Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

July 01, 2015

Bruce Schneier
Office of Personnel Management Data Hack

I don't have much to say about the recent hack of the US Office of Personnel Management, which has been attributed to China (and seems to be getting worse all the time). We know that government networks aren't any more secure than corporate networks, and might even be less secure.

I agree with Ben Wittes here (although not the imaginary double standard he talks about in the rest of the essay):

For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It's our government's job to protect this material, knowing it could be used to compromise, threaten, or injure its people­ -- not the job of the People's Liberation Army to forebear collection of material that may have real utility.

Former NSA Director Michael Hayden says much the same thing:

If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarrassment."

My question is this: Has anyone thought about the possibility of the attackers manipulating data in the database? What are the potential attacks that could stem from adding, deleting, and changing data? I don't think they can add a person with a security clearance, but I'd like someone who knows more than I do to understand the risks.

by Bruce Schneier at July 01, 2015 10:20 PM

Radio Berkman 221: How to Stop Traffic
Listen:or download | …also in Ogg The International Labour Organization estimates that between forced labor and the commercial sex trade, more than 20 million men, women, and children are being trafficked internationally. The web plays a huge role in keeping trafficking industries viable, but new technology is also contributing to the efforts to police and […]

by Berkman Center for Internet & Society at Harvard Law School ( at July 01, 2015 07:42 PM

Berkman Center front page
Radio Berkman 221: How to Stop Traffic


This week on the podcast: 20 million men, women, and children are the cargo of human trafficking worldwide. The Internet has brought a new dimension to both trafficking and anti-trafficking efforts. Today's guest brings to light some of the problems that arise as NGOs and law enforcement try to take down trafficking.

Thumbnail Image: 

The International Labour Organization estimates that between forced labor and the commercial sex trade, more than 20 million men, women, and children are being trafficked internationally.

The web plays a huge role in keeping trafficking industries viable, but new technology is also contributing to the efforts to police and prevent human trafficking and the child exploitation that results from it. 

As a PhD student in MIT’s HASTS program, Mitali Thakor is studying the problems associated with a tangled web of different institutions and companies trying to solve these problems. Thakor points to questions of surveillance and the rights of youth online in her discussion with Radio Berkman producer Elizabeth Gillis.

by djones at July 01, 2015 07:40 PM

June 30, 2015

If your voice comes from a company, you don’t have one

Got this in my email today:

Oracle pitch

I’m sure Oracle Service Cloud is good at what it does. Such as:

  • Deliver an integrated customer experience while equipping employees with the right tools
  • Drive and meet consumer expectations in the new omni-channel world
  • Adapt their service to customer needs by researching and considering their demographics

The problem is that this assumes customers have no voices of their own, and need to be given one. And, since every company has its own way to give customers voices, the customer turns into a Tower of Babble, speaking with many different voices to many different companies.

For example, today at a medical center I had to give exactly the same personal information to two different systems operating in the same office — and this was information already known to countless other systems with which I’ve had dealings over the years. Why? “Because we’re using two different CRM systems.”

You can look at the problem here as one of scale. Systems such as Oracle’s give companies scale: one way to deal with many different customers. Likewise, customers need one way to deal with many different companies, regardless of what CRM systems they run. This is a fundamental VRM challenge. And it’s one that should be good for CRM too. Win-Win.

You can see how it would work if you imagine being able to  change your phone number or email address, for every company you deal with, in one move. Lots of VRM developers are working on that, but we aren’t there yet.

It helps that we already have the Internet, which bridges many networks (why it’s called internet), along with email, phones and other things that give us one way to deal with many different entities.

But we don’t yet have voices of our own (meaning scale), or we wouldn’t see headlines like the one above.

Giving our voices scale isn’t a CRM job. It’s a VRM job. It also has to be done in a way that speaks directly to the Oracle Service Clouds of the world, engaging what they already have in place.

I know people at Oracle and its competitors who are ready and eager to see VRM developments that speak — literally and figuratively — to their corporate systems. They know VRM is going to make their jobs a lot easier and cause a lot more business to happen and improve.

Conversations are happening, and that’s good. But we also need more development in the direction of convergence. Expect to see reports on that in coming months.

by Doc Searls at June 30, 2015 10:15 PM

Ali Hashmi on Ideology and Text: Classifying and Analyzing Discourse using Machine Learning [AUDIO]
We can use technology to uncover patterns in data. But it’s much harder to uncover an “ideology” embedded in text. In this talk, Ali Hashmi — a researcher at the MIT Center for Civic Media — discusses a tool he has created that uses data-driven approaches for classifying discourse in news media. Using an analysis […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 30, 2015 08:01 PM

John Palfrey on BiblioTech: Why Libraries Matter More Than Ever In An Age of Google [AUDIO]
Anyone seeking to participate in the 21st century needs to understand how to find and use the vast stores of information available online. Libraries play a crucial role in making these skills and information available, and yet are at risk. John Palfrey — Head of School at Phillips Academy, Andover and President of the Board […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 30, 2015 06:25 PM

Bruce Schneier
Twitter Followers: Please Use the Correct Feed

The official Twitter feed for my blog is @schneierblog. The account @Bruce_Schneier also mirrors my blog, but it is not mine. I have nothing to do with it, and I don't know who owns it.

Normally I wouldn't mind, but the unofficial blog fails intermittently. Also, @Bruce_Schneier follows people who then think I'm following them. I'm not; I never log in to Twitter and I don't follow anyone there.

So if you want to read my blog on Twitter, please make sure you're following @schneierblog. If you are the person who runs the @Bruce_Schneier account -- if anyone is even running it anymore -- please e-mail me at the address on my Contact page.

And if anyone from the Twitter fraud department is reading this, please contact me. I know I can get the @Bruce_Schneier account deleted, but I don't want to lose the 27,300 followers on it. What I want is to consolidate them with the 67,700 followers on my real account. There's no way to explain this on the form to report Twitter impersonation. (Although maybe I should just delete the account. I didn't do it 18 months ago when there were only 16,000 followers on that account, and look what happened. It'll only be worse next year.)

by Bruce Schneier at June 30, 2015 06:16 PM

Cyberlaw Clinic - blog
Protecting Independent Medical Device Research

IMG_0614Over the past several months the Cyberlaw Clinic has been working with medical device researchers Hugo Campos, Jay Radcliffe, Karen Sandler, and Ben West, in a proceeding before the Copyright Office regarding the anticircumvention laws created in the Digital Millennium Copyright Act. Here’s what we’ve been doing, and why we’re doing it.

The Clinic has written about this proceeding twice before, but as a quick review: our clients each study the safety, security, and effectiveness of medical devices. Some look at the devices from a system design perspective, analyzing the hardware and software of the devices for misconfigurations or vulnerabilities. Others look at the devices as they are applied to a particular patient’s care, and help patients retrieve important information off the devices that the device otherwise would not share, or would only make available through periodic checkups with doctors once every several months. Their research has helped patients and doctors better tailor care, the public understand the nature of medical device risks, and regulatory agencies like FDA improve government oversight of devices.

The good news is that their research is having an impact: manufacturers have responded to concerns raised by independent device researchers by improving the security of devices through use of technologies like encryption. The bad news is that the use of encryption and other “technological protection measures” (to use the term of art from copyright law) on these devices means that this research is now at times regulated  by copyright’s anticircumvention laws. These laws state that no person may circumvent a technological protection measure protecting a copyrighted work (e.g., by decrypting an encrypted work) without permission from the copyright owner, unless their circumvention is covered by one of seven statutory exceptions, none of which exactly cover the types of research here.

Once every three years, however, the Library of Congress and Copyright Office conduct a rulemaking to determine whether other temporary exemptions should be granted, in cases where otherwise-lawful uses of copyrighted works are substantially affected by the anticircumvention laws. In the past, this rulemaking has been used to ensure that visually impaired readers can circumvent the controls on eBooks to allow the books to be read aloud, that teachers and students can circumvent the encryption on DVDs for media studies projects, and that cell phones can be “jailbroken” to allow an owner to use the phone on a different carrier’s network. When the proceeding began again last fall, the Clinic petitioned for an exemption to help make sure that medical device research and patient access to data would be protected as part of the next round of exemptions.

In our petition filed in November and initial comment filed in February, we described how researchers access and analyze the source code and data outputs of devices — both in general and as they relate to an individual’s care — and the impact their research has had on device design, use, and governance. The comments also detailed how this research is currently protected under the law (and does not infringe any copyrights in medical device software or outputs), and how anticircumvention laws now jeopardize current and future research.

In March, opponents to exemption had a chance to respond. A few different industry organizations and researchers raised concerns about the proposed exemption. (Those opposition comments are available here.) In early May, the Clinic filed a reply comment, responding to their concerns. The comment notes that research of this nature has been done for several years, and while the opponents raised abstract concerns about safety and effectiveness of such research, they failed to cite a single case where such research risked human life or public safety. In fact, they instead demonstrated the value of this research, by repeatedly citing to independent research conducted by coalition members in their opposition comment, and in admitting that the industry has changed its practices after issues were raised by independent research.

Later in May, I had the chance to travel to Washington with one of our clients, Ben West, to participate in roundtable hearings held by the Copyright Office as part of this proceeding. Ben and I discussed the details of the proposed exemption with several members of the Copyright Office, along with fellow proponents Laura Moy from New America Foundation’s Open Technology Institute and Sherwin Siy from Public Knowledge. The transcript of that hearing is available here, and Prof. Rebecca Tushnet has provided a summary of what was discussed at the hearing.

After the hearing, the Copyright Office sent us a letter asking for our clients’ input on whether the exemption should include a requirement that a researcher must disclose any issues they find with a medical device to the device’s manufacturer, before telling others. This appears to come out of discussions from two of the other proposed anticircumvention exemptions, where computer researchers are more likely to uncover vulnerabilities that, at least theoretically, could be exploited by bad actors. (As one of our clients has demonstrated, there are such vulnerabilities in medical devices, too, but to date there has been no recorded incident of a vulnerability being exploited outside of a controlled setting.)

The Clinic responded to that letter yesterday, noting that both law and reason counsel against such a requirement in this case. As the letter notes, researchers typically disclose issues to manufacturers as part of their process, but there are very good reasons why researchers in certain cases may instead choose to inform other researchers, government regulators, doctors, patients, or the public first or instead of telling the manufacturer. Furthermore, the First Amendment protects the right of a researcher to decide where and to whom they will share information. Were the Copyright Office to impose a requirement here that a researcher could only benefit from the exemption if they revealed their research to manufacturers, this conditioning of a government benefit based on a limitation of speech rights would be unconstitutional. At heart, the decision on where to share computer security research is an ethical, and not a legal, one, and ethics do not necessarily dictate that a researcher inform a manufacturer first in all cases.

This is likely the last filing the Clinic will make in this proceeding. Under this rulemaking’s procedure, the Copyright Office will now solicit the views of the Department of Commerce’s National Telecommunications and Information Administration, and then make a formal recommendation to the Librarian of Congress, who will then issue a final rule granting or rejecting our proposed exemption. We expect that rule to come later this year. We could not have done this without the hard work of several Cyberlaw Clinic students and interns, including Sarah Baugh (HLS ’16), Jonathan Diaz (HLS ’16), Evita Grant (HLS ’16), Megan Michaels (HLS ’16), Joo-Young Rognile (HLS ’15), Michael Rosenbloom (Columbia Law ’17), and Shudan Shen (HLS ’16).

