Tuesday, November 30, 2010

Wikileaks vs. The United States (again)...

For anyone who doubts the complexity of cybersecurity, both as a technical and political problem, just look at what's been happening with Wikileaks over the past 48 hours.

In a nutshell, on Sunday, somebody leaked about 250,000 classified documents from within the U.S. State Department and posted them on Wikileaks. The website is designed to be a safe haven for "whistle-blowers" and its stated purpose is to expose corruption in both the government and the private sector, but it's certainly come under scrutiny in the past for, among other things, publishing a list of U.S. nuclear sites.

This new round of leaked documents exposes the secretive world of global diplomacy. Sensitive conversations by government officials that were thought to be private can now be read by any 7th-grader with internet access. Some of the revelations include how the king of Saudi Arabia is urging the U.S. to bomb Iran, how Turkey is being aggressive and wants to expand its sphere of influence in a "neo-Ottoman Empire", and how U.S. diplomats overseas are also acting as spies, engaging in active espionage.

Reactions to the leaked documents are, literally and figuratively, all over the map. U.S. Senator Joseph Lieberman said that Wikileaks is endangering the lives of thousands of Americans, but didn't go so far as Representative Peter King who suggested that Wikileaks be officially designated as a Foreign Terrorist Organization. Meanwhile, the State Department has been scurrying to defend its diplomats citing emphatically that they are not spies. The U.S. ambassador to Pakistan immediately wrote an essay that was published in a leading Pakistani newspaper to apologize for any disparaging statements made about their country and their leadership. The Arabist notes that the incident "might reverberate much more strongly in the Arab world, where press freedom and government transparency are extremely limited". And, in perhaps the most interesting reaction, President Ahmadinejad of Iran actually criticized the Wikileaks disclosure as being "invalid" and called it nothing but "a plot" conceived of by the American government to conduct "psychological warfare" against Iran.

So that's the story - minus one more plot twist. Apparently, minutes before Wikileaks posted the classified documents, when the word got out of what was about to happen, a cyberattack was launched against the site, in an attempt to completely shut Wikileaks down. Care to take a guess who might have been behind it?

A few questions need to be raised...

1) Is cybersecurity a technical problem, or a political one? Increasingly, it's both - a lesson that policymakers deny at their own peril.

2) Why doesn't the government shut down Wikileaks? Because it's the internet, stupid! The website itself is hosted on a server overseas where the U.S. has no jurisdiction, and the founder of Wikileaks, Julian Assange, is an Australian citizen who, since the site was created in 2006, has lived in many countries and is "constantly on the move". The goverment launched their cyberattack against the site because they are well aware that shutting down Wikileaks through traditional legal channels would be uber-complicated and take several years.

3) Did Wikileaks actually break the law? This is the most fascinating question of this case because the answer is NO. The anonymous individual who actually leaked the classified documents broke the law, but Wikileaks, which played no role other than hosting the materials, was simply a forum. In a free press society there is no "prior restraint", and indeed the U.S. has a long history of classified material being published in newspapers. Remember the Pentagon Papers? Because, at the very least, it's not clear that Wikileaks actually broke the law, the question about what the government should do to stop the site is that much more complicated.

4) To what extent is Wikileaks, and other sites like it, a serious problem? From the American perspective, two different cultural values are at odds with each other... freedom of the press vs. national security. Benjamin Franklin famously said, "Any society that would give up a little liberty to gain a little security will deserve neither and lose both". Then again, Abraham Lincoln added, "The Constitution is not a death sentence". We can debate this conflict of values in academia all we want, but at some point we have to recognize when something is, indeed, a true threat to our security. Is Wikileaks there yet? Ultimately, it's still just a problem, not yet a threat. However, whenever classified State Department documents are stolen, then shared publicly with the world, endangering the lives of some officials, and certainly doing damage to our reputation and foreign policy efforts abroad... let's just say that that, in and of itself, is definitely not a good thing.

This story is far from over.
  

Wednesday, November 24, 2010

Check the Facts: China Hijacks 0.015% of Internet Traffic...

A friend called me up on the phone last week all excited with a breaking story. He told me that China had apparently hijacked 15% of all internet traffic, and that it was all over the news.

Well, he was right. Not about the 15%, but about the 15% number being reported in the news - which, by the way, was totally wrong. The actual amount of internet traffic that was hijacked was 0.015%.

The erroneous number originated from National Defense Magazine which was quoting a researcher from McAfee’s security team. It has since been refuted by Craig Labovitz at Arbor Networks who focuses more on internet traffic flows and less on "security hype".

