United Nations accidentally exposed passwords and sensitive information to the whole internet

Curated on Posted on by Stefaan Verhulst

Micah Lee at The Intercept: “The United Nations accidentally published passwords, internal documents, and technical details about websites when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs.

The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have access. Affected data included credentials for a U.N. file server, the video conferencing system at the U.N.’s language school, and a web development environment for the U.N.’s Office for the Coordination of Humanitarian Affairs. Security researcher Kushagra Pathak discovered the accidental leak and notified the U.N. about what he found a little over a month ago. As of today, much of the material appears to have been taken down.

In an online chat, Pathak said he found the sensitive information by running searches on Google. The searches, in turn, produced public Trello pages, some of which contained links to the public Google Docs and Jira pages.

Trello projects are organized into “boards” that contain lists of tasks called “cards.” Boards can be public or private. After finding one public Trello board run by the U.N., Pathak found additional public U.N. boards by using “tricks like by checking if the users of one Trello board are also active on some other boards and so on.” One U.N. Trello board contained links to an issue tracker hosted on Jira, which itself contained even more sensitive information. Pathak also discovered links to documents hosted on Google Docs and Google Drive that were configured to be accessible to anyone who knew their web addresses. Some of these documents contained passwords….Here is just some of the sensitive information that the U.N. accidentally made accessible to anyone who Googled for it:

  • A social media team promoting the U.N.’s “peace and security” efforts published credentials to access a U.N. remote file access, or FTP, server in a Trello card coordinating promotion of the International Day of United Nations Peacekeepers. It is not clear what information was on the server; Pathak said he did not connect to it.
  • The U.N.’s Language and Communication Programme, which offers language courses at U.N. Headquarters in New York City, published credentials for a Google account and a Vimeo account. The program also exposed, on a publicly visible Trello board, credentials for a test environment for a human resources web app. It also made public a Google Docs spreadsheet, linked from a public Trello board, that included a detailed meeting schedule for 2018, along with passwords to remotely access the program’s video conference system to join these meetings.
  • One public Trello board used by the developers of Humanitarian Response and ReliefWeb, both websites run by the U.N.’s Office for the Coordination of Humanitarian Affairs, included sensitive information like internal task lists and meeting notes. One public card from the board had a PDF, marked “for internal use only,” that contained a map of all U.N. buildings in New York City. …(More)”.

Computers Can Solve Your Problem. You May Not Like The Answer

Curated on Posted on by Stefaan Verhulst

David Scharfenberg at the Boston Globe: “Years of research have shown that teenagers need their sleep. Yet high schools often start very early in the morning. Starting them later in Boston would require tinkering with elementary and middle school schedules, too — a Gordian knot of logistics, pulled tight by the weight of inertia, that proved impossible to untangle.

Until the computers came along.

Last year, the Boston Public Schools asked MIT graduate students Sébastien Martin and Arthur Delarue to build an algorithm that could do the enormously complicated work of changing start times at dozens of schools — and rerouting the hundreds of buses that serve them….

The algorithm was poised to put Boston on the leading edge of a digital transformation of government. In New York, officials were using a regression analysis tool to focus fire inspections on the most vulnerable buildings. And in Allegheny County, Pa., computers were churning through thousands of health, welfare, and criminal justice records to help identify children at risk of abuse….

While elected officials tend to legislate by anecdote and oversimplify the choices that voters face, algorithms can chew through huge amounts of complicated information. The hope is that they’ll offer solutions we’ve never imagined ­— much as Google Maps, when you’re stuck in traffic, puts you on an alternate route, down streets you’ve never traveled.

Dataphiles say algorithms may even allow us to filter out the human biases that run through our criminal justice, social service, and education systems. And the MIT algorithm offered a small window into that possibility. The data showed that schools in whiter, better-off sections of Boston were more likely to have the school start times that parents prize most — between 8 and 9 a.m. The mere act of redistributing start times, if aimed at solving the sleep deprivation problem and saving money, could bring some racial equity to the system, too.

Or, the whole thing could turn into a political disaster.

District officials expected some pushback when they released the new school schedule on a Thursday night in December, with plans to implement in the fall of 2018. After all, they’d be messing with the schedules of families all over the city.

But no one anticipated the crush of opposition that followed. Angry parents signed an online petition and filled the school committee chamber, turning the plan into one of the biggest crises of Mayor Marty Walsh’s tenure. The city summarily dropped it. The failure would eventually play a role in the superintendent’s resignation.