Andy Sellars is a Clinical Fellow at the Cyberlaw Clinic and the Corydon B. Dunham First Amendment Fellow at Harvard Law School.

by Andy Sellars at June 30, 2015 05:26 PM

Justin Reich
What are the Best Ways a Teacher can Demonstrate Leadership in the Classroom?
Empathy for ourselves, our students, and our colleagues are key elements of demonstrating leadership.

by Justin Reich at June 30, 2015 04:06 PM

Berkman Center front page
Ideology and Text: Classifying and Analyzing Discourse using Machine Learning


with Ali Hashmi


The link between the ideology and the text: how to classify, analyze, and deconstruct media discourse using machine learning and critical approaches.

Parent Event

Berkman Luncheon Series

Event Date

Jun 30 2015 12:00pm to Jun 30 2015 12:00pm
Thumbnail Image: 

Tuesday, June 30, 2015 at 12:00 pm

Typically, text analysis tools uncover patterns in the data without uncovering the 'ideology' embedded in the text. In doing so, they conceal the function of the relation of 'what is being said' to its social, and, more importantly, political context. As part of my research, I have developed a tool that uses data-driven approaches for classifying discourse in news media. My research combines critical discourse analysis (CDA) approaches with corpus linguistics using machine learning and natural language processing (NLP) techniques. The objective of CDA approaches is to make more visible the hidden aspects of discourse by looking at the latent social ideologies that permeate social texts. On the other hand, corpus linguistics is an agnostic way of studying language patterns in large amounts of text. As an instance of this framework, I have developed a tool for analyzing discourse on Islam in the mainstream media. The tool is based on the hypothesis that the media coverage in several mainstream news sources tends to contextualize Muslims largely as a group embroiled in conflict at a disproportionately large level. My hypothesis is based on the assumption that discourse on Islam in mainstream global media tends to lean toward the dangerous "clash of civilizations" frame. To test this hypothesis, I have developed a prototype tool "Said-Huntington Discourse Analyzer" that machine classifies news articles on a normative scale— a scale that measures "clash of civilization" polarization in an article on the basis of conflict. The tool also extracts semantically meaningful conversations for a media source using topic modeling, allowing the users to discover frames of conversations on the basis of Said-Huntington index classification.

About Ali

Ali Hashmi is a researcher at the MIT Center for Civic Media. At the center, he is developing software tools that machine-classify and analyze discourse in news articles to elucidate the relationships between language, social identities and power.  Ali is interested in projects and ideas at the intersection of journalism and technology. In particular, Ali is interested in: 1) understanding the ontology of digital asymmetries on the Internet; and 2) developing relevant media technologies for leveling the inequalities produced by these asymmetries. Prior to MIT, Ali was a McCormick scholar at Medill (Northwestern) and a Knight fellow at the Globe Lab (Boston Globe, NYTCO). He has worked as a software architect and development manager for Bell Canada for nearly nine years, leading business intelligence and data integration teams in Toronto, Montreal, London (Ontario) and Bangalore; he has also worked as a journalist in Pakistan. He holds an MS degree from MIT Media Lab, an MSJ degree from Northwestern University, and a BS degree in Computer Science from the University of Western Ontario.


by candersen at June 30, 2015 01:43 PM

David Weinberger
Greek crisis: Five explainers

Here are five posts explaining the Greek economic crisis clearly enough even for me, which is an accomplishment. They were gathered by Peter Kaminski [twitter:peterkaminski] whose Net-fu is unmatched.

The post Greek crisis: Five explainers appeared first on Joho the Blog.

by davidw at June 30, 2015 12:47 PM

Bruce Schneier
Tracking the Psychological Effects of the 9/11 Attacks

Interesting research from 2012: "The Dynamics of Evolving Beliefs, Concerns, Emotions, and Behavioral Avoidance Following 9/11: A Longitudinal Analysis of Representative Archival Samples":

Abstract: September 11 created a natural experiment that enables us to track the psychological effects of a large-scale terror event over time. The archival data came from 8,070 participants of 10 ABC and CBS News polls collected from September 2001 until September 2006. Six questions investigated emotional, behavioral, and cognitive responses to the events of September 11 over a five-year period. We found that heightened responses after September 11 dissipated and reached a plateau at various points in time over a five-year period. We also found that emotional, cognitive, and behavioral reactions were moderated by age, sex, political affiliation, and proximity to the attack. Both emotional and behavioral responses returned to a normal state after one year, whereas cognitively-based perceptions of risk were still diminishing as late as September 2006. These results provide insight into how individuals will perceive and respond to future similar attacks.

by Bruce Schneier at June 30, 2015 11:27 AM

June 29, 2015

Jonathan Zittrain
Should the director of OPM be fired over its massive data breach?
I participate in a regular poll by the Christian Science Monitor on Internet policy topics.  This week’s question was about the recent data breaches at the U.S. Office of Personnel Management: As you can see, most people said yes.  I count myself among good company among the noes, including Dan Kaminsky and Dan Geer.  My answer: […]

by z at June 29, 2015 10:02 PM

Bruce Schneier

There's a new paper on a low-cost TEMPEST attack against PC cryptography:

We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

From Wired:

Researchers at Tel Aviv University and Israel's Technion research institute have developed a new palm-sized device that can wirelessly steal data from a nearby laptop based on the radio waves leaked by its processor's power use. Their spy bug, built for less than $300, is designed to allow anyone to "listen" to the accidental radio emanations of a computer's electronics from 19 inches away and derive the user's secret decryption keys, enabling the attacker to read their encrypted communications. And that device, described in a paper they're presenting at the Workshop on Cryptographic Hardware and Embedded Systems in September, is both cheaper and more compact than similar attacks from the past -- so small, in fact, that the Israeli researchers demonstrated it can fit inside a piece of pita bread.

Another article. NSA article from 1972 on TEMPEST. Hacker News thread. Reddit thread.

by Bruce Schneier at June 29, 2015 06:38 PM

Migrating from SHA-1 to SHA-2

Here's a comprehensive document on migrating from SHA-1 to SHA-2 in Active Directory certificates.

by Bruce Schneier at June 29, 2015 11:05 AM

June 28, 2015

David Weinberger
Does the moral universe arc?

“The arc of the moral universe is long but bends towards justice.”

Does it?

That saying was of course made famous by Martin Luther King who put it between quotation marks to indicate that it was not original with him. Had King’s own arc not been stopped short by a white racist with a gun, it might have been MLK, at the age of 86, who addressed us on Friday in Charlestown. As it is, our President did him proud.

The always awesome Quote Investigator tells us that the quotation in fact came from Theodore Parker in 1857; Parker was a Unitarian minister, Transcendentalist, and abolitionist. The entire sermon (“Of Justice and the Conscience,” pp. 66-102) is worth reading, but here’s the relevant snippet:

Look at the facts of the world. You see a continual and progressive triumph of the right. I do not pretend to understand the moral universe, the arc is a long one, my eye reaches but little ways. I cannot calculate the curve and complete the figure by the experience of sight; I can divine it by conscience. But from what I see I am sure it bends towards justice.

The sermon points out that the wicked often suffer in ways that the outside world can’t perceive. But Parker is realistic enough to recognize that “we do not see that justice is always done on earth,” (p. 89) and he proceeds to remind his congregation of some of the overwhelming evils present in the world, including: “Three million slaves earn the enjoyment of Americans, who curse them in the name of Christ.” (p. 90) Neither does Parker let us rest in the comfortable thought that justice reigns in the next world. We need a “conscious development of the moral element in man, and a corresponding expansion of justice in human affairs…” (p. 90).

But, is Parker right? Does the arc of the moral universe bend toward justice, or towards injustice, or toward neither, or toward entropy? Why shouldn’t we think we construct that arc out of our wishes and happy thoughts?

Parker’s support for his claim is not what sight shows him but what is visible to his conscience. But what did conscience mean to him?

In 1850 Parker delivered a sermon called “The Function and Place of Conscience in Relation to the Laws.” He begins by explaining the term: “It is the function of conscience to discover to men the moral law of God.” He puts it on a level with our other faculties, part of the reaction against the reduction of consciousness to what comes through our sense organs. Transcendentalists were influenced by Kant who argued that sense perception wouldn’t add up to experience if we didn’t come into the world with a pre-existing ability to organize perceptions in time, space, causality, etc. In addition, affirms Parker, we have a faculty — conscience — that lets us understand things in terms of their moral qualities. That faculty is as fallible as the others, but it is “adequate to the purpose God meant for it”; otherwise God would have failed to outfit us adequately for the task He has set us, which would be on Him.

For Parker, conscience (knowledge of what is right) is at least as important as intellect (knowledge of the world). In “Of Justice and Conscience,” he bemoans that “We have statistical societies for interest” but “no moral societies for justice.” (p. 92) “There is no college for conscience.” (p. 93). (Statistics as a concept and a field had entered British culture at the beginning of the 19th century. By the 1850s it had become a dominant way of evaluating legislative remedies there. See Too Big to Know for a discussion of this. Yeah, I just product placed my own book.)

The faculty of justice (conscience) is at least as important as the faculty of intellect, for conscience drives action. In “The Function and Place of Conscience,” he writes:

Nothing can absolve me from this duty, neither the fact that it is uncomfortable or unpopular, nor that is conflicts with my desires, my passions, my immediate interests, and my plans in life. Such is the place of conscience amongst other faculties of my nature

Indeed, the heart of this sermon is the injunction to rise to the demands inherent in our being children of God, and to reject any conflicting demands by government, business, or society.

Much of this sermon could be quoted by those who refuse as businesspeople or government employees to serve same-sex couples, although Parker is talking about returning fugitive slaves to their owners, not decorating cakes:

This statute [the Fugutive Slave Act] is not to be laid to the charge of the slaveholders of the South alone; its most effective supporters are northern men; Boston is more to be blamed for it than Charleston or Savannah, for nearly a thousand persons of this city and neighborhood, most of them men of influence through money if by no other means, addressed a letter of thanks to the distinguished man who had volunteered to support that infamous bill telling him that he had “convinced the understanding and touched the conscience of the nation.”

That “distinguished man” was, shockingly, Daniel Webster. Webster had been an eloquent and fierce abolitionist. But in 1850, he argued just as fiercely in support of the Fugitive Slave Act in order to preserve the union. Parker wrote an impassioned account of this in his 1853 Life of Daniel Webster.

Parker’s sermon exhorts his congregants, in a passage well worth reading, to resist the law. “[I]t is the natural duty of citizens to rescue every fugitive slave from the hands of the marshal who essays to return him to bondage; to do it peaceably if they can, forcibly if they must, but by all means to do it.”

So, conscience trumps the other faculties by bringing us to act on behalf of justice. But the moral law that conscience lets us perceive is different from the laws of nature. Parker writes in “Of Justice” that there is no gap between the natural laws and their fulfillment. This is so much the case that we learn those laws by observing nature’s regularities. But the moral law “unlike attraction [i.e., gravity] … does not work free from all hindrance.” (p. 69). The moral law requires fulfillment by humans. We are imperfect, so there is a gap between the moral law and the realm over which it rules.

Parker continues: Even if we could learn the law of right through observation and experience — just as we learn the laws of nature — those laws would feel arbitrary. In any case, because history is still unfolding, we can’t learn our moral lessons from it, for our justice has not yet been actualized in history. (p. 73) Man has “an ideal of nature which shames his actual of history.” (p. 73) So, “God has given us a moral faculty, the conscience…” (p. 72) to see what we have yet not made real.

Intellect is not enough. Only conscience can see the universe’s incomplete moral arc.

So, does the arc of the moral universe bend toward justice?

Our intellect sets off warning flares. History is too complex to have a shape. The shape we perceive of course looks like progress because we always think that what we think is the right thing to think, so we think we’re thinking better than did those who came before us. And, my intellect says quite correctly, yeah, sure you’d think that, Mr. Privileged White Guy.

At the moment of despair — when even in Boston citizens are signing letters in favor of returning people back to their enslavement — “The arc of the moral universe is long but bends toward justice” brings hope. No, it says, you’re not going to get what you deserve, but your children might, or their children after them. It is a hard, hard hope.