A few quick lessons from this tale... First, we should all be careful of regurgitating news that warrants some skepticism. Most knowledgable people could never possibly believe that 15% of all internet traffic was suddenly hijacked. It's not technically possible. At the very least, make an effort not to be part of the echo chamber.

Second, companies have agendas. This may seem like a lesson taught in Capitalism 101, but private companies want to make money, and it's not unheard of for them to drum up some business by exaggerating the reasons why people need to buy their services. Here you have a digital security firm, McAfee, arguing that people should purchase their products because the internet is insecure, then grossly mis-stating how insecure it actually is. This shouldn't be so shocking; It's still not ok.

Unfortunately, the clamor over the misreported facts is obscuring the piece of news that actually does matter... that China did, in fact, briefly hijack a small percentage of the world's internet traffic. Bloggers and pundits can disapprove of McAfee all they want, but let's try and keep our eyes on the ball.
  

Monday, November 22, 2010

The Double-Edged Sword that is Stuxnet...

Two months ago, a computer worm named Stuxnet infected tens of thousands of machines in Iran, and specifically targeted the centrifuges of suspected Iranian nuclear facilities. Most experts agreed that this worm was far too sophsticated to have been created by individual hackers, and therefore must have been state-sponsored. The U.S. and Israel immediately became suspects, although both governments denied any role in the cyberattack.

The Nerfherder argued that launching a cyberwar against one's enemies could be accomplished without fear of any meaningful reprisal. That being the case, we also questioned whether doing so wouldn't be actually be smart policy in order to attain desired political outcomes.

However, Stuxnet is fast becoming a double-edged sword. Reports surfaced all last week how the worm is now posing a significant threat to vital American industries.

A senior government official warned Wednesday that attackers can use information made public about the Stuxnet worm to develop variations targeting other industries, affecting the production of everything from chemicals to baby formula.

"This code can automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate to the operator and your antivirus software that everything is functioning as expected," said Sean McGurk, acting director of Homeland Security's national cybersecurity operations center.

Stuxnet specifically targets businesses that use Windows operating software and a control system designed by Siemens AG. That combination, said McGurk, is used in many critical sectors, from automobile assembly to mixing products such as chemicals.


The threat is frightening federal agencies to such a degree that a new bill was unveiled last Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss.) that would actually grant the Department of Homeland Security authority over private sector networks deemed critical to national security.

That would be an extreme reaction. However, what is all-too-real at the moment is how a computer worm that, perhaps, was created by the U.S. government to disrupt the Iranian nuclear program, is now being redirected back at us.

And therein lies a principle lesson of cyberwarfare (and a caveat to our previously stated argument)... It doesn't seem like such a great idea anymore once you are the victim being targeted.
  

Friday, November 19, 2010

10 Amazing Google Side Projects You Never Heard Of...

Everyone and their mother knows that Google has a stranglehold on the internet search market. But by no means is that where this technological giant leaves off.

Thanks to Samantha Rhodes for emailing me this list. These ten Google side projects could potentially revolutionize everything from your morning commute to evening television, or they might go nowhere except to the annals of "very cool" stuff that never materialized.

Will pre- and post-Google be the way technology is referred to in the future?

  1. Google Cars
    The world of traffic jams and fender benders just might be coming to an end. With this amazing technological breakthrough, Google announced that it has developed cars that can drive themselves. Over 140,000 miles of road in California have been automatically driven in traffic by Google over the last months. Those with safety concerns have to be impressed by the vehicle’s instant reaction time and 360-degree awareness, which both reduce the instance of accidents and reduce traffic by being able to drive a fleet of cars as one. With successful test runs already completed, it might not be long before people are actually encouraged to surf Google and “drive” at the same time.




  2. Google Goggles
    That isn’t a typo, Google actually offers a feature named Goggles. Once again revolutionizing the world of search engines, this feature actually allows people to use pictures to search the web. The app available for smart phones allows you to take a photo, search for it, and get results instantly. It can even recognize text, translate into different languages, and even bring up contact information. Be sure to click on the video to see both the limitations and amazing results this app can bring.

  3. Google Instant
    If you haven’t noticed by now, typing in words into the Google homepage brings up results instantly as you type. This allows browsers to see results instantly, correct spelling errors as they type, and avoid that lengthy process of hitting the Enter button. Predictions are still available, with the most relevant or popular ones still popping up as you type and can be easily selected. Those who don’t enjoy the change can turn off Google Instant by visiting the Preferences page.

