A Modest Proposal: Identifying Europeans on the Internet for Their Protection


With European politicians and regulators continuing to churn out proposed regulations to protect their citizens from the evils of the Internet, via “The Right To Be Forgotten” — and the currently under consideration Article 11 “link tax” and Article 13 content filtering censorship proposals — it is becoming more important than ever that Internet sites around the world be able to identify European users so that they may be afforded “appropriate” treatment at those sites, including blocking from all services as necessary.

Already, some Europeans are suggesting that they will attempt to evade the restrictions that have been implemented or proposed by their beneficent and magnificent leaders. The world must band together to prevent Europeans users from pursuing such a tragic course of actions.

Obviously, all VPN usage by Europeans that attempt to obscure the European geographic locations of their source IP addresses must be banned. In fact, it would be even safer for Europeans if all usage of VPNs by Europeans were prohibited by their governments, except under extraordinary circumstances requiring government licenses and monitoring for inappropriate usage.

All web browsers used by Europeans should be required to send a special “protected European resident” flag to server sites, so that those sites may determine the appropriate blocking or other disposition of those browser requests. Use of unapproved browsers or tampering with browsers to remove this protection flag would of course be a criminal act.

We must also solve the problem of Europeans traveling outside of Europe, where they might be tempted to use public Internet access systems that do not meet the high standards of protection required by European regulations.

One possible solution to this dilemma would be to require the permanent implantation of RFID identification capsules in all Europeans who travel beyond the protected confines of Europe. Don’t worry — these need not individually identify any given person, they need only identify them as European. Scanning equipment at public computers around the planet could detect these implants and automatically apply appropriate European protection rules. Europeans would be free to travel the world with no fears of accidentally using systems that did not apply their government’s protective regulations!

This modest proposal of course only scratches the surface of the sorts of solutions that will be needed to help assure that EU citizens fully and completely abide by their governments’ benevolent actions and requirements.

But the EU and its residents can feel confident that the rest of the world’s Internet will do its part to help keep Europeans safe, secure, and law-abiding at all times!

–Lauren–

Google’s New AI Principles Are a Model for the World


In the wake of Google’s announcement that they will not be renewing their controversial “Project Maven” military AI contract when it expires next year (“Google — and the Defense Department’s Disturbing ‘Maven’ A.I. Project Presentation Document” – https://lauren.vortex.com/2018/05/31/google-dod-disturbing-maven-ai-document), Google has now published a post describing their policy positions regarding AI at Google going forward: “Artificial Intelligence at Google: Our Principles” (https://www.blog.google/topics/ai/ai-principles).

Since I was on balance critical of Google’s participation in Project Maven, but am very supportive of AI overall (“How AI Could Save Us All” – https://lauren.vortex.com/2018/05/01/how-ai-could-save-us-all), I’ve received a bunch of queries from readers asking how I feel about Google’s newly announced AI principles statement.

“Excellent” is my single word summary, especially in terms of the principles being balanced — and above all — realistic.

AI will be a critical tool going forward, both in terms of humanity and the global ecosystem itself. And like any tool — reaching all the way back to a chunk of rock on the ground in a prehistoric cave — AI can be used for good purposes, evil purposes, and in a range of “gray area” scenarios that are more difficult to cleanly categorize one way or the other.

It’s this last set of concerns, especially AI applications with multiple uses, that I’m particularly glad to see Google addressing specifically in their principles post.

For those of us who aren’t psychopaths or sociopaths, most fundamental characteristics of good and evil are usually fairly obvious. But as one grows older, it becomes apparent that the real world is not typically made up of black and white situations where one or another set of these characteristics exist in isolation — much more often we’re dealing with a complicated kaleidoscope of interrelating issues.

So — to address one point that I’ve been most asked about over the last couple of days regarding Google’s AI statement — it is entirely appropriate that Google explicitly notes that they will not be abandoning all aspects of government and military AI work, so long as that work is not likely to cause overall harm. 

In a “perfect” world we might not need the military — hell, we might not even need governments. But this is not a perfect world, and it’s one thing to use AI as a means to kill ever more people more efficiently, and something else entirely to use AI defensively to help protect against the genuine evils that still pervade this planet, as Google says it will do.

AI is still in its relative infancy, and attempts to accurately predict its development (beyond the very short term) are likely doomed to failure. AI principles such as Google’s will always by necessity be works in progress, and Google in fact explicitly acknowledges this fact.

But ethical firms and ethical governments around the world could today do themselves, their employees, and their citizens proud by accepting and living by AI principles such as those that Google has now announced.