But is it true?

I will postulate what Theodore Parker did not: Neither our intellect nor conscience can know what the universe’s arc will actually be. Even thinking it has any shape requires an act of imagination that bears an unfathomable cost of forgetting.

But, I believe that Parker was right that conscience — our sense of right and wrong — informs our intellect. Hope is to moral perception as light is to vision: You cannot perceive the world within its moral space without believing there is a point to action. And we can’t perceive outside of that moral space, for it is within the moral space that the universe and what we do in it matters. Even science — crucial science — is pursued as a moral activity, as something that matters beyond itself. If nothing you do can have any effect on what matters beyond your own interests, then moral behavior is pointless and self-indulgent. Hope is moral action’s light.

So, of course I don’t know if the arc of the moral universe bends towards justice. But if there is a moral universe, modest hopes bend its history.

The post Does the moral universe arc? appeared first on Joho the Blog.

by davidw at June 28, 2015 12:47 AM

June 26, 2015

Bruce Schneier
Friday Squid Blogging: Classic Gary Larson Squid Cartoon

I have always liked this one.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at June 26, 2015 09:32 PM

Other GCHQ News from Snowden

There are two other Snowden stories this week about GCHQ: one about its hacking practices, and the other about its propaganda and psychology research. The second is particularly disturbing:

While some of the unit's activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled "Operational Highlights" boasts of "GCHQ's first serious crime effects operation" against a website that was identifying police informants and members of a witness protection program. Another operation investigated an Internet forum allegedly "used to facilitate and execute online fraud." The document also describes GCHQ advice provided :to assist the UK negotiating team on climate change."

Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG's activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit's extreme methods. Entitled "Behavioral Science Support for JTRIG's Effects and Online HUMINT [Human Intelligence] Operations," it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.

Among other things, the document lays out the tactics the agency uses to manipulate public opinion, its scientific and psychological research into how human thinking and behavior can be influenced, and the broad range of targets that are traditionally the province of law enforcement rather than intelligence agencies.

by Bruce Schneier at June 26, 2015 05:12 PM

Stuart Shieber - The Occasional Pamphlet
Plain meaning

In its reporting on yesterday’s Supreme Court ruling in King v. Burwell, Vox’s Matthew Yglesias makes the important point that Justice Scalia’s dissent is based on a profound misunderstanding of how language works. Justice Scalia would have it that “words no longer have meaning if an Exchange that is not established by a State is ‘established by the state.’” The Justice is implicitly appealing to a “plain meaning” view of legislation: courts should just take the plain meaning of a law and not interpret it.

If only that were possible. If you think there’s such a thing as acquiring the “plain meaning” of a text without performing any interpretive inference, you don’t understand how language works. It’s the same mistake that fundamentalists make when they talk about looking to the plain meaning of the Bible. (And which Bible would that be anyway? The King James Version? Translation requires the same kind of inferential process – arguably the same actual process – as extracting meaning through reading.)

Yglesias describes “What Justice Scalia’s King v. Burwell dissent gets wrong about words and meaning” this way:

Individual stringz of letterz r efforts to express meaningful propositions in an intelligible way. To succeed at this mission does not require the youse of any particular rite series of words and, in fact, a sntnce fll of gibberish cn B prfctly comprehensible and meaningful 2 an intelligent reader. To understand a phrse or paragraf or an entire txt rekwires the use of human understanding and contextual infrmation not just a dctionry.

The jokey orthography aside, this observation that understanding the meaning of linguistic utterances requires the application of knowledge and inference is completely uncontroversial to your average linguist. Too bad Supreme Court justices don’t defer to linguists on how language works.

Let’s take a simple example, the original “Winograd sentences” from back in 1973:

  1. The city councilmen refused the demonstrators a permit because they feared violence.
  2. The city councilmen refused the demonstrators a permit because they advocated violence.

To understand these sentences, to recover their “plain meaning”, requires resolving to whom the pronoun ‘they’ refers. Is it the city councilmen or the demonstrators? Clearly, it is the former in sentence (1) and the latter in sentence (2). How do you know, given that the two sentences differ only in the single word alternation ‘feared’/‘advocated’? The recovery of this single aspect of the “plain meaning” of the sentence requires an understanding of how governmental organizations work, how activists pursue their goals, likely public reactions to various contingent behaviors, and the like, along with application of all that knowledge through plausible inference. The Patient Protection and Affordable Care Act (PPACA) has by my (computer-aided) count some 479 occurrences of pronouns in nominative, accusative, or possessive. Each one of these requires the identification of its antecedent, with all the reasoning that implies, to get its “plain meaning”.

Examining the actual textual subject of controversy in the PPACA demonstrates the same issue. The phrase in question is “established by the state”. The American Heritage Dictionary provides six senses and nine subsenses for the transitive verb ‘establish’, of which (by my lights) sense 1a is appropriate for interpreting the PPACA: “To cause (an institution, for example) to come into existence or begin operating.” An alternative reading might, however, be sense 4: “To introduce and put (a law, for example) into force.” The choice of which sense is appropriate requires some reasoning of course about the context in which it was used, the denotata of the subject and object of the verb for instance. If one concludes that sense 1a was intended, then the Supreme Court’s decision is presumably correct, since a state’s formal relegation to the federal government the role of running the exchange is an act of “causing to come into existence”, although perhaps not an act of “introducing and putting into force”. (Or further explication of the notions of “causing” or “introducing” might be necessary to decide the matter.) If the latter sense 4 were intended, then perhaps the Supreme Court was wrong in its recent decision. The important point is this: There is no possibility of deferring to the “plain meaning” on the issue; one must reason about the intentions of the authors to acquire even the literal meaning of the text. This process is exactly what Chief Justice Roberts undertakes in his opinion. Justice Scalia’s view, that plain meaning is somehow available without recourse to the use of knowledge and reasoning, is unfounded even in the simplest of cases.

by Stuart Shieber at June 26, 2015 02:23 PM

Bruce Schneier
NSA and GCHQ Attacked Antivirus Companies

On Monday, the Intercept published a new story from the Snowden documents:

The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.

British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab's software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

Wired has a good article on the documents:

The documents...don't describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it.


An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights. They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos.

But antivirus wasn't the only target of the two spy agencies. They also targeted their reverse-engineering skills against CheckPoint, an Israeli maker of firewall software, as well as commercial encryption programs and software underpinning the online bulletin boards of numerous companies. GCHQ, for example, reverse-engineered both the CrypticDisk program made by Exlade and the eDataSecurity system from Acer. The spy agency also targeted web forum systems like vBulletin and Invision Power Board­used by Sony Pictures, Electronic Arts, NBC Universal and others­as well as CPanel, a software used by GoDaddy for configuring its servers, and PostfixAdmin, for managing the Postfix email server software But that's not all. GCHQ reverse-engineered Cisco routers, too, which allowed the agency's spies to access "almost any user of the internet" inside Pakistan and "to re-route selective traffic" straight into the mouth of GCHQ's collection systems.

There's also this article from Ars Technica. Slashdot thread.

Kaspersky recently announced that it was the victim of Duqu 2.0, probably from Israel.

by Bruce Schneier at June 26, 2015 11:59 AM

Yet Another Leaker -- with the NSA's French Intercepts

Wikileaks has published some NSA SIGINT documents describing intercepted French government communications. This seems not be from the Snowden documents. It could be one of the other NSA leakers, or it could be someone else entirely.

As leaks go, this isn't much. As I've said before, spying on foreign leaders is the kind of thing we want the NSA to do. I'm sure French Intelligence does the same to us.

EDITED TO ADD (6/25): To me, more interesting than the intercepts is the spreadsheet of NSA surveillance targets. That spreadsheet gives us a glimpse into the US process of surveillance: what US government office initially asked for the surveillance, what NSA office is tasked with analyzing the intelligence collected, where a particular target is on the priorities list, and so on.

by Bruce Schneier at June 26, 2015 04:55 AM

June 25, 2015

H2O annotating: easier than ever

With H2O’s re-done annotator tool, the most commonly used annotation – hiding text – is drastically simplified. Previously, the hiding of text required one to highlight the text, name and create a layer, then navigate to the SHOW/HIDE button and hide that layer.

Now, one has to simply select the text they would like hidden, and click the hide-eyeball from the annotator toolbar that appears, and the text is hidden. The difference between these is demo’d here.

The following demonstrates the entire suite of annotations available: hide text, highlight, comment, and link – here!

by bjohnsonh2o at June 25, 2015 09:43 PM

John Palfrey


Wonderful reflections on this summer’s Civil Rights trip by faculty and students of Phillips Academy.

Originally posted on American Civil Rights Movement Immersion Program:

On reflection, the American Civil Rights Immersion Program maintained a three-pronged mission. To walk in the footsteps of the heroes of the historical Civil Rights Movement, to relate historical events to current human and civil rights issues, and to provide a partnership opportunity for students at Phillips Academy to connect with students from a dramatically different region in the country, the Mississippi Delta. Key to the success of this trip was a wonderful group of students. They were eager to investigate the issues and eager to “road trip.” Our cultural immersion included a wide variety of foods including fried green tomatoes and fried snickers bars. We had a perfect sized group. The 10 students along with faculty members Allen Grim and Damany Fisher could fit easily around one table at a restaurant, or into one hotel room for our nightly debriefs. In these nightly talks, run by the students, we…

View original 1,026 more words

by jgpalfrey at June 25, 2015 07:02 PM

Radio Berkman 220: Trusting the Platform
Listen:or download | …also in Ogg The more comfortable we get using digital platforms the more important it becomes to understand our relationships to them. From Facebook, to Fitbit, to Wikipedia, to networked games, and even to our schools and employers, the more we entrust our data to an outside platform, the more we have […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 25, 2015 04:31 PM

Justin Reich
Developing a New Metric for Assessing Learning
What dimensions of learning should we be measuring, and how should we go about doing it?

by Justin Reich at June 25, 2015 03:25 PM

Microsoft Research 2015 PhD Interns on Platforms, Data, and People [AUDIO]
Microsoft Research PhD Interns Ifeoma Ajunwa, Stacy Blasiola, Nathan Matias, and Aleena Chia present their current research on corporations and the quantified self; the Facebook newsfeed algorithm; how sites like Reddit and Wikipedia are made accountable to their users and the public; and the participatory politics of online gaming. Download the MP3 …or download the […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 25, 2015 01:54 PM

Christine Borgman: Data, data everywhere — but how to manage and govern? [AUDIO]
Universities are drowning in data, not only data produced by their researchers and students, but also data they collect about their communities. Research data are subject to sharing and retention requirements by funding agencies and journals. Data from course management systems, faculty personnel records, security cameras, and social media are being used as indicators for […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 25, 2015 01:51 PM

Bruce Schneier
Baseball Hacking: Cardinals vs. Astros

I think this is the first case of one professional sports team hacking another. No idea if it was an official operation, or a couple of employees doing it on their own initiative.

by Bruce Schneier at June 25, 2015 11:14 AM

June 24, 2015

Berkman Center front page
Radio Berkman 220: Trusting the Platform


We are more and more comfortable engaging with and sharing our data with digital platforms — from Fitbit, to Facebook, to Wikipedia, to even our own schools and employers. But how are they accountable to us?

Thumbnail Image: 

The more comfortable we get using digital platforms the more important it becomes to understand our relationships to them. From Facebook, to Fitbit, to Wikipedia, to networked games, and even to our schools and employers, the more we entrust our data to an outside platform, the more we have to ask the question: "How are they accountable to us?"

