Surveillance-based manipulation: How Facebook or Google could tilt elections

Surveillance-based manipulation: How Facebook or Google could tilt elections
From Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.
By Bruce Schneier
Feb 26 2015
<http://arstechnica.com/security/2015/02/surveillance-based-manipulation-how-facebook-or-google-could-tilt-elections/>

Bruce Schneier is a cryptographer and security expert who has been blogging on those topics since 2004. He is the author of numerous books, including Carry On and Liars and Outliers. The following is an excerpt from his latest book, Data and Goliath: The Hidden Battles to Collect your Data and Control Your World. Copyright © 2015 by Bruce Schneier. With permission of the publisher, W. W. Norton & Company, Inc. All rights reserved.

Someone who knows things about us has some measure of control over us, and someone who knows everything about us has a lot of control over us. Surveillance facilitates control.

Manipulation doesn’t have to involve overt advertising. It can be product placement that makes sure you see pictures that have a certain brand of car in the background. Or just increasing how often you see those cars. This is, essentially, the business model of search engines. In their early days, there was talk about how an advertiser could pay for better placement in search results. After public outcry and subsequent guidance from the FTC, search engines visually differentiated between “natural” results by algorithm, and paid results. So now you get paid search results in Google framed in yellow, and paid search results in Bing framed in pale blue. This worked for a while, but recently the trend has shifted back. Google is now accepting money to insert particular URLs into search results, and not just in the separate advertising areas. We don’t know how extensive this is, but the FTC is again taking an interest.

When you’re scrolling through your Facebook feed, you don’t see every post by every friend; what you see has been selected by an automatic algorithm that’s not made public. But someone can pay to increase the likelihood that their friends or fans will see their posts. Corporations paying for placement is a big part of how Facebook makes its money. Similarly, a lot of those links to additional articles at the bottom of news pages are paid placements.

The potential for manipulation here is enormous. Here’s one example. During the 2012 election, Facebook users had the opportunity to post an “I Voted” icon, much like the real stickers many of us get at polling places after voting. There is a documented bandwagon effect with respect to voting; you are more likely to vote if you believe your friends are voting, too. This manipulation had the effect of increasing voter turnout 0.4% nationwide. So far, so good. But now imagine if Facebook manipulated the visibility of the “I Voted” icon based on either party affiliation or some decent proxy of it: ZIP code of residence, blogs linked to, URLs liked, and so on. It didn’t, but if it did, it would have had the effect of increasing voter turnout in one direction. It would be hard to detect, and it wouldn’t even be illegal. Facebook could easily tilt a close election by selectively manipulating what posts its users see. Google might do something similar with its search results.

A truly sinister social networking platform could manipulate public opinion even more effectively. By amplifying the voices of people it agrees with, and dampening those of people it disagrees with, it could profoundly distort public discourse. China does this with its 50 Cent Party: people hired by the government to post comments on social networking sites supporting, and challenge comments opposing, party positions. Samsung has done much the same thing.

Many companies manipulate what you see based on your user profile: Google search, Yahoo News, even online newspapers like the New York Times. This is a big deal. The first listing in a Google search result gets a third of the clicks, and if you’re not on the first page, you might as well not exist. The result is that the Internet you see is increasingly tailored to what your profile indicates your interests are. This leads to a phenomenon that political activist Eli Pariser has called the “filter bubble”: an Internet optimized to your preferences, where you never have to encounter an opinion you don’t agree with. You might think that’s not too bad, but on a large scale it’s harmful. We don’t want to live in a society where everybody only ever reads things that reinforce their existing opinions, where we never have spontaneous encounters that enliven, confound, confront, and teach us.

[snip]

FCC overturns state laws that protect ISPs from local competition

FCC overturns state laws that protect ISPs from local competition
Municipal broadband networks could expand because of FCC’s controversial vote.
By Jon Brodkin
Feb 26 2015
<http://arstechnica.com/business/2015/02/fcc-overturns-state-laws-that-protect-isps-from-local-competition/>

The Federal Communications Commission today voted to preempt state laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories.

