Ged Carroll

Category: security | 保衛 | 정보 보안 | 情報セキュリティー

According to Wikipedia security can be defined:

Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security).

Back when I started writing this blog, hacking was something that was done against ‘the man’, usually as a political statement. Now breaches are part of organised crime’s day to day operations. The Chinese government so thoroughly hacked Nortel that all its intellectual property was stolen along with commercial secrets like bids and client lists. The result was the firm went bankrupt. Russian ransomware shuts down hospitals across Ireland. North Korean government sanctioned hackers robbed 50 million dollars from the central bank of Bangladesh and laundered it in association with Chinese organised crime.

Now it has spilled into the real world with Chinese covert actions, Russian contractors in the developing world and hybrid warfare being waged across central Europe and the middle east.

  • This wasn’t the internet we envisaged

    The debate over privacy on Facebook got me thinking about the internet we envisaged. Reading media commentary on Tim Cook’s recent address at Duke University prodded me into action.

    What do I mean by we? I mean the people who:

    • Wrote about the internet from the mid-1990s onwards
    • Developed services during web 1.0 and web 2.0 times

    I’ve played my own small part in it.

    At the time there was a confluence of innovation. Telecoms deregulation and the move to digital had reduced the cost of data and voice calls. Cable and satellite television was starting to change how we viewed the world. CNN led the way in bringing the news into homes. For many at the time interactive TV seemed like the future of media.

    Max Headroom

    Starship Troopers

    The Running Man

    Second generation cellular democratised mobile phone ownership. The internet was becoming a useful consumer service. My first email address was a number@site.corning.com format email address back in 1994. I used it for work, apart from an unintended spam email sent to colleagues to offload some vouchers I’d been given.

    My college email later that year was on a similar format of address; on a different domain. I ended up using my pager more than my email to stay in touch with other students. Although all students had access to the internet at college, the take-up was still very low. At college I signed up for a Yahoo! web email. I had realised that an address post-University would be useful. Yahoo! was were I saw my first online ads. They reminded me of garish versions of classified ads in newspapers.

    After I left college I used to go to Liverpool at least once a week to go to an internet cafe just off James Street and check my email account, with a piece of cake and a cup of coffee. I introduced my friend Andy to the internet (mostly email), since we used to meet up there and then go browsing records, clothes, hi-fi, studio equipment, event flyers and books at the likes of HMV, the Bluecoat Chambers, Quiggins, The Palace and Probe Records.

    I found out that I had my first agency job down in London when I was called on my cell phone whilst driving around to Andy’s house to catch up after a week at work.

    The internet was as much as an idea as anything else and the future of us netizens came alive for me in the pages of Wired and Byte. Both were American magazines. Byte was a magazine that delved deeper into technology than Ars Technica or Anandtech. Wired probed the outer limits of technology, culture and design. At the time each issue was a work of art. They pushed typography and graphic design to the limits. Neon and metallic inks, discordant fonts and an early attempt at offline to online integration. It seemed to be the perfect accompanyment to the cyberpunk science fiction I had been reading. The future was bright: literally.

    Hacking didn’t have consumers as victims but was the province of large (usually bad) mega corps.

    I moved down to London just in time to be involved in the telecoms boom that mirrored the dot com boom. I helped telecoms companies market their data networks and VoIP services. I helped technology companies sell to the telecoms companies. The agency I worked for had a dedicated 1Mb line. This was much faster than anything I’d used before. It provided amazing access to information and content. Video was ropey. Silicon.com and Real Media featured glitchy postage stamp sized clips. My company hosted the first live broadcast of Victoria’s Secret fashion show online. It was crap in reality, but a great proof of concept for the future.

    I managed to get access to recordings of DJ sets by my Chicago heroes. Most of whom I’d only read about over the years in the likes of Mixmag.

    All of this pointed to a bright future, sure there were some dangers along the way. But I never worried too much about the privacy threat (at least from technology companies). If there was any ‘enemy’ it was ‘the man’.