For this week's podcast we spoke to four PhD candidates who are working with Microsoft Research. First, Ifeoma Ajunwa explains the tricky employers use big data collected from their employees. Then, Aleena Chia describes the unique system of governance that’s formed around the digital gaming world of Eve Online. Next, Berkman fellow Nathan Matias addresses the nuanced relationship between users and platforms where users create the content, like Wikipedia and Reddit. Finally, we speak with Stacey Blasiola about her research topic, “Newsfeed: Created by you?”

Check out all of our Radio Berkman episodes on our Soundcloud.

by djones at June 24, 2015 08:39 PM

Producer Spotlight: Megan Tan of Millennial

Each month we’ll be highlighting a different PRX producer to find out what they’re working on and hear about the challenges they face as indies as well as the stuff that gets them stoked.

This month, our intern Alexandra Morrow interviewed producer Megan Tan about her radio show Millennial. We were really excited to find out more about Megan, how she got started, and what’s next for the show.

Photo credit: Ben Severance.Megan Tan working. Photo credit: Ben Severance.

For those who haven’t listened, what is Millennial about?

It’s about life post-graduation through the eyes of one person (me) in an Alex Blumberg / Start Up kind of way. It’s a narrative driven, first-person perspective podcast about maneuvering your 20s, after graduating college, and all the things that nobody teaches you.

Why audio?

I want to become a radio producer and really this project was just so that I could create a portfolio piece so I could show people, “Hey look I want to be a radio producer and look I’m making radio!” Using audio was really just so that I could get practice and hone a craft that I felt really insecure about.

I notice you said because you “want to become a radio producer.” Do you not consider yourself a radio producer, now?

When I talk to people they say, “You already are a radio producer! You are making radio!” But I feel like I’m half a radio producer and half I-have-no-idea-what-I’m-doing. I’m making it all by myself. I still have tons to learn. I feel like a very immature kind of radio producer, if that makes any sense. I’ll be making the 6th episode of Millennial soon and this podcast is literally the first time I have ever produced anything (audio wise). I used to do videos, so I do have some knowledge about story structure and working with audio, but before this I never worked solely with audio.

For a first try you’re doing a pretty incredible job.

It wasn’t until recently that I started re-listening to my old work (like the first episodes of Millennial). After I published them I would shed it off like it was bad skin. I would think, “oh God I’m glad that’s over, moving forward!” I couldn’t re-listen to it for a long time. It’s hard listening all the flaws, all the things you can do better.

Do you still feel like there are things about your work or about Millennial that are always nagging you. You said you feel that there are always things you can do better?

Oh sure, I mean I don’t know anything about sound production. I don’t know anything about sound engineering. I am constantly on Transom. I am constantly on AIR, and on YouTube. I’m constantly taking notes. I always have one of my best friends who isn’t in radio listen to an episode before I publish it – just to tell me if the levels are good. I’ll call up an old friend from college who used to be my roommate and I’ll say, “Hey can I just borrow 20 minutes of your time and can you please tell me if there are parts of this that are too soft, or too loud?”

How has Millennial changed the way you think about your future?

I think a lot of the things that I was really scared of when I started this are so much more tangible than they have ever been, which is remarkable. I write down a lot of goals. I write down lots of lists and things that I want. For a while I had a list and I took a picture of it with my iPhone and had it as my background. A lot of things I had written just felt unachievable. One of those things was making a podcast. But now because I’ve created Millennial, a lot of the things that I wanted I’ve gotten lot closer to.

Is that list changing?

Oh yeah. There will always be lots of lists. The list is definitely changing. You always want to be reaching for things you perceive as impossible. But what I’m learning is to really be patient. I remember talking to an old friend of mine and she said, “Megan you do this thing where you envision yourself jumping between cliffs. You’re jumping between two cliffs and when you’re in mid-air you raise the bar of that cliff. So you’re naturally going to fall, because you increase your expectations as your going towards them.” So instead of doing that I feel like I’ve purposefully thought about longevity and steady efforts.

That’s something I didn’t think of when I graduated college. When I graduated college and when I was making the very first episodes of Millennial I wanted everything now. I felt like I was already failing because I didn’t have a job in my field. And now… this is a very long answer.

No this is great!

…welcome to life as a millennial!

Hey, I’m a millennial too. I have one more year until I graduate.

That’s so exciting. I guess… I just feel like I’ve been able to take a breath. I’ve been able to make some pivotal decisions in terms of how I want to carve out my life for the future. I’ve worked at a restaurant for almost a year now, but I’m also making something that I really love, and I feel like that’s worth it because later that will turn into something.

When did you graduate?

I graduated last year, in 2014. But I’m older. A lot of people think I’m 22. But I’m 24. I took some time off from school to do a Radiolab internship at WNYC and I also went to a small liberal arts school in California for a year. But I didn’t like that so I went to a school in Kentucky to study photojournalism. Then I took a year off. So my route hasn’t really been the ‘ideal four years.’ I graduated high school when I was 17 so, it feels good to be done. It feels really good to be done.

Have you gotten any feedback from people listening to Millennial?

I get some really great emails from people. I recently received a donation, and you can always put a little message in it. The donation was from a mother, and she said, “I’m raising millennials, thank you for allowing me to understand what’s happening.”

I’ve also gotten emails with feedback from people saying “thank you for being so honest. I always thought that I was alone in this.” Mostly I hear from people who are in our same shoes and are trying to figure out what to do after graduation.

When you were talking about your list you said, “there’s always something bigger and better that you’re adding to it.” Your dream is always evolving. You mentioned the bar and the cliff. Do you have any big goals for Millennial, or is that top secret information?

Yeah, I do have some big bars for Millennial. I don’t know if I’ll talk about them. When I’m making an episode I’m just hoping that each episode is better than the one before, or as good as the one before. That’s on the list all the time: to make this episode as good as it can be.

The tricky thing about this podcast is, I’m documenting my life and enough really crazy amazing things, or interesting things have to be happening in for it to be a good podcast. So I question the longevity of it, but I also think there’s a potential for it to boomerang in a different direction.

I would really love to work with the best podcasters out there and with a team of people who would help me, or for people to see the potential for the podcast and for me as a host. To be able to say, “We believe in you. Let’s work on this together. We have a lot of tools and resources. Let’s collaborate.” But that would be the dream; to miraculously be lifted out of my a closet in Maine and be taken to a really beautiful studio somewhere and for a huge crew to be working on Millennial with me. But I feel like I’m in mid-air right now and while that can be a goal of mine, I also know that just making really good work is something I still need to focus on.

Like, you don’t want to dream before the dream gets away from you?

Yeah. Also you I know how it’s all going to pan out. But I do know at this moment there are people that are listening. They want a sixth episode and I want to make a sixth episode, so I just need to focus on making that sixth episode. Like when you look at great podcasts…people work really hard for a really long time. It’s not until 5 years down the road that they get picked up. So I feel like I still need to put in my time with that. I still need to just continue to prove to myself that I can make good content and that should be my focus.

That’s a big chunk. Also balancing working a full time job with making the podcast. I was putting in 40 hours a week at the restaurant. To be able to sit down at my computer after a long day standing on your feet, is hard. So maybe I’ll be working with some of my favorite podcast heroes in the future. That would be the dream.

You said your dream is to work with your favorite podcast heroes. Who are your podcast heroes?

Millennial was inspired by Alex Blumberg’s StartUp Podcast. Just the way that he structured StartUp is really great. I mean, I fell in love with that podcast and I remember watching a Creative Lively where he did a presentation. He was teaching a 2-day class online and I watched the entire 2-days because I just wanted to learn. I remember him saying, “what you need to do, is you just need to create something, You need to just imitate people and practice.” And I remember going to Ben, my boyfriend, and saying, “Ben! Alex Blumberg is telling me I can just be like him! So I’m just going to try it out!” So Alex Blumberg is definitely one of my podcast heroes.

I really love all the people at RadioLab because I know them personally. Molly Webster is one of my people. Matt Kielty, Kelsey Padgett, Jad Abumrad, Alex Kapelman. These are just my favs. My good people. I really like Starlee Kine, I really like Chana Joffe Walt. I like Sean Cole. All the people at Gimlet are great. Everybody in ReplyAll… There are just so many. There are a lot of really great people out there. I really also like the Radio Community. It’s very nurturing and people are always willing to help. They know how hard it is.

Well, thank you so much for speaking with me. I know I’ve taken up a lot of your time and asked a lot of questions, but is there anything that I haven’t asked that you would like to say?

Hmm… I think it’s funny how when you get recognition via the internet, your life on a day to day basis is still the same. When Millennial first started getting a lot of press all of a sudden people I didn’t know were emailing me. But then I would go to the restaurant and no one would care, or no one would know who I was. That different dynamic was so funny. But it’s humbling because a lot has changed, but at the same time it feels like not a lot has changed.

The post Producer Spotlight: Megan Tan of Millennial appeared first on PRX.

by Alexandra Morrow at June 24, 2015 02:19 PM

Bruce Schneier
What is the DoD's Position on Backdoors in Security Systems?

In May, Admiral James A. Winnefeld, Jr., vice-chairman of the Joint Chiefs of Staff, gave an address at the Joint Service Academies Cyber Security Summit at West Point. After he spoke for twenty minutes on the importance of Internet security and a good national defense, I was able to ask him a question (32:42 mark) about security versus surveillance:

Bruce Schneier: I'd like to hear you talk about this need to get beyond signatures and the more robust cyber defense and ask the industry to provide these technologies to make the infrastructure more secure. My question is, the only definition of "us" that makes sense is the world, is everybody. Any technologies that we've developed and built will be used by everyone -- nation-state and non-nation-state. So anything we do to increase our resilience, infrastructure, and security will naturally make Admiral Rogers's both intelligence and attack jobs much harder. Are you okay with that?

Admiral James A. Winnefeld: Yes. I think Mike's okay with that, also. That's a really, really good question. We call that IGL. Anyone know what IGL stands for? Intel gain-loss. And there's this constant tension between the operational community and the intelligence community when a military action could cause the loss of a critical intelligence node. We live this every day. In fact, in ancient times, when we were collecting actual signals in the air, we would be on the operational side, "I want to take down that emitter so it'll make it safer for my airplanes to penetrate the airspace," and they're saying, "No, you've got to keep that emitter up, because I'm getting all kinds of intelligence from it." So this is a familiar problem. But I think we all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike on the intelligence side than very vulnerable networks and an easy problem for Mike. And part of that -- it's not only the right thing do, but part of that goes to the fact that we are more vulnerable than any other country in the world, on our dependence on cyber. I'm also very confident that Mike has some very clever people working for him. He might actually still be able to get some work done. But it's an excellent question. It really is.

It's a good answer, and one firmly on the side of not introducing security vulnerabilities, backdoors, key-escrow systems, or anything that weakens Internet systems. It speaks to what I have seen as a split in the the Second Crypto War, between the NSA and the FBI on building secure systems versus building systems with surveillance capabilities.

I have written about this before:

But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

NSA Director Admiral Mike Rogers was in the audience (he spoke earlier), and I saw him nodding at Winnefeld's answer. Two weeks later, at CyCon in Tallinn, Rogers gave the opening keynote, and he seemed to be saying the opposite.

"Can we create some mechanism where within this legal framework there's a means to access information that directly relates to the security of our respective nations, even as at the same time we are mindful we have got to protect the rights of our individual citizens?"


Rogers said a framework to allow law enforcement agencies to gain access to communications is in place within the phone system in the United States and other areas, so "why can't we create a similar kind of framework within the internet and the digital age?"

He added: "I certainly have great respect for those that would argue that they most important thing is to ensure the privacy of our citizens and we shouldn't allow any means for the government to access information. I would argue that's not in the nation's best long term interest, that we've got to create some structure that should enable us to do that mindful that it has to be done in a legal way and mindful that it shouldn't be something arbitrary."