–Lauren–

 

 

 

 

 

 

 

Why We May Have to Cut Europe Off from the Internet


It’s no joke. It’s not hyperbole. If the European Union continues its current course, the rest of the world may well have to consider how to effectively “cut off” Europe from the rest of the Internet — to create an “Island Europe” in an Internet communications context. 

For those of us involved with the Net since its early origins, the specter of network fragmentation has long been an outcome that we’ve sorely hoped to avoid. But continuing EU actions could create an environment where mechanisms to tightly limit Europe’s interactions with the rest of the global Internet may be necessary — not imposed with pleasure, not with vindictiveness, but for the protection of free speech around the rest of the planet.

The EU will later this month be voting on a nightmarish copyright control scheme (“Article 13”) that would impose requirements for real-time “copyright filtering” of virtually all content uploaded to major and many minor Internet sites, with no protections against trolling, and the certainty of inappropriately blocking vast quantities of public domain and other materials, with no real protections against errors and no effective avenues for appeals. Please see:

“On June 20, an EU committee will vote on an apocalyptically stupid, internet-destroying copyright proposal that’ll censor everything from Tinder profiles to Wikipedia” (https://boingboing.net/2018/06/07/thanks-axel-voss.html).

Even if this specific horrific proposal is voted down, it’s important to review how we came to this juncture, as the EU has increasingly accelerated its program to become the Internet’s global censorship czar, in ways that even countries like China and Russia haven’t attempted to date.

As far back as 2012 and earlier, in “The ‘Right to Be Forgotten’: A Threat We Dare Not Forget” (https://lauren.vortex.com/archive/000938.html), I warned of the insidious nature of content censorship schemes flowing forth from Europe, and I’ve consistently warned that — like the proverbial camel’s nose under the tent — Europe would never be satisfied with any concessions offered by Internet firms. 

Time has borne out my predictions. In ensuing years, the EU has expanded its demands until now it considers itself in key respects to be the global arbiter of what should or should not be seen by Internet users around the world. 

Like other of civilization’s information control tyrants, a taste of censorship powers by the EU has inevitably led to utter censorship gluttony, and the sense that “we know best what those stupid little people should be allowed to see” is as old as human history, long predating modern communications systems.

European citizens are of course free to elect whatever sorts of governments that they choose. If that choice is for information control tyrants whose pleasure is to victimize their own citizens, so be it.

But if Europe continues to insist that its tyranny of censorship and information control must be honored by the rest of the world, then the rest of the world will be reluctantly forced to treat Europe as an Internet pariah, and use all possible technical means to isolate Europe in manners that best protect everyone else’s freedom of Internet speech. 

–Lauren– 

When Google Blames Users for Privacy Problems


One of my favorite user interface (UI) design adages is pretty much simplicity itself:

When you blame the users, you’ve already lost the argument.

I’m reminded of this by Google’s public reactions to a recent study revealing that almost a third of nearly 10,000 sampled Google G Suite commercial customers were unwittingly exposing sensitive corporate and/or customer data to the public Internet without access protections: “Widespread Google Groups Misconfiguration Exposes Sensitive Information” (https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/).

Without getting into the technical details here, the underlying issues relate to the multiplicity of settings that control public access to Google Groups and their associated mailing lists. While Google defaults these to their most secure settings, the sheer quantity of misconfigured, potentially information leaking sites represents an empirical proof that a very significant number of G Suite users and administrators are not adequately understanding these settings, with resulting privacy-negative impacts.

Google’s response — in essence — has been “RTFM” (Read The F‑‑‑‑‑‑ Manual): The settings are there, if you’re not using them correctly, that’s your problem, not ours!

And while Google has posted some additional related info (e.g. on their G Suite Updates Blog), those explanations mostly stand to emphasize the relative complexity of the interface, and no changes that I’m aware of have been made to the interface in response to these concerns.

The situation is a bit reminiscent of auto manufacturers who resisted redesigning key aspects of their vehicles, even as it became ever more obvious that significant numbers of drivers were having accidents due to existing design elements.

As far as I’m concerned, the scope of the reported G Suite privacy leakage problems indicates nothing less than a privacy design failure in this instance.

Rather than trying to make excuses for an existing user interface that is clearly failing significant numbers of customers (and with G Suite, we’re talking about paying customers!), Google needs to take an immediate and hard look at the specific design aspects that are enabling these misconfiguration-based confidential information exposures.

A practical fix might not even involve major changes to the UI, and might be adequately served by mechanisms as simple as more in-your-face “pop-up” warnings to users and administrators, appearing in conjunction with additional confirmation dialogues when associated privacy-sensitive settings are being altered.