    In the cold war and its immediate aftermath governments had gone after:

    • Organised labour (the UK miners strike)
    • Cultural movements (Rave culture in the UK)
    • Socio-political groups (environmentalists and the nuclear disarmament movement)

    I had grown up close to the infamous Capenhurst microwave phone tap tower. Whilst it was secret, there were private discussions about its purpose. Phil Zimmerman’s PGP cryptography offered privacy, if you had the technical skills. In 1998, the European Parliament posted a report on ECHELON. A global government owned telecoms surveillance network. ECHELON was a forerunner of the kind of surveillance Edwards Snowden disclosed a decade and a half later.

    One may legitimately feel scandalised that this espionage, which has gone on over several years, has not given rise to official protests. For the European Union, essential interests are at stake. On the one hand, it seems to have been established that there have been violations of the fundamental rights of its citizens, on the other, economic espionage may have had disastrous consequences, on employment for example. – Nicole Fontaine, president of the european parliament (2000)

    I advised clients on the ‘social’ web since before social media had a ‘name’. And I worked at the company formerly known as Yahoo!. This was during a brief period when it tried to innovate in social and data. At no time did I think that the companies powering the web would:

    • Rebuild the walled gardens of the early ‘net (AOL, CompuServe, Prodigy)
    • Build oligopolies, since the web at that time promised a near perfect market due to it increasing access to market information. Disintermediation would have enabled suppliers and consumers to have a direct relationship, instead Amazon has become the equivalent of the Sears Roebuck catalogue
    • Become a serious privacy issue. Though we did realise by 2001 thanks to X10 wireless cameras that ads could be very annoying. I was naive enough to think of technology and technologists as being a disruptive source of cultural change. The reason for this was the likes of Phil Zimmerman on crypto. Craig Newmark over at Craigslist, the community of The Well and the Electronic Frontier Foundation. The likes of Peter Thiel is a comparatively recent phenomenon in Silicon Valley

    We had the first inkling about privacy when online ad companies (NebuAd and Phorm) partnered with internet service providers. They used ‘deep packet inspection’ data to analyse a users behaviour, and then serve ‘relevant ads.

    Tim Cook fits into the ‘we’ quite neatly. He is a late ‘baby boomer’ who came into adulthood right at the beginning of the PC revolution. He had a front row seat as PCs, nascent data networks and globalisation changed the modern world. He worked at IBM and Compaq during this time.

    Cook moved to Apple at an interesting time. Jobs had returned with the NeXT acquisition. The modern macOS was near ready and there was a clear roadmap for developers. The iMac was going into production and would be launched in August.

    Many emphasise the move to USB connectors, or the design which brought the Mac Classic format up to date. The key feature was a built in modem and simple way to get online once you turned the machine on. Apple bundled ethernet and a modem in the machine. It also came with everything you needed preloaded to up an account with an ISP. No uploading software, no errant modem drivers, no DLL conflicts. It just worked. Apple took care selecting ISPs that it partnered with, which also helped.

    By this time China was well on its way to taking its place in global supply chains. China would later join the World Trade Organisation in 2001.

    The start of Tim Cook’s career at Apple coincided with with the internet the way we knew it. And the company benefited from the more counter culture aspects of the technology industry:

    • Open source software (KDE Conqueror, BSD, Mach)
    • Open standards (UNIX, SyncML)
    • Open internet standards (IMAP, WebCAL, WebDav)

    By the time that Facebook was founded. Open source and globalisation where facts of life in the technology sector. They do open source because that’s the rules of business now. It is noticeable that Facebook’s businesses don’t help grow the commons like Flickr did.

    Businesses like Flickr, delicious and others built in a simple process to export your data. Facebook and similar businesses have a lot less progressive attitudes to user control over data.

    Cook is also old enough to value privacy, having grown up in a less connected and less progressive age.  It was only in 2014 that Cook became the first publicly gay CEO of a Fortune 100 company. It is understandable why Cook would be reticent about his sexuality.

    He is only a generation younger than the participants in the riots at the Stonewall Inn.