Does Winnefeld know that Rogers is contradicting him? Can someone ask JCS about this?

by Bruce Schneier at June 24, 2015 12:42 PM

June 23, 2015

Bruce Schneier
Hayden Mocks NSA Reforms

Former NSA Director Michael recently mocked the NSA reforms in the recently passed USA Freedom Act:

If somebody would come up to me and say, "Look, Hayden, here's the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you're going to be required to do is that little 215 program about American telephony metadata -- and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself." I go: "And this is it after two years? Cool!"

The thing is, he's right. And Peter Swire is also right when he calls the law "the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978." I supported the bill not because it was the answer, but because it was a step in the right direction. And Hayden's comments demonstrate how much more work we have to do.

by Bruce Schneier at June 23, 2015 06:39 PM

Why We Encrypt

Encryption protects our data. It protects our data when it's sitting on our computers and in data centers, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.

Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.

This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive.

It's important to remember that encryption doesn't magically convey security. There are many ways to get encryption wrong, and we regularly see them in the headlines. Encryption doesn't protect your computer or phone from being hacked, and it can't protect metadata, such as e-mail addresses that need to be unencrypted so your mail can be delivered.

But encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance -- the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their attacks against individuals, we protect society.

Today, we are seeing government pushback against encryption. Many countries, from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it's technically impossible, and the attempt will cause incredible damage to the security of the Internet.

There are two morals to all of this. One, we should push companies to offer encryption to everyone, by default. And two, we should resist demands from governments to weaken encryption. Any weakening, even in the name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong encryption, we're all much more secure when we all have strong encryption.

This originally appeared in Securing Safe Spaces Online.

EDITED TO ADD: Last month, I blogged about a UN report on the value of encryption technologies to human freedom worldwide. This essay is the foreword to a companion document:

To support the findings contained in the Special Rapporteur's report, Privacy International, the Harvard Law School's International Human Rights Law Clinic and ARTICLE 19 have published an accompanying booklet, Securing Safe Spaces Online: Encryption, online anonymity and human rights which explores the impact of measures to restrict online encryption and anonymity in four particular countries ­-- the United Kingdom, Morocco, Pakistan and South Korea.

by Bruce Schneier at June 23, 2015 05:59 PM

Tips for Podcasters: Convert Your Website Visitors

Are you a podcaster or radio producer? Do you know where your fans are coming from?

Likely, thousands of people visit your website each month, and most will bounce away before listening and almost all before subscribing to your podcast. Scary right?

In these slides, PRX Chief Product Officer Matt MacDonald will show you methods and tools that you can use to convert that random web visitor into a fan.

The post Tips for Podcasters: Convert Your Website Visitors appeared first on PRX.

by Audrey at June 23, 2015 04:29 PM

Berkman Center front page
Toward Critical Feminist Technology Studies of Youth Safety: Problematizing Dominant Digital Approaches to Sexual Exploitation of Children Online


Mitali Thakor, PhD student in MIT's HASTS program


In this talk, Mitali Thakor will discuss my ethnographic fieldwork on new digital approaches to addressing child exploitation online, such as the use of avatars and image detection software.

Parent Event

Berkman Luncheon Series

Event Date

Jun 23 2015 12:00pm to Jun 23 2015 12:00pm
Thumbnail Image: 

Tuesday, June 23, 2015 at 12:00 pm

In this talk, I will discuss my ethnographic fieldwork on new digital approaches to addressing child exploitation online, such as the use of avatars and image detection software. What sort of partnerships are necessary between law enforcement, scientists, and non-governmental agencies to make these approaches work? What does a critical feminist analysis of such technoscientific practices look like? I look forward to an open discussion on questions of youth sexuality and rights online, governance and privacy, and possibilities for feminist technology design. 

About Mitali

Mitali Thakor is a PhD student in MIT's HASTS program. She studies sex work, sex trafficking, technology, and digital forensics. Mitali uses Feminist STS, queer theory, and critical race studies to explore the ways in which activists, computer scientists, lawyers, and law enforcement officials negotiate their relationships to anti-trafficking via emergent technologies and discourses of carceral control.

by ashar at June 23, 2015 01:32 PM

David Weinberger
Old man yells at cloud, at SxSW

SxSW’s video talk show interviewed me about my talk, which was basically about why the Net isn’t as dreadful as it seems. Something like that.

Anyway, here’s the segment, with Douglas Caballero. It’s 11.5 minutes long.

The post Old man yells at cloud, at SxSW appeared first on Joho the Blog.

by davidw at June 23, 2015 11:23 AM

Wayne Marshall
YouTubology, Spring 2015

As you may know, I think the mini-mega-montage is the method, and I’ve been asking students to make them for a few years.

One of my biggest inspirations for assigning students to make YouTube-sourced montages is the fact that musical supercuts are already an ordinary practice, whether we’re talking about the best Nae Nae Vines or, say, all the footage of Elvis doing “Hound Dog” one can find.

In that sense — and I think this is consistent with the technomusicological enterprise — our practice is informed by digital folk culture, if you will, not simply academic theory, and our products are meant to themselves circulate as a form of online art, hopefully to some of the same communities, audiences, and individuals who serve as the subjects of our work.

Beyond that goal, YouTube montages also serve to archive some of this wonderful stuff in an age when we can’t necessarily take its permanence for granted. Along those lines, let me take the opportunity to note that my anxious critique about “Platform Politricks” I posted here five years back, was recently given new life — a new platform even!? — thanks to this recent piece by Ann Powers in which I serve as a sort of protagonist:

The advent of streaming was a game-changer for someone like Marshall, a connoisseur of older and emerging music surviving beyond mainstream. Material that once could only be found through diligent fieldwork — whether that meant connecting directly with far-flung communities or digging like crazy in record store bins or basement library stacks — was now immediately accessible, and framed by lively exchanges that often included the music-makers themselves. Streaming was changing music scholarship, as well as the day-to-day pleasures of any curious listener who could now instantly pursue a new fascination.

All that said — and you should read the rest if you have the time — I’m really writing here to share some stellar mega-montages from this spring’s technomusicology class. Without further ado, allow me to present a few favorites.

In the standout montage this semester (though I may be biased by the number of hours I spent in front of an NES), one student painstakingly assembled a collection of renditions of The Legend of Zelda “Overworld Theme” in 25 different styles! Complete with titles and framed with rare footage, this montage shows a striking, collective “nerduosity” at work in the ongoing social life of this enduring 8-bit earworm — particularly, the remarkable profusion of Brady-Bunch-style multitracked one-man-band freakouts:

Another student decided to plumb the depths of YouTube’s most popular video, “Gangnam Style” (currently at 2.3 billion views). In the process of auditioning 150 spin-offs and ultimately selecting 60 versions of the song/video to mash together, he discovered a fairly amazing thing: together, these “parodies” have 5-6 billion views, outpacing the incredibly popular original. As the student wrote–

Clearly, Gangnam Style created a platform of its own atop the YouTube platform, inspiring videographers the world over to ride the Gangnam wave to YouTube fame. But the viral genius of the video exceeded the easy-to-learn horse dance, as novel as it was. Psy unknowingly created a video framework for portraying style of any kind. Instead of Gangnam Style, it was now London Style, Klingon Style, Farmer Style; Oregon Ducks Style, Skyrim Style, Motorcycle Style, Filipino Style, Gandalf Style, the list goes on. By framing his video with the English word “Style”, Psy triggered a global video meme, powered by a viral platform. Anyone and everyone could use his common platform to spoof their culture or lampoon another.

Here’s 60 of em:

Ok, one more to call attention to, worth your consideration for its conceptual coolness. Another student decided to compose his own video montage of a Red Hot Chili Peppers song from a concert he himself attended by combining the sound-board audio that he purchased at the close of the show with 8 other concertgoers’ hand-held recordings of the performance. I’ll let him do the rest of the framing:

For my etude this week, I chose not to focus necessarily on a “viral” spread. YouTube has encouraged countless amateur recordings; there were several examples shown in class about home videos that became viral, remixed, and spread. But there are also many videos that are uploaded without the intent of going viral: many people simply upload to YouTube so that their videos can be easily shared amongst family members and friends.

I wanted to show a way that this trend, combined with music, would do sort of the opposite of a viral spread: It would actually unite and bring a community of people together. I used to upload my own videos of concerts I attended, until I realized that if I truly wanted to reflect back, there would be tons of other people uploading that same concert. So I began enjoying the concerts in the moment, and finding the recordings later. I have made several online acquaintances from finding videos filmed by complete strangers that were standing next to me, so close that you can hear me singing.

To emulate this in my etude, I gathered various recordings of the same song from the same concert: 8 different people, all unrelated, in the same arena, enjoying the same performance. I chose “Otherside” by the Red Hot Chili Peppers because I had a high quality mp3 recording of that entire night, and Otherside was the only track in the set that was under 5 minutes. I used the mp3 as an anchor for the video: the other clips still play their audio, though considerably muted.

By shifting between the different clips, these 8 strangers come together and produce a fuller view of the same event, sharing their insight and creating a bond. The result almost resembles what the band would sell as a concert dvd, all produced by amateurs with cell phones.

During the draft/workshop/revision stage, we encouraged the student to mix more of the ambient sound from each camera/smartphone into the video in order to give the audio some of the personalized texture of the video clips. The final version is quite the document:

And that’s just a sampling. If you’re looking for more, you can check out others via this playlist —

by wayneandwax at June 23, 2015 06:35 AM

June 22, 2015

Bruce Schneier
History of the First Crypto War

As we're all gearing up to fight the Second Crypto War over governments' demands to be able to back-door any cryptographic system, it pays for us to remember the history of the First Crypto War. The Open Technology Institute has written the story of those years in the mid-1990s.

The act that truly launched the Crypto Wars was the White House's introduction of the "Clipper Chip" in 1993. The Clipper Chip was a state-of-the-art microchip developed by government engineers which could be inserted into consumer hardware telephones, providing the public with strong cryptographic tools without sacrificing the ability of law enforcement and intelligence agencies to access unencrypted versions of those communications. The technology relied on a system of "key escrow," in which a copy of each chip's unique encryption key would be stored by the government. Although White House officials mobilized both political and technical allies in support of the proposal, it faced immediate backlash from technical experts, privacy advocates, and industry leaders, who were concerned about the security and economic impact of the technology in addition to obvious civil liberties concerns. As the battle wore on throughout 1993 and into 1994, leaders from across the political spectrum joined the fray, supported by a broad coalition that opposed the Clipper Chip. When computer scientist Matt Blaze discovered a flaw in the system in May 1994, it proved to be the final death blow: the Clipper Chip was dead.

Nonetheless, the idea that the government could find a palatable way to access the keys to encrypted communications lived on throughout the 1990s. Many policymakers held onto hopes that it was possible to securely implement what they called "software key escrow" to preserve access to phone calls, emails, and other communications and storage applications. Under key escrow schemes, a government-certified third party would keep a "key" to every device. But the government's shift in tactics ultimately proved unsuccessful; the privacy, security, and economic concerns continued to outweigh any potential benefits. By 1997, there was an overwhelming amount of evidence against moving ahead with any key escrow schemes.

The Second Crypto War is going to be harder and nastier, and I am less optimistic that strong cryptography will win in the short term.

by Bruce Schneier at June 22, 2015 10:02 PM

Berkman Center front page
BiblioTech: Why Libraries Matter More Than Ever In An Age of Google


with author John Palfrey


John Palfrey argues that anyone seeking to participate in the 21st century needs to understand how to find and use the vast stores of information available online. Libraries play a crucial role in making these skills and information available — and yet are at risk.

