Totting Up the Deaths by This And That in Shakespeare’s Plays | Improbable Research
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner;
Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications; MIT-CSAIL-TR-2015-026; Massachusetts Institute of Technology (MIT); 2015-07-06; 34 pages; landing.
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.
We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.
- Officially Compromised Privacy; Dave Crocker; In CircleID; 2015-11-28.
- 2015 J.D. Falk Award from the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG).
- “Keys Under Doormats 2015 Falk Award: How and Why the Report was Developed”, with Josh Benaloh and clips of seven other authors, including a brief introduction of the award by M3AAWG Chair Michael Adkins and the award presentation by me, Dave Crocke
- “Keys Under Doormats: Tutorial on Content and Issues”, with Josh Benaloh and a brief overview of current M3AAWG Pervasive Monitoring SIG work by SIG Chair Janet Jones
- “Keys Under Doormats: A Conversation on the Report’s Significance and Impact”, with Josh Benaloh and me, Dave Crocker
- Mobile is the new central ecosystem of tech
- Mobile is the internet
- Mobile isn’t about small screens and PCs aren’t about keyboards
Mobile means an ecosystem and that ecosystem will swallow ‘PCs’
It is the ARM ecosystem, not the Wintel ecosystem.
- The future of productivity
- Microsoft’s capitulation
- Apple & Google both won, but it’s complicated
- Search and discovery
- Apps and the web
- Post Netscape, post PageRank, looking for the next run-time
- Messaging as a platform, and a way to get customers.
- The unclear future of Android and the OEM world
- Internet of Things
- TV and the living room
- Finally, we are not our users
- Connie Chen (Z99z); WeChat China Mobile First; In Their Blog; 2015-08-06.
tl;dr → on WeChat, Weixin (微信)
In archaeological order.
- TV, mobile and the living room, 2015-11-24.
- Bay Area problems, 2015-11-15.
- Living in different worlds, 2015-11-08.
- Mobile, ecosystems and the death of PCs, 2015-11-07.
- Mobile is not a neutral platform, 2015-09-26.
- Platforms, distribution and audience, 2015-09-14.
- Forget about the mobile internet, 2015-09-01.
- Podcast: ways to think about cars, 2015-08-25.
- What would you miss?, 2015-08-10.
- How is the Apple Watch doing?, 2015-08-02.
- Ways to think about cars, 2015-07-27.
- Google Now, Maps and Apple Music, 2015-07-16.
- Microsoft, capitulation and the end of Windows Everywhere, 2015-07-08.
- Search, discovery and marketing, 2015-06-24.
- Office, messaging and verbs, 2015-05-21.
- Mobile first, 2015-05-14.
- Apps versus the web, 2015-05-14.
- The smartphone is the new sun, 2015-05-13.
- What does Google need in mobile?, 2015-04-14.
- Podcast: messaging and mobile platforms , 2015-04-03.
- Messaging and mobile platforms, 2015-03-24.
- Android taxonomies, 2015-03-15.
- Why is Apple making a gold watch?, 2015-03-12.
- Podcast: Slack, 2015-02-11.
- In search of objects, 2015-02-07.
- Why do we care about Xiaomi?, 2015-01-18.
- WhatsApp sails past SMS, but where does messaging go next?, 2015-01-11.
- Resetting the score, 2015-01-11.
- The home and the mobile supply chain, 2015-01-11.
- How many people care about Google Services?, 2014-12-03.
- The industrial internet, 2014-10-14.
- How many ecosystems?, 2014-10-14.
- Ways to think about watches, 2014-09-15.
- App unbundling, search and discovery , 2014-08-01.
- Amazon and Android forks, 2014-06-21.
- The internet of things, 2014-05-26.
- Notes on TV, 2014-03-27.
- Tablets, PCs and Office, 2014-02-26.
- Ecosystem Maths, 2014-01-28.
tl;dr → A conference report. The dissidents met, ate, drank, talked (in the argot of the times: they shared, networked, bonded). A good time was had by all.
Platform Cooperativism: The Internet, Ownership, Democracy; a conference; The New School; 2015-11-13 & 2015-11-14.
Some lenders are judging you on much more than finances; James Rufus Koren; In The Los Angeles Times (LAT); 2015-12-10.
tl;dr → alternative scoring products, propensity scoring, (not-)credit reports.
For color, background & verisimilitude
- Douglas Merrill, founder and chief executive, ZestFinance
- Asim Khwaja, professor of international finance and development, Kennedy School, Harvard University.
- Chi Chi Wu, attorney, National Consumer Law Center.
- Teresa Jackson, vice president of credit, Social Fiance (SoFi).
- Alfonso Brigham, exemplar; customer of Social Fiance (SoFi).
- Phil Marleau, CEO, IOU Financial.
- Eric Haller, executive vice president, Experian Data Labs.
- Basix, a lender
- a holding company
- Hollywood, CA
- owns & operates Basix
- Douglas Merrill, founder and chief executive
- “All data is credit data”
- JD.com, CN
- <quote>ZestFinance collects thousands of pieces of consumer information — some submitted in an online application, some obtained from data brokers — and runs them through algorithms that judge how likely it is a borrower will repay.</quote>
- Douglas Merrill
- founder and chief executive, ZestFinance
- ex-Google, role unspecified.
- ex-Rand Corp, a research role.
Social Finance (SoFi)
- Social Finance (SoFi)
- San Francisco, CA
- a lender (a loan broker?)