It was a sobering moment for a public sector increasingly turning to computer scientists for help in solving nagging policy problems. What had gone wrong? Was it a problem with the machine? Or was it a problem with the people — both the bureaucrats charged with introducing the algorithm to the public, and the public itself?…(More)”

Designing Cognitive Cities

Curated on Posted on by Stefaan Verhulst

Book edited by Edy Portmann, Marco E. Tabacchi, Rudolf Seising and Astrid Habenstein: “This book illustrates various aspects and dimensions of cognitive cities. Following a comprehensive introduction, the first part of the book explores conceptual considerations for the design of cognitive cities, while the second part focuses on concrete applications. The contributions provide an overview of the wide diversity of cognitive city conceptualizations and help readers to better understand why it is important to think about the design of our cities. The book adopts a transdisciplinary approach since the cognitive city concept can only be achieved through cooperation across different academic disciplines (e.g., economics, computer science, mathematics) and between research and practice. More and more people live in a growing number of ever-larger cities. As such, it is important to reflect on how cities need to be designed to provide their inhabitants with the means and resources for a good life. The cognitive city is an emerging, innovative approach to address this need….(More)”.

How Insurance Companies Used Bad Science to Discriminate

Curated on Posted on by Stefaan Verhulst

Jessie Wright-Mendoza at JStor: “After the Civil War, the United States searched for ways to redefine itself. But by the 1880’s, the hopes of Reconstruction had dimmed. Across the United States there was instead a push to formalize and legalize discrimination against African-Americans. The effort to marginalize the first generation of free black Americans infiltrated nearly every aspect of daily life, including the cost of insurance.

Initially, African-Americans could purchase life insurance policies on equal footing with whites. That all changed in 1881. In March of that year Prudential, one of the country’s largest insurers, announced that policies held by black adults would be worth one-third less than the same plans held by whites. Their weekly premiums would remain the same. Benefits for black children didn’t change, but weekly premiums for their policies would rise by five cents.

Prudential defended the decision by pointing out that the black mortality rate was higher than the white mortality rate. Therefore, they explained, claims paid out for black policyholders were a disproportionate amount of all payouts. Most of the major life insurance companies followed suit, making it nearly impossible for African-Americans to gain coverage. Across the industry, companies blocked agents from soliciting African-American customers and denied commission for any policies issued to blacks.

The public largely accepted the statistical explanation for unequal coverage. The insurer’s job was to calculate risk. Race was merely another variable like occupation or geographic location. As one trade publication put it in 1891: “Life insurance companies are not negro-maniacs, they are business institutions…there is no sentiment and there are no politics in it.”

Companies considered race-based risk the same for all African-Americans, whether they were strong or sickly, educated or uneducated, from the country or the city. The “science” behind the risk formula is credited to Prudential statistician Frederick L. Hoffman, whose efforts to prove the genetic inferiority of the black race were used to justify the company’s discriminatory policies….(More)”.

How Smart Should a City Be? Toronto Is Finding Out

Curated on Posted on by Stefaan Verhulst

Laura Bliss at CityLab: “A data-driven “neighborhood of the future” masterminded by a Google corporate sibling, the Quayside project could be a milestone in digital-age city-building. But after a year of scandal in Silicon Valley, questions about privacy and security remain…

Quayside was billed as “the world’s first neighborhood built from the internet up,” according to Sidewalk Labs’ vision plan, which won the RFP to develop this waterfront parcel. The startup’s pitch married “digital infrastructure” with an utopian promise: to make life easier, cheaper, and happier for Torontonians.

Everything from pedestrian traffic and energy use to the fill-height of a public trash bin and the occupancy of an apartment building could be counted, geo-tagged, and put to use by a wifi-connected “digital layer” undergirding the neighborhood’s physical elements. It would sense movement, gather data, and send information back to a centralized map of the neighborhood. “With heightened ability to measure the neighborhood comes better ways to manage it,” stated the winning document. “Sidewalk expects Quayside to become the most measurable community in the world.”

“Smart cities are largely an invention of the private sector—an effort to create a market within government,” Wylie wrote in Canada’s Globe and Mail newspaper in December 2017. “The business opportunities are clear. The risks inherent to residents, less so.” A month later, at a Toronto City Council meeting, Wylie gave a deputation asking officials to “ensure that the data and data infrastructure of this project are the property of the city of Toronto and its residents.”