Event Date

Jun 22 2015 6:00pm to Jun 22 2015 6:00pm
Thumbnail Image: 

Monday, June 22, 2015 at 6:00 pm

Co-sponsored by the Harvard Law School Library and the Berkman Center for Internet & Society at Harvard University

John Palfrey will discuss his new book, BiblioTech: Why Libraries Matter More Than Ever In An Age of Google.  He argues that anyone seeking to participate in the 21st century needs to understand how to find and use the vast stores of information available online.  Libraries play a crucial role in making these skills and information available — and yet are at risk. In order to survive our rapidly modernizing world and dwindling government funding, libraries must make the transition to a digital future as soon as possible—by digitizing print material and ensuring that born-digital material is publicly available online, while continuing to play the vital role as public spaces in our democracy that they have for hundreds of years.

About John

John is the Head of School at Phillips Academy, Andover.  He serves as Chair of the Board of Trustees of the Knight Foundation and President of the Board of Directors of the Digital Public Library of America.  He also serves as a director of the Data + Society Research Institute.

John’s research and teaching focus on new media and learning.  He has written extensively on Internet law, intellectual property, and the potential of new technologies to strengthen democracies locally and around the world.  He is the author or co-author of several books, including BiblioTech: Why Libraries Matter More Than Ever in the Age of Google (Basic Books, 2015); Interop: The Promise and Perils of Highly Interconnected Systems (Basic Books, 2012) (with Urs Gasser); Intellectual Property Strategy (MIT Press, 2012); Born Digital: Understanding the First Generation of Digital Natives (Basic Books, 2008) (with Urs Gasser); and Access Denied: The Practice and Politics of Global Internet Filtering (MIT Press, 2008).

John served previously as the Henry N. Ess III Professor of Law and Vice Dean for Library and Information Resources at Harvard Law School.  He is a director of the Berkman Center for Internet & Society, where he was executive director from 2002-2008. John came back to the Harvard Law School from the law firm Ropes & Gray, where he worked on intellectual property, Internet law, and private equity transactions. He also served as a Special Assistant at the U.S. Environmental Protection Agency during the Clinton administration.  He previously served as a venture executive at Highland Capital Partners and on the Board of Directors of the Mass2020 Foundation, the Ames Foundation, and Open Knowledge Commons, among others.  John was a Visiting Professor of Information Law and Policy at the University of St. Gallen in Switzerland for the 2007-2008 academic year.

John graduated from Harvard College, the University of Cambridge, and Harvard Law School.  He was a Rotary Foundation Ambassadorial Scholar to the University of Cambridge and the U.S. EPA Gold Medal (highest national award).

by candersen at June 22, 2015 09:50 PM

Berkman Buzz: June 22, 2015


Patterns in Charleston, preserving the Internet, sourcing the Snowden docs, and more... in this week's Buzz.

Thumbnail Image: 
Patterns in Charleston, preserving the Internet, sourcing the Snowden docs, the role of libraries, and a visit to Comedy Hack Day.
READ: News and commentary from around the community

Seeing patterns in Charleston. "[S]o long as we treat each mass shooting, each black death as an isolated tragedy, there’s nothing we can do," argues Ethan Zuckerman in his piece for The Conversation. "Look for the patterns." 

"My fear is that the Internet has been paved. You can spend an entire lifetime on the Internet and never feel its loam between your toes," writes David Weinberger in this piece for The Atlantic considering the impact of apps and commercial interests on the Internet.

China and Russia almost definitely have the Snowden docs. Did they get them from Snowden? Unlikely, says Berkman fellow Bruce Schneier who writes in Wired that a more likely source is  journalists' computers or the foreign intelligence agencies' own networks.

What's the library's role in the information age? In an interview with Boston Public Radio, Berkman faculty chair Jonathan Zittrain suggests that libraries' lasting advantage may be impartiality, and he 
calls for a redoubling of efforts to keep them in business. 

Is it really hacking if you have a password? In 
her piece for Slate, Berkman fellow Josephine Wolff considers the alleged hack of the Houston Astros' computers by the St. Louis Cardinals, and how we decide who's responsible for breaches.
How Internet Censorship Works
WATCH: How Internet Censorship Works 
from the archives

The Internet is not as free and open as we might think. How do governments, private companies, and service providers limit access and censor information? Find out, this video created by the Berkman Center's class of 2012 summer interns.  
LISTEN: Whose App is it Anyway?

You may be familiar with a typical hack-day or hack-a-thon. Throw a group of developers and creators in a conference room for the weekend, and they'll come up with some amazing app or product to make life better for all of humankind.

Radio Berkman recently stumbled on a hack-a-thon that turns hack-a-thons on their head. Last year a traveling event called Comedy Hack Day visited the MIT Media Lab in Cambridge, Massachusetts. Run by a group called Cultivated Wit, the goal of the hack day is to bring some laughs to the world of tech entrepreneurship.

Listen to the episode

In our orbit

by gweber at June 22, 2015 08:56 PM

Justin Reich
Doing Real History in High School: The Wayland High School History Project
Kevin's Delaney's Wayland High School students publish a biography of one of their town's most interesting residents, Jessica Henderson, a fierce suffragette and political activist from the World War I era.

by Justin Reich at June 22, 2015 04:45 PM

The Memory Palace Joins Radiotopia. (June Is A Great Month.)

memory palace logo

In The Memory Palace, Nate DiMeo breathes new life into little-known corners of history with his finely crafted, minimalist storytelling. He’s been doing this since before most of you even knew what a podcast was.

Many of us here at PRX and Radiotopia are longtime fans of Nate’s show. Radio Diaries just featured their favorite Memory Palace episode.

So we are especially delighted to welcome The Memory Palace to Radiotopia! Today is the launch of the summer season, with “tales of love, heat, and outdoor adventure, the perfect soundtrack for road trips or the beach.” You can subscribe here.

First Song Exploder, and now The Memory Palace… Here in Radiotopia, we’re calling it the June of our dreams.

Now we are thirteen wonderful, varied, and compelling radio shows, banded together to take our craft even further.

99% Invisible
Theory of Everything
Love + Radio
Fugitive Waves
Radio Diaries
The Truth
The Heart
The Allusionist
Song Exploder
The Memory Palace


Premieres on Radiotopia on June 22nd with 10-episode season of summer-themed stories,
followed by 3-city live tour to Seattle, Portland, and Los Angeles

Cambridge, MA (June 22, 2015) – The Memory Palace, the popular, long-running podcast featuring bite-sized, gorgeously produced stories about little-known events and people from the corners of history, today becomes the latest series to join Radiotopia, the podcast network from PRX.

The longtime labor of love from Nate DiMeo, the award-winning public radio producer (Marketplace, NPR), Thurber Prize finalist, and television writer (Parks and Recreation, Astronaut Wives Club), The Memory Palace launches with its first-ever themed season – 10 episodes for the summertime—tales of love, heat, and outdoor adventure, the perfect soundtrack for road trips or the beach.

DiMeo will also take his brand of short, surprising stories from the past – sometimes heartbreaking, sometimes hysterical, often a bit of both – on the road, with a brand-new live performance of storytelling, music, and short films, before live audiences in Seattle (The Vera Project, 8/6), Portland (Mississippi Studios, 8/7) and Los Angeles (The Masonic Temple at Hollywood Forever Cemetery, 9/11).

The Memory Palace was an early entrant to the podcasting world, launching its first episode in 2008. The show has built a large following among fans of great storytelling, expert sound design, and little-known stories from history. The Memory Palace also appears as a segment on NPR’s Weekend Edition.

The addition of The Memory Palace to Radiotopia caps a string of high-profile acquisitions for Radiotopia, including Song Exploder and The Mortified Podcast. It also comes on the heels of a $1 million investment from the John S. and James L. Knight Foundation, enabling the network to continue its expansion with new programs that push the boundaries of storytelling. Radiotopia features five shows among the Top 50 most popular podcasts in the country, including flagship program 99% Invisible, The Memory Palace, Criminal, Song Exploder and The Mortified Podcast.

Radiotopia was launched in February 2014 by PRX, the award-winning public media company, and has quickly become the leader in today’s audio storytelling renaissance by helping independent podcast producers develop sustainable business models and find new ways to engage audiences.

“The Memory Palace’s quirky, fascinating, and well-crafted stories are a natural fit for Radiotopia,” said Jake Shapiro, CEO of PRX. “We are thrilled to bring Nate’s work to an even broader audience.”

Another inventive way The Memory Palace will use live events to connect modern listeners to the past is in an unprecedented gallery-based collaboration with The Metropolitan Museum of Art in the fall of 2015. DiMeo will unveil an episode commissioned by the Museum, accompanied by a live performance of the episode at the Met. Additional details will be announced at a later date.

“The Memory Palace uses artistic elements to bring history to life, giving it a place in people’s busy lives,” said DiMeo. “Our episodes are meant to be played on repeat, because they’re so short – like songs. With our new season, you might be surprised to discover your new summer jam is…a podcast.”

Radiotopia will soon announce the hiring of an executive producer to provide leadership and promote collaboration across and beyond the network. It will also establish a new pilot fund to identify and nurture diverse emerging producers and hosts. PRX has a track record of introducing innovative new programs such as The Moth Radio Hour, Snap Judgment and Michael Ian Black’s How to Be Amazing to millions of listeners across broadcast and digital platforms.

# # #

About PRX
PRX is an award-winning nonprofit public media company, harnessing innovative technology to bring compelling stories to millions of people. operates public radio’s largest distribution marketplace, offering tens of thousands of audio stories for broadcast and digital use, including This American Life, The Moth Radio Hour, Sound Opinions, State of the Re:Union, Snap Judgment, and How to Be Amazing with Michael Ian Black. PRX Remix is PRX’s 24/7 channel featuring the best independent radio stories and new voices. PRX was created through a collaboration of the Station Resource Group and Atlantic Public Media, and receives support from public radio stations and producers, The Corporation for Public Broadcasting, the National Endowment for the Arts, the Ford Foundation, the John D. and Catherine T. MacArthur Foundation, the Wyncote Foundation, and Knight Foundation.

The post The Memory Palace Joins Radiotopia. (June Is A Great Month.) appeared first on PRX.

by Rekha at June 22, 2015 03:18 PM

David Weinberger
Has the Internet been paved? has just posted an article of mine that re-examines the “Argument from Architecture” that has been at the bottom of much of what I’ve written over the past twenty years. That argument says, roughly, that the Internet’s architecture embodies particular values that are inevitably transmitted to its users. (Yes, the article discusses what “inevitably” means in this context.) But has the Net been so paved by Facebook, apps, commercialism, etc., that we don’t experience that architecture any more?

The post Has the Internet been paved? appeared first on Joho the Blog.

by davidw at June 22, 2015 03:17 PM

Bruce Schneier
The Secrecy of the Snowden Documents

Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It's a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden's actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?

I believe the answer is certainly yes, but that it's almost certainly not Snowden's fault.

Snowden has claimed that he gave nothing to China while he was in Hong Kong, and brought nothing to Russia. He has said that he encrypted the documents in such a way that even he no longer has access to them, and that he did this before the US government stranded him in Russia. I have no doubt he did as he said, because A) it's the smart thing to do, and B) it's easy. All he would have had to do was encrypt the file with a long random key, break the encrypted text up into a few parts and mail them to trusted friends around the world, then forget the key. He probably added some security embellishments, but -- regardless -- the first sentence of the Times story simply makes no sense: "Russia and China have cracked the top-secret cache of files..."

But while cryptography is strong, computer security is weak. The vulnerability is not Snowden; it's everyone who has access to the files.

First, the journalists working with the documents. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services.

There is a lot of evidence for this belief. We know from other top-secret NSA documents that as far back as 2008, the agency's Tailored Access Operations group has extraordinary capabilities to hack into and "exfiltrate" data from specific computers, even if those computers are highly secured and not connected to the Internet.

