Glider from the game of Life, rising from the left




Archive for June 2018

New Extensions of Surveillance as a Business Model


*ratchet click*

“A Chinese-Style Digital Dystopia Isn't As Far Away As We Think”
Matt Stoller, Buzzfeed, June 27, 2018

We accept price discrimination all the time; going to the movies and getting a senior discount is price discrimination. But in that case, the decision of how to discriminate is done by class; it is publicly posted; and everyone accepts that, in this case, seniors get a discount. It is a public decision to discriminate.

Discriminating on an individual level is different and allows for powerful exploitation and manipulation of the citizen. In areas with first-degree price discrimination, like car insurance or credit cards, there are often gender- or race-based pricing choices. With increasing datafication of society, we can see this increasingly organized to the level of the individual.

An airline could, for instance, analyze your email for the words “death in the family” and “travel,” look at your credit limit, and then offer you a price based on this information. Or imagine a group of companies putting together a common list of troublemakers, perhaps negative online reviewers or commenters or consumers who frequently return items. All of a sudden, for no obvious reason, someone who returns an item to one store might find that prices on a host of socially [essential] goods have [gone] up.

Corporations generally deny they do anything like this or even that they can. But …

We are now in a totally unregulated world of lawless web giants who operate as the core infrastructure for our society. They can use their data and power to discriminate and exploit, and the strategy now for companies like AT&T is to emulate them, or die. And the deep links that intelligence agencies have with these giants suggest that this power can, with a flip of a few switches, be easily weaponized by the state.

#capitalism #decline-and-fall #ratchet-click #surveillance

An Uninterrupted Chain of FISA Violations


In its surveillance of American citizens, the National Security Agency is supposed to be constrained by the Foreign Intelligence Surveillance Act, which specifies exactly which violations of the Fourth Amendment are notionally permitted and which ones are doubly and explicitly prohibited by Congress.

The NSA, being above the law, ignores all such constraints whenever it is convenient for them to do so. But the Foreign Intelligence Surveillance Act stipulates that the NSA is subject to a feeble kind of judicial oversight and review, by a body called the Foreign Intelligence Surveillance Court, which has managed to detect a few of the NSA's numerous modes of violation and issued carefully phrased reprimands.

This article attempts to enumerate the known violations and points out that, taken together, they demonstrate that the NSA operated illegally from 2004 through 2018, without interruption.

“NSA — Continually Violating FISA Since 2004”
Marcy Wheeler, emptywheel, June 28, 2018

#National-Security-Agency #Foreign-Intelligence-Surveillance-Act #Fourth-Amendment

How Design Nudges Users towards Consenting to Intrusive Surveillance


It's the familiar repertoire of malpractices: “opt-in” default settings; hidden settings, sometimes buried under layers of submenus; deceptive framing; unclear, incomplete, ambiguous, or deceptive wording of options; coupling choices with rewards (such as extra services and features) or punishments (such as threats of service constraints or loss of functionality); forced action; time pressure; wordy multipage advisories; lying.

“Deceived by Design: How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy”
Forbrukerrådet, June 27, 2018

#privacy #interface-design #software-development

The Internet of Things Enables Domestic Abusers



“Thermostats, Locks and Lights: Tools of Domestic Abuse”
Nellie Bowles, The New York Times, June 23, 2018

Abusers — using apps on their smartphones, which are connected to the internet-enabled devices — would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

For victims and emergency responders, the experiences were often aggravated by a lack of knowledge about how smart technology works, how much power the other person has over the devices, how to legally deal with the behavior and how to make it stop. …

Those at help lines said more people were calling in the last 12 months about losing control of Wi-Fi-enabled doors, speakers, thermostats, lights and cameras. Lawyers also said they were wrangling with how to add language to restraining orders to cover smart home technology. …

Legal recourse may be limited. Abusers have learned to use smart home technology to further their power and control in ways that often fall outside existing criminal laws.

There are also great possibilities here for landlords and managers of residential-care facilities to drive out tenants/residents who complain too much or fall behind in the rent.

#Internet-of-Things #home-surveillance #domestic-abuse

University Surveillance Office Distributes Echos


“Alexa, When's My Next Class? This University Is Giving Out Amazon Echo Dots”
Elizabeth Weise, USA Today, June 20, 2018

Starting this fall, some students at Northeastern University in Boston will be given the option of getting an Echo Dot smart speaker linked to their university accounts. They'll be able to ask Amazon's Alexa what time their classes are, how much money's left on their food card and even how much they own the bursar's office.

