Book Read Free

Data and Goliath

Page 39

by Bruce Schneier


  corporate electronic communications: This is an excellent review of workplace monitoring techniques and their effects on privacy. Corey A. Ciocchetti (2010), “The eavesdropping employer: A twenty-first century framework for employee monitoring,” Daniels College of Business, University of Denver, http://www.futureofprivacy.org/wp-content/uploads/2010/07/The_Eavesdropping_Employer_%20A_Twenty-First_Century_Framework.pdf.

  new field called “workplace analytics”: Don Peck (20 Nov 2013), “They’re watching you at work,” Atlantic, http://www.theatlantic.com/magazine/archive/2013/12/theyre-watching-you-at-work/354681. Hannah Kuchler (17 Feb 2014), “Data pioneers watching us work,” Financial Times, http://www.ft.com/intl/cms/s/2/d56004b0-9581-11e3-9fd6-00144feab7de.html.

  For some people, that’s okay: A friend told me about her feelings regarding personalized advertising. She said that, as an older woman, she keeps getting ads for cosmetic medical procedures, drugs for “old” diseases, and other things that serve as a constant reminder of her age. She finds it unpleasant. Lynn Sudbury and Peter Simcock (2008), “The senior taboo? Age based sales promotions, self-perceived age and the older consumer,” European Advances in Consumer Research 8, http://www.acrwebsite.org/volumes/eacr/vol8/eacr_vol8_28.pdf.

  people are refraining from looking up: Deborah C. Peel (7 Feb 2014), “Declaration of Deborah C. Peel, M.D., for Patient Privacy Rights Foundation in support of Plaintiffs’ Motion for Partial Summary Judgment,” First Unitarian Church et al. v. National Security Agency et al. (3:13-cv-03287 JSW), United States District Court for the Northern District of California, https://www.eff.org/files/2013/11/06/allplaintiffsdeclarations.pdf.

  surveillance data is being used: Andrew Odlyzko (5–6 Jun 2014), “The end of privacy and the seeds of capitalism’s destruction,” Privacy Law Scholars Conference, Washington, D.C., http://www.law.berkeley.edu/plsc.htm.

  In their early days: Paddy Kamen (5 Jul 2001), “So you thought search engines offer up neutral results? Think again,” Toronto Star, http://www.commercialalert.org/issues/culture/search-engines/so-you-thought-search-engines-offer-up-neutral-results-think-again.

  search engines visually differentiated: Gary Ruskin (16 Jul 2001), Letter to Donald Clark, US Federal Trade Commission, re: Deceptive advertising complaint against AltaVista Co., AOL Time Warner Inc., Direct Hit Technologies, iWon Inc., LookSmart Ltd., Microsoft Corp. and Terra Lycos S.A., Commercial Alert, http://www.commercialalert.org/PDFs/SearchEngines.pdf. Heather Hippsley (27 Jun 2002), Letter to Gary Ruskin re: Complaint requesting investigation of various Internet search engine companies for paid placement and paid inclusion programs, US Federal Trade Commission, http://www.ftc.gov/sites/default/files/documents/closing_letters/commercial-alert-response-letter/commercialalertletter.pdf.

  Google is now accepting money: Danny Sullivan (30 May 2012), “Once deemed evil, Google now embraces ‘paid inclusion,’” Marketing Land, http://marketingland.com/once-deemed-evil-google-now-embraces-paid-inclusion-13138.

  FTC is again taking an interest: Michael Cooney (25 Jun 2013), “FTC tells Google, Yahoo, Bing, others to better differentiate ads in web content searches,” Network World, http://www.networkworld.com/community/blog/ftc-tells-google-yahoo-bing-others-better-differentiate-ads-web-content-searches. Mary K. Engle (24 Jun 2013), “Letter re: Search engine advertising practices,” US Federal Trade Commission, http://www.ftc.gov/sites/default/files/attachments/press-releases/ftc-consumer-protection-staff-updates-agencys-guidance-search-engine-industryon-need-distinguish/130625searchenginegeneralletter.pdf.

  Payments for placement: Josh Constine (3 Oct 2012), “Facebook now lets U.S. users pay $7 to promote posts to the news feeds of more friends,” Tech Crunch, http://techcrunch.com/2012/10/03/us-promoted-posts.

  increasing voter turnout: Robert M. Bond et al. (13 Sep 2012), “A 61-million-person experiment in social influence and political mobilization,” Nature 489, http://www.nature.com/nature/journal/v489/n7415/full/nature11421.html.

  It would be hard to detect: Jonathan Zittrain explores this possibility. Jonathan Zittrain (1 Jun 2014), “Facebook could decide an election without anyone ever finding out,” New Republic, http://www.newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.