These NSA capabilities are not unique, and it's reasonable to assume both that other countries had similar capabilities in 2008 and that everyone has improved their attack techniques in the seven years since then. Last week, we learned that Israel had successfully hacked a wide variety of networks, including that of a major computer antivirus company. We also learned that China successfully hacked US government personnel databases. And earlier this year, Russia successfully hacked the White House's network. These sorts of stories are now routine.

Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside. After all, the NSA has been a prime target for decades.

Those government hacking examples above were against unclassified networks, but the nation-state techniques we're seeing work against classified and unconnected networks as well. In general, it's far easier to attack a network than it is to defend the same network. This isn't a statement about willpower or budget; it's how computer and network security work today. A former NSA deputy director recently said that if we were to score cyber the way we score soccer, the tally would be 462­456 twenty minutes into the game. In other words, it's all offense and no defense.

In this kind of environment, we simply have to assume that even our classified networks have been penetrated. Remember that Snowden was able to wander through the NSA's networks with impunity, and that the agency had so few controls in place that the only way they can guess what has been taken is to extrapolate based on what has been published. Does anyone believe that Snowden was the first to take advantage of that lax security? I don't.

This is why I find allegations that Snowden was working for the Russians or the Chinese simply laughable. What makes you think those countries waited for Snowden? And why do you think someone working for the Russians or the Chinese would go public with their haul?

I am reminded of a comment made to me in confidence by a US intelligence official. I asked him what he was most worried about, and he replied: "I know how deep we are in our enemies' networks without them having any idea that we're there. I'm worried that our networks are penetrated just as deeply."

Seems like a reasonable worry to me.

The open question is which countries have sophisticated enough cyberespionage operations to mount a successful attack against one of the journalists or against the intelligence agencies themselves. And while I have my own mental list, the truth is that I don't know. But certainly Russia and China are on the list, and it's just as certain they didn't have to wait for Snowden to get access to the files. While it might be politically convenient to blame Snowden because, as the Sunday Times reported an anonymous source saying, "we have now seen our agents and assets being targeted," the NSA and GCHQ should first take a look into their mirrors.

This essay originally appeared on

EDITED TO ADD: I wrote about this essay on Lawfare:

A Twitter user commented: "Surely if agencies accessed computers of people Snowden shared with then is still his fault?"

Yes, that's right. Snowden took the documents out of the well-protected NSA network and shared with people who don't have those levels of computer security. Given what we've seen of the NSA's hacking capabilities, I think the odds are zero that other nations were unable to hack at least one of those journalists' computers. And yes, Snowden has to own that.

The point I make in the article is that those nations didn't have to wait for Snowden. More specifically, GCHQ claims that "we have now seen our agents and assets being targeted." One, agents and assets are not discussed in the Snowden documents. Two, it's two years after Snowden handed those documents to reporters. Whatever is happening, it's unlikely to be related to Snowden.

EDITED TO ADD: Slashdot thread. Hacker News thread.

by Bruce Schneier at June 22, 2015 11:13 AM

June 20, 2015

Positive #VRM signs

First, there’s this tweet by @EvaPascoe, featuring this photo (which I just transformed from a trapezoid to a rectangle):


Then there is this from three analysts at KuppingerCole, which has been covering VRM since giving ProjectVRM an award in 2008.

I’ll also be presenting at  VRM et Données Personnelles (VRM and Personal Data) on Tuesday evening in Paris.(Wish I could be there in person, but I’ll be on a good connection from nine time zones west of there.) VRM has been a happening thing in France for awhile now.

by Doc Searls at June 20, 2015 05:41 PM

June 19, 2015

Bruce Schneier
Friday Squid Blogging: Squid Salad Servers


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at June 19, 2015 09:03 PM

Ethan Zuckerman
Pattern recognition: racism, gun violence and Dylann Roof

When you read about Dylann Roof, the man who killed nine black men and women as they prayed, think about the patterns he represents.

Over the next few days, we’re going to hear about mental illness. We’re going to hear about troubled loners. We’ll hear about a young man’s racist fantasies, so outrageous that he would
celebrate the apartheid regimes of South Africa and Rhodesia. We’ll hear from family, neighbors and high school friends, and the picture that will emerge is of a young man who was strange, disturbed, sick, abnormal. The message will be that the massacre in Charleston was an unpredictable, unavoidable tragedy carried out by an individual madman.

Don’t lose sight of the patterns.

When Dylann Roof shot and killed nine African Americans at a bible study at the Emanuel African Methodist Episcopal Church in Charleston, SC, it was a hate crime. We know, because Roof told the survivors precisely why he had come to this historic church to commit mass murder: “You’re raping our women and taking over the country. You have to go.” It was an act of domestic terrorism. Roof has reportedly told investigators that he wanted to start a race war with his actions. Shooting nine black people as they prayed was a way to terrorize all black people and to destroy the safety and comfort of what should be the safest of spaces.

Attacking black Americans was also part of a pattern.

The United States is a dangerous place to be a black person. Black Americans are twice as likely to die from gun violence than white Americans are. Hispanic and Asian Americans are less likely to die from gun violence than white Americans. Gun violence is a tragedy that disproportionately affects Black Americans.

So is murder. In 2012, blacks represented 13% of the US population and represented 50% of homicide victims. Black men were 8.5 times more likely to be the victim of a homicide than white men. Politicians and commentators – notably Rudy Giuliani – are fond of pointing out that most black men who die of homicide are killed by other black men. That’s true. But it’s also true that most white men are killed by other white men. Most murder – 78% between 1980-2008 – is committed by someone the victim knew well, a family member, friend or other acquaintance. Given high rates of homophily in American society, it’s not surprising that black people know – and kill – black people and white people know – and kill – white people.

What is surprising is how police handle these murders. In New York City, the “clearance rate” for homicides with white victims is 86%. For homicides with black victims, the rate is 45%. In other words, in the majority of homicide cases where the victim is black, the case is unsolved and the murderer remains on the streets. Yes, investigating homicides of black people is often complicated by a culture that discourages cooperation with the police, the result of decades of mistrust between police and the communities they serve. But they are also the result of police decisions about resource allocation, and a culture of underpolicing black neighborhoods, in which police have demonstrated that they’re more likely to harass individuals at random through racial profiling than they are to investigate serious crimes.

And while we’re talking about the police, let’s remember that at least 101 UNARMED black people were killed by law enforcement in 2014. That includes Tamir Rice, Michael Brown, Eric Garner, Akai Gurley and Darrien Hunt, but it includes dozens you probably haven’t heard about, like Justin Griffin, a 25 year old basketball coach who had an argument with a referee – the referee was an off-duty sheriff’s deputy and he and another deputy beat Griffin to death. From 2010-2012, teenage black men were 21 times more likely than teenage white men to be killed by police.

We need to learn to see these patterns, some of us more than others. The pattern of police violence against black lives is much easier to see if you’re personally affected by it than if you’re not a member of a targeted community. In that case, it can be hard to see patterns from single incidents. We read about the death of a black man in police custody and are likely to see it as an isolated incident, unless someone points out the larger pattern of undue force applied by police to black suspects.

Thanks to Alicia Garza, Patrisse Cullors, and Opal Tometi, we have a narrative – #blacklivesmatter – that helps draw connections between Walter Scott’s death at the hands of the police in North Charleston, and the slaughter of nine of Charleston’s finest citizens at the hands of Dylann Roof. As Cullors has explained, #blacklivesmatter is not just about the death of black people at the hands of police or vigilantes: “The media really wants to say ‘This happened in Ferugson, this happened in Baltimore, this happened in New York. Are they the same?’ Yes, they’re the same. Black people are not a monolithic group, but what we are facing is something that’s extreme – and that’s poverty, that’s homelessness, that’s higher rates of joblessness, that’s law enforcement invading our communities day in and day out – and we are uprising.”

Cullors talks about a “Black Spring”, a parallel to the Arab Spring, where black people and their allies start uprising and demanding a more just nation. People who knew Roof tell us that he was obsessed with the protests resulting from the Trayvon Martin and Freddie Gray deaths – a Black Spring is exactly what he appears to have feared the most. Those he killed, notably the Reverend Clementa Pinckney, who as a state senator was a key figure in the fight to bring body cameras to South Carolina police, were precisely the people working to better the lives of the black community – and the community as a whole – in Charleston, SC.

Was Dylann Roof a troubled loner? Yes. But he was also resident of a state where a segregationist flag flies above the State Capitol and can’t be taken down or lowered to half mast without approval by the state assembly. To reach the scene of his crime, he drove on highways named for confederate generals. He lives in a country where black people are disproportionately the victims of official and unofficial violence. Dismissing him as a uniquely sick individual ignores the pattern.

Roof also lives in a nation with a unique and problematic relationship with guns. Reflecting on the murders in Charleston, President Obama pointed out, “At some point, we as a country, will have to reckon with the fact that this type of mass violence does not happen in other advanced countries.” Rates of private gun ownership are higher in the US than anywhere else in the world – it’s twice as high as in Yemen, a conflict-torn nation in the throes of a domestic insurgency.

Our gun murder rate is off the charts in comparison to high-income nations – to find adequate comparisons, we need to look at countries like Iraq and the Democratic Republic of the Congo. Parts of Latin America greatly outpace the US in gun murders per capita, but some of our most dangerous cities for gun violence – New Orleans, Detroit – have as high a rate of gun violence as the world’s most dangerous countries.

Not only were Dylann Roof’s crimes part of a pattern of gun violence that’s near-unique to the US, they are part of a pattern of mass shootings. Mother Jones, tracking shootings by single killers in public places in which four or more people were killed, has identified more than 70 mass shootings in the US since 1982. Like most mass killers, Roof used a handgun, and like the vast majority of mass killers, he obtained his weapon legally.

We have a pattern of mass gun killings in the US, and we have a pattern of doing nothing about them. Two years after the massacre of elementary school students in Newtown, CT, The New York Times has tracked gun laws passed in the year after the Newtown shootings. 39 laws tightened gun restrictions; 70 loosened them. If the pattern continues, South Carolina – a state where you do not need a permit to own any sort of handgun – is more likely to legalize concealed carry without a permit than it is to significant restrictions on handgun ownership.

We didn’t have to wait long to hear the argument that more guns would have saved lives in Charleston. Fox and Friends managed to find a pastor who argued that religious leaders should preach while armed, so that they could defend the flock from attack. NRA Board member Charles Cotton found a way to blame Roof’s crimes on a man he slaughtered, Reverend Pinckney: “he [Rev. Pinckney] voted against concealed-carry. Eight of his church members who might be alive if he had expressly allowed members to carry handguns in church are dead. Innocent people died because of his position on a political issue.”

American resistance to sane gun control laws is based on fantasy. We fantasize that guns will protect us from being victims of crime. They don’t. Gun owners are five times more likely to be shot than non-owners. Women who live in a house containing one or more guns are 3.4 times more likely to be killed than women who live in gun free homes. For each instance someone used a gun to kill in self defense, more than fifty people were killed with guns. We fantasize that we will stop crimes with guns, if only pastors or teachers or any brave civilian were allowed to carry concealed weapons. We’d do well to remember Joe Zamudio, a bystander at the rally where Representative Gabby Giffords was shot, who had a concealed weapon and narrowly missed killing not the gunman, but the man who wrestled the weapon away from the gunman.

These fantasies keep us from seeing the pattern. We live in a country where it’s far too easy for anyone – a disturbed individual, a criminal, or an ordinary untrained citizen – to obtain a gun, and where gun violence is an endemic public health problem. People in other countries think we’re crazy. As the Economist wrote today, “Those who live in America, or visit it, might do best to regard [mass killings] the way one regards air pollution in China: an endemic local health hazard which, for deep-rooted cultural, social, economic and political reasons, the country is incapable of addressing. This may, however, be a bit unfair. China seems to be making progress on pollution.” These fantasies are constructed and marketed by people who don’t want us to see the pattern, people who believe, sincerely or cynically, that America would be a safer place if everyone was armed.