In this case, the unwary Trojans would be Waterfront Toronto, the nonprofit corporation appointed by three levels of Canadian government to own, manage, and build on the Port Lands, 800 largely undeveloped acres between downtown and Lake Ontario. When Waterfront Toronto gave Sidewalk Labs a green light for Quayside in October, the startup committed $50 million to a one-year consultation, which was recently extended by several months. The plan is to submit a final “Master Innovation and Development Plan” by the end of this year.

That somewhat Orwellian vision of city management had privacy advocates and academics concerned from the the start. Bianca Wylie, the co-founder of the technology advocacy group Tech Reset Canada, has been perhaps the most outspoken of the project’s local critics. For the last year, she’s spoken up at public fora, written pointed op-edsand Medium posts, and warned city officials of what she sees as the “Trojan horse” of smart city marketing: private companies that stride into town promising better urban governance, but are really there to sell software and monetize citizen data.

But there has been no guarantee about who would own the data at the core of its proposal—much of which would ostensibly be gathered in public space. Also unresolved is the question of whether this data could be sold. With little transparency about what that means from the company or its partner, some Torontonians are wondering what Waterfront Toronto—and by extension, the public—is giving away….(More)”.

Keeping Democracy Alive in Cities

Curated on Posted on by Stefaan Verhulst
Myung J. Lee at the Stanford Social Innovation Review:  “It seems everywhere I go these days, people are talking and writing and podcasting about America’s lack of trust—how people don’t trust government and don’t trust each other. President Trump discourages us from trusting anything, especially the media. Even nonprofit organizations, which comprise the heart of civil society, are not exempt: A recent study found that trust in NGOsdropped by nine percent between 2017 and 2018. This fundamental lack of trust is eroding the shared public space where progress and even governance can happen, putting democracy at risk.

How did we get here? Perhaps it’s because Americans have taken our democratic way of life for granted. Perhaps it’s because people’s individual and collective beliefs are more polarized—and more out in the open—than ever before. Perhaps we’ve stopped believing we can solve problems together.

There are, however, opportunities to rebuild and fortify our sense of trust. This is especially true at the local level, where citizens can engage directly with elected leaders, nonprofit organizations, and each other.

As French political scientist Alexis de Tocqueville observed in Democracy in America, “Municipal institutions constitute the strength of free nations. Town meetings are to liberty what primary schools are to science; they bring it within the people’s reach; they teach men how to use and how to enjoy it.” Through town halls and other means, cities are where citizens, elected leaders, and nonprofit organizations can most easily connect and work together to improve their communities.

Research shows that, while trust in government is low everywhere, it is highest in local government. This is likely because people can see that their votes influence issues they care about, and they can directly interact with their mayors and city council members. Unlike with members of Congress, citizens can form real relationships with local leaders through events like “walks with the mayor” and neighborhood cleanups. Some mayors do even more to connect with their constituents. In Detroit, for example, Mayor Michael Duggan meets with residents in their homes to help them solve problems and answer questions in person. Many mayors also join in neighborhood projects. San Jose Mayor Sam Liccardo, for example, participates in a different community cleanup almost every week. Engaged citizens who participate in these activities are more likely to feel that their participation in democratic society is valuable and effective.

The role of nonprofit and community-based organizations, then, is partly to sustain democracy by being the bridge between city governments and citizens, helping them work together to solve concrete problems. It’s hard and important work. Time and again, this kind of relationship- and trust-building through action creates ripple effects that grow over time.

In my work with Cities of Service, which helps mayors and other city leaders effectively engage their citizens to solve problems, I’ve learned that local government works better when it is open to the ideas and talents of citizens. Citizen collaboration can take many forms, including defining and prioritizing problems, generating solutions, and volunteering time, creativity, and expertise to set positive change in motion. Citizens can leverage their own deep expertise about what’s best for their families and communities to deliver better services and solve public problems….(More)”.

Crowdsourcing – a New Paradigm of Organisational Learning of Public Organisation

Curated on Posted on by Stefaan Verhulst

Paper by Regina Lenart-Gansiniec and Łukasz Sułkowski: “Crowdsourcing is one of the new themes that has appeared in the last decade. Considering its potential, more and more organisations reach for it. It is perceived as an innovative method that can be used for problem solving, improving business processes, creating open innovations, building a competitive advantage, and increasing transparency and openness of the organisation. Crowdsourcing is also conceptualised as a source of a knowledge-based organisation. The importance of crowdsourcing for organisational learning is seen as one of the key themes in the latest literature in the field of crowdsourcing. Since 2008, there has been an increase in the interest of public organisations in crowdsourcing and including it in their activities.

