Menu Close

Tag: law enforcement

This website was archived on July 20, 2019. It is frozen in time on that date.
Exolymph creator Sonya Mann's active website is Sonya, Supposedly.
Two locks for extra security. Photo by Joi Ito.

Photo by Joi Ito.

January 17, 2017

Trust Not the Green Lock

Eric Lawrence works at Google, where he is “helping bring HTTPS everywhere on the web as a member of the Chrome Security team.” (I preserved his phrasing because I’m not 100% sure what that means concretely, but working on security at Google bestows some baseline credibility.) A couple of days ago Lawrence published a blog post about malicious actors using free certificates from Let’s Encrypt to make themselves look more legit. As he put it:

One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites. […]

Another argument is that browsers overpromise the safety of sites by using terms like Secure in the UI — while the browser can know whether a given HTTPS connection is present and free of errors, it has no knowledge of the security of the destination site or CDN, nor its business practices. […] Security wording is a complicated topic because what the user really wants to know (“Is this safe?”) isn’t something a browser can ever really answer in the affirmative.

Lawrence goes into much more detail, of course. His post hit the front page on Hacker News, and the commentary is interesting. (As usual! Hacker News gets a worse rap than it deserves, IMO.)

I want to frame this exploitation of freely available certificates as a result of cacophony of the web. Anyone can publish, and anyone can access. Since internet users are able to choose anonymity, evading social or criminal consequences is easy. (See also: fake news, the wholly fabricated kind.) Even when there are opsec gaps, law enforcement doesn’t have anywhere near the resources to chase down everyone who’s targeting naive or careless users online.

Any trust signal that can be aped — especially if it can be aped cheaply — absolutely will be. Phishers and malware peddlers risk nothing. In fact, using https is not inherently deceptive (although it is surely intended to be). The problem is on the interpretation end. Web browsers and users have both layered extra meaning on top of the plain technical reality of https.

To his credit, Lawrence calls the problem unsolvable. It is, because the question here is: “Can you trust a stranger if they have a badge that says they’re trustworthy?” Not if the badge can be forged. Or, in the case of https, if the badge technically denotes a certain kind of trust, but most people read it as being a different kind of trust.

(I’m a little out of my depth here, but my understanding is that https doesn’t mean “this site is trustworthy”, it just means “this site is encrypted”. There are higher types of certificates that validate more, usually purchased by businesses or other institutions with financial resources.)

High-trust societies can mitigate this problem, of evaluating whether a stranger is going to screw you over, but there’s no way to upload those cultural norms. The internet is not structured for accountability. And people aren’t going to stop being gullible.

Anyway, Lawrence does have some suggestions for improving the current situation. Hopefully one or multiple of those will go forward.

Header photo by Joi Ito.

August 28, 2016

The Strategic Subjects List

Detail of a satirical magazine cover for All Cops Are Beautiful, created by Krzysztof Nowak.

Detail of a satirical magazine cover created by Krzysztof Nowak.

United States policing is full of newspeak, the euphemistic language that governments use to reframe their control of citizens. Take “officer-involved shooting”, a much-maligned term that police departments and then news organizations use to flatten legitimate self-defense and extrajudicial executions into the same type of incident.

And now, in the age of algorithms, we have Chicago’s “Strategic Subjects List”:

Spearheaded by the Chicago Police Department in collaboration with the Illinois Institute of Technology, the pilot project uses an algorithm to rank and identify people most likely to be perpetrators or victims of gun violence based on data points like prior narcotics arrests, gang affiliation and age at the time of last arrest. An experiment in what is known as “predictive policing,” the algorithm initially identified 426 people whom police say they’ve targeted with preventative social services. […]

A recently published study by the RAND Corporation, a think tank that focuses on defense, found that using the list didn’t help the Chicago Police Department keep its subjects away from violent crime. Neither were they more likely to receive social services. The only noticeable difference it made was that people on the list ended up arrested more often.

WOW, WHAT A WEIRD COINCIDENCE! The “strategic subjects” on the list were subjected, strategically, to increased police attention, and I’m sure they were all thrilled by the Chicago Police Department’s interest in their welfare.