    By comparison, for Zuckerberg and his peers:

    • The 1960s and counterculture were a distant memory
    • The cold war has been won and just a memory of what it was like for Eastern Europeans to live under a surveillance state
    • Wall Street and Microsoft were their heroes. Being rich was more important than the intrinsic quality of the product
    • Ayn Rand was more of a guiding star than Ram Dass

    They didn’t think about what kind of dark underbelly that platforms could have and older generations of technologists generally thought too well of others to envisage the effects. You have to had a pretty dim view of fellow human beings. More on privacy here.

    More information
    Tim Cook brought his pro-privacy views to his Duke commencement speech today | Recode
    Bugging ring around Ireland | Duncan Campbell (1999) PDF document
    The ECHELON Affair The EP and the global interception system 1998 – 2002 (European Parliament History Series) by Franco Piodi and Iolanda Mombelli for the European Parliament Research Unit – PDF document
    Memex In Action: Watch DARPA Artificial Intelligence Search For Crime On The ‘Dark Web’| Forbes
    X10 ads are useless – Geek.com
    Disintermediation – Wikipedia

  • Bullshit job + more news

    Is Public Relations A ‘Bullshit Job’? | Holmes Report – If you find yourself in a company that doesn’t use public relations in a way that you find meaningful, and even occasionally inspiring, you’re in the wrong place. That doesn’t mean public relations consulting is a “bullshit job” but it may be an indication that you’re working for a shitty organization. – when I started in agency life I wondered if my new career was a mistake: was it a bullshit job? It didn’t help that I was working with a bunch of dot com startups and enterprise software companies.

    I’d previously worked in industry formulating plastics and in the petrochemical industry. The chances are that if you drove a car from the early 1990s to the 2000s, I’d either helped develop part of your car, or helped provide the road surface that you drove on. 

    Agency life isn’t like that. It took me years to become comfortable on whether I had a bullshit job. That came as I started to see the difference to businesses that my work did. More related content here

    Folli Follie folly | FT Alphaville – interesting read, QCM used the companies own store finder function on their website – in order to determine that Folli Follie’s distribution wasn’t as healthy as claimed

    The Brazen Bootlegging of a Multibillion-Dollar Sports Network – The New York Times – interesting article on how Saudi Arabia is bootlegging live sports content as part of its conflict with Qatar. More worryingly it is spreading its piracy into other franchises because it can

    Apple’s Jony Ive discusses his ‘best friend’ and the origins of the Apple Watch – Business Insider – interesting that it is ‘un-Jobsian’ as a product

    The Great Disappearing Act of the ‘Most Downloaded Woman in the World’ | Mel Magazine – when adult entertainment led the way in profitable business models for the web

    Swiss Watchmakers Are Targeting Teens | News & Analysis | BoF – the challenges of dealing with customers too early for brands is an interesting one

    Instagram quietly launches payments for commerce | TechCrunch – makes perfect sense

    Facebook’s Double Standard on Privacy: Employees vs. Everyone Else – WSJ – just a little bit of old school geekery exists in the Facebook yuppie farm with ‘Sauron’ technology that lets FBers know if someone else has accessed their accounts

    Keeping your account secure | Twitter Blog – Twitter dropped the ball big time

  • Video ads + more news

    Sources say Adidas has paused its video ads on Facebook while it reviews their efficacy – Digiday – From my perspective it really depends what the video ads are supposed to do.  What kind of job that they want Facebook video ads to do in the customer journey? More adidas marketing content here.

    Armed with better perspective, Sir Martin Sorrell vows to ‘start again’ | Marketing Interactive – this is interesting, particularly as a number of clients put WPP on review after he left. I am not sure that he will be able to build another WPP; but he could build a great consultancy for procurement departments at major brands. I hope that he doesn’t go digital only, or go and work for a platform like Google or Facebook; selling Facebook video advertising

    James Murdoch Won’t Move to Disney if Fox Deal Closes – WSJ – makes sense given his time at Rawkus Records, there is probably an itch to scratch getting out and doing his own thing

    Facebook will not be accepting referendum related ads from advertisers based outside of Ireland – issues with international pro-life groups

    The United States of Japan | The New Yorker – interesting analysis

    Microsoft wants serious, non-gaming developers to make more money • The Register – this will put pressure on Apple’s services revenue in particular the Mac store