The program gives students instant access to information they would have to call or go online for, as well as taking pressure off the school's offices. It also makes Amazon's digital assistant a go-to source for a generation who will inhabit a world in which talking to computers is commonplace and who will soon have paychecks to spend.

At the same time, it raises questions about security and privacy for young adults living in close quarters, often on their own for the first time. …

Alexa can't differentiate between different people's voices, so a prying roommate could be an issue, said Paul Bischoff, a privacy advocate with, a security and privacy review site.

“There's also the problem of third parties simply overhearing otherwise private information spoken aloud by Alexa,” he said.

Not to mention the problem of Alexa “simply overhearing” otherwise private information spoken aloud by anyone within microphone range …

#surveillance #Amazon-Echo #privacy #schools

YouTube-Enforced Monetization


The Blender Foundation, which supports the development, distribution, and use of free and open-source 3D animation tools, has maintained a YouTube channel since 2008, to exhibit some of its users' achievements and to provide educational videos and recordings of conference talks.

In keeping with the Foundation's non-profit status and its interest in promoting works that are available under free licenses, this YouTube channel is ad-free. The Blender Foundation has not tried to monetize it in any way, despite its popularity (or perhaps because of the popularity it enjoys because it is ad-free).

Now Google is insisting that the channel run ads and sign up with its payment scheme. Since the Blender Foundation has refused, YouTube has now blocked the channel and cut off access to all of the content.

“YouTube Blocks Blender Videos Worldwide”
Francesco Siddi and Ton Roosendaal, Blender Foundation, June 19, 2018

#YouTube #Google #capitalism

Elective Wars of Aggression in Cyberspace


The Department of Defense has decided to step up its attacks on computers and networks in other countries.

“Pentagon Puts Cyberwarriors on the Offensive, Increasing the Risk of Conflict”
David E. Sanger, The New York Times, June 17, 2018

The Pentagon has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups. …

The new strategy envisions constant, disruptive “short of war” activities in foreign computer networks.

Sanger tries to characterize this move as a shift in strategy from a “defensive posture” to one in which we are constantly attacking the networked devices of our notional enemies. This isn't quite accurate. There are currently no adequate tools and methods for “defending the nation against cyberattacks,” and the Department of Defense has systematically opposed the deployment of the tools and methods that are available (for example, civilian use of end-to-end encryption). So the posture of the Department of Defense has never been defensive.

On the contrary, the United States has always been the world leader, second perhaps only to Israel, in developing and using offensive military weapons for attacking networked devices. The change that Sanger is reporting is that the Department of Defense is now willing to acknowledge its continual attacks on networks located outside the United States. Apparently it has to make them more visible to Congress in order to get significant funding increases for them.

#war #Department-of-Defense

Video Games and Game Devices Are Surveillance Tools


Practically all video games, apps, consoles, and platforms now collect location data, contact lists, and biometric data on players and sell it to advertisers.

“Privacy in Gaming”
N. Cameron Russell, Joel R. Reidenberg, and Sumyung Moon, Center on Law and Information Policy, Fordham Law School, March 19, 2018

There are currently many different ways that game companies collect data from users, including through hardware (cameras, sensors, and microphones), platform features (social media aspects and abilities for other user-generated content), and tracking technologies (cookies and beacons). Location data and biometric data — like facial, voice, heart rate, weight, skin response, brain activity, and eye-tracking data — is now routinely collected while gaming. In mobile gaming, requests for access to a user's contacts or address book are common. …

There may also be an interrelationship between data collection, game functionalities, and external hardware items like the Apple Watch or the smartphone device. Moreover, gaming companies have business relationships with each other. Data flows extend beyond the game and game console, and game data is often aggregated with external partners and sources. Every game and platform … examined states that game data may be shared with advertising platforms or used for advertising purposes. Although there are some avenues for opt-outs and user choice, users may have difficulty discerning the identities of third party affiliates with whom gaming companies share data even after reading the relevant privacy policies.

#surveillance #video-games #data-mining

Escalating the War on Whistleblowers and Journalists


The Department of Justice has indicted a former aide to the Senate Intelligence Committee, James Wolfe, and several journalists, including Ali Watkins of the New York Times. The indictment is based on inferences from detailed and comprehensive surveillance of Wolfe and Watkins and many of their colleagues and friends, including interception of their telephone communications, e-mail, travel and financial records, and so on.