The action is a year in the making. FCC Chairman Tom Wheeler announced in February 2014 his intention to override state laws designed to protect private cable companies and telcos from public sector competition. Wheeler took his cue from the federal appeals court ruling that overturned net neutrality rules; tucked away in that decision was one judge’s opinion that the FCC has the authority to preempt “state laws that prohibit municipalities from creating their own broadband infrastructure to compete against private companies.”

Nineteen states have such laws, often passed at the behest of private Internet service providers that didn’t want to face competition. Communities in two of the states asked the FCC to take action. The City of Wilson, North Carolina and the Electric Power Board (EPB) of Chattanooga, Tennessee filed the petitions that led to today’s FCC action. Each offers broadband service to residents and received requests for service from people in nearby towns, but they alleged that state laws made it difficult or impossible for them to expand.

“You can’t say you’re for broadband and then turn around and endorse limits on who can offer it,” Wheeler said today. “You can’t say, ‘I want to follow the explicit instructions of Congress to remove barriers to infrastructure investment,’ but endorse barriers on infrastructure investment. You can’t say you’re for competition but deny local elected officials the right to offer competitive choices.”

States have given municipalities the authority to offer broadband but made it difficult with tons of bureaucratic requirements, he said. “The bottom line is some states have created thickets of red tape designed to limit competition,” he said. Local residents and businesses are the ones suffering the consequences, he argued, pointing to members of the two communities in the audience.

Some businesses are forced to move to other towns for lack of better broadband, he said. Wheeler described one person who pays $316 a month “for a collage of services that includes two mobile hotspots,” while living less than a mile from a gigabit network. One woman in the FCC’s audience has to drive her son 12 miles to a church where he can access Internet service fast enough to do schoolwork, he said. These people are “condemned to second-rate broadband.”

Both EPB and Wilson have advanced networks but are surrounded by communities that lack advanced service, FCC wireline competition official Gregory Kwan told commissioners.

“EPB is an island of competitive high speed broadband service surrounded by areas for the most part with single or no provider of advanced broadband,” he said. “Wilson’s network… is a similar situation, an island of competition surrounded by a sea of little to no options for world class competitive broadband services.”

“Our focus is really about wanting to serve our neighbors who have little or no access to broadband,” EPB communications VP Danna Bailey told Ars yesterday. “We’re hoping that the FCC votes in favor of our petition, but we’ll have to understand any ramifications of anticipated legal challenges before we move forward.”

The vote was followed by applause from the crowd.

Democrats say yea, Republicans nay

The vote was split 3-2 along party lines, with Wheeler joined by fellow Democrats Mignon Clyburn and Jessica Rosenworcel.

“There are provisions that limit service by municipalities to specific areas but not others even if the local governmental entity has a pre-existing telecommunications network in that region,” Clyburn said in today’s meeting. “And just what has been the result? Certain communities have the capacity to achieve limitless outcomes, while others a few yards from town are stuck in a digital desert deprived of the means to close persistent opportunity gaps.”

Rosenworcel likened municipal Internet service to “broadband barn raising.”

[snip]

Why I’m Saying Goodbye to Apple, Google and Microsoft

Why I’m Saying Goodbye to Apple, Google and Microsoft
I’m putting more trust in communities than corporations
By Dan Gillmor
Feb 25 2015
<https://medium.com/backchannel/why-i-m-saying-goodbye-to-apple-google-and-microsoft-78af12071bd>

When I became a technology columnist in the mid-1990s, the public Internet was just beginning its first big surge. Back then, I advised my readers to avoid the semi-political, even religious battles that advocates of this or that technology platform seemed to enjoy. Appreciate technology, I urged, for what it is — a tool — and use what works best.

So why am I typing this on a laptop running GNU/Linux, the free software operating system, not an Apple or Windows machine? And why are my phones and tablets running a privacy-enhanced offshoot of Android called Cyanogenmod, not Apple’s iOS or standard Android?

Because, first of all, I can get my work done fine. I can play games. I can surf endlessly. The platform alternatives have reached a stage where they’re capable of handling just about everything I need.

More important, I’ve moved to these alternative platforms because I’ve changed my mind about the politics of technology. I now believe it’s essential to embed my instincts and values, to a greater and greater extent, in the technology I use.