But clearly, explanatory blog posts aren’t going to cut the mustard for these kinds of problems, and I urge Google’s world-class privacy team to effectively address this situation as soon as possible.

–Lauren–

Hate Speech — and Google’s Public Relations “Death Wish”


I’ve been writing publicly for a long time. Sometimes it feels like my earliest articles and posts were composed in runic alphabets inscribed on stone tablets. I’ve always had a rule that I’ve tried to abide by: “Never write when you’re angry!”

Today I’ll violate that self-imposed prohibition. I’m in a vile mood, and I’m here at the keyboard anyway.

Those of you who have followed my writings (and have still somehow managed to maintain a semblance of sanity) know that I frequently deal with Google-related issues. I started doing that shortly after Google first appeared on the Net, and here we are now almost 20 years later. 

I was pretty tough on Google back then. I was unhappy with their privacy practices at the time and some other related issues, and I was not reluctant to present my feelings about such matters. Similarly, as Google evolved over the years into a world-class example of privacy and security best practices and has done so much other good work, I’ve enthusiastically pointed out the efforts of the Google teams involved. And when I feel that Google has screwed up regarding something these days, I point that out directly as well.

My policy of always trying to honestly write about issues using a “call ’em as I see ’em” philosophy has left a lot of partisans unhappy on both sides of the political spectrum, who view any variance from “the party line” on any given matter to be both dangerous and intolerable.

This has been a reality to one extent or another since the earliest ARPANET days when I first began publicly posting, but has in recent years blown up into an orders of magnitude more vicious state of affairs.

For example, late last week I spoke about Google on a national radio venue where I very frequently guest, and pushed  back against the false claims of some national GOP politicians, who were again parroting the Big Lie that Google purposely suppressed and undermined conservative viewpoints (the trigger this time was a search results Knowledge Panel error due to a defaced Wikipedia source page).

I’m usually happy to do this — I get paid nuthin’ for these appearances — I value the opportunity to speak some truth before these very large audiences that all too often are trapped in propagandistic, anti-technology filter bubbles where outright lies about firms like Google are common currency.

It’s gratifying to so frequently the next day get emails that say variations of “Thanks for that — nobody ever explained it to me that way before!”

But over time, and especially since the 2016 elections, the worst aspects of our toxic political environment have been contaminating more and more of these discussions, to the extent that my on-air comments supporting Google last week — perhaps because Donald Trump, Jr. was involved — have triggered a hate speech campaign that is rather sickening to behold. 

This has happened before — and I have a pretty thick skin.

Yet this time it feels different. I find myself wondering why the blazes I keep sticking my neck out this way. This isn’t my job. I don’t get paid for anything I write or say these days — I’m long term unemployed and try to get by with whatever sporadic and limited consulting I can dredge up from time to time.

More to the point, one wonders — especially with so much at stake — why Google isn’t taking a more proactive stance to protect the company, their employees, and the global community that depends on them — from the ongoing torrent of politically-motivated lies and attacks that are clearly designed to set the stage for broad censorship and government micromanagement of data for political purposes! Why doesn’t Google have employees out there doing what I’m doing? Why does Google continue to create a vacuum through their silence, a vacuum that haters fill with outright lies that most onlookers have no simple way to differentiate from the truth?

Of course we already know part of the answer. Google is famously terrified of the so-called “Streisand Effect” — the fear that even retorting lies will lend credence and more attention to them.

20 or even arguably 10 years ago, this might on balance have been a reasonable philosophy for Google to practice as a cautious firm.

But today, I’m increasingly convinced that Google’s not fighting back against these lies in every possible legitimate way amounts to a kind of corporate “death wish” that is ultimately putting everything good that Google has built and stands for at terrible risk.

And if Google loses this war, we all lose.

Governments, politicians, and other entities (including not only the alt-right but also many elements of more conventional left and right-wing politics as well), are using Google’s reticence for battle as a green light for the acceleration of anti-Google efforts to push intolerant information-control agendas on national, transnational, and global scales.

If such forces succeed in decimating Google in the manners that are being postulated, the results could be catastrophic for free speech around the planet.

Knowing Googlers as I do, it seems certain that most of them see these dangers very clearly from the inside — yet the “death wish” in terms of how Google actually communicates with the outside world seems more encompassing than ever.

This makes me very sad — and as I said above very angry as well.

The deep, dank pit looms before us, and the razor sharp blade of the pendulum descends closer with every tick of the clock. Either we deal with these issues seriously and effectively now, or very soon we’ll find that our wonderful hoped-for tomorrows have turned into nothing but a putrid, rotting pile of wasted yesterdays.

And that’s the truth.

–Lauren–