Monthly Archives: March 2018

by Liza Loop | March 30, 2018 · 10:45 am

More Musings on Online Privacy

Have you seen this recent viral article on the information social media companies collect about you?

Trust

In the one of the first replies to this article (no, I didn’t read them all) the writer asks “Do you really trust Google?” My answer is “yes, completely”. Google is a for profit information company and I trust it to collect every scrap of information about me and the rest of the world it can. I trust it to profit from this information in any way it can. A company, like a robot or an AI, has no human morality, no conscience, no moral compass. These characteristics have to come from the humans who control it — or abdicate that control.

“Trust” does not stand alone as a concept. To be meaningful it has to be accompanied by answers to the questions, trust whom? to do what? under what circumstances? And it is we humans who must supply those answers, thoughtfully.

Thoughts Left Out

What this article doesn’t say explicitly is that turning on the security controls doesn’t stop the tracking. The next step to privacy is to be very specific about what actions to take. For example, if I turn wi-fi off on my computer is it really offline or just not reporting to me? It isn’t in the interest of Google to tell us these things. The company’s advertisers (other profit-making companies) want us to expose ourselves so that they can entice us to buy their products. They don’t want us to control their access to information about us and they don’t want us to control our impulse to buy. Why would they make it easy for us to protect that information? Why would we “trust” them to do so?

I’ve been teaching since 1975 that the only way to stop a robot (or computer) is to detach it from its power source. That means, if it’s, say, solar powered, get inside it and snip the wires between the charger, the batteries and the cpu. This will also work if you want to stop a computer program designed to collect information that will result in giving it the ability to present images to us that will trigger behavior we might later regret. Asking a company to act against its self-interest seems unlikely to succeed. No matter how many apologies or assurances Facebook publishes, its survival depends on keeping your information flowing in. In the end, I don’t think greater privacy controls will solve the problem. Rather, we need to accept responsibility for responding to those oh-so-effective triggers.

What is Privacy?

The other thesis the article misses is that our whole concept/expectation of privacy has changed in the last 3 centuries. It used to be that “privacy” was the cultural practice of averting one’s eyes rather than today’s assumption that we ought to be able to prevent direct access to information. If you were a servant in an upperclass household, a clerk in a bank, or perhaps a resident in a multifamily, Native American longhouse, you saw a lot of things you never talked about. It’s only recently that a significant number of humans have lived in conditions where information we now expect to be “private” was not readily available across a broad swath of neighbors, relatives, and tradespeople. The more I confront this topic the more convinced I become that we will find relief from our distress in cultural adaptation, not technical fixes.

Maybe some of today’s youngsters have got a better idea. Just take naked pictures of yourself and post them.

What about rocks to defend schools?

When we are attacked, with words, fits, automatic weapons or bombs, we need to defend ourselves. Ordinarily I’m a peacenik and my first response to an attack is to search for a resolution to the conflict or try to mediate. But one has to survive to engage with the attacker for that strategy to work. Sometimes a rigorous defense followed by a counter attack is necessary. There has been much debate since the Feb. 14th Florida high school shooting concerning both prevention and immediate emergency response. Turning schools into barricaded, armed fortresses is a plan that marks one end of the spectrum. Establishing better mental health monitoring (pro, con) and restorative justice systems holds down the other end.

This morning I came across this suggestion: Arming schools with buckets of rocks in each classroom. While this idea may seem ludicrous at first it deserves a second look before we abandon it. Here are some pros and cons that have occurred to me.

Pros

Being hit by rocks may actually work to deter a shooter. At the very least it will be distracting
The defenders have a non-leathal action to take
Keeping rocks around is less dangerous than keeping guns
Confronting an attacker provides the threatened with a sense of effectiveness
Every child can throw a rock, some may even hit a disarming or disabling target
Rock throwers can surround the shooter increasing the likelihood of taking him/her down.

Cons

To be in a position to throw a rock exposes the thrower to the shooter
The thrower has to be relatively close to the shooter to be effective
One bucket of rocks is probably not enough
The rocks are still potential weapons that violent students could use against each other or school faculty or staff.

My thoughts are certainly not the last word on this subject and I’d like to hear what you think about it. My purpose in writing this blog is to explore radical and unusual ideas so please have at it.

1 Comment

Filed under Civic Engagement

by Liza Loop | March 22, 2018 · 3:08 pm

Who is responsible for my online security?

Today I was catching up on aging Facebook postings and happen to read this one from an old colleague:

Bob Frankston

March 19 at 5:18pm ·

#NotReadyForPrimeTime

Just saw the message in Chrome saying that in V70 some certificates will be distrusted and not load. I understand the security concerns.