Those values start with a basic notion: We are losing control over the tools that once promised equal opportunity in speech and innovation—and this has to stop.

Control is moving back to the center, where powerful companies and governments are creating choke points. They are using those choke points to destroy our privacy, limit our freedom of expression, and lock down culture and commerce. Too often, we give them our permission—trading liberty for convenience—but a lot of this is being done without our knowledge, much less permission.

The tools I use now are, to the extent possible, based on community values, not corporate ones.

I’m not acting on some paranoid fantasies here. I’m emulating, in the tech sphere, some of the principles that have led so many people to adopt “slow food” or vegetarian lifestyles, or to minimize their carbon footprint, or to do business only with socially responsible companies.

Nor do I intend to preach. But if I can persuade even a few of you to join me, even in some small ways, I’ll be thrilled.

I’m the first to recognize, meanwhile, that I’m still a long way from achieving true tech liberty. Maybe it’s impossible, or close to it, in the near and medium terms. But this is a journey—a continuing journey—worth taking. And if enough of us embark on it, we can make a difference.

Part of my conversion stems from an abiding distaste for corporate and government control-freakery. If we believe in liberty, we have to realize that we take risks to be more free. If we believe in competition, we sometimes have to intervene as a society to ensure that it’s fair.

One way we try to ensure fair competition is enforcement of laws designed to promote it, notably antitrust rules that seek to prevent dominant companies from abusing their dominance. A classic example emerged in the 1990s: Microsoft, a company that had outsmarted and/or outsleazed IBM and everyone else in its rise to pure dominance in the operating system and office “productivity” software markets.

[snip]

Your Kid’s School Is Missing the Tech Revolution, and It’s All Your Fault

Your Kid’s School Is Missing the Tech Revolution, and It’s All Your Fault
By JASON TANZ
Feb 23 2015
<http://www.wired.com/2015/02/kids-school-missing-tech-revolution-fault/>

A few months ago, I got an email from a parent at my son’s San Francisco public school, asking if I was familiar with an app called Pencil. It seems that this was a messaging app designed for teachers to communicate with students and their families, and our principal had grown enamored of it. (I’ve since moved, and left the school.) But this parent wasn’t so sure. The company was a young one, venture-backed, and she didn’t know whether it made sense to entrust vital communications to such an untested firm. She had worked in startups before, and she knew how cavalier they could be with data. “You know how they work,” she said. “You’ve got contractors coming in and out, and they all have access to the database. It’s not very secure.”

I wasn’t familiar with Pencil, but it sounded innocuous enough. It’s not like messaging apps are some terrifying new technology—they’re basically ubiquitous. Seven hundred million people have signed up for WhatsApp! Workplace messaging app Slack became a billion-dollar business in just eight months, thanks to its 500,000-plus user base! Meanwhile, our school’s communication system seemed to consist of a cobbled-together collection of email lists and Google Groups. It was inefficient and annoying. A messaging app—better yet, one designed specifically for schools—seemed like an easy fix.

But it turned out to be anything but easy to get Pencil into our school, even with the principal’s support. When I called him, he told me that he’d been talking to the company since fall 2013, when he met its CEO, Yogesh Sharma, at a party at his neighbor’s house. (This kind of thing happens when you live in the Bay Area.) He invited Sharma to speak to the PTA, but it didn’t go well. His already over-clocked teachers balked at the idea of learning a new system—even one as simple as Pencil’s. Parents had privacy concerns. Nobody seemed particularly eager to adopt it.

It turns out that this was a pretty familiar situation for Pencil. A month or so ago, the company gave up on the education market altogether. A visit to its website turns up no mention of schools, merely of “one simple messaging app” that has “a million uses.” (Not, as of yet, a million users.) “We’d keep getting stuck,” Sharma told me when I called him to ask what had happened. “There’s all these stakeholders—the principals, the PTA, the teachers, and then there’s the district that has their own way of doing things. You’re in the middle of this crossfire and the ball doesn’t move because nobody has the ability to make a quick decision.”