  Facebook could easily tilt: Many US elections are very close. A 0.01% change would have elected Al Gore in 2000. In 2008, Al Franken beat Norm Coleman in the Minnesota Senate race by only 312 votes.

  Google might do something similar: Robert Epstein (23-26 May 2013), “Democracy at risk: Manipulating search rankings can shift voters’ preferences substantially without their awareness,” 25th Annual Meeting of the Association for Psychological Science, Washington, D.C., http://aibrt.org/downloads/EPSTEIN_and_Robertson_2013-Democracy_at_Risk-APS-summary-5-13.pdf.

  sinister social networking platform: “When the amount of information is so great, so transparent, so pervasive, you can use absolutely nothing but proven facts and still engage in pure propaganda, pure herding.” Dan Geer, quoted in Jonathan Zittrain (20 Jun 2014), “Engineering an election,” Harvard Law Review Forum 127, http://harvardlawreview.org/2014/06/engineering-an-election.

  China does this: Ai Weiwei (17 Oct 2012), “China’s paid trolls: Meet the 50-Cent Party,” New Statesman, http://www.newstatesman.com/politics/politics/2012/10/china%E2%80%99s-paid-trolls-meet-50-cent-party. Mara Hvistendahl (22 Aug 2014), “Study exposes Chinese censors’ deepest fears,” Science 345, http://www.sciencemag.org/content/345/6199/859.full. Gary King, Jennifer Pan, and Margaret E. Roberts (22 Aug 2014), “Reverse-engineering censorship in China: Randomized experimentation and participant observation,” Science 345, http://www.sciencemag.org/content/345/6199/1251722.

  Samsung has done much: Philip Elmer-DeWitt (16 Apr 2013), “Say it ain’t so, Samsung,” Fortune, http://fortune.com/2013/04/16/say-it-aint-so-samsung.

  Many companies manipulate: Bryan Horling and Matthew Kulick, (4 Dec 2009), “Personalized search for everyone,” Google Official Blog, http://googleblog.blogspot.com/2009/12/personalized-search-for-everyone.html. Tim Adams (19 Jan 2013), “Google and the future of search: Amit Singhal and the Knowledge Graph,” Guardian, http://www.theguardian.com/technology/2013/jan/19/google-search-knowledge-graph-singhal-interview.

  The first listing in a Google search: Chitika Online Advertising Network (7 Jun 2013), “The value of Google result positioning,” https://cdn2.hubspot.net/hub/239330/file-61331237-pdf/ChitikaInsights-ValueofGoogleResultsPositioning.pdf.

  the Internet you see: Joseph Turow (2013), The Daily You: How the New Advertising Industry Is Defining Your Identity and Your Worth, Yale University Press, http://yalepress.yale.edu/yupbooks/book.asp?isbn=9780300165012.

  the “filter bubble”: Eli Pariser (2011), The Filter Bubble: What the Internet Is Hiding from You, Penguin Books, http://www.thefilterbubble.com.

  on a large scale it’s harmful: Cass Sunstein (2009), Republic.com 2.0, Princeton University Press, http://press.princeton.edu/titles/8468.html.

  We don’t want to live: To be fair, this trend is older and more general than the Internet. Robert D. Putnam (2000), Bowling Alone: The Collapse and Revival of American Community, Simon and Schuster, http://bowlingalone.com.

  Facebook ran an experiment: Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock (17 Jun 2014), “Experimental evidence of massive-scale emotional contagion through social networks,” Proceedings of the National Academy of Sciences of the United States of America 111, http://www.pnas.org/content/111/24/8788.full.

  women feel less attractive: Lucia Moses (2 Oct 2013), “Marketers should take note of when women feel least attractive: What messages to convey and when to send them,” Adweek, http://www.adweek.com/news/advertising-branding/marketers-should-take-note-when-women-feel-least-attractive-152753.

  companies want to better determine: Mark Buchanan (17 Aug 2007), “The science of subtle signals,” strategy+business magazine, http://web.media.mit.edu/~sandy/Honest-Signals-sb48_07307.pdf.

  Tha
t gives them enormous power: All of this manipulation has the potential to be much more damaging on the Internet, because the very architecture of our social systems is controlled by corporations. Harvard law professor Lawrence Lessig has written about computing architecture as a mechanism of control. Lawrence Lessig (2006), Code: And Other Laws of Cyberspace, Version 2.0, Basic Books, http://codev2.cc.