- founded 2011
- 4 co-founders
backgrounds in finance, software and business consulting.
- Teresa Jackson, vice president of credit, SoFi.
- $1B (with a ‘b’)
- “including” SoftBank
- does not monitor social media
- Alfonso Brigham
- bachelor’s degree, business administration, USC 2005.
- has a job
- acquired for a mortgage
- $711,000 loan
- one-bedroom condo in Nob Hill, San Francisco
- Alfonso Brigham
- IOU Financial
- Montreal, CA
- publicly traded (where?)
- online (only?)
- a lender (a loan broker?)
- monitor social media
- count & correlate bad reviews
- Phil Marleau, CEO
- Experian Data Labs, “a research unit”
- San Diego, CA
- Eric Haller, executive vice president, Experian Data Labs
- monitor social media
- <quote>The firm’s data scientists took business credit information and combined it with information from Twitter, Facebook, Yelp and others. Based on that analysis, the firm is working on a credit-scoring system that could be based solely on social media information.</quote>
EPIC Urges FTC to Protect Consumers Amid Surge in Cross-Device Tracking; press release; Electronic Privacy Information Center (EPIC); 2015-12-17.
For regulatory oversight by the FTC
- limit “cross-device tracking”
- limit linking <quote>what a person types on their phone with what they see on their laptop or television</quote>
- investigate device tracking practices; construe them as deceptive practices.
- prohibit the cross-device tracking of minors, construe COPPA to cover.
The signatories of the Electronic Privacy Information Center (EPIC):
- Marc Rotenberg, Executive Director
- Khaliah Barnes, Associate Director, Administrative Law Counsel
EPIC is active:
- Online Tracking and Behavioral Profiling, a white paper; undated.
- In re Google Buzz
Recitation of actions against against Google
- Complaint, Request for Investigation and Other Relief; Submitted by EPIC, to the Federal Trade Commission (FTC); Pertaining to Samsung Electronics Co. Ltd; 2015-02-24; 20 pages.
tl;dr → “always on” devices with audio recording capability <quote>Samsung routinely intercepts and records the private communications of consumers in their homes.</quote>
Recitation of actions against Uber.
- In re: Facebook (Psychological Study)
Recitation of actions against Facebook pertaining to content personalization (experimentation on consumers).
- FTC Policy Statement on Deception; letter from the Federal Trade Commission (FTC); to Representative John D Dingell, as Chairman of the Committee on Energy and Commerce of the United States House of Representatives; 1983-10-14, 15 pages.
tl;dr → definition of the category of deceptive practices.
- A Marketer’s Guide To Cross-Device Identity; Allison Schiff; In Ad Exchanger; 2015-04-09.
- Cross-Device Tracking; a workshop; Federal Trade Commission (FTC); 2015-11-16; previously filled, announcement noted.
- FTC Announces Final Agenda, Panelists for 2015-11-16 Cross-Device Tracking Workshop; press release; Federal Trade Commission (FTC); 2015-11-03.
Matthew Green; A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor; In His Blog; 2015-12-22.
tl;dr → Google runs APIs & services, specifically the (Cloud) Messaging API; Facebook must build their business within the constraints of that platform.
Hook: <quote>A series of discussions between Google and Facebook took place over the course of this summer, and Facebook walked away from them a little shaky. </quote>
- Google APIs
- are a choke point
- are a meterable point
- has tiers of messaging & message platooning (batching)
- ostensibly for battery savings
- forces Androids to use Google Cloud Messaging
- the most expensive tier for everything it sends.
- is a proxy for any long-haul network operator
- could charge.
- could “zero rate”
- Google Replacement Suite
Facebook abandoned the concept
- <quote>Once you start using someone else’s service as your platform, you become subject to their rules and changes. If you become rivals, this gives the hosting party a massive upper hand. The only way to completely escape this dynamic is to create a competitive analogue platform of your own.</quote>
- Google Chrome is Google’s attempt to free itself from control by Microsoft Internet Explorer.
The CIA Secret to Cybersecurity That No One Seems to Get; Mike Gault; In Wired; 2015-12-20.
tl;dr → linkbait; (confidentiality, integrity, availability); attributed to “The CIA” but without citation.
- Public Key Infrastructure (PKI)
- “encrypt everything”, attributed to the Electronic Frontier Foundation (EFF)
- Merkle hash trees, In Jimi Wales Wiki.
- Scalable Provable Data Possession (SPDP)
- Dynamic Provable Data Possession (DPDP)
- Quotes from public figures thrown in for color, background & verisimilitude
- Eckersley (EFF); Launching in 2015: A Certificate Authority to Encrypt the Entire Web; In Their Blog; 2014-11-18.
tl;dr → Announcement: Let’s Encrypt, a new certificate authority (CA).
- Merkle Hash Trees, In Jimi Wales Wiki.
- Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, Gene Tsudik; Scalable and Efficient Provable Data Possession; draft; 2008; 11 pages.
tl;dr → in the area of Provable Data Possession (PDP), outsourced data [in the cloud], supporting block modification, deletion and append.
- Chris Erway, Alptekin Küpçü, Charalampos Papamanthou, Roberto Tamassia; Dynamic Provable Data Possession; draft; 2009-11-29; 22 pages.
tl;dr → in the area of Provable Data Possession (PDP), outsourced data [in the cloud], extends it to updates as Dynamic Provable Data Possession (DPDP)