A Bottom-Up Approach

In and of itself, this is not really that surprising. For the last couple of decades, entrepreneurs and academics have struggled to find ways bring some of the Internet’s disruptive force to the education system—only to be stymied by predictably sclerotic bureaucracies and overcautious government agencies. But in recent years, entrepreneurs have started making an end run around administrators and taking their products directly to teachers and parents. By targeting individual users, the thinking goes, they can get their products into the hands of the people who use it, instead of slogging through arcane procurement processes. It’s reminiscent of the way Apple invaded the workplace by selling so many iPhones to individual employees that IT departments had no choice but to incorporate them. Or to the way that Uber has quickly signed up so many customers that it has forced legislators to rewrite their laws to accommodate them or risk alienating their citizens.

Kleiner Perkins partner John Doerr hailed this approach last year in a Wall Street Journal op-ed. “The mobile technologies that have revolutionized the American workplace are now transforming our education system,” he wrote. “For years entrepreneurs and educators have been pushing to bring education technology into the classroom, but adoption has often been slow. Now the education tech landscape is shifting toward mobile devices and new, free and easy-to-use services.”

That at least partially explains why education startups have become extremely hot investments. A recent New York Times piece cited data from research firm CB Insights that showed investors pouring $1.87 billion into education startups in 2014, a 55 percent increase over the previous year and the largest amount since the company started tracking such investments in 1999. New products and services seem to crop up almost daily. Some are from established companies like Rupert Murdoch’s News Corporation, whose educational division, Amplify, is run by former New York Public Schools chancellor Joel Klein; or publisher McGraw-Hill, which snapped up Engrade, a learning-management startup, last year. Others are from newer firms like ClassDojo, a behavior-tracking app that has signed up more than 35 million users since it was introduced in 2011.

[snip]

Cybergeddon: Why the Internet could be the next “failed state”

[Note:  This item comes from friend David Rosenthal.  DLH]

Cybergeddon: Why the Internet could be the next “failed state”
If you think the Internet can go on being just like it is, here’s some bad news.
By Sean Gallagher
Feb 24 2015
<http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city-why-the-internet-has-never-been-more-dangerous/>

In the New York City of the late 1970s, things looked bad. The city government was bankrupt, urban blight was rampant, and crime was high. But people still went to the city every day because that was where everything was happening. And despite the foreboding feelings hanging over New York at the time, the vast majority of those people had at most minor brushes with crime.

Today, we all dabble in some place that looks a lot like 1970s New York City—the Internet. (For those needing a more recent simile, think the Baltimore of The Wire). Low-level crime remains rampant, while increasingly sophisticated crime syndicates go after big scores. There is a cacophony of hateful speech, vice of every kind (see Rule 34), and policemen of various sorts trying to keep a lid on all of it—or at least, trying to keep the chaos away from most law-abiding citizens. But people still use the Internet every day, though the ones who consider themselves “street smart” do so with varying levels of defenses installed. Things sort of work.

Just like 1970s New York, however, there’s a pervasive feeling that everything could go completely to hell with the slightest push—into a place to be escaped from with the aid of a digital Snake Plissken. In other words, the Internet might soon look less like 1970s New York and more like 1990s Mogadishu: warring factions destroying the most fundamental of services, “security zones” reducing or eliminating free movement, and security costs making it prohibitive for anyone but the most well-funded operations to do business without becoming a “soft target” for political or economic gain.

That day is not yet nigh, but logic suggests the status quo can’t continue forever. The recent rash of major breaches of corporate networks, including the theft of personal information from the health insurer Anthem and the theft of as much as a billion dollars from over 100 banks are symptoms of a much larger trend of cybercrime and espionage. And while the issue has been once again raised to national importance by the White House, it could be argued that governments have done more to exacerbate the problem than address it. Fears of digital warfare and crime are shifting budget priorities, funding the rapid expansion of the security industry and being used as a reason for proposals for new laws and policy that could reshape the Internet.

“If we think our kids and grandkids are going to have as awesome and free an Internet as the one we have, we really have to look at why we think that,” Jason Healy, director of the Cyber Statecraft Initiative at the Atlantic Council of the United States, told Ars.

The soothsayer

The alternative futures for the Internet are not pretty. In presentations at multiple security conferences, Healy has suggested that the Internet could “start to look like Somalia”—a failed state where security is impossible, going about daily life is hazardous, and armed camps openly wage war over the network.