  4. Google TV
    In a collaborative effort with Sony, Google has now invaded the world of television. Their internet TV software brings Hulu, Twitter, Netflix, YouTube, and Pandora direct to the television. With models starting at $599 for a 24 inch, they offer several USB and HDMI ports, and even Wi-Fi capabilities for each set. Best of all, there is no extra cost for those who already have existing cable or satellite services to enjoy Google TV.

  5. Google Top Box
    If your brain or your wallet isn’t ready for Google TV, there is hope. Both cheaper and working with many existing televisions, the set top box features many of the advantages of the television. Those who are wary of purchasing new tech as it hits the shelves will be able to wait a while and then choose between the television or top box.

  6. Google Wind
    Sure we have the tech, but do we have the technology to power it? Google is making that possible in a greener way. They recently announced that they will invest in an enormous new project to build offshore wind farms off the mid-Atlantic coast that could bring energy to as many as 1.9 million households. Named the Atlantic Wind Connection, it would produce 6,000 megawatts of wind turbine capacity.

  7. Google Innovation
    Ever wish your boss wouldn’t care if you spent five minutes checking your Facebook account? Then apply for a job at Google. Its employees are granted a generous 20 percent in “innovation time.” In it, employees are allowed to spend a fifth of their day, or over one and a half hours in a regular work day, researching or exploring items outside their normal duties. While there are skeptics who believe this is a ruse, the idea has generated enough buzz to be considered seriously by any employer.

  8. Google Webmaster
    Although the original Webmaster has been around for a while, there have been recent developments. In the pat, it allowed certain users to get data about crawling, indexing, and search traffic. However, new parameter handling features have become available to everyone and are explained in further detail by Search Engine Land.

  9. Google Social
    Although social media may be dominated by Facebook, Twitter, and the like, Google has not given up that piece of the pie just yet. With the addition of social planning start up Plannr, Google Me is one step closer to bringing itself into competition.

  10. Google Earth
    Although this feature has been around for a while, the things it discovers have not ceased to cause headlines. Expanding every day, images can be seen as far away as Antarctica. There are even grisly reports that Google Earth has captured images that any other site or media outlet could never before. On the other end, Google Earth can even help lead to scientific discoveries such as meteor craters.

  

Friday, November 12, 2010

How to Fight Online Tracking Programs...

The New York Times has just posted a great list of tools that people ought to consider using to protect themselves from online tracking.

Yes, whatever you do online is somehow being tracked, and it doesn't make you a conspiracy-theorist to say so. It's a matter of fact. The websites you visit keep records of how much time you spend on a site, which pages you visit, what site you came from beforehand, what site you went to afterwards, and about a thousand other bits of information that are then used for marketing purposes.

People often conjure up images of Big Brother, but it's not the government who's tracking you online... it's the advertising industry. They do so by implanting cookies (specialized files that are saved onto your hard drive), as well as "supercookies" like Flash and document object management (or DOM) cookies, which can hold more information. Another method used is the deployment of "Web bugs" or "beacons", which let sites record statistics like what ads attracted you to the site and whether you bought something.

Most people are at least somewhat aware that they should delete their cookies once-in-a-while. But supercookies and web bugs actually are NOT deleted when you clear out regular cookies through your browser. Here are some quick summary links from the NY Times article on a few steps you can take to fight the online trackers...

  1. Remove standard cookies. Here are instructions for doing so on all four major browsers.

  2. To remove Flash cookies, visit Adobe’s online Flash Player settings page at bit.ly/cw2roU, click on the “Website Storage Settings” panel and remove all or some of the files. Block or restrict future third-party Flash cookies by going to the “Global Storage Settings” panel.

  3. Download some privacy-oriented plug-ins for your browser. Most of these not only allow you to manage cookies, supercookies, and web bugs, but they also let you see who is trying to follow your online movements and helps you decline targeted ads from different ad networks. Such plug-ins include BetterPrivacy, Taco, Ghostery, and CCleaner.

  4. Slow down the marketers by spreading your searches among several engines. Also consider using different companies for search and Web-based e-mail.

  5. Use a search engine that does not track users’ activity. Scroogle.org lets you search with Google without being tracked or seeing ads. Startpage runs simultaneous searches on multiple engines anonymously.

  6. Mask your IP address. Try anonymizing software like Tor or OpenVPN.



Hopefully, you'll find this list pretty helpful. If one thing's for sure it's that the online marketers aren't disappearing anytime soon. Taking a few simple steps goes a long way towards protecting yourself.
  

Wednesday, November 10, 2010

Free Speech on Facebook as an Employee Right...

Anyone reasonable person knows better than to publicly insult their employer on Facebook. Nevermind what's legal; we don't do it out of fear of the consequences.