  Candidates and advocacy groups: Ed Pilkington and Amanda Michel (17 Feb 2012), “Obama, Facebook and the power of friendship: The 2012 data election,” Guardian, http://www.theguardian.com/world/2012/feb/17/obama-digital-data-machine-facebook-election. Tanzina Vega (20 Feb 2012), “Online data helping campaigns customize ads,” New York Times, http://www.nytimes.com/2012/02/21/us/politics/campaigns-use-microtargeting-to-attract-supporters.html. Nathan Abse (Oct 2012), “Big data delivers on campaign promise: Microtargeted political advertising in Election 2012,” Interactive Advertising Bureau, http://www.iab.net/media/file/Innovations_In_Web_Marketing_and_Advertising_delivery.pdf.

  They can also fine-tune: Sasha Issenberg (19 Dec 2012), “How President Obama’s campaign used big data to rally individual voters,” MIT Technology Review, http://www.technologyreview.com/featuredstory/509026/how-obamas-team-used-big-data-to-rally-voters.

  more efficiently gerrymander: Micah Altman, Karin MacDonald, and Michael MacDonald (2005), “Pushbutton gerrymanders: How computing has changed redistricting,” in Party Lines: Competition, Partisanship, and Congressional Redistricting, ed. Thomas E. Mann and Bruce E. Cain, Brookings Institution Press, http://openscholar.mit.edu/sites/default/files/dept/files/pushbutton.pdf. Robert Draper (19 Sep 2012), “The league of dangerous mapmakers,” Atlantic, http://www.theatlantic.com/magazine/archive/2012/10/the-league-of/309084. Tracy Jan (23 Jun 2013), “Turning the political map into a partisan weapon,” Boston Globe, http://www.bostonglobe.com/news/nation/2013/06/22/new-district-maps-reaped-rewards-for-gop-congress-but-cost-fewer-moderates-more-gridlock/B6jCugm94tpBvVu77ay0wJ/story.html.

  fundamental effects on democracy: Arch Puddington (9 Oct 2013), “To renew American democracy, eliminate gerrymandering,” Freedom House, http://www.freedomhouse.org/blog/renew-american-democracy-eliminate-gerrymandering. Press Millen (20 Jul 2014), “With NC gerrymandering, democracy is the loser,” News Observer, http://www.newsobserver.com/2014/07/20/4014754/with-nc-gerrymandering-democracy.html.

  Kevin Mitnick broke into: John Markoff (16 Feb 1995), “A most-wanted cyberthief is caught in his own web,” New York Times, http://www.nytimes.com/1995/02/16/us/a-most-wanted-cyberthief-is-caught-in-his-own-web.html.

  hackers broke into: Robert O’Harrow Jr. (17 Feb 2005), “ID data conned from firm,” Washington Post, http://www.washingtonpost.com/wp-dyn/articles/A30897-2005Feb16.html.

  hackers broke into Home Depot’s: Brian Krebs (2 Sep 2014), “Banks: Credit card breach at Home Depot,” Krebs on Security, http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot. Robin Sidel (18 Sep 2014), “Home Depot’s 56 million card breach bigger than Target’s,” Wall Street Journal, http://online.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571.

  from JPMorgan Chase: Dominic Rushe (3 Oct 2014), “JP Morgan Chase reveals massive data breach affecting 76m households,” Guardian, http://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach.

  criminals have legally purchased: Brian Krebs (20 Oct 2013), “Experian sold consumer data to ID theft service,” Krebs on Security, http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service.

  Cybercrime is older than the Internet: M. E. Kabay (2008), “A brief history of computer crime: An introduction for students,” Norwich University, http://www.mekabay.com/overviews/history.pdf.

  Or he files a fake tax return: This is becoming a huge problem in the US. Michael Kranish (16 Feb 2014), “IRS is overwhelmed by identity theft fraud,” Boston Globe, http://www.bostonglobe.com/news/nation/2014/02/16/identity-theft-taxpayer-information-major-problem-for-irs/7SC0BarZMDvy07bbhDXwvN/story.html. Steve Kroft (21 Sep 2014), “Biggest IRS scam around: Identity tax refund fraud,” CBS News, http://www.cbsnews.com/news/irs-scam-identity-tax-refund-fraud-60-minutes.

  Government databases: In 2014, we learned that Chinese hackers broke into a database containing personal information about US security-clearance holders. We don’t know whether these were criminals looking for information to help them commit fraud, or government intelligence personnel looking for information to help them coerce people in positions of access. Michael S. Schmidt, David E. Sanger, and Nicole Perlroth (9 Jul 2014), “Chinese hackers pursue key data on U.S. workers,” New York Times, http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html.

  many more data vulnerabilities: This is just an example. A piece of malware infected over 1,000 companies in 2014, stealing credit card details. Many of the companies infected did not know they were victims. Nicole Perlroth (8 Sep 2014), “Home Depot data breach could be the largest yet,” New York Times, http://bits.blogs.nytimes.com/2014/09/08/home-depot-confirms-that-it-was-hacked.

  arrested in 2010 for “sextortion”: Richard Winton (1 Sep 2011), “‘Sextortion’: 6 years for O.C. hacker who victimized women, girls,” Los Angeles Times, http://latimesblogs.latimes.com/lanow/2011/09/sextortion-six-years-for-oc-hacker-who-forced-women-to-give-up-naked-pics-.html.