Less than fifty years ago, the Chicago Police Department literally tortured black men in order to coerce “confessions”. None of that is euphemism. A cattle prod to the genitals — but maybe it ought to be called “officer-involved agony”?

I get so worked up about language because language itself can function as a predictive model. The words people use shape how they think, and thoughts have some kind of impact on actions. Naturally, the CPD officers who carried out the torture called their victims the N-word.

I wonder what proportion of the Strategic Subjects List is black? Given “data points like prior narcotics arrests [and] gang affiliation”, an algorithm can spit out the legacy of 245 years of legal slavery more efficiently than a human. But torture in Chicago is still handcrafted by red-blooded American men. Trump would be proud.

March 26, 2016

Surveillance Status Quo

“Every country knows [that telecoms networks are] vulnerable, but no one wants to fix the problem — because they exploit that vulnerability, too.” — Robert Kolker in a Bloomberg article about StingRays

Here we’re confronted with the problem of incentives. Police are incentivized to spy on citizens, whether innocent or guilty. The success of law enforcement is measured by arrests, not by the population’s peace and happiness. Definitely not by how well civil liberties have been protected. None of that fits in a spreadsheet! Nation-states are incentivized to spy on each other, for the sake of regular ol’ espionage as well as obtaining commercial secrets. It’s desirable to keep an eye on the neighbors. What are they up to? When and where are they going to sell their newest invention?

Photo via Thierry Ehrmann. War logs!

Photo via Thierry Ehrmann.

Maybe this sounds paranoid, but it’s not. The US increasingly relies on its information economy, which means that data and insight are both especially valuable. Other developed countries are similarly beholden to ideas and intellectual property. One of the profound dangers posed by China is its disregard for patents and copyrights, and its subsequent explosion of innovation. Being surpassed is America’s direst fear. We need to make ourselves great again, right?!

I’ve written about apathy before. It’s the enemy of the entrepreneur and the activist. In a world full or products and causes, it’s tough to cajole someone into caring. Who has the time? And, more crucially, who has the correct incentive structure? Mister Average Joe doesn’t need to worry about surveillance — it doesn’t impact him immediately or concretely — and consequently he simply doesn’t bother himself with the subject.

Every time I say something like this, I’m accused on complacency. And I guess that’s fair. I’m resigned to reality, and I don’t try to agitate against the status quo. Selfishness makes me more interested in surviving and excelling than in overturning power structures.

“I said yes to the mandatory government implants […] because I, like everybody else, just wanted to be safe.” — short story by Maverix75

December 17, 2015

Droning On Drones

The enemy is always a terrible shot. And he’s always one step behind. Isn’t that a lucky thing? (Contemplate this when you’re in the theater watching Star Wars. Note the list of evil overlord habits, which I’m sure will be on display. But don’t get me wrong — I’m really excited for this movie.)

Photo by Jonas Wagner.

Photo by Jonas Wagner.

It’s definitely the end times — I know because I created a Reddit account. The purpose was to join the cyberpunk discussion board. My capitulation was rewarded with a comment thread regarding the “anti-drone drone” that catches flying robot beetles in a net.

NiceyChappe: “Seems like it would be fairly easy to have an ‘evasive manoeuvres’ button. That net is pretty slow really.”

bunnybacon: “Sure, but then what? The police robot will develop improved AI, emp functionailty, smoke obfucation, paintball gun and swarm coorporation. Mark my words: we are going to see a future in which the sky is black with drones constantly fighting over terratory, while desperate scavengers gather the scraps for their underground, post-meltdown econonmy.” [all sic]

To which InsurrectionaryFront replied, perhaps sardonically, “We went from improving police drones to a collapse of civilization?”

Like it would ever get that far. All opposition is controlled opposition 😉

Tomorrow, another interview about Twitter bots, this time with Beau Gunderson. If you missed the previous one, find it here: “The Bot Tries Not To Surveil Humans”.

Disclosure

Exolymph is a member of the Amazon Associates program. If you click on an Amazon link from this site and subsequently buy something, Exolymph will receive a small commission (at no cost to you).

Recents Posts

Search

© 2019 Exolymph. All rights reserved.

Theme by Anders Norén.