Well, one gutsy individual named Dawnmarie Souza, an emergency medical technician, did exactly that to her employer, American Medical Response of Connecticut. She apparently used "impolite language to insult her supervisor" through posting public comments on Facebook.

Then, in a not-so-shocking turn of events, she was fired.

But here's where this story becomes newsworthy. A court case is being brought by a U.S. federal agency, the National Labor Relations Board, on Ms. Souza's behalf. They assert that according to the National Labor Relations Act, "social media activity concerning workplace environments, including personnel, constitute protected speech under the provisions of the First Amendment".

Maybe you buy into that argument, or maybe you don't. However, what's interesting is that it's not one zany individual, nor is it some quirky ideological organization, that's making the case against the workplace firing. It's the United States Government!

To be fair, American Medical Response of Connecticut claims that the Facebook posts were only one factor in Ms. Souza's termination, and that there were other reasons. Now, many people's first instinctive thought might be how most states have "at will" employment - meaning that employers can fire anyone without explaining it and without allowing for free speech rights. However, the argument being made in this case isn't directly focused on employment, but instead is actually centered on "working conditions".

So is restricting an employee's ability to freely comment on social media sites a form of poor workplace conditions? Does it really fall into the same category as the old sweatshops of the early industrial era?

The National Labor Relations Board apparently thinks it does.

The NLRB seems to be overreaching a bit here, but the federal courts will ultimately make the final determination. Regardless of the outcome, it's pretty fair to say that at a time when people's privacy and free speech rights online are rapidly eroding, the very existence of this suit is something just shy of, to use RWW's description, "miraculous".

Still, don't drink the kool-aid just yet. If you read into this development as a total green light to publicly criticize your employer, be prepared to deal with the consequences.
  

Thursday, November 04, 2010

Internet Politics 2010...

With this week's Congressional elections behind us, what can we learn from them in terms of gauging the current state of internet politics?

Live-blogging for the New York Times, David Carr sparks the debate...

The Future of Politics Looked a Lot Like the Past.

No matter what screen you watched this election on, it looked like you were staring at the future. CNN looked like the set for the next Tron movie, ABC News Now was a Twitter steam rendered for broadcast, and at NBC, Chuck Todd spoke next to a small White House that was actually a digital mirage that he whisked away with a swipe of his hand.

But if you stared into the soul of the new machine, you could see the gears grinding and smell the burned oil rising out of the process. President Obama, the first social media president, swept into office on small money raised virally and activated his base with mice moving in unison. But this time around, it was old-line, cold hard cash, combined with an even more ancient mechanism, a kind of primal fear, that drove the process. The people were angry and frightened, and they were in the mood to get some heads rolling. And they came with the force of a battering ram, not an incoming flutter of e-mail. People are worried in a way that doesn’t come through on Facebook updates or Twitter posts.


Does the 2010 election cycle repudiate many of the so-called "lessons" of 2008? For example, whatever happened to the new-age wisdom of the importance of social media presence? Or how about the need to foster viral marketing of candidates? What about the transformative effect that online campaign fundraising was supposed to have?

There are so many factors to consider before jumping to conclusions, that it would be folly to do so. Foremost, 2008 was a presidential election year - bringing with it far more popular attention (not to mention actual voters) - as compared to 2010 being a midterm election with far less fanfare (of course, this depends on who you're talking about, but let's just say that I doubt the politics of Rep. Steve Rothman of New Jersey's 9th Congressional District were lighting up too many office watercooler conversations). Comparing 2008 and 2010 is like comparing apples and oranges, for many reasons.

That said, what the 2010 election DOES illustrate is that, internet or not, midterm election outcomes are still more about political parties than they are about specific candidates. As my previous blog post highlighted, just because one candidate is more popular online than another ultimately means very little as far as results go.

This is an important point because all of those aforementioned internet-centric questions revolve around the efficacy of individual candidates. A successful email campaign for one aspiring member of Congress doesn't mean a hill of beans when voters are voting for or against an entire political party. Since this time around political parties mattered more than the candidates, all of those internet tools - designed to enhance the standing of the individual - are rendered far less meaningful.

Likewise, when 2012 rolls around, and the individual candidate matters more again, expect their online campaigning to return to relevance.

This is why we shouldn't necessarily read too many overgeneralized lessons about internet politics from this most recent election cycle. All 2010 has accomplished in that regard is to increase our data set, or our sample size. The old differences between midterm and presidential election campaigns persist, so now let us start analyzing how internet politics affects each of these types independently.