    Ray Ozzie’s Encryption Backdoor – Schneier on Security – Scheier nails it. The sad thing is that Ozzie has been one of the few universally respected technologists over the years

    The Netflix generation doesn’t do compromise | The Times – a few things about the media consumption in this. There are still shared experiences: landmark shows like Sherlock, McMafia, Game of Thrones, Stranger Things, or Black Mirror. Fragmentation of audiences didn’t start with Netflix but with video cassette recorders, multiplex cinemas, Channel 4 and cable and satellite TV. There was a certain delicious irony reading about how media plurality is ‘bad’ in a paper owned by the Murdoch media empire. I committed a greater sin than the Netflix millennials and opted out of watching TV quite happily for seven years until I was gifted a Sony Trinitron TV set by a friend who was getting a flat screen –  which would probably count as even more ill tempered. The comments on online discussion are natural. Do Times readers invite objectionable opinions around to dinner parties in the name of diverse thinking? I would imagine not that often unless there are other ties (like familial links). (Paywall)

    SenseTime: The billion-dollar, Alibaba-backed AI company that’s quietly watching everyone in China — Quartz

    Report: Chinese government is behind a decade of hacks on software companies | Ars Technica

  • ZFS + more things

    A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system | Ars Technica – this is a good guide by Adam Levanthal. The thing that puzzles me is this. Apple had a working implementation of ZFS running on early beta versions of OS X and then decided not to implement it. Apple adoption of ZFS would be a major boost (it is already supported on Linux and Solaris). It takes about a decade for a file system to mature sufficiently; ZFS has that maturity and is still bleeding edge tech. Apple has a good relationship with Oracle so that wouldn’t be a problem, Larry Ellison is still the shot-caller over there and he still hates Microsoft and Google. Instead they build their own version, which has nice encryption facilities but lacks the data integrity features that ZFS has. It doesn’t seem to be about squeezing the footprint of ZFS for mobile devices either. Apple just decided to go it alone for reasons that aren’t readily apparent at the moment with APFS.

    Huawei sees building alternative to Android as insurance amid US-China trade tensions | SCMP – not a big leap from an OS point of view. The big jump would be the app store since both Google and Amazon’s app stores would be out of reach if Huawei were found guilty. A way around this would be the likes of SailfishOS which would also deal with lingering security concerns about Huawei handsets. More Huawei related content here.

    Someone might’ve hacked the company that can hack any iPhone – BGR – another reason why backdoors are bad

    Mobile advertising represents 91% of Facebook’s ad revenue | Marketing Interactive – I suspect that there is a lot of wasted ads here. Linking through to sites that aren’t mobile friendly or things that don’t work on mobile for instance

    Kraft Heinz works with JKR to introduces quirky new biscuit brand JIF JAF | Marketing Interactive – Kraft Heinz launching product in China going head to head with Mondelez; that spun out of Kraft….

    British adults using Facebook less to communicate with friends | Technology | The Guardian – according to Ofcom there is also a wealth divide in how Britons use the internet, with poorer individuals more likely to rely solely on a smartphone to get online and have “lower levels of online confidence and critical understanding”.

    APAC markets exceed global benchmarks for viewability, brand safety | Digital | Campaign Asia – fraud rates for campaigns that optimised against fraud remained relatively flat, showing optimisation efforts are paying off by keeping fraud rates low. Singapore and Hong Kong had higher fraud risk at 20.7% and 14.0% respectively, because ad fraudsters tend to follow where the digital spend goes and where CPMs are higher.

