A Vulnerable System: The History of Information Security in the Computer Age

Curated on Posted on by Stefaan Verhulst

Book by Andrew J. Stewart: As threats to the security of information pervade the fabric of everyday life, A Vulnerable System describes how, even as the demand for information security increases, the needs of society are not being met. The result is that the confidentiality of our personal data, the integrity of our elections, and the stability of foreign relations between countries are increasingly at risk.

Andrew J. Stewart convincingly shows that emergency software patches and new security products cannot provide the solution to threats such as computer hacking, viruses, software vulnerabilities, and electronic spying. Profound underlying structural problems must first be understood, confronted, and then addressed.

A Vulnerable System delivers a long view of the history of information security, beginning with the creation of the first digital computers during the Cold War. From the key institutions of the so-called military industrial complex in the 1950s to Silicon Valley start-ups in the 2020s, the relentless pursuit of new technologies has come at great cost. The absence of knowledge regarding the history of information security has caused the lessons of the past to be forsaken for the novelty of the present, and has led us to be collectively unable to meet the needs of the current day. From the very beginning of the information age, claims of secure systems have been crushed by practical reality.

The myriad risks to technology, Stewart reveals, cannot be addressed without first understanding how we arrived at this moment. A Vulnerable System is an enlightening and sobering history of a topic that affects crucial aspects of our lives….(More)”.

Afghan people face an impossible choice over their digital footprint

Curated on Posted on by Stefaan Verhulst

Nighat Dad at New Scientist: “The swift progress of the Taliban in Afghanistan has been truly shocking…Though the Taliban spokesperson Zabihullah Mujahid told the press conference that it wouldn’t be seeking “revenge” against people who had opposed them, many Afghan people are understandably still worried. On top of this, they — including those who worked with Western forces and international NGOs, as well as foreign journalists — have been unable to leave the country, as flight capacity has been taken over by Western countries evacuating their citizens.

As such, people have been attempting to move quickly to erase their digital footprints, built up during the 20 years of the previous US-backed governments. Some Afghan activists have been reaching out to me directly to help them put in place robust mobile security and asking how to trigger a mass deletion of their data.

The last time the Taliban was in power, social media barely existed and smartphones had yet to take off. Now, around 4 million people in Afghanistan regularly use social media. Yet, despite the huge rise of digital technologies, a comparative rise in digital security hasn’t happened.

There are few digital security resources that are suitable for people in Afghanistan to use. The leading guide on how to properly delete your digital history by Human Rights First is a brilliant place to start. But unfortunately it is only available in English and unofficially in Farsi. There are also some other guides available in Farsi thanks to the thriving community of tech enthusiasts who have been working for human rights activists living in Iran for years.

However, many of these guides will still be unintelligible for those in Afghanistan who speak Dari or Pashto, for example…

People in Afghanistan who worked with Western forces also face an impossible choice as countries where they might seek asylum often require digital proof of their collaboration. Keep this evidence and they risk persecution from the Taliban, delete it and they may find their only way out no longer available.

Millions of people’s lives will now be vastly different due to the regime change. Digital security feels like one thing that could have been sorted out in advance. We are yet to see exactly how Taliban 2.0 will be different to that which went before. And while the so-called War on Terror appears to be over, I fear a digital terror offensive may just be beginning…(More).

“We do not feel safe”: A Kabul-based crisis alert app struggles to protect its own employees

Curated on Posted on by Stefaan Verhulst

Q and A with Sara Wahedi by Hajira Maryam: “Ehtesab, a Kabul-based startup, emerged out of a personal security-related incident that Sara Wahedi, a former Afghan government employee, experienced in May 2018. After witnessing a suicide bomb attack firsthand, Wahedi rushed home, where she could see militants roaming the streets from her balcony. The city was put on lockdown for 12 hours and left without electricity. No one, Wahedi said, knew when the electricity would be restored or when roads would be cleared. The authorities were of little help. 

“Since that moment, I kept pondering about the idea of accountability and information provision. I jotted down a few words in different languages for accountability, namely Dari and Pashto. That was the moment the term Ehtesab came to my mind.” 

Ehtesab means “accountability” in Dari and Pashto, and the app, formally launched in March 2020, offers streamlined security-related information, including general security updates in Kabul to its users. With real-time, crowdsourced alerts, users across the city can track bomb blasts, roadblocks, electricity outages, or other problems in locations close to them. The app, which generates push notifications about nearby security risks, is supported by 20 employees working out of the company’s Kabul office, according to Wahedi. 

Despite the company’s single-minded focus on security, the Ehtesab team was caught off-guard by the sudden collapse of the Afghan government over the weekend. “It was inevitable that there would be a significant shift in governance … but we weren’t expecting the Taliban to come in within the first eight hours of the day,” Wahedi said….(More)”.

Real-Time Incident Data Could Change Road Safety Forever

Curated on Posted on by Stefaan Verhulst

Skip Descant at GovTech: “Data collected from connected vehicles can offer near real-time insights into highway safety problem areas, identifying near-misses, troublesome intersections and other roadway dangers.