  The most insidious RATs: Nate Anderson (10 Mar 2013), “Meet the men who spy on women through their webcams,” Ars Technica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams.

  computer companies that spied: Kashmir Hill (25 Sep 2012), “FTC says rent-to-own computers captured couples having sex,” Forbes, http://www.forbes.com/sites/kashmirhill/2012/09/25/ftc-its-not-cool-to-put-spyware-on-rent-to-own-computers-without-customer-consent. Dara Kerr (22 Oct 2013), “Aaron’s computer rental chain settles FTC spying charges,” CNET, http://www.cnet.com/news/aarons-computer-rental-chain-settles-ftc-spying-charges.

  9: Business Competitiveness

  I wrote my first book: The book had a 1994 copyright date, but was published in October 1993. Bruce Schneier (1994), Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley, https://www.schneier.com/book-applied.html.

  It was a big deal: Wired (Apr 1996), “On newsstands now: Crypto catalog,” Wired, http://archive.wired.com/wired/archive/4.04/updata.html.

  over 250 cryptography products: Stephen T. Walker (12 Oct 1993), “Oral testimony by Stephen T. Walker, President, Trusted Information Systems, Inc., for Subcommittee on Economic Policy, Trade and Environment, Committee on Foreign Affairs, US House of Representatives,” http://fas.org/irp/congress/1993_hr/931012_walker_oral.htm.

  It was a scare story: Here are some references for the current scare story in action. Ellen Nakashima (26 Jul 2014), “Proliferation of new online communications services poses hurdles for law enforcement,” Washington Post, http://www.washingtonpost.com/world/national-security/proliferation-of-new-online-communications-services-poses-hurdles-for-law-enforcement/2014/07/25/645b13aa-0d21-11e4-b8e5-d0de80767fc2_story.html. Orin Kerr (19 Sep 2014), “Apple’s dangerous game,” Washington Post, http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/19/apples-dangerous-game. Brent Kendall (25 Sep 2014), “FBI director raises concerns about smartphones,” Wall Street Journal, http://online.wsj.com/articles/fbi-director-raises-concerns-about-smartphone-security-plans-1411671434.

  They passed the CALEA law: FBI director Louis Freeh put it this way: “We’re in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge’s authority where we can get there if somebody is planning a crime.” A similar quote from the FBI’s general counsel from 2010 was in Chapter 6. Brock N. Meeks (12 May 1995), “Jacking in from the narco-terrorist encryption port,” CyberWire Dispatch, http://www.cyberwire.com/cwd/cwd.95.05.12a.html.

  This was marketed
as “key escrow”: Wayne Madsen (Nov 1994), “The Clipper controversy,” Information Systems Security 3, http://www.sciencedirect.com/science/article/pii/1353485894900973. Matt Blaze (5–9 Dec 2011), “Key escrow from a safe distance: Looking back at the Clipper Chip,” 27th Annual Computer Security Applications Conference, Orlando, Florida, http://www.crypto.com/papers/escrow-acsac11.pdf.

  device with the Clipper Chip: The US military had something similar from the NSA since 1987: the STU-III. Department of Defense Security Institute (Feb 1997), “STU-III handbook for industry,” http://www.tscm.com/STUIIIhandbook.html.

  Nobody wanted encryption: Hal Abelson et al. (Jun 1999), “The risks of key recovery, key escrow, and trusted third-party encryption,” World Wide Web Journal 2, https://www.schneier.com/paper-key-escrow.html.

  The US government was the only: Crypto Museum (2014), “AT&T TSD-3600-E Telephone Encryptor,” http://www.cryptomuseum.com/crypto/att/tsd3600.

  other key escrow initiatives: Dorothy E. Denning and Dennis K. Branstad (Mar 1996), “A taxonomy for key escrow encryption systems,” Communications of the ACM 39, http://faculty.nps.edu/dedennin/publications/Taxonomy-CACM.pdf.

  over 800 encryption products: Lance J. Hoffman et al. (10 Jun 1999), “Growing development of foreign encryption products in the face of U.S. export regulations,” Report GWU-CPI-1999-02, Cyberspace Policy Institute, George Washington University School of Engineering and Applied Science, http://cryptome.org/cpi-survey.htm.

  the crypto wars: This is a good account of those times. Steven Levy (May 1993), “Crypto rebels,” Wired, http://archive.wired.com/wired/archive/1.02/crypto.rebels_pr.html.

 

‹ Prev