Here’s why patterns matter. So long as we treat each mass shooting, each black death as an isolated tragedy, there’s nothing we can do. We’re the victim of the law of large numbers, the reality that in any large group of people, there are those that will harm others, abuse positions of power, do crazy and horrific things. Every news report that focuses on Roof’s mental state, that tries to unpack the biography that led him to his crimes is a distraction from these patterns. There’s nothing we can do to bring back the lives of the nine people Roof killed. But there’s work we can do to make sure black lives matter. There’s work we can do to help Americans see our neighbors as people, not targets.

If it’s hard to see patterns, it’s really hard to see how they intersect. Kimberle Crenshaw coined the term “intersectionality” to explain how forms of oppression reinforce and compound each other, that understanding the challenges black women face involves considering not just racism and sexism, but the intersections of the two. The killings in Charleston are the product of intersectionality as well, of a society where racial hatred makes it possible for a young man to want to kill black people and where the ready available of weapons makes it possible for him to kill a lot of black people. America’s obsession with guns is a big part of what makes this nation so dangerous for black people. America’s endemic racism is a big part of what makes American buy, own and lobby for guns, to protect ourselves from an “other” that we fear.

Jon Stewart did a wise thing in reacting to the shootings in Charleston – he admitted that there were simply no jokes that could be made. But he also articulated a sense of hopelessness that’s easy to feel, and hard to fight: “I honestly have nothing other than just sadness once again that we have to peer into the abyss of the depraved violence that we do to each other and the nexus of a just gaping racial wound that will not heal, yet we pretend doesn’t exist. And I’m confident, though, that by acknowledging it, by staring into that and seeing it for what it is, we still won’t do jack shit.”

We’ve got to do better than that.

Help people see these patterns. When you talk about Dylann Roof, don’t talk about a sick. sad young man. Talk about the lines that link Charleston to Ferguson and Charleston to Newtown. Rail at the confederate flag flying over South Carolina, but rail at the less obvious ways we disrespect black lives – over-incarceration, underinvestment in education, the disappearance of economic mobility and the rise of economic inequality – that prevent black people in America from having a fair chance. Understand that fighting gun violence is a way to fight racism. Help build a narrative to understand and combat gun violence in America the way that #blacklivesmatter helps us work for a Black Spring.

Mourn, but act. Support the people working at the intersection of these patterns, as the Brady Center is in campaigning against “bad apple” gun dealers, the 5% of dealers responsible for selling guns used in 90% of crimes. Look for new patterns, like the emergence of anti-government “Patriot” groups, heavily armed and often racially motivated, whose actions get far less media attention than protests against police violence.

We can’t bring back the nine people Dylann Roof killed. But we can and we must work to fight the patterns that make these killings possible.

by Ethan at June 19, 2015 08:08 PM

David Weinberger
Spoilers and Time

I remember a 1971 National Lampoon article that gave away the endings of a hundred books and movies. Wikipedia and others think that article might have been the first use of the term “spoiler.” But “SPOILER ALERT” has only become a common signpost because of what the Internet has done to time, and in particular, to simultaneity.

In the old days of one-to-many, broadcast media, the events that shaped culture happened once and usually happened on schedule. So, it would make sense to bring up what was on the news broadcast last night, or to chuckle over that hilarious scene in this week’s Beverly Hillbillies. Now we watch on our own schedules, having common moments mainly around sports events and breaking news — games or tragedies. Perhaps this has contributed to our culture’s addiction to extremes.

We need SPOILER ALERT signposts because we watch when we want but the Net is so huge and unconstrained and cheap that it operates like a push medium — the opposite of why traditional broadcast was a push medium. Trying to avoid finding out what happened on Game of Thrones this week is like trying to avoid getting run over when crossing a highway, except that even seeing the approaching cars counts as getting run over.

Tom and Jerry
Game of Thrones spoiler

This change in temporality shows up in the phrase “real time.” We only distinguish one type of time as “real” because it is no longer the default. The default is asynchronous because that’s how most of our communications occur online. Real time increasingly feels like a deprivation. It requires you to drop what you’re doing to participate or you’re going to lose out. And that feels sub-optimal, or even unfair.

Without the requirement of simultaneity, we are more free to follow our interests. And that turns out to fragment our culture. Or liberate it. Or enrich it. Or all of the above.

The post Spoilers and Time appeared first on Joho the Blog.

by davidw at June 19, 2015 03:17 PM

June 18, 2015

Bruce Schneier
Counterfeit Social Media Accounts

Interesting article on the inner workings of a Facebook account farm, with commentary on fake social media accounts in general.

by Bruce Schneier at June 18, 2015 11:29 AM

June 17, 2015

Bruce Schneier
Hacking Drug Pumps

When you connect hospital drug pumps to the Internet, they're hackable -- only surprising people who aren't paying attention.

Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company "didn't believe it could be done." Hospira insisted there was "separation" between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.

An attacker wouldn't need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet.

"From an architecture standpoint, it looks like these two modules are separated," he says. "But when you open the device up, you can see they're actually connected with a serial cable, and they"re connected in a way that you can actually change the core software on the pump."

An attacker wouldn't need physical access to the pump. The communication modules are connected to hospital networks, which are in turn connected to the Internet. "You can talk to that communication module over the network or over a wireless network," Rios warns.

Hospira knows this, he says, because this is how it delivers firmware updates to its pumps. Yet despite this, he says, the company insists that "the separation makes it so you can't hurt someone. So we're going to develop a proof-of-concept that proves that's not true."

One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.

by Bruce Schneier at June 17, 2015 07:02 PM

David Weinberger
Stylin’ Gmail

I use MailPlane to read my email (via gmail). Having some leisure time I decided to poke around its styling options.

MailPlane’s preferences let you override the default gmail styling with your own CSS. Here are three classes important to the listing of mail in your inbox:


The entire row


The message snippet


Who unread mail is from (other than yourself)

For example:

background-color: #045D9E;
color: yellow;

That will produce this:

Example of styled inbox

Unfortunately, you never know when Google might decide to change these class names or restructure the entire damn thing. On the other hand, you can always just delete the CSS.

The post Stylin’ Gmail appeared first on Joho the Blog.

by davidw at June 17, 2015 04:26 PM

Radio Berkman 219: Whose App Is It Anyway?
Listen:or download | …also in Ogg You may be familiar with a typical hack-day or hack-a-thon. Throw a group of developers and creators in a conference room for the weekend, and they’ll come up with some amazing app or product to make life better for all of humankind. Radio Berkman recently stumbled on a hack-a-thon […]

by Berkman Center for Internet & Society at Harvard Law School ( at June 17, 2015 02:35 PM

Berkman Center front page
Radio Berkman 219: Whose App Is It Anyway?


What do you get when you put together a comedian, a developer, a few laptops and smartphones, and a bunch of energy drinks? The world's most absurd hack-a-thon!

Thumbnail Image: 

You may be familiar with a typical hack-day or hack-a-thon. Throw a group of developers and creators in a conference room for the weekend, and they'll come up with some amazing app or product to make life better for all of humankind.

Radio Berkman recently stumbled on a hack-a-thon that turns hack-a-thons on their head. Last year a traveling event called Comedy Hack Day visited the MIT Media Lab in Cambridge, Massachusetts. Run by a group called Cultivated Wit, the goal of the hack day is to bring some laughs to the world of tech entrepreneurship. Instead of trying to attract millions of dollars in venture capital, they're bringing comedians and developers together to create prank inventions, satirical sites, and smart phone apps to poke fun at our increasingly tech-obsessed world.

Check out all of our Radio Berkman episodes on our Soundcloud.

by djones at June 17, 2015 02:34 PM

Bruce Schneier
Research on The Trade-off Between Free Services and Personal Data

New report: "The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation."

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americas give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that 'data for discounts' is a square deal.

The findings also suggest, in contrast to other academics' claims, that Americans' willingness to provide personal information to marketers cannot be explained by the public's poor knowledge of the ins and outs of digital commerce. In fact, people who know more about ways marketers can use their personal information are more likely rather than less likely to accept discounts in exchange for data when presented with a real-life scenario.

Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data­ -- and that is why many appear to be engaging in tradeoffs. Resignation occurs when a person believes an undesirable outcome is inevitable and feels powerless to stop it. Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened.

By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable. Moreover, the futility we found, combined with a broad public fear about what companies can do with the data, portends serious difficulties not just for individuals but also -- over time -- for the institution of consumer commerce.

Some news articles.

by Bruce Schneier at June 17, 2015 11:44 AM

Justin Reich
A New PK12 Initiative at MIT and a New Role for Me
Announcing a new PK-12 focused initiative at MIT, and a new role for me at MIT.

by Justin Reich at June 17, 2015 03:18 AM

June 16, 2015

Berkman Center front page
The Quantified Self; Newsfeed: Created by you?; Holding Crowds Accountable To The Public; EVE Online and World of Darkness


Microsoft Research PhD Interns Ifeoma Ajunwa, Stacy Blasiola, Nathan Matias, and Aleena Chia present their current research


Join these Microsoft PhD Interns, Ifeoma Ajunwa, Stacy Blasiola, Nathan Matias, and Aleena Chia, as they present their current research at the Berkman Center.

Parent Event

Berkman Luncheon Series

Event Date

Jun 16 2015 12:00pm to Jun 16 2015 12:00pm
Thumbnail Image: 

Tuesday, June 16, 2015 at 12:00 pm

Microsoft Research Interns, Ifeoma Ajunwa, Stacy Blasiola, Nathan Matias, and Aleena Chia present their current research at the Berkman Center:

The Quantified Self

Ifeoma Ajunwa

Ifeoma Ajunwa is a 5th year PhD candidate in Sociology at Columbia University. Recurring themes in her research include inequality, data discrimination and emerging bioethics debates arising from the exploitation of Big Data. Her most recent law review article on genetic data has been accepted for publication by the Harvard Civil Rights-Civil Liberties Law Review and her opinion piece on the same topic was published in the NY Times Room for Debate.

Newsfeed: Created by you? Examining the Discursive Work of Facebook

Stacy Blasiola

Stacy Blasiola is a PhD candidate at the University of Illinois at Chicago and a National Science Foundation IGERT Fellow in Electronic Security and Privacy. Stacy's current research examines the mediating role of algorithms in the distribution of knowledge, the data collection that powers these algorithms, and the privacy considerations of online tracking.

Holding Crowds Accountable To The Public

Nathan Matias

Nathan Matias is a PhD Candidate at the MIT Center for Civic Media/MIT Media Lab, and a Berkman fellow. Nathan designs and researches civic technologies for cooperation and expression. Nathan researches technology for civic cooperation, activism, and expression through action research with communities, data analysis, software design, and field experiments. Most recently, Nathan has been conducting large-scale studies and interventions on the effects of gender bias, online harassment, gratitude, and peer thanks on social media and creative communities like Wikipedia

EVE Online and World of Darkness

Aleena Chia

Aleena Chia is a Ph.D. Candidate in Communication and Culture at Indiana University currently interning at Microsoft Research. Her ethnographic research investigates the affective politics and moral economics of participatory culture, in the context of digital and live-action game worlds. She is a recipient of the Wenner-Gren Dissertation Fieldwork grant and has published work in American Behavioral Scientist


by candersen at June 16, 2015 12:57 PM

Bruce Schneier
Peter Swire on the USA FREEDOM Act

Peter Swire, law professor and one of the members of the President's review group on the NSA, writes about intelligence reform and the USA FREEDOM Act.

by Bruce Schneier at June 16, 2015 11:59 AM

Feeds In This Planet