December 18, 2014

How We're All Being Suckered Over the Sony Hack

By now you've heard that Sony has canceled (for the moment, anyway) the debut of a controversial "comedy" film concerning a plot to assassinate the current leader of North Korea. Given that North Korea indeed has an evil, vile government, Sony apparently thought that a vile, tasteless film was the appropriate response -- very 21st century Hollywood thinking, indeed.

Sony's suspension of "The Interview" -- ostensibly in response to the mass hacking of their corporate systems and associated threats -- has already become a new talking point among proponents of controversial legislation that would almost certainly ultimately give the government vast new abilities to monitor and control privately owned networks and computer systems -- "for those private firms' own good" of course.

Yeah. Of course. But who are we mere computer scientists and technologists to argue with the likes of world-renowned "cybersecurity expert" Newt Gingrich, who has already declared that the Sony hack and Sony's response means that the USA has "lost its first cyberwar." Wow, that sounds scary.

And hell, if Newt proclaims something, it must be true.

Or not.

The very nature of this situation suggests that we will never know the real truth of the matter.

But boys and girls, my gut feeling is that we're being seriously suckered.

First we're told that the Sony hack was incredibly sophisticated and brilliant, of the sort that (supposedly) only a well-funded nation-state could muster.

Then we start to hear from researchers who have looked at this in more detail, and we learn that the actual exploit was relatively simplistic and run-of-the-mill, rather sloppy in fact.

So how could such a crude exploit do so much damage to Sony?

Well, we've also now learned that -- reportedly -- Sony's computer security practices were well known within the company as being somewhere south of McMurdo Station -- that is, really abysmally sloppy and inept.

So you apparently didn't need a nation-state with vast cyberwar attack resources to pull this off. Perhaps a bored 18-year-old looking for "lulz" from his parents' basement would be more than adequate to the task.

Given all this, why are we seeing so much focus on North Korea? Why is the U.S. government saying that North Korea is "behind" the attacks -- or that at least some group "allied" with North Korea was responsible.

Or maybe just someone who has "heard" of North Korea?

Let's face it. Since this attack has been tied to a film that at the very least attempted to make sick "fun" of assassinating Kim Jong-un, one might say (if one was of a conspiratorial mindset about this) that it all almost seems "purpose built" as a mechanism to justify whatever new anti-North Korea sanctions have been simmering in the background.

And as I noted earlier, it also fits in very nicely with the "government needs to be in charge of private computer security" storyline as well.

However, we don't even need conspiracies to work this one out to a significant degree of confidence.

These kinds of cyberattacks are notoriously difficult to source. There are so many ways to confuse and obfuscate and false flag and misdirect -- that we're unlikely to ever know with certainty who was actually behind the Sony hack itself.

Yet we do know with certainty that there are commercial "cybersecurity" firms itching to leverage panic into sales, and government "cyberwar" divisions always on the prowl for excuses to further inflate their already obscenely bloated budgets.

So ... which is going to play more effectively into these narratives -- the 18-year-old in the basement lounge chair with a keyboard in their lap ... or a nightmarish cyberattack conveniently pinned on the megalomaniac leader of a pariah nation?

Yes, I could be wrong. Maybe we're actually getting the straight story on all this from our elected officials and their multitude of minions. Maybe this all really was a dastardly attack by North Korea on a mediocre Sony film.

Then again, there's a bridge over the East River connecting with New York City that you might want to buy as well.

Just sayin' ...

Be seeing you.

I am a consultant to Google. I speak only for myself, not for them.

Posted by Lauren at 01:16 PM | Permalink

October 24, 2014

Stop the Ebola Witch-Hunt!

There's a wonderful old 1963 episode of the classic original "The Outer Limits" series called "The Sixth Finger."

It stars David McCallum as a man who is artificially and rapidly evolved into the human of the far future, both in terms of physical appearance and vastly enhanced intellect.

At one critical juncture, as he surveys the pitiful confusion of the ordinary humans who want to destroy him for being different, he proclaims, "Your ignorance makes me ill and angry."

But you don't have to be a super-intellect to feel both ill and angry at the spectacle of the current Ebola witch-hunt, being largely orchestrated by so-called radio and television "journalists" and lowlife politicians, with masses of ordinary folks being whipped into a frenzy of hate and prejudice as a predictable (and we may reasonably assume, intentional) result.

The worst offenders are the usual sycophant suspects. Moronic right-wing talk show hosts like Rush Limbaugh, the FOX News clowns, and the rest of the theocratic, anti-science, anti-health care, racist boosters of the rich and haters of the poor. You can tune them in anytime, ranting that Ebola is all a plot by Obama, that we should ban anyone who has been in Africa, and that we're about to be destroyed by an Ebola mutated into an airborne horror.