New research from Michigan State University and Ford Mobility, which tracked driving incidents on Ford vehicles outfitted with connected vehicle technology, points to a future of greatly expanded understanding of roadway events, far beyond simply reading crash data.

“Connected vehicle data allows us to know what’s happening now. And that’s a huge thing. And I think that’s where a lot of the potential is, to allow us to actively monitor the roadways,” said Meredith Nelson, connected and automated vehicles analyst with the Michigan Department of Transportation.

The research looked at data collected from Ford vehicles in the Detroit metro region equipped with connected vehicle technology from January 2020 to June 2020, drawing on data collected by Ford’s Safety Insights platform in partnership with StreetLight Data. The data offers insights into near-miss events like hard braking, hard acceleration and hard corners. In 2020 alone, Ford has measured more than a half-billion events from tens of millions of trips.

Traditionally, researchers relied on police-reported crash data, which had its drawbacks, in part, because of the delay in reporting, said Peter Savolainen, an engineering professor in the Department of Civil and Environmental Engineering at Michigan State University, with a research focus looking at road user behavior….(More)”.

Sovereignty and Data Localization

Curated on Posted on by Stefaan Verhulst

Paper by Emily Wu: “Data localization policies impose obligations on businesses to store and process data locally, rather than in servers located overseas. The adoption of data localization laws has been increasing, driven by the fear that a nation’s sovereignty will be threatened by their inability to exert full control over data stored outside their borders. This is particularly relevant to the US given its dominance in many areas of the digital ecosystem including artificial intelligence and cloud computing.

Unfortunately, data localization policies are causing more harm than good. They are ineffective at improving security, do little to simplify the regulatory landscape, and are causing economic harms to the markets where they are imposed. In order to move away from these policies, the fear of sovereignty dilution must be addressed by alternative means. This will be achieved most effectively by focusing on both technical concerns and value concerns.

To address technical concerns, the US should:

1. Enact a federal national privacy law to reduce the fears that foreign nations have about the power of US tech companies.

2. Mandate privacy and security frameworks by industry to demonstrate the importance that US industry places on privacy and security, recognizing it as fundamental to their business success.

3. Increase investment in cybersecurity to ensure that in a competitive market, the US has the best offering in both customer experience and security assurance

4. Expand multi-lateral agreements under CLOUD Act to help alleviate the concerns that data stored by US companies will be inaccessible to foreign governments in relevant to a criminal investigation…(More)”

The real-life plan to use novels to predict the next war

Curated on Posted on by Stefaan Verhulst

Philip Oltermann at The Guardian: “…The name of the initiative was Project Cassandra: for the next two years, university researchers would use their expertise to help the German defence ministry predict the future.

The academics weren’t AI specialists, or scientists, or political analysts. Instead, the people the colonels had sought out in a stuffy top-floor room were a small team of literary scholars led by Jürgen Wertheimer, a professor of comparative literature with wild curls and a penchant for black roll-necks….

But Wertheimer says great writers have a “sensory talent”. Literature, he reasons, has a tendency to channel social trends, moods and especially conflicts that politicians prefer to remain undiscussed until they break out into the open.

“Writers represent reality in such a way that their readers can instantly visualise a world and recognise themselves inside it. They operate on a plane that is both objective and subjective, creating inventories of the emotional interiors of individual lives throughout history.”…

In its bid for further government funding, Wertheimer’s team was up against Berlin’s Fraunhofer Institute, Europe’s largest organisation for applied research and development services, which had been asked to run the same pilot project with a data-led approach. Cassandra was simply better, says the defence ministry official, who asked to remain anonymous.

“Predicting a conflict a year, or a year and a half in advance, that’s something our systems were already capable of. Cassandra promised to register disturbances five to seven years in advance – that was something new.”

The German defence ministry decided to extend Project Cassandra’s funding by two years. It wanted Wertheimer’s team to develop a method for converting literary insights into hard facts that could be used by military strategists or operatives: “emotional maps” of crisis regions, especially in Africa and the Middle East, that measured “the rise of violent language in chronological order”….(More)

Facial Recognition Technology: Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks

Curated on Posted on by Stefaan Verhulst

Report by the U.S. Government Accountability Office: “GAO surveyed 42 federal agencies that employ law enforcement officers about their use of facial recognition technology. Twenty reported owning systems with facial recognition technology or using systems owned by other entities, such as other federal, state, local, and non-government entities (see figure).

Ownership and Use of Facial Recognition Technology Reported by Federal Agencies that Employ Law Enforcement Officers

HLP_5 - 103705

Note: For more details, see figure 2 in GAO-21-518.

Agencies reported using the technology to support several activities (e.g., criminal investigations) and in response to COVID-19 (e.g., verify an individual’s identity remotely). Six agencies reported using the technology on images of the unrest, riots, or protests following the death of George Floyd in May 2020. Three agencies reported using it on images of the events at the U.S. Capitol on January 6, 2021. Agencies said the searches used images of suspected criminal activity.