“Ex-Senate Aide Charged in Leak Case Where Times Reporter's Records Were Seized”
Adam Goldman, Nicholas Fandos, and Katie Benner, The New York Times, June 7, 2018

“Trump's Justice Department Escalates Its Disturbing Crackdown on Leaks by Seizing New York Times Reporter's Phone and Email Records”
Trevor Timm, Freedom of the Press Foundation, June 7, 2018

Some of the exchanges were transmitted through Signal, an application that uses strong end-to-end encryption. The second article speculates that the feds must have acquired these messages by seizing Wolfe's mobile phone and breaking into it.

#Department-of-Justice #freedom-of-the-press #encryption #surveillance

Cryptocurrencies: The Current Abuses


Now that cryptocurrency exchanges process transactions between their customers just by adjusting conventional ledgers internally rather than by extending blockchains, these exchanges are behaving like banks and so are encountering many of the problems of unregulated banking, abuses that cryptocurrencies were supposed to have prevented.

“Bitcoin Redux”
Ross Anderson, Ilia Shumailov, Mansoor Ahmed, and Alessandro Rietmann, Cambridge University Computer Laboratory, 17th Annual Workshop on the Economics of Information Security, May 28, 2018

#cryptocurrencies #banking #blockchain

Microsoft Acquires GitHub


How sad. Many of my students and colleagues liked GitHub and relied on it extensively. Ah, well: Tout passe, tout lasse, tout casse.

“Buying GitHub Would Take Microsoft Back to Its Roots”
Dina Bass and Eric Newcomer, Bloomberg, June 4, 2018

The software maker has agreed to acquire GitHub, the code-repository company popular with many software developers, and could announce the deal as soon as Monday, according to people familiar with the matter.

“What Is Wrong with Microsoft Buying GitHub”
Jacques Mattheij, June 4, 2018

Many open source contributors consider GitHub too big to fail. …

Some concrete examples of the things Microsoft have done:

• Abuse of their de facto monopoly position to squash competition, including abuse of the DD process to gain insight into a competitor's software

• Bankrolling the SCO Lawsuit that ran for many years in order to harm Linux in the marketplace

• Abuse of their monopoly position to unfairly compete with other browser vendors, including Netscape

• Subverting open standards with a policy of Embrace, Extend, Extinguish

• The recent Windows 10 Telemetry abuse

• The acquisition of Skype, after which all the peer-to-peer traffic was routed through Microsoft, essentially allowing them to snoop on the conversations. …

• Unfair advantage over competitors by using internal APIs for applications unavailable for competing products

• Tied-sales and bundling

• Abuse of Patents

The list is endless. So, this is the company that you want to trust with becoming the steward of a very large chunk of the open source world? Not me. And for all you closed source customers of GitHub, do you really want the company that abused a due-diligence process faking an acquisition interest to have the inside scoop on your code?

The principals weigh in:

“Microsoft to Acquire GitHub for $7.5 Billion”
Microsoft News Center, June 4, 2018

“A Bright Future for GitHub”
“defunkt”, The GitHub Blog, June 4, 2018

#Microsoft #GitHub #acquisitions #tout-passe

Ratchet Click: DNA Databases


“Golden State Killer Suspect Arrest Opens Floodgates for Law Enforcement Use of DNA Websites”
Steve Horn, Criminal Legal News, May 31, 2018

The use of DNA-based genealogy websites to track down the “Golden State Killer” suspect, Joseph DeAngelo, appears to have inspired police departments nationwide. It's a move that has irked privacy advocates and criminal justice system reformers. …

Most criminal law experts say those who hand over their DNA to websites like GEDmatch have no expectation of privacy under the Fourth Amendment. … Whether that same legal logic applies to their extended relatives, though, will remain an open question as the Golden State Killer's case weaves its way through the courts.

“Why the Golden State Killer Investigation Is Cause for Concern”
Vera Eidelman, Free Future, American Civil Liberties Union, May 11, 2018

We should be able to access the benefits of technological advances without giving up our rights.

Coming next year: Amazon applies machine learning to DNA databases to infer users' purchasing preferences and tendency to comparison-shop, enabling differential pricing for persons whose relatives' genetic constitution shows that they are indifferent to overpaying.

#privacy #DNA-databases #ratchet-click

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (

created June 1, 2014 · last revised December 10, 2018