Sad to say, CNN -- once a great news organization -- now spinning out of control into the pit of mediocrity under the reigns of Jeff Zucker, has been a particular offender, going wall to wall for ratings with breathless, panicked Ebola stories, only sidetracking into other items if they're bloody enough or feature globe-trotting chefs or the new retread of "Dirty Jobs." In fact, one of the few sane recent commentaries I've seen on cable news lately about Ebola actually was on FOX News -- proving once again the old adage about a stopped clock not being incorrect quite all of the time.

And the Internet is now playing a major role as well. Blogs and other social media are being used to spread completely false rumors about Ebola outbreaks and deaths in the U.S., or attempting to capitalize on fake Ebola cures. Facebook and Twitter are being used today to vilify a doctor back from treating Ebola patients who has now tested positive for the disease.

Naturally, these purposeful attempts at panicking the populace are having nightmarish, sickly effects. One of those effects is to terrify health care workers, who know all too well what the sorts of demands now coming from talk show hosts, politicians, and panicked citizens would mean in terms of making a horrible situation in Africa even worse.

Attempts to ban persons who have traveled or transited from Africa would decimate relief efforts, as would country-specific travel bans in general. Demanding that every symptom-free health care worker who has been trying to help Ebola patients be quarantined upon return is not only unnecessary but would vastly undermine the willingness of health care workers to volunteer for such efforts in the first place. Meanwhile, where Ebola really is endemic -- in Africa -- it would continue to spread in the horrendous living conditions and primitive health care environment there -- putting ever more people in Africa at genuine risk.

Now, get this through your thick skulls, you idiot Ebola panickers and profiteers ...

The only people who get Ebola are ones who are in direct, close contact with persons in the throws of major Ebola symptoms -- like vomiting, horrible coughing, and other symptoms you wouldn't want to be anywhere near even if all they represented was a case of the flu.

It is not an epidemic here. It is not going to be an epidemic here.

And speaking of the flu -- now that's something you should be worried about! Thousands die every year from the flu here in the U.S., many for lack of simple vaccinations (thank the anti-vaccine nutcases for contributing to that). Unlike Ebola, the flu is airborne and easily spread.

Oh yes -- and ironically, the same GOP fanatics so desperate to repeal the Affordable Care Act ("Obamacare") that has provided millions with insurance and preventative care against diseases such as the flu, are the same hateful creatures who are out there now seemingly demanding draconian restrictions against anyone who even utters the word "Ebola" in public.

And just to be clear, this isn't just a GOP-orchestrated witch-hunt -- though they're the masters of the method. There are also Democratic politicians who are playing the Ebola scare card for all it's worth.

Given the toxic political landscape, it's six of one and half a dozen of another (and I don't mean "Outer Limits" fingers in this case) when it comes to reigning in our politicians on this. Ebola is their natural element for exploitation. You might as well try keep a bear away from a beehive dripping with honey.

But there is one thing I believe we can do. As I noted earlier, social media is being widely abused to spread Ebola panic and prejudice. When you see this occur, I urge you to call out the perpetrators publicly for what they are. Don't sit silently and let them get away with their hateful garbage.

Yes, this means having a thick enough skin to deal with the inevitable trolls, but this is a situation where we're talking about real lives being ruined not only by Ebola itself, but by purposefully orchestrated false stories and resulting panic, often using the Web as its carrier.

Thankfully, the Internet is still one place where we individually and collectively still have some real control.

Take care.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 05:43 PM | Permalink

August 13, 2014

In UK, Experimenting With Heart Attack Victims Without Consent

Direct from the UK comes word of one of the more dubious medical experiments I've heard of in some time, that should raise ethical red flags around the world.

If you live in the Welsh, West Midlands, North East, South Central and London Ambulance Service areas, and you take no action to opt-out from a planned new University of Warwick study -- and you're unfortunate enough to have a heart attack -- you may randomly find yourself treated with a placebo rather than the conventional treatment of adrenaline. If you die from your heart attack, researchers will not actively seek out your relatives to inform them of how you were treated.

Persons who happen to see advertisements about the study in those areas and so learn of its existence can in theory opt-out --otherwise, you're a lab rat whether you want to be or not.

Researchers have a legitimate question -- does adrenaline therapy in these situations do more harm than good? Unfortunately, in their attempt to avoid study bias, they have violated a basic informed consent principle of ethical experimentation.

I suspect that this study stands a good chance of collapsing in the light of publicity, and the litigation potential appears enormous even for the UK. If nothing else, I would expect to see campaigns urging UK residents in the affected areas to opt-out en masse.

I would opt-out if I lived there.