All fourteen agencies that reported using the technology to support criminal investigations also reported using systems owned by non-federal entities. However, only one has awareness of what non-federal systems are used by employees. By having a mechanism to track what non-federal systems are used by employees and assessing related risks (e.g., privacy and accuracy-related risks), agencies can better mitigate risks to themselves and the public….GAO is making two recommendations to each of 13 federal agencies to implement a mechanism to track what non-federal systems are used by employees, and assess the risks of using these systems. Twelve agencies concurred with both recommendations. U.S. Postal Service concurred with one and partially concurred with the other. GAO continues to believe the recommendation is valid, as described in the report….(More)”.

Spies Like Us: The Promise and Peril of Crowdsourced Intelligence

Curated on Posted on by Stefaan Verhulst

Book Review by Amy Zegart of “We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News” by Eliot Higgins: “On January 6, throngs of supporters of U.S. President Donald Trump rampaged through the U.S. Capitol in an attempt to derail Congress’s certification of the 2020 presidential election results. The mob threatened lawmakers, destroyed property, and injured more than 100 police officers; five people, including one officer, died in circumstances surrounding the assault. It was the first attack on the Capitol since the War of 1812 and the first violent transfer of presidential power in American history.

Only a handful of the rioters were arrested immediately. Most simply left the Capitol complex and disappeared into the streets of Washington. But they did not get away for long. It turns out that the insurrectionists were fond of taking selfies. Many of them posted photos and videos documenting their role in the assault on Facebook, Instagram, Parler, and other social media platforms. Some even earned money live-streaming the event and chatting with extremist fans on a site called DLive. 

Amateur sleuths immediately took to Twitter, self-organizing to help law enforcement agencies identify and charge the rioters. Their investigation was impromptu, not orchestrated, and open to anyone, not just experts. Participants didn’t need a badge or a security clearance—just an Internet connection….(More)”.

A growing problem of ‘deepfake geography’: How AI falsifies satellite images

Curated on Posted on by Stefaan Verhulst

Kim Eckart at UW News: “A fire in Central Park seems to appear as a smoke plume and a line of flames in a satellite image. Colorful lights on Diwali night in India, seen from space, seem to show widespread fireworks activity.

Both images exemplify what a new University of Washington-led study calls “location spoofing.” The photos — created by different people, for different purposes — are fake but look like genuine images of real places. And with the more sophisticated AI technologies available today, researchers warn that such “deepfake geography” could become a growing problem.

So, using satellite photos of three cities and drawing upon methods used to manipulate video and audio files, a team of researchers set out to identify new ways of detecting fake satellite photos, warn of the dangers of falsified geospatial data and call for a system of geographic fact-checking.

“This isn’t just Photoshopping things. It’s making data look uncannily realistic,” said Bo Zhao, assistant professor of geography at the UW and lead author of the study, which published April 21 in the journal Cartography and Geographic Information Science. “The techniques are already there. We’re just trying to expose the possibility of using the same techniques, and of the need to develop a coping strategy for it.”

As Zhao and his co-authors point out, fake locations and other inaccuracies have been part of mapmaking since ancient times. That’s due in part to the very nature of translating real-life locations to map form, as no map can capture a place exactly as it is. But some inaccuracies in maps are spoofs created by the mapmakers. The term “paper towns” describes discreetly placed fake cities, mountains, rivers or other features on a map to prevent copyright infringement. On the more lighthearted end of the spectrum, an official Michigan Department of Transportation highway map in the 1970s included the fictional cities of “Beatosu and “Goblu,” a play on “Beat OSU” and “Go Blue,” because the then-head of the department wanted to give a shoutout to his alma mater while protecting the copyright of the map….(More)”.

The Ease of Tracking Mobile Phones of U.S. Soldiers in Hot Spots

Curated on Posted on by Stefaan Verhulst

Byron Tau at the Wall Street Journal: “In 2016, a U.S. defense contractor named PlanetRisk Inc. was working on a software prototype when its employees discovered they could track U.S. military operations through the data generated by the apps on the mobile phones of American soldiers.

At the time, the company was using location data drawn from apps such as weather, games and dating services to build a surveillance tool that could monitor the travel of refugees from Syria to Europe and the U.S., according to interviews with former employees. The company’s goal was to sell the tool to U.S. counterterrorism and intelligence officials.

But buried in the data was evidence of sensitive U.S. military operations by American special-operations forces in Syria. The company’s analysts could see phones that had come from military facilities in the U.S., traveled through countries like Canada or Turkey and were clustered at the abandoned Lafarge Cement Factory in northern Syria, a staging area at the time for U.S. special-operations and allied forces.

The discovery was an early look at what today has become a significant challenge for the U.S. armed forces: how to protect service members, intelligence officers and security personnel in an age where highly revealing commercial data being generated by mobile phones and other digital services is bought and sold in bulk, and available for purchase by America’s adversaries….(More)“.