This article is a response to the recommendations in the subject literature, which states that crowdsourcing in public organisations is a new and exciting research area. The aim of the article is to present a new paradigm that combines crowdsourcing levels with the levels of learning. The research methodology is based on an analysis of the subject literature and exemplifications of organisations which introduce crowdsourcing. This article presents a cross-sectional study of four Polish municipal offices that use four types of crowdsourcing, according to the division by J. Howe: collective intelligence, crowd creation, crowd voting, and crowdfunding. Semi-structured interviews were conducted with the management personnel of those municipal offices. The research results show that knowledge acquired from the virtual communities allows the public organisation to anticipate changes, expectations, and needs of citizens and to adapt to them. It can therefore be considered that crowdsourcing is a new and rapidly developing organisational learning paradigm….(More)”

Farsighted

Curated on Posted on by Stefaan Verhulst

Book by Steven Johnson: “Big, life-altering decisions matter so much more than the decisions we make every day, and they’re also the most difficult: where to live, whom to marry, what to believe, whether to start a company, how to end a war. There’s no one-size-fits-all approach for addressing these kinds of conundrums.

Steven Johnson’s classic Where Good Ideas Come From inspired creative people all over the world with new ways of thinking about innovation. In Farsighted, he uncovers powerful tools for honing the important skill of complex decision-making. While you can’t model a once-in-a-lifetime choice, you can model the deliberative tactics of expert decision-makers. These experts aren’t just the master strategists running major companies or negotiating high-level diplomacy. They’re the novelists who draw out the complexity of their characters’ inner lives, the city officials who secure long-term water supplies, and the scientists who reckon with future challenges most of us haven’t even imagined. The smartest decision-makers don’t go with their guts. Their success relies on having a future-oriented approach and the ability to consider all their options in a creative, productive way.

Through compelling stories that reveal surprising insights, Johnson explains how we can most effectively approach the choices that can chart the course of a life, an organization, or a civilization. Farsighted will help you imagine your possible futures and appreciate the subtle intelligence of the choices that shaped our broader social history….(More)”.

Making a Smart City a Fairer City: Chicago’s Technologists Address Issues of Privacy, Ethics, and Equity, 2011-2018

Curated on Posted on by Stefaan Verhulst

Case study by Gabriel Kuris and Steven S. Strauss at Innovations for Successful Societies: “In 2011, voters in Chicago elected Rahm Emanuel, a 51-year-old former Chicago congressman, as their new mayor. Emanuel inherited a city on the upswing after years of decline but still marked by high rates of crime and poverty, racial segregation, and public distrust in government. The Emanuel administration hoped to harness the city’s trove of digital data to improve Chicagoans’ health, safety, and quality of life. During the next several years, Chief Data Officer Brett Goldstein and his successor Tom Schenk led innovative uses of city data, ranging from crisis management to the statistical targeting of restaurant inspections and pest extermination. As their teams took on more-sophisticated projects that predicted lead-poisoning risks and Escherichia coli outbreaks and created a citywide network of ambient sensors, the two faced new concerns about normative issues like privacy, ethics, and equity. By 2018, Chicago had won acclaim as a smarter city, but was it a fairer city? This case study discusses some of the approaches the city developed to address those challenges and manage the societal implications of cutting-edge technologies….(More)”.

One of New York City’s most urgent design challenges is invisible

Curated on Posted on by Stefaan Verhulst

Diana Budds at Curbed: “Algorithms are invisible, but they already play a large role in shaping New York City’s built environment, schooling, public resources, and criminal justice system. Earlier this year, the City Council and Mayor Bill de Blasio formed the Automated Decision Systems Task Force, the first of its kind in the country, to analyze how NYC deploys automated systems to ensure fairness, equity, and accountability are upheld.

This week, 20 experts in the field of civil rights and artificial intelligence co-signed a letter to the task force to help influence its official report, which is scheduled to be published in December 2019.

The letter’s recommendations include creating a publicly accessible list of all the automated decision systems in use; consulting with experts before adopting an automated decision system; creating a permanent government body to oversee the procurement and regulation of automated decision systems; and upholding civil liberties in all matters related to automation. This could lay the groundwork for future legislation around automation in the city….Read the full letter here.”