Healy’s analysis has been reinforced by events over the past two years: record data breaches, zero-day vulnerabilities released that affected a preponderance of Internet services, and visibility into the vast state surveillance of the Internet. The Internet has been “weaponized,” not just by the NSA and its foreign counterparts but by other states and Internet crime organizations. A thriving market for vulnerabilities attracts the bright and ambitious to work on discovering “zero days” for profit.

While a total breakdown of the Internet is unlikely, Healy and others believe that it’s nearly as unlikely that today’s status quo can be sustained. Other possible scenarios wouldn’t bring networked life to its knees, but they all would make the Internet a very different “place” than it is today.

Five years ago, Healy was on a team advising the Department of Defense about the structure of its future IT workforce. To do that, the team needed to understand what the networked world would look like in the next decade. Healy was researching the issue, and he started to look at scenarios where “maybe the future is going to look very different from the past,” he said. “Attackers have had an advantage for 35 years—what if that relationship is going to shift?”

The potential answers Healy found were presented in a 2010 paper. He further refined them in a 2011 article in the Georgetown Journal of International Affairs called “The Five Futures of Cyber Conflict and Cooperation.” The most optimistic and least likely of Healy’s scenarios was a “cyber paradise,” he told Ars. “Defense is way better than offense—you’d have to be really amazing, like the NSA or KGB, to get anything done as an attacker.” But as he looked at trends, he realized that maybe the classic relationship above wouldn’t be shifting. “It’s way more likely that it’s going to go in the other direction—that offense is going to have a significantly larger advantage than it does now.”

[snip]

Re: The Push for Net Neutrality Arose From Lack of Choice

[Note:  This comment comes from a reader of Dave Farber’s IP List.  DLH]

From: “Brett Glass” <brett@lariat.net>
Date: Feb 25, 2015 9:54 PM
Subject: Re: [IP] NYTimes: The Push for Net Neutrality Arose From Lack of Choice
To: <dave@farber.net>

Dave, and everyone:

Alas, it is actually the MYTH that there is no broadband choice that is motivating some people to advocate harmful regulation of the Net.

As is shown on the (incomplete) map at

<http://www.wispdirectory.com>

more than 85% of the US population is served by WISPs, who are just one type of competitive broadband provider. However, because many members of the public are unaware that there are even other options besides the telephone and cable companies, they believe they’re “trapped” when in fact they have a choice. Others seem to believe that a small ISP cannot possibly offer the same quality of service as a large company, despite the fact that the very architecture of the Internet — via its routing mechanisms and settlement-free peering on the backbone — levels the playing field and makes this possible.

The only thing that’s holding small, competitive Internet providers back is, in fact, regulation or the threat thereof. My own small ISP has been unable to recruit outside investors ever since the proceeding that led to the (now overturned) 2010 “open Internet” regulations, because investors have little faith that a capricious FCC won’t overreach or that a small company could survive a tussle with a regulator.

ISP network infrastructure does not have huge economies of scale once it gets beyond a thousand subscribers or so, providing lots of opportunity for competition so long as regulatory burdens are low. However, it is much less expensive, per customer, for a large company to maintain a building full of lawyers to deal with regulation such as Title II of the Telecomm Act than for a small company. And this is one of the reasons why the FCC regulations (which will fall upon small ISPs like a 332+-page ton of bricks) will discourage, not encourage, competition.

Municipal broadband projects likewise discourage competition, because small and competitive providers simply doesn’t have the resources to fight City Hall. When self-interested bureaucrats give themselves priority access to right of way; run networks at a loss using taxes as a subsidy; borrow money at bargain rates using municipal bonding authority unavailable to private businesses; and enage in horizontal monopoly leverage from their existing monopolies on water, sewer, trash collection, and (in some cases) energy; there’s really no hope for a small business that wants to compete. No startup or new entrant would be advised to enter any market in which there is an existing municipal operator, and large providers will see a strong business case for cutting their losses and pulling out.

