding it flat -- if you're going to turn it into a steak. Otherwise, depending on the size of the squid, you can simply trim off the tentacles and slice the squid body, or mantle, into rings that can be grilled, sautéed, breaded and fried, added to soup, added to salad or pasta, or marinated. You can also ­ as chef Accursio Lota of Solare does -- stuff the squid with bread crumbs and aromatics and quickly bake it or grill it to serve with salad.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at August 21, 2015 09:07 PM

NSA Plans for a Post-Quantum World

Quantum computing is a novel way to build computers -- one that takes advantage of the quantum properties of particles to perform operations on data in a very different way than traditional computers. In some cases, the algorithm speedups are extraordinary.

Specifically, a quantum computer using something called Shor's algorithm can efficiently factor numbers, breaking RSA. A variant can break Diffie-Hellman and other discrete log-based cryptosystems, including those that use elliptic curves. This could potentially render all modern public-key algorithms insecure. Before you panic, note that the largest number to date that has been factored by a quantum computer is 143. So while a practical quantum computer is still science fiction, it's not stupid science fiction.

(Note that this is completely different from quantum cryptography, which is a way of passing bits between two parties that relies on physical quantum properties for security. The only thing quantum computation and quantum cryptography have to do with each other is their first words. It is also completely different from the NSA's QUANTUM program, which is its code name for a packet-injection system that works directly in the Internet backbone.)

Practical quantum computation doesn't mean the end of cryptography. There are lesser-known public-key algorithms such as McEliece and lattice-based algorithms that, while less efficient than the ones we use, are currently secure against a quantum computer. And quantum computation only speeds up a brute-force keysearch by a factor of a square root, so any symmetric algorithm can be made secure against a quantum computer by doubling the key length.

We know from the Snowden documents that the NSA is conducting research on both quantum computation and quantum cryptography. It's not a lot of money, and few believe that the NSA has made any real advances in theoretical or applied physics in this area. My guess has been that we'll see a practical quantum computer within 30 to 40 years, but not much sooner than that.

This all means that now is the time to think about what living in a post-quantum world would be like. NIST is doing its part, having hosted a conference on the topic earlier this year. And the NSA announced that it is moving towards quantum-resistant algorithms.

Earlier this week, the NSA's Information Assurance Directorate updated its list of Suite B cryptographic algorithms. It explicitly talked about the threat of quantum computers:

IAD will initiate a transition to quantum resistant algorithms in the not too distant future. Based on experience in deploying Suite B, we have determined to start planning and communicating early about the upcoming transition to quantum resistant algorithms. Our ultimate goal is to provide cost effective security against a potential quantum computer. We are working with partners across the USG, vendors, and standards bodies to ensure there is a clear plan for getting a new suite of algorithms that are developed in an open and transparent manner that will form the foundation of our next Suite of cryptographic algorithms.

Until this new suite is developed and products are available implementing the quantum resistant suite, we will rely on current algorithms. For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

Suite B is a family of cryptographic algorithms approved by the NSA. It's all part of the NSA's Cryptographic Modernization Program. Traditionally, NSA algorithms were classified and could only be used in specially built hardware modules. Suite B algorithms are public, and can be used in anything. This is not to say that Suite B algorithms are second class, or breakable by the NSA. They're being used to protect US secrets: "Suite A will be used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)."

The NSA is worried enough about advances in the technology to start transitioning away from algorithms that are vulnerable to a quantum computer. Does this mean that the agency is close to a working prototype in their own classified labs? Unlikely. Does this mean that they envision practical quantum computers sooner than my 30-to-40-year estimate? Certainly.

Unlike most personal and corporate applications, the NSA routinely deals with information it wants kept secret for decades. Even so, we should all follow the NSA's lead and transition our own systems to quantum-resistant algorithms over the next decade or so -- possibly even sooner.

The essay previously appeared on Lawfare.

EDITED TO ADD: The computation that factored 143 also accidentally "factored much larger numbers such as 3599, 11663, and 56153, without the awareness of the authors of that work," which shows how weird this all is.

EDITED TO ADD: Seems that I need to be clearer: I do not stand by my 30-40-year prediction. The NSA is acting like practical quantum computers will exist long before then, and I am deferring to their expertise.

by Bruce Schneier at August 21, 2015 08:31 PM

David Weinberger
Morning puzzler

Here’s an uninteresting photo I took this morning:

Here’s my trick question:

Which way is up?

The post Morning puzzler appeared first on Joho the Blog.

by davidw at August 21, 2015 06:53 PM

Bruce Schneier
SS7 Phone-Switch Flaw Enabled Surveillance

Interesting:

Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought. Researchers speaking to Australia's 60 Minutes have demonstrated that it's possible for anyone to intercept phone calls and text messages through that same network. So long as the attackers have access to an SS7 portal, they can forward your conversations to an online recording device and reroute the call to its intended destination. This helps anyone bent on surveillance, of course, but it also means that a well-equipped criminal could grab your verification messages (such as the kind used in two-factor authentication) and use them before you've even seen them.

I wrote about cell phone tracking based on SS7 in Data & Goliath (pp. 2-3):

The US company Verint sells cell phone tracking systems to both corporations and governments worldwide. The company's website says that it's "a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance," with clients in "more than 10,000 organizations in over 180 countries." The UK company Cobham sells a system that allows someone to send a "blind" call to a phone--one that doesn't ring, and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter. The company boasts government customers in Algeria, Brunei, Ghana, Pakistan, Saudi Arabia, Singapore, and the United States. Defentek, a company mysteriously registered in Panama, sells a system that can "locate and track any phone number in the world...undetected and unknown by the network, carrier, or the target." It's not an idle boast; telecommunications researcher Tobias Engel demonstrated the same thing at a hacker conference in 2008. Criminals do the same today.

by Bruce Schneier at August 21, 2015 11:47 AM

Feeds In This Planet