Sometimes ostensibly "good science" is unacceptably bad ethics.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 11:19 AM | Permalink

July 29, 2014

When Web Experiments Violate User Trust, We're All Victims

If you ever wonder why it seems like politicians around the world appear to have decided that their political futures are best served by imposing all manner of free speech restrictions, censorship, and content controls on Web services, one might be well served by examining the extent to which Internet users feel that they've been mistreated and lied to by some services -- how their trust in those services has been undermined by abusive experiments that would not likely be tolerated in other aspects of our lives.

To be sure, all experiments are definitely not created equal. Most Web service providers run experiments of one sort or another, and the vast majority are both justifiable and harmless. Showing some customers a different version of a user interface, for example, does not risk real harm to users, and the same could be said for most experiments that are aimed at improving site performance and results.

But when sites outright lie to you about things you care about, and that you have expected those sites to provide to you honestly, that's a wholly different story, indeed -- and that applies whether or not you're paying fees for the services involved, and whether or not users are ever informed later about these shenanigans. Nor do "research use of data" clauses buried in voluminous Terms of Service text constitute informed consent or some sort of ethical exception.

You'll likely recall the recent furor over revelations about Facebook experiments -- in conjunction with outside experimenters -- that artificially distorted the feed streams of selected users in an effort to impact their emotions, e.g., show them more negative items than normal, and see if they'll become depressed.

When belated news of this experiment became known, there was widespread and much deserved criticism. Facebook and experimenters issued some half-hearted "sort of" apologies, mostly suggesting that anyone who was concerned just "didn't understand" the point of the experiment. You know the philosophy: "Users are just stupid losers!" ...

Now comes word that online dating site OkCupid has been engaging in its own campaign of lying to users in the guise of experiments.

In OkCupid's case, this revelation comes not in the form of an apology at all, but rather in a snarky, fetid posting by one of their principals, which also includes a pitch urging readers to purchase the author's book.

OkCupid apparently performed a range of experiments on users -- some of the harmless variety. But one in particular fell squarely into the Big Lie septic tank, involving lying to selected users by claiming that very low compatibility scores were actually extremely high scores. Then OkCupid sat back and gleefully watched the fun like teenagers peering through a keyhole into a bedroom.

Now of course, OkCupid had their "data based" excuse for this. By their claimed reckoning, their algorithm was basically so inept in the first place that the only way their could calibrate it was by providing some users enormously inflated results to see how they'd behave, then studying this data against control groups who got honest results from the algorithm.

Sorry boy wonders, but that story would get you kicked out of Ethics 101 with a tattoo on your forehead that reads "Never let me near a computer again, please!"

Really, this is pretty simple stuff. It doesn't take a course in comparative ethics to figure out when an experiment is harmless and when it's abusive.

Many apologists for these abusive antics are well practiced in the art of conflation -- that is, trying to confuse the issue by making invalid comparisons.

So, you'll get the "everybody does experiments" line -- which is true enough, but as noted above, the vast majority of experiments are harmless and do not involve lying to your users.

Or we'll hear "this is the same things advertisers try to do -- they're always playing with our emotions." Certainly advertisers do their utmost to influence us, but there's a big difference from the cases under discussion here. We don't usually have a pre-existing trust relationship with those advertisers of the sort we have with Web services that we use every day, and that we expect to provide us with honest results, honest answers, and honest data to the best of their ability.

And naturally there's also the refrain that "these are very small differences that are often hard to even measure, and aren't important anyway, so what's the big deal?"

But from an ethical standpoint the magnitude of effects is essentially irrelevant. The issue is your willingness to lie to your users and purposely distort data in the first place -- when your users expect you to provide the most accurate data that you can.

The saddest part though is how this all poisons the well of trust generally, and causes users to wonder when they're next being lied to or manipulated by purposely skewed or altered data.

Loss of trust in this way can have lethal consequences. Already, we've seen how a relatively small number of research ethical lapses in the medical community have triggered knee-jerk legislative efforts to restrict legitimate research access to genetic and disease data -- laws that could cost many lives as critical research is stalled and otherwise stymied. And underlying this (much as in the case of anti-Internet legislation we noted earlier) is politicians' willingness to play up to people's fears and confusion -- and their loss of trust -- in ways that ultimately may be very damaging to society at large.

Trust is a fundamental aspect of our lives, both on the Net and off. Once lost, it can be impossible to ever restore to former levels. The damage is often permanent, and can ultimately be many orders of magnitude more devastating than the events that may initially trigger a user trust crisis itself.

Perhaps something to remember, the next time you're considering lying to your users in the name of experimentation.

Trust me on this one.

I am a consultant to Google -- I speak only for myself, not for them.

Posted by Lauren at 01:04 PM | Permalink

     Privacy Policy