In short, the trend at the moment, highlighted by the FCC’s meeting slated to take place tomorrow, is for government to destroy competition and choice — exactly the opposite of what consumers want. Large edge providers may favor this trend, hoping that the monopolies that remain are profitless or even run at a loss with taxpayer subsidies. But ultimately, they are likely to regret their choice as the same regulations are extended to tax and regulate THEIR operations as well. Are “search neutrality” and a “advertising neutrality” next? They may well be.

–Brett Glass

The Push for Net Neutrality Arose From Lack of Choice
By STEVE LOHR
Feb 25 2015
<http://www.nytimes.com/2015/02/26/technology/limited-high-speed-internet-choices-underlie-net-neutrality-rules.html>

Citing encryption, FBI lobbying to keep phone metadata spying powers

Citing encryption, FBI lobbying to keep phone metadata spying powers
“That whole ‘going dark’ thing went from a crawl to a flat-out sprint.” 
By David Kravets
Feb 25 2015
<http://arstechnica.com/tech-policy/2015/02/citing-encryption-fbi-lobbying-to-keep-phone-metadata-spying-powers/>

The law that the Obama administration cites to allow bulk telephone metadata collection expires on June 1, and the FBI has already begun lobbying to keep Section 215 of the Patriot Act from expiring. Bad guys “going dark” using encryption, the FBI says, is one of the reasons why the government needs to collect the metadata of every phone call made to and from the United States.

Robert Anderson, the FBI’s chief of the Criminal, Cyber, Response, and Services Branch, told reporters during a roundtable discussion Tuesday that the Patriot Act is necessary because encrypted communications are becoming more commonplace in the wake of the Edward Snowden disclosures.

“In the last two to three years, that whole ‘going dark’ thing went from a crawl to a flat-out sprint because the technology is changing so rapidly,” Anderson said.

Joseph Demarest, assistant director of the FBI’s Cyber Division, told reporters that if Section 215 expires, “Obviously it’s going to impact what we do as an organization and certainly on cyber.”

The comments, especially as they relate to encryption, are part of a growing chorus of calls—from as high as President Barack Obama—that the government needs Silicon Valley’s assistance for backdoors into encrypted tech products like the iPhone.

Silicon Valley has (at least publicly) shunned the administration’s attempts to get backdoors into their products. And while no legislation at the moment requires them to comply, the nation’s spy apparatus and others are turning their attention toward not losing the bulk telephone metadata spying program that spun heads when The Guardian—armed with classified documents from Snowdenexposed it in 2013. As it turns out, the secret Foreign Intelligence Surveillance Act court that was authorizing the program was doing so under the authority of Section 215 of the Patriot Act.

While many leading lawmakers are behind renewing the program, there are plenty of reasons why it should expire come June. According to the EFF:

…the President’s Review Board said ‘the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential (PDF) to preventing attacks.’ And the Privacy and Civil Liberties Oversight Board could not identify one time when bulk collection under Section 215 of the PATRIOT Act ‘made a concrete difference in the outcome of a counterterrorism investigation.’ Similarly, an in-depth analysis of 225 cases of people charged with terrorism found that ‘the contribution of NSA’s bulk surveillance programs to these cases was minimal.’

One federal judge has upheld the program while another has declared it unconstitutional. A Supreme Court showdown over the snooping isn’t likely to happen any time soon.

There’s plenty of rhetoric on all sides of the issue, too. Sen. Marco Rubio (R-FL) said Section 215 should never expire. House Speaker John Boehner (R-Ohio) and Majority Leader Mitch McConnell (R-KY) are big fans of Section 215.

Sens. Ron Wyden (D-OR) and Martin Heinrich (D-NM) said that “none of the claims appear to hold up to scrutiny” that the bulk metadata collection program prevents terrorism.

When Congress publicly re-authorized Section 215 three years ago, the public didn’t know that lawmakers were secretly approving the bulk telephone metadata program. And some lawmakers who had voted for re-authorization claimed that they didn’t even know about the bulk collection program.

At least this time, when it comes up for a vote in the coming months, lawmakers can’t claim that they didn’t know they were voting to allow the government to scoop up data that includes phone numbers of parties involved in calls, calling card numbers, the time and duration of the calls, and the international mobile subscriber identity number for mobile callers.

The database is said to have more than 1 trillion records.