    Can This System of Unlocking Phones Crack the Crypto War? | WIRED – this sounds dodgy AF. If the US gets access, every country gets access

    Facebook beats in Q1 and boosts daily user growth to 1.45B amidst backlash | TechCrunch – basically people don’t care if Facebook invades their privacy or usurps their government. All of that is a mere bagatelle

    AMD earnings confirm it’s biting into Intel’s market share | VentureBeat – it likely won’t be permanent

    Addressing Recent Claims of “Manipulated” Blog Posts in the Wayback Machine | Internet Archive Blogs – interesting hack that should be in the tool bag of reputation managers

    U.S. DoJ probing Huawei for possible Iran sanctions violations: WSJ – interesting that they are getting dinged for similar things to ZTE. Stopping US vendors from selling to Huawei would be a bit less impactful than on ZTE. But it would retarget the Huawei R&D budget away from innovation to replacing American component technology and engineering services currently provided by the likes of Ciena or Qualcomm. This actually fits neatly with Mr Xi’s China 2025 manufacturing initiative that is designed to free the country from relying on international suppliers.

    Amazon is releasing a new Alexa gadget specifically geared toward kids – Recode – but what about the privacy settings?

    Meet John Hennessy and Dave Patterson, Silicon Valley’s first disruptors | Recode – great read about when Silicon Valley actually made silicon and solved ‘hard’ innovation problems, rather than sociopathic web services. You couldn’t have your modern computer or your smartphone without Hennessy & Patterson

    Nike’s Converse Loses Chief Marketer to Supreme | BoF – not that Supreme really needs marketing with its over-subscribed drops. Unless they are changing direction to become more mass affluent?

    A French billionaire is being investigated for bribing African officials for lucrative contracts | Quartz – this surprised me. France has used businesses like Total and Elf with the likes of Jacques Foccart to keep a relationship and control in the Francophone. Why are they turning on Bollore now? Especially odd when you think about how China is pushing western interests out of the continent

    Electric Autos – Long life – I think it’s more complex, depending on vehicle range and driving patterns will factor into demand. Of course the shit is really going to hit the fan when lithium ion technology fails to provide for transport needs like long distance heavy goods vehicles, becomes too expensive and essential materials become too rare. There is likely to be a pivot to hydrogen combustion engines or hydrogen fuel cells due to superior energy density. The economics around risk, infrastructure and other capital costs will change.

  • RSS renaissance + more news

    Now Is The Perfect Time For An RSS Renaissance | Neflabs – great read and a much needed request for a lean web. There has been a post-Google Reader RSS renaissance in terms of readers out there. My favourite reader of the RSS renaissance is Newsblur

    Here’s What Facebook Won’t Let You Post | WIRED – pretty grim read

    CIA agents in ‘about 30 countries’ tracked by technology, top official says – CNNPolitics – “Singapore’s been doing it for years,” she told CNN following her keynote speech on Sunday morning at the 2018 GEOINT Symposium, hosted by the United States Geospatial Intelligence Foundation. Meyerriecks did not elaborate with further examples. – It makes total sense that the CIA is building a ‘Google Maps’-style dead ground map of areas that they operate in using machine learning. More related content here.

    Chinese cult writer Chen Qiufan on pushing the boundaries of sci-fi | FT – good read with the obligatory name check of Liu Cixin (paywall)

    g2g, brb, and what the loss of early MSN language means | Dazed – interesting change in consumer behaviour as time spent online creeps upwards with the move towards ubiquitous connectivity

    P&G returns to YouTube but with a more selective mindset | Marketing Interactive – ultimately brands are powerless in the face of Google, Facebook and Amazon advertising if they insist on not running with a media neutral approach

    China opposes all forms of protectionism, commerce minister says – says market with high levels of implicit and explicit protection

    No, a keyboard app can’t ‘prevent tragedy from depression’ | Advertising | Campaign Asia – quite shocking claims

    Google’s new video ad format doesn’t need YouTube | Digital | Campaign Asia – interesting move

    AI in the UK white paper | House of Lords – (PDF)

    Microsoft gives up artificial intelligence sales over ethical concerns – interesting positioning, it would be good to get an understanding on on what the board would define as a bad actor

    After Sir Martin Sorrell: The Reckoning | LinkedIn – interesting analysis of the marketing sector, I disagree with the way that some of it hangs together

    Gchat could have saved Google the trouble of launching yet another messaging service. | Slate – what this forgets is that GChat ended up having a lot of bots and spam accounts. For me it was worse than Skype or Yahoo! Messenger at the time. I could see business historians highlighting this as a lost opportunity in the story of Alphabet