But how am I supposed to build long lasting infrastructure when things can simply break because of events outside my control. My light switch (AKA the app on my wall devices) is supposed to work for a decade unattended. Is IoT just a joke?

Fortunately I don’t think I depend on those certificates but I am on notice that I better not build any persistent technology using the Internet.

Imagine building a bridge and discovering one day that you particular brand of steel bar has been recalled and suddenly all your bridges have been disabled.

(Woz and 13 others liked this.)

Now I know just a little about computer security but much more about the use of highly technical knowledge in social contexts. I’ve been interested in the public (as portrayed on radio news) is responding to reports of personal profile data being harvested from Facebook and other online sources such as you “smart refrigerator”. Such privacy questions have been relevant to me since my phone was tapped during the Vietnam War and Capt’n Crunch was whistling into long distance phone lines. So I made the following reply to Bob which started a little dialog with another poster, Karl:

Liza Loop We humans have created a new information environment that we haven’t figured out how to survive in yet. All our instincts about privacy are now inadequate. So you’re right, certificates and IOT security cannot be trusted at the moment. For me it has been a 50-year moment. My solution is, if you don’t want the world to know about it, don’t put it on a device that connects to anything else. This is analogous to keeping your mouth shut. Most of the time I just don’t care who knows what about me. When I do care, even paper isn’t secure enough. Don’t write it, don’t tell a “friend”, and most of all, don’t store it on a computer even the itty-bitty one in your doorbell. Maybe we’ll have a better solution in another 50 years.

Karl Schulmeisters actually Liza its worse than that. As Dwork shows with her differential privacy work, if there is a statistical database about human beings that is correlatable to external information – you or your device need not even be in the database to have data exfiltrated about you

Liza Loop Ya, I know. Someone is always watching and we have almost no control over that. But those who are currently making a lot of noise about privacy violations might do well to attend to the information they set loose with their own actions. When I post here on Facebook I don’t blame Zuckerberg for the outcomes, intended or unintended, his or mine. My point is that this is a broad human culture issue unleashed by technical change, not something we can fix with a few government regulations.

Karl Schulmeisters healthy way to look at it

Liza Loop Healthy is ok but we still need to figure out what to teach our children about privacy. Any suggestions? Of course they will only adopt part of what we try to tell them but I’m always surprised at how much my attitudes influence those of my children and grandchildren. When humans live in periods of radical environmental change, parenting, schooling and other forms of cultural transmission can impact which genetic lines survive and which die out. I think we happen to be living in such a critical period that it’s worth asking questions about topics like privacy and doing our best to think systematically about the possible future consequences of our current decisions. Blaming others isn’t very effective. As Pogo said, “We have met the enemy and he is us”.

Another person, someone with a background in security and cryptography popped into the conversation and tried to help me out by suggesting that I

Either tell them you don’t use surveillance apps from companies owned by greedy sociopaths, or that you do.

Your choice.

Then Bob, the person who started this conversation, added:

Bob Frankston This whole FB as your credential is an issue in itself. I try to avoid using FB as my credential. But this is another deep topic.

This discussion illustrates the problem I’d like to address. The lay public, large numbers of people who don’t understand what the phrase “FB as your credential” means, are the carriers of culture, the people who get interviewed and express opinions to the broadcast media and who vote for or against the legislators who enact our laws. I did find a 2015 CBS News article that explains the process but how many people actually question what’s going on when they see this Screen Shot 2018-03-22 at 2.37.50 PM on their screen? And whose responsibility is it to understand what you are doing when you follow a suggestion on your screen?

In my opinion the online world, cyberspace if you will, is a whole new ecological niche, one in which we don’t have any multigenerational experience. We don’t know what rules and customs will protect us and which will lead to extinction. Trying to hold businesses like Facebook or national governments responsible is kind of like blaming the shore for having a rip tide that sweeps us out to sea and drowns us. Sure, the local government can put up a few signs to warn us of the danger. Eventually our tribe will learn where it’s safe to swim and where to stay out of the water on this island. But a lot of lives will be lost in the process. Or, in the information case, a lot of privacy will be violated. In the meantime, I take the stand I posted to Bob: if you want to keep it private, don’t put it on a computer that is EVER, IN ANY WAY, connected to the internet.

Monthly Archives: March 2018

More Musings on Online Privacy

Trust

Thoughts Left Out

What is Privacy?

Like this:

What about rocks to defend schools?

Like this:

Who is responsible for my online security?

Like this:

Recent Posts

Recent Comments

Archives

Categories

Meta

Monthly Archives: March 2018

More Musings on Online Privacy

Trust

Thoughts Left Out

What is Privacy?

Share this:

Like this:

What about rocks to defend schools?

Like this:

Who is responsible for my online security?

Like this:

Recent Posts

Recent Comments

Archives

Categories

Meta